Anti-Money Laundering Policy

1. Policy Statement

Provena Capital Pte Ltd ("Provena Capital," "we," "us," or "our") maintains a zero-tolerance policy toward money laundering, terrorist financing, and financial crime. We are committed to:

• Complying with all applicable AML/CFT laws, regulations, and international standards
• Implementing robust customer due diligence and know-your-customer (KYC) procedures
• Monitoring transactions and reporting suspicious activities
• Training employees on AML/CFT obligations and best practices
• Maintaining comprehensive records for regulatory and law enforcement purposes
• Cooperating fully with regulatory authorities and law enforcement agencies

2. Regulatory Framework

This policy is based on and implements requirements from:

• Financial Action Task Force (FATF): 40 Recommendations on combating money laundering and terrorist financing
• Monetary Authority of Singapore (MAS): Notices on Prevention of Money Laundering and Countering the Financing of Terrorism
• Singapore Terrorism (Suppression of Financing) Act: Requirements for reporting and prevention
• United Nations Security Council Resolutions: Sanctions and targeted financial measures
• U.S. Securities and Exchange Commission (SEC): Regulation A compliance requirements
• Bank Secrecy Act (BSA) and USA PATRIOT Act: For U.S. investor compliance

3. Risk-Based Approach

We employ a risk-based approach to AML/CFT compliance, assessing and mitigating money laundering and terrorist financing risks based on:

• Customer Risk: Investor profile, occupation, source of funds, transaction patterns
• Geographic Risk: High-risk jurisdictions, sanctions lists, FATF grey/black lists
• Product Risk: Investment type, size, complexity, and liquidity
• Delivery Channel Risk: Online platform, face-to-face, third-party intermediaries

Enhanced due diligence measures are applied to higher-risk categories, while simplified measures may be applied to lower-risk situations where permitted by regulation.

4. Customer Due Diligence (CDD)

4.1 Standard CDD Requirements

For all customers, we perform the following CDD measures:

• Identity Verification: Government-issued photo ID (passport, national ID, driver's license)
• Address Verification: Utility bill, bank statement, or government correspondence (within 3 months)
• Date of Birth Verification: Confirm age and match with ID documents
• Sanctions Screening: Check against OFAC, UN, EU, MAS, and other sanctions lists
• PEP Screening: Identify politically exposed persons and their associates
• Adverse Media Screening: Check for negative news related to financial crime
• Source of Funds: Understand the origin of investment capital
• Source of Wealth: Verify how wealth was accumulated
• Purpose and Nature of Business Relationship: Understand intended use of platform

4.2 Enhanced Due Diligence (EDD)

Enhanced measures are applied to higher-risk customers, including:

• Politically Exposed Persons (PEPs) and their family members or close associates
• Customers from high-risk jurisdictions (FATF identified)
• Customers with complex ownership structures
• Customers engaged in cash-intensive businesses
• Non-face-to-face customer relationships
• Correspondent banking relationships
• Customers with unusual or suspicious transaction patterns

EDD measures include senior management approval, additional documentation, enhanced monitoring, more frequent reviews, and investigation of source of funds and wealth.

4.3 Corporate and Entity Customers

For corporate entities, trusts, and other legal arrangements, we verify:

• Legal status and existence (certificate of incorporation, partnership agreement)
• Registered address and principal place of business
• Directors, officers, and authorized signatories
• Ultimate beneficial owners (UBOs) with 25% or more ownership or control
• Control structure and ownership chain
• Nature of business and industry sector
• Financial statements and tax returns (where appropriate)

5. Ongoing Monitoring and Review

We conduct continuous monitoring of customer relationships, including:

5.1 Transaction Monitoring

• Automated monitoring systems screening all transactions
• Rule-based alerts for unusual patterns or suspicious activity
• Threshold-based alerts for large or structured transactions
• Pattern recognition for money laundering typologies
• Blockchain analytics for crypto-asset transactions

5.2 Periodic Reviews

• Standard risk customers: Reviewed every 24 months
• Medium risk customers: Reviewed every 12 months
• High risk customers: Reviewed every 6 months or more frequently
• PEPs and sanctioned jurisdictions: Continuous monitoring

5.3 Record Updates

We require customers to update their information upon material changes and conduct periodic re-verification to ensure CDD information remains current and accurate.

6. Suspicious Activity Reporting

6.1 Suspicious Transaction Indicators

We investigate and report transactions that exhibit suspicious characteristics, including:

• Transactions inconsistent with customer profile or stated investment purpose
• Structuring transactions to avoid reporting thresholds
• Use of multiple accounts or intermediaries without clear business purpose
• Rapid movement of funds with no apparent investment activity
• Transactions involving high-risk jurisdictions
• Unusual patterns suggesting layering or integration of illicit funds
• Customers providing false or misleading information
• Customers refusing to provide required documentation
• Transactions linked to shell companies or complex structures

6.2 Reporting Procedures

When suspicious activity is identified, we file Suspicious Transaction Reports (STRs) with the Suspicious Transaction Reporting Office (STRO) in Singapore and other applicable financial intelligence units. Reports are filed within required timeframes and include:

• Detailed description of suspicious activity
• Customer identification information
• Transaction details and supporting documentation
• Rationale for suspicion and red flags identified

6.3 Tipping Off Prohibition

We strictly prohibit tipping off customers or third parties about STR filings or ongoing investigations. All STR-related information is maintained on a strict need-to-know basis.

7. Sanctions Screening and Compliance

We screen all customers, transactions, and counterparties against:

• OFAC (U.S. Office of Foreign Assets Control): Specially Designated Nationals (SDN) List
• United Nations Security Council: Consolidated sanctions lists
• European Union: EU sanctions lists
• Monetary Authority of Singapore: MAS sanctions lists
• UK HM Treasury: Financial sanctions targets
• Other Jurisdictions: Additional sanctions as applicable

Screening occurs at onboarding, transaction processing, and through daily batch screening of existing customers. Any matches result in immediate escalation and potential blocking of transactions.

8. Prohibited Jurisdictions and Activities

8.1 Prohibited Jurisdictions

We do not accept customers or transactions from or to:

• Countries subject to comprehensive U.S., UN, or EU sanctions
• FATF-identified high-risk jurisdictions with strategic AML/CFT deficiencies
• Non-cooperative jurisdictions for tax purposes
• Jurisdictions where our services are prohibited or restricted

8.2 Prohibited Activities

We prohibit use of our platform for:

• Money laundering or terrorist financing
• Fraud, including investment fraud or identity theft
• Market manipulation or insider trading
• Tax evasion or avoidance schemes
• Sanctions evasion
• Financing of weapons of mass destruction
• Human trafficking, drug trafficking, or other serious crimes
• Bribery and corruption

9. Record Keeping

We maintain comprehensive records as required by law, including:

• Identification Records: Copies of all CDD/KYC documents for 7 years after relationship ends
• Transaction Records: All transaction details for 7 years after transaction
• Account Files: Complete customer files including correspondence and risk assessments
• STR Documentation: Supporting materials for suspicious transaction reports
• Sanctions Screening Results: Documentation of all screening activities
• Training Records: Employee AML/CFT training completion records

All records are maintained in a secure, retrievable format and made available to regulators and law enforcement upon request.

10. Employee Training and Awareness

All employees receive comprehensive AML/CFT training, including:

• Initial training upon hire covering AML/CFT fundamentals
• Annual refresher training on policies and procedures
• Role-specific training for compliance, operations, and customer-facing staff
• Updates on new regulations, typologies, and emerging risks
• Recognizing and reporting red flags and suspicious activity
• Sanctions compliance and screening procedures

Training completion is tracked and documented. Employees must demonstrate understanding through assessments and are held accountable for compliance with this policy.

11. Governance and Oversight

11.1 Compliance Officer

We have appointed a designated AML Compliance Officer (AMLCO) responsible for overseeing the AML/CFT program, including policy implementation, employee training, regulatory reporting, and liaison with authorities.

11.2 Board and Management Oversight

Our Board of Directors and senior management provide oversight of the AML/CFT program, reviewing effectiveness, approving policies, and allocating adequate resources.

11.3 Independent Testing

We conduct independent audits of our AML/CFT program at least annually, performed by qualified internal or external auditors, to assess effectiveness and identify areas for improvement.

12. Third-Party Risk Management

We conduct due diligence on third-party service providers who have access to customer information or perform AML-related functions. This includes:

• Pre-engagement risk assessment and due diligence
• Contractual requirements for AML/CFT compliance
• Ongoing monitoring of third-party performance
• Right to audit and inspect third-party controls

13. Whistleblower Protection

We encourage employees to report suspected violations of this policy or applicable laws. We maintain a confidential reporting channel and prohibit retaliation against employees who report suspected violations in good faith.

14. Consequences of Non-Compliance

Violations of this policy may result in:

• Account suspension or termination
• Reporting to law enforcement and regulatory authorities
• Legal action and recovery of damages
• Employee disciplinary action up to and including termination

15. Policy Review and Updates

This policy is reviewed at least annually and updated as needed to reflect changes in laws, regulations, risk assessment, and best practices. Material changes are communicated to employees and, where appropriate, to customers.

16. Contact Information

For questions about this AML Policy or to report suspicious activity, please contact: