AML & KYC Policy

North Crest Group ("North Crest") is the trading name of a group of affiliated companies, each independently authorised and regulated in its own jurisdiction. The website northcrestgroup.com is owned and operated by North Crest Capital Holdings Ltd, registered office Suite 4, Maeva Plaza, Pope Hennessy Street, Port Louis 11328, Mauritius. The entity that contracts with you, and that owes you the obligations described in this policy, depends on your country of residence.

This policy has two pillars of equal weight. The first is our Know-Your-Client (KYC) programme: before you can trade, we must establish who you are, where you live and, where the risk warrants it, where your money comes from. The second is our anti-money-laundering and counter-terrorist-financing (AML/CTF) framework: the controls we operate to detect, deter and report attempts to use our platform to launder the proceeds of crime or to finance terrorism.

Neither pillar is optional, for us or for you. We cannot open an account, accept a deposit or release a withdrawal until the relevant KYC checks are complete, and we will not maintain a relationship with any client who declines to provide the information this policy requires. This document explains what we collect, how we verify it, how we monitor accounts over time, and what happens when activity on an account cannot be explained.

North Crest's AML/CTF framework is aligned with the Recommendations of the Financial Action Task Force (FATF), the international standard-setter for combating money laundering and terrorist financing. The FATF Recommendations inform our risk-based approach, our customer due diligence standards, our record-keeping periods and our suspicious-activity reporting procedures across the group.

In addition to this group-wide framework, each regulated operating entity is subject to, and independently responsible for compliance with, the AML/CTF laws of its home jurisdiction and the rules of its regulator: North Crest Securities (Pty) Ltd is authorised by the Financial Sector Conduct Authority (FSCA) of South Africa under FSP 53197; North Crest Capital Markets Ltd is authorised by the Cyprus Securities and Exchange Commission (CySEC) under licence 412/22; North Crest International Ltd is authorised by the Financial Services Commission (FSC) of Mauritius under licence GB22200851; and North Crest Global Ltd is authorised by the Mwali International Services Authority (MISA) of the Comoros under licence T2023123.

Where local law imposes a stricter requirement than this group policy, the entity concerned applies the stricter standard. Each entity maintains its own appointed compliance function, reports to its own regulator and financial intelligence unit, and applies the customer due diligence rules of its jurisdiction to the clients it contracts with.

Our KYC programme is the front line of this policy. Customer due diligence is not a one-off form-filling exercise: it begins before an account is opened, deepens when risk indicators appear, and continues for as long as the relationship lasts. The programme has three stages — identification, verification and ongoing monitoring — set out below.

Due diligence is applied in proportion to risk. Standard due diligence applies to most retail clients; simplified measures are never applied to the identification of the client itself; and enhanced due diligence applies where the client, their location, their funding or their behaviour presents elevated risk, including where the client is a politically exposed person.

We operate a risk-based approach, as the FATF Recommendations require. Every client is assigned a risk rating at onboarding, derived from factors including: country of residence and citizenship; the jurisdictions involved in funding the account; occupation, business activity and source of funds; expected deposit size and trading pattern; whether the client is a politically exposed person or closely associated with one; and the channel through which the relationship was established.

Risk ratings are not static. They are recalculated when client circumstances change, when monitoring detects unexpected activity, and at periodic review. A higher rating triggers enhanced due diligence, closer monitoring and more frequent document refresh; an unacceptable rating means we decline or exit the relationship.

The group also conducts a business-wide risk assessment, reviewed by senior management, covering the products we offer, the jurisdictions we serve, our client base and our delivery channels. The output of that assessment drives the calibration of our controls, including the thresholds applied in our transaction-monitoring systems.

Every employee is trained to recognise indicators of money laundering and terrorist financing and is required to escalate concerns internally, without delay, to the compliance function of the relevant entity. Internal reports are investigated by appointed compliance officers, who determine whether the activity can be explained or must be reported externally.

Where an entity is required to do so, it files a suspicious activity or suspicious transaction report with the financial intelligence unit or other competent authority of its jurisdiction. Filing decisions rest with the compliance function alone; no employee may decide that a matter is too small, too uncertain or commercially too sensitive to report.

We are prohibited by law from informing a client that a report has been made or that an investigation is under way (tipping off). For this reason, we may be unable to explain why a withdrawal is delayed, an account is restricted or a relationship has been ended. We may also suspend the processing of a transaction while a report is under consideration, where the law requires or permits us to do so.

We retain all records obtained through customer due diligence — identification documents, verification results, risk assessments and account files — together with records of all transactions, for a minimum of five years after the end of the business relationship or the date of the transaction, whichever is later, and for longer where the law of the relevant entity's jurisdiction requires it.

Records are kept in a form that allows individual transactions to be reconstructed and produced promptly in response to lawful requests from regulators, financial intelligence units and law enforcement. Storage and access are subject to the safeguards described in our Privacy Policy; retention for AML/CTF purposes is a legal obligation and takes precedence over a client's request for erasure for the duration of the statutory period.

All employees receive AML/CTF and KYC training on joining and at regular intervals thereafter, with content tailored to their role. Client-facing and operations staff are trained to recognise suspicious behaviour at onboarding and in payment flows; compliance staff receive deeper training on typologies, regulatory developments and reporting obligations; senior management receives training appropriate to its oversight responsibilities.

Training covers, at a minimum: the legal framework applicable to the relevant entity; client identification and verification requirements; recognition of red flags and suspicious patterns; the internal escalation procedure and the prohibition on tipping off; and the personal consequences, including criminal liability, of failing to comply. Completion is tracked and forms part of each employee's record.

North Crest will not, under any circumstances: open or maintain anonymous accounts or accounts in fictitious names; establish or continue a relationship with a shell bank, or with an institution that permits its accounts to be used by shell banks; accept clients from, or process transactions involving, countries and territories subject to applicable comprehensive sanctions; or knowingly facilitate any transaction connected with money laundering, terrorist financing or the proceeds of crime.

We additionally prohibit practices that are common vehicles for the abuse of brokerage accounts: third-party payments — deposits must come from, and withdrawals must return to, a payment method held in the client's own name; cash deposits; the use of an account as a pass-through to move funds without genuine trading activity; and the opening of multiple accounts to circumvent verification or monitoring controls. Withdrawals are returned to the source of the original deposit wherever the payment method allows.

Each North Crest entity cooperates fully with the law enforcement agencies, financial intelligence units and regulators of its jurisdiction — including the FSCA in South Africa, CySEC in Cyprus, the FSC in Mauritius and MISA in the Comoros — in the prevention, detection and investigation of money laundering and terrorist financing.

Cooperation includes responding promptly and completely to lawful requests for information, producing records within statutory deadlines, freezing or blocking accounts and transactions where a competent authority lawfully requires it, and giving effect to court orders and sanctions designations. Where information must be shared between group entities to meet these obligations, it is shared on a confidential basis and in accordance with our Privacy Policy.

This policy is reviewed at least annually by the group compliance function and approved by the senior management of each regulated entity. Reviews take account of changes in the FATF Recommendations, developments in the laws and regulatory expectations of each entity's jurisdiction, the findings of internal and external audits, and lessons drawn from monitoring, investigations and reports filed.

Material changes are communicated to all relevant staff and reflected in the next training cycle. The version published on northcrestgroup.com is the version currently in force.

If you have information about, or suspect, money laundering, terrorist financing or other financial crime connected with a North Crest account or service, contact our compliance team at compliance@northcrestgroup.com. Reports may be made by clients, employees, counterparties or members of the public, and may be made anonymously.

All reports are treated as confidential, are reviewed by the compliance function of the relevant entity, and are escalated to the competent authorities where required. We do not tolerate retaliation against anyone who raises a concern in good faith, whether or not the concern is ultimately substantiated.

For employees, breach of this policy is a serious disciplinary matter that may result in dismissal and — because AML/CTF obligations are personal as well as corporate — may expose the individual to regulatory penalties and criminal prosecution under the laws of the relevant jurisdiction.

For clients, failure to complete due diligence, refusal to provide requested documents, or activity inconsistent with this policy may result in delayed transactions, account restriction, termination of the relationship and, where the law requires, the freezing of funds and the reporting of the matter to the competent authorities. North Crest reserves the right to decline any application, refuse any transaction and close any account where it cannot satisfy itself that this policy is being met, and to do so without giving reasons where providing reasons would amount to tipping off.