1. Introduction
Keynoverse FZC (“Keynoverse”, “the Entity”, “we”, “our”, or “the Company”) maintains this Internal AML/CFT Governance, Audit, Compliance & Risk Management Procedures Manual (“Manual”) to establish the internal governance framework, compliance controls, operational standards, fraud prevention procedures, audit mechanisms, onboarding oversight, and risk management controls applicable across the Entity’s technology platforms, onboarding systems, SaaS environments, digital infrastructure, and merchant enablement operations.
This Manual establishes the governance procedures and operational controls maintained by the Entity to support:
Anti-Money Laundering (“AML”) risk mitigation
Combating the Financing of Terrorism (“CFT”) controls
Fraud prevention and operational integrity
Customer and merchant due diligence
Internal audit and compliance review processes
Escalation and enforcement procedures
Risk-based onboarding and monitoring
Operational governance and accountability
Secure platform operations
Regulatory and PSP cooperation procedures
This Manual applies across all operational environments, merchant onboarding systems, SaaS platforms, enterprise onboarding procedures, onboarding APIs, operational review workflows, administrative systems, and platform governance activities maintained by Keynoverse FZC.
2. Regulatory & Operational Positioning Statement
Keynoverse FZC operates solely as a technology service provider and SaaS infrastructure company.
The Entity provides:
digital onboarding infrastructure,
operational management systems,
restaurant commerce systems,
enterprise software solutions,
merchant enablement technology,
onboarding workflow systems,
platform APIs,
digital ordering infrastructure,
and payment-integrated SaaS platforms.
Keynoverse does not operate as:
a licensed financial institution,
Payment Service Provider (“PSP”),
merchant acquirer,
money services business,
remittance operator,
stored-value operator,
e-money issuer,
wallet operator,
payment facilitator,
or regulated settlement intermediary.
The Entity does not:
hold customer funds,
process regulated settlements,
custody payment balances,
issue financial products,
or independently execute regulated financial transactions.
All regulated financial processing activities, including payment authorization, settlement, sanctions screening, regulated AML/CFT checks, transaction monitoring, and regulatory reporting obligations relating to payment processing are performed independently by licensed Payment Service Providers and regulated financial institutions integrated within the Entity’s platforms.
3. Purpose of this Manual
The purpose of this Manual is to establish documented internal procedures governing:
compliance oversight,
onboarding integrity,
AML/CFT risk management,
fraud prevention,
audit controls,
operational monitoring,
escalation management,
merchant governance,
record retention,
and security governance.
This Manual is intended to support:
internal operational governance,
payment partner compliance expectations,
PSP onboarding requirements,
operational accountability,
risk management controls,
and lawful cooperation obligations.
4. Scope
This Manual applies to:
Keynoverse operational systems,
KeynoBite and associated platforms,
merchant onboarding systems,
onboarding APIs,
compliance review activities,
onboarding personnel,
administrative users,
technical administrators,
referral and agency onboarding activities,
onboarding documentation handling,
operational monitoring activities,
audit and escalation procedures,
and onboarding governance controls.
This Manual applies to all personnel, authorized operators, administrators, contractors, and authorized parties interacting with onboarding or compliance-related systems maintained by the Entity.
5. Governance Structure & Compliance Oversight
5.1 Governance Principles
Keynoverse maintains governance controls designed to support:
operational transparency,
onboarding integrity,
accountability,
fraud prevention,
escalation consistency,
secure onboarding,
and risk-based operational decision-making.
The Entity maintains documented procedures for compliance review, onboarding governance, audit logging, operational monitoring, and escalation management.
5.2 Governance Responsibilities
| Function | Responsibility |
|---|---|
| Senior Management | Oversight of governance framework, escalation approvals, policy approval |
| Compliance & Operations | KYB/KYC review, onboarding oversight, risk review |
| Technical Administration | Audit logging, system integrity, access management |
| Platform Operations | Merchant onboarding coordination and operational governance |
| Authorized Review Personnel | Escalation handling and compliance investigations |
5.3 Segregation of Duties
The Entity maintains segregation between:
onboarding submission activities,
compliance review activities,
operational approvals,
technical administration,
and escalation decision-making.
Where operationally feasible, onboarding approvals, technical provisioning, and escalation reviews are handled through separate authorized roles.
6. AML/CFT Governance Framework
6.1 Risk-Based AML/CFT Approach
Keynoverse applies a risk-based approach to onboarding governance, operational monitoring, and merchant enablement activities.
Risk assessments may consider:
business activity,
onboarding profile,
geographic exposure,
operational complexity,
onboarding completeness,
onboarding consistency,
sanctions exposure,
adverse media indicators,
payment-related anomalies,
fraud indicators,
and operational risk signals.
6.2 Risk Classification Categories
The Entity may classify onboarding profiles into:
| Risk Tier | Description |
|---|---|
| Low Risk | Standard operational profile with complete documentation |
| Medium Risk | Elevated operational or onboarding risk requiring additional review |
| High Risk | Enhanced review, escalation, or restricted onboarding required |
6.3 Enhanced Due Diligence (EDD)
Enhanced Due Diligence procedures may apply where elevated risk indicators are identified.
EDD triggers may include:
incomplete onboarding information,
ownership inconsistencies,
high-risk jurisdictions,
elevated operational risk,
adverse media findings,
sanctions concerns,
elevated fraud indicators,
unusual onboarding patterns,
or PSP escalation requests.
EDD procedures may include:
additional documentation requests,
manual operational review,
senior review escalation,
business activity verification,
ownership clarification,
or enhanced monitoring procedures.
7. Customer Due Diligence (CDD) & Merchant Verification Procedures
7.1 Onboarding Verification Procedures
All onboarding submissions are subject to documented review procedures prior to operational activation.
Verification procedures may include:
trade license verification,
company registration review,
ownership verification,
beneficial ownership review,
Emirates ID/passport verification,
website/domain review,
business activity consistency checks,
onboarding document validation,
proof of address review,
and banking verification where applicable.
7.2 Beneficial Ownership (UBO) Verification
The Entity maintains procedures for identifying Ultimate Beneficial Owners (“UBOs”) where applicable.
Verification procedures may include:
ownership declarations,
shareholder review,
identification document verification,
and onboarding consistency review.
7.3 Periodic Re-Verification
The Entity may conduct periodic or event-driven re-verification procedures including:
trade license expiry review,
ownership updates,
banking changes,
operational profile changes,
elevated risk indicators,
or PSP re-verification requests.
Failure to complete re-verification procedures may result in onboarding restrictions or suspension.
8. Sanctions, PEP & Adverse Media Controls
8.1 Screening Controls
The Entity maintains procedures intended to reduce exposure to:
sanctioned entities,
prohibited jurisdictions,
politically exposed persons (“PEPs”),
adverse media risks,
and elevated compliance concerns.
Screening may reference:
United Nations (UN) sanctions,
OFAC sanctions,
EU sanctions,
UK HMT sanctions,
UAE local sanctions lists,
PEP databases,
and adverse media sources.
8.2 Escalation of Screening Matches
Potential sanctions or PEP matches may result in:
onboarding hold,
manual review,
enhanced due diligence,
escalation procedures,
onboarding restriction,
or termination of onboarding activities.
9. Fraud Prevention & Operational Monitoring
9.1 Monitoring Objectives
The Entity maintains monitoring procedures intended to detect:
onboarding abuse,
operational fraud,
suspicious onboarding activity,
platform misuse,
refund anomalies,
onboarding duplication,
operational inconsistencies,
suspicious access patterns,
and elevated complaint trends.
9.2 Operational Monitoring Controls
Monitoring activities may include review of:
onboarding velocity,
multiple onboarding attempts,
duplicate onboarding data,
unusual operational behavior,
suspicious payment-related activity,
refund frequency,
operational anomalies,
login anomalies,
and unusual usage patterns.
10. Internal Audit & Compliance Review Procedures
10.1 Internal Review Framework
Keynoverse maintains internal review and quality assurance procedures relating to:
onboarding quality,
compliance procedures,
escalation consistency,
audit logging integrity,
operational governance,
onboarding documentation quality,
and incident response effectiveness.
10.2 Compliance Review Frequency
Internal compliance reviews may occur:
periodically,
annually,
after operational incidents,
after material onboarding changes,
after elevated risk events,
or upon PSP/regulatory request.
10.3 Audit Review Activities
Internal review activities may include:
onboarding sample review,
escalation review,
audit log verification,
onboarding completeness review,
operational workflow review,
access control review,
fraud trend analysis,
and remediation assessment.
10.4 Corrective Action Procedures
Where deficiencies or weaknesses are identified, the Entity may implement:
remediation plans,
process enhancements,
onboarding control improvements,
additional verification procedures,
operational restrictions,
enhanced monitoring,
or updated governance controls.
11. Audit Logging & Operational Record Keeping
11.1 Audit Logging Standards
The Entity maintains structured audit trails and operational logs relating to:
onboarding submissions,
onboarding status changes,
administrative actions,
escalation actions,
operational approvals,
API onboarding activity,
and system access events.
11.2 Logged Data
Audit records may include:
timestamps,
acting user identifiers,
IP addresses,
action types,
onboarding references,
review actions,
escalation outcomes,
and operational metadata.
11.3 Record Retention
Unless otherwise required by law or contractual obligations, records may be retained for a minimum period of five (5) years following:
onboarding completion,
offboarding,
termination,
or conclusion of the relevant operational relationship.
12. Information Security & Access Controls
12.1 Security Controls
The Entity maintains technical and organizational safeguards including:
SSL/TLS encryption,
secure hosting infrastructure,
authentication controls,
role-based access controls,
audit logging,
infrastructure monitoring,
restricted administrative access,
and security maintenance procedures.
12.2 Access Restrictions
Access to onboarding systems, operational records, audit logs, and compliance environments is restricted to authorized personnel only.
Administrative permissions are assigned according to operational role and business necessity.
13. Escalation & Enforcement Framework
13.1 Escalation Objectives
The Entity maintains escalation procedures intended to support:
operational integrity,
fraud prevention,
onboarding governance,
compliance consistency,
and risk containment.
13.2 Escalation Tiers
| Tier | Description |
|---|---|
| Tier 1 | Information clarification or correction request |
| Tier 2 | Compliance hold or enhanced review |
| Tier 3 | Operational suspension or onboarding restriction |
| Tier 4 | Termination, denial, or permanent restriction |
13.3 Escalation Triggers
Escalation triggers may include:
incomplete onboarding information,
suspicious onboarding activity,
elevated fraud indicators,
sanctions concerns,
operational inconsistencies,
repeated onboarding abuse,
forged documentation,
prohibited activities,
or PSP escalation requests.
13.4 Enforcement Actions
The Entity may implement:
onboarding restrictions,
operational limitations,
suspension procedures,
merchant offboarding,
escalation review,
enhanced monitoring,
or permanent termination.
14. Incident Management Procedures
The Entity maintains procedures for documenting and reviewing operational or compliance-related incidents.
Incident management may include:
incident identification,
evidence preservation,
operational containment,
investigation procedures,
escalation review,
PSP coordination,
remediation planning,
and post-incident review.
15. Employee Compliance & Awareness
Keynoverse may conduct periodic compliance awareness activities relating to:
AML/CFT awareness,
onboarding integrity,
fraud prevention,
sanctions awareness,
operational risk management,
escalation procedures,
and platform security.
Training and awareness procedures may be updated periodically based on operational or regulatory developments.
16. Regulatory & PSP Cooperation
The Entity may cooperate with lawful requests from:
licensed PSPs,
financial institutions,
regulatory authorities,
law enforcement agencies,
and authorized audit bodies,
subject to applicable legal requirements and confidentiality obligations.
17. Prohibited Activities
The Entity prohibits use of its platforms for:
unlawful activity,
fraud,
sanctions violations,
money laundering,
terrorist financing,
deceptive business practices,
counterfeit goods,
prohibited financial activity,
unauthorized financial services,
illegal gambling,
prohibited adult services,
narcotics,
weapons,
shell merchant activity,
or abusive operational conduct.
The Entity reserves the right to reject, suspend, or terminate onboarding or operational access where prohibited activity is identified or reasonably suspected.
18. Continuous Improvement
Keynoverse continuously evaluates and enhances its governance, compliance, onboarding, monitoring, fraud prevention, and operational control frameworks.
This may include:
procedural improvements,
monitoring enhancements,
onboarding workflow upgrades,
enhanced audit procedures,
security improvements,
escalation refinements,
and governance control enhancements.
19. Policy Governance & Review
This Manual is reviewed periodically and may be updated to reflect:
operational changes,
platform developments,
PSP requirements,
legal developments,
security risks,
or evolving compliance expectations.
Continued operational use of the Entity’s systems and platforms constitutes acknowledgment of applicable governance and compliance controls.