1. Introduction and Policy Objectives

1.1. Company Name and Scope of Activities
The objective of this Know Your Customer (KYC) Policy (hereinafter referred to as the “Policy”) is to define the fundamental procedures and requirements for identifying and verifying customers, as well as to prevent money laundering and terrorist financing. This Policy applies to all customers using the services provided by INDICORE RESOURCES LTD (hereinafter referred to as the “Company”) through its official platform: https://loomtix.com.

1.2. Policy Objectives
This Policy extends to all customers of the Company, including both individuals and legal entities, as well as the Company’s employees and other authorized parties involved in business operations related to the sale, purchase, or exchange of digital coupons, gift cards, and associated financial services.
Note (UK Context): This Policy is designed to align with UK anti-money laundering (AML) and counter-terrorist financing (CTF) regulations, including:
The Proceeds of Crime Act 2002 (POCA)
The Terrorism Act 2000
The Money Laundering Regulations 2017 (MLR 2017), as amended

1.3. Scope of Application
All employees, business counterparties, and partners associated with the Company are required to comply fully and unconditionally with the provisions set forth in this Policy. Any failure to adhere to the prescribed procedures may result in disciplinary, administrative, or other forms of legal liability under the applicable national legislation and the Company’s internal regulatory framework.

2. Legislative and Regulatory Framework

KYC (Know Your Customer): A structured set of procedures and protocols designed to identify, verify, and assess customers to prevent potential involvement in money laundering, terrorist financing, and fraudulent activities.
AML (Anti-Money Laundering): A comprehensive framework of preventive measures aimed at detecting, mitigating, and eliminating risks associated with money laundering activities.
CTF (Counter-Terrorist Financing): A set of preventive strategies and enforcement mechanisms to combat the financing of terrorist organizations and activities.
Due Diligence: A customer verification process that involves proper risk assessment, identity confirmation, and monitoring to ensure regulatory compliance.
Competent Authority: A governmental or supervisory body responsible for enforcing AML/CTF compliance (e.g., Financial Intelligence Units (FIUs), Central Banks, the Financial Conduct Authority (FCA) in the UK, or other jurisdiction-specific regulators).
GDPR (General Data Protection Regulation): A legal framework (EU Regulation 2016/679) that governs data protection and privacy standards across the European Union. In the United Kingdom, this regulation has been replaced and supplemented by the UK GDPR and the Data Protection Act 2018.

3. Legislative and Regulatory Framework

This policy is formulated based on the following key legal instruments and regulatory standards:

3.1. EU Directives on Anti-Money Laundering and Counter-Terrorist Financing
The Fourth Directive (EU) 2015/849 (4AMLD) – Establishes measures to prevent the use of the financial system for money laundering and terrorist financing.
The Fifth Directive (EU) 2018/843 (5AMLD) – Introduces amendments to 4AMLD, enhancing transparency and strengthening AML measures.
The Sixth Directive (EU) 2018/1673 (6AMLD) – Focuses on combating money laundering through the enforcement of criminal law provisions.

3.2. UK AML/CTF Legislation
Proceeds of Crime Act 2002 (POCA) – Defines money laundering offenses and establishes provisions for asset confiscation and recovery.
Terrorism Act 2000 – Addresses offenses related to terrorist financing and imposes reporting obligations.
Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) – Details requirements for Customer Due Diligence (CDD), reporting obligations, and record-keeping practices.
Guidance issued by the Financial Conduct Authority (FCA) and HM Revenue & Customs (HMRC) – Industry-specific AML/CTF regulatory guidance, applicable depending on the Company’s operational scope.

3.3. Data Protection Regulation
Regulation (EU) 2016/679 (GDPR) – Governs data protection and privacy across EU Member States.
UK GDPR and Data Protection Act 2018 – Establishes personal data processing and protection standards in the United Kingdom.

3.4. FATF Recommendations
International Financial Action Task Force (FATF) guidelines, which outline best practices and global standards in AML/CTF compliance.

3.5. National Legislation
National laws of EU Member States that implement the directives mentioned above.
UK regulatory frameworks, including provisions from the FCA and HMRC, which may be referenced for adherence to best practices and compliance standards.

4. Principles and Objectives of the Policy

4.1. “Know Your Customer” Principle
The Company enforces robust procedures to accurately identify and verify customers, ensuring a thorough understanding of their financial activities. This mitigates AML/CTF risks and enhances regulatory compliance.

4.2. Risk-Based Approach
The Company applies a risk-based verification framework, where customer assessments are conducted according to predefined risk categories. Factors determining risk levels include:
Customer classification (e.g., individuals, corporate entities, politically exposed persons – PEPs).
Geographical risk (customers from high-risk or sanctioned jurisdictions).
Types of products and services offered (e.g., digital assets, high-value transactions).
Distribution channels (e.g., online transactions, affiliate networks).

4.3. Confidentiality
The Company ensures that all personal data collected during the KYC process is handled in strict compliance with applicable data protection laws, including GDPR and UK GDPR/Data Protection Act 2018. Measures are in place to guarantee secure storage, restricted access, and confidentiality of sensitive information.

4.4. Risk Assessment and Management
The Company continuously conducts risk assessments, reviewing operational, customer, and product-based risk factors to ensure compliance with EU and UK AML/CTF regulations. Risk management strategies are regularly updated to reflect evolving regulatory landscapes.

5. Roles and Responsibilities

5.1. Board of Directors / Management
Reviews and formally approves this policy on a periodic basis.
Ensures adequate resources are allocated for the effective implementation and enforcement of the policy.
Maintains compliance with all applicable EU and UK anti-money laundering (AML) and counter-terrorist financing (CTF) regulations.

5.2. Compliance Officer
Oversees the development, execution, and continuous monitoring of the Company’s compliance framework.
Conducts internal audits and employee training sessions to reinforce AML/CTF compliance practices.
Liaises with competent authorities, including financial intelligence units and regulatory bodies such as the FCA in the UK.
Manages the reporting process for suspicious transactions, ensuring full compliance with EU and UK legal obligations for Suspicious Transaction Reports (STRs) and Suspicious Activity Reports (SARs).

5.3. Customer-Facing Employees
Perform customer due diligence (CDD) checks in strict adherence to KYC procedures, which include the collection and verification of identification documents and registration data.
Immediately escalate any detected suspicious activities or transactions to the Compliance Officer for further review.
Ensure full adherence to UK AML laws, including POCA 2002, the Terrorism Act 2000, and the Money Laundering Regulations 2017 (MLR 2017), particularly for transactions involving UK-based clients or business counterparts.

6. KYC Procedures

6.1. Customer Identification Program (CIP)
For individual customers, the Company must collect the following information:
Full name, date of birth, and nationality.
Residential address.
Contact details (phone number, email address).
Copies of official identification documents (e.g., passport, national ID card, driver’s license).
If required, an additional document to verify the residential address (e.g., a recent utility bill or bank statement).
For corporate entities, the required information includes:
Official company name, registration number, and registered business address.
Ownership structure, including identification of Ultimate Beneficial Owners (UBOs).
NInformation about authorized signatories and key company executives (directors, shareholders owning more than 25%).
Certified extracts from government or regulatory business registries (e.g., Companies House in the UK).

6.2. Verification
Validate the accuracy and consistency of customer-provided information and supporting documents.
Utilize independent and trustworthy data sources, such as government databases, electronic identity verification systems, and financial records.
For high-risk customers, conduct Enhanced Due Diligence (EDD) as per EU and UK AML compliance requirements, ensuring deeper scrutiny into their financial and transactional activities.

6.3. Ongoing Review / Data Updates
Regularly update customer information based on a predefined periodic schedule (at least annually for high-risk customers) or when significant changes occur in beneficial ownership structures.
If discrepancies or suspicious factors arise, request additional verification documents and initiate a reassessment of the customer’s risk profile.

7. Risk Segmentation of Customers

7.1. Risk Categories
Low Risk: Customers operating in well-regulated jurisdictions, conducting transparent business activities, maintaining a positive compliance record, and demonstrating consistent and predictable transaction behavior.
Medium Risk: Customers with certain risk factors, such as expanding into new markets or engaging in non-standard financial transactions, but without direct indicators of involvement in money laundering or terrorist financing.
High Risk: Customers associated with high-risk or sanctioned jurisdictions, individuals classified as Politically Exposed Persons (PEPs), entities with non-transparent ownership structures, or transactions displaying unusual or potentially fraudulent activity patterns.

7.2. Enhanced Due Diligence (EDD)
For customers identified as high-risk, the Company enforces Enhanced Due Diligence (EDD) procedures, which include:
Requesting additional supporting documents, such as financial statements and evidence of the source of funds.
Conducting in-depth verification of income sources and capital origins.
Increasing the frequency of transaction monitoring to detect irregular patterns.
Gathering references or performing background checks, including media scans, sanction list screenings, and terrorist financing watchlist reviews.
Ensuring compliance with UK financial sanctions imposed by the Office of Financial Sanctions Implementation (OFSI) under HM Treasury, where applicable for UK-based operations.

8. Transaction Monitoring and Control

8.1. Ongoing Monitoring
The Company implements continuous transaction monitoring to identify anomalies and detect any unusual or potentially suspicious activities. This process ensures that customer transactions align with expected financial behavior and comply with AML/CTF regulations.

8.2. Criteria for Identifying Suspicious Transactions
The following indicators may signal potentially suspicious transactions, triggering further investigation:
Transactions that do not align with the customer’s usual business activity or declared financial profile.
Unusually frequent or large transactions, particularly where no clear economic rationale exists.
Transfers involving high-risk jurisdictions (offshore locations, countries with inadequate AML/CTF controls).
Attempts to withhold required documents or submission of false/inconsistent information.

8.3. Reporting Suspicious Transactions
If an employee identifies a potentially suspicious transaction, they must immediately notify the Compliance Officer, who will assess the case and determine whether a Suspicious Transaction Report (STR) or Suspicious Activity Report (SAR) should be filed with the relevant authorities.
EU Context: STRs are submitted to the respective Financial Intelligence Unit (FIU) of the applicable EU Member State.
UK Context: SARs must be reported to the UK National Crime Agency (NCA), in accordance with the Proceeds of Crime Act 2002, the Money Laundering Regulations 2017, and guidance issued by the Financial Conduct Authority (FCA).

9. Data Storage and Confidentiality

9.1. Retention Period
The Company retains customer identification and verification data for a minimum of five (5) years from the termination of the business relationship or the date of the last recorded transaction, as required by Article 40 of Directive (EU) 2015/849.
In the UK, retention periods must comply with MLR 2017 and regulatory guidance from HMRC and FCA, which typically enforce the five-year minimum but may require extended retention in certain cases.

9.2. Personal Data Protection
The Company ensures full compliance with data protection regulations, including the General Data Protection Regulation (GDPR) (EU Regulation 2016/679) and the UK GDPR/Data Protection Act 2018, depending on jurisdiction.
Implements robust technical and organizational security measures, such as encryption protocols, controlled access systems, and internal information security policies to safeguard sensitive customer data.
Personal data is processed strictly for KYC/AML/CTF purposes and is only used within the legal framework and customer consent requirements, where applicable.

9.3. Confidentiality
Access to customer data is strictly limited to authorized personnel, based on their job functions.
Unauthorized disclosure of information is strictly prohibited and will result in disciplinary action, in accordance with the Company’s internal policies and relevant EU/UK legal provisions.

10. Staff Training and Awareness

10.1. Training Programs
The Company conducts regular training sessions to enhance employees’ understanding of AML/CTF obligations, KYC procedures, and data protection regulations (GDPR/UK GDPR). Training covers:
A comprehensive overview of applicable legal requirements and the Company’s internal AML policies.
Practical case studies illustrating how to identify suspicious transactions.
Internal reporting procedures for notifying compliance personnel of suspicious activities.

10.2. Professional Development
The Compliance Officer and designated staff members are required to undergo ongoing professional training.
Employees participate in specialized seminars, industry workshops, and regulatory conferences to stay informed about the latest developments in EU/UK AML/CTF frameworks and best compliance practices.

11. Policy Management and Review

11.1. Responsibility for Review
The Compliance Officer, in collaboration with senior management, is responsible for periodically reviewing this policy.
Reviews are conducted at least annually or whenever relevant EU/UK laws and regulations are updated.

11.2. Amendments
All changes to the policy must be documented in writing and formally approved by the Company’s senior management before implementation.

12. Measures to Address Violations

12.1. Types of Violations
The following actions constitute violations of the Company’s AML/CTF and KYC compliance policies:
Failure to follow KYC procedures, including incomplete due diligence checks or missing required documentation.
Providing false, misleading, or incomplete customer information.
Neglecting to report suspicious transactions or delaying required STR/SAR filings.

12.2. Liability
Violations of AML/CTF compliance obligations may result in severe consequences, including:
 Internal Disciplinary Actions: Warnings, reprimands, suspension, or termination of employment.
Civil and Administrative Penalties: Regulatory fines and sanctions imposed by authorities.
Criminal Liability in Severe Cases:
Under UK law, individuals or corporate entities involved in intentional money laundering or terrorist financing may face legal consequences under:
The Proceeds of Crime Act 2002 (POCA)
The Terrorism Act 2000
Additionally, companies and individuals may be subject to regulatory fines from the FCA or HMRC for non-compliance with AML/CTF obligations.

13. Final Provisions

13.1. Applicability
This policy is mandatory for all Company departments and employees engaged in customer interaction, business operations, or compliance-related functions.

13.2. Priority of Norms
In the event of conflicts between this policy and applicable EU/UK AML/CTF regulations, the relevant legislative acts shall take precedence.
The Company commits to modifying and aligning this policy to remain in compliance with evolving legal requirements in both jurisdictions.

13.3. Effective Date
This policy becomes effective immediately upon approval by the Company’s senior management.
It remains valid until formally revised and replaced with an updated version.

Appendix A: Contact Information
INDICORE RESOURCES LTD
Registered Address:
275 New North Road, PMB 3051,
London, N1 7AA, England, United Kingdom
Website: https://loomtix.com
Contacts
• General Support Email: [email protected]
• Compliance Department Email: [email protected]

EU Competent Authorities
• National Financial Intelligence Units (FIUs) of respective EU Member States.
• Licensing and supervisory authorities, based on the jurisdiction and business activity of the Company.
UK Competent Authorities
• National Crime Agency (NCA) – Responsible for Suspicious Activity Report (SAR) filings.
• Financial Conduct Authority (FCA) – If the Company falls under its regulatory supervision.
• HM Revenue & Customs (HMRC) – Supervising AML/CTF compliance for specific business sectors.
• Office of Financial Sanctions Implementation (OFSI) (HM Treasury) – Ensuring compliance with UK financial sanctions.

Date: 19.03.2025