AML Policy

360 Software Ltd ANTI MONEY LAUNDERING POLICY

The primary purpose of the 360 Software Ltd Anti Money Laundering (“GAML” or “AML”) policy is to ensure identification, assessment and scoring of risks, action planning and mitigation of the potential risks 360 Software Ltd (the “Company” or “360 Software Ltd”) may be exposed to, in relation to laundering of proceeds of crime and financing of terrorism.

The policy is based on management of compliance risks arising from customers; and it also oversees:

Ongoing compliance with the requirements introduced by national and international laws, regulations and sanctions,

Implementation of the risk-based “Know Your Customer” and “Customer Activity Monitoring” principles,

Determination and reporting of the suspicious activities,

Preservation of reputation and brand value of the Company towards national and international authorities.

RISK MANAGEMENT ACTIVITIES.

Know Your Customer

360 Software Ltd will identify the potential customer and the persons on behalf or account of whom the transactions are conducted before the transactions are conducted. Accordingly, 360 Software Ltd performs necessary controls and takes measures with respect to:

Identification and verification of the valid identity, origin and address details of (potential) customers, acceptable to the legal authorities, before providing any service and during the course of a continuous relation;

Consistency of the income levels of customers and the services they perform/request with their business, the general course of action and sources of income of the customer type, in which they are included;

Origin of customers funds

Possibility of the customers being included on national/international sanctions lists.

360 Software Ltd will not establish any relation if the proof of identification and verification is not made or sufficient information about the purpose of the relations is not obtained; and the relation will be terminated, when the identification and verification of the customer is not performed where it is required to be conducted in case of any suspicion related to sufficiency and accuracy/authenticity of the previously obtained identity details of the customer.

The standard customer due diligence process to be performed by 360 Software Ltd, at a minimum, as part of “Know your customer” measures includes:

Identification and verification/authentication of the customer’s identity details, address, specimen signature, ultimate beneficial owners, authorized representatives in accordance with legal legislation and the internal policies of 360 Software Ltd,

Screening of the customers in case of the risk of them being on international sanctions lists (including country risk assessment),

Determination of whether the customer and any related parties of the customer are a politically exposed person (PEP), or related/linked to a politically exposed person,

Investigation of whether the customer and related parties of the customer are associated with ultra high risk countries as defined under international organizations and 360 Software Ltd internal policy,

Analysis of the laws of the country/countries of origin and residence of the potential client and if they had established restrictions for its nationals with respect on having accounts abroad or restrictions to payments abroad.

Determination of whether the customer acts on behalf and/or account of other persons,

Monitoring of customer activity for detection of any unusual activity/behaviour,

Identification and verification of the source of income,

Obtaining information about the reasons for operating with 360 Software Ltd.

In addition, enhanced due diligence measures are applied for customers who are regarded as risky by 360 Software Ltd as a result of the risk assessment to be performed during customer acceptance processes or subsequently. Notwithstanding the results of the risk assessment, application of enhanced measures and/or update of monitoring operations may be considered in accordance with the risky customer/transaction/sector assessments under international regulations and applicable practices.

The measures to be taken by 360 Software Ltd as part of the enhanced customer due diligence process include:

Identification of the customer, beneficial owner, authorized representatives (including composition of the company) and filtering of the same in case there is a risk of them being in international sanctions lists,

Identification and verification, where necessary, of source of wealth of the customer and the ultimate beneficial owner based on documentation,

Determination of whether the source of funds and/or capital of the customer have been verified in an easy and satisfactory manner, and authentication of the same based on documentation, where necessary,

Control of information and documentation to know the purposes for which Company services are requested.

Verifying information

Based on the risk, and to the extent reasonable and practicable, the Company will ensure that it has a reasonable belief of the true identity of its customers. In verifying customer identity, shall review photo identification. 360 Software Ltd shall not attempt to determine whether the document that the customer has provided for identification has been validly issued. For verification purposes, the Company shall rely on a government-issued identification to establish a customer’s identity. 360 Software Ltd, however, will analyze the information provided to determine if there are any logical inconsistencies in the information obtained. 360 Software Ltd will document its verification, including all identifying information provided by the customer, the methods used and results of the verification.

1. RISK ASSESSMENT METHODOLOGY

All customers should undergo an assessment process in respect of potential risks of laundering of proceeds of crime and the associated risks. For this purpose, the Company implements a customer risk assessment methodology which takes into account: the customer country of origin, residence and the country where he/she operates (country, region, etc), whether the customer is a politically exposed person or not, the type of transactions performed or wishing to be performed by the customer, the shareholding structure, capital and senior management, controls of the customer. This methodology is revised by the Company when a new risk specific to a customer or certain transactions arises, and the Company takes necessary measures in this respect. The Company will perform the detailed investigation measures of the customers in accordance with the general requirements prescribed under the regulations.

As part of the risk assessment methodology, the persons and entities, for whom/which the Company shall not intermediate or which shall be subjected to enhanced measures are listed below:

Any persons and entities refraining from; providing information, documentation and being subject to recording,

Any persons and entities wishing to open accounts anonymously or by using alias/nicknames,

Any persons or entities present in national and international sanctions lists,

Any persons or entities involved in risky sectors,

Any persons or entities located in or associated with countries without satisfactory regulations in place with respect to prevention of laundering of proceeds of crime and financing of terrorism (risky countries),

Politically exposed persons (PEP),

The information provided by the customer that identifies a legitimate source for funds is false, misleading, or substantially incorrect. Upon request, the customer refuses to identify or fails to indicate any legitimate source for his or her funds,

The potential customer (or a person publicly associated with the customer) has a questionable background or is the subject of news reports indicating possible criminal, civil, or regulatory violations,

The potential customer appears to be acting as an agent for an undisclosed principal, but declines or is reluctant, without legitimate commercial reasons, to provide information or is otherwise evasive regarding that person or entity,

The potential customer has difficulty describing the nature of his or her business or work or lacks general knowledge of his or her industry,

The customer is from, or has accounts in, a country identified as a non-cooperative country or territory by the Financial Action Task Force,

The customer starts making or wants to make extensive and/or unexplained deposits of funds, without giving any business reason, logical explanation and valid prove of funds origin,

The customer wants to transfer funds to or from a country identified as money laundering risk,

The customer country of origin and residence established restrictions for its nationals with respect on having accounts abroad or restrictions to payments abroad,

The customer requests that a transaction be processed in such a manner to avoid the firm’s normal documentation requirements

2. MONITORING AND CONTROL ACTIVITIES

For the purposes of prevention of laundering of proceeds of crime and financing of terrorism, the Company carries out a monitoring and control process, at a minimum, in relation to:

High-risk customers and transactions,

Funds and/or payments becoming from risky countries

Unusual and or suspicious behaviours,

Activity inconsistent with the customer’s practices, source of funds and profile.

Transfers of funds to several different accounts located in different countries or in countries where the client has no connection or proved valid relationship.

3. SUSPICIOUS ACTIVITY

Suspicious activity means presence of any information, suspicion or any matter which would require suspicion about the fact that the money subject to a transaction, performed or attempted to be performed with or through the agency of the Company, has been obtained illegally, or is used for unlawful purposes, or is used by any terrorist organizations, terrorists or financiers of terrorism within such scope, or is related or associated with them. Definition of the term “Suspicious activity” includes use of the money, subject to the transaction, for unlawful purposes in addition to the fact that they have been obtained illegally.

4. PROVISION AND RETENTION OF INFORMATION AND DOCUMENTATION

The Company retains any documents associated with its obligations and transactions, available on any kind of media, for a period of (___) years to start as of the date of issuance, and for a period of

(___) years as of the date of the last entry/record for the books and entries/records, and as of the date of the last transaction for the documents and entries/records regarding due diligence.

5. TRAINING

360 Software Ltd shall provide general AML training to its officers to ensure awareness of requirements under the law. The training will include, at a minimum: knowledge of applicable national and international regulations; what roles have each officer in the 360 Software Ltd compliance efforts and how to perform such duties and responsibilities; principles with respect to customer due diligence; how to identify signs of money laundering; what to do once a suspicious activity or person is detected; suspicious transaction reporting; suspicious transaction types; obligation to retain and to present documentation; obligation to provide information and documents; sanctions to be applied in case of any failure to observe and fulfill the obligations.