ANTI-MONEY LAUNDERING AND COUNTER-TERRORIST FINANCING POLICY

One. General Provisions

1. The purpose of this Anti-Money Laundering and Counter-Terrorist Financing Policy (hereinafter referred to as the “AML/CFT Policy”) is to define effective measures aimed at reducing and preventing AML/CFT risks through the proper implementation of risk-based management.
2. This Policy shall be consistent with the Company’s internal AML/CFT control program.
3. The Company shall comply with and implement recommendations and standards issued by domestic and international regulatory authorities in its operations.
4. All employees of the Company shall comply with and implement this Policy in the performance of their duties.

Two. Guiding Principles

2.1. In conducting its core activities, the Company shall adhere to the following principles:

1. The Company shall avoid and shall not engage in any activities related to money laundering or terrorist financing.
2. The employee responsible for the implementation and preventive organization of the Company’s AML/CFT internal control program, policies, and procedures shall be the Compliance Officer, who shall report directly to the Chief Executive Officer.
3. The first-line units responsible for ensuring the implementation of AML/CFT policies, procedures, and programs shall include senior brokers, brokers, asset/wealth managers, and market analysts, who shall act as first-line risk owners.
4. The second-line AML/CFT control function shall be carried out by the Compliance Officer.
5. The Compliance Officer shall not participate directly in Company decision-making and shall perform AML/CFT risk assessments independently and objectively, providing conclusions and recommendations for risk mitigation. Depending on the scope of operations and controls, the Compliance Officer may cooperate with the Risk Management Department and the Legal Department.
6. The Compliance Officer shall not communicate directly with customers and shall obtain additional customer information through brokers.
7. The Company shall not establish financial relationships with individuals or legal entities subject to sanctions imposed by the United Nations Security Council or other relevant state or international authorities.
8. The Company shall refuse to provide services to customers who decline to submit documents required under customer due diligence and transaction monitoring procedures.

Three. Risk Assessment

3.1. The Company shall assess AML/CFT risks in the following three categories:

1. Customer risk assessment
2. Geographic risk assessment
3. Product, service, and delivery channel risk assessment
4. The Company shall identify AML/CFT risks when introducing new products or services and when establishing business relationships with new customers.

Four. Customer Due Diligence

4.1. In accordance with the Law on Combating Money Laundering and Terrorist Financing, the Company shall conduct customer due diligence using official sources, documents, and information in the following circumstances:

1. Prior to establishing a business relationship;
2. When a person without an account or stable financial relationship conducts an occasional transaction of MNT 20 million or more;
3. When multiple linked transactions conducted within a 24-hour period each fall below MNT 20 million but collectively exceed that amount;
4. When there is doubt regarding the accuracy or reliability of previously obtained customer information;
5. When a customer or transaction is suspected to be related to AML/CFT activities.
6. Customer due diligence shall be conducted as follows, depending on customer characteristics:
   1. Standard due diligence;
   2. Enhanced or special due diligence.
7. The Company shall accept a customer and open an account only after collecting sufficient customer information. Customers shall be informed of the obligation to update their information periodically.
8. For legal entities, customer due diligence shall include completion of the Company’s beneficial ownership information form, verification of accuracy through public sources, and collection of the entity’s charter, registration certificates, authorized representative details, specimen signatures, company seal, and all other required questionnaire information. Additional information may be requested depending on the nature of the Company’s products and services.
9. For Mongolian citizens, customer due diligence shall include collection of a national identity card, specimen signature, customer photograph, and completion of all required questionnaire information.
10. For foreign nationals, customer due diligence shall include collection of a passport, residence permit (if applicable), specimen signature, customer photograph, and completion of all required questionnaire information.
11. If a customer’s personal information changes, the customer shall update such information using the Company’s “Request for Additional Services and Information Update” form or through online self-service access.
12. Politically exposed persons (PEPs) shall be classified as high-risk customers and shall be subject to enhanced monitoring.

Five. Enhanced Monitoring and Implementation of Financial Sanctions

1. The Company shall be prohibited from establishing business relationships with individuals or entities included in international sanctions lists.
2. When providing services to nationals of countries identified by the Company as potentially high-risk jurisdictions, approval of the Chief Executive Officer shall be obtained in accordance with the form approved under Appendix 1 to the Company’s AML/CFT Operational Procedure.
3. The Company shall apply enhanced monitoring to transactions specified in Articles 6.1.1–6.1.4 of the Law on Combating Money Laundering and Terrorist Financing.
4. To identify and monitor suspicious transactions, the Company shall generate required reports from its internal trading systems in accordance with approved templates.
5. Where a customer subject to enhanced monitoring conducts high-value transactions or trades, the Compliance Officer shall maintain records and, upon observing suspicious behavior more than five times, shall submit a suspicious transaction report to the Financial Information Unit of the Bank of Mongolia.
6. Employees of the Securities Brokerage Department shall promptly report suspicious transactions, assets, or customers to the Compliance Officer by email or consolidated report. The Compliance Officer shall review such information within three (3) business days from receipt and take necessary measures.

Six. Reporting to Regulatory Authorities

1. The Company shall submit reports required under the Law on Combating Money Laundering and Terrorist Financing and the Regulation on Preventing Money Laundering and Terrorist Financing approved by the Bank of Mongolia within the statutory timeframes.
2. The Company shall ensure the confidentiality of information and the safety of employees who report suspicious transactions or customers.

Seven. Training, Recordkeeping, and Confidentiality

1. The Company may organize and conduct AML/CFT training for employees to ensure effective implementation of AML/CFT measures.
2. AML/CFT training for new employees shall be included in the Company’s internal training program and, where necessary, supplemented by specialized training provided by third-party institutions.
3. Documents, materials, data, and reports collected in connection with customer due diligence shall be retained for no less than five (5) years in accordance with applicable laws and regulations.
4. Employees are prohibited from disclosing to customers or unauthorized third parties the fact that suspicious transaction or customer information has been reported to the Financial Information Unit of the Bank of Mongolia or other competent authorities. Such reporting shall not be deemed a breach of confidentiality.