ANTI-MONEY LAUNDERING (AML) & COUNTER-TERRORIST FINANCING (CFT) POLICY

1. Policy Statement

GMR International Group Ltd, operating under the brand UPWAW, is a technology service provider delivering messaging and workflow automation solutions via the WhatsApp Business API.

UPWAW is committed to maintaining high standards of integrity, transparency, and risk management. The company operates in alignment with applicable Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) principles and has implemented appropriate measures to prevent misuse of its platform.

The company has implemented internal controls designed to prevent misuse of its platform, including customer onboarding checks, risk-based assessments, and fraud prevention measures.

Payments received by UPWAW relate solely to services provided and do not constitute funds held on behalf of customers. UPWAW does not offer wallet or stored-value functionality, nor does it control customer funds at any stage.

All payout transactions are executed exclusively by licensed PSPs using prefunded balances. A detailed overview of the payout process and fund movement is provided in Appendix A: Payout Flow. UPWAW maintains a prefunded balance with the PSP solely for the purpose of facilitating transaction execution.
 

2. Objectives

UPWAW’s primary objective is to ensure that its operations, products, and services are not used for money laundering or terrorist financing. The company upholds a zero-tolerance approach towards financial crime and is committed to protecting its customers, partners, and the financial ecosystem at large.

The purpose of this AML/CFT policy is to outline the internal controls, procedures, and principles adopted by UPWAW and ensure that its operations, products, and services are not used for money laundering or terrorist financing. The company upholds a zero-tolerance approach towards financial crime and is committed to protecting its customers, partners, and the financial ecosystem at large.

This policy is designed to ensure that UPWAW operates in a manner consistent with industry best practices and supports a secure and compliant ecosystem in collaboration with regulated partners.

The policy does not establish or imply that UPWAW performs regulated AML obligations, but rather defines the company’s internal risk management approach.

UPWAW aims to prevent misuse of its platform for illegal or fraudulent activities, and company applies internal controls and risk-based measures to ensure secure operations.
 

3. Scope of Activities

1. UPWAW provides a technical interface that enables businesses to interact with end users and initiate payment instructions through integrations with licensed PSPs.
2. UPWAW takes into account applicable UK legal and regulatory frameworks, as well as industry best practices, in relation to AML/CFT risk management.
3. The platform facilitates communication, automation, and API-based workflows.
4. A high-level overview of the system architecture supporting these processes is provided in Appendix B: System Architecture.
5. UPWAW facilitates service workflows and payment-related interactions. Customers may complete payments for services provided by UPWAW, while payout execution is performed exclusively by licensed PSPs.
    

4. Risk-Based Approach

1. UPWAW adopts a risk-based approach to identify, assess, and mitigate risks associated with its customers and platform usage.
2. Risk factors considered include geographic location, nature of business, type of services used, and behavioral indicators.
3. Based on these factors, customers may be categorized into risk levels, allowing UPWAW to apply proportionate internal controls.
4. Based on this assessment, customers are classified into low, medium, or high-risk categories.
5. High-risk customers or transactions receive enhanced scrutiny, including more frequent monitoring and deeper due diligence. The company also adjusts its controls in response to internal audits, customer behavior, or regulatory alerts, ensuring a flexible and proactive approach to risk management.

5. Customer Verification (KYB/KYC)

1. UPWAW conducts Know Your Customer (KYC) process to verify the legitimacy of its clients by collects sufficient information to understand the nature and purpose of the customer relationship.
2. KYC measures include verification of the customer’s identity using official documents. For ongoing relationships, the KYC information is reviewed periodically to ensure accuracy and relevance.
3. Failure to obtain satisfactory KYC information results in the denial or termination of the business relationship.
4. These processes are conducted solely for fraud prevention and platform integrity and do not constitute regulated KYC or AML obligations

6. Enhanced Due Diligence (EDD)

Enhanced Due Diligence (EDD) is applied to situations that present a higher risk of money laundering or terrorist financing. This includes customers from high-risk jurisdictions, politically exposed persons (PEPs), and those engaged in high-risk industries or complex financial activities.

EDD measures include obtaining additional identification documents, verifying the source of wealth and source of funds, conducting senior management approval, and applying more frequent transaction monitoring. These measures help ensure that high-risk customers are subject to stricter oversight throughout the relationship lifecycle.
 

6.1 High-Risk Situations

1. High-risk situations may arise due to various factors such as:
2. Residence in or association with countries with inadequate AML/CFT controls
3. Involvement in industries known for corruption or financial secrecy
4. Use of opaque ownership structures
5. Engagement in transactions with no clear economic rationale

In such cases, UPWAW undertakes intensified monitoring and documentation, ensuring transparency and regulatory compliance.

6.2 Politically Exposed Persons (PEPs)

A Politically Exposed Person (PEP) is an individual who holds or has held a prominent public function, as well as their immediate family members and close associates. UPWAW takes a cautious approach when dealing with PEPs.

Before initiating a relationship with a PEP, UPWAW obtains senior management approval and verifies the legitimacy of the PEP’s source of wealth and funds. Once onboarded, these accounts are subjected to continuous enhanced monitoring to detect any potential misuse.

7. Ongoing Monitoring

Ongoing monitoring is essential for identifying abnormal or suspicious activity. UPWAW monitors customer transactions continuously to ensure they align with expected behavior and business profiles.

The extent of monitoring is proportionate to the customer’s risk classification. For high-risk customers or those flagged for unusual behavior, monitoring is more frequent and detailed. Indicators of suspicious activity may include high-value transactions, frequent fund movements to high-risk jurisdictions, or sudden changes in transaction patterns.
 

8. Use of Third-Party Providers

1. UPWAW leverages third-party service providers, such as Sumsub, to support identity verification and onboarding processes.
2. These services may used exclusively for fraud prevention, identity verification, monitoring, screening, and ensuring the legitimacy of users on the platform.
3. They are not used to perform regulated AML checks or financial compliance functions.
    

9. AML Training, Internal Controls, and Governance

UPWAW ensures that all employees understand their roles and responsibilities within the AML compliance framework through mandatory training programs. These training sessions cover legal requirements, company policies, reporting procedures, and methods to detect and prevent suspicious activities.

All new employees receive training during induction, while existing staff participate in annual refresher courses. Specialized training is provided to employees handling high-risk customer accounts, compliance functions, and transaction processing.

In addition, UPWAW maintains robust internal policies and procedures designed to detect and prevent misuse of its platform. Employees are trained to identify potential risks, monitor activities, and escalate concerns through appropriate internal channels. The company promotes a strong culture of compliance and ethical conduct across all levels of the organization.

The allocation of responsibilities and system-level controls are further supported by the architecture described in Appendix B and operational flows in Appendix A.

10. Prohibited Activities

1. UPWAW strictly prohibits the use of its platform for illegal activities, including but not limited to fraud, money laundering, terrorist financing, and sanctions violations.
2. The company reserves the right to suspend or terminate accounts that are suspected of engaging in prohibited activities.

11. Record Keeping

UPWAW retains all records related to customer identification, verification, transactions, and compliance monitoring for a minimum of five years following the termination of a business relationship or completion of a transaction, whichever is later.

These records include copies of identification documents, due diligence files, account activity logs, and correspondence. All records are stored securely and are accessible only to authorized personnel.

12. Policy Review and Updates

1. This policy is reviewed periodically and updated as necessary to reflect changes in business operations, risk environment, and industry practices.
2. UPWAW remains committed to continuous improvement of its compliance framework.

Appendices

• Appendix A: Payout Flow & Appendix B: System Architecture