AML & KYC Compliance Statement

Last updated: 1 February 2026

1. Policy Statement and Board-Level Commitment

Niyogate Tech Solutions - FZCO (“NiyoGate”) is committed to the prevention of money laundering, terrorist financing, proliferation financing, sanctions evasion, and all forms of financial crime. This commitment is endorsed at board level and applies to every aspect of our operations. Our AML/CFT policy is reviewed and approved by senior management annually, and updated whenever there is a material change in our risk profile, regulatory requirements, or operational scope.

Our designated Money Laundering Reporting Officer (MLRO) has direct reporting authority to senior management and is responsible for overseeing all AML/KYC operations, reviewing and filing suspicious activity reports, and ensuring that our compliance framework remains current with regulatory expectations and emerging typologies.

2. Regulatory Framework Alignment

Our compliance framework is designed to align with international standards and applicable local regulations in every jurisdiction where we operate. The principal frameworks that inform our policies and procedures include:

The Financial Action Task Force (FATF) 40 Recommendations, with particular emphasis on the risk-based approach set out in Recommendation 1 and the customer due diligence requirements in Recommendations 10-12
Applicable anti-money laundering legislation in the UAE, India, Kenya, and Nigeria
United Nations Security Council resolutions relating to sanctions and counter-terrorism financing
Regulatory guidance issued by the central banks and financial intelligence units in our operating jurisdictions (RBI, CBUAE, CBK, CBN)

In addition, our banking partners maintain their own compliance requirements, which we are contractually bound to adhere to. Where a banking partner’s requirements exceed the regulatory minimum, we apply the higher standard.

3. Risk-Based Approach

We adopt the risk-based approach recommended by FATF, which means that the intensity of our due diligence and monitoring measures is proportionate to the assessed risk level of each client, corridor, and transaction type. We do not apply a uniform standard to all clients. Instead, we assess risk across four dimensions:

Customer risk: The nature of the client’s business, ownership structure complexity, geographic presence, and the industries they operate in. Clients with multi-jurisdictional structures, complex ownership chains, or operations in industries with elevated money laundering risk receive enhanced scrutiny.
Geographic risk: The origin and destination countries of funds, assessed against FATF mutual evaluation outcomes, Transparency International’s Corruption Perceptions Index, and our own internal risk classification. Countries on the FATF grey list or black list, or those identified by our banking partners as higher-risk, trigger additional controls.
Product and service risk: The payment methods and corridors used, the availability of real-time monitoring on those rails, and the inherent risk characteristics of each product type.
Transaction risk: Volume, frequency, average transaction size, counterparty concentration, and the consistency of observed activity with the client’s declared business profile.

Risk assessments are conducted at onboarding and reviewed periodically — the frequency depends on the assigned risk rating. Any material change in a client’s transaction pattern, business model, or ownership structure triggers a re-assessment outside the scheduled review cycle.

4. Know Your Business (KYB) and Customer Due Diligence

Every client must complete KYB verification before receiving API credentials or dashboard access. Our standard due diligence process includes:

Verification of the corporate entity against the relevant company registry (or equivalent) in the jurisdiction of incorporation
Collection and verification of incorporation documents (certificate of incorporation, memorandum and articles of association, or equivalent)
Identification and verification of all beneficial owners holding 25% or more of the entity, including cascading through multi-layered ownership structures to the ultimate beneficial owner(s)
Identity verification of at least two directors or authorised signatories, using government-issued photo identification and proof of address
Source of funds declaration — understanding where the money that will flow through the platform originates
Expected transaction profile declaration — estimated volumes, frequency, average size, corridors, and beneficiary types
Business purpose declaration — a clear explanation of why the client needs cross-border payment services and how the payments relate to their underlying commercial activities

4.1 Enhanced Due Diligence

For clients assessed as higher risk, we apply Enhanced Due Diligence (EDD) measures, which may include: more granular source of wealth verification (beyond source of funds), independent verification of the business model through open-source research, obtaining additional references from the client’s banking or professional relationships, more frequent periodic reviews, lower thresholds for transaction monitoring alerts, and senior management approval before activation.

4.2 Ongoing Due Diligence

KYB is not a one-time event. We conduct periodic reviews of all clients — annually for standard-risk clients, more frequently for enhanced-risk clients. Any significant deviation between a client’s actual transaction activity and their declared profile triggers a review. We also re-screen all clients against updated sanctions and PEP lists on an ongoing basis.

5. Sanctions Screening

All clients and all beneficiaries are screened against the following international sanctions lists at onboarding and on every transaction:

OFAC Specially Designated Nationals and Blocked Persons (SDN) List
OFAC Consolidated Sanctions List (including the Sectoral Sanctions Identifications List, the Foreign Sanctions Evaders List, and the Non-SDN Menu-Based Sanctions List)
European Union Consolidated List of Persons, Groups, and Entities Subject to EU Financial Sanctions
United Nations Security Council Consolidated List
United Kingdom HM Treasury Financial Sanctions List

Screening is also performed against locally maintained sanctions lists in each operating jurisdiction. Our screening engine updates list data within hours of a new designation being published by the relevant authority. We do not auto-clear fuzzy or partial matches — every match that exceeds our configured threshold receives manual review by a trained compliance analyst. Confirmed positive matches result in immediate transaction blocking, account suspension, and filing of the required regulatory reports.

6. PEP Screening

We screen for Politically Exposed Persons (PEPs), their immediate family members, and known close associates. PEP screening is performed at onboarding and re-performed on a periodic basis. Where a PEP relationship is identified, Enhanced Due Diligence is applied automatically. This includes senior management approval, enhanced ongoing monitoring with lower alert thresholds, and additional source of wealth verification. PEP status alone does not result in automatic rejection — but it does trigger the additional controls that international best practice and our banking partners require.

7. Transaction Monitoring

Our monitoring system analyses every transaction against a set of rules calibrated to each corridor, client risk profile, and payment type. The monitoring covers:

Velocity anomalies: Unusual spikes in transaction frequency or aggregate value relative to the client’s established baseline
Structuring patterns: Transactions that appear to be deliberately fragmented to stay below reporting thresholds or monitoring triggers
Concentration risk: Repeated payments to the same beneficiary across multiple client accounts, or unusual concentration of payments to a small number of beneficiaries
Counterparty analysis: Payments to or from entities associated with jurisdictions, industries, or individuals that present elevated risk
Profile deviation: Activity that is materially inconsistent with the client’s declared business model and expected transaction profile
Layering indicators: Rapid movement of funds through multiple accounts or corridors with no apparent commercial rationale

Alerts are triaged by the compliance team within defined SLA windows based on severity. Our rule sets are reviewed and recalibrated quarterly, informed by emerging typologies published by FATF, guidance from local financial intelligence units, information shared by our banking partners, and our own operational experience.

8. Suspicious Activity Reporting

Where our monitoring systems or compliance team identify activity that gives rise to a suspicion of money laundering, terrorist financing, or other financial crime, we are obligated to file a Suspicious Activity Report (SAR) or Suspicious Transaction Report (STR) with the relevant financial intelligence unit in the appropriate jurisdiction. The decision to file is made by the MLRO (or their designated deputy) based on a documented assessment of the available information.

We are legally prohibited from informing the client that a report has been filed, or from taking any action that might “tip off” the client to the existence of a suspicion or investigation. This is a criminal prohibition, and we take it seriously. If we suspend or restrict a client’s access in connection with a suspicious activity investigation, we are not obligated to provide the specific reason for the suspension.

9. Record Keeping

We retain all KYB/KYC documentation, transaction records, screening results, monitoring alerts, risk assessment records, and SAR/STR documentation for a minimum of five (5) years from the date of the transaction or the end of the business relationship, whichever is later. Where applicable law requires a longer retention period (up to ten years in certain jurisdictions), we comply with the longer period. Records are stored securely with access restricted to authorised compliance personnel.

10. Staff Training and Awareness

All NiyoGate staff receive AML/CFT awareness training at onboarding and regular refresher training thereafter. Staff in customer-facing and compliance roles receive role-specific training covering transaction monitoring techniques, sanctions screening procedures, suspicious activity identification and escalation, and regulatory updates. Training records are maintained as part of our compliance documentation.

11. Third-Party Reliance and Outsourcing

Where we rely on third-party service providers for elements of our compliance programme (e.g., identity verification, sanctions screening, adverse media monitoring), we remain fully responsible for the quality and completeness of the due diligence performed. We conduct due diligence on our compliance service providers before engagement and monitor their performance on an ongoing basis. Outsourcing arrangements do not transfer our legal obligations under applicable AML legislation.

12. Independent Review and Audit

Our AML/CFT compliance programme is subject to periodic independent review to assess its effectiveness, identify gaps, and recommend improvements. Findings from independent reviews are reported to senior management and tracked to remediation. We also cooperate fully with any audits or inspections conducted by regulatory authorities or our banking partners.

13. Contact

For compliance-related enquiries, including requests related to sanctions screening, KYB verification, or suspicious activity concerns, contact our compliance team at: team@niyogate.com

Niyogate Tech Solutions - FZCO
IFZA Properties, 73 Street, Dubai Silicon Oasis, Dubai
United Arab Emirates