ORAX CORPORATION

Anti-Money Laundering and Counter-Financing of Terrorism Policy

ORAX CORPORATION LLC

Registered Address: Marshall Islands, Majuro, P.C. 9696, Ajeltake Road No. 1

Legal Basis: Marshall Islands Business Corporations Act; Banking Act 1987 (as amended); Anti-Money Laundering Regulations 2002 (as amended 2023); Proceeds of Crime Act; FATF Recommendations; RMI FIU Guidelines.

1. Purpose

This Policy establishes the framework by which ORAX CORPORATION LLC (“Company”) identifies, mitigates, and manages risks associated with money laundering (ML)and terrorist financing (TF) in compliance with the laws and regulations of the Republic of the Marshall Islands (RMI) and applicable international standards.

Objectives:

Ensure full compliance with RMI AML/CFT regulatory framework;
Protect the Company, clients, and stakeholders from illicit financial activity;
Implement robust procedures for client due diligence (CDD), transaction monitoring, and suspicious activity reporting;
Define roles and responsibilities of management, staff, and the AML/CFT Compliance Officer;
Provide training and continuous awareness for employees.

2. Scope

This Policy applies to:

All employees, officers, directors, and contractors of the Company;
All clients and business counterparties;
All Company services, including investment operations, virtual asset services, and related financial activities.

3. Legal and Regulatory Framework

This Policy is based on and implements the following:

Marshall Islands Business Corporations Act – corporate governance framework;
Banking Act 1987 (Sections 1(x), 166 et seq.) – AML/CFT obligations and reporting powers;
Anti-Money Laundering Regulations 2002 (as amended 2023) – procedural AML/CFT measures;
Proceeds of Crime Act – criminalization of ML and asset recovery provisions;
Guidelines of the RMI Financial Intelligence Unit (FIU) and Banking Commission;
United Nations Sanctions and Anti-Terrorism Measures as incorporated into RMI law;
Financial Action Task Force (FATF) Recommendations and Asia/Pacific Group (APG) Guidance.

4. Governance and Responsibilities

The Board of Directors holds ultimate responsibility for AML/CFT compliance and oversight;
The AML/CFT Compliance Officer (AMLCO) manages daily implementation and reporting;
Senior management ensures adequate resourcing, systems, and independent audits of AML controls;
All staff must understand and comply with this Policy; breaches may result in disciplinary and legal action.

5. Risk-Based Approach (RBA)

The Company applies an RBA to identify, assess, and mitigate ML/TF risks:

Enhanced CDD (EDD) for high-risk clients (PEPs, high-risk jurisdictions);
Simplified measures for low-risk clients where permitted;
Ongoing risk assessment of clients, transactions, and jurisdictions;
Dynamic updates to controls based on evolving typologies.

6. Client Due Diligence (CDD)

6.1 General Requirements

Identify and verify all clients prior to business relationship or transaction execution;
Determine and verify Ultimate Beneficial Owners (UBOs) for legal entities;
Monitor for suspicious activity and update client profiles periodically.

6.2 Individual Clients

Required information:

Full name, date of birth, nationality;
Residential address, contact details;
Valid passport or government-issued ID;
Country of residence and tax residency.

6.3 Corporate Clients

Required documentation:

Legal name, incorporation number, date;
Jurisdiction and registered address;
Certificate of Incorporation, Articles of Association;
Register of shareholders, directors, and beneficial owners.

6.4 Verification

CDD must be completed before activation or transaction execution;
Annual review for standard-risk clients; more frequent for high-risk;
Additional verification upon suspicious activity or outdated data.

7. Enhanced Due Diligence (EDD)

7.1 Triggers for EDD

Clients linked to non-FATF-compliant jurisdictions;
Politically Exposed Persons (PEPs) or their associates/family;
Large, complex, or unusual transactions lacking lawful purpose;
Internal risk assessments indicating elevated ML/TF risk.

7.2 EDD Measures

Obtain and verify source of wealth and source of funds;
Increase monitoring frequency and depth;
Request additional documents and senior management approval;
Escalate high-risk cases to AMLCO for review and reporting.

8. Politically Exposed Persons (PEPs)

PEPs include: heads of state/government, senior judiciary, military officials, central bank executives, senior political party officials, and close relatives/associates.

PEP Protocol:

Identify PEP status at onboarding;
Apply full EDD measures;
Obtain senior management approval;
Maintain ongoing enhanced monitoring.

9. Use of Third-Party Agents for CDD

Permitted only with FATF-compliant agents;
Company retains full responsibility and direct access to CDD data;
Written agreements required, defining roles and retention obligations.

10. Monitoring and Reporting of Suspicious Transactions

Continuous monitoring for unusual patterns and behavioral red flags;
Immediate internal reporting to AMLCO upon detection;
AMLCO to assess and, if warranted, file Suspicious Activity Report (SAR) to FIU within statutory deadlines;
Strict prohibition on tipping off clients.

11. Red Flags – Indicators of Suspicious Activity

Examples include:

Conflicting or inconsistent documents/information;
Unjustified secrecy about source of funds;
Transactions inconsistent with client profile;
Attempts to bribe or influence staff;
Connections to sanctioned or high-risk jurisdictions.

12. Country Risk Assessment

Jurisdictions assessed based on UN sanctions, FATF lists, and regulatory advisories;
Reviewed quarterly by the Financial Monitoring Department;
Escalation of high-risk findings to AMLCO.

13. Internal Escalation and SAR Filing

Process:

Employee detects and reports suspicious activity to AMLCO;
AMLCO reviews and documents findings;
SAR filed to RMI FIU via secure channel within 14 days;
Marked CONFIDENTIAL and retained securely for 7 years.

FIU Contact:

Financial Intelligence Unit

Office of the Banking Commission

P.O. Box 597, Majuro, MH 96960

Tel: +692-625-5841 | Email: fiu@rmigovernment.org | https://rmiobc.com/fiu

14. Confidentiality and Data Protection

SAR content strictly confidential; disclosure limited to authorized personnel, FIU, or as required by law;
Good-faith reporters protected from liability;
Secure storage of all AML data in compliance with Banking Act and FIU directives.

15. Record-Keeping

Retention of AML-related records for minimum seven (7) years, including:

CDD/KYC documentation;
Transaction logs and approvals;
Internal suspicious activity reports and investigations;
Training and internal audit records.

16. Training and Awareness

Mandatory training upon onboarding and at least every 2 years (annually for senior management);
Covers typologies, red flags, reporting obligations, and anti-tipping rules;
Training records maintained and reviewed by AMLCO;
Updated upon regulatory changes or risk evolution.

17. Senior Management Oversight

Board ensures adequate systems, controls, and resources;
Active oversight of AML program and periodic independent audits;
Commitment to fostering compliance culture across the Company.

18. Independent Audit and Review

Independent review of AML/CFT program annually;
Audit scope: policy effectiveness, adherence to RMI regulations, and FATF standards;
Findings reported to Board and corrective actions tracked.

19. Enforcement and Penalties

Breaches may lead to disciplinary actions, including termination;
Possible civil/criminal penalties under RMI law;
Reputational and financial consequences for non-compliance.

20. Policy Review and Updates

Reviewed annually or earlier if regulations/business operations change;
Updates approved by Board of Directors and communicated to all employees;
Compliance Officer responsible for maintaining current version and training staff.

Approval

This Policy has been formally adopted by the Board of Directors of ORAX CORPORATION LLC and is effective as of the date of approval.