Loading...

Main Menu
MilleWallet – Global Anti-Money Laundering & Counter-Terrorist Financing Policy

MilleWallet – Global Anti-Money Laundering & Counter-Terrorist Financing Policy

Group-wide AML/CTF & Sanctions Framework (30-Step Program)

Version: 1.0 • Last update: November 2025Applies to: MilleWallet and all controlled subsidiaries, affiliates and white-label brands.
Note: This document is a global framework. Local legal requirements always prevail in case of conflict.

1. Firm Policy & Global AML/CTF Commitment

MilleWallet strictly prohibits and actively prevents money laundering, terrorist financing and any activity that facilitates crime, including fraud, tax evasion, corruption and sanctions evasion. AML/CTF is treated as a core business priority, not only a regulatory obligation.

  • We shall not knowingly accept, hold, move or process funds or assets derived from criminal activity.
  • We shall not provide services that are used to disguise the origin, ownership or purpose of funds.
  • We shall identify, assess, and mitigate AML/CTF risks associated with products, customers and geographies.
  • We shall fully cooperate with competent authorities and supervisory bodies, subject to legal constraints.

Key legal references (examples, non-exhaustive):
• FATF Recommendations 1, 2 and 10 (risk-based approach, national cooperation, CDD).
• EU: Directive (EU) 2015/849, 2018/843 and 2018/1673 (4AMLD, 5AMLD, 6AMLD).
• US: Bank Secrecy Act (31 U.S.C. §5311 et seq.), USA PATRIOT Act (notably §§311–313, 319(b)).
• France (if applicable): Code monétaire et financier (CMF), art. L.561-1 et suivants.

2. Governance, Roles & Responsibilities

MilleWallet maintains a clear governance structure for AML/CTF, with defined accountability from the Board down to each employee and outsourced service provider.

  • The Board (or equivalent) approves the AML/CTF policy at least annually and oversees its implementation.
  • Senior Management ensures adequate resources, independence and authority for AML/CTF.
  • The Group AML/CTF Officer coordinates the framework across all entities and jurisdictions.
  • Each local entity appoints a Local AML/CTF Compliance Officer (MLRO) where required by law.

Examples: FATF Rec. 18; EU 4AMLD art. 8; BSA implementing regulations 31 C.F.R. §1020/1022/1023.

3. Appointment & Duties of the AML/CTF Compliance Officer (MLRO)

MilleWallet designates a qualified AML/CTF Compliance Officer (“AMLCO” / “MLRO”) at group and, where required, local level.

  • Has sufficient seniority, independence and direct access to the Board / governing body.
  • Oversees AML risk assessment, controls, reporting, and interaction with authorities.
  • Reviews and signs off Suspicious Transaction Reports (STRs/SARs) prior to filing.
  • Coordinates audits, regulatory inspections and remedial actions.
  • Maintains AML/CTF procedures, registers, and evidence of monitoring and training.

Examples: EU 4AMLD art. 8 & 46; national AML laws requiring appointment of a compliance officer.

4. Risk-Based Approach & Enterprise-Wide AML/CTF Risk Assessment

MilleWallet applies a documented risk-based approach (RBA) to AML/CTF, updated at least annually, or following material changes (new products, countries, channels, etc.).

  • Identify inherent risks: customer types, products, services, delivery channels, and geographies.
  • Assess likelihood and impact of ML/TF for each risk factor (e.g., low/medium/high).
  • Evaluate control effectiveness (CDD, monitoring, sanctions, training, etc.).
  • Define residual risk and risk appetite, and implement mitigating measures.

Examples: FATF Rec. 1; EU 4AMLD art. 7–8; UK MLR 2017 reg. 18; various national AML risk-based frameworks.

5. Customer Acceptance Policy & Prohibited Customers

MilleWallet maintains a documented Customer Acceptance Policy (CAP) defining which customers and use-cases are: (i) allowed, (ii) subject to enhanced due diligence, or (iii) strictly prohibited.

  • Prohibited: anonymous or fictitious accounts, shell banks, customers on sanctions lists, known criminals.
  • High-risk: PEPs, high-risk countries, complex corporate structures, virtual asset links, high cash usage.
  • Restricted: certain industries (e.g., gambling, adult content, high-risk crypto, unlicensed MSBs) unless specifically approved.
  • Low-risk: standard salaried individuals in low-risk countries using low-risk products with low limits.

Examples: FATF Rec. 10; EU 4AMLD art. 13–18; prohibition on anonymous accounts (EU 4AMLD art. 10).

6. Customer Identification Program (CIP) & KYC

Prior to entering into a business relationship or executing covered occasional transactions, MilleWallet performs Customer Identification (CIP) and Know-Your-Customer (KYC) checks.

6.1 Required customer information

  • Individuals: full name, date and place of birth, residential address, nationality, ID number.
  • Legal entities: legal name, registration number, registered address, governing law, directors.
  • Purpose and intended nature of the business relationship and source of funds.

6.2 Verification

  • Documentary: government ID, passport, residence permit, company registry extracts, etc.
  • Non-documentary: trusted electronic identity providers, database checks, bank account verification, etc.

Examples: EU 4AMLD art. 13; 31 C.F.R. §1020/1022/1023 (CIP rules); FATF Rec. 10.

7. Beneficial Ownership & Control

MilleWallet identifies and verifies the natural persons who ultimately own or control legal entity customers.

  • Identify any natural person owning directly or indirectly ≥25% of shares or voting rights (or lower, by local law).
  • Identify controlling persons (e.g., senior managing officials) where share ownership is dispersed or opaque.
  • Obtain and record full name, date of birth, address and identification number of each beneficial owner.
  • Verify identity using risk-based methods similar to individual KYC.

Examples: FATF Rec. 10 & 24; EU 4AMLD art. 3(6) & 30; FinCEN CDD Rule, 31 C.F.R. §1010.230.

8. Enhanced Due Diligence (EDD) & High-Risk Relationships

For high-risk customers, products, transactions and geographies, MilleWallet applies Enhanced Due Diligence.

  • Additional information on customer source of funds and source of wealth.
  • More detailed understanding of the business model and expected transaction profile.
  • Senior management approval before onboarding or continuing the relationship.
  • More frequent reviews and tighter monitoring thresholds.

Examples: FATF Rec. 10 & 19; EU 4AMLD art. 18–20; special measures for high-risk third countries.

9. Politically Exposed Persons (PEPs)

MilleWallet identifies and manages Politically Exposed Persons (PEPs) and their close associates and family members in accordance with a risk-based approach.

  • PEP screening at onboarding and regularly during the relationship.
  • EDD for PEPs, including detailed source-of-wealth and source-of-funds information.
  • Senior management approval for establishing or maintaining PEP relationships.
  • Ongoing monitoring of PEP accounts at enhanced frequency.

Examples: FATF Rec. 12; EU 4AMLD art. 20–23; national PEP regulations.

10. Ongoing Monitoring & Transaction Surveillance

MilleWallet monitors customer activity on a continuous basis to ensure that transactions are consistent with our knowledge of the customer and to detect indicators of suspicious activity.

  • Automated and/or manual monitoring scenarios aligned to risk assessment and product design.
  • Threshold-based, behavior-based and pattern-based alerts (e.g., rapid cash-in/cash-out, structuring, unusual cross-border activity).
  • Escalation workflows for investigation and case management.
  • Periodic review of scenarios, thresholds and typologies.

Examples: FATF Rec. 10 & 20; BSA SAR rules 31 C.F.R. §1020/1022/1023.320; EU AMLD provisions on ongoing monitoring.

11. Suspicious Activity Investigation & Reporting (SAR/STR)

Where MilleWallet knows, suspects, or has reasonable grounds to suspect that funds are the proceeds of crime, related to terrorist financing, or otherwise suspicious, we investigate and report in accordance with applicable law.

  • All alerts and concerns are logged and investigated by AML/CTF specialists under the AMLCO’s oversight.
  • Decisions (file SAR/STR, close with rationale, continue monitoring) are documented.
  • Suspicious Activity Reports / Suspicious Transaction Reports are filed with the competent FIU within legal deadlines.
  • Strict confidentiality: no “tipping off” to the customer or third parties, except as permitted by law.

Examples: FATF Rec. 20 & 21; BSA SAR requirements 31 C.F.R. §1010.320; EU 4AMLD art. 33–34; national FIU laws.

12. Record-Keeping & Audit Trail

MilleWallet maintains complete and accurate records to evidence compliance and support investigations.

  • Customer due diligence records for at least 5 years after the end of the relationship (or longer if required locally).
  • Transaction records sufficient to reconstruct individual transactions.
  • SAR/STR documentation, internal investigations and decisions stored securely and access-controlled.
  • Logs of KYC reviews, sanctions checks, training, and system changes.

Examples: FATF Rec. 11; EU 4AMLD art. 40; BSA recordkeeping 31 C.F.R. §1010.410 et seq.

13. Sanctions Compliance & Asset Freezing

MilleWallet complies with all applicable international, regional and national sanctions regimes.

  • Screening of customers, counterparties and transactions against relevant sanctions lists (e.g., UN, EU, OFAC, UK, local).
  • Blocking or rejecting transactions and freezing assets, where required by law.
  • Immediate reporting to competent authorities (e.g., national sanctions authority, FIU) where required.
  • Controls to prevent circumvention, including via third-party accounts or complex structures.

Examples: UN Security Council resolutions; EU sanctions regulations; US OFAC programs; national sanctions laws.

14. Cross-Border Correspondent & Partner Relationships

Where MilleWallet relies on banking partners, payment institutions, or other financial intermediaries, we perform due diligence to ensure their AML/CTF standards are adequate.

  • Risk-based assessment of correspondents and partners, including ownership, supervision, and AML framework.
  • No relationships with shell banks (foreign banks with no physical presence) or their correspondents.
  • Written agreements allocating AML responsibilities and cooperation on information sharing.
  • Periodic review and right to terminate for AML/CTF breaches.

Examples: FATF Rec. 13 & 17; USA PATRIOT Act §312 & §313; EU 4AMLD art. 26–27.

15. Agent, Distributor & Outsourcing Controls

MilleWallet may operate via agents, distributors, or outsourced service providers, but retains ultimate AML/CTF responsibility.

  • Due diligence on all agents and service providers prior to onboarding.
  • Contractual obligations to comply with MilleWallet AML/CTF standards and legal requirements.
  • Right to audit, monitor performance and access records.
  • Training and ongoing oversight proportionate to the agent’s role and risk.

Examples: FATF Rec. 17; EU 4AMLD art. 26; national rules on reliance and outsourcing.

16. Source of Funds & Source of Wealth

For higher-risk relationships and transactions, MilleWallet requires and documents information on source of funds (SoF) and, where appropriate, source of wealth (SoW).

  • SoF: origin of funds involved in a specific transaction (e.g., salary, sale of asset, savings).
  • SoW: description of how the customer acquired overall wealth (e.g., career, business activity, inheritance).
  • Supporting evidence: payslips, tax returns, sale agreements, company accounts, etc., depending on risk.

Examples: FATF Rec. 10 & 12; EU 4AMLD art. 18–20.

17. Product, Channel & Technology Risk Management

MilleWallet evaluates ML/TF risks of each product (e-wallet, card, transfer, invoice tool, etc.) and each channel (mobile, web, API, third-party integrations).

  • Risk assessment before launching new products or features (“new product approval” process).
  • Controls adapted to non-face-to-face onboarding (strong e-KYC, liveness, device fingerprinting).
  • Limits, velocity thresholds and step-up verification for higher-risk behaviors.
  • Cybersecurity and fraud controls integrated with AML monitoring.

Examples: FATF Rec. 15; EU 4AMLD art. 17; national guidelines on fintech and remote onboarding.

18. Cash, Third-Party Deposits & Manual Credits

MilleWallet treats cash and manual deposit mechanisms as high risk. Where local law permits cash-related features, strict controls apply.

  • Clear limits and justification for manual deposits and third-party payments (if allowed at all).
  • Additional verification for large or frequent manual deposits (SoF checks, documentation).
  • Refusal of cash-intensive business models that cannot demonstrate legitimate origin of funds.
  • Monitoring to detect misuse of manual deposits for funnel accounts or layering.

Examples: FATF Rec. 10 & 22; local cash transaction reporting or restriction laws.

19. Structuring, Thresholds & Large Transactions

MilleWallet monitors for attempts to circumvent thresholds (structuring / smurfing) and for unusual large transactions.

  • Detection of multiple small transactions just below limits (e.g., below KYC or reporting thresholds).
  • Aggregation of customer activity across devices, accounts and products where legally permitted.
  • Review and documentation of rationale for large or unusual one-off transactions.

Examples: FATF Rec. 10 & 20; BSA CTR rules (31 C.F.R. §1010.311); national cash/transaction reporting regimes.

20. Fraud, Cybercrime & AML Interplay

Fraud and cybercrime often overlap with money laundering. MilleWallet integrates fraud risk signals into AML monitoring.

  • Shared intelligence between fraud and AML teams, consistent with data-protection laws.
  • Escalation of fraud patterns with ML/TF indicators to AML investigation.
  • Consideration of SAR/STR filing in addition to fraud reports and chargebacks.

Examples: FATF guidance on cyber-enabled crime; national fraud & AML guidance.

21. Terrorist Financing & Proliferation Financing

MilleWallet implements specific controls to prevent and detect terrorist financing (TF) and proliferation financing (PF), beyond generic ML controls.

  • Screening against terrorism and proliferation-related sanctions lists.
  • Monitoring for typologies consistent with TF or PF (charities, NPO misuse, small sums to high-risk areas, etc.).
  • Expedited reporting to relevant authorities for TF/PF suspicions, where legally required.

Examples: FATF Rec. 5–8 & 7; UN TF and proliferation resolutions; EU & national implementation laws.

22. Employee Screening, Training & Awareness

MilleWallet ensures that employees, contractors and key external partners understand AML/CTF obligations and behave with integrity.

  • Pre-employment screening appropriate to the role and local law (e.g., criminal record where allowed).
  • Mandatory AML/CTF & sanctions training at onboarding and at least annually thereafter.
  • Specialized training for high-risk functions (compliance, support, product, IT, agents).
  • Tracking and evidence of training completion; disciplinary action for non-compliance.

Examples: FATF Rec. 18; EU 4AMLD art. 46; national AML provisions on staff training.

23. Whistleblowing & Escalation Channels

MilleWallet provides confidential channels for employees and other stakeholders to report suspected breaches of AML/CTF laws or internal policies.

  • At least one secure and confidential reporting channel (email, hotline, internal tool).
  • Protection against retaliation in accordance with applicable whistleblower protection laws.
  • Documented process for receiving, assessing and responding to reports.

Examples: EU Whistleblower Protection Directive (EU) 2019/1937; national whistleblowing regimes.

24. Data Protection, Confidentiality & Tipping-Off

MilleWallet balances AML/CTF obligations with data-protection and privacy laws.

  • Processing of personal data is limited to what is necessary for AML/CTF and legal obligations.
  • Data subjects are informed of AML processing, subject to exceptions to prevent tipping-off.
  • Access to AML/CTF data is restricted on a need-to-know basis.
  • No disclosure to customers or third parties that a SAR/STR has been filed, except as permitted by law.

Examples: FATF Rec. 2 & 21; EU GDPR (Reg. (EU) 2016/679); EU 4AMLD art. 39 (tipping-off).

25. Independent Testing & Internal Audit

MilleWallet’s AML/CTF program is subject to periodic independent testing.

  • Independent reviews performed by internal audit, external auditors, or qualified third parties.
  • Scope covers governance, risk assessment, KYC, monitoring, reporting, sanctions, training and IT controls.
  • Findings are documented, assigned action owners and deadlines, and tracked to completion.

Examples: FATF Rec. 18; BSA implementing rules for independent testing; national AML supervisory expectations.

26. Regulatory Engagement & Information Requests

MilleWallet cooperates with competent authorities, supervisors and law-enforcement agencies within the limits of applicable laws.

  • Timely and accurate responses to formal information requests, subpoenas and on-site inspections.
  • Procedures for legal review and secure transmission of requested data.
  • Documentation of all significant regulatory interactions and remedial actions.

Examples: FATF Rec. 40; various national supervisory laws (e.g., France CMF, US securities/banking laws, etc.).

27. Group-Wide AML Standards & Local Implementation

This policy defines MilleWallet’s minimum group-wide AML/CTF standard. Local entities must implement this standard and any stricter local legal requirements.

  • Local addenda can specify stricter measures where required by law or risk.
  • No local entity may apply standards lower than this global policy, unless required by mandatory local law and approved by Group AMLCO.
  • In case of conflict, the stricter rule (law or policy) applies, subject to legal advice.

Examples: FATF guidance on groups and cross-border operations; EU 4AMLD art. 45; national group AML rules.

28. Policy Maintenance, Change Management & Versioning

MilleWallet reviews and updates this AML/CTF policy regularly.

  • Comprehensive review at least annually, or sooner if triggered by new products, risk assessments or legal changes.
  • Formal change-management process with version control and Board or senior management approval.
  • Communication of material changes to all relevant staff, partners and agents.

Examples: FATF Rec. 1 & 18; general governance requirements in national AML frameworks.

29. Breach Management, Disciplinary Measures & Remediation

Non-compliance with AML/CTF obligations is taken seriously and may result in disciplinary action.

  • Documented procedures for identifying, investigating and remediating internal breaches of AML policies.
  • Corrective actions may include process changes, retraining, systems improvements, and disciplinary measures.
  • Where required, self-reporting to regulators or FIUs of material breaches or control failures.

Examples: National AML and banking/financial services laws on organizational requirements and sanctions.

30. Effective Date & Acknowledgement

This policy becomes effective on the date approved by the MilleWallet Board (or equivalent governing body).

  • All employees and relevant third parties must acknowledge that they have read and understood this policy.
  • Local management is responsible for ensuring operational procedures are aligned with this framework.
  • Questions about interpretation or application should be directed to the AML/CTF Compliance Officer.

This global AML/CTF policy is intended as a high-level framework. It must be read together with local legal requirements, internal procedures, and product-specific guidelines. This document does not constitute legal advice; local legal counsel should review and adapt it before formal adoption.