Anti Money Laundering Policy

Last Updated:

1. Purpose

This Anti-Money Laundering and Counter-Terrorist Financing Policy (“Policy”) sets out how VistaPay Limited (“VistaPay”, “we”, “our”, or “us”) seeks to prevent its Services from being used for money laundering, terrorist financing, or other financial crime.

VistaPay is committed to full compliance with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (as amended), the Proceeds of Crime Act 2002, the Terrorism Act 2000, and other applicable UK laws and regulations.

2. Scope

This Policy applies to:

  • All employees, officers, contractors, and agents of VistaPay.

  • All customers (merchants, charities, businesses, and partners) using our payment services.

  • All transactions processed through the VistaPay platform.

3. Our Commitment

VistaPay will:

  • Maintain robust systems and controls to detect and prevent money laundering and terrorist financing.

  • Carry out risk-based customer due diligence (CDD) and ongoing monitoring.

  • Report suspicious activity to the National Crime Agency (NCA) via Suspicious Activity Reports (SARs).

  • Provide training and guidance to staff on AML/CTF responsibilities.

  • Cooperate fully with regulators, law enforcement, and other authorities.

4. Roles and Responsibilities

  • Board of Directors: has overall responsibility for AML/CTF compliance.

  • Money Laundering Reporting Officer (MLRO): a senior manager appointed to oversee compliance, review suspicious activity, and file SARs.

  • All Staff: must remain vigilant, follow procedures, and report any suspicions promptly to the MLRO.

5. Risk-Based Approach

VistaPay applies a risk-based approach to AML/CTF compliance, assessing the risk of customers, transactions, geographies, and products. Enhanced measures are applied where risks are higher.

6. Customer Due Diligence (CDD)

We will verify the identity of all customers before providing Services. This may include:

  • Collecting personal and business identification documents (passport, driving licence, utility bill, certificate of incorporation, charity registration).

  • Verifying beneficial ownership of businesses and charities.

  • Screening against sanctions lists, politically exposed persons (PEPs), and adverse media.

Enhanced Due Diligence (EDD)

Where higher risk is identified (e.g., PEPs, high-risk jurisdictions, unusual transaction patterns), VistaPay will apply additional checks and monitoring.

7. Ongoing Monitoring

VistaPay will:

  • Monitor transactions for unusual or suspicious activity.

  • Apply automated and manual checks to detect patterns indicative of money laundering or terrorist financing.

  • Review customer information regularly to ensure it remains accurate and up to date.

8. Suspicious Activity Reporting

  • Staff must report suspicions immediately to the MLRO.

  • The MLRO will assess whether to file a Suspicious Activity Report (SAR) with the NCA.

  • Customers will not be notified if a SAR is filed (to avoid “tipping off”).

9. Record Keeping

VistaPay will retain:

  • Customer due diligence records for at least 5 years after the relationship ends.

  • Transaction records for at least 5 years after completion.

  • SAR records and related internal reports in line with regulatory requirements.

10. Training

VistaPay will provide regular AML/CTF training to all relevant employees covering:

  • Legal and regulatory obligations.

  • Recognising suspicious activity.

  • Internal reporting procedures.

  • Consequences of non-compliance.

11. Review

This Policy will be reviewed annually or sooner if there are material changes in legislation, regulation, or the business model of VistaPay.

12. Approval

This Policy has been approved by the Board of Directors of VistaPay Limited.

Signed:
Syed Ahmad
Director, VistaPay Limited

Date: 9 September 2025