Know Your Customer & Anti-Money Laundering Policy

1. Definitions

1.1 — AMLAnti-Money Laundering means the body of laws, regulations, and procedures designed to detect and prevent the practice of generating income through illegal actions and integrating such proceeds into the legitimate financial system.

1.2 — Beneficial OwnerUltimate Beneficial Owner (UBO) means any natural person who ultimately owns or controls a legal entity — directly or indirectly — through a shareholding of 25% or more, or by other means of control, as defined in Article 3(6) of EU Directive 2015/849 (4AMLD), as amended.

1.3 — CDDCustomer Due Diligence (CDD) means the process of identifying and verifying the identity of a customer and, where applicable, the beneficial owner; understanding the nature and purpose of the business relationship; and monitoring that relationship on an ongoing basis.

1.4 — EDDEnhanced Due Diligence (EDD) means additional measures applied to higher-risk customers, business relationships, or transactions in excess of standard CDD requirements, including but not limited to PEP status, high-risk jurisdictions, complex ownership structures, and high-value or atypical transactions.

1.5 — PEPPolitically Exposed Person means a natural person who is or has been entrusted with a prominent public function, and includes immediate family members and known close associates of such person, as defined in FATF Recommendation 12 and Article 3(9) of 4AMLD.

1.6 — SARSuspicious Activity Report means a mandatory report filed with the relevant financial intelligence unit (FIU) — UKFIU/NCA (UK), FinCEN (US), or equivalent — when a person has knowledge or suspicion that a transaction may involve the proceeds of criminal conduct.

1.7 — SanctionsSanctions means restrictive measures applied by one or more of OFAC (US), OFSI (UK), the European Union, the United Nations Security Council, or any other competent authority, including asset freezes, travel bans, trade embargoes, and sectoral restrictions.

2. Risk-Based Approach

2.1 — Policy BasisStratos applies a risk-based approach (RBA) as required by FATF Recommendation 1. The intensity of due diligence applied to any counterparty is proportionate to the assessed risk of money laundering, terrorist financing, or sanctions evasion presented by that counterparty.

2.2 — Risk FactorsThe following factors are assessed when determining the risk rating of a counterparty or transaction:

• Country or geographic risk — FATF high-risk jurisdictions, OFAC embargoed countries, EU and UN restricted territories
• Customer risk — PEP status, adverse media, complex or opaque ownership structures, shell companies
• Product and transaction risk — high-value commodities, cash-equivalent instruments, atypical payment routes
• Channel risk — correspondent banking, intermediary chains exceeding two hops, unregulated intermediaries
• Industry sector risk — commodities trading, natural resources, petroleum products, metals

2.3 — Risk ClassificationsCounterparties are classified into one of three risk tiers:

3. Customer Due Diligence — Corporate Entities

3.1 — Identity VerificationAll corporate counterparties must provide the following documentation before any transaction proceeds past the Letter of Intent (LOI) stage:

3.2 — Document StandardsAll documents must be: (a) in English or accompanied by a certified English translation; (b) dated within 90 days of submission unless the document is a constitutional document; (c) clear, legible, and unaltered; (d) apostilled or notarised where the originating jurisdiction requires authentication.

3.3 — IntermediariesIntermediaries, mandates, and brokers are subject to the same corporate CDD as principals. Where an intermediary presents on behalf of a disclosed principal, both the intermediary and the principal must complete independent CDD. Anonymous or undisclosed mandates will not be accepted.

4. Politically Exposed Persons (PEPs)

4.1 — IdentificationStratos screens all UBOs, directors, and authorised signatories against PEP databases as part of standard CDD. A "PEP" for the purposes of this Policy includes: heads of state, government ministers, senior judicial officers, senior military officials, senior executives of state-owned enterprises, and their immediate family members and known close associates.

4.2 — Treatment of PEPsWhere a counterparty is identified as, or is controlled by, a PEP:

• The transaction is automatically elevated to HIGH RISK classification
• Enhanced Due Diligence (EDD) is mandatory — see Section 5
• The source of wealth and source of funds must be documented and plausible
• Senior management approval is required before engagement proceeds
• The business relationship is subject to continuous enhanced monitoring

4.3 — Former PEPsIndividuals who have ceased to hold a prominent public function remain subject to PEP-level scrutiny for a minimum of 12 months following cessation of office, or longer where residual risk warrants continued monitoring. This aligns with FATF Recommendation 12 guidance on "former PEPs".

5. Enhanced Due Diligence (EDD)

5.1 — Trigger EventsEDD is applied whenever any of the following circumstances exist:

• The counterparty is classified as HIGH RISK under Section 2.3
• The counterparty is a PEP or is connected to a PEP (Section 4)
• The counterparty is domiciled or operating in a FATF high-risk or non-cooperative jurisdiction
• The transaction involves a jurisdiction subject to OFAC, EU, UN, or OFSI sanctions
• The corporate structure involves more than two layers of ownership without transparent justification
• Adverse media results are returned during screening
• The transaction value exceeds USD 5,000,000
• The payment route is indirect, involves a third-party payer, or uses jurisdictions with no commercial rationale

5.2 — EDD MeasuresIn addition to standard CDD requirements, EDD requires:

• Documented source of wealth for all UBOs ≥ 25%
• Documented source of funds for the specific transaction (e.g., audited accounts, investment statements)
• Written explanation of the commercial rationale for the transaction structure
• Independent reference from a regulated financial institution
• Senior management sign-off at Director level or above
• Ongoing enhanced monitoring with defined review frequency (minimum: per shipment)

6. Sanctions Screening

6.1 — Screening RequirementStratos conducts sanctions screening of all counterparties — principals, UBOs, intermediaries, vessels, and ports — against all applicable lists prior to engagement and at each material transaction stage. Screening is repeated if more than 30 days have elapsed since the last check.

6.2 — Watchlists Screened

• OFAC SDN List — US Office of Foreign Assets Control Specially Designated Nationals
• OFAC Sectoral Sanctions — SSI List (petroleum, defence, financial sectors)
• EU Consolidated Sanctions List — European External Action Service (EEAS)
• OFSI Consolidated List — UK Office of Financial Sanctions Implementation
• UN Security Council Consolidated List — All active UN sanctions regimes
• HM Treasury Sanctions List (UK)
• World Bank Debarment List — Sanctioned parties in development finance
• INTERPOL Notices — Red Notices for persons sought for serious crimes

6.3 — Excluded JurisdictionsStratos will not facilitate transactions involving, or with any counterparty domiciled or operating in, the following categories of jurisdiction:

• Countries subject to comprehensive OFAC embargo: Iran, North Korea, Cuba, Syria, the Crimea/Sevastopol region, Donetsk/Luhansk People's Republics
• Countries on the FATF "black list" (high-risk jurisdictions subject to a call for action)
• Countries on the FATF "grey list" (jurisdictions under increased monitoring) — subject to EDD at minimum
• Jurisdictions identified by the EU as high-risk third countries under Article 9 of 4AMLD

6.4 — Vessel & Port ScreeningFor petroleum, gas, and bulk liquid cargo transactions, Stratos additionally screens nominated vessels against the OFAC SDN vessel list, IMO/BIMCO records, and dark voyage histories (AIS gap analysis). Any vessel with an AIS gap exceeding 24 hours without credible explanation will not be accepted.

7. Transaction Monitoring & Red Flags

7.1 — Ongoing MonitoringStratos monitors active business relationships on an ongoing basis. The frequency of review is proportionate to the risk classification: LOW RISK — annual review; MEDIUM RISK — semi-annual review or per contract; HIGH RISK — per shipment with continuous adverse media monitoring.

7.2 — Red Flag IndicatorsThe following are treated as material red flags warranting immediate escalation and, where appropriate, SAR filing:

• Counterparty reluctant to provide identification documentation or corporate records
• Payment instructions directing funds to a third party with no clear commercial rationale
• Payment originates from or is routed through a sanctioned or high-risk jurisdiction
• Request to split payments across multiple accounts or currencies without business justification
• Transaction price materially inconsistent with prevailing market rates (above or below)
• Use of cash, cash-equivalents, or cryptocurrency for contract settlement
• Counterparty unable to demonstrate a credible end-use or business purpose for the commodity
• Intermediary chain with more than two disclosed hops between principal buyer and principal seller
• Pressure to complete KYC quickly or to bypass documentation requirements
• Counterparty linked to adverse media reports regarding fraud, corruption, or financial crime

8. Suspicious Activity Reporting (SAR)

8.1 — Reporting ObligationWhere Stratos knows, suspects, or has reasonable grounds to suspect that a transaction involves the proceeds of criminal conduct, terrorist financing, or sanctions evasion, a SAR will be filed with the appropriate FIU without delay. In the UK, this is the National Crime Agency (NCA) UK Financial Intelligence Unit (UKFIU). In the US, this is FinCEN. Applicable international equivalents will be notified in cross-border cases.

8.2 — Tipping-Off ProhibitionIn accordance with Section 333A of POCA 2002 (UK) and equivalent provisions in other jurisdictions, Stratos will not disclose to any counterparty — including the subject of the report — that a SAR has been filed or that a suspicion exists. Any counterparty that suspects it is the subject of a SAR inquiry is advised to seek independent legal counsel.

8.3 — Defence Against Money Laundering (DAML)Where a potential transaction may constitute money laundering under applicable law, Stratos may seek an "appropriate consent" or DAML from the NCA or equivalent authority before proceeding. Stratos reserves the right to suspend or terminate any transaction pending receipt of appropriate consent.

9. Record Keeping

9.1 — Retention PeriodAll KYC documentation, CDD records, transaction records, screening results, and any SAR filings are retained for a minimum of five (5) years from the date of the most recent transaction or the date the business relationship ends, whichever is later. This aligns with Article 40 of EU 4AMLD and Regulation 40 of UK MLR 2017.

9.2 — FormatRecords may be held in electronic format provided they remain legible, retrievable within a reasonable timeframe, and are stored with appropriate access controls and audit trail functionality. Paper originals are digitised and held in a secure document management system.

9.3 — Regulator AccessRecords will be made available to competent authorities — including the FCA (UK), FinCEN (US), HMRC (UK), or any EU member state equivalent — upon lawful request without undue delay.

10. Training & Governance

10.1 — MLROStratos has designated a Money Laundering Reporting Officer (MLRO) responsible for receiving internal suspicion reports, filing SARs, and maintaining oversight of compliance with this Policy. The MLRO is a senior member of the management team with direct access to the board.

10.2 — TrainingAll personnel involved in counterparty onboarding, transaction facilitation, or financial administration receive AML/KYC training upon commencement and on an annual basis thereafter. Training covers: recognition of red flags, document verification, sanctions screening procedures, SAR obligations, and tipping-off prohibitions.

10.3 — Policy ReviewThis Policy is reviewed at least annually and updated to reflect changes in applicable law, FATF guidance, and OFAC/EU/UN sanctions regimes. Any material change is communicated to all in-scope counterparties via the Stratos website and by direct notification where a current business relationship exists.

11. Consequences of Non-Compliance

11.1 — Transaction SuspensionStratos reserves the right to immediately suspend any transaction where a counterparty: (a) provides false or misleading KYC documentation; (b) fails to respond to a CDD request within 5 business days; (c) is identified on a sanctions watchlist; or (d) exhibits red flag behaviour under Section 7.2.

11.2 — TerminationA counterparty that fails to meet the KYC requirements of this Policy within a reasonable cure period, or that is determined to present an unacceptable AML/sanctions risk, will be permanently excluded from all Stratos trade routes and counterparty networks. No commercial obligation will be owed to any excluded counterparty.

11.3 — Liability DisclaimerStratos accepts no liability for delays, losses, or consequential damages arising from the application of this Policy, including but not limited to transaction suspensions pending KYC completion or SAR consent periods. Counterparties accept these terms by engaging with Stratos.