ANTI MONEY-LAUNDERING (AML) POLICY

SECURCAP SECURITIES LIMITED ANTI MONEY-LAUNDERING (AML) POLICY

The objective of KNOW YOUR CUSTOMER (KYC) guidelines is to prevent banks from being used,
intentionally or unintentionally, by criminal elements for money laundering activities. KYC procedures
also enable banks to know/understand their customers and their financial dealings better, which in
turn, help them to manage their risks prudently.

Financial institutions need to implement effective ‘Know-Your-Customer’ (KYC) standards as an
essential part of risk management practices.

A key challenge in implementing sound KYC policies and procedures is how to put in place an effective
approach. The legal and reputation risks are global in nature and as such, it is essential that each
financial institution develop a global risk management program supported by policies that incorporate
KYC standards.

It is important that the adoption of customer acceptance policy and its implementation should not
become too restrictive and must not result in denial of services to general public, especially to those,
who are financially or socially disadvantaged.

The term ‘money laundering activities’ cover not only the criminals who try to launder their ill-gotten
gains, but also the bank/financial institutions and their employees who participate in their
transactions and have knowledge that the property is criminally derived. “Knowledge” includes the
concept of conscious avoidance of knowledge.

DEFINITION OF A CUSTOMER

For the purpose of KYC policy, a customer may be defined as:

• A person or entity that maintains an account and/or has a business relationship with
  Securcap Securities Limited.
• On whose behalf the account is maintained (i.e. the beneficial owner)
• Beneficiaries of transactions conducted by professional intermediaries, such as stock
  brokers, charted accountants, solicitors etc. as permitted under the Law.
• Any person or entity connected with a financial transaction, which can pose significant
  reputation or any other risks to Securcap Securities Limited, for example, a wire transfer or
  issue of high value demand draft as a single transaction.

KYC policy includes the following eight key elements

1. 1. Customer Identification Procedures
2. 2. Monitoring Of Transactions
3. 3. Risk Management
4. 4. Training Program
5. 5. Internal Control System
6. 6. Record Keeping
7. 7. Evaluations of KYC guidelines by internal audit and inspection system; and
8. 8. Duties / responsibilities and accountability

Indicative Guidelines

Accounts of companies and firms

Securcap Securities Limited Compliance Department needs to be vigilant against business entities
being used by individuals as a front for maintaining accounts with banks.

Securcap Securities Limited may examine the control structure of the entity, determine the source of
funds and identify the natural persons who have controlling interest and who comprise the
management. These requirements may be moderated according to the risk perception e.g. in the case
of a public company it will not be necessary to identify all the shareholders.

Customer Identification Procedure (CIP)

CIP can only be carried out on the following stages:

1. While establishing the relationship;
2. While carrying out a financial transaction ;
3. When Securcap Securities Limited has a doubt about the authenticity/veracity or the
   adequacy of the previously obtained customer identification data.

Customer identification means identifying the customer and verifying his/her identity by using
reliable, independent source documents, data or information.

Securcap Securities Limited needs to obtain sufficient information necessary to establish, to its
satisfaction, the identity of each new customer, whether regular or occasional, and the purpose of the
intended nature of banking relationship.

Being satisfied means that Securcap Securities Limited must be able to satisfy the competent
authorities that due diligence was observed based on the risk profile of the customer in compliance
with the extant guidelines in place.

Risk Assessment

An effective KYC program should be put in place by establishing appropriate procedure and ensuring
their effective implementation. It should cover proper management oversight, systems and controls,
segregation of duties, training and other related matters. Responsibility should be explicitly allocated
within the company for ensuring that the company’s policies and procedures are implemented
effectively.

The nature and extent of due diligence will depend on the risk perceived by the Securcap Securities
Limited. Customer profile will be a confidential document and details contained therein shall not be
divulged for cross selling or any other purpose.

Securcap Securities Limited’s internal audit and compliance have an important role in evaluating and
ensuring adherence to the KYC policies and procedures. The compliance function should provide an
independent evaluation of the Securcap Securities Limited’s own policies and procedures, including
legal and regulatory requirements. It should be ensured that the audit machinery is staffed adequately
with individuals who are well versed in such policies and procedures.

Internal inspectors should specifically check and verify the application of KYC procedures at the
branched/offices and comment on the lapses observed in this regard.

Specially Designated Nationals and Sanctioned Parties Screening

All customers are to be screened through various independent risk intelligence databases.

Customer identification

Natural persons

For customers that are natural persons, Securcap Securities Limited should obtain sufficient
identification (passport, ID, government identification, etc.) data to verify the identity of the customer,
his address/location (utility bill, bank statement, etc.) as well as his recent photograph (if possible).

Legal persons

For customers that are legal persons or entities, Securcap Securities Limited should verify the legal
status of the legal person/entity through proper and relevant documents, verify that any person
purporting to act on behalf of the legal person/entity is so authorized and, identify and verify the
identity of that person. Securcap Securities Limited should understand the ownership and control
structure of the customer and determine who are the natural persons who ultimately control the legal
person.

If Securcap Securities Limited decides to accept such accounts, in terms of the customer acceptance
policy, it should take reasonable measures to identify who the beneficial owner(s) is/are.

For new accounts:

KYC procedure should be the key principle for identification of an individual/corporate account. The
customer identification should entail verification through an introductory reference from an existing
account holder/ a person known to the bank or on the basis of documents provided by the customer.

Recordkeeping

All identification documentation and services records shall be kept for a minimum period of no less
than 7 years.

Training

All new employees shall receive anti-money laundering training as part of the mandatory new-hire
training program. All applicable employees are also required to complete AML training annually.
Participation in additional targeted training programs is required for all employees with day to day
AML responsibilities.

Administration

For the purposes of this AML Policy, Securcap Securities Limited shall appoint an AML Compliance
Officer. Securcap Securities Limited’s AML Compliance Officer shall be responsible for the
administration, revision, interpretation, and application of this Policy. The AML Policy will be reviewed
annually and revised as needed.

The duties of the AML Compliance Officer with respect to the AML Policy shall include, but shall not
be limited to, the design and implementation of, as well as, updating the Policy as required; training
of officers and employees; monitoring the compliance of Securcap Securities Limited affiliates,
maintaining necessary and appropriate records; and independent testing of the operation of the
Policy.