AML • CDD • SANCTIONS

Anti–Money Laundering (AML) Policy

We apply a risk-based AML framework designed to prevent the misuse of the financial system and support safe, compliant banking relationships — aligned with international good practice.

Read AML Framework Contact AML/Compliance

Risk-Based Approach Controls are applied proportionally based on client type, geography, products/services, delivery channels, and transaction behavior.

CUSTOMER DUE DILIGENCE • EDD • PEP • SANCTIONS • TRANSACTION MONITORING • STR/SAR • RECORDKEEPING

AML Policy Overview

This AML policy describes core controls typically used by banks to identify, assess, monitor, and mitigate money laundering and terrorist financing risk. It is designed to support transparent onboarding, ongoing monitoring, and responsible banking operations.

1) Purpose & Scope

The purpose of this policy is to prevent and detect money laundering, terrorist financing, and other financial crime. It applies to the bank, its officers, employees, contractors, and relevant third parties involved in onboarding, account servicing, payments, and related activities.

Applies to retail and corporate customers, including beneficial owners and authorized signatories
Covers products/services, delivery channels, and cross-border activities
Supports internal procedures, escalation pathways, and documentation standards

2) Governance & Responsibility

Effective AML requires clear oversight, independent challenge, and documented decisions. Senior management is responsible for ensuring adequate resources and an appropriate control environment.

Board/senior management oversight of AML program and risk appetite
Compliance function responsible for program design, monitoring, and reporting
Business units responsible for first-line execution of controls and data quality
Independent audit/review provides assurance and remediation tracking

3) Risk Assessment & Risk Appetite

A risk-based approach begins with assessing inherent risk and applying controls proportionate to that risk. Risk assessments should be performed at customer, product, channel, and geographic levels.

Customer risk: type, ownership structure, industry, PEP exposure, source of funds/wealth
Geographic risk: residence, place of business, counterparties, and payment corridors
Product/channel risk: complexity, speed, anonymity, third-party payments, cash intensity
Documented acceptance/decline decisions aligned with defined risk appetite

4) Customer Due Diligence (CDD)

CDD is performed before establishing a relationship and updated throughout the relationship lifecycle. CDD aims to identify the customer, understand the purpose of the relationship, and establish an expected activity profile.

Identify and verify the customer using reliable, independent sources
Identify and verify beneficial owners and controlling persons (where applicable)
Confirm authorized signatories and mandate/authority
Understand purpose of account and expected transaction behavior
Obtain source of funds (and where appropriate, source of wealth)

5) Enhanced Due Diligence (EDD) & High-Risk Customers

EDD is applied where higher risk is identified (e.g., complex ownership, high-risk geographies, PEPs, high-risk sectors, unusual transaction patterns, or negative media). EDD includes deeper verification, stronger approvals, and closer monitoring.

More detailed ownership/structure verification and control analysis
Stronger evidence for source of funds/wealth and transaction rationale
Senior management approval where required
More frequent reviews and enhanced transaction monitoring thresholds

6) PEP Screening (Politically Exposed Persons)

PEPs and related parties (family members and close associates) require heightened scrutiny due to increased corruption risk. The bank applies screening and applies EDD, approvals, and ongoing monitoring proportionate to risk.

Screen customers and beneficial owners for PEP indicators
Apply EDD and obtain appropriate approval for onboarding/continuation
Ongoing monitoring, periodic refresh, and event-driven reviews

7) Sanctions, Watchlists & Adverse Media

The bank screens customers, beneficial owners, and (where applicable) transactions against relevant sanctions lists and watchlists. Adverse media and negative information are assessed and documented before onboarding and during relationship reviews.

Sanctions screening on onboarding and periodically thereafter
Alert investigation, false-positive management, and decision documentation
Adverse media checks for higher-risk profiles or triggers
Restrictions on prohibited jurisdictions/parties as required by policy and risk appetite

8) Transaction Monitoring & Ongoing Due Diligence

Ongoing monitoring includes reviewing transactional behavior relative to the expected profile and investigating unusual activity. Monitoring can be rules-based, scenario-based, and/or analyst-driven based on data availability and risk.

Define expected activity (volumes, counterparties, corridors, purpose)
Identify unusual patterns (rapid movement, layering, structuring, third-party payments)
Apply escalation pathways, case management, and documented outcomes
Periodic reviews (risk-based frequency) and trigger-based refresh

9) Suspicious Activity Reporting (STR/SAR) & Escalation

If activity appears unusual or potentially suspicious, staff must escalate internally to the compliance function. Where appropriate, the bank may file a suspicious transaction/activity report in line with applicable requirements.

Clear internal escalation procedures and confidentiality expectations
Case investigation standards and supporting evidence retention
Decisions to report or not report must be documented
Prohibition on “tipping off” where applicable

10) Recordkeeping & Data Standards

Records must be maintained to evidence compliance actions, customer identity, risk decisions, monitoring outcomes, and transaction investigations. Data must be accurate, complete, and retrievable for audit and regulatory needs.

Maintain KYC files, risk ratings, approvals, and monitoring records
Retention aligned to policy and applicable legal/regulatory expectations
Secure storage, access controls, and integrity safeguards

11) Training, Awareness & Culture

AML effectiveness depends on staff awareness and consistent execution. Training is delivered on induction and refreshed periodically, with targeted training for higher-risk functions.

Mandatory AML/KYC training for all relevant staff
Enhanced training for onboarding, payments, and compliance roles
Testing, attestations, and remediation where gaps are identified

12) Independent Review, Audit & Continuous Improvement

The AML program is subject to periodic independent review or audit to validate design and operational effectiveness. Findings are tracked and remediated with clear owners and timelines.

Independent testing of onboarding, monitoring, and escalation controls
Metrics and management reporting (alerts, cases, review timeliness, quality)
Policy updates based on evolving risks, products, and regulatory expectations

Additional Bank Controls (Common Practice)

Depending on services offered, banks often implement additional controls for correspondent banking, trade finance, virtual assets, high-risk industries, and third-party reliance.

Correspondent banking due diligence and payable-through account controls (where applicable)
Restrictions on shell banks and enhanced controls on nested relationships
High-risk sector controls (e.g., gambling, arms-related, high-cash businesses)
Third-party reliance controls (where allowed): contracts, oversight, and audit rights

AML / Compliance Contact

For AML-related inquiries, onboarding documentation requests, due diligence, or partnership compliance discussions, contact our compliance team.

Email: compliance@uninovabank.com

Important Notice

This page is provided for general information about common AML controls and governance practices used by banks. Specific requirements may vary by jurisdiction, products/services, and applicable regulations.