Contents
- Purpose and scope
- Regulatory framework
- Governance and Compliance Officer
- Risk-based approach
- Customer due diligence (CDD/KYC)
- Enhanced due diligence (EDD)
- Ongoing transaction monitoring
- Suspicious activity reporting (NFIU)
- Sanctions and PEP screening
- Prohibited customers, transactions and jurisdictions
- Record-keeping
- Training and awareness
- Third-party reliance and outsourcing
- Cooperation with law-enforcement and regulators
- Whistleblowing
- Review and updates
- Contact
1. Purpose and scope
Monica Technologies Limited ("Monica") is committed to preventing the use of its platform for money laundering, terrorist financing, proliferation financing, fraud and other financial crime. This AML/CFT Policy (the "Policy") sets out the principles, controls and accountabilities that govern Monica's risk-based programme. It applies to all employees, contractors, directors, partners and authorised agents acting for or on behalf of Monica, and to every product and service Monica offers in Nigeria.
Monica operates strictly as a one-way crypto to naira off ramp. Monica does not provide custodial wallet services and does not hold customer Cryptocurrency. On confirmation of an onchain deposit, title to the Cryptocurrency passes to Monica's treasury, and Monica's obligation to the customer is the payment of the corresponding Naira amount to the customer's verified Nigerian bank account. The AML/CFT programme described in this Policy is therefore designed to detect and prevent the entry of illicit value into Monica's treasury and the laundering of value through the resulting Naira payments.
2. Regulatory framework
The Policy is designed to satisfy Monica's obligations under:
- the Money Laundering (Prevention and Prohibition) Act 2022;
- the Terrorism (Prevention and Prohibition) Act 2022;
- the Nigerian Financial Intelligence Unit (NFIU) Regulations and Advisories, including the NFIU Act 2018;
- the Investments and Securities Act 2025 (ISA 2025) and the SEC Virtual Asset Service Provider (VASP) framework;
- relevant Central Bank of Nigeria (CBN) directives applicable to fintech and payments;
- the Nigeria Sanctions Act 2022 and lists maintained by the United Nations Security Council, the Office of Foreign Assets Control (OFAC), the European Union and equivalent Nigerian authorities;
- the Nigeria Data Protection Act 2023 (NDPA) for the lawful handling of personal data; and
- applicable recommendations of the Financial Action Task Force (FATF), including Recommendation 15 on virtual assets and Recommendation 16 ("Travel Rule") as adopted in Nigeria.
3. Governance and Compliance Officer
Monica's Board approves this Policy and oversees the AML/CFT programme. A designated Money Laundering Reporting Officer / Compliance Officer (the "Compliance Officer") of sufficient seniority and independence is responsible for the day-to-day operation of the programme and reports directly to the Board. The Compliance Officer has unrestricted access to customer records, system data and transaction logs and may pause or restrict any Account or transaction without prior notice where there is reasonable suspicion of financial crime.
4. Risk-based approach
Monica adopts a risk-based approach calibrated to the nature, size, complexity and geographic reach of its business. An institution-wide risk assessment is conducted at least annually and reviewed whenever there is a material change in product, customer segment, technology, or applicable law. The assessment considers customer risk (including occupational and residence factors), product and service risk, channel risk, geographic risk and counterparty risk. Findings inform the calibration of CDD, monitoring rules, transaction limits and EDD triggers.
5. Customer due diligence (CDD / KYC)
Before any Naira withdrawal is processed, Monica completes customer due diligence designed to verify the identity of the customer to a reasonable degree of certainty using a tiered, risk-based model aligned with the Money Laundering (Prevention and Prohibition) Act 2022 and NFIU regulations:
- Verification Tier 1 (Simplified Due Diligence. SDD). The customer registers a Nigerian bank account held in his or her legal name. Monica verifies the account through NIBSS name-enquiry. Tier 1 supports Naira withdrawals up to ₦500,000 per transaction.
- Verification Tier 2 (Standard CDD). The customer additionally submits a National Identification Number (NIN), verified through the National Identity Management Commission (NIMC). Tier 2 supports Naira withdrawals up to ₦1,000,000 per transaction.
Across both tiers, Monica also collects biographical data (legal name, date of birth, residential address, phone, email), applies aggregate daily and monthly caps, and screens each customer against sanctions, PEP and adverse-media databases on onboarding and continuously thereafter. CDD records are kept current and refreshed on a risk-sensitive basis. Where a customer cannot or will not satisfy CDD, the Account is not activated for withdrawal and the relationship may be discontinued in accordance with Applicable Law. Higher limits may be granted on a case-by-case basis following Enhanced Due Diligence (see clause 6).
6. Enhanced due diligence (EDD)
EDD is applied where the customer or activity presents a higher risk, including (without limitation):
- customers identified as Politically Exposed Persons (domestic, foreign or international organisation), or their close associates and family members;
- customers in higher-risk industries (gambling, virtual-asset service providers, money-service businesses, cash-intensive businesses);
- aggregate inflows or outflows that meet or exceed the NFIU's prescribed thresholds for cash-equivalent transactions;
- transactions involving counterparties on high-risk jurisdiction lists, including FATF "Black List" and "Grey List" jurisdictions;
- unusual deposit patterns relative to a customer's stated profile;
- customers identified through screening hits requiring further investigation.
EDD measures include senior-management approval for continued service, source-of-funds and source-of-wealth verification, intensified ongoing monitoring, and where appropriate the imposition of lower limits or additional documentary evidence.
7. Ongoing transaction monitoring
Every Order and every Account is subject to continuous, rule-based and behavioural transaction monitoring. Indicative red flags include, without limitation:
- structuring or "smurfing" of deposits to avoid reporting or limit thresholds;
- rapid in-and-out movement of value with no apparent economic rationale;
- activity inconsistent with the customer's stated occupation, location or profile;
- deposits originating from blockchain addresses associated with known illicit activity (mixers, sanctioned addresses, darknet markets, ransomware, scam wallets) per reputable onchain analytics providers;
- multiple Accounts apparently controlled by the same person;
- repeated failed verification attempts followed by successful entry from a different device;
- any matter the Compliance Officer determines warrants further enquiry.
Confirmed suspicions are escalated to the Compliance Officer for investigation and, where appropriate, reporting and customer action.
8. Suspicious activity reporting
Where the Compliance Officer has reasonable grounds to suspect that funds processed through the platform are the proceeds of crime or are connected with terrorist financing, Monica files a Suspicious Transaction Report (STR) with the Nigerian Financial Intelligence Unit (NFIU) within the timelines prescribed by the Money Laundering (Prevention and Prohibition) Act 2022. Monica also files Currency Transaction Reports (CTRs) where applicable thresholds are met. Monica is bound by the statutory "tipping-off" prohibition and will not disclose to a customer that a report has been or is being filed.
9. Sanctions and PEP screening
All customers are screened on onboarding and continuously thereafter against:
- the United Nations Security Council Consolidated Sanctions List;
- the OFAC Specially Designated Nationals (SDN) and Sectoral Sanctions Identifications (SSI) Lists;
- the European Union Consolidated Financial Sanctions List;
- the United Kingdom Office of Financial Sanctions Implementation (OFSI) Consolidated List;
- Nigerian sanctions lists maintained by the Nigerian Sanctions Committee;
- commercially available PEP and adverse-media databases.
Positive matches are escalated and resolved before any service is provided. Where a true match is confirmed, the Account is blocked and reported as required by law.
10. Prohibited customers, transactions and jurisdictions
Monica does not knowingly provide services to persons or entities involved in money laundering, terrorist financing, proliferation financing, narcotics or weapons trafficking, sexual exploitation, child abuse material, ransomware or extortion, unlicensed gambling, or sanctions evasion. Monica does not service customers from jurisdictions where the provision of crypto-asset services is unlawful or where doing so would breach sanctions binding on Monica or its partners. Deposits suspected of originating from such activity will be blocked, reported to the NFIU and dealt with in accordance with directions from competent authorities.
11. Record-keeping
Monica retains CDD records, transaction records, screening hits, internal investigations, suspicious-activity reports and supporting documentation for a minimum of five (5) years from the end of the customer relationship or the completion of the relevant transaction, whichever is later, in line with the Money Laundering (Prevention and Prohibition) Act 2022 and NFIU regulations. Records are held in secure, access-controlled systems and are made available on lawful request from a competent authority.
12. Training and awareness
All staff complete mandatory AML/CFT training at induction and at least annually thereafter. Customer-facing staff and the Compliance team complete additional, role-specific training covering red flags, sanctions, the Travel Rule, ethics and the consequences of non-compliance. Training records are retained as part of the compliance file.
13. Third-party reliance and outsourcing
Where Monica relies on third parties (for example, KYC vendors, onchain analytics providers, treasury infrastructure providers), it conducts due diligence on those providers, contracts on terms that preserve Monica's ability to discharge its own AML/CFT obligations, and audits performance against agreed service levels. Outsourcing does not transfer regulatory responsibility, which remains with Monica.
14. Cooperation with law-enforcement and regulators
Monica cooperates with lawful requests from competent Nigerian and foreign authorities, including the Nigerian Financial Intelligence Unit (NFIU), the Economic and Financial Crimes Commission (EFCC), the Nigeria Police Force, the Securities and Exchange Commission (SEC), the Central Bank of Nigeria (CBN), and equivalent foreign authorities acting through Mutual Legal Assistance Treaties or recognised channels of cooperation.
Lawful requests for production of records, account freezing, or disclosure of customer information should be directed to:
Law-enforcement and regulator channel:
Compliance Officer, Monica Technologies Limited
[email protected]
Lagos, Nigeria
Requests must be made on official letterhead, signed by an authorised officer, and accompanied by a copy of the underlying legal instrument (such as a court order, NFIU production notice, or sanctioned mutual-legal-assistance request). Monica acknowledges receipt within two (2) business days of receipt of a valid request.
15. Whistleblowing
Any employee, contractor or member of the public who suspects financial crime or non-compliance with this Policy may report confidentially to [email protected]. Monica protects whistleblowers from retaliation in line with applicable Nigerian whistleblower protections.
16. Review and updates
This Policy is reviewed at least annually and whenever there is a material change in product, technology, applicable law or risk profile. Changes are approved by the Board and communicated to all relevant staff.
17. Contact
Compliance Officer
Monica Technologies Limited
[email protected]
Lagos, Nigeria