Know Your Customer Policy (KYC)

Sendico follows strict customer identification procedures to ensure security and regulatory compliance

October 15, 2025: October 15, 2025

1. 1. Purpose of KYC Policy

The Know Your Customer (KYC) policy is an integral part of our compliance program. It aims to prevent the use of the Sendico platform for money laundering, terrorism financing, and other illegal activities. KYC program objectives: Preventing financial crimes: - Client identification to prevent fraud - Identifying persons connected to money laundering - Detecting terrorism financing attempts - Preventing platform use for illegal activities Regulatory compliance: - Meeting Russian and international legislation requirements - Complying with FATF recommendations - Meeting financial regulator requirements - Fulfilling obligations to partners and payment systems Business protection: - Managing reputational risks - Reducing operational and legal risks - Protection from sanctions and fines - Ensuring business sustainability

2. 2. Identification Requirements

All clients must undergo identification procedures before using our services. We require provision of accurate information and supporting documents. General requirements: Mandatory verification: - All clients without exception must undergo verification - Verification is conducted before using payment services - Absence of verification limits access to platform features Information accuracy: - All provided information must be accurate and current - Documents must be valid at time of provision - Any data changes must be reported immediately Consequences of providing false information: - Immediate termination of platform access - Account and funds blocking - Possible reporting to law enforcement - Impossibility of re-registration Confidentiality: - All provided data is stored securely - Information is used exclusively for verification and compliance purposes - Data access is limited to authorized employees

3. 3. Corporate Clients

For legal entities, we require provision of complete package of incorporation documents and ownership structure information. Required documents: Incorporation documents: - Organization charter (current version) - State registration certificate (or extract from registry) - Tax registration certificate (TIN) - Licenses (if activity requires licensing) Beneficial owner information: - List of all persons owning directly or indirectly more than 25% shares/stakes - Identity documents of beneficial owners - Ownership structure scheme (for complex structures) - Ultimate beneficial owner information Management information: - CEO data - Board/director council member information - Authority documents for persons acting on behalf of company - Copies of executive passports Legal address confirmation: - Premises lease agreement - Registry extract with current address - Utility bill (not older than 3 months) Financial information: - Company activity description - Expected transaction volumes - Sources of funds origin - Financial statements (if necessary)

4. 4. Individual Entrepreneurs

For individual entrepreneurs and self-employed persons, we require documents confirming identity and status. Required documents for individual entrepreneurs: Identity document: - Passport of Russian Federation citizen (main page and registration page) - For foreign citizens: passport and document confirming right to stay in RF Individual entrepreneur registration certificate: - Registration certificate as individual entrepreneur - Registry extract (not older than 3 months) - Tax registration certificate Address confirmation: - Utility bill (not older than 3 months) - Housing lease agreement - Certificate of registration at place of residence Additional information: - Activity type description - Expected turnover - Income sources Required documents for self-employed: Identity document: - Passport of Russian Federation citizen Self-employed status confirmation: - Certificate of registration as self-employment tax payer - Screenshot from "My Tax" application Address confirmation: - One of documents confirming place of residence Activity information: - Description of services provided - Approximate transaction volumes

5. 5. Verification Process

The verification process includes several stages and usually takes from several hours to 3 business days. Verification stages: 1. Initial registration: - Filling registration form on platform - Providing basic contact information - Email and phone confirmation - Account creation 2. Document upload: - Scanning or photographing required documents - Uploading files through secure platform interface - System quality and readability check 3. Automatic verification: - Document format and quality check - Text recognition and data extraction - Compliance check with requirements - Initial sanctions list check 4. Manual verification by specialist: - Detailed analysis of provided documents - Data correspondence check - Client risk assessment - Additional checks if necessary 5. Decision making: - Verification approval - Request for additional documents or information - Verification refusal (with reasons stated) Verification periods: - Standard verification: 1-2 business days - With additional checks needed: up to 3 business days - High-risk client verification: up to 5 business days Notifications: - About document receipt for verification - About verification status - About need to provide additional information - About successful completion or refusal

6. 6. Document Requirements

All provided documents must meet certain quality and currency requirements. Document quality requirements: General requirements: - Documents must be clear and readable - All four corners of document must be visible - Text and photo must be well distinguishable - Blurred, overexposed or dark images not accepted File formats: - Accepted formats: PDF, JPG, PNG - Maximum file size: 10 MB - Resolution: at least 300 DPI for scans - Color images preferred over black and white Unacceptable document types: - Photos from monitor screen or other device - Low-quality photocopies - Documents with watermarks or inscriptions - Edited or modified documents - Documents with covered or retouched parts Currency requirements: Identity documents: - Must be valid at time of provision - Validity period must be at least 6 months Address confirmation: - Not older than 3 months from issuance date - Must contain current address Incorporation documents: - Current version of charter - Registry extracts not older than 3 months Translated documents: - Documents in foreign languages must be translated to Russian - Translation must be notarized - Original and translation provided together

7. 7. Beneficial Owners

We must know the ultimate beneficial owners of all corporate clients in accordance with legislative requirements. Beneficial owner definition: A beneficial owner is a natural person who: - Directly or indirectly owns more than 25% of shares or stakes in charter capital - Has right to dispose of more than 25% of votes in supreme management body - Has ability to control legal entity actions otherwise - Is ultimate recipient of income from legal entity activities Direct and indirect ownership: - Direct ownership: shares/stakes belong to natural person directly - Indirect ownership: ownership through chain of legal entities - Total direct and indirect ownership considered when determining stake size Required beneficiary information: Personal data: - Full name (surname, first name, patronymic) - Date and place of birth - Citizenship - Residence address - Contact information Documents: - Copy of identity document - Residence address confirmation - TIN (if available) Ownership information: - Ownership stake size (in percentages) - Ownership scheme (for indirect ownership) - Documents confirming ownership Special cases: When beneficial owner not identified: - If no person owns more than 25%, sole executive body considered beneficiary - For public companies - requirements may differ Nominal holders: - If shares belong to nominal holder, real owner must be identified - Documentary confirmation of entire ownership chain required

8. 8. Politically Exposed Persons (PEP)

Clients who are politically exposed persons (PEP) or related to them undergo enhanced verification. Who qualifies as PEP: High-ranking government officials: - Heads of state and government - Ministers and their deputies - High-ranking government agency employees - Parliament members Judicial authority: - Supreme court judges - Court chairmen and their deputies Military and law enforcement: - Highest military officers (generals, admirals) - Law enforcement agency heads State-owned companies: - Board members of state corporations - Large state enterprise heads International organizations: - High-ranking international organization officials - Intergovernmental organization governing body members Political parties: - Political party leaders - High-ranking party functionaries PEP-related persons: PEP close relatives: - Spouses - Parents and children - Siblings - Children's spouses PEP close partners: - Persons with joint beneficial ownership with PEP - PEP business partners - Persons acting on behalf of PEP PEP verification specifics: Enhanced verification: - Additional measures to identify sources of funds - Reputation check and negative information presence - In-depth business activity analysis Management approval: - Decision to establish business relationship with PEP made at senior management level - Approval reason documentation Continuous monitoring: - Enhanced monitoring of all transactions - More frequent client information updates - Special attention to unusual operations

9. 9. Ongoing Monitoring

KYC verification is not a one-time procedure. We regularly review client information and may request document updates. Periodic information updates: Regular review: - Low-risk clients: once every 3 years - Medium-risk clients: once every 2 years - High-risk clients: annually - PEP: every 6 months Document update requests: - Client notification about update necessity - List of required documents provided - Deadline for provision (usually 30 days) - Feature limitation upon provision delay Change monitoring: Client obligation to inform about changes: - Address change - Change of manager or beneficial owner - Activity type change - Ownership structure change - Any significant business changes Notification deadline: - Client must report changes within 30 days - Provide supporting documents Data currency verification: - Regular check of open information sources - Media monitoring for negative information - Registry and database checks - Re-check against sanctions lists Triggers for unscheduled review: Unusual activity: - Sharp increase in transaction volume - Change in operation patterns - Transactions not matching client profile Negative information: - Media appearance of information about involvement in illegal activities - Inclusion in sanctions lists - Criminal case initiation Risk level change: - When client risk level increases, unscheduled review conducted - Enhanced verification may be required

10. 10. Risk Classification

Based on KYC information, we assign each client a risk level. This determines information review frequency and transaction monitoring level. Risk levels: Low risk: Client characteristics: - Known, long-operating companies - Transparent ownership structure - Simple business model - Activity in low-risk jurisdictions - Small transaction volumes Procedures: - Standard KYC verification - Regular transaction monitoring - Information update once every 3 years Medium risk: Client characteristics: - New clients without significant history - Medium transaction volumes - Several levels in ownership structure - Activity in multiple jurisdictions Procedures: - Standard KYC verification with additional questions - Increased attention to unusual transactions - Information update once every 2 years High risk: Client characteristics: - Clients from high-risk countries - PEP and related persons - Complex corporate structures - High-risk activity types - Very high transaction volumes - Use of offshore structures Procedures: - Enhanced Due Diligence (EDD) - Management approval - Continuous monitoring of all transactions - Annual information update Factors affecting risk assessment: Geography: - Country of registration/residence - Counterparty countries - Offshore jurisdictions - Sanctioned countries Activity type: - Some activities considered more risky (money transfers, currency exchange, precious metals trade) - Correspondence of stated activity to actual Volumes: - Transaction size and frequency - Volume correspondence to stated business Structure: - Number of ownership levels - Presence of nominal owners - Use of trusts and funds

11. 11. Data Protection

All data and documents provided as part of KYC procedure are stored securely and used exclusively for regulatory compliance purposes. Data protection measures: Technical protection: - Data encryption during transmission and storage - Protected servers with restricted access - Firewalls and intrusion detection systems - Regular backups - Protection from unauthorized access Organizational measures: - Only authorized employees have access to KYC data - Principle of minimum necessary access rights - Confidentiality agreements with employees - Logging of all data actions - Regular security system checks Data usage: Permitted use: - Client identity verification - Risk assessment - Transaction monitoring - Legislative compliance - Providing information to regulatory authorities upon request Prohibited use: - Transfer to third parties without legal basis - Use for marketing purposes without consent - Any use not related to KYC/AML purposes Data storage: - KYC data stored for minimum 5 years after business relationship termination - Upon expiration of storage period, data is securely destroyed Client rights: - Right to access their data - Right to correct inaccurate data - Right to receive copy of data - Other rights according to data protection legislation See our Privacy Policy for more details on personal data protection.

12. 12. Refusal of Service

We reserve the right to refuse service if client does not meet our KYC requirements or presents unacceptable risk level. Grounds for verification refusal: Non-provision of information: - Client does not provide requested information or documents within deadline - Refusal to provide beneficial owner information - Inability to contact client for information clarification Unreliable information: - Providing knowingly false information - Document forgery - Inconsistency of provided data with independent sources - Contradictions in provided information Non-compliance with requirements: - Client on sanctions lists - Connection to prohibited activities - Client from jurisdiction we don't work with - Inability to conduct adequate verification Unacceptable risk level: - Client risk exceeds our risk appetite - Inability to apply adequate risk mitigation measures - Reputational risks for company Refusal procedure: Client notification: - Informing client about refusal decision - Stating general refusal reasons (without disclosing details if it may hinder investigation) - Explaining appeal possibility (if applicable) Funds return: - If client has funds in account, they are returned after fee deduction - Return made same way funds were deposited Documentation: - All refusal decisions documented - Reasons and grounds for decision stated - Documents stored according to legislative requirements Reporting: - If money laundering suspected, report sent to appropriate authorities Appeal: - In certain cases, client may appeal decision - Providing additional information or documents - Re-consideration of application

13. 13. Contact Information

For questions about KYC procedure and verification, contact our support service: Verification and KYC Department Email: kyc@sendico.com Address: Moscow, Russian Federation Phone: +7 (495) XXX-XX-XX Working hours: Monday - Friday: 09:00 - 18:00 (MSK) Saturday - Sunday: days off Average response time: 24 hours on business days For urgent questions: You can contact us through platform support chat (available 24/7 for registered users) We strive to make the verification process as simple and convenient as possible while maintaining high security and regulatory compliance standards.

© 2025 Sendico. October 15, 2025: October 15, 2025

KYC Policy — User Verification | Sendico