ANTI-MONEY LAUNDERING, COMBATING THE FINANCING OF TERRORISM AND COUNTER-PROLIFERATION FINANCING POLICY AML / CFT / CPF POLICY
Effective Date: 1 February 2026 | Document Owner: AMLRO | Version 1.0 | Regulatory Authority: Bank of Ghana / Financial Intelligence Centre (FIC)
1 Purpose And Scope
This Anti-Money Laundering, Combating the Financing of Terrorism, and Counter-Proliferation Financing Policy ("AML/CFT/CPF Policy" or "this Policy") establishes the institutional framework, controls, and procedures that Escrow Africa ("the Company" or "the Institution") must follow to detect, prevent, and report money laundering, terrorist financing, and proliferation financing activities.
Objectives — Comply with the Anti-Money Laundering Act, 2020 (Act 1044), the Financial Intelligence Centre Act, and all related regulations and guidelines issued by the Bank of Ghana and the Financial Intelligence Centre (FIC). Establish clear governance, roles, and responsibilities for AML/CFT/CPF. Implement robust customer due diligence (CDD), enhanced due diligence (EDD), and transaction monitoring controls. Ensure timely identification, assessment, and reporting of suspicious activity to the FIC. Maintain a culture of compliance. Protect the Company’s reputation and licence from regulatory, legal, and reputational risk.
Scope — This Policy applies to all activities of Escrow Africa, including escrow transaction processing, fund management, customer onboarding, and any ancillary services. It applies to all directors, officers, employees, contractors, agents, third-party service providers, and any other person acting on behalf of the Company.
Legal and Regulatory Basis — Anti-Money Laundering Act, 2020 (Act 1044); Financial Intelligence Centre Act, 2002 (Act 658) (as amended); Bank of Ghana AML/CFT Guidelines; FIC Directives and Regulations; Electronic Transactions Act, 2008 (Act 772); any other law, regulation, or guideline issued by the relevant Ghanaian regulatory authority.
2 Governance, Roles And Responsibilities
Board / Senior Management: Approve and oversee this Policy and related procedures; ensure adequate resources for AML/CFT/CPF compliance; review reports on AML risk, compliance performance, internal audits, and regulatory changes; ensure compliance function has sufficient independence.
Compliance / AML Unit (AMLRO): Implement and oversee the AML programme end-to-end; receive, assess, escalate, and report suspicious transactions; liaison with supervisory authorities and the FIC; maintain documentation of all compliance activities and STRs; ensure ongoing staff training. The AMLRO shall have direct access to the Board and authority over compliance resources.
Business and Frontline Units: Perform customer onboarding and verification in compliance with this Policy; monitor transactions and flag suspicious or unusual activity; escalate red flags and control weaknesses promptly.
Independent Review: Periodic independent assessments of AML controls and effectiveness; report findings to Board and senior management; ensure remediation of gaps.
All Employees: Comply with all AML procedures; participate in training; report suspicious or unusual activity internally; maintain confidentiality (tipping-off prohibition).
Third Parties and Service Providers: Where third parties perform KYC, transaction processing, or customer interaction, the Institution will ensure contractual obligations that such parties comply with this Policy, including supervision, audits, and right of termination.
3 Risk-based Approach
Institutional Risk Assessment: Enterprise-wide AML/CFT/CPF risk assessment at least annually and when there is a material change; considers customers, geographies, products, delivery channels, and emerging threats; results documented and reported to the Board.
Customer Risk Assessment: Each customer assigned a risk rating (Low, Medium, or High) at onboarding and reviewed periodically; risk rating drives level of due diligence (Standard CDD or EDD); factors include customer type, country, nature and size of transactions, ownership structure, prior adverse information.
Transaction Risk: Transactions assessed for risk by nature, size, frequency, and profile of parties; automated and manual controls to detect unusual or suspicious patterns; transactions outside normal parameters flagged for review.
4 Customer Due Diligence (cdd)
All customers must be identified and verified before or, in limited circumstances, immediately after entering into a business relationship. No business with anonymous or pseudonymous customers.
Standard CDD — Applied to all customers unless higher risk: full legal name, date of birth/incorporation; government-issued unique identifier (National ID, passport); verification of address; nature and purpose of business relationship; source of funds where practicable; for corporate customers: identification and verification of UBOs holding 25% or more equity or voting rights.
Enhanced Due Diligence (EDD) — Applied where higher risk: High Risk customers; PEPs and close associates and family members; high-risk jurisdictions (FATF or FIC designated); complex, unusually large, or unusual pattern transactions; non-resident or multi-jurisdiction customers. EDD measures: additional identification documents; detailed source of funds and source of wealth; deeper verification of nature and purpose; adverse-media and sanctions screening; enhanced ongoing monitoring; senior management approval for the relationship.
Simplified Due Diligence — Only where permitted by regulation and risk is demonstrably low; rationale documented in each case.
Ongoing Due Diligence — All customer relationships subject to ongoing due diligence. Information reviewed and updated: High Risk — at least annually; Medium Risk — every two years; Low Risk — every three years. Any change in risk profile triggers fresh assessment and, where appropriate, EDD.
5 Transaction Monitoring
Automated Monitoring: Automated systems screen all transactions against predefined rules and typologies; alerts reviewed by trained compliance personnel within defined timeframe; system regularly tested, tuned, and updated.
Manual Monitoring: Frontline staff trained to recognise red flags and suspicious patterns; required to report suspicion to the AMLRO without delay.
Red Flags (illustrative): Transactions inconsistent with customer’s known business or financial profile; unusually large deposits or transfers, particularly in cash or via multiple accounts; transactions involving high-risk jurisdictions with no clear business justification; round-number or structured transactions to avoid reporting thresholds; frequent changes in account details or beneficiaries with no clear reason; customers reluctant to provide information or refuse verification; shell companies or entities with no clear business purpose; multiple customers transacting to/from same third party with no apparent connection.
6 Suspicious Activity Reporting (sar)
Reporting to the FIC is a legal obligation under the Anti-Money Laundering Act, 2020 (Act 1044) and the Financial Intelligence Centre Act.
Obligation to Report — Any employee who knows or suspects that a transaction or activity may constitute money laundering, terrorist financing, or proliferation financing must report it internally to the AMLRO. The AMLRO will assess and, where appropriate, file a Suspicious Transaction Report (STR) with the FIC. The decision to file or not to file an STR will be documented with the rationale.
Tipping Off — It is a criminal offence under Ghanaian law to disclose that an STR has been filed, or to tip off a person who is the subject of a report or investigation. Any employee who suspects tipping off has occurred must report immediately to the AMLRO. Employees must not discuss or communicate any STR matter outside of a strict need-to-know basis.
Confidentiality — All information related to STRs and investigations is strictly confidential. Employees must not use STR information for any purpose other than compliance with AML/CFT/CPF obligations.
Timeframes — Internal reports to the AMLRO without delay upon suspicion. The AMLRO must file an STR with the FIC as soon as practicable and within the timeframes prescribed by applicable law or regulation.
7 Sanctions And Pep Screening
Sanctions Screening: All customers screened against international and domestic sanctions lists (OFAC, EU, UN, Bank of Ghana or FIC designated) at onboarding and on a recurring basis. Any match or potential match escalated immediately to the AMLRO. Where a confirmed match is identified, the Company will freeze the account or suspend the relationship and notify the relevant authority as required by law.
PEP Screening: All customers screened against PEP databases at onboarding and on an ongoing basis. Where a customer is identified as a PEP or close associate/family member of a PEP, the relationship is subject to EDD. Senior management approval required before entering into or continuing a business relationship with a PEP.
Screening Frequency: Real-time screening at onboarding and at the point of each transaction where practicable. Entire customer base re-screened periodically (at least annually).
8 Record Keeping
Records maintained: customer identification and verification documents (CDD files); records of EDD measures; transaction monitoring alerts and outcomes; copies of all STRs filed with the FIC; sanctions and PEP screening results; training delivered and completion rates; annual institutional risk assessment; regulatory correspondence or examination findings.
Retention: All records required by the Anti-Money Laundering Act, 2020 must be retained for a minimum of five (5) years from the date of the transaction or the end of the business relationship, whichever is later. Where a longer retention period is required by any other applicable law, that longer period will apply.
Storage and Security: Records stored securely (physical or electronic); access restricted to authorised personnel on a need-to-know basis; electronic records backed up regularly and protected in accordance with the Company’s Information Security Policy.
9 Training And Awareness
All employees receive AML/CFT/CPF training upon joining and at least once every twelve (12) months thereafter. Training tailored to role and activities. Directors and senior management receive specialist training. AMLRO and Compliance/AML Unit receive advanced and ongoing training. Content must cover: legal and regulatory framework; Company’s Policy and procedures; red flags and typologies; internal and external reporting obligations and tipping-off prohibition; sanctions and PEP screening; consequences of non-compliance. Record of training (dates, topics, attendance, assessment outcomes) maintained; completion rates reported to senior management quarterly.
10 Internal Controls And Audit
Internal Controls: Segregation of duties where practicable; AMLRO conducts regular internal reviews of AML controls, including testing of transaction monitoring, CDD, and reporting; control weaknesses documented and escalated with remediation plan.
Independent Audit: Independent review of the Company’s AML/CFT/CPF framework at least annually; assesses compliance with this Policy, adequacy of controls, effectiveness of training, quality of STR reporting; findings reported to Board and senior management; management required to respond and remediate within defined timeframe.
Regulatory Examination: Full cooperation with any examination by the Bank of Ghana, the FIC, or any other regulatory authority. The AMLRO is the primary point of contact for all regulatory AML matters.
11 Non-compliance And Enforcement
Non-compliance may result in: disciplinary action up to and including termination of employment or contract; referral to law enforcement or regulatory authorities where criminal conduct is suspected; civil or criminal liability including fines and imprisonment under the Anti-Money Laundering Act, 2020; reputational damage. All suspected breaches must be reported to the AMLRO or senior management; investigation conducted promptly; appropriate corrective action taken; findings and actions documented and reported to the Board. Employees who report suspected breaches in good faith are protected from retaliation; anonymous reporting channels available.
12 Policy Review And Update
This Policy is reviewed at least once every twelve (12) months by the AMLRO in consultation with the Compliance/AML Unit, legal counsel, and senior management. The Board approves any material amendments. Ad hoc review triggered by: significant change in business; new or amended legislation, regulation, or guidance; material AML/CFT/CPF incident or breach; findings from independent audit or regulatory examination; changes in threat landscape or high-risk jurisdiction designations. Any change communicated to all relevant staff promptly; acknowledgement of the updated Policy recorded for all employees.
13 Definitions
Money Laundering — The process by which the proceeds of crime or terrorism are made to appear legitimate. See Section 2 of the Anti-Money Laundering Act, 2020 (Act 1044).
Terrorist Financing — The collection or provision of funds with the intention or knowledge that the funds are to be used, in whole or in part, to carry out a terrorist act.
Proliferation Financing — The transfer of funds or assets to support the proliferation of weapons of mass destruction.
Suspicious Transaction — A transaction that raises reasonable suspicion that it may be connected to money laundering, terrorist financing, or proliferation financing.
Customer Due Diligence (CDD) — The process of identifying a customer and verifying that the customer’s identity is genuine using reliable, independent documents or information.
Enhanced Due Diligence (EDD) — Additional measures applied where there is a higher risk of money laundering, terrorist financing, or proliferation financing.
Ultimate Beneficial Owner (UBO) — A natural person who ultimately owns or controls an entity or who benefits from the transaction.
Politically Exposed Person (PEP) — A natural person who holds or has held a prominent public function, as defined by the Bank of Ghana or the FIC.
AMLRO — Anti-Money Laundering Reporting Officer.
FIC — Financial Intelligence Centre of Ghana.
STR — Suspicious Transaction Report.
Tipping Off — The unauthorised disclosure to a person who is the subject of, or connected to, a suspicious transaction report or investigation that such a report has been made.
14 Appendices
Related Policies and Procedures: Data Protection Policy; Information Security Policy; Sanctions Compliance Procedure; STR Procedure; CDD Procedure; Transaction Monitoring Procedure; Employee AML Training Manual; Incident Response and Breach Notification Plan. Key Regulatory References: Anti-Money Laundering Act, 2020 (Act 1044); Financial Intelligence Centre Act, 2002 (Act 658); Bank of Ghana AML/CFT Guidelines; FIC Directives; Electronic Transactions Act, 2008 (Act 772); FATF Recommendations. Version 1.0 — 1 February 2026 — Initial policy creation — Approved by Board of Directors.