ANTI-MONEY LAUNDERING (AML) &
COUNTER-TERRORIST FINANCING (CTF) POLICY
Policy, procedures and compliance manual - financial crime prevention framework
Asher Freed
Lion Global Money Limited
Contents
1. Document purpose and scope
2. Definitions and abbreviations
3. Regulatory framework
4. Business overview
5. Governance, roles and responsibilities
6. AML/CTF compliance program and companion documents
7. Risk-based approach and business-wide risk assessment
8. Customer due diligence (CDD)
9. Identity verification - methods, thresholds and timing
10. Enhanced due diligence (EDD)
11. Politically exposed persons and heads of international organisations
12. Third-party determination
13. Ongoing monitoring and the 24-hour rule
14. Transaction monitoring, detection rules and alert handling
15. Sanctions, PEP and adverse media screening
16. Suspicious transaction reporting and prohibition on tipping-off
17. Regulatory reporting obligations
18. Record keeping and retention
19. Anti-bribery and corruption
20. Staff screening, vetting and training
21. Technology, outsourcing and partner due diligence
22. Data protection and privacy
23. Independent review, testing and the MLRO annual report
24. Policy governance, review and employee acknowledgement
25. Annexes
1. Document Purpose and Scope
Purpose
This Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) Policy establishes the framework by which Lion Global Money Limited (“Lion Global Money” or “the Company”) prevents, detects, deters and reports money laundering (ML), terrorist financing (TF), proliferation financing (PF), sanctions evasion, fraud and other financial-crime risks arising from its money services business (MSB) operations. It sets out the Company’s policy commitments, the procedures that give effect to them, and the operational manual its personnel must follow.
This document is the master AML/CTF instrument within the Company’s wider AML/ATF Compliance Program. It aligns with the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA), the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTFR), applicable FINTRAC guidance and the risk-based approach principles of the Financial Action Task Force (FATF).
Scope
This Policy applies to all products and services offered by the Company - including cross-border payments, foreign-exchange conversion and payment administration delivered through its online platform and mobile application - and to all employees, officers, directors and contractors, and to all partner financial institutions that hold client funds or provide payment rails. Geographic corridors currently in scope are Canada, the United Kingdom, the European Union, Israel, Hong Kong and the United States, subject to partner-rail availability and internal risk approval. Additional corridors are added only after partner approval and a documented risk assessment. The Company does not process transactions for sanctioned jurisdictions or sanctioned parties, and does not accept cash under any circumstances.
2. Definitions and Abbreviations
Term | Meaning
Money laundering (ML) | Processing the proceeds of crime to disguise their illegal origin.
Terrorist financing (TF) | Providing or collecting funds intending or knowing they be used for terrorist activity.
Proliferation financing (PF) | Providing funds or services used for the manufacture, acquisition or transport of weapons of mass destruction.
CDD / EDD | Customer Due Diligence / Enhanced Due Diligence.
PEP | Politically Exposed Person (domestic or foreign), including family members and close associates.
HIO | Head of an International Organisation.
STR | Suspicious Transaction Report filed to FINTRAC where there are reasonable grounds to suspect ML/TF.
LCTR / LVCTR | Large Cash / Large Virtual Currency Transaction Report (CAD 10,000+).
EFTR | Electronic Funds Transfer Report (international EFT of CAD 10,000+).
TPR | Terrorist Property Report.
MSB | Money Services Business registered with FINTRAC.
MLRO / CO | Money Laundering Reporting Officer / Compliance Officer.
SOF / SOW | Source of Funds / Source of Wealth.
UBO | Ultimate Beneficial Owner.
Partner institution | Regulated bank or EMI that holds client funds or provides payment rails.
3. Regulatory Framework
The Company operates as a registered MSB in Canada and is subject to FINTRAC oversight. This Policy is maintained in accordance with the Canadian AML/ATF regulatory regime, including:
the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its Regulations (PCMLTFR);
FINTRAC guidance, policy interpretations and reporting requirements;
the Criminal Code of Canada;
the United Nations Act and regulations made under it;
the Special Economic Measures Act (SEMA);
the Justice for Victims of Corrupt Foreign Officials Act (JVCFOA); and
the FATF Recommendations and risk-based approach principles.
Where the Company transacts into or from other corridors (United Kingdom, European Union, Israel, Hong Kong, United States), it also has regard to the sanctions and financial-crime expectations of those jurisdictions and of its regulated banking and EMI partners, and applies the higher standard where requirements differ.
4. Business Overview
Field | Information
Legal name | Lion Global Money Limited
MSB registration number | C100000596
Ontario Corporation Number | 1001143614
Regulator | Financial Transactions and Reports Analysis Centre of Canada (FINTRAC)
Director | Asher Freed
Ownership | Privately owned. Ultimate beneficial owner: Asher Freed (100%).
Registered office | 30 Wertheim Court, Unit 12, Suite 201, Richmond Hill, Ontario, L4B1B9, Canada
Website | liongm.com
Products and services | Cross-border payments, foreign-exchange conversion and payment administration via authorised platforms and regulated partners.
Current corridors | Canada, United Kingdom, European Union, Israel, Hong Kong, United States - subject to partner-rail availability and internal risk approval.
Funding method | Bank transfer from verified personal or corporate accounts only.
The Company is directed and managed by Asher Freed, who works with the Compliance Officer / MLRO to maintain an effective AML/ATF framework and to ensure the Compliance Officer has sufficient authority, resources and access to senior decision-makers.
Activities the Company does not undertake
To define the risk perimeter, the Company confirms that it does not accept cash under any circumstances; does not offer virtual or digital currency services; does not onboard agents or third-party intermediaries to transact on its behalf; does not serve walk-in customers; and does not provide correspondent-banking services. Any new product, service, payment rail, corridor or partner is introduced only after documented compliance and legal review and, where relevant, partner approval.
Customer base
The Company serves individual customers (for example, remittances, education fees, family support and personal expenses) and corporate/business customers (for example, supplier and invoice payments, cross-border payroll and business-expansion support). Business customers are subject to enhanced corporate verification, including registration verification, UBO identification, business-activity verification and sanctions/risk screening. The Company does not accept prohibited or higher-risk sectors - including crypto businesses, gambling, adult entertainment, unlicensed cannabis and shell companies - unless separately approved in writing following legal, regulatory and partner review.
5. Governance, Roles and Responsibilities
Role | Responsibility
Board of Directors | Approves this Policy and the risk appetite; oversees the AML/ATF framework; ensures adequate resources for compliance and remediation.
Senior Management | Implements the compliance framework; allocates resources, systems and personnel; receives periodic compliance reporting.
Compliance Officer / MLRO - Trevor Clein | Day-to-day administration and oversight of the AML/ATF program; reviews alerts and investigation files; files STRs and other reports to FINTRAC; liaises with FINTRAC, law enforcement and partners; owns policy, training and independent testing.
Deputy MLRO - Asher Freed | Supports the MLRO and assumes MLRO responsibilities in the MLRO’s absence; supports investigations and reporting.
Compliance Team | Maintains monitoring rules, the KYC matrix, training, record-keeping and independent testing.
Operations & IT | Implements technical controls, monitoring systems, evidence preservation and secure record storage.
All employees and contractors | Follow this Policy, complete required training and promptly escalate suspicious activity to the MLRO.
The Compliance Officer is appointed by the Board and has the necessary authority and access to resources to implement an effective compliance program; knowledge of the business’s functions, structure and sector ML/TF risks, typologies and vulnerabilities; and an understanding of the Company’s obligations under the PCMLTFA and associated Regulations.
6. AML/CTF Compliance Program and Companion Documents
This Policy sits at the centre of the Company’s AML/ATF Compliance Program and is read together with the following companion documents, which provide detailed procedures for specific control areas:
Companion document | Purpose
AML/ATF Compliance Program - Risk Assessment, Policies, Controls and Procedures (RA-PCP) | Business-wide risk assessment, policies, controls and procedures.
Client Onboarding and Transaction Monitoring Procedure | Onboarding workflow, KYC/KYB, CDD/EDD, risk assessment, monitoring set-up and escalation.
Customer Screening, Ongoing Monitoring and Source of Funds / Source of Wealth Policy | Screening, ongoing monitoring and source-of-funds / source-of-wealth controls.
Sanctions Policy and Procedures | Sanctions, PEP, HIO and adverse-media screening and decisioning.
Suspicious Activity Reporting (SAR/STR) Procedure | Internal escalation and FINTRAC STR filing.
Anti-Fraud Policy | Fraud prevention, detection, investigation and reporting.
Safeguarding Policy | Client-fund segregation, reconciliation and safeguarding controls.
Where a companion document provides more detailed procedures, that document governs the operational detail; this Policy governs the overarching policy standard. In the event of any inconsistency, the stricter control applies and the matter is referred to the MLRO for resolution.
7. Risk-Based Approach and Business-Wide Risk Assessment
The Company applies a risk-based approach to manage ML, TF and PF risks, with controls proportionate to the risk identified across products and services, customers, delivery channels, geographic exposure, payment rails, partner institutions and transaction behaviour. The Company maintains a documented Business-Wide Risk Assessment (BWRA) that identifies inherent risks, evaluates mitigating controls and determines residual risk. The overall residual ML/TF/PF risk rating is assessed as MEDIUM.
Category | Inherent risk | Key controls | Residual risk
Cross-border payment services | High | CDD, transaction limits, sanctions screening, transaction monitoring and reporting. | Medium
Rapid movement of funds | High | Automated monitoring, manual review and escalation. | Medium
FX transactions | Medium | FX pattern monitoring, transaction analysis and EDD for high-risk activity. | Medium
Individual customers | Medium | Identity verification, risk profiling and ongoing monitoring. | Low-Medium
Business customers | Medium | UBO verification, business documentation review and ongoing monitoring. | Medium
PEPs and adverse media | High | EDD, senior-management approval and enhanced monitoring. | Medium
Non-face-to-face onboarding | High | Digital identity verification, document authentication and biometric checks. | Medium
Proliferation financing | Medium-High | Sanctions screening, sector monitoring and blocking/reporting. | Low to Low-Medium
Structuring / inconsistent activity | High | Customer-profile monitoring and suspicious-activity investigation. | Medium
The BWRA is reviewed at least annually, and more frequently on the introduction of new products, services, corridors or partners, on regulatory change, or where emerging ML/TF/PF risks are identified.
8. Customer Due Diligence (CDD)
The Company applies risk-based CDD consistent with FINTRAC guidance. The CDD level and verification method are documented for each customer. CDD is performed when establishing a business relationship, when conducting a transaction that requires identity verification, where suspicion of ML/TF arises, or where previously obtained customer-identification information is doubtful.
CDD area | Requirement
Customer information | Full legal name, date of birth, residential address, contact details and identification-document details.
Accepted identification | Passport, driver’s licence or national identity card (authentic, valid and current).
Verification methods | Government-issued photo ID, credit-file, dual-process, or affiliate/member method (see Section 9).
Proof of address | Collected on a risk basis - utility bill, bank/credit-card statement, government correspondence or tenancy agreement.
Source of funds / wealth | Collected on a risk basis and for all EDD triggers - bank statements, payslips, sale agreements, investment statements, contracts/invoices, accounts or tax filings.
Business customers | Business-registration verification, UBO identification, corporate structure, authorised signatories and evidence of business activity/revenue.
Onboarding controls | Duplicate-account checks, device fingerprinting, geolocation-anomaly checks and velocity limits. High-risk onboarding requires manual review and MLRO approval.
Customer risk rating and review frequency
Every customer is risk-rated before approval. The rating determines the approval level, EDD requirements, transaction limits, monitoring intensity and review frequency:
Rating | Controls and periodic review
Low | Standard CDD, sanctions/PEP/adverse-media screening, standard limits. Periodic review at least every 36 months, or sooner on a trigger event.
Medium | CDD/KYB, beneficial ownership, risk-based SOF, tailored monitoring. Periodic review at least every 24 months, or sooner on a trigger event.
High | EDD, MLRO approval, SOF/SOW evidence, enhanced monitoring and lower/tailored limits until cleared. Periodic review at least every 12 months, or sooner if red flags arise.
Prohibited / unacceptable | Do not onboard, or exit; hold/block where applicable; escalate to MLRO and report where legally required.
Source of funds and source of wealth (SOF/SOW)
SOF/SOW is collected on a risk basis. CAD is used as the control currency; equivalent values in other currencies are converted at a reasonable rate on the date of assessment. SOF/SOW evidence is requested where any of the following applies:
the customer is high-risk, a PEP/HIO, or subject to adverse media;
a single transaction or linked activity of CAD 10,000 or more occurs within 24 hours;
cumulative monthly activity reaches CAD 50,000 or more, or lower where the profile does not support it;
an FX transaction of CAD 3,000 or more, or an EFT/remittance of CAD 1,000 or more, triggers FINTRAC identity verification and risk indicators are present; or
activity is unusual, complex, urgent, or inconsistent with the customer profile or corridor.
Acceptable evidence includes, for individuals, bank statements, payslips, employment contracts, tax filings, sale agreements, investment statements or inheritance documentation; and, for corporates, bank statements, invoices/contracts, audited or management accounts, tax filings and ownership or funding documents. High-risk cases require independent, externally verifiable evidence.
9. Identity Verification - Methods, Thresholds and Timing
Transactions requiring verification of identity
As a registered MSB, the Company verifies the identity of a person or entity at the FINTRAC trigger points relevant to its services (identity is verified at the time of the transaction and before it is completed):
Trigger | Threshold
Electronic funds transfer (initiation or remittance) | CAD 1,000 or more.
Foreign-currency exchange | CAD 3,000 or more.
Remittance to a beneficiary | CAD 1,000 or more.
Suspicious transaction | Any amount - reasonable measures to verify identity, subject to the tipping-off rule.
Establishing a service (business) relationship | On establishing an ongoing relationship.
The Company does not accept cash and does not deal in virtual currency; accordingly, the FINTRAC large-cash and large-virtual-currency verification triggers (CAD 10,000 or more) do not currently apply. The framework would be implemented if such activity were ever introduced following documented compliance, legal and partner approval.
Methods to verify the identity of persons
The Company uses one of the following FINTRAC-permitted methods:
Government-issued photo identification method - an authentic, valid and current photo ID issued by a federal, provincial or territorial government (or equivalent foreign government), bearing the person’s name, photo and a unique identifying number, matching the name and appearance of the person. Municipal photo IDs are not acceptable.
Credit-file method - information in the person’s credit file that is valid and current, held by a Canadian credit bureau (Equifax Canada or TransUnion Canada), in existence for at least three years, derived from more than one source, matching the person’s name, address and date of birth, using the report obtained by the Company at the time of verification.
Dual-process method - any two of: (i) name and address from a reliable source; (ii) name and date of birth from a reliable source; or (iii) name and confirmation of a deposit, prepaid-payment-product, credit card or loan account. Information must be valid, current and from two different reliable sources.
Affiliate or member method - confirming that an affiliate (or foreign affiliate carrying out equivalent activities) previously verified the person’s identity, with matching name, address and date of birth.
Methods to verify the identity of entities
For a corporation, the Company uses the confirmation-of-existence method, referring to a certificate of incorporation, a record filed annually under provincial securities legislation, or the most recent record confirming the corporation’s existence and containing its name, address and the names of its directors. Records must be authentic, valid and current, obtained from a publicly accessible provincial or federal database (for example, Corporations Canada) or a corporation search-and-registration service. For other entities, the Company refers to the partnership agreement, articles of association or equivalent record.
Record-keeping on verification
The person or officer conducting verification records the person’s name; the date of verification; the type of document used; the document’s unique identifying number; the jurisdiction and country of issue; the expiry date (where shown); and, for the credit-file method, the name of the credit bureau or vendor and the credit-file number. Records are retained in accordance with Section 18. Detailed method / record-keeping matrices are set out in Annexes B, C and D.
10. Enhanced Due Diligence (EDD)
EDD is applied wherever a customer or transaction presents higher risk, including:
PEPs, HIOs, and their family members or close associates;
customers connected to higher-risk jurisdictions or corridors;
customers with adverse media;
unusual or complex transactions, or transactions inconsistent with the known customer profile; and
cases where source of funds or source of wealth is unclear.
EDD measures include obtaining additional SOF/SOW information and identification documentation, enhanced ongoing transaction monitoring, transaction limits until cleared, and senior-management (MLRO) approval to establish or continue the relationship. High-risk customers and corridors require MLRO approval before onboarding or before a transaction proceeds. Transactions involving sanctioned parties or jurisdictions are rejected.
11. Politically Exposed Persons and Heads of International Organisations
The Company screens for domestic and foreign PEPs, HIOs, and their family members and close associates at onboarding and on an ongoing basis, using ComplyAdvantage. Where a PEP/HIO is identified, the Company determines the source of the person’s wealth and the source of funds for the transaction, applies enhanced ongoing monitoring, and obtains senior-management (MLRO) approval to enter into or continue the business relationship. Determinations and approvals are documented and retained. The MLRO is responsible for escalation and approval procedures.
12. Third-Party Determination
The Company takes reasonable measures to determine whether a person is conducting a transaction on behalf of a third party. Where a third party is identified, the Company records the third party’s name and address, the date of birth (for individuals), the nature of the principal business or occupation, and the relationship between the third party and the customer. Unclear or suspicious cases are escalated to the MLRO.
13. Ongoing Monitoring and the 24-Hour Rule
Ongoing monitoring
The Company conducts ongoing monitoring of business relationships to detect activity inconsistent with the customer’s profile, to keep customer information current, to reassess risk, and to detect transactions that must be reported. During each recurring transaction the Company asks whether the customer’s personal or business information has changed and updates records accordingly; records one year or older are re-verified on customer contact; and any third-party information that conflicts with the Company’s records is reconciled with the customer.
The 24-hour rule
Multiple transactions are aggregated where they total CAD 10,000 or more within a consecutive 24-hour window and are conducted by the same person or entity, on behalf of the same person or entity, or for the same beneficiary. All such transactions are included in a single FINTRAC report and are not reported separately. Given the Company’s services, the rule applies in practice to the Electronic Funds Transfer Report (EFTR); the Large Cash and Large Virtual Currency Transaction Reports are not currently applicable (the Company accepts no cash and deals in no virtual currency). The rule does not apply where the beneficiary is a public body, a very large corporation or trust with minimum net assets of CAD 75 million whose securities trade on a designated exchange in a FATF-member country, or an administrator of a pension fund regulated under federal or provincial legislation.
14. Transaction Monitoring, Detection Rules and Alert Handling
CS Remit is the Company’s primary transaction-management and monitoring platform; Sumsub is used for KYC / ID&V / onboarding verification; and ComplyAdvantage is used for sanctions, PEP and adverse-media screening and ongoing monitoring. Monitoring combines automated and manual methods and is designed to detect structuring, rapid FX conversion, beneficiary mismatch, unusual velocity, synthetic identity, mule activity and use of multiple funding sources.
Control | Rule / expectation
High-value transfer | Alert for single transfers at or above CAD 10,000, or approaching a reporting threshold.
Daily velocity | Alert if cumulative transfers from a single customer exceed CAD 10,000 within 24 hours.
Weekly velocity | Alert for unusually high cumulative weekly activity versus the customer profile.
Rapid FX conversion | Alert when funds are converted across multiple currencies within short timeframes.
Beneficiary mismatch | Alert when beneficiary name, account and country do not match expected patterns.
Device anomalies | Alert for more than two accounts created from the same device/IP within seven days.
Sanctions / PEP / adverse media | Immediate alert, transaction hold/block and MLRO escalation.
Alert triage and service levels
Initial triage within 24 hours of alert generation.
Routine alerts investigated within five business days.
Complex or high-risk matters escalated immediately to the MLRO.
Where reasonable grounds to suspect ML/TF are identified, the MLRO is notified and an STR is prepared.
15. Sanctions, PEP and Adverse Media Screening
Real-time screening is performed for customers, beneficiaries and counterparties at onboarding and continuously thereafter, using ComplyAdvantage (with Sumsub supporting onboarding ID&V). The Company screens against, at a minimum:
United Nations sanctions lists;
Canadian sanctions lists (SEMA / JVCFOA / United Nations Act);
OFAC (United States) sanctions lists;
European Union and United Kingdom sanctions lists;
international PEP lists; and
adverse-media databases.
Screening uses a combination of automated and manual methods. Positive matches are held or blocked, quarantined where appropriate and escalated to the MLRO. Name-matching review and decisioning are documented, with fuzzy-matching configured to detect aliases, transliterations and spelling variations, and to identify ownership/control exposure to listed persons. Confirmed matches are rejected and reported where required. Screening effectiveness is periodically tested using sample names, known list entries and prior false positives. The Company does not process transactions for sanctioned jurisdictions or sanctioned parties.
16. Suspicious Transaction Reporting and Prohibition on Tipping-Off
Employees must immediately report suspicious activity internally to the MLRO. The MLRO reviews the matter and determines whether an STR must be filed with FINTRAC. An STR is filed where there are reasonable grounds to suspect that a transaction, or an attempted transaction, is related to the commission or attempted commission of an ML or TF offence, regardless of amount, and is submitted as soon as practicable after the facts supporting the suspicion are established.
Tipping-off is strictly prohibited: no employee may disclose, other than in the normal course of their duties, that an STR has been prepared or submitted, or the contents of a report. Persons who make a report in good faith are protected from civil liability. A copy of each STR, together with a full record of the underlying transactions, is retained for at least five years. The internal escalation route and STR template are set out in Annex I.
17. Regulatory Reporting Obligations
Report | Trigger | Timeline
STR | Reasonable grounds to suspect ML/TF (including attempts), any amount. | As soon as practicable after RGS is established.
EFTR | International EFT of CAD 10,000+ sent or received (single or 24-hour aggregate). | Within five business days.
TPR | Property owned or controlled by or on behalf of a terrorist or terrorist group. | Immediately on becoming aware; notify RCMP and CSIS.
LCTR | Cash of CAD 10,000+ received. Framework maintained; not currently applicable - the Company accepts no cash. | Within 15 calendar days (if applicable).
LVCTR | Virtual currency equivalent to CAD 10,000+ received. Framework maintained; not currently applicable - the Company deals in no virtual currency. | Within 15 calendar days (if applicable).
Reports are submitted electronically through FINTRAC’s secure web reporting. All reports and related transaction records are retained for at least five years and stored so as to enable prompt retrieval on request by FINTRAC or other competent authority. STR filings are logged in the STR register and reported to the Board and senior management as part of periodic compliance reporting. Should the Company introduce cash or virtual-currency activity in future, the LCTR/LVCTR procedures (including the exemption where cash is received from a financial entity or public body) would be implemented following documented compliance, legal and partner approval.
18. Record Keeping and Retention
Customer-identification records, transaction records, STRs and other reports, investigation files, risk assessments and training records are retained for at least five years from creation or from the end of the business relationship (or the date of the last transaction), whichever is later, or longer where required by law or partner agreement. Records are stored in a secure cloud environment with role-based access controls, encryption at rest and in transit, immutable audit logs and backups, and are accessible to the Company’s officers on a need-to-know basis and to FINTRAC and other authorities entitled to oversee the Company’s operations.
19. Anti-Bribery and Corruption (ABC)
The Company prohibits bribery and corruption in all forms, whether direct or indirect, and whether involving public officials or private parties. Employees, officers, directors and contractors must not offer, promise, give, request or accept any bribe, kickback, facilitation payment or improper advantage intended to influence a business decision or to secure an improper benefit. Gifts and hospitality must be reasonable, proportionate, transparent and recorded, and must never be used to create an improper obligation. The Company conducts risk-based due diligence on partners and counterparties, escalates suspected bribery or corruption to the MLRO, and reports to competent authorities where required. This commitment is reinforced through training (Section 20) and applies across all corridors in which the Company operates.
20. Staff Screening, Vetting and Training
Screening and vetting
The Company applies risk-based pre-employment and ongoing screening to personnel in roles exposed to financial-crime risk. Vetting includes verification of identity, right-to-work, employment/reference history and, where permitted and proportionate to the role, criminal-record and adverse-media / sanctions checks. Screening is repeated on a risk basis during employment, and findings relevant to financial-crime risk are escalated to the MLRO.
Training
The Company provides a comprehensive AML/CTF training programme tailored to role and risk exposure:
Onboarding - all new employees receive introductory AML/CTF training covering core concepts, the Company’s policies and procedures, and their individual responsibilities. The MLRO verifies each new employee’s understanding of the program.
Annual refresher - all staff receive annual training updated for regulatory change, internal-policy change and emerging typologies, with content tailored by role and department.
Role-specific training - staff in high-risk functions (transactions, onboarding, compliance) receive in-depth, scenario-based training using real-life case studies.
Assessment and feedback - attendees are assessed after each session; feedback is collected and used to improve the programme.
Ad-hoc briefings - the MLRO organises immediate briefings on significant regulatory change and maintains an internal portal of AML/CTF resources and guidance.
All training materials, attendance records, assessments and feedback are documented and retained as evidence of the Company’s commitment to AML/CTF training during audits and regulatory reviews.
21. Technology, Outsourcing and Partner Due Diligence
Before entering into a relationship with a partner bank, EMI or other third party involved in supporting financial operations or accessing the Company’s systems, the Company conducts risk-based due diligence covering regulatory status, client-fund segregation arrangements, AML/CTF controls, sanctions-screening capability and incident-response capability, to confirm the partner meets or exceeds the Company’s standards. Reliance and outsourcing arrangements are documented and subject to ongoing oversight. Relevant agreements incorporate specific clauses setting out AML obligations, responsibilities and the consequences of non-compliance. Where a third party fails to meet the Company’s standards, or is found to be involved in illicit activity, the MLRO commences an orderly termination of the relationship while protecting the Company’s interests.
22. Data Protection and Privacy
Personal data collected for AML/CTF purposes is processed in accordance with applicable privacy laws and protected through secure storage, restricted role-based access, encryption in transit and at rest, immutable audit logging and regular access reviews. Personal data is used only for legitimate financial-crime-prevention and regulatory-compliance purposes, is retained in line with Section 18, and is disclosed only to competent authorities or partners as permitted or required by law.
23. Independent Review, Testing and the MLRO Annual Report
The Company conducts an independent effectiveness review of its AML/ATF Compliance Program at least once every two years, in accordance with PCMLTFA requirements. The review assesses the adequacy and operating effectiveness of the risk-assessment framework, CDD/EDD procedures, transaction-monitoring controls, STR identification and filing, sanctions-screening controls, record-keeping, training effectiveness, and governance and oversight arrangements - including whether the program remains adequate following expansion into additional jurisdictions. This is supported by ongoing internal assurance: risk-based compliance testing and sample-based file quality-assurance conducted by Compliance (at least quarterly), MLRO review of high-risk customers at least annually, an annual policy review, and regular consideration of the AML/CTF programme by the Board. Findings are documented, reported to the Board and senior management, and remediated promptly with accountable owners and target dates.
In addition, the MLRO prepares an annual report to the Board summarising the operation and effectiveness of the AML/CTF program, including reporting activity (STRs and other reports), material risks and typologies observed, the outcome of testing and independent review, training completion, and recommended enhancements. The report and the Board’s consideration of it are documented and retained.
24. Policy Governance, Review and Employee Acknowledgement
This Policy is owned by the MLRO, approved by the Board of Directors, and reviewed at least annually and on any material change to the business model, corridors, partners, technology or regulatory requirements. All updates are approved by the Board and implemented by senior management. All employees, officers, directors and relevant personnel must read, understand and comply with this Policy, and must report suspicious or unusual activity immediately to the MLRO. Failure to comply may result in disciplinary action.
25. Annexes
Annex A - Governance and escalation contacts
Role | Contact
MLRO / AML Compliance Officer - Trevor Clein | +44 (0)7798 778036 | tc@liongm.com
Deputy MLRO - Asher Freed | +44 7882 113794 | afreed@liongm.com
Registered office | 30 Wertheim Court, Unit 12, Suite 201, Richmond Hill, Ontario, L4B1B9, Canada
Annex B - Identity verification methods for persons and record-keeping
Method | Documents / information | Details that must match | Information to record
Government photo ID | Authentic, valid, current government (non-municipal) photo ID. | Name and photograph. | Name; date of verification; document type; document number; issuing province/state and country; expiry date (if any).
Credit file | Valid, current Canadian credit file in existence ≥ 3 years, from more than one source. | Name, address and date of birth. | Name; date the file was consulted; credit bureau / vendor name; credit-file number.
Dual-process | Valid, current information from two different reliable sources (neither the RE nor the person). | Two of: name+address; name+DOB; name+financial-account confirmation. | Name; date verified; the two sources used; type of information; account number (if any).
Affiliate / member | Records of an affiliate or member that previously verified identity. | Name, address and date of birth. | Name; date verified; affiliate/member name; method used by that affiliate/member.
Annex C - Identity verification methods for entities and record-keeping
Method | Documents / information | Details that must match | Information to record
Confirmation of existence | Corporation: certificate of incorporation, annual securities filing, or most recent record confirming existence, name, address and directors. Other entities: partnership agreement, articles of association or equivalent. | Name and address; names of directors (corporations). | If an electronic record from a public database: registration number, document type and source. If paper/electronic record: the record or a copy.
Annex D - Examples of acceptable photo identification
Document | Issuer
Canadian passport | Canada
Permanent resident card | Canada
Citizenship card (issued before 2012) | Canada
Secure Certificate of Indian Status | Canada
Provincial / territorial driver’s licences | Canadian provinces and territories
Provincial / territorial identity or services cards | Canadian provinces and territories
DND 404 driver’s licence | Department of National Defence, Canada
Global Entry / NEXUS card | United States / Canada
Foreign passport or driver’s licence | Equivalent foreign government
Note: photo identification issued by municipal governments (Canadian or foreign) is not acceptable.
Annex E - CDD / KYC risk matrix
Risk level | Examples | Required controls | Review
Low | Clear identity, simple profile, low value, low-risk corridor, no adverse indicators. | Standard CDD, screening, expected-activity profile and standard monitoring. | Every 36 months / trigger.
Medium | Cross-border individual or business; moderate volume; medium-risk corridor or more complex purpose. | CDD/KYB, beneficial ownership, risk-based SOF, tailored monitoring. | Every 24 months / trigger.
High | PEPs/HIOs; adverse media; high-risk corridor; complex ownership; high value/frequency; unclear SOF/SOW. | EDD, full SOF/SOW, MLRO approval, enhanced monitoring, lower limits until cleared. | At least every 12 months / trigger.
Annex F - Reporting thresholds and timelines
Report | Threshold | Timeline
STR | Any amount - reasonable grounds to suspect ML/TF. | As soon as practicable.
EFTR | International EFT CAD 10,000+ (24-hour aggregate). | 5 business days.
TPR | Terrorist property identified. | Immediately (notify RCMP / CSIS).
LCTR | Cash CAD 10,000+. Not currently applicable - no cash accepted. | 15 calendar days (if applicable).
LVCTR | VC equivalent CAD 10,000+. Not currently applicable - no virtual currency. | 15 calendar days (if applicable).
Annex G - Red-flag indicators
Multiple rapid transfers to different beneficiaries in short succession.
Transfers to or from high-risk jurisdictions inconsistent with the customer profile.
Beneficiary account name does not match provided beneficiary details.
Use of multiple funding accounts or frequent changes to funding sources.
Unusual FX conversions with no commercial rationale.
Transaction chains of excessive complexity with no clear economic rationale.
Attempts to avoid verification steps or provision of inconsistent ID documents.
PEP status or adverse media not disclosed by the customer.
Immediate actions: hold or reject the transaction, escalate to the MLRO, preserve evidence, request additional documentation and file an STR where reasonable grounds exist.
Annex H - AML/CTF training syllabus
Legal framework (PCMLTFA, PCMLTFR, FINTRAC obligations) and Company policy.
KYC, verification methods, thresholds and the KYC matrix.
Transaction monitoring, red flags and alert handling.
STR / LCTR / LVCTR / EFTR / TPR reporting procedures and the 24-hour rule.
Sanctions, PEP and adverse-media screening.
Anti-bribery and corruption.
Investigation, evidence preservation and the prohibition on tipping-off.
Annual assessment and role-specific practical exercises.
Annex I - STR internal escalation template
Section | Required information
Cover | Date; reporting entity; MLRO contact (Trevor Clein, +44 (0)7798 778036, tc@liongm.com); summary of suspicion.
Customer details | Full name; DOB / incorporation date; address; ID type/number; account or virtual-account IDs.
Transaction details | Transaction IDs; dates/times; amounts/currency; originating and beneficiary accounts and institutions; rails used.
Supporting evidence | KYC documents; transaction logs; device/IP logs; partner confirmations; communications.
Actions taken | Hold/suspension; customer contact; partner notification; investigator conclusion and reporting decision.
Document Control and Approval
Field | Value
Document title | Anti-Money Laundering (AML) & Counter-Terrorist Financing (CTF) Policy, Procedures and Manual
Version | 1.1
Effective date | 15-03-2026
Next review date | 14-03-2027
Approved by | Board of Directors / Asher Freed
Reviewed by | Trevor Clein, MLRO / AML Compliance Officer
Manual completion required | Signature/date fields to be completed before submission where applicable