Customer Due Diligence Policy
Customer Due Diligence (KYC) Policy
Compliance Policy Document
Company | Cubo Markets Ltd. (registration no. 2026-00241) |
Document | Customer Due Diligence (KYC) Policy |
Reference | CM-CDD-001 |
Version | 1.0 |
Effective date | 01 June 2026 |
Jurisdiction | Saint Lucia |
Classification | Internal — Compliance |
Owner | Money Laundering Reporting Officer / Compliance Function |
Table of Contents
This Customer Due Diligence Policy (the “Policy”) sets out how Cubo Markets Ltd. (“the Company”) identifies and verifies its clients and their beneficial owners, assesses the purpose and intended nature of each business relationship, and monitors that relationship over time. Customer Due Diligence (“CDD”), commonly referred to as Know Your Customer (“KYC”), is a cornerstone of the Company’s wider Anti-Money Laundering and Counter-Terrorist Financing framework.
The Company will not establish or continue a business relationship where it is unable to complete the required due diligence measures.
1. Purpose
The purpose of this Policy is to ensure that the Company knows the identity of its clients, understands the nature of their activity, and can detect and prevent the use of its services for money laundering, terrorist financing, fraud or other illicit purposes. This Policy supports, and should be read together with, the Company’s Anti-Money Laundering and Counter-Terrorist Financing Policy.
2. Scope
This Policy applies to all client relationships, to all persons authorised to act on behalf of a client, and to all staff involved in client onboarding, account servicing, payments and compliance. It applies to natural persons and to legal persons and arrangements such as companies, partnerships and trusts.
3. Definitions
Customer Due Diligence (CDD) means identifying the client and verifying the client’s identity using reliable, independent source documents, data or information; identifying the beneficial owner where relevant; understanding the purpose and intended nature of the relationship; and conducting ongoing monitoring.
Beneficial Owner means the natural person(s) who ultimately owns or controls the client or on whose behalf a transaction is conducted.
Simplified Due Diligence (SDD) means a reduced set of measures that may be applied where the assessed risk is low and the conditions for simplification are met.
Enhanced Due Diligence (EDD) means additional measures applied where the assessed risk is high, including for PEPs and higher-risk jurisdictions.
Source of Funds means the origin of the particular funds used in the relationship or transaction. Source of Wealth means the origin of the client’s total assets and overall financial standing.
4. Principles of Customer Due Diligence
- CDD is risk-based: the extent of the measures applied reflects the assessed risk of the client and the relationship.
- Identity must be verified on the basis of reliable, independent source documents, data or information.
- CDD is not a one-off exercise at onboarding; it continues throughout the life of the relationship.
- Where the Company cannot complete CDD, it will not open the account, will not carry out the transaction, will terminate any existing relationship, and will consider whether a report should be made.
5. When Customer Due Diligence Is Required
CDD measures are applied:
- before establishing a business relationship or opening an account;
- when carrying out an occasional transaction at or above any applicable threshold, or where transactions appear to be linked;
- when there is a suspicion of money laundering or terrorist financing, regardless of any threshold; and
- when there are doubts about the veracity or adequacy of previously obtained identification or verification data.
6. Standard Due Diligence — Natural Persons
For individual clients, the Company collects and verifies, as a minimum, the following information:
- full legal name;
- date of birth;
- residential address;
- nationality and country of residence;
- a government-issued photographic identification document (for example, a passport or national identity card); and
- evidence of address (for example, a recent utility bill or bank statement) where required by the client’s risk profile.
6.1 Identity Verification
Identity may be verified using certified copies of original documents, electronic identity verification services, or live document-and-biometric verification (including liveness checks). Where live capture is used, screenshots or static images that do not satisfy the integrity requirements of the verification process are not accepted. The Company records the method and outcome of verification for each client.
7. Standard Due Diligence — Legal Persons and Arrangements
For corporate clients and other legal arrangements, the Company collects and verifies, as a minimum:
- the legal name, legal form and proof of existence (for example, certificate of incorporation);
- the registered and principal place of business address;
- the names of directors and senior managing officials;
- the ownership and control structure; and
- the identity of the beneficial owner(s) and verification of those individuals.
The Company also verifies the authority of any individual purporting to act on behalf of the client and applies individual CDD measures to such persons.
8. Beneficial Ownership
The Company takes reasonable measures to identify the beneficial owner(s) of each client that is a legal person or arrangement and to understand the ownership and control structure. Where ownership is held through layered or complex structures, the Company looks through those structures to identify the natural person(s) who ultimately own or control the client. Where no natural person is identified as a beneficial owner, the Company identifies the natural person(s) who hold the position of senior managing official.
9. Simplified Due Diligence
Where the Company assesses the risk of a client or relationship to be low and the relevant conditions are satisfied, it may apply Simplified Due Diligence, adjusting the timing or extent of certain measures. Simplified measures do not remove the obligation to identify the client or to monitor the relationship, and may not be applied where there is any suspicion of money laundering or terrorist financing.
10. Enhanced Due Diligence
Enhanced Due Diligence is applied where the assessed risk is high. Circumstances requiring EDD include relationships with PEPs, their family members and close associates; clients connected with higher-risk jurisdictions; and complex, unusually large or unusual-pattern transactions that have no apparent economic or lawful purpose. EDD measures may include:
- obtaining senior management approval to establish or continue the relationship;
- taking adequate measures to establish the source of funds and source of wealth;
- obtaining additional information on the client and the intended nature of the relationship; and
- conducting enhanced, more frequent ongoing monitoring.
11. Politically Exposed Persons
The Company operates procedures to determine whether a client or beneficial owner is a PEP. Where a PEP is identified, the Company applies Enhanced Due Diligence, including obtaining senior management approval, establishing source of funds and source of wealth, and conducting enhanced ongoing monitoring. Equivalent measures are considered for family members and known close associates of PEPs.
12. Source of Funds and Source of Wealth
Where required by the client’s risk profile, and in all cases involving Enhanced Due Diligence, the Company takes reasonable measures to understand and, where appropriate, document the source of funds used in the relationship and the source of the client’s overall wealth. The Company may request supporting evidence and may decline or discontinue the relationship where a satisfactory explanation is not provided.
13. Ongoing Monitoring and Periodic Review
The Company conducts ongoing monitoring of each business relationship, scrutinising transactions to ensure they are consistent with its knowledge of the client and the client’s risk profile, and keeping documents, data and information up to date. Client files are reviewed periodically on a schedule determined by the client’s risk rating, and on a trigger basis where there is a material change in the client’s circumstances, behaviour or risk profile.
14. Reliance on Third Parties
Where the Company relies on a third party to perform elements of CDD, it remains ultimately responsible for compliance. The Company satisfies itself that the third party is adequately regulated and supervised, that it applies CDD and record-keeping standards consistent with this Policy, and that the relevant information will be made available without delay on request.
15. Failure to Complete Due Diligence
If the Company is unable to complete CDD to its satisfaction, it will not establish the relationship or carry out the transaction, will terminate any existing relationship where appropriate, and will consider whether the circumstances give rise to a reportable suspicion under its AML/CTF Policy.
16. Record Keeping
The Company retains copies of identification and verification documents, due diligence records and supporting information for not less than five (5) years from the end of the business relationship, or for such longer period as may be required by applicable law. Records are stored securely and are retrievable on a timely basis.
17. Data Protection
Personal data collected for due diligence purposes is processed in accordance with the Company’s Privacy Policy and applicable data-protection requirements. Such data is used only for the purposes of meeting the Company’s legal and regulatory obligations and managing the client relationship, and is retained only for as long as is necessary or required by law.
18. Governing Law
This Policy forms part of the Company’s internal control framework and is governed by, and shall be construed in accordance with, the laws of Saint Lucia. It is to be read together with the Company’s Anti-Money Laundering and Counter-Terrorist Financing Policy, Risk Management Policy and Privacy Policy.
Cubo Markets Ltd. (“the Company”, “we”, “us” or “Our”) is committed to the prevention of money laundering, terrorist financing and other forms of financial crime. This Anti-Money Laundering and Counter-Terrorist Financing Policy (the “Policy”) sets out the framework, controls and responsibilities the Company applies to detect, deter and report attempts to use its products and services for illicit purposes.
The Company adopts a risk-based approach proportionate to the nature, scale and complexity of its activities. Compliance with this Policy is mandatory for all directors, officers, employees, contractors and agents of the Company.
1. Purpose and Objectives
The objectives of this Policy are to: protect the Company, its clients and the integrity of the financial system from being used to launder the proceeds of crime or to finance terrorism; establish clear roles, responsibilities and escalation paths; and ensure that the Company meets its legal and regulatory obligations under the applicable laws of Saint Lucia and recognised international standards, including the recommendations of the Financial Action Task Force (FATF).
- Prevent the Company from being used, knowingly or unknowingly, for money laundering or terrorist financing.
- Identify and verify the identity of clients and, where relevant, their beneficial owners.
- Monitor business relationships and transactions on an ongoing basis.
- Detect, investigate and report suspicious activity to the relevant authorities.
- Maintain adequate records and provide regular training to staff.
2. Scope and Application
This Policy applies to all business lines, products, services and distribution channels of the Company, and to all persons acting on behalf of the Company. It applies to every client relationship and to all transactions processed through the Company’s platforms and payment arrangements, irrespective of value or channel.
3. Definitions
Money Laundering (ML) is the process by which the proceeds of criminal conduct are converted, concealed or disguised so that they appear to originate from a legitimate source. It includes concealment, arrangement, acquisition, use and possession of criminal property.
Terrorist Financing (TF) is the provision or collection of funds, by any means, with the intention or knowledge that they are to be used to carry out terrorist acts or by a terrorist organisation.
Beneficial Owner means the natural person(s) who ultimately owns or controls a client, or on whose behalf a transaction is conducted, including any person exercising ultimate effective control over a legal person or arrangement.
Politically Exposed Person (PEP) means an individual who is or has been entrusted with a prominent public function, as well as their family members and known close associates.
Customer Due Diligence (CDD) means the measures taken to identify and verify clients and beneficial owners, to understand the purpose and intended nature of the relationship, and to monitor it on an ongoing basis.
Suspicious Transaction Report (STR) means a report submitted to the relevant Financial Intelligence Unit (FIU) where there are grounds to suspect money laundering, terrorist financing or related criminal activity.
4. Regulatory Framework
The Company operates in accordance with the anti-money laundering and counter-terrorist financing legislation applicable in Saint Lucia and with relevant international standards. Where the Company processes activity connected to other jurisdictions, it has regard to applicable sanctions regimes and to the FATF recommendations as the prevailing international benchmark. This Policy is reviewed whenever there is a material change in the applicable legal or regulatory framework.
5. Governance and the Compliance Function
5.1 Money Laundering Reporting Officer (MLRO)
The Company appoints a Money Laundering Reporting Officer (“MLRO”) of sufficient seniority and independence. The MLRO is responsible for the day-to-day oversight of the Company’s AML/CTF programme, for receiving internal suspicion reports, for deciding whether an external report should be made, and for acting as the primary point of contact with the relevant authorities.
5.2 Responsibilities of the MLRO
- Maintaining and updating this Policy and supporting procedures.
- Receiving, assessing and documenting internal suspicious activity reports.
- Determining whether to submit a Suspicious Transaction Report to the relevant FIU.
- Overseeing client due diligence, ongoing monitoring and sanctions screening.
- Ensuring staff receive appropriate AML/CTF training and maintaining training records.
- Reporting periodically to senior management and the board on the effectiveness of the programme.
5.3 Senior Management Responsibility
Senior management is ultimately accountable for the Company’s compliance with its AML/CTF obligations, for fostering a culture of compliance, and for ensuring that the compliance function is adequately resourced and empowered to act independently.
6. Risk-Based Approach
The Company assesses and documents the money laundering and terrorist financing risks to which it is exposed, taking into account client, product, delivery-channel, transaction and geographic risk factors. Controls are calibrated to the assessed level of risk: lower-risk situations may attract simplified measures, while higher-risk situations attract enhanced measures. The Company’s business-wide risk assessment is reviewed at least annually and following any material change to the business.
6.1 Client Risk Categorisation
Each client is assigned a risk rating (for example, standard, medium or high) based on factors including the client’s profile and jurisdiction, the nature and expected level of activity, the presence of PEP status, and any adverse information identified. The risk rating determines the level of due diligence and the intensity of ongoing monitoring applied.
7. Customer Due Diligence
The Company applies Customer Due Diligence in accordance with its separate Customer Due Diligence (KYC) Policy. CDD is conducted before establishing a business relationship, where there is a suspicion of money laundering or terrorist financing, and where there are doubts about the veracity or adequacy of previously obtained identification data. The Company does not provide services to anonymous clients or clients using fictitious names.
7.1 Enhanced Due Diligence
Enhanced Due Diligence (EDD) is applied to higher-risk relationships, including PEPs, clients connected to higher-risk jurisdictions, and situations presenting unusual or complex characteristics. EDD measures may include obtaining senior management approval, establishing source of funds and source of wealth, and applying more frequent and intensive monitoring.
8. Ongoing Monitoring and Transaction Monitoring
The Company monitors business relationships and transactions throughout their lifecycle to ensure that activity is consistent with its knowledge of the client, the client’s risk profile and the expected nature of the relationship. Monitoring is designed to identify transactions that are unusual, lack an apparent economic or lawful purpose, or are otherwise inconsistent with the client’s profile.
8.1 Examples of Red Flags
- Transactions inconsistent with the client’s stated profile, activity or financial standing.
- Reluctance to provide identification information or provision of information that cannot be verified.
- Frequent or unexplained funding from, or withdrawals to, unrelated third parties.
- Requests to route funds through, or in connection with, higher-risk or sanctioned jurisdictions.
- Rapid movement of funds with no apparent trading rationale or attempts to obscure the source of funds.
- Use of multiple accounts or structuring of transactions to avoid thresholds or detection.
9. Sanctions Screening
The Company screens clients, beneficial owners and, where appropriate, counterparties against applicable sanctions lists at onboarding and on an ongoing basis. The Company will not establish or maintain a relationship with, or process transactions for, any person subject to applicable sanctions, and will take such freezing or reporting action as may be required by law.
10. Suspicious Activity Reporting
Any employee who knows or suspects, or has reasonable grounds to know or suspect, that a person is engaged in money laundering or terrorist financing must report the matter promptly and internally to the MLRO using the Company’s internal reporting procedure. The MLRO will assess each internal report and, where appropriate, submit a Suspicious Transaction Report to the relevant Financial Intelligence Unit. Internal reports must not be filtered or suppressed; the obligation to escalate a genuine suspicion to the MLRO rests with each individual.
10.1 Prohibition on Tipping-Off
Employees must not disclose to a client or to any third party that an internal report has been made, that an external report has been or may be submitted, or that an investigation is being or may be carried out, where such disclosure is likely to prejudice an investigation. Unauthorised disclosure may constitute a criminal offence.
11. Record Keeping
The Company retains records of client identification and verification, due diligence information, transactions, internal and external suspicious activity reports, and training, for the minimum period required by applicable law and in any event for not less than five (5) years from the end of the business relationship or the date of the relevant transaction, whichever is later. Records are stored securely and are retrievable on a timely basis to support inquiries from competent authorities.
12. Training and Awareness
All relevant staff receive AML/CTF training on appointment and at regular intervals thereafter. Training is designed to ensure that staff understand the law and their obligations, can recognise activity that may indicate money laundering or terrorist financing, and know how and to whom to report suspicions. Training records are maintained by the compliance function.
13. Independent Review
The adequacy and effectiveness of the Company’s AML/CTF systems and controls are subject to periodic independent review. Findings and recommendations are reported to senior management, and remedial actions are tracked to completion.
14. Consequences of Non-Compliance
Failure to comply with this Policy may expose the Company and individuals to civil and criminal liability, regulatory sanction and reputational harm. Breaches of this Policy by staff may result in disciplinary action up to and including termination of employment or engagement, and may be reported to the relevant authorities where required.
15. Review of this Policy
This Policy is reviewed at least annually, and additionally following any material change in the Company’s business, in the applicable legal or regulatory framework, or in the Company’s risk profile. The MLRO is responsible for maintaining the Policy and for recording the date and substance of each review.
16. Governing Law
This Policy forms part of the Company’s internal control framework and is governed by, and shall be construed in accordance with, the laws of Saint Lucia. It is to be read together with the Company’s Customer Due Diligence (KYC) Policy, Risk Management Policy, Terms and Conditions and other applicable policies.