Sevenlocks BDC Limited Compliance Policy is to establish a steadfast adherence to compliance with all relevant & applicable laws, regulations, and guidelines set forth by the Central Bank of Nigeria (CBN) and other relevant regulatory bodies. The company is committed to the fight against all forms of financial crime, which includes, money laundering, terrorism financing, proliferation financing, bribery and corruption, etc. To show this commitment, the company has continually implemented a framework for Anti-Money Laundering (“AML”), Combating the Financing of Terrorism (“CFT”) and the Prevention of the Financing and Proliferation of Weapons of Mass Destruction. Strict adherence to this framework is mandatory for all employees.

The company’s framework ensure compliance with AML/CFT/CPF legislation and regulations in Nigeria and has incorporated leading best practice including but not limited to:

• The Financial Action Task Force (FATF) 40 Recommendations;
• Money Laundering (Prevention and Prohibition) Act 2022;
• Terrorism (Prevention and Prohibition) Act 2022;
• CBN AML/CFT/CPF Regulations 2022;
• Corrupt Practices and Other Related Offences Act, Cap. C31, Laws of the Federation of Nigeria,
  2004 (“the Act”);
• Proceeds of Crimes Act, 2022;
• Nigerian Financial Intelligence Unit Act, 2018;
• UK Bribery Act 2010;
• The Nigerian Code of Corporate Governance 2018;
• Nigerian Sanctions Committee (Nigsac);
• CBN Guidance Note on Politically Exposed Persons (PEPs) 2023;
• CBN Customer Due Diligence Regulation 2023;
• CBN 3 tiered KYC requirements;
• Central Bank of Nigeria (CBN) Code of Corporate Governance for Finance Companies and other Circulars

Structure of the Framework
The company has developed policies and procedural guidelines, and these documents are regularly reviewed to ensure that they remain relevant and current and are in line with the evolving regulatory requirements and best practices. The policies and procedures clearly articulate the company’s AML/CFT/CPF stance in the global fight against financial crime and are available on the company’s intranet site for access to all employees at any point in time.

The company has moved away from a “rule based, tick box” approach for combating financial crime risk to a risk-based approach. Consequently, the company identifies and assesses the risks from a proactive stance and allocates the requisite resources which centre around systems and controls to manage these
risks.

Scope of the Framework
The scope of the company’s compliance framework includes the following:

1. Board and Management Responsibilities:
   In accordance with AML/CFT/CPF global best practice, the “tone is set from the top”. The Board of Directors of the company has oversight responsibilities for the compliance framework. The Board ensures that the company’s Management and all employees adhere strictly to all regulatory and internal policies & procedures relating to AML/CFT/CPF and that the company maintains a zero-tolerance threshold to regulatory infraction. The company’s Chief Compliance Officer is appointed by the Board of Directors and approved by the Central Bank of Nigeria (CBN).
2. Report to Senior Management and the Board:
   On a monthly and quarterly basis, compliance reports are submitted and reviewed by the company’s Senior Management and the Board members during the Monthly Performance and Quarterly Board Audit Committees meetings respectively. These reports provide the Board and Senior Management with information to enable them to assess the company’s compliance with its regulatory obligations. The reports also ensure that Directors and Senior Management are kept abreast on current trends and developments in the financial industry, particularly in the area of AML/CFT/CPF risk management.
3. Know Your Customer (KYC) Procedures:
   We ensure that only customers that align with the company’s risk appetite are on-boarded, duly completed account opening forms, identification document and other relevant information and documents are provided. This is the foundation/ bedrock for on boarding a customer in the company.
   Customer Due Diligence (CDD) is conducted prior to establishing business relationship with a customer. This includes at a minimum, identity and address verification as well as ascertaining the source of income and wealth of the customer.
   Customers that are identified as high risk are subjected to Enhanced Due Diligence (EDD). EDD is conducted on such customers including Politically Exposed Persons (PEPs) customers to assess and manage the risks that the customers may pose. The approval of Senior Management is required prior to the commencement of business relationship with PEPs customers. In compliance with regulatory requirements and perceived AML/CFT risk threats, Designated Non-Financial Businesses and Professionals (DNFBPs) and other similar businesses are required to undertake requisite and regulatory measures prior to account opening such as SCUML
   certificate. As part of the company’s KYC and CDD procedures, identification documents are requested and obtained to confirm the ultimate beneficial owners of a business and the organization’s control and structure.
   Sanction screening is also conducted prior to establishing a relationship as well as prior to effecting a transaction to ensure that the company does not enter a relationship with a sanctioned person/entity, such as UN and Nigeria Sanctions List, EFFC site, carry out background checks via open source such as, Google Search; etc.
4. Transaction Monitoring:
   Transaction monitoring is done using manual and automated methods. The former is performed by the Compliance team, who regularly identify red flags in transactions/activities. Employees are aware that suspicious activities/ transactions should immediately be referred to the Compliance team.
   Suspicious Transactions are brought to the attention of the Compliance team on a manual or automated basis; If deemed appropriate, reports are filed to the Nigerian Financial Intelligence Unit (NFIU) within 24 hours.
   To properly monitor transactions passing through the company’s core application, AML report has been fully deployed in the company database where transaction threshold of N5 million and N10 million for both inflow and outflow has been set to report for Currency Transaction Report, for individuals and corporate customers respectively, providing an advancement in how transactions are monitored and investigated.
5. Transaction Reporting:
   Regulatory and statutory requirements stipulate that certain reports and returns are made to regulatory bodies. In Nigeria, the NFIU is the agency charged with the responsibility of receiving the following core transaction-based reports:
   • Currency Transaction Report (CTR)
   • Suspicious Transaction Report (STR)
   • Foreign Currency Transaction Report (FTR)
   The company renders reports to the NFIU and the CBN in accordance with the provisions of Sections 2 and 7 of the Money Laundering (Prevention and Prohibition), Act 2022 (“the Act”). Section 2 of the Act provides that any lodgment or transfer of funds in excess of N5 million and above for individuals and N10 million and above for corporate customers must be reported.
   Section 7 of the Act provides that a financial institution must submit a report on all unusual and suspicious transactions.
6. Relationship with Regulators and Law Enforcement Agencies:
   The company maintains a cordial and supportive relationship with all regulatory and law enforcement agencies. The company promptly complies with and responds to all requests made, pursuant to the law, and provides information to regulators including the NFIU, the CBN and other relevant agencies.
7. Sanctions Compliance Management:
   As a policy, the company does not establish any business relationship with sanctioned individuals/entities. The Business Development team, as applicable to their functions, are required to screen names of individuals and organizations who have or plan to enter a business relationship or carry out a transaction with/through the company against the watch list that has
   been circulated.
   The watch list contains amongst others, the names of individuals and entities, who have been blacklisted by various regulatory bodies worldwide: Office of Foreign Asset Control (OFAC), United Nation Security Council and Nigeria Sanctions Committee (Nigsac).
8. Politically Exposed Persons:
   Politically Exposed Persons are individuals who are or have been entrusted with prominent public functions and the classification includes people or entities associated with them. Enhanced due diligence measures are applied to PEPs, as with other high-risk customers to mitigate the AML/CFT/CPF risk they pose. This is to ensure that the company is not unknowingly supporting activities such as money laundering and/or the financing of terrorism.
   On-boarding of new PEP accounts, as well as continuity of such accounts (for those already existing in the system) is subject to the approval of Senior Management.
9. Prohibited Business Relationships:
   In line with international best practice, the company does not open accounts or conduct transactions for customers using pseudonyms or numbers instead of actual names or maintain relationships with individuals or entities that have been sanctioned.
10. AML/CFT/CPF Training:
    The company places a significant importance on the training of its employees. Training is conducted to ensure employees are well informed and up to date on the AML/CFT/CPF laws, KYC principles and the red flags of money laundering or terrorism financing e.t.c.
    The training is mandatory for all levels of staff, including Senior Management. Trainings are conducted virtually, face to face on a quarterly basis. We also sent out compliance and AML related issues via email or via intranet to the appropriate personnel in relation to topical national and international findings.
11. Record Retention:
    In accordance with regulations, customer identification documents are retained throughout the life of the account and for five (5) years after the cessation of the business relationship.
    Transaction instruments are retained for five (5) years after the transaction date. In litigation and/or regulatory investigations, the records will be kept for as long as they are required.
12. Data Protection:
    The company adheres strictly to the local data protection policies such as the Nigeria Data Protection Regulations (NDPR) and Nigeria Data Protection Act (NDP Act) in the country where we operate.
13. Whistle Blowing:
    The company has a Whistle Blowing Policy which is approved by the Board. This Policy governs the reporting and investigation of improper or Illegal activity at Sevenlocks BDC Limited, as well as the protection offered to the “Whistle blowers”. All disclosures will be treated with strict confidence and the identity of the Whistle blower will not be revealed except where desired for Security, Regulatory or Legal purposes.

Compliance have gained increasing importance in the business world over the past several decades. This is primarily due to growing regulatory complexity, global expansion of business operations, and heightened public awareness regarding corporate responsibility. Organizations have recognized the
need to formalize their commitment to compliance in response to these developments.

Justification
This policy serves to:
• Ensure that all employees obey the set rules, laws and regulations put in place for the safety, stability, security and soundness of the economy, industry the institution operates in and that of the institution.
• Ensuring that the Institution is run on a sustainable basis by following laid down rules and regulations and not cutting corners.
• Ensure legal adherence and mitigate potential risks.
• Uphold the highest ethical and professional standards.
• Safeguard data privacy and security.
• Promote a safe, healthy, and inclusive workplace.
• Foster environmental responsibility.
• Maintain accurate financial reporting and transparency.
• Regulatory Returns/Report rendition and monitoring.
• Build and preserve trust with clients, stakeholders, and the public.
• Serving as the organisation’s liaison to, and interface with Regulatory and Law
Enforcement Agents on compliance matters.
• The organization will provide ongoing compliance training and educational resources to employees to ensure their understanding and commitment to compliance.
• Communicating and interpreting new regulatory releases to the stakeholders of the organization and providing advice on measure to ease compliance.
• Fosters an ethical and responsible corporate culture, aligning the organization’s values with those of employees, customers, and other stakeholders.

In conclusion, addressing compliance issue is of utmost importance, by taking the proactive measures, we will not only rectify the immediate issue but also strengthen our commitment to compliance, transparency, and the long-term success of our organization.