Vestra KYC/AML Policy

1. Introduction and Policy Statement

Vestra is committed to preventing money laundering, terrorist financing, and other illicit financial activities on its platform. This Know Your Customer (KYC) and Anti-Money Laundering (AML) Policy outlines the procedures and controls Vestra implements to comply with applicable laws and regulations, protect its users, and maintain the integrity of the financial system. Vestra recognizes the critical importance of robust KYC/AML measures in the fractional real estate investment sector, where the potential for misuse of funds necessitates stringent oversight. This policy applies to all Vestra employees, contractors, agents, and users of the Vestra platform.

2. Legal and Regulatory Framework

Vestra operates under a strict adherence to relevant international and national KYC/AML laws and regulations. These include, but are not limited to:

• The Bank Secrecy Act (BSA) (31 U.S.C. § 5311 et seq.) and its implementing regulations (31 CFR Chapter X): This foundational U.S. law requires financial institutions to assist U.S. government agencies in detecting and preventing money laundering. It mandates recordkeeping, reporting of suspicious activities, and customer identification programs.
• The USA PATRIOT Act of 2001: This act significantly strengthened AML provisions, particularly Section 326, which requires financial institutions to implement customer identification programs (CIPs) to verify the identity of any person seeking to open an account.
• The Financial Crimes Enforcement Network (FinCEN) Regulations: FinCEN, a bureau of the U.S. Department of the Treasury, issues comprehensive regulations and guidance for financial institutions regarding AML compliance, including beneficial ownership requirements. 
• FATF Recommendations: The Financial Action Task Force (FATF) sets international standards to prevent illegal activities and the harms they cause to society. Vestra aligns its policies with FATF's 40 Recommendations on AML and Counter-Terrorist Financing (CTF). 
• Relevant State Laws: Vestra also complies with specific state-level regulations pertaining to financial services and real estate, which may include additional licensing or reporting requirements.

3. Customer Identification Program (CIP)

Vestra's CIP is designed to form a reasonable belief that it knows the true identity of each customer. This program is a cornerstone of our AML efforts.

• 3.1. Information Collection:
  • For Individuals (KYC): Vestra collects the following minimum identifying information from each individual user:
    • Full Legal Name: As it appears on official identification documents.
    • Date of Birth: To confirm legal age and for identity verification.
    • Residential Address: A physical address, not a P.O. Box.
    • Nationality: To assess potential sanctions risks.
    • Government-Issued Identification Number: Such as a Social Security Number (SSN), Taxpayer Identification Number (TIN), passport number, or driver's license number. 
    • Email Address and Phone Number: For communication and account security.
    • Source of Funds/Wealth (SoF/SoW): For higher-risk customers or transactions exceeding certain thresholds, Vestra may request information and documentation regarding the origin of funds and overall wealth. This helps to ensure that funds are legitimate and not derived from illicit activities. 
  • For Entities (KYB - Know Your Business): For corporate or institutional investors, Vestra collects:
    • Full Legal Business Name: As registered with relevant authorities.
    • Business Registration Number/EIN: Employer Identification Number or equivalent.
    • Business Address: Physical location of the business.
    • Date of Formation/Incorporation.
    • Jurisdiction of Incorporation.
    • Nature of Business: Industry, primary activities.
    • Beneficial Ownership Information (BOI): Vestra identifies and verifies the identity of all natural persons who directly or indirectly own 25% or more of the equity interests of the entity, or who exercise significant control over the entity. This is in compliance with FinCEN's beneficial ownership rules. 
    • Identification of Key Personnel: Including directors, senior managing officials, and authorized signatories.
    • Organizational Documents: Such as Articles of Incorporation, Bylaws, Partnership Agreements, and Certificates of Good Standing.
    • Source of Funds/Wealth (SoF/SoW): As with individuals, for higher-risk entities or transactions, Vestra will request documentation regarding the origin of the entity's funds and wealth. 

• 3.2. Identity Verification Procedures:
  • Documentary Verification: Vestra requires users to upload clear, legible copies of government-issued identification documents. For individuals, this typically includes a valid passport, national ID card, or driver's license. For entities, this includes official registration documents. Documents must be current and unexpired.
  • Non-Documentary Verification: Where documentary evidence is insufficient or unreliable, Vestra employs non-documentary methods, which may include:
    • Verifying information through public databases or credit bureaus.
    • Contacting the customer directly via phone or email to confirm details.
    • Comparing information provided by the customer with information obtained from other sources.
    • Video verification or live selfie checks to match the user with their provided ID.
  • Dynamic KYC System: Vestra utilizes a dynamic KYC system that allows for customizable forms and robust admin controls. This system enables Vestra to adapt its verification requirements based on risk assessments, jurisdictional requirements, and evolving regulatory landscapes. 
  • Proof of Address: Users are required to provide proof of residential address, such as a utility bill, bank statement, or government-issued correspondence, dated within the last three months.

4. Risk-Based Approach

Vestra adopts a risk-based approach to AML, meaning that the intensity of its KYC and ongoing monitoring procedures is commensurate with the assessed risk of money laundering or terrorist financing posed by a customer or transaction.

• 4.1. Customer Risk Assessment: Vestra assigns a risk rating (e.g., low, medium, high) to each customer based on factors such as:
  • Geographic Risk: Countries identified by FATF as having strategic AML/CTF deficiencies or subject to sanctions. 
  • Customer Type Risk: Politically Exposed Persons (PEPs), individuals or entities from high-risk industries, or those with complex ownership structures.
  • Product/Service Risk: Certain investment products or transaction types may inherently carry higher risks.
  • Transaction Activity Risk: Unusual transaction patterns, large cash transactions, or frequent cross-border transfers.
• 4.2. Enhanced Due Diligence (EDD): For customers identified as high-risk, Vestra implements EDD measures, which may include:
  • Obtaining additional identifying information and documentation.
  • Conducting more extensive background checks, including adverse media searches.
  • Requiring additional information on the source of funds and wealth.
  • Obtaining senior management approval for establishing or continuing the relationship.
  • Increased ongoing monitoring of transactions and account activity.
• 4.3. Simplified Due Diligence (SDD): For customers identified as low-risk, Vestra may apply SDD measures, provided that the risk assessment clearly demonstrates a low risk of money laundering or terrorist financing. This may involve fewer verification steps, but Vestra will always maintain a reasonable belief of the customer's identity.

5. Ongoing Monitoring

Vestra conducts ongoing monitoring of customer accounts and transactions to detect and report suspicious activities.

• 5.1. Transaction Monitoring: Vestra employs automated and manual systems to monitor transactions for unusual patterns or deviations from expected activity. This includes:
  • Monitoring for large or unusual transactions that do not align with the customer's profile.
  • Detecting frequent transactions to or from high-risk jurisdictions.
  • Identifying structuring attempts (breaking down large transactions into smaller ones to avoid reporting thresholds).
  • Monitoring for rapid movement of funds, especially soon after account opening.
• 5.2. Customer Relationship Monitoring: Vestra periodically reviews customer information to ensure it remains accurate and up-to-date. This includes:
  • Regularly screening customer databases against sanctions lists (e.g., OFAC SDN List) and PEP lists. 
  • Updating customer risk assessments as circumstances change.
  • Requesting updated documentation if initial documents expire or if there are changes in beneficial ownership for entities.
• 5.3. Smart Automation & Analytics: Vestra leverages smart automation and analytics tools to enhance its monitoring capabilities, providing insightful reports on user activity, investment statistics, and system health, which aids in identifying potential AML red flags. 

6. Reporting Suspicious Activities

• 6.1. Suspicious Activity Reports (SARs): Vestra's employees are trained to identify and report suspicious activities. If any employee knows, suspects, or has reason to suspect that a transaction or activity involves funds derived from illegal activity, or is intended to conceal such activity, or is designed to evade BSA requirements, they are required to file a Suspicious Activity Report (SAR) with FinCEN. 
• 6.2. No Tipping Off: Vestra strictly prohibits "tipping off" any person involved in a suspicious transaction that a SAR has been filed or that an investigation is underway.

7. Record Keeping

Vestra maintains comprehensive records of all customer identification information, transaction data, and SARs for a minimum of five years, or longer if required by applicable law. These records are securely stored and readily accessible to authorized personnel and regulatory authorities upon request. 

8. Employee Training

All Vestra employees involved in customer onboarding, transaction processing, or compliance are required to undergo regular and comprehensive AML training. This training covers:

• The latest AML laws and regulations.
• Vestra's internal KYC/AML policies and procedures.
• How to identify red flags and suspicious activities.
• The process for reporting suspicious activities.
• The importance of data privacy and confidentiality.

9. Independent Audit and Compliance Officer

• 9.1. Independent Audit: Vestra's KYC/AML program is subject to independent review and audit by a qualified third party at least annually to assess its effectiveness and compliance with regulatory requirements.
• 9.2. Compliance Officer: Vestra has designated a qualified Compliance Officer responsible for overseeing the implementation and effectiveness of this KYC/AML Policy. The Compliance Officer serves as the primary point of contact for regulatory inquiries and is responsible for:
  • Developing and updating the KYC/AML Policy.
  • Monitoring compliance with relevant laws and regulations.
  • Overseeing the CIP and ongoing monitoring processes.
  • Ensuring timely and accurate SAR filings.
  • Providing ongoing AML training to employees.

10. Sanctions Compliance

Vestra is committed to complying with all applicable sanctions laws and regulations, including those administered by the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC). 

• 10.1. Screening: Vestra screens all customers and relevant third parties against OFAC's Specially Designated Nationals and Blocked Persons (SDN) List and other relevant sanctions lists at onboarding and on an ongoing basis.
• 10.2. Prohibited Transactions: Vestra will not engage in any transactions with individuals, entities, or jurisdictions subject to sanctions. Any identified matches will result in the immediate blocking of the account and reporting to the relevant authorities.

11. Data Privacy

Vestra handles all customer data in strict accordance with its Privacy Policy and applicable data protection laws (e.g., GDPR, CCPA). Customer information collected for KYC/AML purposes is used solely for these purposes and is protected against unauthorized access, disclosure, alteration, or destruction.

12. Policy Review

This KYC/AML Policy will be reviewed and updated at least annually, or more frequently as required by changes in laws, regulations, or Vestra's business operations.