Fraud Risk Management & Suspicious Transaction Handling Policy.

This policy sets out the framework for identifying, investigating, and managing fraudulent, unauthorized, or suspicious transactions on Graph's platform. It also defines the procedures for customer offboarding, funds retention, and engagement with banking partners and regulators to ensure compliance with Anti-Money Laundering (AML) and Counter-Terrorist Financing (CFT) regulations

This policy applies to:

• All transactions processed through Graph's platform.
• Customers, merchants, and business partners using our payment services.
• Compliance, risk management, and finance teams handling flagged transactions.
• Engagement with banking partners, financial regulators, and law enforcement agencies

• Fraudulent Transaction: Any transaction flagged as unauthorized, inconsistent with a customer's business activity, or suspected to involve deceit or financial crime.
• Suspicious Activity: Any transaction that raises red flags based on transaction patterns, lack of documentation, or reports from financial institutions.
• Funds Retention Period: A period during which Graph holds funds related to a flagged transaction to allow for investigation and regulatory compliance.
• Offboarding: The permanent removal of a customer from Graph's platform due to non-compliance, fraud risks, or regulatory concerns

4.1 Transaction Monitoring

Graph employs a risk-based approach to monitor and flag transactions that exhibit:

• High-volume or high-value transfers inconsistent with the customer's stated business activity.
• Multiple inbound or outbound payments from unrelated entities.
• Transactions involving high-risk jurisdictions or sectors flagged under AML/CFT regulations

4.2 Initial Review Process:

Once a transaction is flagged, the Compliance Team will:

1. Review transaction history, customer KYC/KYB documents, and risk profile.
2. Engage the customer to request supporting documentation, including contracts, invoices, and delivery proofs.
3. Assess responses to determine if the transaction is legitimate or indicative of fraud

4.3 Escalation & Decision-Making

If the customer cannot provide sufficient justification for the flagged transaction, Graph will:

• Engage the sending/receiving banks to verify the authenticity of the transaction.
• Determine whether to retain or return the funds based on the nature of the transaction and regulatory requirements.
• Report the case to relevant authorities if fraud or financial crime is suspected.

A customer will be offboarded from Graph's platform if they:

1. Fail to provide adequate supporting documents for flagged transactions.
2. Exhibit repeated patterns of suspicious transactions.
3. Engage in activities that violate AML/CFT regulations or pose reputational risks.
4. Are formally reported by financial institutions for fraud-related issues.

5.1 Offboarding Process

• The Compliance Team will issue a final notice informing the customer of their removal.
• The customer's account will be permanently disabled, preventing future transactions.
• The decision will be documented internally and shared with relevant financial partners.

Graph retains funds related to flagged transactions for a period of up to 90 days to allow for:

• Regulatory and banking partner engagement to verify the legitimacy of the transaction.
• Potential chargebacks or disputes from affected parties.
• Law enforcement or financial regulator investigations where necessary

6.1. Handling of Retained Funds

During the retention period, Graph may:

• Refund the funds if the transaction is confirmed as unauthorized or fraudulent.
• Release the funds if no wrongdoing is established after due diligence.
• Escalate to regulatory authorities if the case involves potential financial crime.

• Graph will promptly inform banking partners of flagged transactions and compliance measures taken.
• If fraud is confirmed, we will cooperate with regulators, law enforcement, and financial institutions to ensure proper resolution.
• We will maintain an open communication channel with banking partners to prevent fraudulent entities from exploiting our platform

• This policy will be reviewed annually to align with evolving AML/CFT regulations and industry best practices.
• All employees handling compliance matters must undergo regular training on fraud risk management.
• Failure to adhere to this policy will result in internal disciplinary actions and potential regulatory reporting.

Any exception to this policy must be approved by senior management and legal counsel to ensure compliance with applicable regulations.

Graph is committed to maintaining the integrity of financial transactions by actively preventing fraud and unauthorized activities. This policy serves as a guiding framework for ensuring compliance, protecting stakeholders, and fostering a secure financial ecosystem.