STANDARD OPERATING PROCEDURES

This Standard Operating Procedure (hereinafter referred to as “SOPs”) is effective from [INSERT DATE ON WHICH THE PROCEDURES COMES INTO FORCE] and applies to all the Employees of the [INSERT COMPANY NAME] (hereinafter referred to as “Us” or “We” or “Company”)

SOPs serves as a guiding framework that ensures a comprehensive and cohesive approach within our Company. It provides detailed instructions, promoting smooth operations and minimizing errors.

1. PURPOSE
   1. SOPs outline the clear standards and practices to be followed by every employee of the company, to ensure safe, ethical and responsible use of [INSERT COMPANY NAME] devices and financial resources. By upholding these values we can collectively contribute to the success of our company.
2. PRIVACY, PERSONAL DATA PROTECTION
   1. We respect privacy and we acknowledge customers, employees and other natural persons’ need to feel confident that their personal data is processed appropriately and for a legitimate business purpose. We are committed to comply with all personal data protection laws. We only acquire and keep personal information that is necessary and we give proper information on these activities to data owners. We implement proper security measures to assure confidentiality, integrity and availability of personal information.
3. CUSTOMER DUE DILIGENCE(CCD)
   1. Our Company will conduct CCD procedures, to assess and manage risks associated with our customers. Our Company will identify all customers before establishing a business relationship or conducting any transactions with the customers. This includes individuals, legal entities, and beneficial owners.
   2. We will verify the identity of customers using reliable and independent sources of information, which may include government-issued identification documents, official databases, or other trusted sources.
   3. We will continuously monitor customer transactions and activities to ensure they align with their established profiles and business relationships. Any discrepancies or unusual patterns will be investigated promptly and reported in accordance with our Anti-money laundering policy.
   4. All CDD documentation, including customer identification records and verification results, will be maintained securely and retained as per regulatory requirements.
4. RISK ASSESSMENTS
   1. The Company will conduct Risk Assessments to identify and evaluate fraud and money laundering activities within the Company.
   2. The Compliance team will analyze and document all the potential risks associated within and outside the Company and will take necessary steps to mitigate those money laundering risks.
   3. The Risk Management team will monitor regular updates and conduct Risk Assessments to mitigate those risks.
5. REPORTING SUSPICIOUS ACTIVITIES
   1. All Employees have a responsibility to promptly report any suspicious activities they encounter or become aware of during the course of their duties, to the designated Compliance officer or any senior member of the Company.
   2. The Compliance officer will investigate the reported activity to determine if they warrant further action, including filing suspicious activity with the appropriate authorities.
   3. All Suspicious Activity reports and related information will be kept confidential to the extent required by law and used solely for the required purposes.
   4. The Company will take reasonable measures to protect employees involved in reporting suspicious activities from potential threats or retaliation.
6. TRAINING AND DEVELOPMENT
   1. All Employees working within the Company will receive appropriate training to recognize and become aware of the risks associated with money laundering, terrorist financing and other financial crimes.
7. INFORMATION SECURITY
   1. Personal and Confidential information of the Company should be stored securely, whether in physical or electronic form, to prevent unauthorized access, use, or disclosure.
   2. Appropriate technical and organizational measures should be implemented to protect personal information against accidental or unlawful destruction, loss, alteration, or unauthorized access.
   3. Access to personal information should be restricted to authorized personnel on a need-to-know basis.
   4. All devices of the facility containing sensitive information and data must be secured by the security personnel when not in use. The devices or other systems of the facility such as computers or mobile devices must be encrypted, and password protected.
8. SECURITY AND PROTECTION OF COMPANY RESOURCES
   1. Data classified as highly confidential shall be backed up daily. This includes essential system Configuration, financial records and any other data identified as critical for ongoing operations.
   2. Company resources and assets, including equipment, technology, and facilities, should be used with care and only for business purpose and not for personal gain. Occasional personal use is permissible as long as it is lawful, does not affect job performance or disrupts workplace morale.
   3. Our books, records, accounts and financial statements must be maintained in appropriate detail, must truly and properly reflect our transactions. We condemn all forms of money laundering, so we are committed to do business with partners involved in legitimate business activities with funds derived from legitimate sources.
   4. All employees are obliged to follow appropriate security measures and they should treat company property, whether material or intangible, with respect and shouldn’t misuse company assets or use it carelessly.
9. REVIEW OF ACTIVITY LOGS
   1. Audit logs must be regularly reviewed by the designated Privacy Officer and Security Officer or their designees.
   2. Reviews should occur at least [INSERT FREQUENCY, E.G., QUARTERLY] or more frequently if suspicious activity is detected.
   3. Any unauthorized access or suspicious activity must be documented and reported to the appropriate authorities
10. RETENTION OF AUDIT LOGS
    1. Audit logs must be retained for at least [INSERT RETENTION PERIOD].
    2. Archived audit logs must remain protected and accessible for auditing and investigative purposes.
11. ACCESS CONTROL
    1. Access to audit logs and the ability to modify audit settings must be restricted to authorized personnel only.
12. INCIDENT REPORTING
    1. The Authorized Team or Incident Reporting Team will prepare a report regarding the type of incident including description of the breach, types of data affected and will take appropriate measures to mitigate and contain the incident, preserve evidence, and prevent further unauthorized access or damage.
    2. The Authorized team will conduct a thorough investigation to determine the root cause, identify the extent of the breach, and gather evidence for legal purposes.
    3. The team will take necessary measures to recover and restore compromised data while ensuring its integrity.
    4. Analyze the breach to identify vulnerabilities, gaps in data controls, and any systemic issues that need to be addressed.
    5. Conduct a post-incident review to evaluate the effectiveness of the response process and identify areas for improvement.
13. REMEDIAL MEASURES
    1. The Company will work diligently to resolve the incident, restore normal operations, and implement necessary corrective actions to prevent similar incidents in the future. Users affected by the incident will be provided with guidance and support as needed to mitigate potential harm or loss.
    2. Information related to security incidents will be handled with the utmost confidentiality to protect the Company and individuals involved. Employees reporting incidents will be protected from any retaliatory actions for their reporting in good faith. The Company will maintain records of all reported incidents, including details of the incident, investigation findings, and actions taken. These records will be used for analysis and improvement of security measures.
    3. The Company will comply with all applicable laws regarding breach notification and data protection and implement necessary measures to address identified vulnerabilities and strengthen data controls to prevent similar breaches in the future.
14. CONFIDENTIALITY, INFORMATION SECURITY, PROPRIETARY INFORMATION AND INTELLECTUAL PROPERTY
    1. We are committed to business information confidentiality, integrity and accessibility, we implement proper technical security measures this and it is our staff’s obligation to uphold this. Proprietary information includes all non-public information that might be harmful to the company or its customers, business partners if disclosed to unauthorized parties. All staff must handle any such information as secret. It also covers that, no one is entitled to trade with securities while in possession of non-public information or deliver non-public information to others that could have impact on the securities. Every rule ensuring information security must be followed all times.
    2. Employees must maintain the confidentiality of the company and client information. Sharing sensitive information with unauthorized individuals is strictly prohibited.
    3. We respect the property rights of others. We will not acquire or seek to acquire trade secrets or other proprietary or confidential information by improper means.
15. REVIEW AND CHANGES
    1. We reserve the right to update and make changes to this document from time to time based on the working conditions of the Company. The Company on updating will inform the members of the Company.
16. FURTHER INFORMATION
    1. For any queries or further Information regarding our Company or about this document the concerned person can contact us through email [INSERT EMAIL ADDRESS OF THE COMPANY].
17. ACKNOWLEDGEMENT
    1. We expect all employees to adhere to this document of the Company. The Company will apply this consistently and fairly to ensure a harmonious and productive workplace for all.
    2. By signing below, you acknowledge that you have carefully read and understood the terms and contents of this document.
    3. You acknowledge that you will follow the set guidelines of this document as well as of the Company and failure to do so; the Company can take required action against such person.

COMPANY                    

Authorized Signature

Print Name and Title

[INSERT SIGNING AUTHORITY AND DESIGNATION]