PILLA ANTI-MONEY LAUNDERING / COMBATING THE FINANCING OF TERRORISM POLICY

Last Updated and Effective May 2nd, 2024

1. INTRODUCTION

1.1. Background & Scope

Pilla (the Company) is an innovative company using technology to provide digital solutions to problems in the real estate industry. The Company started its operations in 2023.  Pilla offers multi-currency digital banking, payments and financial operating services to property users and property investors keen on leveraging unique financial services to drive property development, home ownership and related transactions. Thus, Pilla is the property bank for everyone.  In line with the Money Laundering Prohibition Act 2011 (MLPA 2011), the Company hereby commits to comply with Anti-Money Laundering and Combating Terrorist Financing (AML/CFT) obligations under the law and regulatory directives and to actively prevent any transaction that otherwise facilitates criminal activity or terrorism.   To fulfil this commitment, Pilla has established internal policies and procedures. This Policy establishes standards which every employee, contractor and business partner of Pilla should observe. It is important to note that failure to comply with the MLPA 2011 and other relevant regulatory guidelines will attract appropriate sanction from relevant Regulators. Pilla’s Board of Directors has zero tolerance to regulatory infractions and staff are required to comply fully with the provisions of this AML/CFT Policy and various regulatory guidelines.

1.2. Policy Statement & Objective

It is the policy of Pilla to prohibit and actively prevent activities that facilitate money laundering or the funding of terrorists or criminal activity. Money laundering is generally defined as engaging in acts designed to conceal or disguise the true origin of criminally derived proceeds so that the unlawful proceeds appear to have been derived from legitimate origins or constitute legitimate assets.  In such cases, monies relating to financial crimes and/or sharp practices are transferred/diverted/routed through banks and non-bank financial institutions by unscrupulous individuals with hidden or no identity.

Generally, money laundering occurs in three stages:

1. Placement – cash generated from criminal activities is converted into monetary instruments, such as money orders or traveler's checks, or deposited into accounts at financial institutions.

2. Layering – funds are transferred or moved into other accounts or other financial institutions to further separate the money from its criminal origin.

3. Integration – funds are reintroduced into the economy and used to purchase legitimate assets or to fund other criminal activities or legitimate businesses.

Terrorist financing may not involve the proceeds of criminal conduct, but rather an attempt to conceal the origin or intended use of the funds, which will later be used for criminal purposes.

The objectives of this AML/ CFT Policy are to:

1. Establish the essential standards designed to prevent Pilla from being used to commit financial crimes. 

2. Ensure that products and services are offered only to customers whose identities and nature of business transactions have been reasonably ascertained

3. Assign clear AML/CFT responsibilities across the Company.

4. Comply with relevant rules and regulations on AML/ CFT.

1.3. AML/ CFT Minimum Standards

The AML/ CFT Policy sets out the minimum standards applicable to the Company as follows:

1. Appointment of a Compliance Officer of sufficient seniority who will have the responsibility for oversight of compliance with relevant legislation, regulations, rules and industry guidance. 

2. Every staff of the Company shall be bound by this AML/CFT Policy which  is aimed as a guide and to enable all staff monitor, recognize and respond appropriately to suspicious transactions. 

3. Establishing and maintaining a risk-based approach towards assessing and managing money laundering and terrorist financing risks

4. Establishing and maintaining risk-based “customer due diligence (CDD)” and “know your customer (KYC)” procedures for all customer relationships, including an “enhanced due diligence (EDD)” for those customers presenting higher risk exposure.

5. Establishing and maintaining robust systems and procedures to monitor customer accounts and activity.

6. Ensuring timely and accurate reporting of unusual and suspicious customer activities internally and externally to the relevant authorities, including the Nigerian Financial Intelligence Unit (NFIU), Central Bank of Nigeria (CBN) and others as required.

7. Developing capacity of staff to identify suspicious transactions and activities through regular training programs

1.4. Approval and Ownership

The AML/ CFT Policy is approved by the Board of Directors, whilst the Compliance Desk (which sits in the Risk Management Department, RMD) shall be responsible for the implementation of the Policy across the Company.  The RMD shall ensure full adherence to the AML/ CFT Policy by all staff through its activities and the department should be consulted for interpretations of the Policy. It is the responsibility of the RMD to report any incidence of non-compliance with this policy via appropriate channels to the Board of Directors. In instances of persistent non-compliance by individual employees, the individuals concerned will be subject to disciplinary action in line with the Company’s Code of Conduct.

2.Definitions

AML/ CFT – Anti-Money Laundering and Combating Terrorist Financing (AML/CFT).

Beneficial Owner – a living, breathing human being who ultimately profits from a corporate entity’s activities.

BRAC – Board Risk and Audit Committee.

CAC – Corporate Affairs Commission.

CBN – Central Bank of Nigeria.

CDD – Customer due diligence.

Compliance Desk – a team of Compliance Officers which drive implementation of the Company’s AML/ CFT strategies, policies and procedures in the Company.

Compliance Program – outline a set of guidelines and reporting schedules that ensure a company's employees are complying with all relevant laws and regulations.

Due Diligence – is a continuous process that assesses the customer's risk profile throughout the entire business relationship.

EDD – Enhanced due diligence. 

ERM – Enterprise Risk management.

Fraud – an illegal act characterised by deceit, concealment or violation of trust, whether or not, threat of violence or physical force has been applied. 

HNI – High net-worth individuals

KYC – Know your customer is a process that involves collecting and verifying customer information before starting a business relationship. 

MLPA 2021 – Money Laundering Prohibition Act 2011 (MLPA 2011).

MRIC – Management Risk and Investment Committee.

NFIU – Nigerian Financial Intelligence Unit.

NGO – Non-Governmental Organisations.

PEP – Politically Exposed Person.

PND – Post-no-debit.

RMD – Risk Management Department.

Suspicious Transaction – a transaction which is unusual due to its size, volume, type, frequency, pattern or otherwise subjective of known money laundering methods.

UBO – Ultimate Beneficial Owner with at least 5% stake in a corporate entity.

3. Governance

3.1 Roles and Responsibilities

The risk governance structure, as set out in the Enterprise Risk Management (ERM) Framework, details the key responsibilities for decisions on risk taking and risk oversight in the Company. For Credit Risk, the key committees and business areas are as follows:

1. The Board of Directors – is the highest approving body in Pilla and is responsible for:

a. approving this AML/ CFT Policy and has the power to ratify changes and exceptions to the Policy.

b. assuming overall responsibility for AML/ CFT compliance.

2. The Board Risk and Audit Committee (BRAC) – is a sub-committee of the Board of Pilla and it acts on behalf of the Board of Directors on AML/ CFT related matters. The BRAC is responsible for:

a. approval of changes to the AML/ CFT Policy on behalf of the Board of Directors.

b. providing leadership and direction in the management of the Company’s Compliance Program.

c. monitoring of AML/ CFT compliance.

3. Management Risk and Investment Committee (MRIC) – is an executive committee responsible for:

a. setting the tone at the top in enforcing and fostering open and receptive attitude towards compliance with the AML/ CFT Policy.

b. ensuring adequate controls are in place to mitigate the identified compliance risks. 

c. dealing with all instances of non-compliance promptly and fairly.

d. ensuring that the Compliance Desk is staffed with experienced and qualified officers, and that all employees of the Company receive appropriate and regular AML/CFT training.

e. reviewing and recommending AML/ CFT Policy changes to the BRAC.

4. Compliance Desk (which sits in the RMD) – shall have the following role:

a. Driving implementation of the Company’s AML/ CFT strategies, policies and procedures via a documented Compliance Program. 

b. Ensuring strict adherence of the Company to the regulatory laws and guidelines on AML/ CFT, including proper KYC and DD procedures during account opening.  

c. Promoting compliance culture across the Company.

d. Ensuring full compliance with all AML/ CFT reporting requirements by coordinating timely and accurate rendition of all statutory returns.

e. Staying abreast with developments AML/ CFT regulatory space and ensuring fill compliance with new regulations and directives. 

5. Internal Audit Department (IAD) – shall have the following role:

a. give assurance to the Board of Directors on the level of compliance with the AML/ CFT Policy through its process of periodic review and assessment.

b. operate independently and make unbiased recommendations. 

c. investigate any incidents of fraud. 

6. All employees:

a. familiarise themselves with the Company’s AML/ CFT Policy.

b. take responsibility for compliance with AML/ CFT laws, rules and standards and their adherence to the Company’s policies, systems and controls. 

c. ensure proper and complete KYC and CDD procedures are carried out where necessary especially during onboarding process for Customers.

d. be tactful in identifying and reporting suspicious transactions / activities using the appropriate reporting lines.

e. demonstrate competence from the knowledge and skills imbibed from AML/CFT compliance trainings.

4. KNOW YOUR CUSTOMER PRINCIPLES

Pilla’s Know Your Customer (KYC) requirements are designed to ensure that the Company understands its customers and their financial dealings, which will in turn help to manage their risks prudently. The KYC Policy incorporates the following four (4) elements:

• Criteria for Accepting Customers

• Customer Identification Procedures

• Risk Management

• Monitoring of Transactions

4.1 Criteria for Accepting Customers

The following criteria for acceptance of customers shall be followed by the Company:

1. no account shall be opened in anonymous, fictitious or pseudo names.

2. parameters of risk perception shall be clearly defined in terms of the nature of business, location of customer and his/her clients, mode of payments, volume of turnover, social and financial status etc. This will enable categorization of customers into Low, Medium and High Risk, which shall be called Level I, Level II and Level III respectively. 

3. average individuals and regulated businesses are regarded as Low Risk (Level I). 

4. corporate entities which are not regulated, but have up to date tax clearance, are regarded as Medium Risk (Level II).

5. customer requiring high level of monitoring are categorized as High Risk (Level III). 

6. where the Company is unable to apply appropriate due diligence measures on an onboarding request, the request shall be turned down.

7. during customer onboarding, necessary checks should be conducted on various sanctions lists to ensure that the identity of the customer does not match those of blacklisted individuals or organizations.

4.2 Customer Identification Procedure

4.2.1 Establishing Identity

Customer identifications means identifying individuals and verifying the identity using reliable and independent documents, such as utility bills or non-documentary sources such as visitation. 

For customers that are individual persons, officers shall obtain sufficient identification data to:

• verify the identity of the customer.

• their address/location

• acceptable means of identification

• recent photograph.

For customers that are legal persons or entities, officers shall:

• verify the legal status of the entity through search at the Corporate Affairs Commission (CAC)

• verify that any person purporting to act on behalf of the legal person/entity is so authorized and identify and verify the identity of the person

• unveil the beneficial ownership control structure of the entity and determine who are the natural persons ultimately controlling the entity.

• verify that the legal entity exists through address/location confirmation.

4.2.2 Documenting Evidence of Identity

For Natural Persons 

Suitable documentary evidence for Nigerian resident individuals includes the following:

For accounts belonging to minors, the following are required:

• name of minor.

• name of parent/guardian.

• birth certificate.

• house address.

•standard documents to verify identity and verify address.

For private individuals not resident in Nigeria and foreign nationals, copies certified by a staff of the embassy, consulate or high commission of the country of issue, or a notary public/court of competent jurisdiction shall be obtained. Separate evidence shall be obtained for the applicant’s permanent residential address from the best available evidence, preferably from an official source. 'A “Post Office Box Number” alone is not accepted as evidence of address. The customer’s residential address shall be such that it can be physically located. 

For Institutions (Corporate Entities)

The term institution includes any entity that is not a natural person. The following information should be obtained from the customer during the onboarding process at a minimum:

• name of institution

• principal place of institution's business operations

• e-mail address. 

• contact telephone.

•tax identification number.

Suitable documentary evidence for corporate entities includes the following:

Note that Section 15 of the CBN AML/CFT Regulations 2013 requires financial institutions to take reasonable steps to verify and unveil the identity of a beneficial owner to the minimum threshold of 5%. The CBN also requires financial institutions to identify directors, signatories and beneficial owners of accounts and details of their BVN linked to the entity account.

In addition, reasonable steps shall be taken to verify the identity and reputation of any agent that opens an account on behalf of corporate clients, if that agent is not an officer of the corporate client. 

Steps in Identifying Beneficial Ownership

• obtain the CAC documents of corporate entities intending to open account

• check the shareholding structure of the company.

• confirm the ultimate beneficial owner (UBO) status of the customer (natural/corporate)

• conduct due diligence on the shareholders with 5% and above shareholding

• where an entity subscribes to the company and has 5% shareholding and above, its incorporation/registration documents should be obtained.

• repeat item 5 above until all individuals linked to the corporate entity are unveiled.

• where there exists a complex structure, call for the CAC documents of the corporate shareholders of the entity.

• unveil the complex structure and ascertain the natural persons controlling the entity.

4.3 Risk Management

The Company shall profile its customers at different phases of the relationship with the customer. The risk to customers shall be assigned on the following basis:

4.3.1 Low Risk (Level I)

Low Risk includes:

1. individuals, other than high net-worth individuals (HNIs)/and politically exposed persons (PEPs), whose identities and sources of wealth can be easily identified and transactions in whose accounts by and large conform to the known profile, e.g., salary earners. 

2. publicly listed companies.

3. regulated financial institutions which are subject to AML/CFT requirements.

4. government departments and agencies, including regulatory and statutory bodies, etc.

Staff must apply CDD on such Customers.

4.3.2 Medium Risk (Level II) 

Medium Risk includes customers that are likely to pose a slightly higher risk to the Company, and include:

1. HNIs.

2. non-resident individuals.

3. offshore companies.

4. companies with high cash turnover who are not regulated or publicly listed.

Staff must apply CDD on such Customers.

4.3.2 High Risk (Level III)

Medium Risk includes customers that pose below average risk to the Company, and include:

1. PEPs

2. customers linked to high-risk countries.

3. customers linked to high-risk business sectors.

4. customers who have unnecessarily complex or opaque beneficial ownership structures (including nominee shareholders)

5. customers who make transactions that are unusual, lack an obvious economic or lawful purpose, or are complex.

6. customers with dubious reputations

7. Trusts, Charities, Non-Governmental Organisations (NGO) and Organizations receiving donations.

8. Bureau De Change operators.

Staff must apply EDD on such Customers.

4.4 Monitoring of Transactions 

Continuous, up-to-date and regular monitoring of customer records and transactions is an essential ingredient of the Pilla AML/ CFT Policy. 

The Company shall monitor customer transactions on a risk-sensitive basis using the following procedures: 

1. determine the high-risk customers and effect appropriate monitoring on such accounts.

2. determine the type of account monitoring to be conducted.

Staff shall pay special attention to all complex, unusually large transactions and all unusual patterns which have no apparent economic or visible lawful purpose.

The following methods should be considered for transaction monitoring:

1. manual monitoring using a pair of eyes – this requires vigilance by staff that processes the transactions, or interfaces with the customer/account. Its effectiveness is enhanced by training and experience. 

2. use of software solutions – software can be deployed for watching and monitoring activities on customer’s transactions.  Focus of transaction monitoring should be on:

• threshold detection - monitoring of transactions beyond a certain threshold.

• suspicious transactions - transactions that are inconsistent with expected behaviour and/or anomalous behaviour.

• possible structuring to beat currency/ transaction reporting thresholds.

• transaction involving frequency that is unjustifiable or unreasonable.

• unusual or unjustified complex transactions.

• transaction having no apparent economic justification or lawful objective.

All Staff are required to report any information which may come to their attention, and which may give rise to knowledge or suspicion of Money Laundering and Terrorist Financing activities in the Bank.

5. CUSTOMER DUE DILIGENCE PROCEDURES

Due Diligence is a process that financial institutions and other organisations use to gather information about their customers and counterparties in order to assess and mitigate risks such as money laundering, financing terrorism, and other illicit activities. The two main forms of Due Diligence are CDD and EDD. The former applies to majority of customers while the latter applies to High Risk customers on a case by case basis. 

The Company shall assign risk rating to customers. In this regard, as a minimum, periodic customer review must be performed in accordance with the following time periods:

• High Risk: on an annual basis.

• Medium Risk: every two (2) years.

• Low Risk: every three (3) years.

5.1 Customer Due Diligence (CDD) 

In Pilla, CDD shall apply to all prospective customers before account or business relationship is established. It shall constitute the first level check on all documents provided to verify and record the identity of prospective customers, as well as additional information about his/ her background, business, and likely level of activity at the Company.  CDD shall be used to verify and record identity of all prospective customers irrespective of the level of risk. KYC and sanctions screening are essential components of CDD. During customer onboarding, necessary checks should be conducted on various sanctions lists to ensure that the identity of the customer does not match those of blacklisted individuals or organizations.  Where perceived risk is low to average, standard CDD should be applied. These include circumstances where the risk of money laundering or terrorism financing is lower, information on the identity of the customer and the beneficial owner of a customer is publicly available or where adequate checks and controls exist elsewhere in national systems, or where the volume transacted in the accounts is considered low. Standard CDD measures shall not apply to a customer whenever there is suspicion of money laundering or terrorist financing or specific higher risk scenarios. In such a circumstance, Customer should be subjected to EDD. 

5.2 Enhanced Due Diligence (EDD)

EDD is a process that has mandated an increased level of monitoring for customers who are considered High Risk. It goes as far as identifying the beneficial owners of entities and understanding their line of business. The Company shall perform EDD for High Risk categories of customer, business relationship or transaction. Staff must apply EDD on High Risk Customers. In addition, the following measures apply relationships with such customers:

• opening of account or continuing relationship with customer that match on a Sanctions List is prohibited.

• account of PEPs and other Level III customers must be approved by an Executive Management Staff 

• such approval is to be given through duly completed and signed EDD form.

The Company shall consider, depending on the on-going relationship whether a risk assessment should be carried out in respect of existing customers. If the Company is satisfied with its existing risk control measures for a particular customer, additional risk assessment may not be considered necessary. Any decision in this regard shall be taken in the context of the overall risks of the Company’s business or events with respect to particular customer’s transactions or business lines that become apparent through monitoring of transactions.

5.3 Inability to Perform Due Diligence

The Company shall not commence any customer relationship if due diligence requirements have not been complied with.  The customer onboarding unit shall not be permitted to open the account, commence business relations or perform the transaction; and the compliance officer is required to render a suspicious transaction report to the NFIU.  Where the Company is unable to apply appropriate due diligence measures on a customer, and the account has already been opened, the account should be placed on post-no-debit (PND) status. Also, credit transactions should not be initiated on such accounts.  In addition, where an AML/CFT offence is established against the Customer, the account should be placed on PND status and credit transactions should not be initiated on such accounts.

5.4 Due Diligence for Existing Customers

Due diligence requirements shall be applied to existing clients on the basis of materiality and risk and to continue to conduct due diligence on such existing relationships at appropriate times. 

The appropriate time to conduct due diligence by companies include when:

• statutory documentation standards change substantially

• transaction of significant value takes place.

• there is a material change in the way that the account is operated.

• the Company becomes aware that it lacks sufficient information about an existing customer. 

5.5 E-mail, SMS and Non-Face-To-Face Transactions

The following shall apply for customers that desire to communicate with the company via e-mail, SMS or any other technologically enabled means:

1. customer’s instructions or mandate will only be accepted from the e-mail or mobile phone details made available to the company at the commencement of the relationship or as advised via official means in the course of the business relationship.

2. shall execute an indemnity to cover the company of any form of loss from relying on such instructions

5.6 Prohibition of Shell Banks

The Company is not allowed to deal or transact with shell banks. These are banks which have no physical presence in any country.  Shell banks are prohibited from operating in Nigeria as provided in BOFIA (the Banks and Other Financial Institutions Act 2004).

6. REPORTING REQUIREMENTS & PRACTICES

6.1 Statutory Reporting Requirements

The Company shall ensure total adherence to the reporting regime of all the Regulatory Authorities as provided in the MLPA 2011 and the CBN AML/CFT Regulation 2013:

The following reporting practices shall be observed in Pilla:

1. the Statutory return on Currency Transaction Report (CTR) Foreign Transaction Report (FTR) and Suspicious Transaction Report (STR) shall be rendered to the Nigerian Financial Intelligence Unit (NFIU) or other designated Agencies in formats as may be prescribed from time to time. 

2. it shall be the responsibility of the Compliance Desk to render such reports in a timely and accurate manner. 

3. the Company shall conduct on-going monitoring of customer accounts and transactions on a risk sensitive basis. It shall report all Suspicious and unusual transaction and shall cooperate fully with the Authorities.

4. designated employees shall co-operate with the Regulators/Law Enforcement Agencies to the extent obliged by law.

5. the Company shall ensure that adequate and effective analysis, processes and procedures are constantly in place to analyse all suspicious and unusual transactions or activity. 

6. all employees who have reported suspicious transactions/ activities are advised not discuss their suspicions with anyone other than their line Manager or Compliance Officers. Failure by employees to report any suspicious transaction or activity relating to money laundering/ terrorism financing is an offence.

7. any suspicion raised must under no circumstances be discussed with the customer as this would constitute tipping off. Tipping off is the disclosure of information to any person that is likely to prejudice an actual or potential investigation into money laundering/ terrorism financing activities and is a criminal offence. 

8. the Company shall ensure that regular training is given to all categories of professional and non-professional staff to facilitate the recognition and reporting of money laundering/ terrorism financing as required by Regulators

6.2 When to File Suspicious Transaction Reports

The Company shall file STR with NFIU when it observes the following indicators, amongst others:

1. accounts opened with the names of the promoters and directors re-occurring in several other accounts in the Company.

2. a dormant account reactivated with an unusually large amount.

3. a dormant account containing a minimal sum that suddenly receives deposit(s) followed by daily withdrawals until the deposited sum has been withdrawn.

4. an account opened in the name of an organization and in which inflows appear higher than the nature of business.

5. the opening of multiple accounts by an individual into which numerous small deposits are made that in aggregate are not commensurate with expected income of the customer.

6. unrealistic business proceeds or unusual inflows compared to customer's business.

7. account opened in the name of an individual that is involved in suspicious activities.

8. large cash deposits or withdrawals made from accounts not normally associated with cash transactions.

9. the deposit or withdrawal of cash in amounts which fall consistently just below reporting thresholds.

10. use of multiple personal and business accounts by an individual. 

11. transactions involving foreign currency exchange that is followed within a short time by transfers from areas of concern.

12. when opening an account, the customer refuses to provide information required or provides information that is misleading or difficult to verify.

6.3 When to File Currency Transaction Reports & Foreign Transaction Reports

The Company shall file CTR and FTR with NFIU when it observes the following indicators, respectively:

local currency transactions exceeding N1 million for Individuals and N5 million for corporate bodies.

foreign currency transactions exceeding $10,000 or its equivalent.

7. RECORDS KEEPING/ PRESERVATION

7.1 Customer Records Keeping

The MLPA 2011 and the CBN AML/CFT Regulation 2013 require financial institutions to maintain adequate records which are appropriate to the nature of the business and that can be used as evidence in any investigations.

At Pilla, customer records maintained should be such that:

1. all KYC and due diligence rules are met.

2. Regulators can assess the effectiveness of the Company’s observance of money laundering/ terrorism financing procedures.

3. all customer transactions can be properly identified and analysed.

4. the Company can satisfy any enquiry from appropriate Authorities or Court orders.

5. all files whether current or old are available in good time to meet any requests for documents.

6. customer files or documents, either current or old, are kept in storage (subject to the Company’s Archiving, Retrieval and Retention of Information/ Records Procedure) and can be made available within two working days of a request. 

7. all hard copy and electronic records of customers used for account opening, including those relating to the evidence of identity must be kept for at least ten (10) years after the relationship with the customer has ended.

8. all customer transaction records, and other correspondences must be appropriately stored in databases, fire-proof cabinets, etc, for at least ten (10) years. 

9. records of all AML/ CFT reports rendered to Authorities are kept at least ten (10) years after filing. 

10. systems shall enable a satisfactory audit trail to establish those accessed such records.

11. the Company must maintain records relating to training and capacity development of its employees on AML/ CFT. ,