Anti-Money Laundering - Policy

Purpose: To prevent AIC Professional Services UK Ltd from being used to facilitate money laundering, terrorist financing or other illicit finance. This AML Policy sets out the internal controls, customer/supplier due diligence, reporting obligations and governance required under the UK’s AML regime and Financial Conduct Authority (where relevant) guidance.

Approved by: Board of Directors
Date: 27 September 2025

1. Introduction & Scope

AIC operates professional services in software, cyber, investigations and private security. While not an obliged entity for all regulated activities, we adopt a risk-based approach to AML across:

• Client onboarding (particularly where payment flows, escrow services, high-value contracts, or overseas entities are involved).

• Supplier onboarding (hardware, logistics, or cash-intensive services).

• Any activity that may involve handling or facilitating movement of funds.

This policy applies to all employees, contractors and third parties acting on AIC’s behalf.

2. Definitions

• Money Laundering: process of concealing illicit origin of funds to make them appear legitimate.

• Terrorist Financing: provision of funds for terrorist activities.

• Suspicious Activity Report (SAR): report to the UK Financial Intelligence Unit (UKFIU) / National Crime Agency (NCA).

3. Governance & Accountability

• Board of Directors: ultimate responsibility for AML compliance.

• MLRO (Money Laundering Reporting Officer): nominated officer responsible for AML oversight and reporting — MLRO: Oliver Christie (for current structure).

• Deputy MLRO: Head of Finance (or nominated senior finance lead) — to act in absence.

Contact: aml@aicuk.ltd (internal reporting address). For external reporting, SARs are submitted to the UKFIU via NCA channels per statutory requirements.

4. Risk Assessment

AIC undertakes a periodic AML risk assessment covering:

• Customer type and geography (higher risk: sanctioned jurisdictions, high-risk third countries).

• Product and services (high risk: brokered payments, cash transactions, rapid cross-border payments).

• Delivery channels (remote onboarding, third-party intermediaries).

• Reputation & ownership structures (complex corporates, shell companies).

Risk ratings drive due diligence levels: Low / Medium / High.

5. Customer & Supplier Due Diligence (CDD)

5.1 Customer Identification & Verification

• Obtain and verify identity for customers and beneficial owners (UBO >25%) using reliable sources (corporate registry, audited accounts, passports, company documents).

• For corporate customers, collect: registered name, company number, registered address, UBO details, nature of business, source of funds and purpose of relationship.

5.2 Enhanced Due Diligence (EDD)

Apply EDD where:

• Customer or UBO is a Politically Exposed Person (PEP) or close associate.

• Customer or supplier located in high-risk jurisdiction.

• Complex ownership structures or use of intermediaries.

• Transactions are unusually large, frequent or complex.

EDD may require: additional identity verification, senior management approval, independent source checks for source of funds, and ongoing monitoring.

5.3 Simplified Due Diligence (SDD)

In low-risk scenarios (e.g., established UK regulated entities with transparent ownership and bank references), SDD may be applied with documented rationale.

6. PEPs & Sanctions Screening

• Screen all customers, suppliers and beneficial owners against: UK sanctions list, UN sanctions, OFSI, and international lists.

• All PEPs require approval and EDD.

• If a prospective counterparty is on a sanctions list or sanctioned jurisdiction, deny or escalate per legal team guidance.

7. Transaction Monitoring & Reporting

• Monitor for indicators: unusual payment patterns, funds routed via multiple jurisdictions without commercial rationale, inconsistent source of funds, or attempts to obfuscate ownership.

• Employees must report suspicious activity to the MLRO immediately. The MLRO assesses and, where appropriate, submits a SAR to NCA/UKFIU.

• Do not tip off the customer or suspect about a SAR being filed.

8. Record Keeping

Maintain records for at least 5 years (or longer where required by law) of:

• ID verification documents, CDD and EDD files.

• Transaction records, internal risk assessments, SARs and reporting outcomes.

9. Training & Awareness

• Mandatory AML training for finance, procurement, legal and client-facing staff on onboarding checks, red flags, sanctions and reporting obligations.

• Annual refresher training, plus immediate updates for regulatory change.

10. Internal Controls & Audit

• Quarterly AML risk review by the MLRO and annual independent audit of AML controls.

• Internal policies must be reviewed at least annually.

11. Consequences of Non-Compliance

Breach of this policy can lead to disciplinary action, termination of employment, contractual termination with third parties, and report to authorities where appropriate.

12. Sanctions & Export Controls

• No dealing with sanctioned persons/entities/jurisdictions.

• Export controlled technology (including dual-use or defence-related software/hardware) must be reviewed by the legal/compliance lead for export licence requirements and end-use checks.

13. Third-Party Service Providers

• Service providers supporting payments, escrow or fund movements must be AML-compliant and subject to vendor due diligence. Contracts should include AML/warranties and audit rights.

14. Review & Approval

This AML Policy is approved by the Board and reviewed annually.

MLRO Contact:
Oliver Christie — aml@aicuk.ltd