AML/KYC Policy

UmmahLeads is committed to preventing money laundering and terrorist financing across all operations. This Anti-Money Laundering (AML) and Know Your Customer (KYC) policy applies to all users, agents, merchants, and partners interacting with the UmmahLeads platform, including on-chain transactions on Polygon and off-chain payment processing. Our compliance framework is designed to meet or exceed FATF recommendations, EU AMLD6 requirements, and OIC financial standards.

All users are subject to a tiered due diligence process based on transaction volume and risk profile. Customer identification is performed through our KYC provider (Sumsub/Synaps) and linked to the user's wallet address.

All transactions are continuously monitored using automated systems. Monitoring covers: daily volume limits per user, pattern detection for structuring (smurfing), cross-reference against sanctions lists (OFAC SDN, UN Security Council, EU Sanctions), risk scoring based on country, transaction size, account age, and behavioral patterns. Alerts are generated for transactions exceeding $25,000 USD or matching suspicious activity patterns.

Transactions above $25,000 USD or matching suspicious patterns are automatically flagged for review. The compliance team reviews flagged transactions within 24 hours. If a Suspicious Transaction Report (STR) is warranted, it is filed with the appropriate Financial Intelligence Unit (FIU) within the statutory timeframe. Users will not be notified of STR filings to avoid tipping off. All STR records are maintained for a minimum of 5 years.

All wallet addresses are screened against OFAC Specially Designated Nationals (SDN) list, UN Security Council Consolidated Sanctions list, and EU Sanctions list. Screening is performed at onboarding and before each transaction. Matches result in immediate transaction blocking and escalation to the compliance officer. High-risk countries (Afghanistan, Myanmar, Syria, Yemen, North Korea, Iran, Somalia, Sudan) trigger automatic Enhanced Due Diligence requirements.

All KYC documents and identity verification records are retained for a minimum of 5 years after the end of the business relationship. Transaction records, including on-chain transaction hashes, are retained for a minimum of 7 years. Compliance check logs, including sanctions screening results and risk assessments, are retained for 5 years. All records are stored securely with encryption at rest and access controls limiting visibility to authorized compliance personnel.

All financial products on UmmahLeads are designed to comply with Islamic finance principles and are built for validation by a Sharia board and Islamic bank partners. No Riba (interest): all financing structures use cost-plus (Murabaha), lease (Ijara), or partnership (Musharaka) models. No Gharar (excessive uncertainty): all deal terms are transparent and disclosed upfront. No Maysir (gambling): no speculative instruments. Compliance with AAOIFI standards is designed to be verified through on-chain Sharia compliance certificates (ERC-721) issued by scholars and Islamic bank partners.

All UmmahLeads team members with access to customer data or transaction processing receive annual AML/KYC training. Training covers: identification of suspicious transactions, sanctions compliance, reporting obligations, data privacy requirements, and Islamic finance principles. Training records are maintained and available for regulatory inspection.

The UmmahLeads Compliance Officer is responsible for the implementation and enforcement of this policy. The compliance program is reviewed at least annually or whenever significant regulatory changes occur. Internal audits are conducted quarterly. Any material findings are reported to the board. This policy is publicly available at ummahleads.app/compliance and users are notified of material changes.