AML / KYC Policy

1. Purpose and Policy Position

Crane is committed to preventing money laundering, terrorist financing, sanctions evasion, fraud, and related financial crime. This AML/KYC Policy describes the control framework applied to users, transactions, onboarding, monitoring, escalation, and regulatory cooperation in connection with the Crane product and the operations of Pandar Resources Limited. This policy is intended to reflect the current Nigerian compliance posture applicable to the service model, including expectations arising from anti-money laundering laws, sanctions controls, financial crime risk management, and emerging digital asset oversight.

2. Regulatory and Standards Framework

• Applicable Nigerian anti-money laundering and counter-terrorist financing laws and regulations, including reporting and recordkeeping requirements.
• Regulatory guidance and compliance expectations applicable to digital asset-related activities, payment flows, and financial crime risk management.
• International standards and risk-based principles, including FATF-aligned expectations where relevant.

3. Customer Identification and Verification

No user may access relevant transactional functionality unless the required level of identification and verification has been completed. We may use our own processes and/or trusted third-party providers for identity checks, document verification, liveness checks, sanctions screening, adverse media review, business verification, and related assessments.

• For individuals, required information may include full legal name, date of birth, contact details, BVN, NIN, address, bank details, government-issued identification, and any additional information reasonably required for risk assessment.
• For business users or institutional relationships, required information may include CAC documentation, ownership information, authorised signatory details, source-of-funds information, and beneficial ownership verification.
• We may reject, suspend, or restrict any onboarding or transaction where identity information is incomplete, inconsistent, unverifiable, suspicious, or otherwise unacceptable from a risk or regulatory perspective.

4. Risk-Based Classification

Users and activities may be classified into risk categories such as low, medium, or high risk based on factors including geography, transaction pattern, source of funds, occupation or business line, sanctions exposure, politically exposed person status, adverse media, behavioural indicators, unusual device activity, and partner feedback. Higher-risk users or activities may be subject to enhanced due diligence, additional information requests, lower operational limits, closer monitoring, delayed processing, senior review, or a decision not to proceed.

5. Enhanced Due Diligence

• Enhanced due diligence may be applied to politically exposed persons, high-risk counterparties, unusual transaction patterns, adverse media hits, suspected mule activity, high-velocity accounts, abnormal deposit-withdrawal behaviour, or users presenting elevated fraud or sanctions risk.
• EDD measures may include source-of-funds or source-of-wealth review, enhanced document requests, video verification, proof of address, transaction explanations, business profile review, beneficial ownership checks, or escalation to compliance decision-makers.

6. Transaction Monitoring and Controls

All relevant transactions may be subject to automated and manual monitoring for suspicious, unusual, inconsistent, or high-risk behaviour. Monitoring may occur before, during, or after processing and may lead to review, delay, restriction, cancellation, reporting, or account action as appropriate.

• Examples of monitored indicators may include unusual transaction values, rapid movement of funds, inconsistent customer profile behaviour, structuring patterns, linked accounts, sanctions indicators, repeated failed verification attempts, device anomalies, and attempted circumvention of controls.
• Where required, transactions may be placed on hold while compliance review is ongoing. The period of review may depend on the nature of the concern, the complexity of the trace, partner response times, legal requirements, or regulator engagement.

7. Sanctions Screening and Restricted Activity

• Users and relevant counterparties may be screened against applicable sanctions and watchlists, including Nigerian, UN, OFAC, EU, UK, or other lists considered operationally relevant.
• Accounts or transactions involving sanctioned parties, high-risk jurisdictions, blocked persons, or prohibited activity may be rejected, frozen, restricted, exited, or reported as required.
• We may also decline activity that is technically lawful but commercially, reputationally, operationally, or regulatorily unacceptable in our reasonable judgement.

8. Reporting and Regulatory Cooperation

Where required by applicable law or regulatory expectation, suspicious transactions or relevant reports may be filed with the competent authorities within the required timelines. We may also provide information, documents, or access to records where lawfully requested by regulators, law enforcement agencies, tax authorities, courts, or other competent bodies.

9. Recordkeeping

• Customer identification records, screening results, transaction data, communications, escalations, and investigation records may be retained for at least seven (7) years after account closure or longer where required by law, regulatory expectation, litigation hold, or internal control needs.
• Records may be maintained in secure electronic form and made available to authorised personnel and competent authorities on a lawful basis.

10. Governance, Oversight, and Training

An appropriately designated compliance officer or Money Laundering Reporting Officer (MLRO) is responsible for oversight of AML/KYC implementation, escalation management, reporting quality, and control effectiveness. Internal personnel may receive regular training on verification, sanctions, suspicious activity handling, customer escalation, and recordkeeping expectations. This policy may be supplemented by internal procedures, playbooks, risk matrices, escalation notes, and audit controls that are not publicly disclosed but are used internally to maintain compliance.

11. Consequences of Non-Compliance

• Failure by a user to provide requested information, respond to a review, or comply with AML/CFT requirements may lead to delay, refusal, suspension, restriction, reporting, or termination.
• Where misconduct, false information, fraud, sanctions exposure, or unlawful activity is suspected, we may take immediate protective action without prior notice where permitted or required.

12. Contact

Questions relating to AML/KYC matters may be directed to support@usecrane.co, subject to the limits of information we can disclose during an active compliance review or investigation.