KYC / AML Policy

This policy applies to every customer, supplier, partner and employee of DFA Machine Ltd. It implements the Proceeds of Crime Act 2002, the Terrorism Act 2000, the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, applicable EU AMLD requirements and UK and EU sanctions regimes.

We classify each customer into low, medium or high risk based on country of incorporation, ownership structure, industry, payment method, transaction volume and product mix. Risk ratings drive the depth of due diligence applied and the frequency of refresh (annual for low risk; six-monthly for medium; quarterly for high).

• Standard CDD: verified business name, registration number, registered address, list of directors and Persons of Significant Control (≥ 25%), VAT ID where applicable.
• Enhanced CDD (EDD): for high-risk jurisdictions, PEPs, complex ownership or transactions over €10,000 in a calendar month. EDD adds source-of-funds evidence, signed UBO declaration and additional ID verification of beneficial owners.
• Simplified CDD: for listed UK/EU public companies and verified UK/EU public-sector bodies.

Every new customer and beneficial owner is screened against UK OFSI, EU Consolidated, OFAC SDN, UN Consolidated and PEP lists at onboarding, and rescreened daily. Positive matches trigger immediate freeze of the account pending investigation. Confirmed matches are reported to OFSI within the statutory window.

Transaction and behavioural monitoring runs continuously. Triggers include: unusual payment patterns, third-party payments, IP / billing country mismatch, abnormal infrastructure usage and inbound abuse reports. Alerts are reviewed by the MLRO within 1 business day.

Confirmed suspicions are reported to the National Crime Agency (NCA) via SAR Online without tipping-off the customer, in line with POCA 2002. Equivalent reports are filed with the relevant EU FIU where applicable.

CDD records, transaction logs and SAR documentation are retained for 5 years after the end of the business relationship, or longer if required by a competent authority. Records are stored encrypted at rest with access limited to the MLRO function.

All staff complete AML, sanctions and fraud-awareness training during onboarding and annually thereafter. The MLRO and finance team receive additional advanced training.

The Money Laundering Reporting Officer (MLRO) is the Head of Compliance, reporting directly to the Board. The Board reviews the AML risk assessment and policy annually, or sooner if there is a material change in regulation or business model.

To request our AML wolfsberg questionnaire or to escalate a concern, email contact@dfamachine.com with subject "MLRO".