AML/CTF Policy

Our commitment to preventing money laundering and terrorism financing

Last updated: March 2026

1. Scope and Objectives

This Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Policy establishes the framework, principles, and procedures that MALIPOPAY, a product of Lockwood Technology Ltd, implements to prevent, detect, and report money laundering, terrorism financing, and other financial crimes.

This policy applies to:

  • All employees, officers, directors, and contractors of MALIPOPAY and Lockwood Technology Ltd.
  • All merchants, agents, and business partners who use or interact with the MALIPOPAY Platform.
  • All transactions processed through the Platform, regardless of payment channel (mobile money, bank transfers, card payments, USSD, or disbursements).

The objectives of this policy are to:

  • Ensure full compliance with all applicable AML/CTF laws and regulations in the United Republic of Tanzania.
  • Establish effective Know Your Customer (KYC) and Customer Due Diligence (CDD) procedures.
  • Implement robust transaction monitoring systems to detect suspicious activities.
  • Ensure timely reporting of suspicious transactions to the relevant authorities.
  • Protect MALIPOPAY, its merchants, and the financial system from being used as a vehicle for financial crime.

2. Regulatory Framework

MALIPOPAY operates in compliance with the following laws, regulations, and guidelines:

  • The Anti-Money Laundering Act, 2006 (as amended) of the United Republic of Tanzania.
  • The Prevention of Terrorism Act, 2002 (as amended) of the United Republic of Tanzania.
  • The Anti-Money Laundering (Amendment) Regulations issued under the principal Act.
  • Bank of Tanzania (BoT) Guidelines on AML/CTF for Payment Service Providers, including the National Payment Systems Act.
  • Financial Action Task Force (FATF) Recommendations, as adopted and implemented in Tanzania.
  • Eastern and Southern Africa Anti-Money Laundering Group (ESAAMLG) standards and mutual evaluation recommendations.
  • United Nations Security Council Resolutions related to counter-terrorism and sanctions.

3. Know Your Customer (KYC) and Customer Due Diligence (CDD)

3.1 Standard Due Diligence

Before onboarding any merchant onto the MALIPOPAY Platform, we conduct the following standard due diligence procedures:

  • Individual Merchants: Collection and verification of full legal name, date of birth, nationality, residential address, national identification (National ID, passport, or driving license), TIN, and a recent photograph.
  • Business Merchants: Collection and verification of company name, registration number, TIN, registered address, Certificate of Incorporation or Business Registration Certificate, Memorandum and Articles of Association, details of directors and shareholders (including beneficial owners holding 25% or more), and board resolution authorizing the signatory.
  • Verification Methods: We verify identities through government-issued identification databases, third-party verification services, and manual document review by trained compliance staff.

3.2 Enhanced Due Diligence (EDD)

Enhanced due diligence is applied to higher-risk merchants and relationships, including:

  • Merchants processing high volumes or high-value transactions above established thresholds.
  • Merchants operating in industries identified as higher risk (e.g., real estate, precious metals, money transfer services).
  • Politically Exposed Persons (PEPs) and their immediate family members or close associates.
  • Merchants from or conducting business in jurisdictions identified by FATF as having strategic AML/CTF deficiencies.
  • Relationships where complex or opaque ownership structures make it difficult to identify the ultimate beneficial owner.

Enhanced due diligence measures include additional identity verification, source of funds and source of wealth inquiries, more frequent reviews of the business relationship, senior management approval for onboarding, and closer transaction monitoring.

3.3 Ongoing Due Diligence

KYC is not a one-time exercise. We conduct ongoing monitoring of merchant accounts, including periodic reviews of merchant information and documentation, continuous transaction monitoring for unusual or suspicious patterns, and regular re-screening against sanctions and PEP lists.

4. Transaction Monitoring

MALIPOPAY employs automated and manual transaction monitoring systems to detect potentially suspicious activities. Our monitoring framework includes:

  • Automated Rule-Based Monitoring:Real-time screening of transactions against predefined rules and thresholds, including unusually large transactions, rapid succession of transactions, transactions just below reporting thresholds (structuring), and transactions inconsistent with the merchant's stated business profile.
  • Behavioral Analytics: Analysis of transaction patterns over time to identify deviations from established baselines, including sudden changes in transaction volume or value, unexpected geographic patterns, and unusual payment channel usage.
  • Manual Review: Alerts generated by automated systems are reviewed by trained compliance personnel who determine whether the activity warrants further investigation or reporting.

5. Suspicious Activity Reporting

When suspicious activity is identified, MALIPOPAY follows these reporting procedures:

  • Internal Escalation: All suspicious transactions or activities are immediately escalated to the Compliance Officer for review and determination.
  • Suspicious Transaction Report (STR): Where the Compliance Officer determines that reasonable grounds exist to suspect money laundering or terrorism financing, a Suspicious Transaction Report is filed with the Financial Intelligence Unit (FIU) of Tanzania within the timeframe prescribed by law.
  • Currency Transaction Report (CTR): Transactions exceeding the thresholds set by the Bank of Tanzania are reported through Currency Transaction Reports as required.
  • Tipping-Off Prohibition: No employee, officer, or agent of MALIPOPAY shall inform or tip off any merchant, customer, or third party that a suspicious activity report has been or will be filed with the FIU. Tipping off is a criminal offense under Tanzanian law.

6. Record Keeping

MALIPOPAY maintains comprehensive records in compliance with regulatory requirements:

  • KYC Records: All customer identification documents, verification results, and due diligence records are retained for a minimum of seven (7) years after the termination of the business relationship.
  • Transaction Records: Complete records of all transactions, including amounts, dates, parties involved, and payment channels used, are retained for a minimum of seven (7) years from the date of the transaction.
  • STR Records: All internal reports, investigation notes, and filed STRs are retained for a minimum of seven (7) years from the date of filing.
  • Training Records: Records of all AML/CTF training provided to staff, including dates, content covered, and attendance, are maintained for the duration of employment and five (5) years thereafter.

All records are stored securely with appropriate access controls and are available for inspection by the Bank of Tanzania, FIU, or other authorized regulatory bodies upon request.

7. Staff Training

MALIPOPAY is committed to ensuring that all staff members are aware of their AML/CTF obligations and are equipped to identify and report suspicious activities:

  • Onboarding Training: All new employees receive AML/CTF training as part of their induction program, covering the fundamentals of money laundering and terrorism financing, red flags and indicators of suspicious activity, reporting obligations and procedures, and consequences of non-compliance.
  • Ongoing Training: Regular refresher training is provided at least annually, incorporating updates on regulatory changes, emerging typologies and trends in financial crime, case studies and lessons learned from internal investigations, and role-specific training for compliance, operations, and customer support teams.
  • Specialized Training: The Compliance Officer and other compliance team members receive advanced training on AML/CTF regulations, investigation techniques, and regulatory engagement.

8. Risk Assessment

MALIPOPAY conducts comprehensive risk assessments to identify, assess, and mitigate money laundering and terrorism financing risks:

  • Enterprise-Wide Risk Assessment: An annual assessment of the overall ML/TF risk exposure, considering the nature and complexity of our services, customer base and geographic reach, payment channels and transaction types, and the regulatory environment and industry trends.
  • Customer Risk Assessment: Individual risk scoring of merchants based on the type of business and industry, geographic location, transaction volumes and patterns, source of funds, PEP status, and ownership structure.
  • Product and Channel Risk Assessment: Evaluation of the inherent ML/TF risks associated with each payment channel and product offering, with appropriate controls calibrated to the risk level.

9. Sanctions Screening

MALIPOPAY screens all merchants, their beneficial owners, and directors against the following sanctions lists:

  • United Nations Security Council Consolidated List.
  • United States Office of Foreign Assets Control (OFAC) Specially Designated Nationals (SDN) List.
  • European Union Consolidated Sanctions List.
  • United Kingdom HM Treasury Sanctions List.
  • Any other sanctions lists as directed by the Bank of Tanzania or the Government of the United Republic of Tanzania.

Screening is conducted at the time of onboarding and on an ongoing basis as sanctions lists are updated. Any matches are immediately escalated to the Compliance Officer for investigation and, where confirmed, result in account suspension and reporting to the relevant authorities.

10. Politically Exposed Persons (PEP) Screening

MALIPOPAY identifies and applies enhanced due diligence to Politically Exposed Persons, their family members, and close associates. PEPs include:

  • Current or former heads of state, senior government officials, senior judicial or military officials, and senior executives of state-owned enterprises.
  • Senior officials of international organizations.
  • Senior political party officials.
  • Immediate family members (spouse, children, parents, siblings) and known close associates of the above.

PEP relationships require senior management approval for onboarding, enhanced monitoring of all transactions, documented source of funds and source of wealth verification, and annual review of the business relationship by the Compliance Officer.

11. Compliance Officer Responsibilities

The MALIPOPAY Compliance Officer is responsible for the implementation and oversight of this AML/CTF policy. Specific responsibilities include:

  • Overseeing the day-to-day implementation of all AML/CTF policies, procedures, and controls.
  • Serving as the primary point of contact for the FIU, Bank of Tanzania, and other regulatory authorities on AML/CTF matters.
  • Reviewing and approving (or rejecting) Suspicious Transaction Reports before filing with the FIU.
  • Conducting or overseeing internal investigations of suspicious activities.
  • Ensuring that all staff receive appropriate AML/CTF training.
  • Reporting to the Board of Directors on AML/CTF compliance status, risks, and issues.
  • Conducting the annual enterprise-wide risk assessment and recommending updates to policies and procedures.
  • Ensuring that record-keeping requirements are met across all compliance activities.
  • Staying current on regulatory developments, FATF recommendations, and emerging financial crime typologies.

12. Whistleblowing and Internal Reporting

MALIPOPAY encourages all employees, merchants, and partners to report any suspected or actual violations of this AML/CTF policy. Reports can be made directly to the Compliance Officer or through our confidential reporting channel. All reports are treated with the highest level of confidentiality, and MALIPOPAY strictly prohibits retaliation against any individual who makes a good-faith report of suspected AML/CTF violations.

13. Policy Review and Updates

This AML/CTF Policy is reviewed at least annually by the Compliance Officer and approved by the Board of Directors. Reviews also occur following significant regulatory changes, material changes to our product offerings or business model, significant compliance incidents or audit findings, and updates to FATF recommendations or national risk assessments.

14. Consequences of Non-Compliance

Failure to comply with this AML/CTF policy may result in disciplinary action up to and including termination of employment, suspension or termination of merchant accounts, reporting to relevant law enforcement and regulatory authorities, and civil or criminal liability under Tanzanian law.

15. Contact Information

For questions or concerns related to this AML/CTF Policy, please contact:

  • Compliance Officer
  • Email: compliance@malipopay.co.tz
  • General Inquiries: support@malipopay.co.tz
  • Phone: +255 687 128 012
  • Website: malipopay.co.tz
  • Address: Lockwood Technology Ltd, Dar es Salaam, Tanzania