Orion Global – FZCO (“Orion”) is dedicated to preventing money laundering, terrorist financing, and other financial crimes. This Anti-Money Laundering (AML) Policy establishes the protocols, responsibilities, and procedures we apply to detect, prevent, and report illicit activity, ensuring full compliance with applicable regulatory standards.

1. Purpose

The purpose of this AML Policy is to protect Orion, its customers, and stakeholders from being exploited for illegal activities, including money laundering and terrorist financing. Orion’s AML policy is designed to:

• Identify and manage risks associated with financial crimes.
• Comply with applicable laws, including those of the UAE and international jurisdictions.
• Establish a framework for detecting, investigating, and reporting suspicious activity.

2. Scope

This AML Policy applies to all employees, contractors, agents, and customers of Orion, as well as all services provided through our platform. This includes our demo trading, assessment, evaluation, and related educational products and services offered via the website and applications.

3. Regulatory Compliance and Standards

Orion follows the guidelines set by global and regional regulatory bodies, including:

• The Financial Action Task Force (FATF) recommendations
• UAE Central Bank AML regulations
• Relevant AML/CFT (Combating the Financing of Terrorism) laws in other applicable jurisdictions

Orion continuously reviews regulatory changes and adapts its practices to ensure ongoing compliance.

4. Definitions

For the purpose of this policy, key terms are defined as follows:

• Money Laundering (ML): The process of concealing or disguising the origins of funds obtained through criminal activities.
• Terrorist Financing (TF): The provision of funds or financial support for terrorist activities.
• Know Your Customer (KYC): The process by which Orion verifies the identity of its customers.
• Suspicious Activity Report (SAR): A formal report of potentially suspicious financial behavior submitted to regulatory authorities.

5. Customer Due Diligence (CDD) and Know Your Customer (KYC)

Orion has a strict KYC and CDD framework to verify customer identities and ensure ongoing monitoring throughout the customer relationship.

5.1 Initial Customer Identification

Before granting access to services, Orion requires customers to provide:

• Individuals: A valid government-issued ID (passport, national ID, or driver’s license) and proof of address (utility bill, bank statement, or rental agreement from the past three months).
• Corporate Entities: Documentation including a certificate of incorporation, the business’s tax registration number, and identification for beneficial owners with more than 25% ownership.

5.2 Verification Procedures

All submitted documents are verified using reliable and independent sources. Enhanced Due Diligence (EDD) may be applied to higher-risk customers, including but not limited to:

• Politically Exposed Persons (PEPs)
• Customers from countries with high risks for money laundering or terrorism financing
• Customers who use complex corporate structures or operate from high-risk jurisdictions

5.3 Ongoing Monitoring and Transaction Review

Customer transactions are monitored in real time to detect patterns that deviate from expected behavior. Orion uses automated systems and manual checks to identify suspicious or unusual activity, which may include:

• Large or irregular transactions not consistent with the customer profile
• Multiple transactions below reporting thresholds
• Rapid transfer of funds between accounts

If unusual activity is detected, Orion may request additional information or documents from the customer and may file a Suspicious Activity Report (SAR) if necessary.

6. Risk Assessment

Orion uses a comprehensive risk assessment model to evaluate the risk profile of each customer, transaction, and jurisdiction involved.

6.1 Risk Categories

Orion assesses risk based on the following factors:

• Customer Risk: Identifying higher-risk customers, such as those classified as PEPs or those with connections to high-risk industries or jurisdictions.
• Geographic Risk: Special attention is given to transactions involving countries with high levels of financial crime, weak AML controls, or known connections to terrorist financing.
• Service/Transaction Risk: Orion’s educational and simulated trading services generally carry low risk, but higher-risk flags include large, rapid transactions or patterns inconsistent with the customer’s stated purpose.

6.2 Risk-Based Approach

Orion applies a proportional response based on the risk level associated with each customer. Low-risk customers undergo standard due diligence, while high-risk customers may be subject to Enhanced Due Diligence (EDD), including ongoing monitoring, additional identity checks, and further scrutiny of transactions.

7. Reporting of Suspicious Activities

Orion is committed to identifying and reporting suspicious activities, in compliance with local and international AML obligations.

7.1 Detection and Reporting of Suspicious Transactions

Suspicious Activity Reports (SARs) are filed if Orion identifies transactions that could indicate money laundering, terrorist financing, or other financial crimes. SARs may be based on:

• Unusual transaction amounts, volumes, or patterns
• Transactions involving countries on sanction lists
• Customer behavior inconsistent with the stated account purpose

7.2 Internal Escalation Process

Employees are trained to identify and escalate potentially suspicious transactions to the Compliance Department. SARs are reviewed and approved by a designated Compliance Officer before filing with the relevant authority.

8. Record Keeping

Orion maintains records related to KYC, transactions, and SARs to comply with AML laws and regulatory requirements.

8.1 Document Retention

All KYC, transaction, and SAR records are stored securely and retained for at least five years following the end of the customer relationship. Records include:

• Customer identification documents
• Transaction details (e.g., amounts, dates, and parties involved)
• Reports and documentation related to suspicious activity

8.2 Secure Data Handling

All records are stored in compliance with Orion’s data privacy and security policies. Access to sensitive data is restricted to authorized personnel only.

9. Sanctions Screening

Orion complies with international sanctions laws and screens all customers against sanctions lists to prevent prohibited transactions.

• Restricted Jurisdictions: Orion does not provide services to individuals or entities located in Restricted Jurisdictions, including the United States, Canada (specifically Quebec and Ontario), Iran, Syria, North Korea, Sudan, and Cuba.
• Sanctions Compliance: Customers are screened against international sanctions lists, including those maintained by the United Nations, OFAC (Office of Foreign Assets Control), and other regulatory bodies. Any matches are flagged, and services may be restricted or denied accordingly.

10. Employee Training

All Orion employees receive annual AML training to ensure awareness of current regulations, suspicious transaction indicators, and internal reporting processes.

• Topics Covered: AML laws, customer verification, transaction monitoring, and red flags.
• Mandatory Compliance: Training is mandatory for all employees and contractors and includes certification tests to ensure comprehension.

11. Governance and Responsibilities

Orion’s AML governance structure defines roles and responsibilities for managing AML risks and ensuring compliance.

• Board of Directors: Provides oversight and ensures adequate resources are allocated to the AML program.
• Compliance Department: Manages daily AML responsibilities, including transaction monitoring, investigations, and regulatory reporting.
• Employees: Responsible for following AML procedures, reporting suspicious activity, and completing mandatory training.

12. Policy Review and Updates

Orion reviews its AML Policy annually and updates it as necessary to reflect changes in AML regulations, industry standards, and company practices. Any significant updates will be communicated to customers and stakeholders.