Anti-Money Laundering Policy

1. Introduction and Commitment

Echo Novas is committed to preventing money laundering, terrorist financing, and proliferation financing. This Anti-Money Laundering (AML) Policy outlines our approach to compliance with applicable laws and regulations, including the UK Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017), the Proceeds of Crime Act 2002, and the Terrorism Act 2000.

This Policy has been approved by senior management and is proportionate to our business size and nature. Overall responsibility for AML systems and controls is assigned to a director or senior manager.

2. Money Laundering Reporting Officer (MLRO)

In accordance with Regulation 21 of the MLR 2017, we have appointed a nominated officer (Money Laundering Reporting Officer or MLRO). The MLRO is responsible for:

• Receiving internal reports of suspicious activity from staff
• Evaluating whether there is knowledge or suspicion of money laundering or terrorist financing
• Submitting Suspicious Activity Reports (SARs) to the UK National Crime Agency (NCA) where required
• Seeking appropriate consent or defences in relation to reported transactions

The MLRO is senior enough to access relevant customer files and records and makes independent reporting decisions. AML and suspicious activity concerns should be escalated to compliance@echonovas.com.

3. Scope of Our Business

Echo Novas provides digital access products represented by NFTs. Our products represent access rights and entitlements only—they do not hold, store, or represent monetary value. We are a technology platform, not a financial services provider. Payment processing is conducted by regulated third parties (e.g., Stripe, crypto payment providers).

Despite our non-financial nature, we take AML obligations seriously and implement controls proportionate to our risk profile.

4. Risk Assessment (Regulation 18)

We maintain a written, firm-wide risk assessment (FWRA) as required by Regulation 18 of the MLR 2017. This assessment identifies and evaluates the risks of money laundering, terrorist financing, and proliferation financing to which our business is subject. We take into account the UK National Risk Assessment and relevant sectoral guidance.

Our risk assessment considers:

• Customers: Types of customers, including PEPs and their associates, and customer behaviour
• Geographic areas: High-risk third countries, corruption indices, and jurisdictional factors
• Products and services: Digital access products, payment methods (card, crypto), and delivery channels
• Transactions: Transaction size, frequency, and patterns
• Delivery channels: Online, non-face-to-face, and third-party payment flows

The risk assessment is approved by senior management, kept up to date, and forms the basis for our policies, controls, and procedures. It is reviewed regularly.

5. Risk-Based Approach and Due Diligence Levels

We apply controls proportionate to the risks identified in our risk assessment:

• Standard CDD: Applied to most customers and transactions, reflecting our typical risk profile.
• Simplified Due Diligence (SDD): May be applied where the business relationship or transaction presents a low degree of risk (e.g., certain low-value transactions, customers in lower-risk jurisdictions, or where equivalent AML supervision applies). We still identify and verify the customer and monitor for unusual or suspicious activity.
• Enhanced Due Diligence (EDD): Required for higher-risk situations, including PEPs, customers in high-risk third countries, complex or unusual transactions, or where the customer or transaction presents elevated risk. EDD includes additional verification, source of funds/wealth checks, and senior approval where appropriate.

6. Customer Due Diligence (CDD)

We collect and verify customer information as necessary for our services and in accordance with applicable law. Our CDD measures include:

• Identification: We collect email addresses, wallet addresses (where applicable), and transaction-related information. Payment processors conduct their own KYC where required by regulation.
• Verification: We verify identity through email verification and, where applicable, wallet ownership. Third-party payment providers apply additional verification for card and crypto payments.
• Purpose and intended nature: We assess and obtain information on the purpose and intended nature of the business relationship or transaction.
• Beneficial ownership: For corporate customers (body corporates), we take reasonable measures to identify and verify beneficial owners—the natural persons who ultimately own or control the customer. We may consult the UK Companies House register and other beneficial ownership registers where appropriate. This does not apply to listed companies on regulated markets.
• Ongoing Monitoring: We monitor customer activity and transaction patterns for unusual or suspicious behaviour.

7. Sanctions and PEP Screening

We screen customers and transactions against applicable sanctions lists and conduct PEP screening where appropriate. We do not knowingly do business with individuals or entities subject to sanctions or who pose unacceptable AML/CTF risk.

Where screening indicates a match or elevated risk, we will conduct further review and may decline or suspend services.

8. Transaction Monitoring and Complex/Unusual Transactions

We monitor transactions for indicators of suspicious activity, including:

• Unusual transaction patterns or volumes
• Transactions inconsistent with stated purpose or customer profile
• Use of multiple payment methods or wallets in a manner suggesting structuring
• Attempts to avoid identification or verification requirements
• Transactions involving high-risk jurisdictions without clear legitimate purpose

We have procedures to identify and assess complex or unusual transactions that are particularly likely to relate to money laundering or terrorist financing. Such transactions are escalated for review and may require enhanced due diligence or reporting.

9. Suspicious Activity Reporting

Where we identify activity that gives rise to knowledge or suspicion of money laundering or terrorist financing, we will report it to the UK National Crime Agency (NCA) via a Suspicious Activity Report (SAR) as required by law. We will not tip off the subject of the report.

Staff are trained to recognise and escalate potential suspicious activity to the designated compliance contact.

10. Record Keeping

We retain records relating to customer identification, transactions, and AML decisions for at least five years from the end of the business relationship or transaction, in accordance with UK Money Laundering Regulations. Records are stored securely and are accessible for regulatory and law enforcement purposes where required.

11. Staff Training

Personnel with relevant responsibilities receive training on AML obligations, red flags, and internal procedures. Training is updated periodically to reflect regulatory changes and emerging risks.

12. Refusal and Termination

We reserve the right to refuse or terminate services where we are unable to complete required due diligence, where we identify unacceptable AML/CTF risk, or where we are prohibited from doing business by law. We are not obliged to provide reasons for such decisions where doing so would compromise a SAR or legal obligation.

13. Third-Party Reliance

Payment processing and certain verification functions are performed by regulated third parties. We rely on their compliance programmes where appropriate, while maintaining our own oversight and controls for the services we provide.

14. Internal Controls and Communication

We maintain internal controls to ensure compliance with this Policy. Policies and procedures are communicated to relevant staff, and changes are documented and communicated. We monitor compliance with our AML framework and address any gaps identified.

15. Policy Review

This AML Policy is reviewed periodically and updated as necessary to reflect changes in our business, regulation, or risk environment.

16. Contact

For AML or compliance inquiries, or to report concerns:

• AML/Compliance: compliance@echonovas.com
• Legal matters: legal@echonovas.com
• Or through our contact page