Anti-Money Laundering & Counter-Terrorism Financing Policy.

1. Introduction and Purpose

1.1 Company Overview

Breakthrough Consulting FZCO, operating as Brilwood Capital ("the Company"), is a marketing-consulting firm that provides specialised services to assist clients in attracting potential investors. The Company's services include:

• Creation of marketing materials (pitch decks, investor presentations, marketing collateral, strategy documentation)
• Facilitation of introductions between clients and potential investors
• Strategic consulting on investor attraction and positioning

The Company does NOT:

• Handle, receive, or transmit funds on behalf of clients or investors
• Negotiate terms of capital transactions
• Raise capital directly
• Act as a financial intermediary or broker

1.2 Purpose of This Policy

This Anti-Money Laundering and Counter-Terrorism Financing Policy ("AML/CTF Policy") establishes the Company's commitment to:

• Prevent the use of the Company's services for money laundering or terrorism financing
• Comply with all applicable UAE laws and regulations
• Maintain the integrity and reputation of the Company
• Protect the Company, its employees, and stakeholders from exposure to financial crime

1.3 Regulatory Framework

This policy is designed to ensure compliance with:

• UAE Federal Decree-Law No. 20 of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations
• UAE Cabinet Decision No. 10 of 2019 Concerning the Implementing Regulation of Decree-Law No. 20 of 2018
• IFZA Free Zone Authority requirements
• UAE National Anti-Money Laundering and Combating the Financing of Terrorism and Financing of Illegal Organisations Committee (NAMLCFTC) guidance
• Financial Action Task Force (FATF) recommendations

2. Policy Statement

Breakthrough Consulting FZCO has zero tolerance for money laundering and terrorism financing. The Company is committed to:

• Conducting business only with clients and through relationships of legitimate origin
• Implementing appropriate risk-based customer due-diligence procedures
• Refusing to provide services where there are reasonable grounds to suspect money laundering or terrorism financing
• Training all employees on AML/CTF obligations
• Reporting suspicious activities to the appropriate authorities
• Maintaining adequate records as required by law
• Regularly reviewing and updating AML/CTF policies and procedures

3. Governance and Responsibilities

3.1 Board of Directors / Management

The Company's management is ultimately responsible for:

• Approving the AML/CTF Policy
• Ensuring adequate resources for AML/CTF compliance
• Receiving regular reports on AML/CTF compliance
• Fostering a culture of compliance throughout the organisation

3.2 Money Laundering Reporting Officer (MLRO)

Designated MLRO: Aarushi Singhal
Contact: [email protected]
Phone: +971 (0) 4 889 5322

The MLRO is responsible for:

• Overseeing the implementation of this policy
• Serving as the primary point of contact for AML/CTF matters
• Receiving and evaluating internal suspicious activity reports
• Filing Suspicious Transaction Reports (STRs) with the UAE Financial Intelligence Unit (FIU) when required
• Maintaining records of all AML/CTF activities
• Coordinating with law enforcement and regulatory authorities
• Ensuring staff training on AML/CTF matters
• Conducting annual risk assessments
• Reviewing and updating this policy annually

3.3 All Employees

All employees are responsible for:

• Understanding and complying with this policy
• Completing required AML/CTF training
• Implementing customer due-diligence procedures in their area of responsibility
• Reporting suspicious activities to the MLRO immediately
• Maintaining confidentiality regarding suspicious activity reports

4. Risk Assessment

4.1 Company Risk Profile

The Company has assessed its overall AML/CTF risk as LOW TO MEDIUM based on the following factors:

Lower-risk factors:

• No handling, receipt, or transmission of funds
• No negotiation or execution of capital transactions
• Services limited to marketing consulting and introductions
• Small team with direct management oversight
• Predominantly UAE and GCC-based client relationships

Risk factors requiring monitoring:

• Facilitating introductions between parties
• Potential exposure to clients in diverse industries
• Occasional exposure to high-risk sectors
• International client base
• Reputational risk from client activities

4.2 Risk Categories

Client Risk

• Higher Risk: Clients in high-risk sectors (cryptocurrency, gaming, precious metals, arms, cash-intensive businesses)
• Higher Risk: Clients from high-risk jurisdictions (per FATF list)
• Higher Risk: Complex ownership structures with nominee directors / shareholders
• Higher Risk: Politically Exposed Persons (PEPs) or their related entities
• Lower Risk: Established public companies with transparent ownership
• Lower Risk: Well-known startups with reputable backing

Service Risk

• Lower Risk: Marketing material creation only
• Medium Risk: Facilitation of introductions between clients and investors

Geographic Risk

• Assessed based on FATF high-risk and monitored jurisdictions
• UAE and GCC generally considered lower risk
• Enhanced due diligence for clients from or seeking investors from high-risk jurisdictions

4.3 Annual Risk Assessment

The MLRO shall conduct a comprehensive risk assessment annually to:

• Identify and assess ML/TF risks
• Update risk ratings based on changing circumstances
• Adjust policies and procedures accordingly
• Document findings and recommendations

5. Customer Due Diligence (CDD)

5.1 General Principles

The Company shall conduct risk-based due diligence on all clients before establishing a business relationship. While the Company does not handle funds and primary AML responsibility rests with clients conducting due diligence on their investors, the Company must ensure it is not facilitating money laundering or terrorism financing through its services.

5.2 Standard Customer Due Diligence

For all new clients, the Company shall obtain and verify:

For Corporate Clients:

1. Full legal name of the entity
2. Registration number and jurisdiction of incorporation
3. Registered address and principal place of business
4. Copy of Certificate of Incorporation or equivalent
5. Copy of Commercial License or trade license
6. Memorandum and Articles of Association (or equivalent)
7. Ownership structure showing all beneficial owners (individuals holding ≥25% ownership)
8. Identification documents for all beneficial owners (passport / Emirates ID)
9. Identification of authorised signatories and representatives
10. Nature of business and source of funds / wealth (general understanding)
11. Purpose of the engagement with Brilwood Capital

For Individual Clients (if applicable):

1. Full name as per official identification
2. Date of birth and nationality
3. Residential address
4. Copy of valid passport or Emirates ID
5. Source of funds / wealth (general understanding)
6. Occupation and business activities
7. Purpose of the engagement with Brilwood Capital

5.3 Enhanced Due Diligence (EDD)

Enhanced due diligence shall be conducted for higher-risk clients, including:

Trigger factors:

• Clients from high-risk jurisdictions (per FATF list)
• Politically Exposed Persons (PEPs) or their family members / close associates
• Clients in high-risk sectors (crypto, gaming, precious metals, arms, etc.)
• Complex ownership structures that obscure beneficial ownership
• Adverse media or reputational concerns
• Unusual or suspicious circumstances

Additional EDD measures:

1. Senior management approval required for onboarding
2. Enhanced verification of source of wealth and funds
3. Additional background checks and adverse-media screening
4. More frequent monitoring of the relationship
5. Understanding the reasons for the PEP designation or high-risk classification
6. Ongoing monitoring of the client's activities and public profile

5.4 Simplified Due Diligence (SDD)

Simplified due diligence may be applied to lower-risk clients such as:

• Well-established public companies listed on recognised exchanges
• Government entities or wholly government-owned enterprises
• Clients previously engaged with positive track record

Even with SDD, basic identification and verification must be completed.

5.5 Beneficial Ownership

The Company shall identify and verify the identity of beneficial owners, defined as any natural person who:

• Owns or controls (directly or indirectly) 25% or more of the client entity
• Exercises control through other means

Where no individual meets the above criteria, the beneficial owner is the senior managing official.

5.6 Ongoing Monitoring

The Company shall:

• Review client information annually or when circumstances change
• Monitor for changes in ownership, business activities, or risk profile
• Conduct periodic reviews of higher-risk relationships (at least semi-annually)
• Update client files when new information becomes available

5.7 Record Keeping

All CDD documentation shall be:

• Maintained for a minimum of 5 years from the end of the business relationship
• Stored securely with restricted access
• Retrievable promptly upon request by authorities
• Reviewed periodically for completeness

6. Screening and Monitoring

6.1 Sanctions Screening

Before onboarding any client, the Company shall screen:

• The client entity
• All beneficial owners
• Authorised representatives

Against the following lists:

• UAE Local Terrorism List
• UN Security Council Consolidated Sanctions List
• OFAC (US Office of Foreign Assets Control) Sanctions Lists
• EU Sanctions Lists
• Other relevant international sanctions lists

Screening shall be repeated:

• Annually for all existing clients
• When there are changes in ownership or control
• When international sanctions lists are updated (monitored regularly)

6.2 Politically Exposed Persons (PEP) Screening

The Company shall screen all clients and beneficial owners to identify PEPs, including:

• Foreign PEPs: Individuals entrusted with prominent public functions by a foreign country
• Domestic PEPs: Individuals entrusted with prominent public functions in the UAE
• International Organisation PEPs: Individuals entrusted with prominent functions in international organisations
• Family members and close associates of PEPs

PEP categories include:

• Heads of state, government, or senior politicians
• Senior government, judicial, or military officials
• Senior executives of state-owned corporations
• Important political party officials

6.3 Adverse Media Screening

The Company shall conduct adverse-media checks on:

• All new clients during onboarding
• Existing higher-risk clients annually
• Any client when adverse information comes to attention

Adverse media includes information relating to:

• Financial crime (fraud, money laundering, corruption)
• Terrorism or terrorist financing
• Sanctions violations
• Regulatory enforcement actions
• Other serious criminal activities

6.4 Transaction Monitoring

Given that the Company does not handle funds, transaction monitoring focuses on:

• Nature and frequency of services provided to each client
• Unusual requests or patterns of engagement
• Changes in client risk profile
• Red-flag indicators (see Section 7)

7. Red Flag Indicators and Suspicious Activity

7.1 General Red Flags

Employees shall be alert to the following red-flag indicators:

Client behaviour:

• Reluctance to provide standard information or documentation
• Provision of false, misleading, or falsified documentation
• Unusual secrecy or evasiveness about business activities or ownership
• Client's business lacks obvious economic purpose
• Overly complex ownership or corporate structures without clear rationale
• Frequent changes in ownership or management
• Client requests services significantly outside their apparent business needs

Client profile:

• Client or beneficial owner appears on sanctions lists
• Client is identified as a PEP without proper enhanced due diligence
• Adverse media linking the client to financial crime, corruption, or terrorism
• Client from or seeking investors from high-risk jurisdictions
• Client operates in a high-risk sector without adequate compliance infrastructure
• Shell companies with no apparent legitimate business purpose

Service-specific red flags:

• Client requests introductions to investors known for questionable practices
• Client requests materials that misrepresent their business model or financials
• Pressure to rush due diligence or onboarding processes
• Client unwilling to provide information about the source of existing funding
• Attempts to involve the Company in negotiations or fund transfers
• Requests to avoid standard documentation or record-keeping

Reputational concerns:

• Client's business model appears unsustainable or fraudulent
• Client history of regulatory violations or legal issues
• Associates of the client have criminal backgrounds
• Client requests services that could facilitate illegal activity

7.2 Reporting Suspicious Activity

Internal reporting. When an employee identifies a red flag or suspects money laundering / terrorism financing:

1. Document observations: Write down specific facts, dates, and behaviours that raise concern
2. Report to MLRO immediately: Contact the MLRO via secure channel without alerting the client
3. Do not proceed: Suspend the relationship or transaction pending MLRO review
4. Maintain confidentiality: Do not discuss suspicions with anyone except the MLRO

MLRO evaluation. Upon receiving an internal report, the MLRO shall:

1. Review all available information and documentation
2. Conduct additional research or screening as needed
3. Assess whether suspicion is substantiated
4. Determine whether to file a Suspicious Transaction Report (STR)
5. Decide on continuation or termination of the relationship
6. Document all findings and decisions

External reporting (STR). If the MLRO determines that suspicious activity has occurred or is suspected, the MLRO shall:

1. File a Suspicious Transaction Report with the UAE Financial Intelligence Unit (FIU) via the goAML system within the legally required timeframe
2. Include all relevant facts, documentation, and analysis
3. Maintain a copy of the STR and all supporting documentation
4. Refrain from informing the client that a report has been filed (tipping-off is a criminal offence)
5. Cooperate fully with any subsequent investigation

Timeframe:

• Internal reporting to MLRO: immediately upon identification
• STR filing to FIU: as soon as possible and no later than required by regulation

7.3 Tipping-Off Prohibition

It is a criminal offence to disclose to any person (including the client) that:

• A suspicious transaction report has been filed
• An investigation is underway or contemplated
• Any information that might prejudice an investigation

All employees must maintain strict confidentiality regarding STRs and investigations.

8. Third-Party Relationships

8.1 Reliance on Third Parties

The Company may rely on third-party service providers for certain due-diligence functions (e.g., screening services, background checks), provided:

• The third party is reliable and reputable
• The Company retains ultimate responsibility for CDD compliance
• Arrangements are documented in writing
• The Company can access the underlying documentation upon request

8.2 Outsourced Services

When outsourcing any AML-related functions:

• Conduct due diligence on the service provider
• Ensure contractual obligations include AML compliance
• Monitor the service provider's performance
• Maintain access to records and data

9. Record Keeping

9.1 Documentation Requirements

The Company shall maintain the following records:

Client records:

• All customer due-diligence documentation
• Identification and verification documents
• Beneficial-ownership information
• Correspondence and communications
• Service agreements and invoices

Transaction records:

• Records of all services provided
• Marketing materials created
• Introduction records (parties introduced, dates, context)
• Any due diligence conducted on the introduced parties

AML compliance records:

• Risk assessments (client-level and enterprise-level)
• Screening results (sanctions, PEP, adverse media)
• Internal suspicious activity reports
• Copies of STRs filed with FIU
• Training records
• Policy reviews and updates

9.2 Retention Period

All records shall be retained for:

• Minimum 5 years from the end of the business relationship or completion of the transaction
• Longer if requested by authorities or required for ongoing investigations
• In a format that can be retrieved and provided to authorities promptly

9.3 Data Security and Confidentiality

All AML records shall be:

• Stored securely with access limited to authorised personnel
• Protected from unauthorised access, alteration, or destruction
• Maintained in compliance with UAE data-protection laws
• Backed up regularly to prevent loss

10. Training and Awareness

10.1 Training Requirements

All employees:

• AML/CTF induction training upon joining the Company
• Annual refresher training on AML/CTF policies and procedures
• Training on red-flag identification and reporting obligations
• Updates when policies or regulations change

MLRO:

• Enhanced training on AML/CTF legal requirements
• Training on STR preparation and filing
• Ongoing professional development in financial-crime prevention

10.2 Training Content

Training shall cover:

• Overview of money laundering and terrorism financing
• UAE AML/CTF legal framework
• Company's AML/CTF policy and procedures
• Customer due-diligence requirements
• Red-flag indicators specific to our business
• Reporting procedures and obligations
• Confidentiality and tipping-off prohibitions
• Consequences of non-compliance

10.3 Training Records

The MLRO shall maintain records of:

• Training materials used
• Dates of training sessions
• Employees who attended
• Assessment or acknowledgment of understanding

11. Compliance with Sanctions

11.1 Sanctions Policy

The Company shall not:

• Provide services to any person or entity on the sanctions lists
• Facilitate introductions involving sanctioned parties
• Engage with clients seeking to evade sanctions

11.2 Sanctions Screening

As detailed in Section 6.1, all clients and beneficial owners shall be screened against relevant sanctions lists before onboarding and periodically thereafter.

11.3 Sanctions Breach Response

If a sanctions match is identified:

1. Immediately cease all services to the client
2. Report to the MLRO
3. File a report with the UAE authorities if required
4. Seek legal advice if uncertain about obligations
5. Do not inform the client of the reason for termination if it would violate tipping-off rules

12. Relationship Termination

12.1 Grounds for Termination

The Company may terminate a client relationship if:

• The client fails to provide the required CDD information
• Suspicious activity is identified and confirmed
• The client is found to be on sanctions lists or is a designated person
• The client's risk profile exceeds the Company's risk appetite
• Material misrepresentations are discovered
• The client engages in behaviour that violates this policy

12.2 Termination Procedure

When terminating a relationship:

1. Obtain MLRO and management approval
2. Provide written notice to the client (unless prohibited by tipping-off rules)
3. Cease all services immediately
4. File STR if circumstances warrant
5. Retain all records per record-keeping requirements
6. Document reasons for termination

13. Internal Controls and Audit

13.1 Internal Controls

The Company shall maintain internal controls, including:

• Segregation of duties where practicable
• Management oversight of client onboarding
• Periodic review of client files for completeness
• Quality-assurance checks on CDD documentation

13.2 Independent Review

The AML/CTF programme shall be subject to independent review:

• Internally by management (annually)
• By external auditors or consultants (periodically, at least every 2-3 years)

Reviews shall assess:

• Effectiveness of policies and procedures
• Adequacy of due-diligence processes
• Compliance with regulatory requirements
• Staff knowledge and training
• Record-keeping adequacy

13.3 Corrective Actions

Any deficiencies identified shall be:

• Documented in writing
• Reported to management
• Addressed with corrective-action plans
• Monitored for implementation
• Reviewed for effectiveness

14. Policy Review and Updates

14.1 Annual Review

This policy shall be reviewed annually by the MLRO and approved by management. Reviews shall consider:

• Changes in UAE AML/CTF laws and regulations
• Changes in the Company's business model or risk profile
• Emerging money-laundering / terrorism-financing typologies
• Findings from internal reviews or audits
• Effectiveness of existing procedures

14.2 Updates

The policy shall be updated:

• When regulatory requirements change
• When the Company's risk assessment changes materially
• When deficiencies are identified
• At least annually as part of the review process

All employees shall be notified of policy updates and provided with training on changes.

15. Consequences of Non-Compliance

15.1 Individual Consequences

Employees who fail to comply with this policy may face:

• Disciplinary action up to and including termination
• Personal criminal liability under UAE law
• Personal civil liability
• Reputational damage

15.2 Company Consequences

Non-compliance may result in:

• Criminal penalties and fines for the Company
• Regulatory sanctions or license revocation
• Reputational damage and loss of business
• Civil liability

15.3 Legal Consequences

Under UAE law, money-laundering and terrorism-financing offences carry:

• Imprisonment
• Substantial fines
• Asset freezing and confiscation
• Business prohibition

16. Contact Information

Money Laundering Reporting Officer (MLRO)
Name: Aarushi Singhal
Email: [email protected]
Phone: +971 (0) 4 889 5322

UAE Financial Intelligence Unit (FIU)
Website: goaml.gov.ae
Emergency Hotline: 800 900

Company Management
Breakthrough Consulting FZCO (Brilwood Capital)
IFZA Business Park, Building A1, Dubai Silicon Oasis, PO Box 79998, Dubai, UAE
Email: [email protected]
Phone: +971 (0) 4 889 5322

17. Policy Acknowledgment

All employees must read, understand, and acknowledge this policy in writing. A signed acknowledgment form is maintained in each employee's file.