{ New }Centili Maestro is live
All legal documents
Legal

AML & KYC Policy

How Centili Group Ltd. prevents, detects and reports money laundering, terrorist financing and related financial crime across its mobile-payments and content-monetisation business.

Last updated: 27 June 2026Effective: 1 June 2026

Overview & commitment

Centili Group Ltd. (“Centili”, “we”, “us” or “our”) is committed to the highest standards of integrity in the conduct of its business and to playing its part in preventing the use of its services for money laundering, terrorist financing, fraud or any other form of financial crime. We operate a direct-carrier-billing, mobile-payments, content-monetisation and SIM-security business that connects merchants, content providers and partners with mobile network operators across more than 280 carrier integrations. The flow of value through that ecosystem carries inherent financial-crime risk, and we manage that risk actively.

This Policy sets out the framework, controls and responsibilities through which we identify our customers and partners, understand the nature of their business, monitor activity for suspicious behaviour, and report concerns to the relevant authorities. It applies to every employee, officer, director, contractor and agent of Centili and is approved and overseen by senior management. We have zero tolerance for money laundering and terrorist financing, and we will not knowingly enter into or maintain a business relationship with any person or entity that seeks to misuse our services for unlawful purposes.

Where Centili acts through, or relies upon, regulated payment institutions, e-money institutions and mobile network operators, those partners operate their own statutory anti-money-laundering and customer-identification programmes. This Policy describes both the controls we apply directly and the manner in which we work alongside, and depend upon, those regulated partners.

Scope & regulatory framework

This Policy applies to all of Centili’s business activities, products, platforms and relationships, and to all personnel acting on our behalf, wherever located. It governs our onboarding of, and ongoing relationships with, corporate customers, merchants, content providers, aggregators, resellers and other commercial partners (together, “customers” or “partners”).

Centili is incorporated in England and Wales. Our anti-money-laundering and counter-terrorist-financing (“AML/CTF”) framework is designed to meet our obligations under, and to reflect the spirit of, the principal United Kingdom legislation and guidance, including:

  • the Proceeds of Crime Act 2002 (“POCA”), including the principal money-laundering offences and the obligation to report suspicions;
  • the Terrorism Act 2000, including the terrorist-financing and disclosure offences;
  • the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (the “MLR 2017”), as amended;
  • the Criminal Finances Act 2017, including the corporate offences of failing to prevent the facilitation of tax evasion;
  • the Sanctions and Anti-Money Laundering Act 2018 and related UK financial-sanctions regimes administered by the Office of Financial Sanctions Implementation (“OFSI”);
  • the Fraud Act 2006 and the Bribery Act 2010; and
  • applicable guidance from the Joint Money Laundering Steering Group (“JMLSG”), the Financial Conduct Authority and the National Crime Agency (“NCA”).

Where Centili provides services in, or to customers established in, other jurisdictions, we additionally have regard to applicable local AML/CTF requirements and to the standards of the Financial Action Task Force (“FATF”). This Policy should be read together with our Sanctions Policy, Acceptable Use Policy and Privacy Policy.

Risk-based approach

Consistent with the MLR 2017, Centili applies a risk-based approach. We focus our resources and the intensity of our controls where the risk of money laundering or terrorist financing is highest. We maintain a documented business-wide risk assessment that is reviewed at least annually, and more frequently where there is a material change in our products, customers, channels, geographies or the external threat environment.

Our risk assessment considers, among other factors:

  • Customer risk — the nature, ownership and transparency of the customer, the industry it operates in, its reputation, and whether it (or its beneficial owners) are politically exposed or otherwise high-risk;
  • Product and service risk — the characteristics of the services used, including settlement value, velocity, the use of intermediaries and the degree of anonymity involved;
  • Channel and delivery risk — whether onboarding and transactions are conducted face-to-face or remotely, and the controls applied by intermediating partners;
  • Geographic risk — the countries with which the customer is connected, including any that are subject to sanctions, identified by the FATF as high-risk, or otherwise associated with elevated corruption or financial-crime risk; and
  • Transaction risk — patterns, volumes and values that are inconsistent with the customer’s expected profile.

Each customer is assigned a risk rating (typically low, standard or high). That rating determines the level of due diligence applied at onboarding and the intensity and frequency of ongoing monitoring. Ratings are reviewed on a periodic basis and on the occurrence of trigger events.

Customer due diligence (CDD)

Before establishing a business relationship, and at appropriate intervals thereafter, Centili conducts customer due diligence. We do not onboard a customer, and will not continue a relationship, where we are unable to complete the required due diligence to our satisfaction. As Centili’s customers are predominantly corporate entities and commercial partners, our standard CDD for a corporate customer collects and verifies the following:

Information collectedPurpose
Full legal name, trading name(s), registered and operating addressesIdentify the legal entity
Company registration number and country of incorporation; certificate of incorporation and constitutional documentsVerify legal existence and standing
Evidence of registered office and principal place of businessConfirm location and establishment
Identity of directors and senior managing officials, with proof of identity and, where required, addressIdentify those who direct the entity
Identity of ultimate beneficial owners (“UBOs”) — natural persons who own or control, directly or indirectly, more than 25% of the entity, or who otherwise exercise controlUnderstand ownership and control structure
Ownership and control structure, including any holding companies, trusts or nominee arrangementsSee through complex structures
Nature of business, expected products used, anticipated transaction volumes/values and source of fundsEstablish the purpose and intended nature of the relationship
Relevant licences, regulatory permissions or registrationsConfirm the customer is lawfully able to operate
Government-issued photographic identity documents for individuals (directors, signatories, UBOs)Verify identity of connected individuals

We verify identity using reliable, independent source documents, data or information, which may include official registers (such as Companies House), reputable electronic identity-verification and corporate-registry providers, and certified copies of original documents. We identify and take reasonable measures to verify the identity of every beneficial owner so that we are satisfied we know who the beneficial owner is, including understanding the ownership and control structure of the customer. Where a person purports to act on behalf of a customer, we verify their identity and authority to act.

Simplified and enhanced due diligence

Simplified due diligence (SDD)

Where our risk assessment identifies that a particular relationship, product or transaction presents a low degree of risk, and where permitted by the MLR 2017, we may apply simplified due diligence. SDD does not mean no due diligence: we still identify the customer, but we may adjust the extent, timing or type of verification to reflect the lower risk. SDD is not applied where there is any suspicion of money laundering or terrorist financing, or where any higher-risk factor is present. Examples of potentially lower-risk customers include companies listed on a regulated market subject to disclosure requirements, and regulated credit or financial institutions established in jurisdictions with effective AML/CTF regimes.

Enhanced due diligence (EDD)

We apply enhanced due diligence in any higher-risk situation, including where the MLR 2017 requires it. EDD involves obtaining additional information and applying additional scrutiny. Circumstances triggering EDD include:

  • the customer, a beneficial owner, or a connected person is a politically exposed person (“PEP”), a family member or a known close associate of a PEP;
  • the customer or transaction involves a high-risk third country identified by the FATF or in UK law;
  • the ownership or control structure is unusually or unnecessarily complex or opaque, or involves nominee shareholders or bearer instruments;
  • the relationship is conducted in unusual circumstances, or the customer’s activity is inconsistent with its stated business profile;
  • there are adverse-media findings or other reputational concerns; or
  • any other factor that, in our assessment, presents a higher risk of money laundering or terrorist financing.

EDD measures may include:

  • obtaining further information on the customer, its beneficial owners and the intended nature of the relationship;
  • establishing the source of funds and source of wealth involved in the relationship and transactions;
  • obtaining senior-management approval to establish or continue the relationship;
  • conducting enhanced ongoing monitoring of the relationship; and
  • seeking additional independent, verifiable documentary evidence.

Ongoing monitoring

CDD is not a one-off exercise. Centili conducts ongoing monitoring of every business relationship throughout its life cycle to ensure that activity remains consistent with our knowledge of the customer, its business and its risk profile, and to identify activity that may be unusual or suspicious. Ongoing monitoring includes:

  • scrutinising transactions and settlement flows to ensure they are consistent with the expected nature of the relationship and the customer’s profile;
  • keeping CDD documents, data and information up to date through periodic reviews, the frequency of which is driven by the customer’s risk rating;
  • re-screening customers, directors and beneficial owners against sanctions, PEP and adverse-media data on an ongoing basis; and
  • reviewing relationships on the occurrence of trigger events, such as a change of ownership or control, a material change in activity, or the emergence of adverse information.

Where ongoing monitoring identifies activity that we cannot satisfactorily explain, we escalate the matter internally in accordance with the reporting procedures below.

Politically exposed persons (PEPs)

A politically exposed person is an individual who is, or has been, entrusted with a prominent public function, together with their family members and known close associates. Because PEPs may present a higher risk of involvement in bribery and corruption, Centili screens customers, their directors and their beneficial owners for PEP status at onboarding and on an ongoing basis.

Where a customer or a connected person is identified as a PEP, we:

  • apply enhanced due diligence, including establishing the source of funds and source of wealth involved;
  • obtain approval from senior management before establishing or continuing the relationship; and
  • conduct enhanced ongoing monitoring for the duration of the relationship.

We apply a risk-based and proportionate approach to PEPs, recognising that PEP status alone is not a basis to refuse or terminate a relationship; rather, it triggers additional scrutiny.

Sanctions screening

Centili screens customers, beneficial owners, directors, connected parties and relevant counterparties against applicable sanctions lists, including the UK Sanctions List maintained pursuant to the Sanctions and Anti-Money Laundering Act 2018 and administered by OFSI, and other relevant regimes. Screening is performed at onboarding and on an ongoing basis, and is re-run when sanctions lists are updated. We will not establish or maintain a relationship with, or process a transaction for, any person who is the target of financial sanctions, and we freeze and report assets and report matters to OFSI where required.

Our full approach to financial sanctions, asset freezes and export controls is set out in our Sanctions Policy, which forms part of this AML/CTF framework.

Transaction monitoring & red flags

Centili monitors settlement and transaction activity, including activity flowing through its mobile-network-operator and payment partners, to identify patterns that may indicate money laundering, terrorist financing or fraud. Monitoring combines automated controls with human review and is calibrated to the risk profile of the relationship.

Indicators (“red flags”) that may prompt further enquiry or escalation include, without limitation:

  • transaction volumes or values that are inconsistent with the customer’s stated business or expected profile;
  • sudden, unexplained changes in activity, including rapid increases in volume or value;
  • structuring — splitting transactions to avoid thresholds or detection;
  • flows to or from high-risk jurisdictions, sanctioned territories or unrelated third parties;
  • unusual settlement instructions, or requests to route funds through accounts inconsistent with the relationship;
  • reluctance to provide, or provision of false or inconsistent, identification or beneficial-ownership information;
  • activity with no apparent lawful or economic purpose;
  • indicators of fraud, account takeover, or misuse of carrier-billing or premium-content services; and
  • adverse media or intelligence concerning the customer or a connected person.

Personnel who identify a red flag must escalate it promptly to the Nominated Officer in accordance with the reporting procedures below, and must not take any step that could amount to tipping off.

Record-keeping

Centili keeps records of CDD information, supporting documentation, ongoing-monitoring activity, risk assessments, internal escalations and reports, and the supporting transaction records, so that we can demonstrate compliance with our obligations and assist law enforcement. Records are retained securely and in a manner consistent with our Privacy Policy and data-protection obligations under the UK GDPR and the Data Protection Act 2018.

Record typeRetention period
CDD records (identity, beneficial ownership, verification evidence)Five years from the end of the business relationship
Transaction records supporting a transactionFive years from the date the transaction is completed
Internal suspicion reports and Suspicious Activity Reports (SARs)At least five years, subject to any law-enforcement requirement
Training records, risk assessments and policy versionsRetained to evidence the operation of the framework

Where the law permits or requires a longer retention period — for example, at the request of the NCA or another competent authority — records are retained accordingly. Personal data is not kept for longer than necessary for the purposes for which it was collected, save where retention is required by law.

Reporting — internal escalation, the MLRO and SARs

Internal escalation

Any employee, officer, contractor or agent who knows or suspects, or has reasonable grounds to know or suspect, that a person is engaged in money laundering or terrorist financing, or that property represents the proceeds of crime, must report the matter promptly and confidentially to Centili’s Nominated Officer. The duty to report arises whenever the threshold of knowledge or suspicion is met; it is not for the reporting individual to investigate or to decide whether a crime has in fact occurred.

The Nominated Officer / MLRO

Centili appoints a Nominated Officer (also referred to as the Money Laundering Reporting Officer, or “MLRO”) who is responsible for receiving internal reports, evaluating them and deciding whether a disclosure must be made to the National Crime Agency. The Nominated Officer has the necessary seniority, independence and access to information to discharge this role. Internal reports to the Nominated Officer may be made via compliance@centili.co.uk.

Suspicious Activity Reports (SARs) to the NCA

Where, having considered an internal report, the Nominated Officer concludes that there are grounds for knowledge or suspicion of money laundering or terrorist financing, the Nominated Officer makes a Suspicious Activity Report (“SAR”) to the National Crime Agency. Where it is necessary to proceed with a transaction that may constitute a prohibited act, a defence against money laundering (consent) is sought from the NCA before proceeding, and the relevant statutory moratorium and notice periods are observed.

Tipping-off

It is a criminal offence under POCA to make a disclosure that is likely to prejudice an investigation (“tipping off”), or to prejudice an investigation by destroying or concealing documents. Personnel must not disclose to a customer, or to any third party, that an internal report or a SAR has been made or is being considered, or that a money-laundering investigation is or may be contemplated. All internal escalations and SAR-related matters are treated as strictly confidential and handled only through the Nominated Officer.

Staff training

Centili provides AML/CTF training to all relevant personnel at induction and on a regular basis thereafter. Training is proportionate to each individual’s role and ensures that personnel understand the law relating to money laundering and terrorist financing, our risk-based approach and controls, how to recognise and handle potentially suspicious activity, the obligation to report to the Nominated Officer, and the personal and corporate consequences of failing to comply. We maintain records of the training provided. Training content is updated to reflect changes in law, regulation, guidance and the evolving threat environment.

Third parties & reliance

Centili operates as part of a payments ecosystem. Many transactions are initiated, authorised, processed or settled through regulated mobile network operators, payment institutions and e-money institutions, each of which is subject to its own statutory AML/CTF obligations and customer-identification programmes. We conduct risk-based due diligence on these partners and rely on their regulated status and controls as part of our overall framework, while retaining responsibility for our own obligations.

Where Centili relies on a third party to apply elements of customer due diligence, it does so only where permitted by the MLR 2017, where the third party is appropriately regulated and supervised, and on terms under which the third party agrees to provide the relevant CDD information and supporting documentation immediately on request. Such reliance does not relieve Centili of ultimate responsibility for compliance. We do not enter into relationships with anonymous or shell entities that have no genuine business purpose.

Governance & responsibility

Overall responsibility for Centili’s AML/CTF framework rests with senior management, which approves this Policy, allocates adequate resources to its operation, and oversees the management of financial-crime risk. The Nominated Officer / MLRO is responsible for the day-to-day operation of the framework, including the receipt and assessment of internal reports and the making of SARs. Compliance, supported as appropriate by independent assurance, monitors the effectiveness of the controls and reports to senior management.

This Policy is reviewed at least annually, and whenever there is a material change in our business, our risk profile or applicable law, to ensure it remains effective and up to date. Every employee, officer, contractor and agent is responsible for complying with this Policy and for cooperating fully with the Nominated Officer and with any enquiry or investigation.

Consequences of non-compliance

Money laundering and terrorist-financing offences are serious crimes that carry significant penalties, including substantial fines and imprisonment for individuals. Failure to comply with applicable AML/CTF law may also expose Centili to regulatory sanctions, financial penalties and serious reputational harm.

Any employee, officer, contractor or agent who fails to comply with this Policy — including failing to report a suspicion to the Nominated Officer, or committing a tipping-off offence — may face disciplinary action up to and including dismissal or termination of engagement, in addition to any personal criminal or civil liability. Centili reserves the right to suspend, restrict or terminate any customer or partner relationship, and to decline or reverse any transaction, where doing so is necessary to comply with this Policy or applicable law, and to report relevant matters to the authorities.

Contact

Questions about this Policy, requests relating to due diligence, and matters concerning anti-money-laundering and counter-terrorist-financing compliance — including reports to the Nominated Officer — should be directed to Centili Group Ltd.’s compliance team at compliance@centili.co.uk.

You may also write to us at our registered office: [Registered office address — to be confirmed], United Kingdom. For data-protection enquiries, please see our Privacy Policy; for sanctions matters, see our Sanctions Policy.