Effective Date: 2025.03.02

 

This Anti-Money Laundering (AML) Policy (the “Policy”) is established by ISCHY Jewelry (hereinafter referred to as “the Merchant”), an online jewelry retail platform (website: ischy-jewelry.com), to ensure compliance with global anti-money laundering and counter-terrorist financing (CFT) regulations, including but not limited to the requirements of Visa, Mastercard, the Financial Action Task Force (FATF) Recommendations, and relevant national laws and regulations (e.g., the People’s Bank of China’s Measures for the Administration of Anti-Money Laundering and Counter-Terrorist Financing for Precious Metals and Gemstone Trading Institutions). This Policy aims to prevent the Merchant’s platform from being used for money laundering, terrorist financing, or other illegal financial activities, protect the integrity of the global financial system, and maintain the Merchant’s legal compliance and reputation.

1. Policy Objectives

1. Comply with all applicable AML/CFT laws, regulations, and the rules and requirements of payment card networks (Visa, Mastercard) to pass relevant audits and maintain cooperative qualifications.

2. Identify, assess, and mitigate the money laundering and terrorist financing risks associated with the Merchant’s jewelry retail business, especially focusing on risks related to high-value transactions, cross-border transactions, and cash transactions.

3. Establish a sound internal control system, clarify the responsibilities of all departments and employees, and ensure the effective implementation of AML measures.

4. Conduct regular AML training for employees to enhance their awareness of compliance and their ability to identify suspicious transactions.

5. Cooperate with regulatory authorities, payment card networks (Visa, Mastercard), and financial intelligence units (FIUs) in AML investigations and information reporting.

2. Scope of Application

This Policy applies to all departments, employees, agents, partners, and customers of the Merchant, including but not limited to: (a) all business activities conducted through the ISCHY jewelry website, including the sale of jewelry, customization services, and after-sales services; (b) all payment transactions processed through Visa, Mastercard, and other payment methods; (c) all employees involved in customer reception, transaction processing, payment verification, and compliance management; (d) third-party partners cooperating with the Merchant in payment processing, logistics, and customer services.

3. Core Principles

1. Risk-Based Approach (RBA): The Merchant shall conduct a comprehensive assessment of money laundering risks based on customer characteristics, transaction amounts, transaction types, and geographic regions, and adopt risk-matched control measures, in line with FATF’s core principle of risk-based supervision.

2. Know Your Customer (KYC): The Merchant shall strictly implement customer due diligence (CDD) procedures to verify the identity of customers, understand the purpose and nature of their transactions, and identify beneficial owners (UBO) of non-natural customers.

3. Suspicious Transaction Reporting (STR): The Merchant shall establish a suspicious transaction monitoring and reporting mechanism to promptly identify and report transactions that may be related to money laundering or terrorist financing, without disclosing relevant information to customers (prohibiting tipping-off).

4. Sanctions Compliance: The Merchant shall strictly abide by international sanctions regulations, prohibit transactions with individuals, entities, or regions listed on international sanctions lists (e.g., OFAC SDN List, EU Sanctions List, FATF High-Risk Jurisdictions), and conduct regular sanctions screening.

5. Confidentiality and Record-Keeping: All customer identity information, transaction records, and AML-related documents shall be kept confidential and stored in accordance with regulatory requirements for a specified period.

4. Organizational Structure and Responsibilities

4.1 Compliance Department

The Merchant designates a dedicated Compliance Department (or Compliance Officer) to be responsible for the formulation, update, and implementation of this Policy. The main responsibilities include:

• Formulating and revising the AML Policy and related operating procedures in accordance with changes in laws, regulations, and Visa/Mastercard requirements.

• Conducting regular money laundering risk assessments for the Merchant, updating the risk assessment report, and proposing risk mitigation measures. The risk assessment cycle shall not exceed 3 years, and an immediate assessment shall be conducted if there are major changes in business activities or the operating environment.

• Overseeing the implementation of KYC procedures, transaction monitoring, and suspicious transaction reporting.

• Organizing AML training and publicity for all employees to ensure that employees master relevant knowledge and skills.

• Cooperating with regulatory authorities, Visa, Mastercard, and FIUs in AML investigations, providing relevant documents and information as required.

• Regularly reviewing the effectiveness of the AML system and putting forward improvement suggestions.

4.2 Departmental and Employee Responsibilities

• All departments shall strictly implement this Policy and relevant operating procedures, and cooperate with the Compliance Department in AML work.

• Employees involved in customer contact and transaction processing shall strictly implement KYC procedures, verify customer identity, and report any suspicious situations to the Compliance Department in a timely manner.

• All employees shall participate in regular AML training, master the identification methods of suspicious transactions, and abide by the confidentiality requirements of AML-related information.

• The senior management of the Merchant shall be responsible for the effective implementation of the AML system, provide sufficient resources (personnel, funds, technology) to support AML work, and review the AML work report regularly.

5. Customer Due Diligence (KYC) Procedures

The Merchant shall conduct customer due diligence in accordance with the risk-based approach, and the specific procedures are as follows:

5.1 Customer Identification

1. For Natural Persons: When a customer registers an account on the ISCHY website or conducts a transaction with a single or cumulative amount of more than USD 20,000 (or equivalent foreign currency), the Merchant shall verify the customer’s identity by collecting and verifying valid identity documents (e.g., passport, ID card), recording the customer’s full name, date of birth, nationality, contact information, and the type, number, and validity period of the identity document. For transactions involving cash of more than USD 20,000 (or equivalent foreign currency), additional identity verification shall be conducted in accordance with regulatory requirements.

2. For Non-Natural Persons (Enterprises, Institutions, etc.): When a non-natural person customer conducts a transaction, the Merchant shall collect and verify the customer’s business license, tax registration certificate, and other legal documents, identify the beneficial owner (the natural person who ultimately controls the customer or benefits from the transaction), and record the beneficial owner’s identity information, ownership structure, and control relationship.

5.2 Risk Classification of Customers

The Merchant shall classify customers into high-risk, medium-risk, and low-risk categories based on customer identity, transaction behavior, geographic location, and other factors, and adopt different due diligence measures:

• High-Risk Customers: Including customers from FATF high-risk jurisdictions or jurisdictions under increased monitoring, politically exposed persons (PEPs), customers with complex transaction backgrounds, and customers conducting frequent large-value transactions. Enhanced due diligence (EDD) shall be adopted, including more detailed identity verification, regular review of customer information, and enhanced transaction monitoring.

• Low-Risk Customers: Including regular customers with clear identity information, stable transaction behavior, and small transaction amounts. Simplified due diligence (SDD) may be adopted, such as reducing the frequency of identity verification.

5.3 Ongoing Customer Monitoring

The Merchant shall conduct ongoing monitoring of customer relationships, update customer identity information in a timely manner when there are changes in customer identity, business scope, or transaction behavior, and re-evaluate the customer’s risk level. If there is any doubt about the authenticity, validity, or completeness of the previously obtained customer identity information, supplementary due diligence shall be conducted immediately.

6. Transaction Monitoring and Suspicious Transaction Reporting

6.1 Transaction Monitoring Mechanism

The Merchant shall establish a transaction monitoring system to monitor all transactions conducted through the platform in real time, focusing on the following types of transactions (including but not limited to):

• Large-value transactions: Transactions with a single or cumulative amount exceeding the threshold specified by regulations or the Merchant (e.g., USD 20,000 or equivalent foreign currency for cash transactions, or other thresholds set based on Visa/Mastercard requirements).

• Suspicious transactions: Transactions that do not match the customer’s identity, transaction purpose, or financial status; transactions conducted in a short period of time with multiple small amounts to avoid the large-value transaction threshold; transactions involving high-risk jurisdictions or sanctioned entities; transactions with unclear sources or destinations of funds; and other transactions that may be related to money laundering or terrorist financing.

• Cross-border transactions: Transactions involving cross-border payments or overseas customers, especially transactions involving high-risk jurisdictions, which shall be subject to enhanced monitoring and verification of transaction authenticity.

• Visa/Mastercard-related transactions: Monitor transactions processed through Visa/Mastercard for abnormalities such as inconsistent card BIN information, abnormal transaction frequency, and 3D Secure verification failures, and cooperate with the payment card network to conduct risk control.

6.2 Suspicious Transaction Reporting

1. Any employee who finds a suspicious transaction shall immediately report it to the Compliance Department, providing detailed information such as the customer’s identity, transaction time, transaction amount, transaction method, and the reasons for suspicion.

2. The Compliance Department shall review the reported suspicious transactions within a specified time limit. If it is confirmed that the transaction is suspicious and may be related to money laundering or terrorist financing, the Merchant shall report it to the local FIU and relevant regulatory authorities in accordance with regulatory requirements, and simultaneously notify Visa and Mastercard as required.

3. During the reporting process, the Merchant shall strictly keep the information confidential, and shall not disclose the reporting behavior or relevant information to the customer or any irrelevant person to avoid tipping off the suspect.

4. All records related to suspicious transaction reporting (including reporting materials, review records, and feedback from regulatory authorities) shall be properly kept for future reference.

7. Sanctions Compliance

The Merchant shall strictly abide by international sanctions laws and regulations, and the sanctions requirements of Visa and Mastercard, and establish a sanctions screening mechanism:

• Regularly update the international sanctions list (including but not limited to OFAC SDN List, EU Sanctions List, FATF High-Risk Jurisdictions List) and conduct real-time screening of customers, transactions, and partners to ensure that no transactions are conducted with sanctioned individuals, entities, or regions.

• If a sanctioned individual, entity, or region is found during the screening process, the transaction shall be immediately suspended, and the relevant information shall be reported to the Compliance Department. The Compliance Department shall handle it in accordance with relevant regulations and notify Visa and Mastercard in a timely manner.

• Prohibit any acts intended to evade or circumvent international sanctions, such as splitting transactions or using third parties to conduct transactions with sanctioned entities.

8. Record-Keeping Requirements

The Merchant shall keep all AML-related records in accordance with regulatory requirements and the rules of Visa and Mastercard, including but not limited to:

• Customer identity information: Copies of identity documents, beneficial owner information, customer risk classification records, and customer information update records.

• Transaction records: Transaction amount, transaction time, transaction method, payment channel (including Visa/Mastercard transaction details), transaction purpose, and other relevant information.

• AML-related documents: Policy documents, risk assessment reports, suspicious transaction reporting records, training records, sanctions screening records, and compliance review records.

The retention period of the above records shall not be less than 5 years after the termination of the customer relationship or the completion of the transaction, and shall be extended to 5 years after the conclusion of the relevant case if there is an ongoing AML investigation or litigation. All records shall be stored in a safe and accessible manner, ensuring that they can be provided to regulatory authorities, Visa, Mastercard, and FIUs for inspection at any time.

9. Training and Education

The Merchant shall establish a regular AML training system to ensure that all employees master relevant knowledge and skills:

• New employees shall receive AML training before taking up their posts, and can only start working after passing the assessment.

• Regular AML training (at least once a year) shall be conducted for all employees, covering the latest AML laws and regulations, Visa/Mastercard requirements, suspicious transaction identification methods, and the Merchant’s AML procedures.

• Special training shall be provided for employees in key positions (e.g., customer service, transaction processing, compliance) to enhance their ability to identify and handle suspicious transactions.

• Training records shall be properly kept, including training materials, attendance records, and assessment results.

10. Compliance Review and Policy Update

10.1 Compliance Review

The Compliance Department shall conduct a comprehensive review of the implementation of this Policy at least once a year, evaluate the effectiveness of the AML system, identify existing problems and risks, and put forward improvement measures. The review results shall be reported to the senior management of the Merchant and kept as part of the AML records.

10.2 Policy Update

The Merchant shall update this Policy in a timely manner when there are changes in the following situations:

• Changes in AML/CFT laws, regulations, or international standards (e.g., FATF Recommendations updates).

• Changes in the rules and requirements of Visa, Mastercard, or other payment card networks.

• Major changes in the Merchant’s business model, business scope, or risk profile.

• Results of compliance reviews or feedback from regulatory authorities.

The updated Policy shall be announced to all employees and implemented after being approved by the senior management. The version number and effective date of the Policy shall be clearly marked.

11. Penalty Measures

Any employee who violates this Policy, including but not limited to failing to implement KYC procedures, failing to report suspicious transactions, disclosing AML-related confidential information, or conducting transactions with sanctioned entities, shall be subject to disciplinary measures such as warning, fine, or dismissal in accordance with the Merchant’s internal rules. If the violation constitutes a crime, the Merchant shall promptly report it to the judicial authorities and assume corresponding legal responsibilities.

12. Contact Information

For any questions, reports, or suggestions related to AML compliance, please contact the Merchant’s Compliance Department:

• Compliance Officer: Huang Li

• Email: payment@ischy-jewelry.com

• Phone: +86-18628238876

ISCHY Jewelry reserves the right to interpret this Policy. This Policy shall come into effect on the date specified above.

愛詩奇珠寶有限公司

ISCHY JEWELRY LIMITED

 

Date: 2026.03.02