Keshflip Anti-Money Laundering (AML) and Counter-Terrorist Financing (CFT) Policy


1. Introduction and Policy Statement

Keshflip ("the Company") is committed to preventing the use of its platform for money laundering, terrorist financing, and other illicit financial activities. This Anti-Money Laundering (AML) and Counter-Terrorist Financing (CFT) Policy outlines the framework, procedures, and controls implemented by Keshflip to comply with applicable laws and regulations, as well as international standards set forth by bodies such as the Financial Action Task Force (FATF).

Keshflip recognizes the risks associated with the services it offers, including the exchange of local fiat currencies (e.g., KES, SOS) with international fiat (e.g., USD, CAD) and cryptocurrencies (e.g., BTC), peer-to-peer (P2P) trading, non-custodial wallet services, QR payments, and cross-border remittances. This policy applies to all Keshflip employees, directors, officers, and relevant third-party service providers.

Our commitment is to implement robust AML/CFT measures, including customer due diligence, transaction monitoring, record-keeping, reporting of suspicious activities, and ongoing training, to maintain the integrity of our platform and the broader financial system.

2. Compliance Officer Designation and Responsibilities

Keshflip has appointed a dedicated Compliance Officer who is responsible for the development, implementation, and ongoing oversight of the AML/CFT program. The Compliance Officer has sufficient authority, resources, and access to relevant information across the organization to effectively discharge their duties.

The Compliance Officer's responsibilities include:

• Developing, implementing, and maintaining Keshflip's AML/CFT policies and procedures.
• Ensuring the AML/CFT program aligns with regulatory requirements and best practices.
• Conducting regular AML/CFT risk assessments and updating the program accordingly.
• Overseeing the customer identification (KYC), customer due diligence (CDD), and enhanced due diligence (EDD) processes.
• Implementing and managing transaction monitoring systems for both fiat and cryptocurrency transactions.
• Ensuring timely and accurate reporting of suspicious transactions (STRs) and large transactions (e.g., Large Cash Transaction Reports (LCTRs), Large Virtual Currency Transaction Reports (LVCTRs), Electronic Funds Transfer Reports (EFTRs)) to the relevant authorities.
• Managing sanctions and Politically Exposed Persons (PEP) screening processes.
• Developing and delivering AML/CFT training programs for all relevant staff.
• Acting as the primary point of contact for regulatory bodies, including FINTRAC.
• Overseeing record-keeping requirements related to AML/CFT compliance.
• Coordinating independent reviews and audits of the AML/CFT program.
• Reporting to senior management and the Board of Directors (if applicable) on the status and effectiveness of the AML/CFT program.

3. Risk Assessment

Keshflip employs a risk-based approach (RBA) to AML/CFT compliance. A comprehensive risk assessment is conducted at least annually, or more frequently if significant changes occur in the business, regulatory environment, or product offerings. The risk assessment considers factors such as:

• Customer Risk: Types of customers, geographic locations, expected transaction activity.
• Product/Service Risk: Features of services offered (crypto exchange, P2P, remittances, wallet types), payment methods accepted/offered.
• Geographic Risk: Jurisdictions where Keshflip operates or serves customers, particularly those identified as high-risk by FATF or other bodies.
• Delivery Channel Risk: How services are accessed (website, mobile app).


The results of the risk assessment inform the design and calibration of Keshflip's AML/CFT controls, including the level of customer due diligence applied and the parameters for transaction monitoring.

4. Customer Identification Program (CIP) and Customer Due Diligence (CDD)

Keshflip has established robust procedures to identify and verify the identity of its customers before or during the process of opening an account and conducting transactions, in accordance with regulatory requirements.

4.1. Identification Requirements:

Individuals: Full legal name, date of birth, residential address, occupation (or principal business). Identity verification is performed using reliable, independent source documents, data, or information (e.g., government-issued photo ID, utility bills, electronic verification services).

Entities (Corporations, Partnerships, etc.): Legal name, registered address, incorporation/registration number, nature of business. Verification involves obtaining official documents (e.g., articles of incorporation, partnership agreements) and identifying beneficial owners and control persons.

4.2. Verification Methods:

Keshflip utilizes a combination of methods for identity verification, including:

• Documentary Verification: Reviewing original or certified copies of government-issued identification documents.

• Non-Documentary Verification: Using third-party electronic identity verification services, comparing information against public databases, or other reliable methods.

4.3. Ongoing Due Diligence:

Keshflip conducts ongoing monitoring of customer relationships and transactions to ensure consistency with the customer's known profile and risk level. Customer information is periodically reviewed and updated.

4.4. Enhanced Due Diligence (EDD):

EDD measures are applied to higher-risk customers, including:

• Politically Exposed Persons (PEPs) and their family members or close associates.

• Customers residing in or operating from high-risk jurisdictions.

• Customers engaging in high-risk activities or transaction patterns.

EDD may include obtaining additional information on the source of funds/wealth, obtaining senior management approval for the relationship, and conducting more frequent and intensive transaction monitoring.

4.5. Non-Custodial Wallets: While users may utilize non-custodial wallets, Keshflip applies appropriate identification and monitoring measures when these wallets interact with the custodial platform for activities like fiat exchange, P2P trades facilitated by Keshflip, or certain remittance services, subject to regulatory requirements.

5. Transaction Monitoring

Keshflip implements systems and procedures to monitor customer transactions for activity that may be indicative of money laundering or terrorist financing.

5.1. Monitoring Systems: Automated transaction monitoring systems are employed to detect unusual or suspicious patterns in both fiat and cryptocurrency transactions. These systems analyze factors such as transaction size, frequency, velocity, geographic origin/destination, and deviations from expected customer behavior.

5.2. Red Flags: Monitoring focuses on identifying red flags, including but not limited to:

• Transactions inconsistent with the customer's known profile or business.

• Attempts to structure transactions to avoid reporting thresholds.

• Transactions involving high-risk jurisdictions or sanctioned parties.

• Unusual patterns in cryptocurrency transactions (e.g., rapid movement through multiple wallets, use of mixers/tumblers where identifiable and linked to illicit activity, transactions linked to darknet markets).

• Complex or illogical transaction patterns.

• Transactions involving shell corporations or unidentified beneficiaries.

5.3. Tools: Keshflip utilizes specialized tools, including:

Blockchain Analytics: To trace cryptocurrency transactions, assess wallet risk scores, and identify links to illicit activities.

Sanction/PEP Screening Software: To screen customers and counterparties against relevant sanctions lists and PEP databases.

Travel Rule Compliance Solutions: To ensure required originator and beneficiary information is collected and transmitted for virtual asset transfers, where applicable.

5.4. Alert Review: Alerts generated by the monitoring systems are reviewed by trained compliance staff. Investigations are conducted to determine if the activity is suspicious, potentially requiring the filing of a Suspicious Transaction Report (STR).

6. Sanctions and Politically Exposed Persons (PEP) Screening

Keshflip screens all customers (individuals and entities) and relevant transaction counterparties against applicable sanctions lists (e.g., UN, OFAC, Canadian Autonomous Sanctions and EU) and PEP databases at onboarding and on an ongoing basis.

Sanctions: Keshflip prohibits and blocks transactions involving sanctioned individuals, entities, or jurisdictions. Any identified matches are escalated to the Compliance Officer for review and appropriate action, including potential reporting to authorities.

PEPs: Identified PEPs are subject to enhanced due diligence measures as outlined in Section 4.4.

7. Record Keeping

Keshflip maintains comprehensive records as required by regulations and other applicable laws. Records are kept for a minimum of five years following the closure of an account or the date of a transaction.

Records maintained include:

• Customer identification information and verification documents.

• Beneficial ownership information.

• Details of all transactions (fiat and crypto).

• Results of transaction monitoring and investigations.

• Copies of reports filed with FINTRAC (STRs, LCTRs, LVCTRs, EFTRs).

• Records of AML/CFT training provided to staff.

• Results of AML/CFT audits and reviews.

• Correspondence with regulatory bodies.

Records are maintained in a secure and accessible manner to facilitate regulatory requests or internal reviews.

8. Reporting Obligations

Keshflip is committed to fulfilling its reporting obligations to the relevant authorities.

Suspicious Transaction Reports (STRs): Keshflip will file an STR with the relevant regulatory body in respect of a financial transaction or attempted transaction where there are reasonable grounds to suspect it is related to the commission or attempted commission of a money laundering or terrorist financing offense.

Large Transaction Reports: Keshflip will file reports for large transactions exceeding regulatory thresholds, including:

o Large Cash Transaction Reports (LCTRs) for cash transactions of USD $10,000 or more in a 24-hour period.

o Large Virtual Currency Transaction Reports (LVCTRs) for virtual currency transactions equivalent to USD $10,000 or more in a 24-hour period.

o Electronic Funds Transfer Reports (EFTRs) for international EFTs of USD $10,000 or more in a single transaction or multiple transactions within 24 hours.

Terrorist Property Reports (TPRs): Keshflip will report property in its possession or control that is known to be owned or controlled by or on behalf of a terrorist group.

All reporting is managed under the supervision of the Compliance Officer.

9. Training Program

Keshflip provides mandatory AML/CFT training to all relevant employees upon hiring and on an ongoing basis (at least annually). The training program covers:

• Applicable AML/CFT laws and regulations.

• Keshflip's AML/CFT policies and procedures.

• Money laundering and terrorist financing typologies and red flags relevant to Keshflip'sbusiness.

• Customer identification and due diligence requirements.

• Transaction monitoring and reporting obligations.

• Roles and responsibilities of employees in combating financial crime.

• Consequences of non-compliance.

Training effectiveness is assessed, and records of training attendance and content are maintained.

10. Independent Review (Audit)

Keshflip's AML/CFT program is subject to an independent review (audit) at least every two years,. The review assesses the adequacy and effectiveness of the AML/CFT policies, procedures, and controls.

The scope of the review includes testing compliance with regulatory requirements, evaluating the effectiveness of the risk assessment, KYC/CDD processes, transaction monitoring, reporting, record-keeping, and training.

Findings and recommendations from the independent review are reported to senior management and the Compliance Officer, and corrective action plans are developed and tracked to completion.

11. Policy Review and Updates

This AML/CFT Policy is reviewed and updated by the Compliance Officer at least annually, or more frequently as needed, to reflect changes in regulations, industry best practices, Keshflip'sbusiness operations, or its risk profile. Material changes to the policy are approved by senior management.