Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) Policy

1. Purpose

This Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) Policy outlines the internal systems, procedures, and controls implemented by Ereus PSP Ltd (“Ereus PSP”, “we”, “our”, or “the Company”) to prevent and detect money laundering, terrorist financing, and other forms of financial crime in accordance with the Laws of the Republic of Cyprus and EU AML Directives.

The Policy applies to:

• All services offered via the Ereus PSP Platform and APIs;
• All employees, officers, and third-party agents;
• All merchants and partners onboarded by Ereus PSP.

2. Legal and Regulatory Framework

Ereus PSP operates under and adheres to the following AML/CTF legislation and standards:

• The Prevention and Suppression of Money Laundering and Terrorist Financing Law of 2007 (Law 188(I)/2007) as amended;
• EU 5th and 6th Anti-Money Laundering Directives (5AMLD and 6AMLD);
• FATF Recommendations;
• Relevant directives and circulars of the Cyprus Financial Intelligence Unit (MOKAS).

3. Company Overview

Ereus PSP Ltd is a Cyprus-based Payment Service Provider (PSP) facilitating secure online payments for international merchants through acquiring banks, alternative payment methods, and API integrations.

The Company provides:

• Payment processing and cashier solutions;
• Routing and transaction conversion;
• Integration with international acquiring partners.

Ereus PSP does not provide services directly to natural persons unless they are part of an authorized merchant structure.

4. AML/CTF Governance

4.1. Money Laundering Reporting Officer (MLRO)

Ereus PSP appoints a qualified team responsible for:

• Implementation and enforcement of this Policy;
• Monitoring and investigating suspicious transactions;
• Submitting Suspicious Activity Reports (SARs) to MOKAS;
• Acting as liaison with regulatory and law enforcement authorities;
• Providing AML/CTF training to staff.

4.2. Management Oversight

The Board of Directors of Ereus PSP is ultimately responsible for ensuring compliance with AML/CTF laws, providing adequate resources, and maintaining effective internal controls.

5. Risk-Based Approach (RBA)

Ereus PSP applies a Risk-Based Approach to prevent ML/TF by:

• Assessing risks associated with customers, geographies, transaction types, and delivery channels;
• Categorizing clients as Low, Medium, or High Risk;
• Applying proportionate due diligence and monitoring measures.

Examples:

• Low Risk: Regulated financial institutions, EU-based entities with transparent structures.
• Medium Risk: Standard online merchants operating within the EU.
• High Risk: FX, gaming, crypto-related, or cross-border merchants.

Risk assessments are reviewed annually or upon significant business changes.

6. Customer Due Diligence (CDD)

6.1. Identification and Verification

Before establishing a business relationship, Ereus PSP performs full Know Your Business (KYB) checks, including:

• Legal name, registration number, and address of the entity;
• Ownership and control structure;
• Identification of authorized signatories and directors;
• Proof of business operations and website verification.

Supporting documents include:

• Certificate of Incorporation;
• Memorandum & Articles of Association;
• Shareholder Register;
• Valid ID/passport of directors;
• Proof of address and domain ownership.

All documents are validated prior to activation of services.

6.2. Ongoing Monitoring

Ereus PSP monitors all merchant activity to ensure consistency with the declared business model. Any deviation, such as new URLs, products, or payment flows, must be pre-approved.

6.3. Enhanced Due Diligence (EDD)

EDD is applied in cases involving:

• Politically Exposed Persons (PEPs);
• High-risk industries or jurisdictions;
• Adverse media or unclear ownership structures.

EDD may include source of funds verification, video verification, or additional background checks.

7. Transaction Monitoring and Reporting

Ereus PSP employs both automated and manual transaction monitoring systems to detect:

• Unusual transaction patterns;
• Volume or frequency inconsistent with the merchant profile;
• Structuring or attempts to evade reporting thresholds;
• Transactions involving sanctioned or high-risk jurisdictions.

The Compliance Team reviews alerts and, when necessary, files Suspicious Activity Reports (SARs) with MOKAS in accordance with Cyprus law.

8. Sanctions and PEP Screening

All clients, UBOs, and partners are screened against:

• EU, UN, OFAC, and UK sanctions lists;
• PEP databases;
• Adverse media sources.

Sanctions or PEP matches are escalated to the MLRO for review before account activation or transaction processing.

9. Record Keeping

Ereus PSP maintains detailed records of:

• Merchant onboarding documents and CDD information;
• Transaction data and communication logs;
• SARs and internal investigation reports.

All records are retained for at least five (5) years after termination of the business relationship, in compliance with Cypriot law.

10. Staff Training

All Ereus PSP employees receive AML/CTF training:

• Upon hiring and annually thereafter;
• Covering AML legislation, red flags, internal procedures, and reporting obligations;
• Conducted by or under the supervision of the MLRO.

Attendance and comprehension are documented and auditable.

11. Independent Audit

Ereus PSP’s AML framework is subject to independent audit and compliance review on an annual basis to ensure effectiveness and adherence to regulatory standards.

12. Data Protection and Confidentiality

All personal and business data collected during AML/CTF procedures are processed in accordance with the General Data Protection Regulation (GDPR) and the Cyprus Data Protection Law.

Information related to suspicious activity is confidential and shared only with competent authorities.

13. Non-Compliance and Disciplinary Action

Failure by employees or partners to comply with AML/CTF obligations may result in:

• Disciplinary measures, including termination of employment or partnership;
• Notification to regulatory or law enforcement authorities;
• Termination of the business relationship with the offending merchant.

14. Policy Review

This Policy is reviewed annually or upon material changes in legislation, regulatory guidance, or the nature of Ereus PSP’s business operations.