ANTI-MONEY LAUNDERING AND COUNTER-TERRORIST FINANCING POLICY.
(PLD-FT / AML-CTF)
NovaWave Technology N.V.
Domain: www.fi.7k.bet
Date: 26 January 2026
NovaWave Technology N.V., a limited liability company duly registered with the Curaçao Chamber of Commerce and Industry under registration number 162293, with its registered address at Schottegatweg Oost 10, Unit 1-9, Bon Bini Business Center, Curaçao.
1. Purpose, scope, and zero tolerance commitment
1.1. This Anti-Money Laundering and Counter-Terrorist Financing Policy (the âPolicyâ) establishes the governance principles, mandatory controls, operational procedures, and accountability rules adopted by NovaWave Technology N.V. (âNovaWaveâ, âCompanyâ, âweâ, âourâ) to prevent, detect, deter, and respond to money laundering, terrorist financing, and related financial crime risks in connection with the operation of the domain www.fi.7k.bet (the âPlatformâ) and any associated services, channels, tools, and customer-facing or back-office processes.
1.2. NovaWave maintains a strict zero tolerance stance against any attempt to use the Platform to launder proceeds of crime, finance terrorism, evade sanctions, commit fraud, abuse the financial system, or otherwise conduct illicit activity. The Companyâs approach is preventive and risk-based. We apply controls proportionate to the nature, size, complexity, and risk profile of our operations, recognizing that effective AML-CTF controls must be practical, evidence-based, and continuously improved.
1.3. This Policy applies to all directors, officers, managers, employees, contractors, agents, and service providers acting for or on behalf of NovaWave, including payment, verification, screening, customer support, risk, compliance, and technology functions. It also applies to any third party performing outsourced activities that may affect AML-CTF risk, including onboarding, identity verification, payment processing, transaction monitoring, and customer communications.
2. Finland-specific legal and regulatory framework for operations involving Finland
2.1. Because the Platform is intended to be used in Finland through the .fi-facing domain and Finnish market exposure, NovaWaveâs AML-CTF framework is aligned with the Finnish legal system and supervisory expectations applicable to business activities conducted in or directed to Finland.
2.2. The principal Finnish statute governing prevention of money laundering and terrorist financing is the Act on Preventing Money Laundering and Terrorist Financing (444/2017) (the âFinnish AML Actâ), which establishes obligations for risk assessment, customer due diligence, ongoing monitoring, internal controls, and cooperation with competent authorities.
2.3. NovaWaveâs internal reporting and escalation standards are designed to support compliance with the Finnish AML Act and the operational role of the Finnish Financial Intelligence Unit, which processes money laundering reports and operates in connection with the National Bureau of Investigation.
2.4. NovaWave also maintains alignment with the Finnish institutional framework for AML-CTF supervision and guidance, including supervisory principles and âcurrent provisions, regulations and guidelinesâ published by the Finnish Financial Supervisory Authority (FIN-FSA) for sectors under its remit, recognizing that Finlandâs AML framework is built on EU AML directives and FATF standards.
2.5. In addition to preventive obligations, NovaWave recognizes that money laundering conduct is criminalized under Finnish criminal law, including offences addressed in Finlandâs Criminal Code framework on receiving and money laundering offences, and therefore treats any detected laundering patterns as matters requiring urgent escalation and preservation of evidence.
2.6. This Policy is written as an internal governance instrument and must be applied together with NovaWaveâs Privacy and Personal Data Protection Policy, Information Security Policy, Risk Management Policy, Sanctions Policy (if adopted), and any additional procedures required by licensing or regulatory registrations relevant to operations directed to Finland. Where local obligations apply differently depending on activity classification, NovaWave will apply the highest standard necessary to ensure risk containment and regulatory defensibility.
3. Core principles of NovaWaveâs AML-CTF program
3.1. NovaWaveâs AML-CTF program is built on the following principles, applied throughout the lifecycle of the customer relationship and across all relevant processes.
3.2. The principle of a risk-based approach is central. NovaWave identifies, assesses, and manages ML-FT risks by considering customer risk, geographic risk, product and service risk, transaction risk, and delivery channel risk. The Finnish AML Act itself requires obliged entities to prepare and maintain risk assessments, and NovaWave mirrors this structure by maintaining documented risk assessment artifacts and ensuring that controls are proportionate to identified risks.
3.3. The principle of know your customer means that NovaWave seeks reasonable certainty regarding the identity of customers, the legitimacy of their activity, and the consistency of their behavior with expected usage. This includes the ability to detect inconsistencies and to refuse, suspend, or terminate relationships where risk cannot be mitigated.
3.4. The principle of continuous monitoring means that AML-CTF is not limited to onboarding. NovaWave monitors customer behavior and transactions on an ongoing basis, updating customer risk ratings and triggering enhanced controls when risk indicators emerge.
3.5. The principle of timely escalation and defensible decisions means that NovaWave maintains structured internal workflows to document why decisions were taken, what evidence supported those decisions, who approved them, and what follow-up actions occurred. This includes secure recordkeeping suitable for audit and regulatory review.
3.6. The principle of confidentiality and controlled disclosure means that suspicious activity handling must be managed on a strict need-to-know basis, preserving investigation integrity and minimizing tipping-off risk.
4. Governance, responsibilities, and accountability
4.1. Senior management and the board of directors (or equivalent governing body) are responsible for establishing a culture of compliance and ensuring that AML-CTF risk is managed as a strategic and operational priority. Management must ensure the availability of appropriate resources, including qualified personnel, tooling, training, and independent review capacity.
4.2. NovaWave designates a responsible compliance function to oversee AML-CTF implementation. This function must be sufficiently independent from revenue-generating operations, with authority to require controls, pause transactions, freeze accounts where permitted, refuse customer onboarding, and escalate matters to senior management when risk thresholds are exceeded.
4.3. Where required by applicable law or where adopted as best practice, NovaWave appoints a Money Laundering Reporting Officer or equivalent responsible person with defined responsibilities for internal case oversight, quality assurance, reporting governance, and liaison with competent authorities.
4.4. All staff with exposure to onboarding, payments, customer support, risk review, fraud prevention, and technology operations are required to cooperate with the AML-CTF program, comply with procedures, escalate red flags, and complete mandatory training. Failure to comply may result in disciplinary measures, contract termination, and, where relevant, referral to competent authorities.
5. Enterprise AML-CTF risk assessment and updates
5.1. NovaWave maintains an enterprise-level AML-CTF risk assessment that identifies inherent risks, evaluates the adequacy of controls, and determines residual risk. This assessment is reviewed regularly and updated when there are material changes, including changes to product features, payment methods, customer base composition, geographic targeting, regulatory requirements, or emerging typologies.
5.2. Risk assessment documentation is retained and made available internally for audit and governance. It is also structured to be producible to supervisory authorities if required, consistent with the Finnish AML Actâs emphasis on risk assessment and ongoing updates.
5.3. The risk assessment process includes a documented methodology, risk scoring criteria, control mapping, ownership assignment for remediation actions, and timelines for review and revalidation.
6. Customer due diligence, identification, and verification standards
6.1. NovaWave applies Customer Due Diligence (CDD) measures to identify and verify customers before establishing a business relationship and, where relevant, before enabling financial functionality or withdrawals. The depth of verification depends on risk level and on the specific operational and regulatory obligations applicable to the activity conducted in Finland.
6.2. Identification data typically includes customer name, date of birth, nationality, and address details, together with verification using reliable sources and appropriate methods. Where identity documents are used, NovaWave applies authenticity checks, liveness or fraud-detection controls, and consistency verification against user-provided data.
6.3. NovaWave conducts verification of payment method ownership where relevant to mitigate the risk of third-party funding, mule activity, chargeback laundering, and unauthorized payment use. The Company also uses controls to detect unusual patterns such as rapid account creation, high-velocity deposits, multiple accounts linked to shared identifiers, and repeated failed verification attempts.
6.4. NovaWave applies ongoing due diligence throughout the relationship, updating verification where risk increases, where anomalies arise, where the customer changes key profile information, or where regulatory or internal thresholds require re-verification.
7. Enhanced due diligence, high-risk customers, and special attention cases
7.1. NovaWave applies Enhanced Due Diligence (EDD) when higher risk is identified. Higher risk may arise from customer profile indicators, unusual transaction patterns, high-risk geographies, complex payment behavior, or other red flags consistent with money laundering typologies.
7.2. EDD measures may include additional identity verification steps, request for supplementary documentation, enhanced scrutiny of source of funds information where appropriate, stricter transaction limits, delayed withdrawals pending review, and more frequent monitoring.
7.3. NovaWave also applies enhanced measures where customers are identified as politically exposed persons (PEPs) or where the relationship presents elevated corruption risk, recognizing that the risk-based approach requires proportionate enhancement of controls in such scenarios.
8. Transaction monitoring, behavioral monitoring, and typology-driven detection
8.1. NovaWave maintains transaction monitoring controls designed to detect patterns of placement, layering, and integration. Monitoring includes both automated detection logic and human review, supported by case management processes that ensure consistent documentation and timely decision-making.
8.2. Monitoring considers, among other indicators, transaction velocity, deposit-withdrawal cycles, unusually structured transactions, repeated small deposits potentially consistent with structuring, unusual funding sources, transaction reversals and chargebacks, rapid changes in customer details, abnormal device or IP switching, and repeated use of payment methods across multiple accounts.
8.3. NovaWaveâs monitoring framework is updated based on evolving risk assessments and external typology guidance, including the broader Finnish and EU context that emphasizes detection, investigation support, and the role of FIUs in processing submitted reports.
8.4. Monitoring alerts are triaged and investigated using documented procedures. Investigations may result in outcomes including no action, account restriction, request for additional information, enhanced monitoring, relationship termination, or escalation for potential reporting, depending on the facts and risk.
9. Suspicious activity handling, escalation, and cooperation with Finnish authorities
9.1. NovaWave maintains internal procedures to identify, escalate, and handle suspicious activity. Suspicion can be triggered by monitoring alerts, staff observations, customer support interactions, payment anomalies, third-party intelligence, or external notifications.
9.2. Cases are escalated to qualified reviewers within the compliance function. The reviewer must assess available evidence, determine whether suspicion is reasonable, decide on risk-mitigation steps, and document the rationale. All steps must be traceable and auditable.
9.3. Where reporting is required under the applicable Finnish AML framework for the relevant activity classification, NovaWaveâs procedures are designed to support reporting to the competent Finnish Financial Intelligence Unit, which processes money laundering reports in Finland.
9.4. NovaWave maintains confidentiality around suspicious activity handling and applies strict controls to prevent unauthorized disclosure, protecting both investigations and data subject rights.
10. Recordkeeping, audit trails, and evidence preservation
10.1. NovaWave retains records necessary to demonstrate the adequacy and effectiveness of its AML-CTF controls, including onboarding records, verification evidence, risk ratings, monitoring alerts, investigation files, decisions, approvals, communications related to AML-CTF reviews, and relevant transaction data.
10.2. Records are secured through access controls and technical measures designed to preserve integrity and confidentiality. Records are retained for periods required by applicable law and for as long as needed to support audits, dispute handling, regulatory inquiries, and legal claims.
10.3. NovaWaveâs recordkeeping structure is designed to be consistent with risk assessment and documentation expectations embedded in the Finnish AML Actâs framework for obliged entities and supervision.
11. Training, awareness, and compliance culture
11.1. NovaWave provides periodic AML-CTF training to relevant personnel, ensuring that staff understand risks, typologies, internal escalation requirements, confidentiality obligations, and the consequences of non-compliance.
11.2. Training is documented and includes assessment mechanisms to confirm understanding, identify gaps, and improve program effectiveness. Training content is updated to reflect changes in risk and in Finland-related expectations, including the Finnish institutional setup where the FIU processes reports and supervisory authorities emphasize internal controls and risk management.
12. Independent review, testing, and continuous improvement
12.1. NovaWave conducts periodic internal reviews and, where appropriate, independent audits of the AML-CTF program to evaluate control effectiveness, alert quality, investigation consistency, recordkeeping integrity, and staff adherence.
12.2. Findings are documented, assigned to accountable owners, and tracked to closure with timelines and evidence of remediation. The program is updated to reflect lessons learned, emerging typologies, and regulatory developments.
13. Data protection, confidentiality, and lawful processing in AML-CTF operations
13.1. AML-CTF controls often require processing of personal data, including identification documents and monitoring signals. NovaWave processes such data with strict necessity and proportionality, limiting access to authorized personnel and applying security measures consistent with its privacy and information security frameworks.
13.2. AML-CTF processing is conducted in a manner designed to support both compliance and privacy by design, ensuring that only relevant data is collected, retained, and used, and that sensitive information is protected from unauthorized access.
14. Policy governance, versioning, and updates
14.1. This Policy enters into force on 26 January 2026 and is subject to review at regular intervals and whenever material changes occur in the Platformâs risk profile, Finland-related legal requirements, supervisory expectations, or operational model.
14.2. Updates require management approval and must be communicated internally to relevant stakeholders. Operational procedures and system configurations must be aligned with the most current approved version of the Policy.
GLOSSARY
Anti-Money Laundering (AML) refers to the laws, regulations, procedures, and controls designed to prevent and detect attempts to disguise the illicit origin of criminal proceeds.
Counter-Terrorist Financing (CTF) refers to the measures designed to prevent, detect, and disrupt the collection, movement, and use of funds intended to support terrorist acts, terrorist organizations, or terrorist-related activities, regardless of whether the funds originate from lawful or unlawful sources.
Money laundering refers to conduct intended to conceal, disguise, convert, transfer, or otherwise handle proceeds of crime so that the proceeds appear legitimate, often involving phases commonly described as placement, layering, and integration.
Finnish AML Act refers to the Act on Preventing Money Laundering and Terrorist Financing (444/2017), which establishes Finlandâs preventive AML-CTF obligations, including risk assessment and internal control expectations for obliged entities.
Financial Intelligence Unit (FIU) refers to the authority that receives and processes money laundering reports and supports detection and investigation. In Finland, the FIU operates in connection with the National Bureau of Investigation.
Customer Due Diligence (CDD) refers to measures used to identify and verify customers and assess the risk associated with the business relationship.
Enhanced Due Diligence (EDD) refers to additional and more stringent verification and monitoring measures applied where higher risk of money laundering or terrorist financing is identified.
Politically Exposed Person (PEP) refers to an individual who holds or has held a prominent public function and who may present increased exposure to corruption-related risks, requiring enhanced scrutiny under risk-based AML-CTF controls.
Transaction monitoring refers to the systematic review and analysis of transactions and behavior to identify unusual patterns or activity consistent with money laundering, terrorist financing, fraud, or sanctions evasion.
Suspicious activity refers to conduct, transactions, or patterns that give rise to reasonable grounds to suspect money laundering, terrorist financing, or related financial crime, requiring escalation and documented review, and, where applicable, reporting consistent with the relevant AML-CTF framework.
Risk-based approach refers to allocating controls, monitoring intensity, and verification depth in proportion to identified risks, consistent with Finlandâs statutory approach and EU/FATF standards.
FIN-FSA refers to the Finnish Financial Supervisory Authority, which publishes guidance and supervises AML-CTF compliance for sectors under its remit and outlines the broader Finnish AML-CTF framework and expectations on internal controls.