Know Your Client (KYC) and Anti-Money Laundering (AML) Policy

1.1. This Know Your Client (KYC) and Anti-Money Laundering (AML) Policy (the "Policy") outlines the principles and procedures TeamFlow (the "Company") employs to identify its clients, including customers and contractors registered on the platform. The Policy aims to prevent money laundering, terrorist financing, and other related illegal activities.

1.2. This Policy ensures compliance with the legislation of the Republic of Kazakhstan, including:

• The Law of the Republic of Kazakhstan "On Counteracting Legalization (Laundering) of Proceeds of Crime and Financing of Terrorism" (AML Law).

• Regulatory acts issued by the Financial Monitoring Agency of the Republic of Kazakhstan.

1.3. TeamFlow may engage third-party KYC/AML verification services, such as SumSub, AMLbot, or similar providers, as well as legal experts specializing in local legislation.

2.1. TeamFlow or its authorized representatives collect and verify information and documentation from customers when they create accounts on the platform, based on the following principles:

• Using a risk-based approach to identify and verify customers.

• Documenting information and materials related to verification.

• Notifying customers about the need to provide data for verification purposes.

• Checking customer data against international and national sanction lists.

2.2. Enhanced verification applies in the following cases:

• Customers are registered in offshore jurisdictions.

• Individuals or organizations are linked to high-risk jurisdictions.

• Customer data or documents raise doubts about their authenticity.

2.3. The customer shall undergo the following risk-based Customer due diligence and KYC identification program which may be carried out by TeamFlow itself or by the person designated (KYC/AML Service Provider) by TeamFlow:

• the customer creates a user account at the Platform;

• the customer uploads to his/her account the information and documents required under section 2.4;

• the information and documents submitted by the customer will be transferred to the KYC/AML Service Provider to verify the customer’s identity;

• the KYC/AML Service Provider will review and verify the provided information and documents;

• the KYC/AML Service Provider will perform a search regarding the customer in the Government Sanctions Lists, Politically Exposed Persons Lists, Anti-Terrorism Watchlists, Anti-Money Laundering (AML) Watchlists, CIA Watchlists, Global Watchlist, Disqualified Directors, and similar watchlists (collectively the “Watchlists Databases”);

• the KYC/AML Service Provider will verify the customer or decline the customer after the customer information review and the search in the Watchlists Databases;

• if the customer meets any of the criteria under section 2.2, then TeamFlow will perform enhanced due diligence based on a risk-based approach or refuse such customer in the provision of Services and refund to that customer any funds that have been previously advanced by such customer to the account from which they had originated, in the same type and manner (if applicable), and within a reasonable time, unless otherwise is provided in this Policy and/or required by applicable laws and regulations;

• TeamFlow will request additional information and/or documents for customers from high-risk countries or if there is information and/or documents submitted by the customer referring to a higher risk of money laundering, terrorist financing, and sanctions.

2.4. The following information and documents are mandatory:

• Full name, date of birth or registration, citizenship, and residence.

• Contact details, including email address, phone number, and physical address.

• Identification documents and proof of address.

• For legal entities: registration documents, information about beneficial owners, and statutory documents.

2.5. If a customer's data is inconsistent or suspicious activity is detected, TeamFlow will:

• Deactivate or close the account.

• Report suspicious activity to the national regulator.

2.6. If a customer refuses to provide data or provides false information, the account may be closed, and funds returned in accordance with established procedures.

3.1. TeamFlow undertakes to keep records of all verification steps for at least 5 years:

• Documents used to verify identity.

• Verification logs, including interactions with verification service providers.

• Information about the verification status of customers.

3.2. Customer data is considered confidential and may only be disclosed to third parties in accordance with the law.

4.1. In accordance with the AML legislation of Kazakhstan, TeamFlow may request additional information.

4.2. The Company reserves the right to refuse service without explanation.

4.3. TeamFlow may engage external legal experts and specialists to verify customer data in compliance with local legislation.

5.1. TeamFlow employees involved in KYC/AML processes are required to undergo regular training, including specifics of Kazakhstan's legislation.