Compliance

Anti-Money Laundering Policy

Last updated:

This policy sets out how Som Solutions Ltd (trading as SomPay), a company registered in England & Wales, prevents its services from being used for money laundering, terrorist financing or other financial crime. It applies to all customers, transactions and operations of SomPay.

We are authorised and regulated by the Financial Conduct Authority (FCA) as a payment institution. FCA registration number: [PLACEHOLDER — insert when available].

1. Our commitment

Som Solutions Ltd is unconditionally committed to preventing its services from being used to facilitate money laundering, terrorist financing, fraud, sanctions evasion or any other form of financial crime.

We recognise that remittance services are an important financial tool for diaspora communities, and we take our responsibility to keep those services safe and trustworthy seriously. Protecting our customers and the integrity of the UK financial system is central to how we operate.

Verify every customer

Monitor all transactions

Report suspicious activity

2. Regulatory framework

Our AML/CFT controls are designed to comply with the following legislation and guidance:

Money Laundering and Terrorist Financing (Amendment) Regulations 2019

The primary UK AML regulatory framework, implementing the EU Fifth Anti-Money Laundering Directive into UK law. Sets requirements for customer due diligence, record keeping and internal controls.

Money Laundering Regulations 2017

The foundational UK AML regulations applicable to payment institutions and money service businesses.

Proceeds of Crime Act 2002 (POCA)

Criminalises money laundering and establishes the obligation to submit Suspicious Activity Reports (SARs) to the National Crime Agency.

Terrorism Act 2000

Imposes obligations to disclose knowledge or suspicion of terrorist financing and prohibits providing financial assistance to terrorists.

UK Financial Sanctions legislation

Requires screening against HM Treasury's Office of Financial Sanctions Implementation (OFSI) consolidated list and other applicable sanctions regimes.

FCA guidance and JMLSG guidance

We follow the Financial Conduct Authority's guidance for payment institutions and the Joint Money Laundering Steering Group (JMLSG) guidance notes.

3. Customer Due Diligence (CDD)

We apply Customer Due Diligence (CDD) measures to all customers before they can send money using SomPay. This is a legal requirement under the UK Money Laundering Regulations 2017.

What we verify: For every customer we collect and verify:

  • Full legal name
  • Date of birth
  • Residential address
  • Government-issued photo identity document (passport or driving licence)
  • Liveness check / selfie photograph to confirm the document belongs to you

How we verify it:

1

Document capture

You photograph your identity document using the SomPay app. The document image is checked for authenticity, expiry and tampering using automated verification technology.

2

Liveness check

You complete a short liveness selfie to confirm that the document belongs to you and that you are a real person. This prevents identity fraud.

3

Data matching

The details on your document are matched against the information you provided at registration. Any discrepancies trigger a manual review.

4

Ongoing monitoring

Your identity information is kept on file and may be re-verified if your circumstances change, your account is inactive for an extended period, or our risk assessment requires it.

Transfer limits without full KYC: Customers who have not completed full identity verification may send up to £300 per month. Transfers that reach this threshold are placed on hold until KYC is completed. This reflects our risk-based approach while allowing access to the service during the verification process.

Recipients: We collect the full name and mobile number or bank account details of each recipient. Where required by our risk assessment, we may request additional information about the purpose of a transfer or the relationship between sender and recipient.

4. Enhanced Due Diligence (EDD)

We apply Enhanced Due Diligence (EDD) — a higher level of scrutiny — in circumstances where the risk of money laundering or terrorist financing is assessed to be higher than standard.

EDD is applied in the following situations:

TriggerAdditional measures
High-value transfers (approaching or exceeding enhanced KYC tier limits)Source of funds declaration; enhanced identity verification
Politically Exposed Persons (PEPs) and their close associatesSenior management approval required; enhanced ongoing monitoring; source of wealth verification
Customers or recipients on watchlists or with adverse mediaManual review; account freeze pending investigation if required
Unusual transaction patterns inconsistent with the customer's profileTransaction hold; request for explanation of purpose and source of funds
High-risk countries (as designated by FATF or UK Government)Additional identity checks; enhanced monitoring of all transactions

Where EDD is required, we may request additional documentation or information from you. Failure to provide this information may result in your transfer being declined or your account being suspended.

5. Transaction monitoring

Every transfer processed through SomPay is subject to automated and manual transaction monitoring. This enables us to detect patterns and behaviours that may indicate money laundering, terrorist financing or fraud.

Our monitoring covers:

  • Velocity checks — monitoring the frequency and volume of transfers against the customer's established profile and KYC tier limits
  • Amount thresholds — flagging transfers that approach or exceed regulatory reporting thresholds or tier limits
  • Recipient patterns — identifying unusual recipient activity such as multiple senders to a single recipient or structuring behaviour
  • Behavioural anomalies — detecting activity that is inconsistent with a customer's normal usage, declared purpose or risk profile
  • Geographic risk — applying heightened scrutiny to corridors or recipient accounts associated with high-risk jurisdictions

Transactions flagged by our monitoring system are placed on hold and reviewed by our compliance team before being processed or declined. We may contact you to request further information about the purpose of a transfer.

We are not required to tell you if a transaction has been flagged for review or if a Suspicious Activity Report has been submitted in connection with your account. Disclosing this information — known as "tipping off" — is a criminal offence under the Proceeds of Crime Act 2002.

6. Sanctions screening

Som Solutions Ltd is legally prohibited from providing services to individuals, entities or countries subject to financial sanctions. We screen all customers, recipients and transactions against applicable sanctions lists before any transfer is processed.

Sanctions lists screened include:

  • HM Treasury / OFSI (Office of Financial Sanctions Implementation) UK Consolidated List
  • United Nations Security Council (UNSC) sanctions lists
  • US Office of Foreign Assets Control (OFAC) SDN List
  • European Union financial sanctions lists (where applicable)

Screening is performed at the point of account registration, at the point of each transfer, and on an ongoing basis as sanctions lists are updated.

Where a potential match is identified, the transfer and/or account is immediately frozen pending review by our compliance team. Confirmed matches are reported to OFSI and the relevant authorities. We are legally obligated to freeze assets and refuse service in such cases.

Attempting to circumvent sanctions screening — including by providing false information or using a third party's identity — is a serious criminal offence in the United Kingdom.

7. Suspicious Activity Reporting (SAR)

Som Solutions Ltd has a legal duty under the Proceeds of Crime Act 2002 and the Terrorism Act 2000 to submit a Suspicious Activity Report (SAR) to the National Crime Agency (NCA) whenever we know or suspect that a transaction or customer is connected to money laundering, terrorist financing or the proceeds of crime.

Our process for handling suspicious activity is as follows:

1

Detection

Suspicious activity is identified through automated transaction monitoring, manual review or reports from staff.

2

Internal escalation

The matter is escalated to our nominated Money Laundering Reporting Officer (MLRO), who is responsible for assessing whether a SAR should be submitted.

3

SAR submission

Where the MLRO determines that a report is required, a SAR is submitted to the NCA via the National SAR Online system. Where appropriate, we seek a Defence Against Money Laundering (DAML) before processing any transaction.

4

Account action

Depending on the assessment, the relevant account and/or transaction may be suspended, declined or frozen pending the NCA's response.

Tipping off: We are strictly prohibited by law from informing any customer, recipient or third party that a SAR has been — or may be — submitted in connection with their account or transaction. If we are unable to explain why a transaction has been delayed or declined, this may be the reason.

8. Record keeping

We are required by the UK Money Laundering Regulations 2017 (Regulation 40) to retain records of all customer due diligence and transaction data for a minimum of five years from the date of the transaction or the end of the customer relationship, whichever is later.

Record typeMinimum retention
Customer identity documents and CDD records5 years from end of relationship
Transaction records (amount, currency, recipient, date)5 years from transaction date
Enhanced Due Diligence records5 years from end of relationship
Suspicious Activity Reports (internal)5 years from date of report
AML audit logs and compliance decisions5 years
Staff AML training records5 years

All records are stored securely and encrypted. Access is restricted to authorised personnel on a strict need-to-know basis. Records are provided to regulatory authorities (FCA, HMRC, NCA) upon lawful request.

Customers wishing to exercise their right to access their personal data should refer to our Privacy Policy. Note that certain records cannot be erased where we are under a legal obligation to retain them.

9. Staff training and awareness

Som Solutions Ltd ensures that all staff who handle customer accounts or transactions receive regular, up-to-date AML and counter-terrorist financing (CTF) training.

Our training programme includes:

  • Induction training for all new staff on UK AML legislation, regulatory obligations and internal policies before they handle any customer-facing functions
  • Annual refresher training to reflect updates to legislation, regulatory guidance and emerging financial crime typologies
  • Role-specific training for compliance, operations and customer support staff on KYC procedures, red-flag recognition and internal escalation processes
  • SAR awareness — all relevant staff are trained on their personal obligation to report suspicions to the nominated MLRO and on the prohibition against tipping off

Training completion is recorded and reviewed. Our Money Laundering Reporting Officer (MLRO) is responsible for maintaining and updating the training programme in line with regulatory developments.

10. Reporting concerns

You can help us prevent financial crime. If you suspect that SomPay is being used for money laundering, fraud or any other illegal activity — or if you have been asked by a third party to send money on their behalf — please contact us immediately.

To report a concern, contact our compliance team:

Email: support@somsolutions.co.uk

Subject line: AML Concern

All reports are treated confidentially and reviewed by our MLRO. You will not be disadvantaged for making a good-faith report.

Reporting to the authorities: If you believe a crime has been committed and wish to report it directly to the authorities, you may contact:

National Crime Agency (NCA)

For reports of money laundering or serious organised crime

nationalcrimeagency.gov.uk

Action Fraud

For fraud and financial crime reports (run by City of London Police)

actionfraud.police.uk · 0300 123 2040

Financial Conduct Authority (FCA)

For concerns about the conduct of a regulated firm

fca.org.uk/consumers/reporting-concerns

11. Policy review

This AML Policy is reviewed at least annually by our Money Laundering Reporting Officer (MLRO) and updated as necessary to reflect:

  • Changes in UK legislation or FCA regulatory guidance
  • Updates to FATF recommendations or JMLSG guidance
  • Changes to our product, services or customer base
  • Lessons learned from internal audits, regulatory reviews or suspicious activity identified

The current version of this policy was last reviewed and approved in April 2026.

Questions about this policy should be directed to support@somsolutions.co.uk with the subject line AML Policy Enquiry, or via our Contact page.