Anti-Money Laundering and Counter Terrorist Financing Program

1. Purpose and Scope

Finturu LLC and its subsidiaries ("Finturu" or "the Company") maintain a comprehensive Anti-Money Laundering and Counter-Terrorist Financing ("AML/CFT") program designed to prevent the use of its platform for money laundering, terrorist financing, fraud, sanctions evasion, or other forms of financial crime.

This program is designed to align with:

• U.S. Bank Secrecy Act (BSA) principles.
• FinCEN guidance applicable to financial intermediaries and payment platforms.
• Risk-based AML standards commonly adopted by regulated financial institutions.
• Requirements established by sponsor banks and regulated financial partners.

Where financial services are delivered through Banking-as-a-Service infrastructure, Finturu operates in coordination with regulated financial institutions, including Lead Bank (the sponsor bank), as well as program sponsors such as Bridge, which facilitate integration between fintech platforms and sponsor banks.

Finturu's AML program is designed to operate in coordination with these partners while maintaining independent operational compliance controls.

2. Risk-Based AML Framework

Finturu applies a risk-based approach to the identification, assessment, and mitigation of financial crime risk.

Risk assessments consider:

• Merchant industry classification
• Jurisdiction of incorporation and operation
• Ownership structure and beneficial owners
• Nature of goods or services offered
• Expected transaction volumes
• Payment flows and settlement corridors
• Exposure to high-risk jurisdictions or sanctioned entities

Enhanced due diligence may be applied where merchants present elevated risk indicators.

3. Merchant Onboarding and Identity Verification (KYB/KYC)

Finturu performs identity verification procedures for merchants seeking access to its platform.

These procedures are designed to comply with applicable AML and financial institution expectations and include the collection and verification of both business and individual identification information.

3.1 Business Identification Information

During onboarding, Finturu collects information necessary to verify the legal existence and operational legitimacy of merchant entities.

This may include:

• Legal entity name
• Registered business address
• Operational business address
• Incorporation documents
• Corporate registration information
• Business identification numbers (e.g., EIN, VAT or equivalent)
• Trade name or DBA information

This information is verified against official registries, public databases, and compliance screening tools.

3.2 Control Persons and Beneficial Ownership

Finturu collects information relating to individuals who exercise control over the merchant entity or who qualify as beneficial owners.

This may include:

• Full legal name
• Date of birth
• Residential address
• Government-issued identification
• Role within the organization
• Ownership percentage

Beneficial owners holding 25% or more of the entity are identified where applicable, and control persons may be verified where no individual meets that ownership threshold.

3.3 Business Activity and Financial Profile

To understand the nature of merchant operations and detect potential risk indicators, Finturu collects additional information regarding business activity and expected transaction behavior.

This may include:

• Industry classification (NAICS or equivalent)
• Description of products or services
• Target markets and customers
• Merchant website or digital presence
• Purpose of the account
• Expected payment volumes
• Estimated annual revenues
• Source of funds

This information supports risk classification and ongoing monitoring.

4. Sanctions and Screening Controls

Finturu applies screening procedures to identify potential exposure to sanctioned or high-risk entities.

Screening may include:

• Sanctions list screening (OFAC and other applicable lists)
• Politically Exposed Person (PEP) screening
• Adverse media screening
• Jurisdictional risk screening

Screening may be performed during onboarding and periodically throughout the lifecycle of the merchant relationship.

5. Transaction Monitoring and Ongoing Risk Management

Finturu maintains monitoring processes designed to identify potentially suspicious or unusual activity

Monitoring may include:

• Transaction behavior analysis
• Abnormal transaction pattern detection
• Rapid volume increases inconsistent with expected activity
• Unusual geographic payment patterns
• Potential indicators of money laundering or fraud

Monitoring activities may be supported by specialized compliance technologies and internal review processes

Where necessary, activity may be escalated for enhanced investigation.

6. Coordination with Sponsor Banks and Program Sponsors

Finturu operates within a financial services ecosystem that includes regulated sponsor banks and program sponsors operating under Banking-as-a-Service (BaaS) frameworks.

In particular, onboarding and compliance information collected by Finturu may be shared with:

• Program sponsors such as Bridge, which coordinate operational infrastructure between fintech platforms and regulated banks
• Sponsor banks including Lead Bank, which may independently review onboarding information as part of their regulatory obligations

Sponsor banks retain responsibility for certain regulated functions, including customer acceptance decisions, account approvals, and regulatory reporting.

Finturu coordinates with program sponsors and sponsor banks to provide required onboarding documentation, compliance information, and monitoring alerts where appropriate.

7. Escalation and Suspicious Activity Handling

Where potentially suspicious behavior is detected, Finturu may initiate internal investigation procedures.

Such investigations may include:

• Review of transaction history
• Request for additional documentation
• Enhanced due diligence procedures
• Coordination with compliance partners

Where required, relevant information may be escalated to program sponsors or sponsor banks in accordance with contractual obligations and regulatory requirements.

Sponsor banks retain responsibility for regulatory reporting obligations such as suspicious activity reporting where applicable.

8. Security and Compliance Infrastructure

Finturu maintains internal controls designed to protect sensitive financial and personal information and support regulatory compliance.

These controls may include:

• Identity verification procedures
• Role-based access controls
• Encrypted storage and transmission of sensitive data
• Monitoring and audit logging
• Vendor risk management

Finturu also uses specialized compliance monitoring tools and governance frameworks to support internal controls and security oversight.

Compliance monitoring and security posture oversight may be supported by platforms such as Vanta, which assist in maintaining security governance frameworks aligned with industry standards.

9. Recordkeeping and Documentation

Finturu maintains records of onboarding documentation, compliance reviews, monitoring alerts, and investigation outcomes.

Records may be retained in accordance with applicable regulatory expectations and internal compliance policies.

These records may be made available to sponsor banks, program sponsors, or regulatory authorities where required.

10. Program Governance

Finturu's AML/CFT program is subject to periodic review and updates to ensure alignment with evolving regulatory expectations, operational risks, and financial crime typologies.

The Company may update its internal compliance procedures, monitoring tools, and onboarding requirements as necessary to maintain effective financial crime controls.