Zil Money is a financial technology company, not a bank or an FDIC member. Zil Money offers banking services through partnership with FDIC member banks Silicon Valley Bank, Texas National Bank, and East-West Bank.

OFAC POLICIES & PROCEDURES MANUAL

POLICY STATEMENT:

Zil Money Corporation (the “Company”) is committed to compliance with all applicable laws and regulations, including those enforced by the Office of Foreign Assets Control (OFAC). This commitment is reflected in our OFAC Policies & Procedures Manual, which is designed to ensure that our operations are conducted in a manner consistent with OFAC regulations and industry-wide best practice standards.

The purpose of this Policy Statement is to affirm the Company’s commitment to complying with OFAC regulations and to outline our efforts to avoid prohibited transactions and maintain compliance with OFAC regulations. We believe that compliance with OFAC regulations is not only a legal obligation, but also a critical component of our overall risk management framework.

As part of our commitment to compliance with OFAC regulations, the Company has implemented policies, procedures, and controls designed to identify and prevent prohibited transactions. These include, but are not limited to, screening our customers, vendors, and transactions against OFAC’s list of Specially Designated Nationals and Blocked Persons, as well as other sanctions lists maintained by various government agencies. We also conduct periodic risk assessments to identify and mitigate potential areas of exposure to OFAC sanctions.

The Company’s OFAC Policies & Procedures Manual is designed to ensure that our employees understand their obligations under OFAC regulations and are trained to identify and report any potential violations. We have also established internal reporting mechanisms to allow for the timely and effective reporting of any suspected violations of OFAC regulations.

We recognize that compliance with OFAC regulations is an ongoing process and requires a commitment from all levels of our organization. We are committed to continually reviewing and improving our OFAC compliance program to ensure that we are operating in a manner consistent with OFAC regulations and industry-wide best practice standards.

In summary, the Company is committed to compliance with OFAC regulations and maintaining a robust OFAC compliance program. Our OFAC Policies & Procedures Manual reflects our commitment to compliance and outlines our efforts to avoid prohibited transactions and maintain compliance with OFAC regulations. We believe that compliance with OFAC regulations is essential to maintaining the trust of our customers, vendors, and regulators and is a critical component of our overall risk management framework.

RISK ASSESSMENT AND MITIGATION:

The Company is committed to identifying and mitigating risks associated with OFAC sanctions. The Company recognizes the importance of conducting periodic risk assessments to identify and evaluate the risk of its products, services, and customers being used for illicit activities. The purpose of this section is to outline the company’s methods for assessing and managing OFAC-related risks and the controls in place for mitigating these risks.

Risk Assessment:

The Company should conduct periodic risk assessments to identify and evaluate the risk of its products, services, and customers being used for illicit activities. The risk assessment should consider factors such as geographic location, type of business, and customer base. The Company should also consider the following factors when assessing the level of risk associated with a particular transaction or customer:

The nature of the transaction or business relationship
The countries involved in the transaction
The potential for the transaction to be used for illicit purposes
The identity of the customer or counterparty
The potential for the customer or counterparty to be associated with sanctioned individuals or entities
The Company should document the results of its risk assessment and use these results to update its policies and procedures as needed.

Risk Mitigation:

The Company should implement controls for mitigating OFAC-related risks. These controls should be commensurate with the level of risk identified in the risk assessment. Controls may include:

Enhanced due diligence: The Company should conduct enhanced due diligence on high-risk customers or transactions. This may include additional screening against sanctions lists, as well as gathering additional information about the customer or transaction.
Transaction monitoring: The Company should monitor transactions for suspicious activity that may be indicative of sanctions evasion.
Sanctions clauses in contracts: The Company should include sanctions clauses in contracts with business partners, requiring them to comply with OFAC regulations.
Employee training: The Company should train its employees on OFAC regulations and the Company’s policies and procedures for compliance.

Periodic Review:

The Company should periodically review its risk assessments and risk mitigation strategies to ensure they remain effective. The frequency of these reviews should be commensurate with the level of risk associated with the Company’s products, services, and customers. Any changes to the Company’s risk assessments or risk mitigation strategies should be documented and communicated to relevant employees.

In summary, the Company is committed to identifying and mitigating risks associated with OFAC sanctions. The Company will conduct periodic risk assessments and implement controls for mitigating these risks. The Company will also periodically review its risk assessments and risk mitigation strategies to ensure they remain effective.

RISK-BASED APPROACH TO OFAC COMPLIANCE:

The Company recognizes the importance of complying with the regulations set forth by the Office of Foreign Assets Control (OFAC) and the potential risks associated with noncompliance. To ensure compliance with OFAC regulations, the Company must implement a risk-based approach to its OFAC compliance program. This approach must take into account the specific risks associated with its business operations and customers.

Under this approach, the Company will develop and implement a comprehensive OFAC compliance program that is tailored to the Company’s unique risk profile. The program will incorporate all industry-wide best practice standards and comply with the relevant laws, rules, and regulations.

The Company’s OFAC compliance program will be designed to detect and prevent transactions with individuals, entities, or countries subject to OFAC sanctions. The program will also include measures to identify and mitigate the risk of inadvertent violations.

To achieve this, the Company will implement internal controls and procedures for risk assessment, due diligence, and transaction monitoring. The risk assessment will be based on factors such as the nature of the Company’s business, geographic locations of its customers, and the types of transactions conducted.

The due diligence procedures will involve verifying the identity of all customers, including their beneficial owners and the nature of their business. The company will conduct enhanced due diligence on high-risk customers and transactions. Transaction monitoring procedures will involve screening all transactions against the OFAC sanctions lists and identifying and investigating any matches.

To ensure compliance with OFAC regulations, the Company will provide training and communication to all employees, contractors, and agents involved in the Company’s operations. The training will cover the Company’s OFAC compliance program, the importance of complying with OFAC regulations, and the consequences of noncompliance. The Company will also communicate any updates or changes to the program promptly.

In conclusion, the Company recognizes the importance of implementing a risk-based approach to its OFAC compliance program. The program will incorporate all industry-wide best practice standards, comply with the relevant laws, rules, and regulations, and include internal controls and procedures for risk assessment, due diligence, and transaction monitoring. The Company will also provide training and communication to ensure compliance with OFAC regulations.

SCREENING AND MONITORING PROCEDURES:

The Company is committed to complying with the regulations set forth by the Office of Foreign Assets Control (OFAC) and ensuring that its operations are free from transactions with sanctioned individuals or entities. To this end, the Company has developed robust screening and monitoring procedures to prevent such transactions from occurring.

The screening procedures are designed to identify and prevent transactions with individuals or entities that are subject to OFAC sanctions. These procedures are based on the relevant laws, rules, and regulations and incorporate industry-wide best practices.

The Company uses advanced screening tools and technology to ensure compliance with OFAC regulations. These tools are regularly updated to keep pace with the changing regulatory landscape and to enhance the accuracy and efficiency of the screening process.

The screening procedures are applied to all customers, vendors, and other parties with whom the Company conducts business. The Company screens these parties against the OFAC sanctions lists to ensure that they are not subject to any sanctions or restrictions.

The frequency and scope of OFAC screenings are determined by the Company’s risk assessment process. The Company conducts regular screenings on an ongoing basis and also performs ad hoc screenings as needed based on specific transactional risks.

If a screening generates a match with an OFAC sanctions list, the Company has established protocols for investigating and escalating the matter. The Company will investigate the match to determine whether the party is indeed subject to sanctions and whether the transaction should be halted. The matter will be escalated to senior management if necessary, and appropriate action will be taken in accordance with the Company’s OFAC compliance program.

Recordkeeping and audit trails are an essential component of the Company’s screening and monitoring procedures. The Company maintains detailed records of all screening activities, including the results of each screening, any matches generated, and the actions taken in response to any matches. These records are retained in accordance with applicable recordkeeping requirements and are subject to periodic audits to ensure compliance with OFAC regulations.

In conclusion, the Company has developed robust screening and monitoring procedures to ensure compliance with OFAC regulations. These procedures incorporate all relevant laws, rules, and regulations and industry-wide best practices. The Company uses advanced screening tools and technology, applies the screening procedures to all parties with whom it conducts business, and has established protocols for investigating and escalating any hits generated by the screening process. The Company also maintains detailed records and audit trails of all screening activities to ensure compliance with OFAC regulations.

CUSTOMER DUE DILIGENCE (CDD) AND ENHANCED DUE DILIGENCE (EDD):

The Company is committed to complying with the Office of Foreign Assets Control (OFAC) regulations and preventing transactions with individuals or entities that are subject to OFAC sanctions. To achieve this, the Company has implemented Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) procedures to identify potential high-risk transactions and individuals that may require additional scrutiny for OFAC compliance.

The CDD procedures require the Company to verify the identity of its customers, including the collection of identifying information and documentation. The information collected may include name, address, date of birth, social security number, passport number, and other relevant data.

The Company uses risk-based procedures to determine the level of verification required for each customer. The level of verification may be based on various factors such as the type of business relationship, the transactional history, and the location of the customer.

The EDD procedures are applied to high-risk customers and transactions that require additional scrutiny. The level of scrutiny applied may include a deeper investigation into the customer’s background, the transactional history, and the sources of funds. The EDD procedures are designed to identify and prevent transactions that may be linked to money laundering, terrorist financing, or other illicit activities.

The screening procedures for new and existing customers are an essential component of the CDD and EDD procedures. The Company screens all customers against the OFAC sanctions lists to ensure that they are not subject to any sanctions or restrictions. The screening procedures are applied at the onboarding stage for new customers and on an ongoing basis for existing customers.

The Company maintains detailed records of all CDD and EDD procedures, including the information collected, the level of verification performed, and the results of the screening process. The records are retained in accordance with applicable recordkeeping requirements and are subject to periodic audits to ensure compliance with OFAC regulations.

In conclusion, the Company has implemented robust CDD and EDD procedures to identify potential high-risk transactions and individuals that may require additional scrutiny for OFAC compliance. The Company verifies the identity of its customers using risk-based procedures, applies EDD procedures to high-risk customers and transactions, and screens all customers against the OFAC sanctions lists. The Company also maintains detailed records of all CDD and EDD procedures to ensure compliance with OFAC regulations.

SANCTIONS SCREENING FOR THIRD-PARTY SERVICE PROVIDERS:

Third-party service providers play an important role in the Company’s operations, and as such, the Company must ensure that these providers are not engaging in illicit activities or associated with sanctioned individuals or entities. To ensure compliance with OFAC regulations, The Company must implement a thorough due diligence process for selecting and monitoring third-party service providers.

Sanctions Screening:

The Company must conduct a sanctions screening of all third-party service providers to ensure that they are not sanctioned by OFAC or other government entities. This screening should include a review of the OFAC SDN List and other relevant government databases, as well as independent background checks. The screening process should be conducted before engaging with the third-party service provider and on an ongoing basis to ensure that any changes in the provider’s status are promptly identified.

Due Diligence:

The Company must perform due diligence on all third-party vendors, suppliers, and business partners to ensure that they are not engaging in illicit activities or associated with sanctioned individuals or entities. The due diligence process should include a review of public records, such as court records and news articles, as well as interviews with the third party and its management.

Contracts:

The Company must include provisions in its contracts with third-party service providers requiring compliance with OFAC regulations. These provisions should require the third party to promptly report any potential OFAC violations and to cooperate with the Company in any OFAC-related investigations.

Monitoring:

The Company must monitor third-party service providers on an ongoing basis to ensure continued compliance with OFAC regulations. This monitoring should include periodic reviews of the third party’s compliance program and a review of any OFAC-related incidents or issues.

Record Keeping:

The Company must maintain records of its due diligence and sanctions screening for third-party service providers. These records should include the results of the screening and due diligence process, as well as any communications with the third party regarding OFAC compliance. These records should be retained for a minimum of five years and made available for inspection by regulators upon request.

Conclusion:

The Company’s due diligence process for selecting and monitoring third-party service providers is critical to its OFAC compliance program. By implementing thorough sanctions screening, due diligence, contract provisions, and monitoring processes, the Company can reduce the risk of doing business with sanctioned individuals or entities and ensure compliance with OFAC regulations.

TRANSACTIONS AND ACCOUNT MONITORING AND REPORTING:

The Company is committed to monitoring and identifying transactions that may violate OFAC regulations. The Company has implemented policies and procedures to ensure that it can detect and report potential OFAC violations.

Ongoing Monitoring of Accounts and Transactions:

The Company regularly monitors accounts and transactions for suspicious activity and potential OFAC violations. The Company uses automated transaction monitoring systems that are designed to identify transactions that may be indicative of money laundering, terrorist financing, or other illicit activities.

The policies and procedures for monitoring and reporting transactions for potential money laundering or terrorist financing activities:

The Company has implemented procedures for monitoring and reporting transactions that may be indicative of money laundering or terrorist financing activities. The Company complies with all relevant laws and regulations, including the Bank Secrecy Act (BSA), and monitors transactions for any suspicious activity.

The frequency and scope of transaction monitoring:

The Company’s transaction monitoring system operates 24 hours a day, 7 days a week, and monitors all transactions conducted through the Company’s platform. The Company’s transaction monitoring system uses sophisticated algorithms to identify suspicious transactions and generate alerts for further review.

Investigating and Documenting Suspicious Transactions:

The Company investigates all alerts generated by the Company’s transaction monitoring system. The Company has a team of experienced investigators who are responsible for reviewing suspicious transactions, conducting additional research, and determining whether the transaction is indicative of money laundering or terrorist financing.

The Company maintains detailed records of all investigations and reports filed with law enforcement or regulatory agencies. The Company also trains its staff on the procedures for investigating and documenting suspicious transactions, ensuring that all investigations are conducted in a thorough and professional manner.

Conclusion:

The Company takes its compliance obligations very seriously and has implemented comprehensive policies and procedures for monitoring and reporting transactions for potential OFAC violations. The Company’s ongoing commitment to compliance ensures that it can detect and prevent illicit activities, protecting its customers and the financial system as a whole.

OFAC RECORDKEEPING AND REPORTING:

The Company is committed to maintaining complete and accurate records and reporting all relevant OFAC-related information as required by law. This section outlines the policies and procedures for maintaining records and reporting OFAC-related activity.

Record-keeping Requirements:

The Company will maintain complete and accurate records of all transactions and screenings related to OFAC compliance for at least five years. Records will include the names and addresses of all parties involved, the purpose of the transaction, and any other relevant information. All records will be securely maintained to prevent unauthorized access or loss.

Reporting Requirements:

The Company will report any suspected violations of OFAC regulations to the appropriate authorities and maintain records of such reports. Any employee who suspects a violation should immediately report it to the designated OFAC compliance officer. Reports will be documented and maintained for the required retention period.

In addition, the Company will report any suspicious activity related to money laundering or terrorist financing to the Financial Crimes Enforcement Network (FinCEN) as required by the Bank Secrecy Act (BSA). The Company will also comply with any other applicable reporting requirements, such as those related to suspicious transactions or currency transactions over $10,000.

Retaining Records:

The Company will maintain accurate and complete records of transactions, customer information, and OFAC compliance for at least five years. All records will be securely maintained to prevent unauthorized access or loss. The retention period may be extended as necessary to comply with legal or regulatory requirements.

Conclusion:

The Company is committed to complying with all OFAC regulations related to recordkeeping and reporting. The Company will maintain complete and accurate records of all transactions and screenings related to OFAC compliance for at least five years, report any suspected violations to the appropriate authorities, and comply with all other relevant reporting requirements. By implementing these policies and procedures, the Company can ensure compliance with all applicable regulations and minimize the risk of noncompliance.

SANCTIONS SCREENING AND SANCTIONS COMPLIANCE:

The Company is committed to complying with all OFAC regulations and maintaining a strong sanctions compliance program. This includes implementing policies and procedures for sanctions screening of customers and transactions, as well as maintaining a comprehensive compliance program that is regularly reviewed and updated to ensure adherence to relevant laws, rules, and regulations.

Transactions with Countries Subject to Comprehensive Sanctions:

The Company recognizes that transactions with countries subject to comprehensive sanctions, such as Iran and North Korea, require additional controls and procedures. Therefore, the Company has established specific guidelines for such transactions to ensure full compliance with relevant regulations.

Regular Review and Update of Compliance Program:

The Company is committed to ensuring the effectiveness of its sanctions compliance program by regularly reviewing and updating policies and procedures as needed. This includes conducting periodic risk assessments to identify potential areas of vulnerability and implementing appropriate controls to mitigate risk.

Sanctions Screening Policies and Procedures:

The Company has implemented policies and procedures for sanctions screening of customers and transactions to ensure compliance with OFAC regulations. This includes screening against the OFAC SDN List and other government watchlists. The Company uses sanctions screening technology to identify potential matches and conducts regular testing to ensure the accuracy and effectiveness of the technology.

Frequency and Scope of Sanctions Screening:

Sanctions screening is conducted on a regular basis and includes all new and existing customers, as well as transactions involving high-risk countries or individuals. The Company also performs ongoing monitoring of accounts and transactions to detect any potential violations of OFAC regulations.

Process for Reviewing and Escalating Potential Matches:

The Company has established procedures for reviewing and escalating potential matches to OFAC and other relevant authorities. Any identified matches with the OFAC SDN List or other government watchlists are reviewed by the Company’s compliance team to determine the appropriate action to take. This may include blocking transactions and reporting them to OFAC.

In conclusion, the Company is committed to maintaining a strong sanctions compliance program that includes sanctions screening and regular review and update of policies and procedures. The Company has implemented comprehensive policies and procedures for sanctions screening of customers and transactions, including those involving high-risk countries or individuals, to ensure full compliance with OFAC regulations.

OFAC COMPLIANCE EDUCATION AND TRAINING OF EMPLOYEES:

The Company recognizes the importance of providing regular OFAC compliance training to its employees to ensure they are aware of the risks and procedures involved in complying with OFAC regulations. To that end, the Company will implement the following policies and procedures:

Regular OFAC Training: The Company will provide regular training to all employees on OFAC regulations and the Company’s policies and procedures for complying with them. The training will cover the relevant laws, rules, and regulations related to OFAC compliance, including sanctions programs, red flags, and reporting obligations.

Tailored Training Sessions: Training sessions will be tailored to each employee’s job responsibilities. New employees will receive training within their first week on the job, and all employees will receive annual training. In addition, employees in high-risk areas, such as compliance and customer service, will receive more frequent training.

Recordkeeping: The Company will keep records of all training sessions, including attendance, topics covered, and materials used. The records will be maintained for at least five years.

Ongoing Education: The Company will provide ongoing education to employees to ensure compliance with OFAC regulations. The Company will stay up-to-date with changes in the regulatory landscape and update its training programs accordingly.

OFAC Training for All Employees: All employees, including new hires and contractors, must receive training on OFAC regulations and the Company’s policies and procedures for complying with them.

Understanding and Compliance: The Company will take measures to ensure employees understand and comply with OFAC policies and procedures. This may include regular assessments of employees’ knowledge and understanding of OFAC regulations and policies.

Disciplinary Actions: The Company will take disciplinary action against employees who violate OFAC policies. Such actions may include reprimands, suspension, termination, or legal action as appropriate.

By implementing these policies and procedures, the Company is committed to ensuring that all employees are aware of the risks and procedures involved in complying with OFAC regulations and are equipped with the knowledge and tools necessary to maintain compliance.

OFAC COMPLIANCE AUDIT AND TESTING:

The Company is committed to maintaining an effective and up-to-date OFAC compliance program in order to ensure adherence to all relevant laws, rules, and regulations. As part of this commitment, the Company will conduct regular audits and testing of its OFAC compliance program to identify potential areas for improvement and ensure that the program remains effective.

Explanation of the Company’s internal audit and testing procedures for OFAC compliance:

The Company will conduct internal audits of its OFAC compliance program on an annual basis or more frequently if required by regulatory changes or significant changes to the Company’s operations. The audit will be conducted by a qualified and independent auditor who has expertise in OFAC compliance matters.

The audit will include a review of the Company’s OFAC policies and procedures to ensure that they are comprehensive and up-to-date with all relevant laws, rules, and regulations. The auditor will also review the Company’s screening processes and procedures for identifying and escalating potential matches with the OFAC SDN List and other government lists. In addition, the auditor will assess the effectiveness of the Company’s training program for employees on OFAC regulations.

Details on the regular testing and review of the OFAC compliance program to ensure adherence to relevant laws, rules, and regulations:

In addition to the annual audit, the Company will conduct regular testing of its OFAC compliance program to ensure that it is effective and up-to-date with the latest regulatory requirements. The testing will include a review of the Company’s screening processes and procedures for identifying and escalating potential matches with the OFAC SDN List and other government lists. The testing will also assess the effectiveness of the Company’s training program for employees on OFAC regulations.

The testing will be conducted on a regular basis, with the frequency and scope of the testing determined by the Company’s risk assessment and any changes to its operations or the regulatory environment. The results of the testing will be documented and reviewed by the Company’s management to identify potential areas for improvement in the OFAC compliance program.

In conclusion, the Company is committed to maintaining an effective OFAC compliance program and will conduct regular audits and testing to ensure that the program remains up-to-date and effective in identifying and addressing potential OFAC compliance risks.

CUSTOMER IDENTIFICATION PROGRAM (CIP):

Customer identification is an essential component of OFAC compliance, as it helps prevent prohibited transactions and activities by identifying potential risks and threats. To comply with OFAC policies requirements, the Company must establish a robust Customer Identification Program (CIP) that adheres to all relevant laws, rules, and regulations. This section outlines the Company’s CIP policies and procedures in detail.

Policy for Verifying the Identity of Customers During Account Opening:

The Company’s policy for verifying the identity of customers during account opening should be in accordance with the Customer Identification Program (CIP) requirements set forth by the Bank Secrecy Act (BSA) and OFAC regulations. The Company should obtain identifying information from each customer, such as name, address, date of birth, and identification number, and verify the accuracy of the information provided.

Procedures for Identifying and Verifying Beneficial Owners of Legal Entity Customers:

The Company should also have procedures in place for identifying and verifying the beneficial owners of legal entity customers, as required by OFAC regulations. The Company should obtain identifying information from each beneficial owner, such as name, address, date of birth, and identification number, and verify the accuracy of the information provided. The Company should also establish procedures for identifying and verifying the beneficial owners of legal entities that are not natural persons, such as corporations or partnerships.

Methods for Checking Customer Identification Against Government Watchlists:

To comply with OFAC policies requirements, the Company should also have methods in place for checking customer identification against government watchlists. This includes screening customer names and other identifying information against the OFAC Specially Designated Nationals (SDN) List and other government watchlists. The Company should use technology and software to facilitate this screening process and ensure its accuracy and effectiveness.

In summary, the Company’s Customer Identification Program (CIP) should include policies and procedures for verifying the identity of customers during account opening, identifying and verifying the beneficial owners of legal entity customers, and checking customer identification against government watchlists. The Company should ensure that its CIP adheres to all relevant laws, rules, and regulations and is regularly reviewed and updated to reflect any changes in regulatory requirements.

POLITICALLY EXPOSED PERSONS (PEP) SCREENING:

The Company is committed to preventing financial crime, including money laundering and terrorist financing, and complying with OFAC policies requirements. As part of this commitment, the Company conducts Politically Exposed Persons (PEP) screening on its customers to identify high-risk individuals who may be subject to OFAC sanctions.

PEPs are individuals who are or have been entrusted with prominent public functions or have a close relationship with such individuals. They pose a higher risk of involvement in corruption and financial crime, which makes them a target for OFAC sanctions.

The Company uses a risk-based approach to PEP screening, taking into account factors such as the customer’s jurisdiction, business activity, and other relevant risk factors. The Company uses a variety of reliable and publicly available sources to conduct PEP screening, including government and regulatory lists, media sources, and databases.

The PEP screening process is performed during the customer onboarding process and on an ongoing basis, as part of the Company’s customer due diligence and monitoring procedures. If a customer is identified as a PEP, the Company conducts enhanced due diligence to further assess the potential risks associated with the relationship.

The Company understands that PEP screening is an important aspect of OFAC compliance and is committed to maintaining an effective PEP screening program. The Company regularly reviews and updates its PEP screening procedures to ensure they are in line with the latest regulatory requirements and industry best practices.

SUSPICIOUS ACTIVITY MONITORING AND REPORTING:

The Company is committed to maintaining a robust program for monitoring and reporting suspicious activity, in compliance with applicable laws and regulations, including those enforced by OFAC. The following policies and procedures have been established to facilitate the detection, investigation, and reporting of suspicious activity:

Suspicious Activity Identification: The Company employees are trained to identify suspicious activity and are required to report any such activity to the designated compliance officer or to the appropriate authorities. Suspicious activity includes, but is not limited to, transactions that:

Involve individuals or entities subject to OFAC sanctions or other government watchlists;
Appear to be structured to avoid reporting requirements;
Are inconsistent with the customer’s known business or activities;
Involve the movement of large amounts of funds or assets that have no apparent lawful purpose;
Are intended to fund or support illegal activities such as money laundering, terrorism, or other criminal activities.

Investigation and Documentation: Once suspicious activity has been identified, the Company will conduct a prompt investigation to determine if the activity is indeed suspicious and if it violates OFAC regulations or other applicable laws. Documentation of the investigation and any resulting findings will be maintained as required by law.

Reporting: The Company will report any suspicious activity to the appropriate authorities as required by law, including filing Suspicious Activity Reports (SARs) with the Financial Crimes Enforcement Network (FinCEN). SARs will be filed in accordance with FinCEN regulations, and will include all required information related to the suspicious activity, such as the date and nature of the transaction, the identity of the customer, and any other relevant information.

Employee Training: The Company will provide training to employees to ensure that they are aware of their responsibilities in detecting, investigating, and reporting suspicious activity. Training will cover topics such as identifying suspicious activity, the process for reporting such activity, and the consequences of failing to report suspicious activity. New employees will receive training on these topics within their first week on the job, and existing employees will receive periodic training to stay current on changes in laws and regulations.

Record Keeping: The Company will maintain records of all training sessions related to suspicious activity monitoring and reporting, including attendance, topics covered, and materials used.

Periodic Review: The Company will periodically review its suspicious activity monitoring and reporting program to ensure that it remains effective and up-to-date with the latest regulatory requirements. Any necessary updates or modifications to the program will be made promptly to ensure continued compliance with applicable laws and regulations.

Non-Retaliation: The Company prohibits retaliation against any employee who reports suspicious activity in good faith, and encourages employees to report any suspected violations of law or company policies. Any form of retaliation against an employee who reports suspicious activity is strictly prohibited and will result in disciplinary action.

The Company takes its obligation to monitor and report suspicious activity seriously and is committed to maintaining a program that is effective in detecting, investigating, and reporting such activity.

PROHIBITED COUNTRIES AND ENTITIES:

The Company is committed to complying with all applicable laws and regulations related to prohibited countries and entities under the sanctions programs administered by the Office of Foreign Assets Control (OFAC). It is essential that the Company’s employees, agents, and affiliates understand and comply with OFAC regulations to avoid any potential violations.

List of Prohibited Parties:

OFAC maintains a list of countries, individuals, organizations, and entities that are subject to economic and trade sanctions. This list is periodically updated and includes, among others, individuals and entities involved in terrorism, narcotics trafficking, and weapons proliferation. The Company must identify and verify prohibited parties through the use of OFAC’s Specially Designated Nationals and Blocked Persons (SDN) List and other applicable lists.

Procedures for Identifying and Verifying Prohibited Parties:

The Company must have appropriate policies and procedures in place to identify and verify prohibited parties before engaging in any transactions. This includes, but is not limited to, verifying the identity of counterparties, beneficial owners, and intermediaries, as well as conducting appropriate due diligence on transactions and parties. The Company’s customer identification program must include procedures for identifying and verifying beneficial owners of legal entity customers, as required by applicable regulations.

Blocking Assets and Transactions Involving Prohibited Parties:

The Company must block the assets and transactions of prohibited parties in accordance with OFAC regulations. This includes freezing or blocking any accounts, funds, or assets that are owned or controlled by prohibited parties, as well as any transactions involving prohibited parties. The Company must have procedures in place to ensure that the blocking of assets and transactions is done in a timely and effective manner.

Reporting Obligations for Prohibited Transactions:

The Company must promptly report any prohibited transactions or attempted transactions to the appropriate authorities, in accordance with applicable regulations. This includes reporting any blocked transactions, as well as transactions that the Company has reason to believe may be in violation of OFAC regulations. The Company must maintain adequate records of all transactions and related information to support compliance with applicable regulations.

Conclusion:

The Company is committed to complying with all applicable OFAC regulations related to prohibited countries and entities. It is essential that all employees, agents, and affiliates understand their roles and responsibilities in identifying, verifying, and blocking transactions involving prohibited parties. The Company will continue to monitor changes to the OFAC regulations and update its policies and procedures as necessary to ensure ongoing compliance.

INCIDENT RESPONSE AND REMEDIATION:

Purpose:

This section establishes procedures for responding to OFAC-related incidents and ensuring that appropriate actions are taken to prevent future violations. The Company is committed to promptly identifying and addressing any incidents related to OFAC compliance to avoid any regulatory or reputational harm.

Procedures:

Incident Identification and Reporting: The Company will maintain a system for detecting and reporting OFAC-related incidents, such as sanctions violations or OFAC hits. Employees are required to immediately report any suspected incidents to the OFAC Compliance Officer, who will be responsible for promptly investigating and documenting the incident.

Investigation and Reporting: The OFAC Compliance Officer will conduct an internal investigation of any suspected incidents to determine the cause and scope of the incident. The investigation should be conducted promptly and thoroughly. Any findings will be reported to senior management, and the Company will take appropriate remedial measures based on the investigation results.

Remediation Measures: In the event of an OFAC violation, the Company will take remediation measures to prevent future violations, including blocking assets, disgorgement, and fines. Senior management will determine the appropriate remediation measures based on the severity of the violation.

Monitoring and Enhancing OFAC Compliance: The Company will periodically review its OFAC policies and procedures to ensure that they are up-to-date and effective. The Company will also conduct periodic risk assessments and internal audits to identify and address any potential OFAC compliance weaknesses.

Record Keeping: All OFAC-related incidents, investigations, and remediation measures will be documented and retained for the minimum period required by applicable laws, rules, and regulations. The Company will also maintain records of employee training on OFAC policies and procedures.

Conclusion:

The Company is committed to promptly identifying and addressing any incidents related to OFAC compliance. This section establishes procedures for incident response and remediation to ensure that appropriate actions are taken to prevent future violations. The Company will continuously monitor and enhance its OFAC compliance program to ensure that it remains effective and up-to-date with applicable laws, rules, and regulations.

OFAC COMPLIANCE FOR VIRTUAL CURRENCY TRANSACTIONS:

Purpose:

This section outlines the Company’s policies and procedures for complying with OFAC regulations when conducting virtual currency transactions. It is important to ensure that all virtual currency transactions are compliant with OFAC regulations to avoid sanctions violations and other legal and financial penalties.

Applicable Laws, Rules, and Regulations:

The Company must comply with all OFAC regulations regarding virtual currency transactions, including the Trading with the Enemy Act (TWEA), the International Emergency Economic Powers Act (IEEPA), and the OFAC sanctions programs related to virtual currency.

Policy:

The Company is committed to complying with all OFAC regulations related to virtual currency transactions. This includes identifying and blocking transactions involving sanctioned individuals or entities, as well as implementing internal controls to ensure compliance with OFAC regulations.

Procedures:

To ensure compliance with OFAC regulations, the Company will implement the following procedures:

Sanctions Screening: The Company will conduct sanctions screening on all virtual currency transactions to identify and block transactions involving sanctioned individuals or entities. This will include using OFAC’s Specially Designated Nationals and Blocked Persons (SDN) List and other relevant watchlists to screen virtual currency transactions.

Know Your Customer (KYC): The Company will conduct comprehensive KYC checks on all customers, including collecting and verifying customer identification and conducting ongoing monitoring of customer transactions. This will help to ensure that the Company does not conduct transactions with prohibited individuals or entities.

Employee Training: The Company will provide regular training to employees on OFAC regulations related to virtual currency transactions, including how to identify and respond to OFAC hits and how to properly screen virtual currency transactions for sanctions compliance.

Recordkeeping: The Company will maintain accurate and complete records of all virtual currency transactions, including transaction details, customer information, and sanctions screening results. These records will be kept for the required period of time to comply with OFAC regulations.

Internal Controls: The Company will implement internal controls to ensure compliance with OFAC regulations, including regular audits and assessments of the effectiveness of the OFAC compliance program. This will include ongoing monitoring of virtual currency transactions to identify and remediate any potential compliance issues.

Conclusion:

Complying with OFAC regulations is essential when conducting virtual currency transactions. The Company is committed to ensuring that all virtual currency transactions are compliant with OFAC regulations, including identifying and blocking transactions involving sanctioned individuals or entities, conducting comprehensive KYC checks on customers, providing regular employee training on OFAC regulations, maintaining accurate and complete records of all virtual currency transactions, and implementing internal controls to ensure compliance. By adhering to these policies and procedures, the Company can mitigate the risks of sanctions violations and other legal and financial penalties.

COMPLIANCE WITH OTHER REGULATORY REQUIREMENTS:

The Company is committed to complying with all applicable regulatory requirements, including those related to the Bank Secrecy Act (BSA) and anti-money laundering (AML) regulations. In order to ensure compliance with these regulations, the Company has implemented policies and procedures that are designed to prevent money laundering and terrorist financing.

The BSA requires financial institutions to establish and maintain effective AML programs that are designed to detect and prevent money laundering and terrorist financing. In addition, the BSA requires financial institutions to report certain transactions to the Financial Crimes Enforcement Network (FinCEN), including transactions involving currency transactions over $10,000, suspicious transactions, and transactions involving individuals or entities on OFAC’s Specially Designated Nationals (SDN) list.

The Company’s AML program includes policies and procedures for identifying and verifying customer identities, monitoring transactions for suspicious activity, and reporting suspicious activity to the appropriate authorities. In addition, the Company has implemented enhanced due diligence procedures for high-risk customers, such as those who are politically exposed or who operate in high-risk jurisdictions.

The Company’s compliance with OFAC regulations is also an integral part of its AML program. As such, the Company’s OFAC compliance policies and procedures are integrated with its AML program to ensure that all relevant regulatory requirements are addressed. The Company’s AML program also includes procedures for identifying and blocking transactions involving individuals or entities on OFAC’s SDN list.

The Company’s employees are required to receive regular training on AML and OFAC compliance. This training includes information on the regulatory requirements, the types of transactions that are most susceptible to money laundering and terrorist financing, and the procedures for identifying and reporting suspicious activity.

The Company is committed to continuously monitoring and enhancing its compliance with all regulatory requirements, including those related to AML and OFAC. The Company’s compliance team is responsible for regularly reviewing and updating its policies and procedures to ensure that they remain effective and up-to-date with the latest regulatory requirements and industry best practices.

CLOSING REMARKS AND COMPLIANCE COMMITMENT:

The Company is committed to complying with all applicable laws, rules, and regulations related to OFAC policies requirements. Our OFAC Policies & Procedures Manual has been developed with the aim of incorporating all industry-wide best practice standards and ensuring that our company’s compliance program is effective and up-to-date.

As a summary of the key provisions of the policy, the Company’s commitment to OFAC compliance includes the following:

Identifying and blocking transactions involving sanctioned individuals or entities, including those related to virtual currency transactions.
Conducting due diligence on customers and business partners to ensure compliance with OFAC regulations and other applicable laws and regulations.
Maintaining comprehensive record-keeping and reporting procedures for all OFAC-related transactions.
Promptly reporting and remedying any OFAC violations, including cooperating with OFAC and other regulatory bodies in the event of an incident or violation.
Ongoing training and education for employees to ensure they are up-to-date on OFAC requirements and best practices.
Monitoring and assessing the effectiveness of our policy, including periodic reviews and updates to ensure continued compliance with changing regulations and industry standards.
Encouraging employees to report any concerns or suspected violations, with a clear and confidential process for doing so.

Zil Money’s commitment to OFAC compliance is a shared responsibility across all levels of the organization. Management, employees, and other stakeholders all play a critical role in maintaining our company’s compliance program. We understand that non-compliance can lead to legal and reputational risks for our company, and we are dedicated to preventing such risks.

In conclusion, Zil Money Corporation is committed to maintaining a robust OFAC compliance program. We will continue to strive for excellence in our compliance efforts and work closely with OFAC and other regulatory bodies to ensure ongoing compliance with all applicable laws and regulations.