AML/CFT Policy

Clusteer has zero tolerance for money laundering (ML), terrorism financing (TF), and proliferation financing. We are committed to complying with applicable Nigerian law and to applying a risk-based approach consistent with international standards set by the Financial Action Task Force (FATF).

This Policy is designed to comply with, among others:

• the Money Laundering (Prevention and Prohibition) Act 2022;
• the Terrorism (Prevention and Prohibition) Act 2022;
• regulations and guidance of the Nigeria Financial Intelligence Unit (NFIU) and the Special Control Unit Against Money Laundering (SCUML);
• applicable Securities and Exchange Commission (SEC) and Central Bank of Nigeria (CBN) requirements; and
• the Nigeria Data Protection Act 2023 (NDPA) in respect of personal data processed for AML/CFT purposes.

The regulated digital-asset exchange and custody functions are provided through a licensed third-party exchange and custody partner, whose own AML/CFT obligations apply alongside ours.

This Policy applies to all customers, employees, officers, contractors, and partners involved in the Clusteer service, and to all transactions processed through the Platform.

We assess and manage ML/TF risk across customers, products, channels, geographies, and transactions. Controls are applied in proportion to risk, with enhanced measures for higher-risk situations. We maintain a documented enterprise risk assessment that is reviewed periodically and when material changes occur.

We do not permit anonymous accounts. Before a customer transacts, and on an ongoing basis, we carry out customer due diligence, including:

• verifying identity using reliable, independent sources (including BVN, NIN, government-issued identity documents, and biometric/liveness verification);
• screening against sanctions lists and politically-exposed-person (PEP) databases;
• screening wallet addresses and on-chain activity using blockchain-analytics tools to assess exposure to illicit sources;
• understanding the nature and intended purpose of the customer relationship; and
• assigning a customer risk rating.

Where we provide services to a legal entity, we also identify the entity and verify its beneficial owners and the persons authorised to act on its behalf.

Where required CDD cannot be completed, we will not establish or continue the relationship and will consider whether a report to the authorities is required.

We monitor customer activity on a risk-sensitive basis to detect transactions that are unusual, inconsistent with a customer’s profile, or potentially linked to financial crime. We may request additional information, place holds, or decline transactions as a result.

We screen customers and, where relevant, counterparties and wallet addresses against applicable sanctions and watchlists, including those maintained by the Nigeria Sanctions Committee (NSC), the United Nations, and — because US-dollar stablecoins carry US-sanctions exposure — the US Office of Foreign Assets Control (OFAC), among other applicable regimes. We do not provide services to sanctioned persons or entities, and we will freeze and report assets where required by law.

We do not knowingly provide services to, among others: persons who refuse or fail CDD; sanctioned persons; persons using false or third-party identities; shell entities without a verifiable beneficial owner; and persons using the Service for unlawful purposes. We prohibit the use of the Service to launder proceeds of crime or finance terrorism.

We retain customer identification, verification, and transaction records for at least five (5) years from the end of the business relationship or the completion of the relevant transaction (whichever is later), or longer where the law requires. Records are stored securely and made available to regulators and authorities on lawful request.

Where we know or suspect that funds or activity are linked to ML, TF, or other financial crime, a Suspicious Transaction Report (STR) is filed with the NFIU, and Currency/Threshold Transaction Reports are made where required, within the timeframes set by law. Where our licensed partner is the reporting entity of record for the regulated activity, the filing obligation is allocated between us and the partner by written agreement so that a report is always made by the responsible party; we do not rely on an assumption that the other party will report. We comply with no-tipping-off rules: we will not disclose to a customer that a report has been or may be made.

• Accountability. Senior management is responsible for AML/CFT compliance and for fostering a culture of compliance.
• Compliance Officer / MLRO. We designate a Compliance Officer (Money Laundering Reporting Officer) responsible for this Policy, for filing reports with the NFIU, and for liaising with regulators — their details are below.
• Training. Relevant personnel receive AML/CFT training appropriate to their role, refreshed periodically.
• Independent review. Our controls are subject to periodic independent testing and review.

We cooperate fully with the NFIU, SCUML, EFCC, SEC, CBN, the NSC, and law enforcement, including by responding to lawful requests, freezing assets, and providing records, in line with applicable law and our Privacy Policy.

Personal data processed for AML/CFT purposes is handled in accordance with the NDPA and our Privacy Policy. AML/CFT obligations are a legal basis for processing and, where applicable, override certain data-subject requests (such as erasure) for the period we are required to retain records.

We review and update this Policy periodically and in response to changes in law, regulation, or our risk profile.

Clusteer is a product operated by Outbuild Ltd (RC 8076384). This is a summary AML/CFT policy statement and does not reproduce our internal compliance program.