1. Introduction and Policy Objectives

1.1. Company Name and Scope of Activities
INDICORE RESOURCES LTD (hereinafter referred to as the “Company”), is a legally registered entity with its official address at:
275 New North Road, PMB 3051, London, N1 7AA, England, United Kingdom.
The Company also operates via its official website: https://loomtix.com.
The core business activity of the Company includes the online distribution and sale of digital coupons, promotional codes, gift cards (for brands such as Zara, Adidas, PlayStation, among others), and other related digital services and products.

1.2. Policy Objectives
The primary objectives of this Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) Policy are as follows:
•Ensure full compliance with applicable UK laws and regulations governing AML/CTF, including but not limited to:
•The Proceeds of Crime Act 2002 (POCA)
•The Terrorism Act 2000
•The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017), as amended
Implement a structured and effective system for the identification, assessment, and mitigation of AML/CTF risks, which includes:
• Clear customer identification procedures (Know Your Customer – KYC / Customer Identification Program – CIP).
• A risk-based approach to assessing customers and transactions, incorporating Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) where necessary.
•Defined mechanisms for the detection and reporting of suspicious transactions through the submission of a Suspicious Activity Report (SAR) to relevant UK regulatory authorities.
•Clarify and assign responsibilities within the Company by outlining the duties of management, compliance officers, and employees in maintaining AML/CTF compliance and ensuring adherence to internal policies.

1.3. Scope of Application
This AML/CTF Policy applies universally across all operational divisions and departments of the Company.
It is mandatory for all employees, including permanent staff, contract workers, freelancers, as well as any third parties acting on behalf of the Company within the UK.
In cases where UK regulatory requirements or guidelines—such as those set forth by the Financial Conduct Authority (FCA) or HM Revenue & Customs (HMRC)—impose stricter compliance obligations than the provisions outlined in this policy, the more stringent regulations shall take precedence.

2. Legislative and Regulatory Framework

The Company complies with fundamental UK laws, regulations, and industry guidelines concerning anti-money laundering (AML) and counter-terrorist financing (CTF), including the following:
 • Proceeds of Crime Act 2002 (POCA)
 • Establishes legal definitions for money laundering offenses.
 • Specifies authorities’ powers regarding asset confiscation and civil recovery.
 • Terrorism Act 2000
 • Governs criminal offenses related to the financing of terrorism.
 • Mandates obligations for reporting suspicious activities.
 • Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017), as amended
 • Outlines specific requirements for Customer 
Due Diligence (CDD), monitoring of transactions, record retention, and mandatory reporting of suspicious activities.
 • FCA and HMRC Guidance
 • Regulatory bodies such as the Financial Conduct Authority (FCA) and HM Revenue & Customs (HMRC) issue industry-specific AML/CTF compliance instructions, tailored to various business sectors.
 • JMLSG (Joint Money Laundering Steering Group) Guidance
 • A widely acknowledged set of AML/CTF guidelines formulated by the industry and officially recognized by UK regulatory authorities.
Additional References:
 • FATF (Financial Action Task Force) Recommendations – Internationally recognized AML/CTF standards and best practices.
 • UK GDPR & Data Protection Act 2018 – Regulations governing personal data protection and privacy compliance.
 • EU AML Directives – In cases where the Company is engaged in cross-border activities within the European Union, corresponding EU AML directives may also apply.

3. Terms and Definitions
 Money Laundering: Any activity or attempt to obscure or misrepresent the origin of proceeds derived from criminal activities, making them appear lawful (as defined by the Proceeds of Crime Act 2002 (POCA)).
Terrorist Financing: The collection, provision, or utilization of funds and/or financial assets to facilitate or support terrorist activities or organizations (Terrorism Act 2000).
KYC (Know Your Customer): A set of procedures aimed at verifying a customer’s identity and evaluating their risk profile to prevent illicit activities.
CIP (Customer Identification Program): A structured program designed to authenticate customer identities, encompassing the collection, validation, and verification of essential identification details.
CDD (Customer Due Diligence): A required process involving the verification of a customer’s identity, risk assessment, understanding the nature and purpose of their transactions, and ongoing monitoring of their financial activities.
EDD (Enhanced Due Diligence): An intensified verification process applied to customers and transactions deemed high-risk, involving additional scrutiny and documentation.
PEP (Politically Exposed Person): Individuals currently holding or having recently held significant public positions, including their immediate family members and close business associates, who may pose a higher risk of involvement in financial crimes.
SAR (Suspicious Activity Report): A formal report submitted to the National Crime Agency (NCA) or other competent authorities in cases where a transaction or activity is deemed suspicious and potentially linked to money laundering or terrorist financing.
MLRO (Money Laundering Reporting Officer): A designated individual within the Company responsible for ensuring adherence to AML/CTF regulations, overseeing compliance processes, and reporting suspicious activities.

4. Risk-Based Approach (RBA) Principles

4.1. General Concept
The Company implements a risk-based approach (RBA) to detect and mitigate AML/CTF risks in accordance with the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 (MLR 2017) and other UK regulatory guidelines. The evaluation of risks considers the following key factors:
Customer Type: Identification of different categories of customers, including individuals, corporate entities, and politically exposed persons (PEPs).
Geographical Factors: Assessment of risks associated with jurisdictions that have weak AML controls, ongoing conflicts, or are subject to international sanctions.
Types of Products and Services: Analysis of risk exposure related to financial products and services such as electronic gift cards, discount coupons, and various payment methods (credit/debit cards, e-wallets, cryptocurrencies, etc.).
Distribution Channels: Consideration of risk levels in different sales and transaction channels, including online platforms, affiliate partnerships, and referral-based programs.

4.2. Risk Categories
Low Risk: Customers originating from jurisdictions with stringent regulatory frameworks, utilizing banking services from established financial institutions, possessing well-documented and verifiable sources of income, and conducting transactions that are low in value and consistent over time.
Medium Risk: Customers whose information may be incomplete or less transparent, those engaging in transactions that deviate from typical patterns—such as unusually large one-time purchases—or utilizing certain electronic payment methods that may present a higher risk exposure.
High Risk: Politically Exposed Persons (PEPs), individuals or entities from jurisdictions classified as high-risk or subject to international sanctions, customers involved in disproportionately large financial transactions, those displaying suspicious transaction patterns, or those flagged due to adverse media coverage.

4.3. Regular Review
The Company conducts an annual reassessment of its risk evaluation framework, ensuring that internal policies and documentation remain aligned with MLR 2017, POCA, and other applicable UK regulatory requirements.
Any substantial amendments to legal or regulatory frameworks trigger an immediate review of risk assessment methodologies to maintain compliance and operational integrity.

5. Customer Identification and Verification Procedures (KYC/CIP)

5.1. Collection of Required Information
For Individuals:
Full name, date of birth, and place of birth.
Nationality.
Current residential address.
Valid identification document (such as a passport, UK driver’s license, or national ID card).
Contact information, including phone number and email address.
For Legal Entities:
Official company name, registered office address, and company registration number.
Ownership structure, including details of Ultimate Beneficial Owners (UBOs).
Information on key decision-makers (such as directors and shareholders holding more than 25% of the company’s equity).
Official documentation and extracts from regulatory bodies (such as Companies House or equivalent registries).

5.2. Verification Methods
Conducting cross-referencing of customer-provided data with official records, including governmental registers and credit reference agencies, to validate accuracy and authenticity.
Utilizing electronic verification tools where available to streamline identity confirmation and risk assessment processes.
Requiring notarized copies of documents in cases involving high-risk customers or when remote/online verification methods are not feasible or insufficient to meet due diligence standards.

5.3. Simplified Due Diligence (SDD)
SDD may be implemented when transactions are of low monetary value, occur infrequently, and involve well-regulated financial institutions within the UK/EU that already enforce rigorous anti-money laundering (AML) compliance measures.
The transaction limits must remain within the predefined thresholds established by the Company’s internal policies and in alignment with MLR 2017 requirements.
The Company maintains detailed documentation justifying the application of SDD for qualifying customers, ensuring transparency and regulatory compliance.

5.4. Enhanced Due Diligence (EDD)
EDD is required when indicators of elevated risk or potential compliance concerns are present, including but not limited to:
The customer is identified as a Politically Exposed Person (PEP) or has close associations with a PEP.
The customer originates from a jurisdiction classified as high-risk, subject to international sanctions, or demonstrating weak AML controls.
The transaction volume substantially exceeds the customer’s declared financial profile or typical activity.
The customer is subject to negative media exposure, such as sanctions, criminal investigations, or ongoing legal proceedings.
EDD Measures Include:
Conducting thorough source of funds verification, including examination of bank statements, tax returns, and supporting financial documents.
Requesting additional documentation to substantiate the legitimate purpose of the transaction.
Carrying out detailed interviews with the customer to gather further contextual information.
Obtaining explicit approval from senior management or the MLRO before processing high-risk transactions.

6. Transaction Monitoring and Operational Controls

6.1. General Provisions
The Company integrates automated and semi-automated monitoring systems to track transactions in real-time or at scheduled intervals, allowing for the detection of anomalies and potential compliance risks.
The system is configured to generate alerts whenever a transaction surpasses predefined risk thresholds or exhibits unusual behavioral patterns that may indicate suspicious activity.

6.2. Automatic “Alert” Scenarios
The Company’s monitoring system is designed to detect and flag transactions that may indicate potential money laundering or fraudulent activities. Automatic alerts are triggered in the following scenarios:
Unusually frequent or high-value purchases of gift cards within a short period.
Structured transactions—multiple smaller transactions deliberately conducted to evade identity verification procedures (commonly referred to as smurfing or structuring).
Usage of payment methods linked to high-risk or sanctioned jurisdictions, where AML/CTF controls are weak or insufficient.
Customer activity that contradicts their stated profile, employment status, or financial background, raising concerns regarding the legitimacy of transactions.

6.3. Manual Review of “Suspicious” Alerts
Each alert generated by the automated system is subjected to a detailed review by a Compliance Officer (MLRO), who evaluates the transaction, examines the customer’s history, and may request supporting documentation.
If further analysis substantiates concerns regarding potential money laundering, terrorist financing, or fraud, the MLRO proceeds with filing a Suspicious Activity Report (SAR) with the National Crime Agency (NCA), in full compliance with the Proceeds of Crime Act 2002 (POCA) and applicable UK laws.

7. Reporting Suspicious Transactions (SAR)

7.1. Legislative Requirements
Under the provisions of POCA 2002 and MLR 2017, the Company is legally obligated to report any suspicious transactions or activities to the NCA.
 Timeliness is critical—SARs must be submitted promptly, ensuring compliance with regulatory requirements while preventing potential financial crimes.
Employees must strictly avoid any form of “tipping off” the customer, as doing so is considered an offense under UK law and can result in legal consequences.

7.2. Internal Reporting Procedure
Detection: An employee identifies a transaction that appears unusual or receives an automatic alert from the monitoring system.
Assessment: The Compliance Officer (MLRO) reviews the details, including the customer’s profile and past transactional patterns, to evaluate potential risks.
Decision: If there is a reasonable suspicion of money laundering, terrorist financing, or other financial crime, the MLRO submits a Suspicious Activity Report (SAR) to the NCA.
Confidentiality: Employees are strictly prohibited from informing the customer about the SAR filing, ensuring compliance with AML/CTF secrecy obligations.

8. Roles and Responsibilities

8.1. Company Management
Ensures that the Company remains fully compliant with AML/CTF laws and regulations.
Approves and periodically reviews the AML/CTF strategy, policies, and procedural framework.
Allocates the necessary financial, human, and technological resources to maintain an effective AML compliance system.

8.2. MLRO (Money Laundering Reporting Officer) / Compliance Department
Develops, implements, and continuously updates the Company’s AML/CTF policies and operational guidelines.
Monitors changes in AML/CTF legislation and regulatory requirements, ensuring compliance with evolving UK standards.
Conducts internal compliance audits and evaluates potential risks related to customer transactions.
Reviews suspicious transactions and submits SARs to the NCA where required.
Organizes regular AML training programs to educate employees on compliance requirements and best practices.

8.3. All Employees
Adhere to KYC (Know Your Customer), CIP (Customer Identification Program), CDD (Customer Due Diligence), and EDD (Enhanced Due Diligence) procedures when handling customer interactions.
Promptly report any unusual or suspicious activities to the MLRO or Compliance Officer for further evaluation.
Participate in periodic training sessions to stay informed about UK AML/CTF regulations and compliance obligations.

9. Data Retention and Confidentiality

9.1. Retention Periods
In line with the requirements outlined in the Money Laundering Regulations 2017 (MLR 2017), the Company maintains Know Your Customer (KYC) records and all relevant transaction data for a minimum of five (5) years following the conclusion of a business relationship or the completion of the last recorded transaction.
Where necessary, the retention period may be extended if mandated by UK regulatory authorities or in cases where records are required for ongoing investigations related to financial crime.

9.2. Personal Data Processing
The Company ensures full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 in relation to the collection, handling, and storage of customers’ personal data.
Access to personal data is strictly limited to employees with the necessary authorization, following the “need-to-know” principle, thereby ensuring that sensitive information is handled only by personnel with a legitimate business requirement.

10. Staff Training and Development

10.1. Training Programs
The Company conducts regular training programs that cover AML/CTF regulatory requirements, methods for detecting fraudulent activities, risk mitigation techniques, and an overview of internal compliance procedures.
Training is conducted on a periodic basis (at least once per year) to keep employees informed of updates to regulatory frameworks, best practices, and emerging financial crime threats.

10.2. Target Audiences
New Employees: Introductory sessions covering the fundamental principles of Know Your Customer (KYC), AML (Anti-Money Laundering), and regulatory compliance.
MLRO and Compliance Officers: Specialized, advanced-level courses, participation in professional seminars and conferences, and continuous training on the latest UK regulatory developments in AML/CTF.
Senior Managers and Executives: Comprehensive training focusing on strategic AML/CTF risks, compliance obligations, legal liabilities, and the oversight of internal regulatory frameworks.

11. Internal and External Control, Audit

11.1. Internal Audit
The Company conducts routine internal audits at least once per year to assess the effectiveness of AML/CTF compliance mechanisms.
The scope of internal audits includes:
Reviewing KYC documentation and ensuring due diligence requirements are met.
Evaluating transaction monitoring systems for detecting suspicious activities.
Inspecting Suspicious Activity Report (SAR) logs to verify timely and appropriate filings.
Assessing staff training records to confirm employee participation in compliance programs.

11.2. Independent External Audit
The Company’s senior management may commission an independent external audit or be required by UK regulatory bodies to undergo such a review.
Any findings or deficiencies identified during the external audit are thoroughly reviewed, and the Company implements a corrective action plan to address compliance gaps and strengthen AML/CTF controls.

12. Liability and Sanctions

12.1. Internal Measures
Non-compliance with AML/CTF policies and procedures—such as failure to collect required customer documents or disregarding suspicious transaction alerts—may result in disciplinary actions, which include:
•Formal warnings
•Reprimands
•Employment termination for severe or repeated breaches

12.2. External Consequences
The Financial Conduct Authority (FCA) and HM Revenue & Customs (HMRC) have the authority to impose substantial fines or revoke the Company’s operating license in cases of serious or persistent non-compliance.
Individuals involved in deliberate facilitation of money laundering or terrorist financing may be subject to criminal prosecution under:
• The Proceeds of Crime Act 2002 (POCA)
•The Terrorism Act 2000
•Relevant UK financial crime laws

13. Cooperation with Regulators and Authorities

13.1. Collaboration
The Company commits to full cooperation with UK regulatory bodies, including:
• The Financial Conduct Authority (FCA)
• HM Revenue & Customs (HMRC)
•The National Crime Agency (NCA)
•In cases involving financial crime investigations, the Company provides all required information upon official request, ensuring transparency and compliance with AML/CTF obligations.

13.2. Information Requests
Any official inquiries from UK government agencies must be processed and managed by the MLRO or Compliance Department.
The Company ensures strict adherence to UK GDPR and data protection laws, ensuring that information requests are handled securely and confidentially.

14. Effective Date and Regular Policy Review

14.1. Approval and Effective Date
This policy has been formally approved by the Company’s senior management.
All employees are required to review the policy and provide written (or electronic) confirmation of their understanding and acceptance.
The policy takes immediate effect upon approval.

14.2. Review and Updates
The policy undergoes a mandatory review at least once per year, ensuring that any necessary amendments reflect updates to UK AML/CTF laws and regulations.
Any modifications or amendments to the policy must be officially approved by Company management, and the revised version is considered effective upon issuance.

15. Additional Appendices

The following appendices provide supplementary materials to support the implementation and enforcement of the Company’s AML/CTF policies:
Sample KYC/CDD Forms – Templates for both individual and corporate customers, outlining required information for compliance with KYC/CDD regulations.
Step-by-Step Guide for Employees – A detailed procedural guide for staff members on recognizing potential red flags and properly reporting suspicious transactions.
Sample SAR (Suspicious Activity Report) – A structured template covering formatting requirements, transaction descriptions, and mandatory reporting deadlines to ensure compliance with regulatory expectations.
Sanctions Lists and Official Sources – References to relevant sanction lists, including those issued by HM Treasury, the Office of Financial Sanctions Implementation (OFSI), the United Nations (UN), and the Financial Action Task Force (FATF) for identifying high-risk jurisdictions.
Internal Risk Matrix – A risk assessment framework designed to evaluate customer profiles and transaction patterns, assisting in the categorization of risks based on AML/CTF compliance parameters.

16. Final Provisions

This policy underscores the Company’s unwavering commitment to maintaining high standards of AML/CTF compliance within the United Kingdom. Every member of staff, from front-line employees to senior management, is obligated to uphold the principles outlined in this policy, ensuring that both the Company and its clients are safeguarded against illicit financial activities.
For any clarifications, interpretations, or inquiries regarding this policy, employees should directly contact the Compliance Department or the Company’s management team.

Contact Information
• General Support Email: [email protected]
• Compliance Department Email: [email protected]
Company Details:
INDICORE RESOURCES LTD
275 New North Road, PMB 3051,
London, N1 7AA, England, United Kingdom
https://loomtix.com

Date: 19.03.2025