Effective Date: December, 2025
Approved by: Board of Directors
1.1. Daya Labs Limited (“the Company” or “Daya”) is a digital asset technology company developing stablecoin-based software that enables users to buy and sell digital assets.
1.2. Daya also provides an avenue for users to store and transfer Digital Assets as conveniently and quickly as possible. To this end, we provide secure Digital Assets wallets, employ seamless payment methods, and host user information on secure servers
1.3. Daya transactions are carried out online and are facilitated by the users’ Nigerian bank accounts or Naira debit cards.
1.4. In order to protect Daya from the increasing danger of organized criminal activity, money laundering and terrorism financing, it is essential for the Company to have clearly laid down Know Your Customer, Anti-Money Laundering, and Combating the Financing of Terrorism Policies.
KYC is the process of a business identifying and verifying the identity of its customers. KYC is also about understanding the normal life and business practice of customers, because by developing and having this knowledge about the customers, one is able to recognize the clues and signals which will create the awareness of suspicious activities that may be occurring.
A customer for the purpose of this policy is an entity that has a business relation with the Company and any entity connected with a financial transaction, which can pose a significant risk to the Company.
Money laundering refers to any transaction that aims at concealing and/or changing the identity of criminal proceeds so that it appears to have been derived from legitimate sources. It has been identified as being done generally in three stages (Placement, Layering and Integration) and it involves creating a web of financial transactions so as to hide the origin and true nature of these funds. AML refers to a set of procedures, laws and regulations designed to stop the practice of concealing the source of illegally generated funds.
Placement: Introduction of the funds into the financial system. Layering: Creating a web of transactions and rotating the funds between various accounts so as to hide extinguish its true source. Integration: After rotating the funds, the money, now washed, appears to have a legitimate source.
CFT involves investigating, analyzing, deterring, and preventing sources of funding for activities intended to achieve political, religious, or ideological goals through violence and the threat of violence against civilians. By tracking down the source of the funds that support terrorist activities, law enforcement agents may be able to prevent some of those activities from occurring. Instead of trying to catch a criminal plotting or committing an act of terrorism through other means such as surveillance, law enforcement addresses the problem from the money side by detecting suspicious financial transactions and tracking down all the individuals and organizations involved in those transactions.
1.5. The development of a KYC/AML/CFT Policy (“this Policy”) is intended to address the following risks which may arise out of money laundering, terrorist financing and other organized criminal activities:
Risk of loss due to severe impact on Company’s reputation which is the most valuable asset of the Company;
Risk of loss due to failure to comply with key regulations governing the Company’s operations;
Risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events; and
Risk of loss due to any legal action the Company may face due to failure to comply with the law resulting in, adverse judgments, unenforceable contracts, fines and penalties generating losses, increased expenses for the Company or even winding-up of the Company.
2.1. The primary objective of this Policy is to prevent the Company from being used, intentionally or unintentionally, by criminal elements for money laundering activities or terrorism financing activities. Also, this Policy was developed for the following purposes amongst others:
2.2. This Policy expounds the Company’s policy and framework for customer due diligence (customer acceptance, customer categorization and risk management, customer identification and transactions monitoring), preservation of transaction records, and the reporting of suspicious activities to regulatory agencies.
2.3. This Policy shall provide continued guidance and safeguards to all our officers and employees, at various levels of establishing customer relationships, facilitation of transactions, and provision of effective customer service.
3.1. Our Customer Acceptance Procedure (“CAP”) is one of the most important part of our KYC guidelines, and the cardinal principle is that the Company shall not conduct transactions with anonymous persons or persons with fictitious names.
3.2. Customers are required to register or sign up, in order to open a Daya account. A Daya account comes with free and secure Digital Assets wallets that allows customers to manage their Digital Assets. With a Daya account, they can buy, sell and store Digital Assets safely and with no difficulties.
3.3. At sign up, customers are required to provide their real names (first name and last name), their Bank Verification Number (“BVN”), and bank account details. Customers are also required to provide their date of birth, and email address. Before a Daya account is created, an email is automatically sent to the email address provided by the customer. This email contains a link which the customer is required to click in order to confirm that he/she truly owns the email address that was provided.
3.4. In some instances, customers are required to provide copies of their driver’s license, international passport data page, national ID card, voter’s card, or other relevant means of identification, in order verify their identity.
3.5. The Company shall put in place measures for identifying ultimate beneficiaries of account and transactions on Daya. Where a customer is a nominee of another person or organisation, the Company shall endeavour to obtain the identification details of that person or organisation.
3.6. When dealing with a company or other registered entity, the Company shall obtain necessary details of incorporation or registration, details of ownership of the entity and any other relevant information.
3.7. The Company may at any time review requirements for sign up, and no accounts shall be opened or transactions conducted where the customer fails to submit the information required by the Company to verify the customer’s Identity.
3.8. No accounts shall be opened or transactions conducted where the customer provides information and documentation that are manifestly unreliable, or where the Company is unable to conduct the necessary due diligence with the provided information and documentation.
3.9. The Company shall not allow accounts to be opened or transactions to be conducted in cases where the identity of the customer matches with any person with known criminal background or with banned entities such as individual terrorists or terrorist organisations etc.
3.10. A customer with an already existing account may be called upon to update his information with the Company and/or provide new information, and the Company may suspend or close any existing account where necessary information or documentation is lacking.
3.11. Appropriate care shall be taken to ensure that the CAP does not become too restrictive for the customers.
3.12. All information collected from the customer for the purpose of opening an account are to be treated as confidential and details thereof are not to be divulged for cross selling or other purposes. It should be ensured that the information sought from the customers are relevant to the perceived risk, are not intrusive and are in conformity with global best practices.
4.1. The Company shall perform risk analysis based on the information available to it in respect of each customer, in order to determine where money laundering and terrorism financing risks exist. The Company shall also continuously review its operations, in order to identify its vulnerabilities and address them accordingly.
4.2. Risk assessment shall include a variety of factors, depending upon particular circumstances, including but not limited to the profile of each customer, the frequency and volume of transactions conducted by customers, and the nature, scale and complexity of the Company’s operations including geographical diversity.
4.3. The Company shall pay attention to any money laundering or terrorism financing threats that may arise from new or developing technologies, and take measures to prevent their use for money laundering or financing of Terrorism.
4.4. The Company’s customers shall be categorized based on perceived risk, into 3 (Three) categories – A, B, & C. Category A comprises of high risk customers, category B comprises of medium risk customers while category C comprises of low risk customers. None of these categories shall be exempted from the Company’s KYC procedures, irrespective of the status and relationship with the Company’s directors and employees.
4.5. High risk customers include but are not limited to politically exposed persons (“PEPs”), customers acting on behalf of PEPs, foreigners, persons residing outside Nigeria, persons with tainted reputation as per the available public information, firms with sleeping partners, antique dealers, money service businesses, dealers in arms, dealers in jewelry, customers based in high risk jurisdictions, jurisdictions that do not comply or sufficiently comply with the recommendations of the Financial Action Task Force on Money Laundering (“FATF”) on AML and CFT, and jurisdictions identified by FATF as having strategic deficiencies in compliance of AML/CFT standards.
4.6. Low risk customers include but are not limited to long-term customers, customers who conduct transactions with the Company and on Daya, regularly, entities whose identities and sources of wealth can be easily identified and all other persons not classified as high risk or medium risk customers.
4.7. It is important to note that the foregoing parameters for classifying customers are merely indicative and not sacrosanct. Therefore, risk perception and categorization will vary from customer to customer as the circumstances demand, and the transactions of each customer shall be analyzed on a case by case basis.
4.8. The risk perception will be reviewed from time to time based on which the customers may move from one category to another.
5.1. Customer identification implies identifying the customer and verifying his/her identity by using reliable, independent source documents, data or Information.
5.2. The Company shall identify a customer, whether permanent or occasional, natural or legal person or any other form of legal arrangements, using identification documents as may be prescribed in any relevant regulation. The Company shall verify the identity of customers using reliable and independent sources of data and information. Also, the Company shall take reasonable steps to identify the beneficial owners of accounts and transactions on Daya.
5.3. The Company has to be satisfied that a prospective customer is who he/she claims to be. It is, therefore, necessary to obtain sufficient information to establish the identity of each new customer. The risk profile of each customer would often determine the nature and amount of documentation required, in order for such customer to successfully open a Daya account or conduct transactions on Daya.
5.4. The Company shall undertake Customer Due Diligence (“CDD”) measures each time a new account is opened. The identities of customers are to be verified and confirmed using a combination of their phone number, BVN, and bank account details. In the event that a customer has changed the phone number attached to his/her BVN, the customer is required to undergo a manual verification by providing a copy of his/her driver’s license, international passport data page, national ID card, voter’s card, or other relevant means of identification.
5.5. After obtaining all the necessary information at the point of account opening, and verifying the identity of the customer, the Company is not required to repeatedly perform identification and verification exercise each time a customer conducts a transaction.
5.6. The Company shall however conduct Ongoing Due Diligence (“ODD”) in respect of the customer’s transactions even though his/her identity has been confirmed. The Company has a two-step verification in place for the customers, which is an extra layer of security that requires not only a customer’s password and username but also something that the customer has on his/her person, e.g. a mobile phone. The two-step verification requires the customer to enter a one-time password (“OTP”) sent to his/her phone each time the customer wants to buy Digital Assets, sell Digital Assets, send Digital Assets to another wallet.
5.7. The Company may at any time suspend or freeze the account or transaction of an existing customer where the customer needs to provides information and documentations required for KYC measures, or where illegal activity is suspected.
5.8. The Company shall undertake Enhanced Due Diligence (“EDD”) measures in respect of customers that are not in the low risk category. The Company shall also undertake EDD whenever there is any suspicion of money laundering or terrorism financing, irrespective of the amount involved.
5.9. EDD measures shall include but are not limited to making enquiries as to the customer source of income, and reporting the customer to the relevant regulatory authority for investigation. In cases where the customer’s KYC was performed by a third party, especially in the case cross border customers and customers who do not open a Daya account, it must be ensured that the said third party is a regulated and supervised entity and has adequate KYC systems in place.
5.10. In cases where the Company forms a suspicion of money laundering or terrorism financing, and reasonably believes that performing the EDD or other measure would tip off the customer, the Company shall not to pursue the EDD process. In such circumstances, the Company shall proceed with the transaction and immediately file a report with the relevant regulatory authority for investigation.
6.1. The monitoring of transactions on an ongoing basis will be a key element of KYC procedures so as to have an effective control and reduce the risk.
6.2. After an account is opened and the customer starts conducting transactions, it is essential that the customer’s transactions are monitored on an ongoing basis so as to achieve the ultimate objective of preventing the Company from being used, intentionally or unintentionally, by criminal elements for money laundering or terrorism financing activities.
6.3. An understanding of the normal and reasonable activity of a customer enables the Company to identify transactions that fall outside the regular pattern of activity. Transactions which do not fall within the ambit of the declared activity of the customer may be treated as suspicious and need to be reported to the appropriate regulatory authority.
6.4. The transactions of all customers, particularly high risk customers shall be monitored by the Company. Based on the risk perceptions, care will be taken to see whether there is any change in the pattern of transactions, whether the activity of the customer is reasonable, or whether there are any complex, unusually large transactions and unusual patterns which have no apparent economic or visible lawful purpose.
6.5. The Company may prescribe threshold limits for a particular category of accounts and pay particular attention to the transactions which exceed these limits. Transactions that involve large amounts of money inconsistent with the normal and expected activity of the customer shall particularly attract the attention of the Company, and the Company shall investigate or report such transactions.
6.6. The Company shall devise automated and manual means for monitoring customers’ transactions.
7.1. The Company shall for as long as it operates Daya, keep and maintain all necessary records of transactions (especially suspicious transactions), for at least 5 (Five) years following completion of the transactions.
7.2. The records of transactions to be maintained shall include the profile/identification of the customer and details of the transaction such as the date of transaction, parties to the transaction, types of currencies involved, and the identifying number of any account involved in the transaction. Such records shall be sufficient to permit reconstruction of individual transactions.
7.3. The Company shall evolve a system for proper maintenance and preservation of information in a manner that allows data (in hard and soft copies) to be retrieved easily and quickly whenever required or requested by the regulatory authorities.
7.4. The Company shall ensure that documents and information received from customers at registration or signup, are kept up to date and relevant by undertaking reviews of existing records, particularly for high risk customers.
8.1. The Company shall report to the relevant regulatory authority, within 7 (Seven) days, any single transaction, lodgement or transfer or receipt of funds by a customer, in excess of the sum of NGN20,000,000.00 (Twenty Million Naira) or its equivalent.
8.2. Where a transaction (whether completed or not) involves a frequency which is unjustifiable or unreasonable, or the transaction is surrounded by conditions of unusual or unjustified complexity, or the transaction appears to have no economic justification or lawful objective, or if in the opinion of the Company, the transaction is inconsistent with the known transaction pattern of any of the customers involved, that transaction shall be deemed suspicious and the Company shall immediately report the transaction to the relevant regulatory authority.
8.3. The report referred to in Clause 8.1 above is to be called a Currency Transaction Report (“CTR”) while the report referred to in Clause 8.2 is to be called a Suspicious Transaction Report (“STR”), and the Company shall take adequate steps to identify the relevant regulatory authority whom the aforesaid reports are to be presented to.
8.4. Where no events occur necessitating the presentation of a CTR or STR, the company shall file a “NIL Report” with the relevant regulatory authority on a monthly basis.
8.5. The Company shall maintain strict confidentiality in respect of any customer being investigated, and the Company shall not prejudice any investigation by informing or tipping off the concerned customer, directly or indirectly, about the investigation.
9.1. PEPs are individuals who are or have been entrusted with prominent public functions in a foreign country, e.g. Heads of States or of Governments, senior politicians, senior government/judicial/military officers, senior executives of state owned corporations, important political party officials, etc. Sufficient information should be gathered on any person/customer of this category intending to establish a relationship with the Company and all the information available on the person in the public domain should be checked.
9.2. The Company shall conduct EDD and ODD in respect of every PEP, his family members, his close relatives and associates who wish to open a Daya account or conduct transactions on Daya. The Company must be satisfied based on information gathered, that the PEP’s funds are not proceeds of financial misappropriation or other illegal act.
9.3. Where an existing customer or the beneficial owner of an existing customer’s account, subsequently becomes a PEP, the Company shall review the continued operation of the account, and if the Company permits the continued operation of the account, the account shall be subject to EDD on an ongoing basis.
9.4. The Company shall monitor both local and foreign PEPs.
10.1. The Company shall not conduct transactions with or enter into relationships with shell entities especially shell banks (i.e. a bank which is incorporated in a country where it has no physical presence and is unaffiliated to any regulated financial group). The Company shall also guard against establishing relationships with banks and financial institutions that permit their accounts to be used by shell entities.
10.2. The Company shall ascertain from publicly available information whether a bank or other entity has been subject to any money laundering or terrorism financing investigation or regulatory action.
10.3. The Company shall not transact or establish relationships with banks that do not possess licenses to operate in their countries of origin.
11.1. The Company shall develop programs to combat the laundering of the proceeds of a crime or other illegal acts and these shall include the designation of certain directors or staff as Compliance Officers, design and implementation of manual and automated monitoring procedures, relevant and regular training for employees, the centralization of information collected on customers.
11.2. The Compliance Officer shall supervise the monitoring of suspicious transactions and ensure the overall implementation of this Policy.
11.3. The Company shall also establish an internal audit unit to ensure compliance and effectiveness of this Policy and any other AML and CFT measures of the Company.
11.4. The Company shall also take adequate steps to prevent connivance between customers and employees. In order to prevent criminals taking up employment, necessary screening and background checks of employees shall be done at the point of recruitment.
12.1. The Company shall endeavour to educate customers about this Policy and the other KYC/AML/CFT measures of the Company. This is in light of the fact that customers are required to submit certain information which may be personal in nature. The Company shall guarantee customers that the information had and received shall not be misused.
12.2. The Company shall ensure that information sought from the customers are not intrusive but relevant to the perceived risk and in conformity with the governing laws and regulations.
12.3. Additional information, if any, will be obtained from the customer, wherever necessary, but with the customers’ consent.
12.4. The information obtained shall not be divulged for cross selling or any other purposes and the confidentiality of the information collected shall be maintained at all times.
12.5. While considering the requests for data/information from the government and other agencies, the Company shall satisfy itself that the information being sought is not of such a nature as will violate the legally enforceable rights of the customers.
13.1. This Policy shall be reviewed from time to time in order to adapt any relevant law or regulation, or other developments on the subject.
13.2. Any amendments to this Policy or the other KYC/AML/CFT measures of the Company, shall be communicated to the stakeholders such as the Company’s employees and customers.