KYC & AML Policy | Cupispay

Know Your Customer (KYC) & Anti-Money Laundering (AML) Compliance Framework

Effective Date: September 2025
Version: 1.0
Document Classification: Public
Regulatory Compliance: CBN, EFCC, NFIU Guidelines

1. EXECUTIVE SUMMARY

Cupispay.com (“Cupispay,” “we,” “us,” or “our”) is committed to maintaining the highest standards of regulatory compliance and financial integrity. This KYC & AML Policy establishes our framework for preventing money laundering, terrorist financing, fraud, and other financial crimes across all our services, including bank transfers, airtime/data purchases, cable TV subscriptions, gift card transactions, and cryptocurrency-to-naira exchanges.

Our Mission: To provide secure, compliant, and transparent financial services while protecting our platform, customers, and the Nigerian financial ecosystem from illicit activities.

2. REGULATORY FRAMEWORK & COMPLIANCE

2.1 Applicable Regulations

Central Bank of Nigeria (CBN) Anti-Money Laundering/Combating the Financing of Terrorism (AML/CFT) Regulations 2022
Economic and Financial Crimes Commission (EFCC) Guidelines
Nigerian Financial Intelligence Unit (NFIU) Regulations
CBN Guidelines on Electronic Payment Channels and Merchant Acquiring Services
Data Protection Regulation (NDPR) 2019
Securities and Exchange Commission (SEC) Digital Assets Guidelines

2.2 Regulatory Reporting

We maintain direct reporting relationships with:

Nigerian Financial Intelligence Unit (NFIU)
Central Bank of Nigeria (CBN)
Economic and Financial Crimes Commission (EFCC)

3. CUSTOMER DUE DILIGENCE (CDD) FRAMEWORK

3.1 Customer Risk Categories

TIER 1 – LOW RISK CUSTOMERS

Transaction Limits: ₦50,000 daily / ₦200,000 monthly Services: Basic airtime, data, cable TV subscriptions KYC Requirements:

Phone number verification (OTP)
Email address verification
Basic personal information (name, date of birth)

TIER 2 – MEDIUM RISK CUSTOMERS

Transaction Limits: ₦500,000 daily / ₦2,000,000 monthly Services: All Tier 1 services + bank transfers, gift cards KYC Requirements:

Valid government-issued ID (NIN, Driver’s License, Passport, Voter’s Card)
BVN (Bank Verification Number) verification
Proof of address (utility bill, bank statement – not older than 3 months)
Selfie verification with ID document
Source of funds declaration for transactions above ₦100,000

TIER 3 – HIGH RISK CUSTOMERS

Transaction Limits: ₦2,000,000 daily / ₦10,000,000 monthly Services: All Tier 2 services + cryptocurrency transactions KYC Requirements:

Enhanced due diligence documentation
Detailed source of wealth documentation
Business registration documents (for corporate accounts)
Tax identification number
Additional background verification
Periodic review and re-verification (every 6 months)

TIER 4 – VERY HIGH RISK CUSTOMERS

Transaction Limits: Above ₦2,000,000 daily (case-by-case basis) Services: All services with enhanced monitoring KYC Requirements:

Senior management approval required
Comprehensive background checks
Ongoing enhanced monitoring
Quarterly account reviews
Additional compliance officer verification

3.2 Enhanced Due Diligence (EDD) Triggers

EDD is automatically triggered for:

Politically Exposed Persons (PEPs) and their associates
Customers from high-risk jurisdictions
Cryptocurrency transactions above ₦500,000
Unusual transaction patterns or volumes
Cash-intensive businesses
Money service businesses and bureau de change operators
Non-resident Nigerians with unclear source of funds

4. CUSTOMER ONBOARDING PROCESS

4.1 Digital Onboarding Workflow

Customer Registration → Identity Verification → Document Upload → 
Biometric Verification → Risk Assessment → Account Approval/Rejection → 
Ongoing Monitoring

4.2 Identity Verification Standards

Real-time NIN verification through NIMC database
Document authenticity verification using AI-powered validation
Address verification through utility providers where possible

4.3 Prohibited Customers

We do not provide services to:

Individuals under 18 years of age (except with parental consent for basic services)
Persons on international sanctions lists (OFAC, UN, EU)
Customers on EFCC or other Nigerian law enforcement watch lists
Shell companies or entities with unclear beneficial ownership
Customers who refuse to provide the required KYC documentation
Persons engaged in prohibited activities (gambling, adult services, illegal goods)

5. TRANSACTION MONITORING & SUSPICIOUS ACTIVITY DETECTION

5.1 Automated Monitoring Systems

Our proprietary AML monitoring system flags transactions based on:

Amount-Based Triggers:

Single transactions above ₦1,000,000
Daily cumulative transactions above ₦2,000,000
Monthly cumulative transactions above ₦10,000,000
Cryptocurrency transactions above ₦500,000

Pattern-Based Triggers:

Rapid succession of transactions just below reporting thresholds
Unusual geographic patterns (multiple locations within short timeframes)
High-frequency transactions outside normal customer behavior
Round-number transactions (suggesting potential structuring)
Transactions with high-risk counterparties

Service-Specific Triggers:

Airtime/Data: Bulk purchases followed by immediate resale patterns
Gift Cards: Large volume purchases with immediate liquidation
Crypto: Transactions with privacy coins or high-risk exchanges
Bank Transfers: Rapid movement of funds between multiple accounts

5.2 Manual Review Process

Flagged transactions undergo manual review within:

High Priority Cases: 2 hours
Medium Priority Cases: 24 hours
Low Priority Cases: 72 hours

5.3 Suspicious Transaction Reporting (STR)

We file STRs with NFIU within 7 days for:

Transactions suspected to involve money laundering
Terrorism financing indicators
Fraud or attempted fraud
Unusual customer behavior patterns
Transactions involving sanctioned entities

6. RECORD KEEPING & DATA MANAGEMENT

6.1 Document Retention

Customer KYC Records: 10 years from account closure
Transaction Records: 10 years from the transaction date
Suspicious Activity Reports: 10 years from filing date
Training Records: 5 years
Audit Records: 7 years

6.2 Data Security Standards

End-to-end encryption for all customer data
Multi-factor authentication for access controls
Regular security audits and penetration testing
GDPR and NDPR-compliant data handling
Secure cloud storage with Nigerian data residency requirements

6.3 Data Access Controls

Role-based access to customer information
Audit trails for all data access and modifications
Regular access reviews and privilege management
Segregation of duties for sensitive operations

7. SANCTIONS SCREENING & WATCHLIST MONITORING

7.1 Screening Databases

We screen against:

OFAC Specially Designated Nationals (SDN) List
UN Security Council Consolidated List
EU Consolidated List of Sanctions
UK HM Treasury Sanctions List
EFCC Watch Lists and Nigerian law enforcement databases
Interpol databases
PEP databases (World-Check, Dow Jones)

7.2 Screening Frequency

Real-time: All new customers and transactions
Batch screening: Existing customer base monthly
Ad-hoc screening: Upon sanctions list updates

7.3 Match Resolution Process

Automated screening with configurable match thresholds
Manual review of potential matches within 2 hours
Clear documentation of match resolution decisions
Senior management escalation for confirmed matches

8. TRAINING & AWARENESS PROGRAM

8.1 Employee Training Requirements

New Employee Orientation: Comprehensive AML/KYC training within 30 days
Annual Refresher Training: All employees
Role-Specific Training: Customer service, compliance, and operations teams
Executive Training: Senior management and board members

8.2 Training Content Coverage

Nigerian AML/CFT laws and regulations
Cupispay’s KYC and AML policies and procedures
Red flag identification and escalation procedures
Customer risk assessment techniques
Sanctions screening and monitoring
Record keeping and reporting requirements

8.3 Training Effectiveness Measurement

Pre and post-training assessments
Regular knowledge checks and scenario-based testing
Performance monitoring and feedback
Training completion tracking and certification

9. GOVERNANCE & OVERSIGHT

9.1 Organizational Structure

Chief Compliance Officer (CCO)

Overall AML/KYC program oversight
Regulatory liaison and reporting
Policy development and implementation
Board and executive reporting

AML Compliance Team

Daily transaction monitoring and investigation
Customer due diligence verification
Suspicious activity identification and reporting
Case management and documentation

Independent Audit Function

Annual AML program effectiveness reviews
Policy and procedure compliance testing
Risk assessment validation
Regulatory examination support

9.2 Board and Executive Oversight

Quarterly AML program reports to Board of Directors
Annual risk assessment presentation
Monthly executive briefings on key metrics and issues
Semi-annual policy review and updates

9.3 Independent Testing and Validation

Annual independent AML program audit
Quarterly compliance testing by internal audit
Regular penetration testing of AML systems
Third-party validation of risk assessment methodologies

10. RISK ASSESSMENT METHODOLOGY

10.1 Customer Risk Factors

High Risk Indicators:

PEPs and their family members or close associates
Non-resident customers with unclear Nigerian ties
Cash-intensive businesses (bureau de change, retail, hospitality)
Customers from FATF high-risk jurisdictions
Entities with complex ownership structures
Customers with adverse media or law enforcement attention

Medium Risk Indicators:

New customers with limited transaction history
Customers with frequent changes in personal information
Small businesses with inconsistent transaction patterns
Customers operating in higher-risk industries
Non-face-to-face customer relationships

Low Risk Indicators:

Established customers with consistent transaction patterns
Government employees and established professionals
Customers from low-risk jurisdictions
Long-standing customer relationships with a clear source of funds
Transactions consistent with customer profile and business needs

10.2 Product and Service Risk Assessment

High Risk Services:

Cryptocurrency to Naira exchange
High-value gift card transactions
Business-to-business payment services

Medium Risk Services:

Domestic bank transfers
Bulk airtime and data purchases
Cable TV subscription services
Person-to-person payments

Low Risk Services:

Individual airtime and data top-ups
Utility bill payments
Small-value transactions under ₦10,000

10.3 Geographic Risk Considerations

High Risk Jurisdictions:

Countries on FATF blacklist or greylist
Regions with high levels of corruption or organized crime
Areas with active terrorist financing risks
Jurisdictions with weak AML/CFT frameworks

Enhanced Monitoring Areas within Nigeria:

Border regions with high smuggling activity
Areas with known security challenges
Regions with high cash economy prevalence

11. TECHNOLOGY AND SYSTEMS

11.1 AML Technology Stack

Real-time Transaction Monitoring: AI-powered system with machine learning capabilities
Customer Screening: Automated sanctions and PEP screening
Risk Scoring: Dynamic risk assessment algorithms
Case Management: Comprehensive investigation and documentation platform
Regulatory Reporting: Automated STR generation and filing system

11.2 System Capabilities

Real-time transaction analysis and alerting
Pattern recognition and behavioral analytics
Integration with external databases and watchlists
Comprehensive audit trails and reporting
Mobile and web-based investigation tools

11.3 System Maintenance and Updates

Regular system updates and patches
Continuous rule calibration and optimization
Performance monitoring and capacity planning
Business continuity and disaster recovery procedures

12. CUSTOMER COMMUNICATION AND TRANSPARENCY

12.1 Privacy Notice and Consent

We provide clear and comprehensive information about:

Data collection and processing purposes
Regulatory reporting requirements
Customer rights and obligations
Contact information for compliance inquiries

12.2 Customer Education

Regular communication about AML/CFT requirements
Guidance on transaction limits and documentation needs
Information about suspicious activity indicators
Resources for understanding financial crime prevention

12.3 Complaint Handling

Dedicated compliance contact channels
Clear escalation procedures for AML-related concerns
Timely response to customer inquiries
Documentation and trending of compliance-related feedback

13. BUSINESS CONTINUITY AND INCIDENT RESPONSE

13.1 Business Continuity Planning

Alternative processing procedures during system outages
Manual override capabilities for critical transactions
Communication protocols during emergencies
Recovery time objectives and procedures

13.2 Incident Response Procedures

Immediate containment and assessment protocols
Internal and external notification requirements
Investigation and remediation procedures
Post-incident review and improvement processes

13.3 Regulatory Notification

Timeline for notifying regulators of significant incidents
Documentation and reporting requirements
Coordination with law enforcement when required
Public disclosure considerations and procedures

14. PERFORMANCE METRICS AND KPIs

14.1 Key Performance Indicators

Customer Onboarding: Average time to complete KYC verification
False Positive Rate: Percentage of alerts that do not result in STRs
STR Filing: Timeliness and quality of suspicious transaction reports
Training Compliance: Employee training completion rates
System Uptime: AML system availability and performance metrics

14.2 Management Reporting

Daily operational metrics dashboard
Weekly transaction monitoring summary
Monthly compliance scorecard
Quarterly risk assessment updates
Annual program effectiveness review

14.3 Continuous Improvement

Regular benchmarking against industry best practices
Customer and employee feedback integration
Technology enhancement and optimization
Policy and procedure updates based on lessons learned

15. CONTACT INFORMATION

Customer Support
Email: [email protected]
Phone: +234 806 872 5240
Live Chat: Available on cupispay.com

16. POLICY REVIEW AND UPDATES

This policy is reviewed annually or more frequently as required by:

Changes in applicable laws and regulations
Updates to regulatory guidance
Significant business or operational changes
Results of independent testing or regulatory examinations
Identified deficiencies or improvement opportunities

Next Scheduled Review: September 2026

17. ACKNOWLEDGMENT AND COMPLIANCE CERTIFICATION

By using Cupispay services, customers acknowledge that they:

Understand and agree to comply with our KYC and AML requirements
Will provide accurate and complete information as requested
Consent to ongoing monitoring and reporting as required by law
Understand that non-compliance may result in service restrictions or termination

This document is confidential and proprietary to Cupispay.com. Unauthorized distribution or reproduction is prohibited.