1. Introduction and Commitment

ARK PLATFORMS, EUROPE LIMITED, operating as Bizly ("Bizly," "we," "us," or "our"), is committed to maintaining the highest standards of compliance with all applicable Know Your Customer (KYC) and Anti-Money Laundering (AML) laws and regulations. This policy outlines our procedures and requirements for customer identification, verification, and ongoing monitoring to prevent money laundering, terrorist financing, fraud, and other financial crimes. We operate in accordance with the laws of the United Kingdom, including the Proceeds of Crime Act 2002, the Terrorism Act 2000, the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, and all applicable international standards including those set by the Financial Action Task Force (FATF).

2. Scope and Applicability

This KYC & AML Policy applies to all customers, users, and beneficial owners who use Bizly's services for company formation in the United States, United Kingdom, and Spain. It applies regardless of the jurisdiction in which the company is being formed or the location of the customer. All individuals and entities seeking to use our services must comply with the requirements set forth in this policy. We reserve the right to refuse service to any individual or entity that fails to meet our KYC/AML requirements or that we determine poses an unacceptable risk of money laundering, terrorist financing, or other financial crimes.

3. Regulatory Framework and Legal Basis

Our KYC and AML procedures are designed to comply with multiple regulatory frameworks, including but not limited to: (a) The UK Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017); (b) The Proceeds of Crime Act 2002 (POCA); (c) The Terrorism Act 2000; (d) The Criminal Finances Act 2017; (e) Financial Action Task Force (FATF) Recommendations; (f) EU Fourth and Fifth Anti-Money Laundering Directives (where applicable); (g) US Bank Secrecy Act and USA PATRIOT Act (for US company formations); (h) Sanctions programs administered by HM Treasury's Office of Financial Sanctions Implementation (OFSI), the US Office of Foreign Assets Control (OFAC), the European Union, and the United Nations. We continuously monitor regulatory developments and update our procedures to ensure ongoing compliance.

4. Customer Due Diligence (CDD) Requirements

We conduct Customer Due Diligence (CDD) on all customers before establishing a business relationship or conducting any transaction. Our CDD process includes: (a) Identifying the customer and verifying their identity using reliable, independent source documents, data, or information; (b) Identifying beneficial owners and taking reasonable measures to verify their identity; (c) Understanding and obtaining information on the purpose and intended nature of the business relationship; (d) Conducting ongoing monitoring of the business relationship including scrutiny of transactions undertaken throughout the course of that relationship. The level of due diligence applied is proportionate to the risks of money laundering and terrorist financing that we have identified through our risk assessment.

5. Identity Verification for Individuals

For individual customers, we require the following information and documentation to verify identity: (a) Full legal name (including any previous names or aliases); (b) Date of birth; (c) Residential address (we do not accept PO boxes as proof of address); (d) Nationality and country of residence; (e) A valid government-issued photo identification document (such as passport, national identity card, or driver's license); (f) Proof of address dated within the last three months (such as utility bill, bank statement, or government-issued document); (g) Tax identification number or equivalent; (h) Source of funds and source of wealth information (for higher-risk customers or large transactions). All identification documents must be clear, legible, and current. We may require additional documentation or information if the initial documents provided are insufficient or raise concerns.

6. Identity Verification for Corporate Entities

For corporate customers or when forming a company on behalf of an entity, we require: (a) Full legal name of the entity; (b) Registered address and principal place of business; (c) Jurisdiction of incorporation or registration; (d) Company registration number or equivalent; (e) Certificate of incorporation or equivalent formation document; (f) Articles of association, bylaws, or equivalent governing documents; (g) Register of directors and officers; (h) Register of shareholders or members; (i) Identification and verification of all beneficial owners (individuals who own or control 25% or more of the entity); (j) Identification and verification of authorized signatories and representatives; (k) Corporate structure chart (for complex structures); (l) Financial statements or evidence of business activities; (m) Tax identification number or equivalent. For entities incorporated in high-risk jurisdictions, we may require additional documentation and enhanced due diligence.

7. Beneficial Ownership Identification

We are required to identify and verify the identity of beneficial owners of all corporate customers. A beneficial owner is any individual who: (a) Ultimately owns or controls more than 25% of the shares or voting rights in the entity; (b) Otherwise exercises control over the management of the entity. For each beneficial owner, we require the same level of identification and verification as for individual customers (see Section 5). If no individual meets the beneficial ownership criteria, we will identify and verify the identity of the senior managing official(s) of the entity. We maintain records of all beneficial ownership information and update this information when we become aware of any changes.

8. Enhanced Due Diligence (EDD)

We apply Enhanced Due Diligence (EDD) measures in situations that present higher risks of money laundering or terrorist financing, including but not limited to: (a) Customers from high-risk third countries identified by the FATF or other regulatory bodies; (b) Politically Exposed Persons (PEPs), their family members, and close associates; (c) Customers involved in high-risk business activities (such as money service businesses, casinos, arms dealers, or precious metals dealers); (d) Complex corporate structures with no apparent economic or lawful purpose; (e) Transactions or business relationships involving countries subject to sanctions or embargoes; (f) Customers who are unable or unwilling to provide standard identification documents; (g) Non-face-to-face customers in certain circumstances; (h) Correspondent banking relationships. EDD measures may include: obtaining additional identification documents, conducting additional verification checks, obtaining information on the source of funds and source of wealth, obtaining approval from senior management, conducting enhanced ongoing monitoring, and requiring the first payment to be carried out through an account in the customer's name with a regulated bank.

9. Politically Exposed Persons (PEPs)

We have specific procedures for identifying and managing relationships with Politically Exposed Persons (PEPs). A PEP is an individual who is or has been entrusted with a prominent public function, including but not limited to: heads of state, heads of government, government ministers, senior politicians, senior government officials, judicial or military officials, senior executives of state-owned corporations, and important political party officials. We also apply PEP procedures to family members and known close associates of PEPs. When we identify a customer as a PEP, we: (a) Obtain senior management approval before establishing or continuing the business relationship; (b) Take adequate measures to establish the source of wealth and source of funds; (c) Conduct enhanced ongoing monitoring of the business relationship. PEP status is reviewed periodically and updated as necessary.

10. Sanctions Screening

We screen all customers, beneficial owners, and related parties against sanctions lists maintained by: (a) HM Treasury's Office of Financial Sanctions Implementation (OFSI); (b) The US Office of Foreign Assets Control (OFAC); (c) The European Union; (d) The United Nations Security Council; (e) Other relevant international and national sanctions authorities. Screening is conducted at onboarding and on an ongoing basis. If a customer or related party is identified as being on a sanctions list or is connected to a sanctioned country, entity, or individual, we will: (a) Immediately suspend all services; (b) Conduct a thorough investigation; (c) Report the matter to the appropriate authorities as required by law; (d) Refuse to establish or continue the business relationship; (e) Comply with all applicable asset freezing and other sanctions requirements.

11. Prohibited Jurisdictions

In compliance with international sanctions and our risk-based approach, we do not provide services to customers who are residents of, or entities incorporated in, the following high-risk jurisdictions: Afghanistan, Belarus, Burundi, Central African Republic, Congo, Cuba, Democratic Republic of Congo, Haiti, Iran, Iraq, Libya, Myanmar (Burma), North Korea, Russia, Somalia, South Sudan, Sudan, Syria, Venezuela, Yemen, and Zimbabwe. This list is subject to change based on evolving sanctions regimes and risk assessments. We also apply enhanced due diligence to customers with connections to other jurisdictions identified as high-risk by the FATF or other regulatory bodies.

12. Risk Assessment Methodology

We conduct comprehensive risk assessments to identify and evaluate the money laundering and terrorist financing risks associated with our business. Our risk assessment considers: (a) Customer risk factors (including customer type, business activities, country of residence, and behavior); (b) Country or geographic risk factors (including countries identified by credible sources as having inadequate AML/CFT systems, countries subject to sanctions, and countries known for high levels of corruption or organized crime); (c) Product, service, transaction, or delivery channel risk factors; (d) Other relevant risk factors identified through our monitoring and review processes. Based on our risk assessment, we categorize customers as low, medium, or high risk and apply appropriate levels of due diligence and monitoring. Risk assessments are reviewed and updated regularly and whenever there are material changes to our business or the regulatory environment.

13. Ongoing Monitoring and Transaction Screening

We conduct ongoing monitoring of all business relationships to ensure that transactions and activities are consistent with our knowledge of the customer, their business, and risk profile. Our ongoing monitoring includes: (a) Scrutiny of transactions to ensure they are consistent with our knowledge of the customer; (b) Regular review and update of customer information and documentation; (c) Identification of unusual or suspicious transactions or patterns of behavior; (d) Enhanced monitoring for higher-risk customers; (e) Periodic review of the business relationship to ensure the customer's risk profile remains appropriate. We maintain systems and controls to detect unusual or suspicious activity, including large or unusual transactions, transactions with no apparent economic or lawful purpose, and transactions involving high-risk jurisdictions or entities.

14. Suspicious Activity Reporting

We have procedures in place to identify and report suspicious activity to the appropriate authorities. If we know or suspect that a transaction or activity involves money laundering, terrorist financing, or other financial crimes, we will: (a) File a Suspicious Activity Report (SAR) with the National Crime Agency (NCA) in the UK or the appropriate authority in other jurisdictions; (b) Refrain from carrying out the transaction until we have consent from the NCA or the appropriate authority (unless doing so would tip off the customer); (c) Not inform the customer that a SAR has been filed (to avoid "tipping off"); (d) Cooperate fully with law enforcement and regulatory authorities in any investigation. All employees are trained to recognize and report suspicious activity, and we maintain a confidential reporting mechanism for employees to report concerns.

15. Record Keeping Requirements

We maintain comprehensive records of all customer identification, verification, and transaction information in accordance with legal requirements. Our record keeping practices include: (a) Retaining copies of all identification documents and verification evidence for at least five years after the end of the business relationship; (b) Retaining records of all transactions for at least five years after the transaction is completed; (c) Retaining records of all risk assessments, due diligence measures, and monitoring activities; (d) Retaining records of all suspicious activity reports and related investigations; (e) Ensuring all records are readily accessible and can be provided to regulatory authorities upon request; (f) Maintaining records in a format that allows for timely retrieval and analysis. All records are stored securely and in compliance with data protection laws.

16. Employee Training and Awareness

We provide regular training to all employees on KYC and AML requirements, including: (a) Relevant laws, regulations, and regulatory guidance; (b) Our internal KYC/AML policies and procedures; (c) How to identify and report suspicious activity; (d) The consequences of non-compliance; (e) Current money laundering and terrorist financing trends and typologies; (f) Sanctions requirements and screening procedures. Training is provided to all new employees as part of their onboarding and is refreshed regularly for all staff. We maintain records of all training provided and ensure that employees understand their obligations and responsibilities.

17. Compliance Officer and Governance

We have appointed a designated Money Laundering Reporting Officer (MLRO) who is responsible for overseeing our KYC and AML compliance program. The MLRO's responsibilities include: (a) Developing, implementing, and maintaining our KYC/AML policies and procedures; (b) Ensuring compliance with all applicable laws and regulations; (c) Conducting risk assessments and implementing risk-based controls; (d) Overseeing customer due diligence and ongoing monitoring; (e) Reviewing and filing suspicious activity reports; (f) Liaising with regulatory authorities and law enforcement; (g) Providing training and guidance to employees; (h) Conducting internal audits and reviews of the compliance program; (i) Reporting to senior management and the board on compliance matters. The MLRO has sufficient authority, resources, and independence to carry out these responsibilities effectively.

18. Independent Testing and Audit

We conduct regular independent testing and audits of our KYC and AML compliance program to assess its effectiveness and identify areas for improvement. Independent testing is conducted by qualified internal or external auditors who have no operational responsibilities for the areas being tested. Testing includes: (a) Review of policies, procedures, and controls; (b) Testing of customer due diligence and verification processes; (c) Review of transaction monitoring and suspicious activity reporting; (d) Assessment of record keeping practices; (e) Evaluation of training programs; (f) Testing of sanctions screening procedures; (g) Review of risk assessment methodologies. Findings and recommendations from independent testing are reported to senior management and the board, and corrective actions are implemented as necessary.

19. Technology and Automated Systems

We utilize technology and automated systems to enhance the effectiveness and efficiency of our KYC and AML compliance program. Our systems include: (a) Automated identity verification and document authentication tools; (b) Sanctions screening software that screens against multiple global sanctions lists; (c) Transaction monitoring systems to detect unusual or suspicious activity; (d) Risk scoring and assessment tools; (e) Case management systems for investigating and documenting suspicious activity; (f) Secure document storage and retrieval systems. We regularly review and update our technology to ensure it remains effective and incorporates the latest developments in compliance technology. However, we recognize that technology is a tool to support, not replace, human judgment and decision-making in compliance matters.

20. Customer Cooperation and Transparency

We require full cooperation from customers in meeting our KYC and AML requirements. Customers must: (a) Provide accurate, complete, and truthful information and documentation; (b) Respond promptly to requests for additional information or clarification; (c) Notify us of any changes to their information, including changes to beneficial ownership, address, or business activities; (d) Cooperate with any additional verification or due diligence measures we deem necessary; (e) Understand that failure to provide required information or cooperation may result in delays, suspension, or termination of services. We are committed to being transparent with customers about our KYC/AML requirements while maintaining the confidentiality of our compliance processes and any suspicious activity reporting.

21. Consequences of Non-Compliance

Failure to comply with our KYC and AML requirements may result in: (a) Refusal to establish a business relationship; (b) Suspension or termination of services; (c) Closure of accounts; (d) Reporting to regulatory authorities or law enforcement; (e) Legal action to recover any losses or damages; (f) Cooperation with law enforcement investigations or prosecutions. We take our compliance obligations seriously and will not compromise on our standards to accommodate customers who are unwilling or unable to meet our requirements. Customers who attempt to circumvent our KYC/AML procedures or provide false or misleading information will be immediately reported to the appropriate authorities.

22. Data Protection and Privacy

We are committed to protecting the privacy and security of customer information collected for KYC and AML purposes. All personal data is collected, processed, and stored in accordance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We: (a) Collect only the information necessary for KYC/AML compliance; (b) Use customer information only for the purposes for which it was collected; (c) Implement appropriate technical and organizational measures to protect customer information; (d) Retain customer information only for as long as required by law; (e) Provide customers with access to their information and the ability to correct inaccuracies (subject to legal restrictions); (f) Do not sell or share customer information with third parties except as required by law or necessary for KYC/AML compliance. For more information on how we handle personal data, please refer to our Privacy Policy.

23. Third-Party Service Providers

We may engage third-party service providers to assist with certain aspects of our KYC and AML compliance program, such as identity verification, sanctions screening, or document authentication. When we engage third-party providers, we: (a) Conduct due diligence on the provider to ensure they have appropriate expertise, systems, and controls; (b) Enter into written agreements that clearly define the provider's responsibilities and obligations; (c) Ensure the provider complies with all applicable laws and regulations; (d) Monitor the provider's performance and conduct regular reviews; (e) Maintain ultimate responsibility for compliance with KYC/AML requirements. We do not delegate our compliance obligations to third parties and retain full accountability for all compliance activities.

24. Cross-Border Considerations

As we provide company formation services in multiple jurisdictions (United States, United Kingdom, and Spain), we must comply with the KYC and AML requirements of each jurisdiction. We: (a) Understand and comply with the specific requirements of each jurisdiction in which we operate; (b) Apply the higher standard when requirements differ between jurisdictions; (c) Ensure our procedures meet the requirements of all applicable jurisdictions; (d) Monitor regulatory developments in all relevant jurisdictions; (e) Adapt our procedures as necessary to maintain compliance with evolving requirements. We also consider the cross-border nature of money laundering and terrorist financing and apply appropriate controls to mitigate these risks.

25. Simplified Due Diligence

In limited circumstances where we have assessed the risk of money laundering and terrorist financing as low, we may apply Simplified Due Diligence (SDD) measures. SDD may only be applied when: (a) We have conducted a risk assessment and determined that the customer, product, or transaction presents a low risk; (b) The customer is a regulated financial institution or listed company subject to disclosure requirements; (c) The customer is a public authority or government entity; (d) Other circumstances where the risk is demonstrably low. Even when applying SDD, we still: (a) Verify the identity of the customer; (b) Understand the nature of the customer's business; (c) Conduct ongoing monitoring; (d) Remain alert to unusual or suspicious activity. We do not apply SDD in circumstances where there is a suspicion of money laundering or terrorist financing.

26. Reliance on Third Parties

In certain circumstances, we may rely on due diligence conducted by regulated third parties (such as banks, lawyers, or accountants) to meet our KYC requirements. We may only rely on third parties when: (a) The third party is subject to equivalent KYC/AML regulations and supervision; (b) We have assessed the third party's competence and compliance with KYC/AML requirements; (c) We obtain the necessary customer identification and verification information from the third party; (d) We enter into a written agreement with the third party setting out the terms of reliance; (e) We are satisfied that the third party will provide copies of identification documents and other relevant information upon request. Even when relying on third parties, we remain ultimately responsible for compliance with KYC/AML requirements and must be satisfied that the due diligence conducted meets our standards.

27. New Technologies and Innovation

We recognize that new technologies and business models present both opportunities and risks for KYC and AML compliance. We: (a) Monitor developments in financial technology and assess their impact on money laundering and terrorist financing risks; (b) Evaluate new technologies for their potential to enhance our compliance program; (c) Conduct risk assessments before adopting new technologies or business models; (d) Implement appropriate controls to mitigate risks associated with new technologies; (e) Engage with regulators and industry bodies to understand regulatory expectations for new technologies. We are committed to innovation while maintaining robust compliance standards and will not adopt technologies or business models that compromise our ability to meet our KYC/AML obligations.

28. Correspondent Relationships and Partnerships

When we establish correspondent relationships or partnerships with other businesses to provide services to our customers, we: (a) Conduct due diligence on the correspondent or partner to assess their KYC/AML compliance; (b) Ensure the correspondent or partner has adequate KYC/AML policies and procedures; (c) Verify that the correspondent or partner is properly licensed and regulated; (d) Obtain information about the correspondent's or partner's management and ownership; (e) Understand the correspondent's or partner's business and customer base; (f) Assess the money laundering and terrorist financing risks associated with the relationship; (g) Document the basis for our decision to enter into the relationship; (h) Monitor the relationship on an ongoing basis. We do not establish relationships with shell banks or entities that allow their accounts to be used by shell banks.

29. Customer Exit and Relationship Termination

We reserve the right to terminate our relationship with any customer at any time if: (a) The customer fails to provide required KYC/AML information or documentation; (b) We are unable to verify the customer's identity or beneficial ownership; (c) We identify suspicious activity or believe the relationship poses an unacceptable risk; (d) The customer is identified on a sanctions list or has connections to sanctioned entities; (e) The customer's risk profile changes and no longer meets our risk appetite; (f) We are required to do so by law or regulatory authorities. When terminating a relationship, we: (a) Document the reasons for termination; (b) File a suspicious activity report if appropriate; (c) Comply with all legal and regulatory requirements; (d) Retain all records in accordance with our record keeping obligations; (e) Do not tip off the customer if doing so would prejudice an investigation.

30. Regulatory Reporting and Cooperation

We are committed to full cooperation with regulatory authorities and law enforcement agencies. We: (a) File all required reports in a timely and accurate manner; (b) Respond promptly to requests for information from regulatory authorities; (c) Provide access to our records and systems as required by law; (d) Cooperate with investigations and enforcement actions; (e) Attend meetings and hearings as requested; (f) Implement corrective actions in response to regulatory findings or recommendations. We maintain open lines of communication with our regulators and seek guidance when appropriate to ensure we understand and meet our obligations.

31. Policy Review and Updates

This KYC & AML Policy is reviewed and updated regularly to ensure it remains current and effective. Reviews are conducted: (a) At least annually; (b) When there are material changes to our business or services; (c) When there are changes to applicable laws or regulations; (d) When there are significant changes to the money laundering or terrorist financing risk environment; (e) Following findings from internal audits or regulatory examinations; (f) When new typologies or methods of money laundering or terrorist financing are identified. Updates to this policy are approved by senior management and communicated to all relevant employees. The current version of this policy is always available on our website.

32. Contact Information and Reporting

If you have questions about our KYC & AML Policy or requirements, or if you need to report suspicious activity, please contact our Money Laundering Reporting Officer (MLRO) at:

ARK PLATFORMS, EUROPE LIMITED
Attention: Money Laundering Reporting Officer
OFFICE 12, INITIAL BUSINESS CENTRE
WILSON BUSINESS PARK
MANCHESTER, M40 8WN
United Kingdom

Email: compliance@arkplatforms.co.uk
Phone: +44 7308 506068

All reports of suspicious activity will be treated confidentially and investigated thoroughly. We are committed to maintaining the highest standards of compliance and appreciate your cooperation in helping us prevent money laundering, terrorist financing, and other financial crimes.