1. Introduction

This Know Your Customer (KYC) and Anti-Money Laundering (AML) Policy (“Policy”) sets forth the standards, procedures, and controls implemented by Vestra Holdings (“Vestra”, “we”, “us”, or “our”) to prevent the misuse of its real estate investment platform for money laundering, terrorist financing, fraud, or other illicit activities. This Policy is designed to ensure strict compliance with all applicable laws and regulations in the jurisdictions where Vestra operates, including but not limited to the United States Bank Secrecy Act (BSA), USA PATRIOT Act, Financial Action Task Force (FATF) Recommendations, European Union AML Directives, and relevant local requirements.

This Policy applies to all users (“Users”), employees, contractors, agents, partners, and affiliates of Vestra Holdings who access or use any part of the Vestra platform.

2. Regulatory Framework

Vestra Holdings is committed to maintaining a robust KYC/AML program that meets or exceeds industry standards as set by:

• The Financial Crimes Enforcement Network (FinCEN)
• The U.S. Securities and Exchange Commission (SEC)
• The Office of Foreign Assets Control (OFAC)
• FATF Recommendations
• EU AML Directives
• Applicable state-level real estate and financial regulations

We regularly review this Policy in light of evolving regulatory guidance and best practices.

3. Objectives

The objectives of this Policy are:

• To prevent Vestra’s services from being used for money laundering or terrorist financing.
• To identify Users accurately before establishing a business relationship.
• To monitor transactions for suspicious activity.
• To report suspicious transactions to appropriate authorities.
• To maintain comprehensive records as required by law.
• To train staff on their legal obligations regarding KYC/AML compliance.

4. Definitions

Money Laundering: The process of concealing the origins of illegally obtained funds so they appear legitimate.

Terrorist Financing: Providing financial support to individuals or organizations involved in terrorism.

Customer Due Diligence (CDD): Procedures for verifying the identity of Users.

Enhanced Due Diligence (EDD): Additional scrutiny applied to higher-risk Users or transactions.

Politically Exposed Person (PEP): An individual who holds a prominent public position or function.

5. Risk-Based Approach

Vestra adopts a risk-based approach (RBA) to KYC/AML compliance:

• User Risk Assessment: Each User is assessed based on factors such as country of residence, transaction size/frequency, source of funds, occupation, PEP status, etc.
• Product/Service Risk Assessment: Products/services are evaluated for inherent risks related to money laundering/terrorist financing.
• Ongoing Monitoring: Transactions are continuously monitored for unusual patterns.

Risk categories include: Low Risk; Medium Risk; High Risk. EDD is applied where higher risk is identified.

6. Customer Identification Program (CIP)

6.1 Individual Users

All individual Users must provide:

1. Full legal name
2. Date of birth
3. Residential address
4. Nationality/citizenship
5. Government-issued photo identification document (passport/national ID/drivers license)
6. Selfie verification or biometric check when required

6.2 Legal Entities

Entities must provide:

1. Full legal name and registration number
2. Registered office address
3. Certificate of incorporation/formation documents
4. List of directors/managers
5. Ultimate Beneficial Owner(s) (UBO) information:
   • Names
   • Dates of birth
   • Nationalities/citizenships
   • Ownership/control percentages (>25%)
6. Authorized signatories’ identification documents

6.3 Verification Methods

Verification may include:

• Document authentication using third-party providers
• Biometric checks/selfie verification
• Cross-referencing with government databases/sanctions lists
• Address verification via utility bills/bank statements

If discrepancies arise during verification or if documentation cannot be authenticated satisfactorily, account creation will be denied or suspended pending further review.

7. Ongoing Monitoring & Transaction Surveillance

Vestra employs automated systems and manual reviews to monitor User activity on an ongoing basis:

7.1 Transaction Monitoring

Transactions are monitored for:

• Unusually large deposits/withdrawals relative to User profile
• Rapid movement in/out without clear economic rationale
• Multiple accounts controlled by same User/IP/device fingerprinting
• Use of high-risk payment methods/countries/jurisdictions

7.2 Triggers for Enhanced Due Diligence

EDD is triggered if:

• A User is identified as a PEP or close associate/family member thereof.
• There are inconsistencies between declared source-of-funds and observed activity.
• Transactions involve high-risk countries/jurisdictions per FATF lists.

EDD measures may include additional documentation requests; interviews; closer monitoring; senior management approval prior to onboarding/high-value transactions.

7.3 Sanctions Screening & Watchlists

All Users are screened against OFAC lists; UN/EU sanctions lists; local law enforcement watchlists; Interpol Red Notices; known fraud databases at onboarding and periodically thereafter.

Accounts matching sanctioned individuals/entities will be frozen immediately pending investigation/reporting.

8. Recordkeeping & Data Retention

Vestra maintains detailed records for at least five years after account closure/last transaction as required by law:

Records include:

• All identification documents collected during onboarding/KYC updates;
• Records relating to beneficial ownership;
• Transaction logs;
• Suspicious Activity Reports (SARs);

Records are stored securely with restricted access only to authorized personnel.

9. Reporting Obligations

9.1 Suspicious Activity Reporting

If suspicious activity is detected—whether through automated alerts/manual review—Vestra’s Compliance Officer will investigate promptly.

Where warranted under applicable law/regulation, SARs will be filed with FinCEN or relevant national authority without notifying the User (“tipping off” prohibition).

9.2 Cooperation With Authorities

Vestra cooperates fully with law enforcement/regulatory agencies in investigations relating to money laundering/terrorist financing/fraud.

Requests for information from authorities will be handled confidentially and expeditiously within legal constraints.

10. Training & Awareness

All employees receive regular training covering:

• Money laundering risks specific to real estate investment platforms;
• Red flags/suspicious indicators;
• Procedures for reporting internal suspicions;

Training frequency: At least annually; more often if regulatory changes/new typologies emerge.

New hires must complete training before accessing sensitive systems/customer data.

11. Data Protection & Privacy

KYC data is collected/stored in accordance with applicable privacy/data protection laws including GDPR where relevant. Access is strictly limited; data breaches are reported per regulatory requirements.

Users have rights regarding their personal data as set out in our Privacy Policy but these do not override legal/regulatory obligations regarding record retention/disclosure for AML purposes.

12. Third Party Relationships & Outsourcing

Where Vestra engages third parties/vendors for KYC checks/payment processing/etc., we conduct due diligence on those providers’ own AML controls before engagement and periodically thereafter. Contracts require adherence to equivalent standards as set forth herein.

No outsourcing relieves Vestra Holdings from ultimate responsibility for compliance with this Policy/laws/regulations.

13. Review & Updates

This Policy is reviewed at least annually—or sooner if there are material changes in regulation/business model/risk environment—and updated accordingly by the Compliance Officer with Board oversight.

All changes communicated promptly via Platform/email notification.

Contact Information

For questions about this policy:
Phone: +63 946 449 8012
Email: support@vestraproperties.pro
Address: Aurora, CO, 80016 United States