Introduction

MishTranzact is committed to conducting business with integrity and in compliance with all applicable laws and regulations related to Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF). This policy sets out the framework and procedures designed to prevent the misuse of MishTranzact’s services for money laundering, terrorism financing, or other illegal financial activities.

Money laundering involves the process of concealing the origins of illegally obtained money, typically by means of transfers involving foreign banks or legitimate businesses. Given that MishTranzact offers billing and workforce management services to SMEs and startups, we acknowledge that our systems could be targeted by illicit actors seeking to obscure financial trails. Hence, we maintain robust controls to identify, mitigate, and report suspicious activities.

Regulatory Framework

This AML Policy is developed in compliance with:

  • Money Laundering (Prohibition) Act 2011 (as amended);
  • Central Bank of Nigeria (CBN) AML/CFT Regulations 2022;
  • Nigeria Financial Intelligence Unit (NFIU) Guidelines;
  • Financial Action Task Force (FATF) recommendations.

These laws and regulations mandate that all financial and non-financial institutions put in place effective AML/CFT measures. MishTranzact adheres to both local and international standards to ensure our operations do not facilitate financial crime.

Scope and Application

This policy applies to all MishTranzact business units, employees, agents, affiliates, and third-party partners involved in delivering our services. It covers all processes where customers make financial transactions via our billing systems, payroll automation, or related services.

The policy is applicable to:

  • Customer onboarding and verification
  • Transaction monitoring
  • Suspicious activity reporting
  • Internal training and governance

Risk-Based Approach (RBA)

MishTranzact adopts a Risk-Based Approach (RBA) to AML compliance, which means that the level of due diligence and monitoring applied to a customer or transaction is proportional to the assessed level of money laundering or terrorism financing risk.

We assess risks based on several factors including:

  • Type of customer (e.g., SMEs, startups, sole proprietors)
  • Nature of business (e.g., cash-intensive vs. digital-first businesses)
  • Geographic location (e.g., high-risk jurisdictions)
  • Size and volume of transactions

High-risk customers or activities are subject to enhanced due diligence (EDD), while low-risk engagements undergo simplified procedures.

Customer Due Diligence (CDD)

Customer Due Diligence is a fundamental part of our AML strategy. Before onboarding a customer, MishTranzact collects and verifies identifying information to ensure we are dealing with legitimate entities.

For business accounts, the following data is required:

  • Corporate Affairs Commission (CAC) registration documents
  • Tax Identification Number (TIN)
  • Valid ID for directors/owners
  • Proof of business address
  • Bank Verification Number (BVN) where applicable.

For individual users (e.g., freelancers or sole proprietors), we request:

  • Government-issued ID (NIN, Driver’s License, Voter's Card, or International Passport)
  • Proof of address (utility bill or tenancy agreement)

CDD is ongoing meaning we do not treat it as a one-off activity. Customer profiles are reviewed periodically and especially when:

  • There is a change in ownership or control
  • Suspicious activity is detected
  • Customer requests unusually large transactions

Enhanced Due Diligence (EDD)

For customers considered high-risk (such as politically exposed persons, businesses from high-risk countries, or those with unclear beneficial ownership structures), MishTranzact performs Enhanced Due Diligence.

EDD involves:

  • Deeper verification of identity and ownership structure.
  • Source of funds verification
  • Senior management approval before account activation.
  • Frequent monitoring of account activity

MishTranzact does not establish business relationships with shell banks or unlicensed money services businesses.

Monitoring and Reporting Suspicious Transactions

MishTranzact has developed internal systems and procedures to monitor transactions in real-time and retrospectively. All transactions are analyzed using pre-defined rules to detect anomalies or red flags, including:

  • Sudden spikes in transaction volumes
  • Repeated round figures
  • Mismatched invoice and payment amounts
  • Use of proxy or third-party accounts for salary disbursement
  • Customers refusing to provide required documentation

When suspicious activity is detected, it is escalated to the AML Compliance Officer. If found to be material, a Suspicious Transaction Report (STR) is submitted to the Nigerian Financial Intelligence Unit (NFIU) within the required timeline.

Record Keeping

A senior-level AML Compliance Officer has been designated to oversee the implementation and enforcement of this policy. The officer has independent oversight authority and direct access to executive management.

Responsibilities include:

  • Designing and updating internal AML controls
  • Training staff on AML requirements
  • Liaising with regulators (e.g., CBN, NFIU)
  • Ensuring timely filing of reports and policy updates

Staff Training and Awareness

MishTranzact conducts mandatory AML training for all employees, with emphasis on those in customer-facing, operations, finance, and compliance roles. This training covers:

  • Overview of money laundering techniques
  • How to detect red flags
  • Procedures for reporting suspicious activity
  • Regulatory obligations and internal protocols

Training is refreshed annually or more frequently if there are regulatory changes or updates in our risk exposure.

Third-Party Relationships

MishTranzact ensures that all third-party service providers, such as payment processors, API partners, and resellers, adhere to equivalent AML standards. Before onboarding a partner, a thorough vendor risk assessment is conducted. We require contractual clauses that:

  • Mandate AML compliance
  • Allow for audits or reviews
  • Impose obligations to report suspicious activity to MishTranzact promptly

Failure of third parties to comply may result in termination of agreements and regulatory reporting.

Internal Controls and Independent Audit

Internal controls are in place to ensure that AML policies are effectively implemented. These include:

  • Segregation of duties
  • Dual approval processes
  • Automated alerts
  • Regular policy review and testing

An independent internal or external audit is conducted at least annually to assess the effectiveness of our AML framework. Audit outcomes are reviewed by senior management and used to strengthen future compliance efforts.

Sanctions Compliance

MishTranzact screens all customers and transactions against local and international sanctions lists including:

  • United Nations Sanctions List
  • OFAC Sanctions List
  • Nigerian sanctions lists (as issued by relevant authorities)

Any customer or transaction matched to a sanctioned party is immediately flagged, frozen, and reported to the competent authorities.

Policy Review and Update

This AML policy is reviewed at least once annually, or earlier if there are regulatory changes, emerging threats, or shifts in business operations. All updates must be approved by the Compliance Officer and communicated across all business units.

Conclusion

MishTranzact recognizes the global and national threat posed by money laundering and terrorist financing. We are fully committed to a culture of compliance, transparency, and accountability. By implementing a strong and practical AML framework, we protect not only our customers and partners but also the integrity of Nigeria’s financial system.