Document information and change log

Document Information

Change log

Gender And Entity Neutrality

The masculine form is used solely for the sake of better readability. It always refers to persons of any gender identity (m/f/diverse). This document uses the abbreviation “Give” for all legal entities and subsidiaries.

Table of contents

Definitions for terms and acronyms used throughout AML/BSA/OFAC Policy        5

Introduction        6

Definition of Money Laundering        6

Money Laundering Process        7

General Policy        7

Anti-Money Laundering Compliance Officer        7

Review and Approval of the Anti-Money Laundering Compliance Program        8

Independent Audit and Testing of the AML Compliance Program        8

Customer Identification Program        8

Customer Identification        9

Beneficial Ownership        9

When One Entity Owns Another Entity        10

What Triggers Collecting Beneficial Ownership        10

Verification Process        11

Methods of Verification:        12

Additional Action Required:        12

Customer Notice        14

Record-keeping and Retention        14

Additional Requirements        14

Destruction of Records        15

Economic Sanctions/OFAC Screening        15

Initial Screening        16

Periodic Screening        16

Customer Due Diligence        17

Customer Due Diligence        18

Enhanced Due Diligence        18

Screening for Politically Exposed Persons (PEP)        19

Definition        19

Important Public Function:        20

Performing Enhanced Due Diligence        20

Onboarding Exceptions        21

Account Changes to Sub-merchant account        21

Ordinary changes        21

Sub-merchant graduation to direct merchant        21

Monitoring Accounts For Suspicious Activity        22

Merchant Site Survey Policy        23

Factors triggering a site-survey        23

Business type        23

Transaction volume        23

Behavior pattern        24

Methods of conducting site survey        24

Data verification        24

Photo verification        24

On-site visit        24

Currency Transaction Reporting        24

Concentrations Accounts        25

Emergency Telephone Notification to the Government & Sponsor        25

Money Laundering "Red Flags"        25

Responding to Law Enforcement Requests        26

Risk Assessment Process        27

Customer Risk Assessment        27

Enterprise Risk Assessments        27

Training Program        27

Report of Foreign Bank and Financial Accounts (FBAR):        28

Confidential Reporting of AML Non-Compliance        28

Recordkeeping        28

Exceptions to Policy        28

Attachment A – Current Chief Risk and Compliance Officer        29

Attachment B – Entities Excluded from Definition of Legal Entity        30

Attachment C – The Following are Exempt from Beneficial Ownership Information:        33

Attachment D – Suspicious Activity Report (SAR)/ Suspect Violation Report (SVR) Template        34

Attachment E – Prohibited Sub-merchant types        38

Definitions for terms and acronyms used throughout AML/BSA/OFAC Policy

Introduction

This Anti-Money Laundering Policy establishes Give Corporation Inc. (“Give” or “Company”) Anti-Money Laundering Compliance Program (“AMLCP”) for combatting and minimizing the risk of money laundering activities/terrorist financing pertaining to or in relation to its payment facilitation and other services or merchant customers. All Give officers, directors, and employees (collectively, “Employees”) are bound by these terms and obligated to adhere to them.

The Bank Secrecy Act (“BSA” or “Act”), as amended, requires financial institutions to implement anti-money laundering programs designed to thwart money laundering and terrorist financing. Although Give does not engage in money transmission or otherwise meet the definition of a financial institution with direct obligations to establish an AML program under the BSA or its implementing regulations, Give has developed and implemented this AML / BSA Policy to minimize the risk of money laundering and terrorist financing in connection with its services.

As a payment facilitator, Give engages in various payments-related activities for sub-merchant customers (“Sub-Merchants” or “Customers”), including soliciting Sub-Merchants for payment processing services, processing Sub-Merchant applications, servicing Sub-Merchants, selling or leasing equipment to Sub-Merchants, processing transactions, managing chargebacks, and detecting fraud, among other activities (“Services”). Give provides the Services through contracts with various sponsor banks and acquirers (“Sponsors”), which entities may be required by law or card network rules to implement Bank Secrecy Act/Anti-Money Laundering (“BSA/AML”) compliance programs in connection with their or their partners’ acquiring activities. The five pillars of BSA/AML compliance are integrated into various segments throughout this comprehensive policy document.

Definition of Money Laundering

The Financial Action Task Force (FATF), the Paris-based multinational group formed in 1989 by the Group of Seven industrialized nations to foster international action against money laundering, has agreed to this "working definition" of money laundering:

1. The conversion or transfer of property, knowing it is derived from a criminal offense, for the purpose of concealing or disguising its illicit origin or of assisting any person who is involved in the commission of the crime to evade the legal consequences of his actions,

2. The concealment or disguising of the true nature, source, location, disposition, movement, rights with respect to, or ownership of property knowing that it is derived from a criminal offense,

3. The acquisition, possession or use of property, knowing at the time of its receipt that it was derived from a criminal offense or from participation in a crime.

In general, the U.S. money laundering laws apply to:

1. Any financial transaction, or anyone who transports, transfers, transmits a monetary instrument or funds from a place in the United States to or through a place outside the United States, or from a place outside the United States to or through a place in the United States, or attempts to do so,

2. Any activity involving the proceeds of "specified unlawful activity" or any person or entity who has knowledge of funds that have come from some form of illegal activity.

3. Any person or entity with the intent to promote an unlawful activity, or evade U.S. taxes, or conceal the ownership of the money or assets, or to cause a report required to be made under federal or state law.

Money Laundering Process

Money laundering is the process that disguises illegal profits without compromising the criminals who wish to benefit from the proceeds. There are two reasons why criminals, whether drug traffickers, corporate embezzlers or corrupt public officials, have to launder money, (1) the money trail is evidence of their crime and (2) the money itself is vulnerable to seizure and has to be protected. Regardless of who uses the apparatus of money laundering, the operational principles are essentially the same. Money laundering is a dynamic three-stage process. These three stages are usually referred to as Placement, Layering, and Integration.

• Placement, moving the funds from direct association with the crime;
• Layering, disguising the trail to foil pursuit; and,
• Integration, making the money available to the criminal once again with its occupational and geographic origins hidden from view.

General Policy

It is strictly prohibited for any person associated with Give to engage in the laundering of money or any activity associated with the funding of terrorist or other illegal activities; it is the policy of Give to actively prevent such activities. Give and its management are firmly committed to reporting and prosecuting any and all personnel who participate, or have any knowledge whatsoever, of any money laundering or terrorist funding activities. It is the responsibility of every person associated with this Company to IMMEDIATELY report any suspicious activity in a Customer account or suspicious activity of any registered, non-registered or affiliated person of this Company to the designated Anti-Money Laundering Compliance Officer (“AMLCO”). If reported to senior management other than the AMLCO, the senior management is responsible for reporting the information to the AMLCO. Failure to comply with the requirements of this AML / BSA Policy can have serious consequences for Give and its Employees. Accordingly, Employee conduct inconsistent with this AML / BSA Policy may subject the Employee involved to disciplinary action, up to and including termination of employment.  

It is the Company’s policy that all Employees have the ability to report any information regarding money laundering or other suspicious activity directly to the AMLCO or a member of senior management in person or via phone, letter, e-mail or fax. It is strictly prohibited for any person associated with Give to prevent, obstruct or retaliate against any person who reports suspicious activity to the AMLCO or a member of senior management.

Anti-Money Laundering Compliance Officer

Company has designated an AMLCO responsible for implementing this BSA / AML / OFAC Policy (the current AMLCO is identified in Attachment A). The responsibilities of the AMLCO include the following:

• Keeping this AML / BSA / OFAC Policy and Give’s AML Compliance Program (“AMLCP”) current;
• Implementing this AML / BSA / OFAC Policy
• Overseeing training for Employees;
• Overseeing communication of the Company’s anti-money laundering policies and procedures to Employees;
• Overseeing the preservation and maintenance of records related to the Company’s AMLCP;
• Updating the Company’s AML / BSA / OFAC Policy and any corresponding procedures as needed but at least annually;
• Monitoring and overseeing the Company’s and its Employee’s compliance with the policies and procedures outlined below
• Cooperating with all regulatory money laundering investigations and providing all documentation and information requested by state, federal, and self-regulatory organizations.

Review and Approval of the Anti-Money Laundering Compliance Program

The Chief Risk Officer “CRO” or a senior officer at Give shall review and approve the AMLCP. The designated officer will evidence his/her review and approval of the AMLCP in writing.

The AMLCO will perform a risk assessment of the Services at least every two years. The risk assessment will document risks associated with the Services, Sub-Merchants, geographies, and other applicable risk factors, and will take into account best practices, Sponsor expectations, applicable laws, and card network rules. The risk assessment will be used by the AMLCO to confirm the adequacy and effectiveness of the AMLCP, and any modifications necessary to manage identified risks.

Independent Audit and Testing of the AML Compliance Program

Give will conduct an independent review of its AMLCP and AML / BSA / OFAC Policies. An external auditor will be selected for performing this review conducted at a minimum of once every two years. The independent auditor must not be involved in the day-to-day responsibilities which impact the compliance of the organization, and Company’s AMLCO is explicitly precluded from conducting the review/audit.

Customer Identification Program

Give has developed a Customer Identification Program (“CIP”) designed to enable it to form a reasonable belief that it knows the true identity of each of its Customers. If Give is unable to form a reasonable belief that it knows the true identity of a Customer, it shall not allow such Customer to receive any Services, or if the Customer is already receiving Services, such Services shall be suspended (until Give is able to form a reasonable belief it knows the Customer’s identity) or the relationship is terminated.  

Customer Identification

The minimum identifying information that must be obtained from each Customer prior to opening an account is:

• Legal Name; the legal name of the business and individual(s);
• Physical address; a residential or business street address. City, state, zip and country is required.
• Date of birth (if an individual)
• Phone Number
• URL/Website Address(es)
• Email Address
• Number on PayFac Platform
• DBA Name
• Billing Descriptor; will be assigned Give PayFac 3 digit leading prefix and *, then name
• Date Business Opened
• Merchant Category Code (MCC)
• Type of Business (Corporation, Partnership, LLC, Sole Proprietor, Non-Profit)
• DDA # (Checking account number)
• ABA # (Bank routing number)
• Tax Identification Number (TIN); Social Security Number (SSN) for individuals and if Sole Proprietor.        
• Business State (Open or Closed)
• If closed, termination date

For each legal entity Customer, information shall be collected to identify (a) each individual or legal entity that, directly or indirectly, owns 10% or more of the Customer; and (b) at least one individual with managerial control of the Customer (collectively “Beneficial Owners”). A legal entity is defined as a corporation, limited liability company, or other entity that is created by the filing of a public document with a Secretary of State or other similar office, a general partnership, and any similar entity formed under the laws of a foreign jurisdiction that opens an account. Please refer to Attachment B for a list of types of business entities that are excluded from the definition of a legal entity Customer.

Beneficial Ownership

For each Beneficial Owner, Give must collect the following information:

• Owner’s Name
• Owner’s % Ownership
• Owner’s Home Address
• Owner’s Date of Birth
• Owner’s Social Security Number or other tax ID number

Attachment B lists the entities that are exempt from Beneficial Ownership information:

When One Entity Owns Another Entity

The Ultimate Beneficial Owner (“UBO”) is the individual who indirectly owns the entity(ies). This could be through one or several entities. To determine the UBO, the percentage ownership through each entity is calculated.

What Triggers Collecting Beneficial Ownership

Beneficial Ownership information is collected at onboarding. Updates and changes to the customer will trigger collecting updated Beneficial Ownership information. Below are additional events when beneficial ownership information will be collected:

• Adding a New Merchant Location

• Beneficial Owner Changes

• Known Death of a Beneficial Owner

• Change in Address, Phone Number, Business Name, etc.

• Change in Account Signers

• Known Sale of a Company

• Processing Changes

• Risk Events

• Data Compromises

• Significant or Unexplained Activity

• Periodic Reviews

• Visa/MasterCard Registration Changes

MATCH screening will be performed on all Sub-Merchants and their owners.

Only United States Sub-Merchants will be boarded. Any accounts not domiciled in the U.S. will be rejected from Sub-Merchant boarding.

The term “U.S. Person” refers to a person that is a U.S. citizen, a Permanent Resident, or a person other than an individual that is established or organized under the laws of a State or the United States (e.g. a corporation, partnership, or trust). The term “Non-U.S. Person” refers to a person that is not a U.S. Person.

In the event that a Customer has applied for, but has not received, a taxpayer identification number, Give will confirm that the application was filed by obtaining a copy of the Customer’s application for a taxpayer identification number prior to opening the account. In addition, Give will obtain the taxpayer identification number within a reasonable period of time after the account is opened.

If a potential or existing Customer either refuses to provide the information described above when requested, or appears to have intentionally provided misleading information, Give will not open a new account and, after considering the risks involved, will consider closing any existing account. In either case, the AMLCO will be notified to determine whether Give should report the situation to its Sponsors.

Provided the necessary controls are in place, the Company may “rely on” the performance by a third party financial institution of some or all the Company’s CIP procedures with respect to certain Customers. At all times, however, the Company may only rely on a third party financial institution’s performance of CIP functions with respect to a Customer that is opening an account, or that has established an account or similar business relationship, with the applicable third party financial institution to provide or engage in services, dealings or other financial transactions.  Further, the Company may only rely on a third party financial institution’s performance of CIP functions when all of the following are true:

(1)        that reliance is reasonable under the circumstances,

(2)        the other financial institution is subject to a rule or rules implementing the anti-money laundering compliance program requirements of the BSA and be regulated by a federal functional regulator, and

(3)        the other financial institution enters into a contract with the Company requiring it to certify annually to the Company that  has implemented an anti-money laundering program and will perform (or its agents will perform) the applicable legal requirements of a CIP.

The Company will update Sub-Merchant and Beneficial Owner CIP Information (i) upon identifying or receiving information related to a change in ownership, including the addition of new owners that meet the definition of Beneficial Owners; (ii) upon providing information about a Sub-Merchant’s suspicious activities to a Sponsor for the filing of a suspicious activity report; (iii) in connection with any re-underwriting of the Sub-Merchant under the Underwriting Policy or increase in the risk classification for the Sub-Merchant.

Verification Process

Give will ensure that it has a reasonable belief that it knows the true identity of its Customers by using risk-based procedures to verify and document the accuracy of the information it gets about its Customers. In verifying Customer identity, Give will analyze any logical inconsistencies in the information obtained. Give will verify the Customer’s identity through the use of documentary methods, non-documentary methods, or both (where appropriate). In analyzing the verification information, Give will consider whether there is a logical consistency among the identifying information provided, such as the Customer’s name, street address, zip code, telephone number (if provided), date of birth, and social security number.

An account may not be opened for a Customer whose identity has not yet been verified. Customers may not conduct transactions until their identity has been verified. If Give finds suspicious information that indicates possible money laundering or terrorist financing activity, it will, after consultation with the AMLCO, notify its Sponsor.

A description of the methods and the results of any measures undertaken to verify the identity of an account holder must be recorded in the Customer file. When documentary methods are used, the file should indicate the type of document, identification number (if any), place of issuance, and (if any) date of issuance and expiration date. For purposes of the Company’s CIP, the records made during the verification process must be maintained for a period of five (5) years after the account is closed.

When Give cannot form a reasonable belief that it knows the true identity of a Customer, Give will do the following:

• Not open an account;
• Close an account after attempts to verify the customer's identity failed.

Methods of Verification:

Give will attempt to use documentary methods to verify the Customer’s identity. However, Give will also use non-documentary methods of verification in the following situations:

• When the Customer is unable to present an unexpired government-issued identification with a photograph or other similar safeguard;
• When Give is unfamiliar with the documents the Customer presents for identification verification;
• When the Customer and Company do not have face-to-face contact; and
• When there are other circumstances that increase the risk that Give will be unable to verify the true identity of the Customer through documentary means.

Give will use the following non-documentary methods of verifying identity:

• Contacting the Customer;
• Independently verifying the Customer’s identity through the comparison of information provided by the Customer with information obtained from a consumer reporting agency, public database, or other source;
• Checking references with other financial institutions;
• Obtaining a copy of the Customer’s utility bill(s) for the past two months;
• Obtaining a financial statement.

Give will use the following documentary methods of verifying identity:

For individuals:

• Unexpired government-issued driver’s license bearing a photograph; or
• Unexpired government-issued passport bearing a photograph; or
• If neither a driver’s license or a passport is available, then an unexpired government-issued identification card showing an identification number, evidencing the person’s nationality or residence, and bearing a photograph or similar safeguard.
• Collect and upload all the beneficial owner(s) identification.

For a person other than an individual (e.g. a corporation, partnership, or trust): Documents showing the existence of the entity, including:

• Articles of incorporation;
• Unexpired government-issued business license;
• Trust instrument;
• Partnership agreement;

Additional Action Required:

Additional verification steps must be taken whenever any of the following apply:

• The Customer opens the account without appearing in person at Give  (e.g., over the telephone or online); or
• There is a substantive discrepancy between the information collected and the documentation provided; or
• The Customer is unwilling or unable to provide the requested documentation; or
• The Customer appears to have provided misleading information or documentation; or
• The Customer is a not a U.S. Person; or
• Give is not familiar with the documents presented.

Any additional actions taken by Give to verify the Customer’s identity must be recorded in the client file.

Customer Does not Appear in Person to Open the Account (i.e., no face-to-face contact between the Customer and the Company):

If the Customer opens the account without appearing in person at the Company, Give will take the following additional steps to verify the Customer’s identity:

∙        Obtaining a copy of the Customer’s identification documents;

∙        Using one or more of the non-documentary methods of verification.

Customer is Unwilling or Unable to Provide the Documentation:

If the Customer is unwilling or unable to provide such documentation, the AMLCO will contact the Customer to discuss the matter and to determine if there is any other acceptable documentation available that the AMLCO can use to verify the Customer’s identity. If the Customer refuses to provide any documentation or if the AMLCO is unable to verify the Customer’s identity, then Give will not open the account and, after considering the risks involved, will consider closing any existing account. The AMLCO will also review the matter to determine whether additional steps are necessary, such as notifying Give’s sponsor.

There is a Substantive Discrepancy:

If there is a substantive discrepancy between the information collected and the documentation provided, the AMLCO must be notified. The AMLCO will compare the information/documentation provided by the Customer and obtained elsewhere.  Additionally, the AMLCO may contact the Customer directly to discuss the information/documentation provided. The AMLCO must record in the client file a description of the resolution of each substantive discrepancy discovered when verifying the identifying information obtained. If the AMLCO is unable to verify the Customer’s identity or resolve the discrepancy, then Give will not open the account and, after considering the risks involved, will consider closing any existing account. The AMLCO will also review the matter to determine whether additional steps are necessary, such as notification to its Sponsors.

Give is Not Familiar with the Documents Presented:

If Give is not familiar with the documents presented, the AMLCO will contact the Customer directly to discuss the information/documents submitted and to determine whether other documents are available, which can be used to verify the Customer’s identity. If the AMLCO is unable to verify the Customer’s identity, then Give will not open the account and, after considering the risks involved,  will consider closing any existing account. The AMLCO will also review the matter to determine whether additional steps are necessary, such as notification to its Sponsors.

Customer Notice

During the account opening process, Give will provide the Customer with adequate notice that Give is requesting information to verify the Customer’s identity. The notice shall be in a format approved by the AMLCO and shall include the following language:

“Important Information About Procedures for Opening a New Account

To help the government fight the funding of terrorism and money laundering activities, Federal law requires all financial institutions to obtain, verify, and record information that identifies each person who opens an account.

What this means for you: When you open an account, Give will ask for your name, address, date of birth and other information that will allow us to identify you. Give may also ask to see your driver’s license or other identifying documents.”

Record-keeping and Retention

The Company will maintain a comprehensive record-keeping system to comply with all applicable AML/BSA requirements. This system will include the following:

• Customer Identification Program (CIP): The Company will retain all records obtained for the purposes of its CIP, including customer identification and verification documentation. These records must be retained for at least five years after the date the customer relationship is terminated.
• Transaction Monitoring: The Company will retain records of all customer transactions, including the date, amount, type of transaction, and parties involved. These records must be retained for at least five years after the date of the transaction.
• Suspicious Activity Reporting (SAR): The Company will keep confidential and retain all records relating to SARs filed or records where the Company helped its sponsors to file SAR’s with the Financial Crimes Enforcement Network (FinCEN), including copies of the SARs or its supporting records and any other supporting documentation. These records must be retained for at least five years after the date the SAR is filed.

The Company will also retain any other records that are relevant to its AML/BSA compliance program, such as risk assessments, internal controls, and training materials. These records must be retained for a period of time that is sufficient to demonstrate the Company's compliance with AML/BSA requirements. The Company will ensure that all records are kept in a secure and accessible manner. Records must be retrievable in a timely manner and must be protected from unauthorized access, use, modification, or destruction. The Company's recordkeeping and retention requirements will be reviewed and updated on a regular basis to ensure that they are aligned with all applicable laws and regulations.

Additional Requirements

In addition to the basic recordkeeping and retention requirements listed above, the Company may also be subject to additional requirements depending on its specific industry and business activities. For example, financial institutions are subject to more stringent recordkeeping and retention requirements than other types of businesses.

Examples of Records to be retained

The following are some examples of records that the Company should retain as part of its AML/BSA compliance program:

• Customer identification and verification documentation, such as copies of driver's licenses, passports, and utility bills
• Transaction records, such as bank statements, credit card statements, and wire transfer confirmations
• Incident reports and any supporting documentation
• Risk assessments, internal controls, and training materials

Destruction of Records

The Company will retain all necessary records for the duration mandated by this AML/BSA policy. The method of destruction will be such that it will be impossible to reconstruct the records. This could involve methods such as shredding, incineration, or the erasure of electronic records.

The types of records subject to this policy include but are not limited to customer identification and verification records, transaction records, suspicious activity reports, correspondence with regulators, and other AML/BSA-related documents. Despite this procedure, any records that are under a subpoena or other legal processes will not be destroyed, ensuring compliance with all legal requests for information. In certain cases, as mandated by this policy, regulators or respective institutional bodies, Company will retain specific records for extended periods. For instance, records related to audits and investigations will be retained for seven years.

To guarantee the timely and secure destruction of records, the Company will establish a regular schedule, aligned with the retention period for each type of record. This schedule will ensure the consistent and timely destruction of records, preventing any accidental retention beyond the legally mandated periods. All employees will be thoroughly trained on these policies and procedures, and compliance will be regularly monitored to ensure the continued integrity and legality of Company’s record management. Please refer to the Company’s Record Retention Policy for further details.

Economic Sanctions/OFAC Screening

The Office of Foreign Assets Control of the U.S. Department of Treasury (“OFAC”) administers and enforces economic trade sanctions against targeted foreign countries, terrorism sponsoring organizations, and international narcotics traffickers based on U.S. foreign policy and national security goals. U.S. economic sanctions prohibit “U.S. persons,” wherever located, from engaging in transactions involving certain countries and designated persons, such as terrorists, international narcotics traffickers, and other threats to U.S. interests (such persons referred to as Specially Designated Nationals (“SDNs”)). Persons and entities subject to sanctions are listed on OFAC’s Specially Designated Nationals List (“SDN List”), while OFAC maintains separate programs that focus on transactions with targeted countries and territories (“Territory Sanctions”). GiveCorporation Inc’s monitoring systems are designed to identify and block sanctioned countries, and flag potential matches to individuals or entities. The systems are reviewed periodically for updates. All such alerts are promptly escalated to the Compliance team for enhanced due diligence and determination of reportability.

The Company is prohibited from engaging in transactions (a) with SDNs or entities that are 50% or more owned, directly or indirectly, individually or in the aggregate, by SDNs, or (b) that violate OFAC’s Territory Sanctions. To minimize the risk of engaging in a transaction that violates the OFAC sanction programs, Company will perform the following screening:

Initial Screening

1. Screening merchant, beneficial owner(s) and controller at the time of onboarding or execution of an agreement against applicable sanctions list, including those maintained by OFAC, which may be accessed at https://www.trade.gov/consolidated-screening-list. The evidence of the OFAC check  will be stored in the merchant’s profile.
2. Screening the location of the merchant, beneficial owner(s) and controller against the list of territories subject to OFAC sanctions (which may change from time to time based on U.S. policy). Some territories are subject to comprehensive embargos, while others are subject to targeted sanctions. If a particular transaction implicates any of the following territories that are the subject of OFAC Sanctions programs, the transaction must be approved by the AMLCO. Current sanctions programs are available on the OFAC website, and may include:

Periodic Screening

Screening Customers and Beneficial Ownership the event of any of the following:

• Each time OFAC updates its SDN List.
• Upon identifying or receiving information on a change in ownership, including the addition of new Beneficial Owners.
• Upon the filing of a suspicious activity report about a Customer.
• Every month.

If screening identifies an OFAC hit, the Company shall investigate to determine if it is a true hit or a false positive. If a false positive, then the Company may proceed with the transaction. The following process should be followed in connection with investigating potential hits:

Step 1. If you obtain a name hit against OFAC’s List or against one of OFAC’s sanctions lists or targeted countries, you must evaluate the quality of the hit. Compare the name in your transaction with the name on the sanctions list. Is the name in your transaction an individual while the name on the sanctions list is a vessel, organization or company (or vice-versa)?

• If yes, you do not have a valid match.
• If no, please continue to 2 below.

Step 2. How much of the listed entry’s name is matching against the name in your transaction? Is just one of two or more names matching (i.e., just the last name)?

• If yes, you do not have a valid match.
• If no, please continue to 3 below.

Step 3. Compare the complete sanctions list entry with all of the information you have on the matching name in your transaction. An entry often will have, for example, a full name, address, nationality, passport, tax ID or government identification number, place of birth, date of birth, former names and aliases. Are you missing a lot of this information for the name in your transaction?

• If yes, go back and get more information and then compare your complete information against the entry.
• If no, please continue to 4 below.

Step 4. Are there a number of similarities or exact matches?

• If a match is confirmed, the AML Subsidiary Officer shall report to the Enterprise Compliance Officer, and coordinate to take appropriate measures as required by OFAC, including terminating the relationship, contacting OFAC or other law enforcement authorities, and submitting any required reports.
• If no, you do not have a valid match.

OFAC’s Reporting, Procedures and Penalties Regulations require U.S. persons to file reports when a transaction is “blocked” and when a transaction is “rejected.” When a transaction is blocked, it means that the property at issue must be frozen by the person holding the property  and held in place until instructed otherwise by OFAC. A transaction or transfer that violates the OFAC requirements must be “rejected.” In this context, “rejecting” a transaction means refusing to process the transaction.

If the Company “rejects” a transaction involving the provision of goods or services because of an OFAC hit, the Company must file a report with OFAC within 10 days, even if the transaction did not involve any transfer of property or services (e.g., even for an applicant that requests services but is then rejected because of an OFAC hit). If the Company comes into possession of any blocked property (e.g., funds or assets in which an SDN has an interest), they must be held until the target is delisted, the sanctions program is rescinded, or the Customer obtains an OFAC license authorizing the release of the property.

Blockings and rejections must be reported to OFAC within 10 business days of the occurrence and annually by September 30 concerning those assets blocked (as of June 30). For blocked property (including blocked transactions), records must be maintained for the period the property is blocked and for five years after the date the property is unblocked. Records relating to rejected transactions must be maintained for five years after the date of the transaction.

Customer Due Diligence

The Company will perform Customer Due Diligence (“CDD”) and for higher risk Sub-Merchants Enhanced Due Diligence (“EDD”) to assist Company in identifying Sub-Merchant transactions or activities that pose a higher risk. The performance of CDD/EDD may be executed in coordination with Company’s collection of information pursuant to the applicable regulations, the Underwriting Policy, under which a comprehensive review of each Sub-Merchant is performed from a risk and compliance perspective or through Periodic Reviews. In addition, Give will adhere to the requirements from Give’s sponsor bank for onboarding or periodically reviewing higher risk Sub-merchants.

When undertaking business with a Customer, Give is required to ensure that Give knows who our Customer is and that their source of funds is legitimate. To enable us to do this, Give has implemented Customer Due Diligence procedures which require:

• Identification of the Customer on the basis of documents or information obtained from a reliable and independent source;
• Identification of any Beneficial Owners and taking a risk-based approach to verifying the identity of the Beneficial Owner.
• Obtaining information on the purpose and intended nature of the business relationship; and
• Conducting on-going monitoring of the business relationship including scrutiny of transactions to ensure they are consistent with the profile of the Customer and ensuring verification of identity is kept up to date.

Give also consider whether there are any other beneficiaries or source of funds which must be identified.

(a) Identifying the Customer and verifying the Customer’s identity on the basis of documents, data or information obtained from a reliable and independent source;

(b) Identifying, where there is a Beneficial Owner who is not the Customer, the Beneficial Owner and taking adequate measures to verify his or her identity so that the relevant person is satisfied that he knows who the Beneficial Owner is, including, in the case of a legal person, trust or similar legal arrangement, measures to understand the ownership and control structure of the person, trust or arrangement; and

(c) Obtaining information on the purpose and intended nature of the business relationship.

Customer Due Diligence

As part of the CDD, the following information will be collected on the merchant and principals:

• Nature of business
• Business Profile Verification
• Website Review
• Social Media Review

Enhanced Due Diligence

As part of the EDD, the following is some of the information that will be collected on the merchant and principals. This list is not exhaustive. The merchant’s MCC and or the customer’s inherent risk will drive the additional that is collected for EDD:

• Number of locations
• Expected activity
• Source of funds
• Source of wealth (individuals)

Screening for Politically Exposed Persons (PEP)

Generally, a politically exposed person (PEP) is any natural person who holds or has held a high-ranking important public office at international, European or national level or holds or has held a public office below the national level with a comparable political significance. A PEP is associated with an increased risk of money laundering due to their high profile and the associated higher risk of corruption. Due to their consider-

able influence and their own business relationships, PEPs are more susceptible to being misused for illegal activities. PEPs, therefore, carry an increased risk potential and a higher reputational risk for the Bank. Due to their proximity to the specific money laundering risks of PEPs, the same applies to immediate family members of a PEP as well as to persons known to be close associates of a PEP.

Definition

Give conducts PEP-screening to determine if the Beneficial Owner or a Legal Representative of a merchant meet the definition of a PEP:

• A leading political figure at home or abroad and/ or their immediate family members or close associates;
• Current and former heads of state and/ or their immediate family members or close associates;
• Current and former leaders or senior politicians and/ or their immediate family members or close associates;
• High ranking representatives of foreign political parties, donors, public enterprises or government
• Institutions and/ or their immediate family members or close associates;
• publicly known elected or appointed high- ranking representatives of any government, especially
• If they are officials from "high risk countries" or "high risk governments," as well as high-ranking members of the military and employees and/ or their immediate family members or close associates;
• A senior executive, legislative, administrative, military or judicial official of any government (elected or unelected) and/ or his or her immediate family members or close associates;
• A leadership figure of a large political party and/ or his immediate family members or close associates.

Important Public Function:

The following natural persons perform an “important public function” and should also be classified as PEPs:

• Heads of state, heads of government, ministers, deputy ministers, secretaries of state and Members of the European Commission;
• Members of Parliament and members of comparable legislative bodies;
• Members of the governing bodies of political parties;
• Members of supreme courts, of constitutional courts or of other high-level judicial bodies whose decisions cannot be appealed;
• Members of the management bodies of courts of auditors or of central banks;
• Ambassadors, chargés d’affaires and high-ranking officers in the armed forces;
• Member of the administrative, management or supervisory bodies of State-owned enterprises;
• Directors, deputy directors, members of the governing body or other heads with similar functions in an intergovernmental international or European organization (e.g. UN);
• Natural persons with positions or functions listed by the European Commission (if such list is published); the same applies for natural persons with positions or functions included on possible local lists published by a country in which a branch/ subsidiary of the Bank is domiciled.

It should be noted that the concept of an important public function refers primarily only to official functions at international, European and national level. Public functions below national level (i.e. at local or regional level) should normally not be considered equivalent. They should only be considered if their political significance is comparable to the positions listed above (e.g. prime ministers of a federal state within a federally organized state). None of the public functions mentioned above should be understood to include middle or junior positions. Members of the administrative, management or supervisory bodies of state-owned enterprises should only be regarded as PEPs if the political or economic influence associated with their position is comparable to the influence of the political or state functions mentioned above.

Performing Enhanced Due Diligence

If a Beneficial Owner is identified as a PEP or a Non Resident Alien (“NRA”), the Customer must be rated as high risk and EDD must always be applied. The identification of a PEP and the NRA is immediately reported to the AMLCO for further investigation. Please also refer to the Underwriting Policy and Procedure for EDD on sub-merchants.

Onboarding Exceptions

In rare circumstances, an exception may be approved by Senior Management. The approval will be conditional until the exception can be resolved within a 30 day period. Failure to resolve the exception may result in the merchant may be terminated or a merchant reserve implemented, The following list of exceptions include:

• Missing or positive OFAC result

• Prohibited merchant category

• Merchant volume or risk exposure exceeds Give’s underwriting approval thresholds.

• Suspected identity theft

Account Changes to Sub-merchant account

Give must be informed of certain changes to the Sub-Merchant business. This will ensure that Give is funding the correct bank account, that Give has up-to-date contact details for statements, letters and deliveries, and that the contacts and ownership info for the Sub-Merchant are up to date.

Ordinary changes

Some changes in business may result in a change of legal entity or a change of legal name, such as:

• The business undergoes a change of ownership
• New owners join the company
• Owners leave the company
• A change in business; e.g. a sole proprietor changing to a corporation, partnership, LLC or non-profit
• The legal name of the business is changed
• The physical address has changed
• Changes in URL/Website Address(es)
• Changes in primary contact information including phone number and email address
• Bank account changes including DDA# and ABA#

Account changes and its ownership will be verified using various verification methods such as; uploading bank statements, bank confirmation and verified third party subscription. Changes to the merchant will trigger a notification to verify CIP and CDD/EDD. Exceptions to the policy will be reviewed by Senior Management. Sub-merchants can make changes to their account directly in the Give portal. Any account changes that result in a change in the legal entity or bank details will notify and update the respective account with the financial institutions and third party providers.

Sub-merchant graduation to direct merchant

Sub-merchants that exceed the volume threshold ($1,000,000 for VISA and $1,000,000 for MasterCard) need to be boarded as a direct merchant.

When the volume threshold has been met the AMLCO is notified and the account is reviewed and upon verification a new legal entity is created for the merchant as a direct merchant.

Monitoring Accounts For Suspicious Activity

Give will implement procedures, in coordination with its Underwriting Policy, for monitoring Sub-Merchant transactions for suspicious activity, including monitoring for unusual size, volume, pattern, or types of transactions. In general, suspicious activity refers to activities or transactions that give rise to the knowledge or reasonable suspicion that a Sub-Merchant is engaged in money laundering, terrorist financing, fraudulent, or other unlawful behavior.

Give will comply with its contractual obligations to assist its sponsor banks in filing suspicious activity reports (“SARs”) with the Financial Crimes Enforcement Network (“FinCEN”). Under FinCEN rules, a Sponsor is required to file a SAR upon identifying any transaction conducted or attempted by, at, or through the Sponsor with respect to:

• Criminal violations involving insider abuse in any amount.
• Criminal violations aggregating $5,000 or more when a suspect can be identified.
• Criminal violations aggregating $25,000 or more regardless of a potential suspect.
• Transactions conducted or attempted by, at, or through the Sponsor or the Company and aggregating $5,000 or more, if the Company knows, suspects, or has reason to suspect that the transaction:

• May involve potential money laundering or other illegal activity (e.g., terrorism financing).
• Is designed to evade the BSA or its implementing regulations.
• Has no business or apparent lawful purpose or is not the type of transaction that the particular Sub-Merchant would normally be expected to engage in, and the Company knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction.

Give will document each incident with its sponsor bank by filing the Suspicious activity forms  displayed in attachment D.

In addition to the automatic system monitoring of suspicious activity and transactions, periodic reviews of Sub-Merchants for identification of patterns of unusual size, volume, pattern or type of transactions, geographic factors such as whether jurisdictions designated as “non-cooperative” are involved, or any of the “red flags” identified below. Give will look at transactions in the context of other account activity to determine if a transaction lacks financial sense or is suspicious because it is an unusual transaction or strategy for that customer. The AMLCO or designee will be responsible for this monitoring, will document when and how it is carried out, and will report suspicious activities to the appropriate authorities. As part of this process, the AMLCO will review the Company’s account statements, exception reports and other reports and documentation that may indicate suspicious activity.        

Employees will be trained on red flags associated with Sub-Merchant activity that may be suspicious. Employees shall report any unusual/suspicious activity immediately to the AMLCO or his or her designee, who will determine whether any reported activity is potentially suspicious. Under the direction of the AMLCO or his or her designee, the Company will investigate the matter. Ultimately, any decisions regarding (i) whether identified activity is suspicious; (ii) whether any identified suspicious activity creates a reporting requirement pursuant to a Sponsor contractual requirement; and (iii) what actions, if any, to take in connection with the identified activity, shall be determined by the AMLCO, in consultation with senior management.

Under federal law, information relating to suspicious activity detection, investigation and filing is highly confidential. In particular, federal law prohibits financial institutions and their employees from disclosing that a SAR has been or may be filed. Accordingly, no Employee or agent of Company that is aware of a suspicious or potentially suspicious transaction may notify any person involved in the transaction that the transaction has been reported to the AMLCO. In addition, other than the permissible communications set forth immediately below, no Employee of Company shall disclose any information to any person regarding the referral of suspicious or potentially suspicious conduct. The only exceptions to these prohibitions are the following permissible communications for suspicious or unusual activity referrals: Company’s personnel may communicate only with (1) the AMLCO; (2) authorized persons of Sponsor as necessary to refer and investigate potentially suspicious activity for purposes of filing SAR, or (3) Company’s other authorized persons as such communication is necessary for each Employee to carry out his or her duties.

Merchant Site Survey Policy

A site survey is a process of verifying the identity and legitimacy of a merchant who applies for an account with Give. The purpose of a site survey is to prevent fraud, money laundering, and other illegal activities that may harm Give, its processors or sponsor banks, the merchant, or the customers.

Factors triggering a site-survey

Give uses a risk-based approach to determine which merchants require a site survey and which methods to use. Give considers various factors, such as:

Business type

Some business types are associated with higher risk due to the nature of their products or services, the regulatory environment, or the customer base. These business types may require a more thorough site survey, such as an on-site visit, to ensure compliance with the relevant laws and regulations.

Please refer to attachment C: Prohibited Sub-merchant types of the Underwriting Policy for prohibited high risk merchant codes. Other merchants require pre-approval by sponsor banks. For a full list please refer to Exhibits A and B in the Underwriting Policy.

Transaction volume

Give monitors the transaction volume of each merchant and compares it to the industry average and the merchant’s expected volume. If Give detects a significant deviation or inconsistency, it may trigger a site survey to verify the source and legitimacy of the transactions. For example, if a merchant reports a low volume of sales but processes a large amount of payments, it may indicate fraud, money laundering, or chargeback risk.

Behavior pattern

Give analyzes the behavior pattern of each merchant and identifies any anomalies or red flags. Examples of suspicious behavior include frequent changes of business information, multiple chargebacks or disputes, negative customer feedback, or unusual refund requests. These behavior patterns may indicate that the merchant is involved in illegal or unethical activities, or that the merchant’s account has been compromised. Give may conduct a site survey to confirm the identity and integrity of the merchant.

Methods of conducting site survey

When the necessity for a site survey occurs, Give may use various methods to conduct site surveys, such as listed below. Give evaluates the results of the site survey and determines whether to approve, reject, or request more information from the merchant and also documents the site survey process and outcome for each merchant and keeps a record of the evidence collected. The process follows the applicable laws and regulations regarding the privacy and security of the merchant’s data and the site survey information.

Data verification

Give checks the data provided by the merchant against external sources, such as Plaid, Google Business Directory, or other databases. Give also verifies the ownership and validity of the merchant’s website and domain name.

Photo verification

Give requests the merchant to upload photos of their business location, inventory, marketing materials, and owner’s ID. Give may also use Google Street View or other online images to verify the physical presence of the merchant.

On-site visit

Give may send a representative or a third-party service provider to visit the merchant’s location and inspect the evidence of a legitimate business. The representative may take photos, videos, or notes of the visit and report back to Give.

Currency Transaction Reporting

Company’s policy is not to accept currency from or on behalf of Customers in connection with the Services. Currency means the coin and paper money of the United States or any other country that is designated as legal tender and that circulates and is customarily used and accepted as a medium of exchange in the country of issuance. If Company accepts cash, Company may be required to file a Form 8300 with FinCEN (part of the U.S. Treasury) if it receives or distributes more than $10,000 in cash as a result of a single transaction or two or more related transactions. For additional information, see https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000.

Concentrations Accounts

The Company uses concentration (settlement) accounts to facilitate payments. To reduce the risk of money laundering and fraud, the Company does not give customers access to the accounts and consistently monitors the accounts.

Emergency Telephone Notification to the Government & Sponsor

When conducting due diligence or opening an account, Give will immediately notify the applicable party whether law enforcement and or Sponsor when necessary, and especially in these emergencies:

• A legal or beneficial account holder or person with whom the account holder is engaged in a transaction is listed on or located in a country or region listed on the OFAC list,

• An account is held by an entity that is owned or controlled by a person or entity listed on the OFAC list,

• A customer tries to use bribery, coercion, or similar means to open an account or carry out a suspicious activity,

• Give has reason to believe the Customer is trying to move illicit cash out of the government’s reach, or

• Give has reason to believe the Customer is about to use the funds to further an act of terrorism.

Give will first call the OFAC Hotline at 1-800-540-6322. The other contact numbers to be used are the Financial Institutions Hotline 1-866-556-3974, local U.S. Attorney’s Office 619-557-5610, local FBI Office 858-565-1255, and local SEC Office 323-965-3998.

Money Laundering "Red Flags"

The AMLCO, as well as, all Employees should be aware of “red flags” that may indicate suspicious activity. If a "red flag" is detected, additional due diligence should be performed on the Customer or the transaction before proceeding. Examples of "red flags" can include but are not limited to the following:

1. The Customer exhibits unusual concern regarding the Company's compliance with government reporting requirements and the Company's AML policies, particularly with respect to his or her identity, type of business and assets, or is reluctant or refuses to reveal any information concerning business activities, or furnishes unusual or suspect identification or business documents.

2. The Customer wishes to engage in transactions that lack business sense or apparent investment strategy, or are inconsistent with the Customer's stated business strategy.

3. The information provided by the Customer that identifies a legitimate source for funds is false, misleading or substantially incorrect.

4. Upon request, the Customer refuses to identify or fails to indicate any legitimate source for his or her funds and other assets.

5. The Customer (or a person publicly associated with the Customer) has a questionable background or is the subject of news reports indicating possible criminal, civil, or regulatory violations.

6. The Customer exhibits a lack of concern regarding risks, commissions, or other transaction costs.

7. The Customer appears to be acting as an agent for an undisclosed principal, but declines or is reluctant, without legitimate commercial reasons, to provide information or is otherwise evasive regarding that person or entity.

8. The Customer has difficulty describing the nature of his or her business or lacks general knowledge of his or her industry.

9. The Customer insists on dealing only in cash equivalents or asks for exemptions from the Company’s policies relating to the cash equivalents.

10. The Customer engages in transactions involving cash or cash equivalents or other monetary instruments that appear to be structured to avoid the $10,000 government reporting requirements, especially if the cash or monetary instruments are in an amount just below reporting or recording thresholds.

11. For no apparent reason, the Customer has multiple accounts under a single name or multiple names, with a large number of inter-account or third party transfers.

12. The Customer is from, or has accounts in, a country identified as a non-cooperative country or territory by the Financial Action Task Force (FATF).

13. The Customer maintains multiple accounts, or maintains accounts in the names of family members or corporate entities, for no apparent business purpose.

When an Employee detects any red flag, he/she must immediately notify the AMLCO. The AMLCO  will then investigate the matter further, which investigation may include gathering additional information internally or from third-party sources, contacting the Sponsor, freezing the account, or providing information on the suspicious activity to the Sponsor for consideration of a SAR filing.

Responding to Law Enforcement Requests

Company’s policy is to cooperate fully with law enforcement and other government authorities in accordance with applicable laws and regulations. If the Company receives a law enforcement subpoena or similar request for information about a Sub-Merchant, the AMLCO shall conduct a risk assessment of the Sub-Merchant and review its account activity for suspicious activity. It is prohibited by law for the Company to share information relating to the law enforcement request with a Sub-Merchant. It is prohibited by law for the Company to directly or indirectly disclose to the Sub-Merchant that is the subject of the law enforcement request, its existence, its contents, or the information Company used to respond to it. Based on the review, the AMLCO will determine whether to maintain the Sub-Merchant or terminate the relationship. If Company determines to terminate the relationship, but receives a written request or order from law enforcement to keep the account open, Company may – subject to any legal or financial concerns – keep the account open consistent with the written request from law enforcement before terminating the relationship.  

Risk Assessment Process

The environment and market in which Give operates is constantly changing and evolving. Our systems and controls must reflect the degree of risk associated with our business and Customers and Give will determine appropriate customer due diligence measures on a risk-sensitive, case-by-case basis.

Customer Risk Assessment

The following factors are likely to be relevant in assessing risk profile:

• background and origin of the Customer;
• nature of the Customers‟ business;
• type of product/service used by the Customer;
• beneficial ownership structure of the Customer (where applicable);
• purpose of the transaction;
• source of funding; and
• location of the Customer and any applicable local anti-money laundering regime and relevant contextual factors (e.g. political stability, level of endemic corruption and reference to an applicable corruption perceptions index).

Customers’ activities also change and the products/transactions attacked by prospective money launderers or terrorist financiers will also vary as perceptions of their relative vulnerability change. There is, however, a balance to be achieved between responding promptly to environmental changes and maintaining stable systems and procedures. Further Risk Assessment policies and procedures are outlined in the Underwriting Policy and Procedure document. Prohibited categories of merchants codes are listed in Attachment E in compliance with Give’s sponsor bank.

Enterprise Risk Assessments

At least every two years, enterprise Risk Assessments will be conducted. This includes the AML/OFAC Risk Assessments.  The Risk Assessments will indicate where the greater risks are and where more resources need to be allocated.

Training Program

The AMLCO will be responsible for overseeing the Company’s training program. The training program will be based on the Company’s size, its Customer base, and its resources.

New Employees will be trained in AML Compliance within 30 days of effective start date.

The training will include at a minimum, the following:

• How to identify "red flags" and possible signs of money laundering that could arise during the course of their duties;
• What to do once the risk is identified;
• The Company's record retention policy; and
• Disciplinary consequences, including civil and criminal penalties, for non-compliance with this AML / BSA Policy.

The AMLCO will be responsible for ensuring that the Company conducts anti-money laundering training on an annual basis. Additionally the AMLCO will maintain records to show the persons trained, the dates of the training, and the subject matter of the training (including copies of any materials used during the training).

Report of Foreign Bank and Financial Accounts (FBAR):

Any person having a financial interest in, or signature or other authority over, financial accounts in a foreign country is required to report the relationship if the aggregate value of the accounts exceeds $10,000. FBARs are filed with FinCEN. Give will file with FinCEN a FBAR for any financial accounts that meet the forgoing by using the FBAR Form at http://www.fincen.gov/f9022-1.pdf.

Confidential Reporting of AML Non-Compliance

Employees will report any violations of the Company’s AMLCP to the AMLCO, unless the violations implicate the AMLCO, in which case the Employee shall report to the CEO of the Company. Such reports will be confidential, and the Employee will suffer no retaliation for making them.

Recordkeeping

All records necessary to evidence Company’s compliance with this Policy must be maintained for a minimum of five years for records or five years after the account was closed, including, but not limited to, the Company’s CIP records.

Exceptions to Policy

The Senior Risk Officer has the authority to grant exceptions to this Policy after careful consideration of any applicable laws and regulations, business risk(s), and any applicable contractual requirements. Under no circumstances shall any exception be approved that would cause the Company to be out of compliance with applicable law, card network rules, or Sponsor contractual requirements. Any exception that is approved must be authorized in writing by the Chief Risk Officer and must include a description of the reason for the exception as well as other relevant information. Only requests for specific exceptions may be considered; requests for blanket exceptions will not be permitted.

Attachment A – Current Chief Risk and Compliance Officer

Loraine Stewart is the Company’s designated Chief Compliance Officer.

Email: loraine@givecorporation.com 

Phone: (800) 913-0163 x5

Aaron Miller is the Company’s designated Chief Risk and Technology Officer.

Email: aaron@givecorporation.com 

Phone: (800) 913-0163 x4

Attachment B – Entities Excluded from Definition of Legal Entity

Exclusions from the definition of Legal Entity Customer

Under 31 CFR 1010.230(e)(2) a legal entity customer does not include:

• A financial institution regulated by a federal functional regulator^[1] or a bank regulated by a state bank regulator;
• A person described in 31 CFR 1020.315(b)(2) through (5):

• A department or agency of the United States, of any state, or of any political subdivision of any State;
• Any entity established under the laws of the United States, of any state, or of any political subdivision of any state, or under an interstate compact between two or more states, that exercises governmental authority on behalf of the United States or any such state or political subdivision;
• Any entity (other than a bank) whose common stock or analogous equity interests are listed on the New York Stock Exchange or the American Stock Exchange (currently known as the NYSE American) or have been designated as a NASDAQ National Market Security listed on the NASDAQ stock exchange (with some exceptions);
• Any subsidiary (other than a bank) of any “listed entity” that is organized under the laws of the United States or of any state and at least 51 percent of whose common stock or analogous equity interest is owned by the listed entity, provided that a person that is a financial institution, other than a bank, is an exempt person only to the extent of its domestic operations;

• An issuer of a class of securities registered under section 12 of the Securities Exchange Act of 1934 or that is required to file reports under section 15(d) of that Act;
• An investment company, investment adviser, an exchange or clearing agency, or any other entity that is registered with the SEC;
• A registered entity, commodity pool operator, commodity trading advisor, retail foreign exchange dealer, swap dealer, or major swap participant that is registered with the CFTC;
• A public accounting firm registered under section 102 of the Sarbanes-Oxley Act;
• A bank holding company or savings and loan holding company;
• A pooled investment vehicle that is operated or advised by a financial institution that is excluded under paragraph (e)(2);
• An insurance company that is regulated by a state;
• A financial market utility designated by the Financial Stability Oversight Council;
• A foreign financial institution established in a jurisdiction where the regulator of such institution maintains beneficial ownership information regarding such institution;
• A non-U.S. governmental department, agency, or political subdivision that engages only in governmental rather than commercial activities;
• Any legal entity only to the extent that it opens a private banking account subject to 31 CFR 1010.620.

Trusts

• Trusts are not included in the definition of legal entity customer, other than statutory trusts created by a filing with a Secretary of State or similar office.^[2]

Exemptions from the Ownership Prong

Certain legal entity customers are subject only to the control prong of the beneficial ownership requirement, including:

• A pooled investment vehicle operated or advised by a financial institution not excluded under paragraph 31 CFR 1010.230(e)(2); and
• Any legal entity that is established as a nonprofit corporation or similar entity and has filed its organizational documents with the appropriate state authority as necessary.

Exemptions and Limitations on Exemptions

Subject to certain limitations, banks are not required to identify and verify the identity of the beneficial owner(s) of a legal entity customer when the customer opens any of the following categories of accounts:

• Accounts established at the point-of-sale to provide credit products, including commercial private label credit cards, solely for the purchase of retail goods and/or services at these retailers, up to a limit of $50,000;
• Accounts established to finance the purchase of postage and for which payments are remitted directly by the financial institution to the provider of the postage products;
• Accounts established to finance insurance premiums and for which payments are remitted directly by the financial institution to the insurance provider or broker;
• Accounts established to finance the purchase or leasing of equipment and for which payments are remitted directly by the financial institution to the vendor or lessor of this equipment.

These exemptions will not apply:

• If the accounts are transaction accounts through which a legal entity customer can make payments to, or receive payments from, third parties.
• If there is the possibility of a cash refund on the account activity opened to finance the purchase of postage, to finance insurance premiums, or to finance the purchase or leasing of equipment, then beneficial ownership of the legal entity customer must be identified and verified by the bank as required either at the initial remittance, or at the time such refund occurs.

Attachment C – The Following are Exempt from Beneficial Ownership Information:

• Sole Proprietorships

• Unincorporated Associations

• Natural Persons

• Trusts - Other than Statutory

• Government Agency

• Banks

• US Government

• Listed Companies

• Exchange or Clearing Agencies

• Bank Holding Company

• Registered Public Accounting Firm

• Foreign Person

• Registered Investment Company

• State Regulated Insurance Company

Beneficial Ownership is not necessary for the following only the controlling individuals information:

• Non Profits

• Charities

Attachment D – Suspicious Activity Report (SAR)/ Suspect Violation Report (SVR) Template

Please submit this Information Report and all supporting documentation to ISO@ches.bank

*Add Additional Rows as Needed

Attachment E – Prohibited Sub-merchant types

The following sub-merchant types and their activities are prohibited from opening an account. If an active sub-merchant is engaged in any of the following activities their account will immediately be closed. Give does not board any sub-merchants that require brand registration.

• Merchants selling goods or services that are prohibited by the card Networks
• Merchants or owners/principals on MATCH (Merchants added due to Identity Theft may be presented to the Payments Committee for Approval)
• Bankruptcy Lawyers
• Charities without 501C3 or equivalent status
• Cyberlocker Merchants (also known as file-hosting services, cloud-based storage services and online file-storage), including

• Archival File Storage (for remote access)
• File Transfer (facilitation of transfer or storage of large files)
• File-Sharing (distribution of files via download or “streaming”)

• Decryption and descrambler products including mod chips
• Direct control of internal concentration or suspense accounts by customers
• Essay mills/paper mills (i.e. ghostwriting services that sell essays, term papers, etc. with intent that purchaser will submit documents as their own)
• HD DVD and Blu-ray Disc Decryption Devices
• High interest rate non-bank consumer lending, including payday lending and title loans, and their owners and principals
• Investment or “Get Rich Quick” Merchants, Businesses, Programs or Opportunities (e.g. real estate purchase with No Money Down, government grants)
• Kava
• Medical Devices
• Money-Making Opportunities/Work- from-Home/Coaching and Mentoring
• New bearer share issuance or issued bearer shares that have not been immobilized or are not with an approved custodian
• Pawn Shops
• Payable-through accounts through domestic or foreign bank customers (i.e., correspondent accounts that are used directly by third parties to transact on their own behalf)
• Personal Enhancement Products and/or Supplements
• Pharmacies (Internet/MOTO)
• Pharmaceutical sales
• Pharmacy Referral Sites (Internet/MOTO)
• Phone Unlocking Services and Unlocked Cell Phones
• Physical transportation of currency and monetary instruments by employees (e.g., bulk cash on behalf of customers)
• Prescription Drugs and Devices (Internet/MOTO)
• Pseudo-Pharmaceuticals, food products or other digestibles marketed via unsubstantiated and/or unlawful health or medical claims – including but not limited to:

• Anti-aging pills
• Sex nutrients/stimulants
• Weight loss/diet pills
• Increased energy pills

• Rebate-based Businesses or any merchant business model for products/services that are solely based on guaranteed “rebate”, “refund” or “prize” associated with the sale of those products/services (especially those where the rebate or refund equals or exceeds the product/service purchase price or value)
• Selling or Resales of Social Media “click farms” (e.g. the sale of clicks/ likes/ reviews/ endorsements) and other activity
• Sexually Oriented or Pornographic Products (including both child exploitation and adult pornography) and Services (all media types: internet, telephone, printed material, etc.) - including adult entertainment businesses but not limited to:

• Audiotext/Videotext
• Adult Book/Video Stores
• Adult Telephone Conversations
• Adult websites and content
• Any products on the internet containing graphic or nude content
• Companion/Escort Services, Dating Services
• Fetish Products
• Gentleman’s clubs, topless bars/clubs, and strip clubs
• Mail order spouse/international matchmaking services
• Modeling Agencies
• Massage Parlors
• Sexually oriented dating services

• Shell banks
• Shipping or Forwarding Brokers
• Spyware/Malware
• UseNet
• Weapons and ammunitions, and firearms parts (Internet/MOTO)

The information contained herein is intended to provide a general overview of the Company’s policies and procedures relating to compliance with this Policy and does not constitute legal advice or a complete description of the laws and regulations relating to this Policy. The Company has made every effort to ensure the accuracy and completeness of this Policy.  This document is intended to provide guidance to employees of Company on how to comply with applicable laws and regulations related to this Policy. Employees should consult with the Legal or Compliance Department if they have any questions about the Policy or how to comply with it. Company reserves the right to modify or update this Policy at any time without notice. Employees are responsible for reviewing the Policy on a regular basis to ensure that they are aware of any changes. This Policy applies to all employees of Company, regardless of their position or location unless stated otherwise in the Policy. Employees are responsible for complying with the Policy and for reporting any suspected violations to their respective supervisor, the Legal Department, AMLCO or respective recipient of such violation as outlined in this Policy.