Anti-Money Laundering (AML) Policy

Definitions for AML Policy – Buffon Services LLC

To ensure clarity and compliance, the following definitions apply throughout this AML policy:

1. Money Laundering (ML)

The process of disguising the origins of illicitly obtained funds to make them appear legitimate. It typically involves three stages:

  • Placement - Introducing illicit funds into the financial system.
  • Layering - Conducting a series of complex transactions to obscure the money's origin.
  • Integration - Reintroducing the "cleaned money into the legitimate economy.

2. Terrorist Financing (TF)

The act of providing, collecting, or processing funds with the intent to support terrorist activities. Unlike money laundering, terrorist financing often involves smaller amounts and can include legally obtained funds.

3. Know Your Customer (KYC)

A regulatory requirement mandating financial institutions to verify the identities of customers before offering services. KYC includes:

  • Customer Identification Program (CIP) - Collecting and verifying key identity information.
  • Customer Due Diligence (CDD) - Assessing customer risk profiles.
  • Enhanced Due Diligence (EDD) - Additional scrutiny for high-risk customers.

4. Customer Due Diligence (CDD)

The process of identifying and verifying customers, assessing their risk level, and monitoring their transactions for suspicious activity.

5. Enhanced Due Diligence (EDD)

A deeper level of scrutiny is applied to high-risk customers, including those linked to politically exposed persons (PEPs), high-risk jurisdictions, or unusual transaction patterns.

6. Politically Exposed Person (PEP)

An individual with a prominent public position or close association with such a person may present a higher risk for bribery, corruption, or money laundering.

7. Beneficial Owner

The natural person(s) who ultimately owns or controls an entity, regardless of the registered legal owner. Beneficial ownership transparency helps prevent shell company abuse.

8. Suspicious Activity Report (SAR)

A report filed with regulatory authorities (e.g., Financial Crimes Enforcement Network - FinCEN) when a transaction or activity appears unusual, inconsistent with a customer's profile, or potentially linked to illicit activities.

9. Office of Foreign Assets Control (OFAC)

An individual with a prominent public position or close association with such a person may present a higher risk for bribery, corruption, or money laundering.

10. Sanctions Screening

An individual with a prominent public position or close association with such a person may present a higher risk for bribery, corruption, or money laundering.

11. Structuring (Smurfing)

A money laundering tactic where large transactions are broken into smaller amounts to avoid detection and reporting thresholds.

12. Transaction Monitoring

A compliance process that involves continuously analyzing customer transactions to detect potentially suspicious behavior, including large cash deposits, rapid fund movements, or transactions with high-risk countries.

13. Ultimate Beneficial Owner (UBO)

The individual(s) who ultimately owns or controls a legal entity, typically holds a minimum ownership stake (e.g., 25%). Identifying UBOS is a key component of AML compliance.

14. Shell Company

A legal entity with little or no business operations is often used to obscure ownership or launder money.

15. High-Risk Jurisdiction

Countries identified by regulatory bodies (e.g., Financial Action Task Force - FATF) as having weak AML/CTF controls, require enhanced due diligence.

16. Correspondent Banking

A financial relationship where one bank provides services on behalf of another, often involving cross-border transactions. Such relationships pose a high AML/CTF risk and require enhanced scrutiny.

17. Digital Identity Verification

A process that uses technology (e.g., biometric data, Al-based document verification) to confirm the identity of customers in remote transactions, ensuring compliance with KYC requirements.

18. Fraudulent Transactions

Any transaction conducted using stolen credentials, forged documents, or misrepresentation with the intent to deceive and cause financial harm.

19. Payment Aggregator

A financial entity (such as Buffon Services LLC) that facilitates transactions between merchants and customers by processing payments on behalf of multiple businesses under a single account. Payment aggregators must implement strong AML measures to prevent illicit use of their platforms.

20. Reporting Thresholds

Regulatory limits set for mandatory reporting of transactions to authorities, such as:

  • Currency Transaction Report (CTR) - Transactions exceeding $10,000 must be reported to FinCEN.
  • Suspicious Activity Report (SAR) - Any transaction that raises suspicions of money laundering or terrorist financing must be reported, regardless of amount.

These definitions provide clarity and ensure all stakeholders understand key AML/CTF concepts, supporting Buffon Services LLC's compliance efforts

1. Purpose and Scope

Buffon Services LLC is committed to preventing money laundering (ML), terrorist financing (TF), and violations of U.S. economic sanctions through its payment aggregation services. As a Payment Aggregator, the Company facilitates transactions between merchants and customers, making it crucial to implement robust compliance measures in line with U.S. federal regulations.

This AML policy is designed to:

  • Establish a framework for detecting and preventing illicit financial activities.
  • Ensure compliance with federal laws, including the Bank Secrecy Act (BSA), USA PATRIOT Act, and regulations enforced by the Office of Foreign Assets Control (OFAC).
  • Define the responsibilities of employees, merchants, customers, and third-party service providers in maintaining AML/CTF compliance.

1.1 Scope of the Policy

This policy applies to all individuals and entities involved in Buffon Services LLC's payment processing ecosystem, including:

  • Employees, Officers, and Agents Those responsible for processing payments, conducting due diligence, and ensuring compliance with AML procedures.
  • Merchants and Customers - Businesses and individuals utilizing the platform to send and receive payments.
  • Third-Party Service Providers - External vendors assisting with payment processing. identity verification (KYC), and transaction monitoring.

2. Regulatory Framework

Buffon Services LLC operates as a Payment Aggregator and complies with various U.S. laws and regulations designed to prevent money laundering (ML), terrorist financing (TF). and financial crimes. These regulations establish compliance obligations, including customer due diligence (CDD), transaction monitoring, reporting suspicious activities, and implementing internal controls to mitigate financial crime risks.

  • The Bank Secrecy Act (BSA), 1970, as amended by the USA PATRIOT Act, 2001, mandates financial institutions, including payment processors, to establish AML programs. It requires record-keeping, reporting of large or suspicious transactions, and enhanced due diligence (EDD) for high-risk customers. The USA PATRIOT Act further strengthens AML measures by expanding law enforcement capabilities to combat terrorist financing and cross-border money laundering.
  • The Anti-Money Laundering Act of 2020 (AMLA 2020) introduced stricter compliance obligations, including corporate transparency requirements and increased enforcement measures. This law enhances FinCEN's ability to monitor financial institutions and imposes higher penalties for AML violations. Buffon Services LLC must ensure robust internal controls and regular risk assessments to comply with these evolving requirements.
  • The Financial Crimes Enforcement Network (FinCEN) enforces AML regulations and oversees compliance for money services businesses (MSBs) and payment processors. Companies must register with FinCEN, monitor transactions for suspicious activity, and file Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs) as required. Failure to comply with FinCEN's regulations can lead to severe penalties, including business restrictions.
  • The Office of Foreign Assets Control (OFAC) administers and enforces economic and trade sanctions against individuals, organizations, and countries involved in financial crimes or terrorism. Buffon Services LLC must screen all transactions against the Specially Designated Nationals (SDN) List and block any transactions involving sanctioned parties to avoid violations of U.S. sanctions laws.
  • The Foreign Corrupt Practices Act (FCPA), 1977, prohibits bribery and corruption of foreign officials to secure business advantages. Payment processors must ensure that merchants, employees, and third-party partners do not engage in illicit financial practices. Any indication of bribery or corruption must be investigated and reported to regulatory authorities.
  • The Federal Trade Commission (FTC) Guidelines for Payment Processors outline due diligence measures to prevent fraud and financial abuse. Payment aggregators must implement merchant verification procedures, monitor transactions for fraudulent patterns, and take proactive steps to mitigate risks. High chargeback rates, unusual transaction volumes, or repeated fraud complaints must trigger enhanced monitoring and corrective actions.
  • Additionally, Buffon Services LLC must adhere to state-specific money transmitter laws, which may require obtaining licenses in various jurisdictions. The Corporate Transparency Act (CTA), 2021, the Gramm-Leach-Bliley Act (GLBA), 1999, and the Electronic Fund Transfer Act (EFTA), 1978 also impose legal requirements related to customer identity verification, data privacy, and electronic payment protections. Ensuring compliance with these federal and state regulations is critical to maintaining regulatory approval and avoiding enforcement actions.

3. Governance and Accountability

Buffon Services LLC maintains a strong governance structure to oversee and ensure compliance with Anti-Money Laundering (AML), Counter-Terrorist Financing (CTF), and sanctions regulations. Clear roles and responsibilities are assigned to senior management, compliance personnel, and employees to maintain an effective financial crime compliance program. This governance framework ensures that AML obligations are met at all levels of the organization.

3.1 Board of Directors Oversight

The Board of Directors holds ultimate responsibility for overseeing the company's AML/CTF and sanctions compliance efforts. They set the tone for a strong compliance culture and ensure that financial crime risks are effectively managed. The Board's key responsibilities include:

  • Approval and Review of Policies:Formally approving the AML/CTF and Sanctions Compliance Policy and ensuring periodic updates to reflect regulatory changes and emerging risks.
  • Monitoring AML Program Effectiveness:Regularly reviewing reports and key risk indicators (KRIs) related to AML compliance, including suspicious activity trends, regulatory filings, and audit findings.
  • Ensuring Adequate Resources:Allocating sufficient financial, technological, and human resources to support an effective AML compliance framework. This includes approving budgetary allocations for AML tools, transaction monitoring systems, and personnel training.
  • Holding Senior Management Accountable:Ensuring that executive leadership and compliance personnel fulfill their AML obligations, including adherence to FinCEN, OFAC, and other regulatory requirements.
  • Reviewing Internal and External Audit Reports:Engaging independent auditors or compliance consultants to assess AML program effectiveness and taking corrective action based on audit recommendations.
  • Approving Risk-Based Approach to AML:Evaluating and approving the company's Risk-Based Approach (RBA) to AML compliance, which categorizes customers and transactions based on their level of risk exposure.

The Board must receive regular briefings from the Compliance Officer on significant AML risks, regulatory updates, and internal control measures to address vulnerabilities.

3.2 Compliance Officer Responsibility

Buffon Services LLC designates a Compliance Officer (CO) with full authority to oversee AML, CTF, and sanctions compliance. The Compliance Officer acts as the primary point of contact between the company and regulatory bodies such as FinCEN, OFAC, and state regulators.

The Compliance Officer's responsibilities include:

  • Developing and Enforcing AML Policies:Establishing, implementing, and updating AML/CTF policies and procedures in accordance with federal and state regulations.
  • Suspicious Activity Monitoring and Reporting:Ensuring that all transactions are monitored for red flags and filing Suspicious Activity Reports (SARs) with FinCEN when necessary. Transactions involving sanctioned entities must be reported to OFAC, and appropriate actions such as blocking or rejecting payments must be taken.
  • Know Your Customer (KYC) and Due Diligence Oversight: Supervising customer due diligence (CDD) and enhanced due diligence (EDD) procedures to verify customer identities and assess financial crime risks. Ensuring compliance with Customer Identification Program (CIP) requirements under the USA PATRIOT Act.
  • Transaction Monitoring and Risk Assessments:Overseeing the use of AML software and automated tools for real-time transaction screening, behavioral analytics, and risk scoring. Conducting periodic risk assessments to identify and address AML vulnerabilities.
  • Training and Awareness Programs:Implementing mandatory AML training for all employees, including front-line staff, customer service representatives, and senior management. Training must cover recognizing suspicious activities, reporting obligations, and compliance with OFAC sanctions lists.
  • Regulatory Reporting and Communication: Serving as the liaison between the company and regulatory agencies, responding to information requests, and submitting required compliance reports.
  • Ensuring Internal Audit and Testing: Coordinating periodic independent audits and internal reviews to evaluate the effectiveness of the AML program. Addressing deficiencies and implementing corrective actions.
  • Record-Keeping and Documentation:Maintaining transaction records, KYC documentation, and regulatory filings in accordance with FinCEN's record retention requirements (minimum of five years).

The Compliance Officer reports directly to the Board of Directors and provides quarterly updates on the status of the AML program, key risk areas, and recommended improvements. Additionally, the Compliance Officer must have the authority to take action on AML-related issues without interference, ensuring independence in compliance oversight.

3.3 Additional Governance Considerations

To further strengthen governance and accountability, Buffon Services LLC may implement the following best practices:

  • 1.Establishment of an AML Compliance Committee -Comprising senior executives from compliance, legal, risk management, and operations, this committee can support the Compliance Officer in strategic decision-making and risk mitigation efforts.
  • 2. Whistleblower and Internal Reporting Mechanism -Employees should have a confidential, non-retaliatory process to report AML violations or suspicious activity.
  • 3. Vendor and Third-Party Oversight -Ensuring that third-party service providers, including payment processors and banking partners, comply with AML requirements through contractual obligations and ongoing due diligence.
  • 4. Annual Board Training on AML Obligations - Keeping the Board informed of evolving financial crime risks and compliance expectations through dedicated training sessions.

4. Risk Assessment and Risk-Based Approach (RBA)

Buffon Services LLC adopts a Risk-Based Approach (RBA) to ensure that AML efforts are proportional to the level of risk posed by customers, transactions, and business activities. This approach aligns with guidance from the Financial Crimes Enforcement Network (FinCEN) and international best practices outlined by the Financial Action Task Force (FATF).

An Enterprise-Wide Risk Assessment (EWRA) is conducted regularly to identify and mitigate risks associated with money laundering (ML), terrorist financing (TF), and financial crimes. The EWRA enables the company to apply enhanced due diligence (EDD) where necessary and allocate compliance resources effectively.

4.1 Risk Factors Considered

Buffon Services LLC evaluates multiple risk factors to determine the overall financial crime exposure of its business, customers, and transactions. Key risk factors include:

1. Customer Risk

  • The nature of the customer relationship (e.g., individual vs. business account, domestic vs. international).
  • The volume, frequency, and value of transactions initiated by the customer.
  • Verification status (whether the customer has passed Know Your Customer (KYC) and Enhanced Due Diligence (EDD) checks).
  • Presence on watchlists, including OFAC's Specially Designated Nationals (SDN) List and FinCEN's 314(a) List.
  • Customers with previous Suspicious Activity Reports (SARS) filed against them.

2. Geographic Risk

  • Countries where customers, merchants, or payment recipients are located.
  • Transactions involving high-risk jurisdictions as designated by the FATF (e.g., Iran, North Korea, Syria, Russia, and other sanctioned nations).
  • Transactions involving U.S. government embargoed nations and entities under OFAC sanctions.
  • Cross-border transactions, particularly those to non-cooperative tax jurisdictions or regions are known for financial secrecy.

3. Product and Service Risk

  • Risks associated with the payment aggregation model, where multiple merchants use the company's platform for processing payments.
  • Cross-border remittances and cryptocurrency-related transactions, which are often targeted for ML/TF.
  • Digital wallets, prepaid cards, and alternative payment methods, which may present higher anonymity risks.
  • Transactions involving high-risk industries such as gambling, adult services, cash-intensive businesses, and shell companies.

4. Transaction Risk

  • The size and frequency of transactions (e.g., unusually large, round-figure, or structured payments that may indicate money laundering).
  • Complexity of transactions, including multiple intermediaries or payments routed through offshore accounts.
  • Unusual behavior, such as a customer attempting to process transactions just below reporting thresholds (structuring or smurfing).
  • Payments to or from unknown third parties or those inconsistent with a customer's transaction history.

By considering these factors, Buffon Services LLC develops risk profiles for customers and transactions, allowing for enhanced due diligence (EDD) and transaction monitoring where necessary.

4.2 Risk Classification

Based on the risk assessment, Buffon Services LLC categorizes customers, merchants, and transactions into three risk levels:

1. Low-Risk Customers

  • Individuals or businesses that have undergone full Customer Due Diligence (CDD) and verification.
  • Domestic transactions with transparent and predictable transaction patterns.
  • Customers with a consistent transactional history and no prior suspicious activity.
  • Entities operating in low-risk industries, such as salaried professionals, local retailers, or regulated financial institutions.

2. Medium-Risk Customers

  • Customers with moderate transaction volumes or occasional high-value transactions.
  • Businesses operating in moderate-risk industries (e.g., e-commerce, software services, hospitality).
  • Cross-border transactions involving non-high-risk jurisdictions.
  • Customers flagged for minor inconsistencies during KYC verification but not presenting immediate AML concerns.
  • Transactions involving multiple third parties but remaining within expected industry norms.

3. High-Risk Customers

  • Politically Exposed Persons (PEPs), their close associates, and family members.
  • Customers or businesses with transactions originating from or routed through high-risk jurisdictions.
  • Entities operating in cash-intensive or high-risk industries (e.g., cryptocurrency exchanges, casinos, real estate, money services businesses (MSBs), and shell companies).
  • Customers with frequent large transactions or activity inconsistent with their declared business purpose.
  • Merchants with previous suspicious activity reports (SARS) filed against them.
  • Customers using anonymizing tools (e.g., VPNs, proxies) or suspicious payment methods.

High-risk customers and merchants are subject to Enhanced Due Diligence (EDD), stricter transaction monitoring, and periodic reviews.

4.3 Risk Mitigation Strategies

To manage and mitigate AML risks effectively, Buffon Services LLC employs the following measures:

  • 1. Automated Risk Scoring System - Using Al-driven risk assessment tools to dynamically score customers and transactions based on AML risk indicators.
  • 2. Enhanced Due Diligence (EDD) for High-Risk Customers - Additional verification steps, source of funds checks, and ongoing monitoring for high-risk customers.
  • 3. Transaction Monitoring and Pattern Analysis - Al-based analytics to detect unusual activity, flagging transactions for manual review if necessary.
  • 4. Restricted Business List - Blocking or imposing additional scrutiny on businesses operating in high-risk industries (e.g., money remittance services, shell companies, virtual assets).
  • 5. Geographic Risk Controls - Implementing transaction restrictions for sanctioned or high-risk countries as per OFAC, FATF, and U.S. State Department guidelines.
  • 6. Periodic Risk Review and Updates - Conducting annual risk assessments and updating policies in response to emerging threats and regulatory changes.

5. Customer Due Diligence (CDD) and Know Your Customer (KYC) Procedures

Buffon Services LLC enforces Customer Due Diligence (CDD) and Know Your Customer (KYC) procedures to verify the identity of customers, assess potential risks, and ensure compliance with FinCEN regulations, the USA PATRIOT Act, and OFAC sanctions requirements. These measures help prevent money laundering (ML), terrorist financing (TF), fraud, and financial crime.

5.1 Initial Due Diligence

The company follows a risk-based approach (RBA) in conducting KYC before onboarding any customer or merchant. The level of due diligence varies based on the customer's risk profile.

Individual Customers:

  • Full name, date of birth, and government-issued ID (e.g., passport, driver's license).
  • Proof of residential address (e.g., utility bill, bank statement).
  • Employment details or declared business purpose.
  • Source of funds (SOF) and source of wealth (SOW) verification (if applicable for medium/high-risk customers).
  • Screening against OFAC's SDN List, FinCEN 314(a) List, and other global sanctions/watchlists.

Corporate Merchants:

  • Business name, Employer Identification Number (EIN), and incorporation documents.
  • Articles of incorporation, business license, and corporate governance documents.
  • Ultimate Beneficial Owner (UBO) identification - Any individual holding 25% or more ownership must be verified.
  • Verification of directors and authorized signatories.
  • Industry risk classification - Companies operating in high-risk industries (e.g., cryptocurrency, gambling, cash-intensive businesses, remittance services, shell companies) undergo additional scrutiny.

KYC information is collected and validated using third-party verification services, government databases, and document authentication tools such as Veriff and sanctions.io.

5.2 Enhanced Due Diligence (EDD)

For high-risk customers, transactions, and industries, Buffon Services LLC applies Enhanced Due Diligence (EDD) measures to mitigate financial crime risks.

EDD Triggers:

  • Customers identified as Politically Exposed Persons (PEPs) or having close ties to a PEP.
  • Transactions involving high-risk jurisdictions as designated by FATF and OFAC.
  • Business entities with complex ownership structures that obscure beneficial ownership.
  • Customers with inconsistent transactional behavior or prior suspicious activity reports (SARS).

EDD Procedures:

  • In-depth verification of ownership structures - Corporate entities must provide full disclosure of their shareholders and business activities.
  • Detailed review of source of funds (SOF) and source of wealth (SOW) - High-risk customers must provide supporting documentation (e.g., tax returns, business financials, bank statements).
  • Heightened screening for negative media and regulatory actions - Customers undergo adverse media checks for financial crime exposure.
  • Ongoing monitoring with periodic risk reassessment High-risk accounts are reviewed more frequently to detect emerging risks.
  • Senior management approval - Onboarding of high-risk clients requires explicit approval from Buffon Services LLC's Compliance Officer or MLRO.

5.3 Ongoing Monitoring

KYC compliance is not limited to initial onboarding. Buffon Services LLC ensures that customer activities remain consistent with their stated profile through continuous monitoring and periodic reviews.

Real-Time Transaction Monitoring:

  • Automated AML monitoring systems analyze transaction patterns for unusual activity.
  • Transactions are flagged based on predefined risk indicators, such as rapid movement of funds, structuring, round-dollar transactions, and transactions to high-risk regions.
  • Transactions are screened against OFAC and global sanctions lists in real-time.

Periodic Account Reviews:

  • High-risk accounts are subject to frequent audits and reviews to identify potential discrepancies or suspicious behavior.
  • Dormant or irregularly used accounts are re-evaluated to ensure continued compliance with AML policies.
  • Customers whose risk profiles change over time (e.g., involvement in new high-risk business activities) may be subject to additional scrutiny.

By implementing CDD, EDD, and Ongoing Monitoring, Buffon Services LLC ensures regulatory compliance, reduces exposure to financial crime, and strengthens its AML risk management framework.

6. Transaction Monitoring and Suspicious Activity Reporting (SARS)

Buffon Services LLC implements a risk-based transaction monitoring system to detect, investigate, and report suspicious activities related to money laundering (ML), terrorist financing (TF), fraud, and other financial crimes. The company adheres to Bank Secrecy Act (BSA) regulations, FinCEN guidelines, and OFAC sanctions requirements to ensure proactive compliance with U.S. AML laws.

6.1 Monitoring Procedures

Buffon Services LLC employs automated transaction monitoring tools that analyze financial activity in real time. These tools use predefined rules, Al-driven analytics, and risk-based thresholds to flag potentially suspicious transactions.

Key Monitoring Indicators:

  • Rapid movement of funds between accounts - Transactions that lack a legitimate business purpose.
  • High-volume transactions inconsistent with customer profiles - Significant deviations from expected behavior based on KYC data.
  • Transactions involving high-risk jurisdictions - Payments linked to OFAC-sanctioned countries, FATF high-risk jurisdictions, or regions known for illicit financial activity.
  • Structuring and layering attempts - Transactions deliberately structured to evade regulatory thresholds (e.g., multiple small cash deposits under the reporting limit).
  • Unusual frequency of large or round-dollar transactions - Especially when there is no clear economic rationale.
  • Transactions involving cryptocurrency or cash-intensive businesses - Higher risk of untraceable financial flows.

Automated vs. Manual Reviews:

  • Automated systems flag transactions based on pre-configured AML rules and red flag indicators.
  • Compliance analysts manually review flagged transactions to determine if further investigation is required.
  • High-risk transactions are escalated for additional scrutiny or Suspicious Activity Report (SAR) filing.

6.2 Suspicious Activity Reporting (SARS)

When a transaction meets the criteria for suspicious activity, Buffon Services LLC is legally required to report it to FinCEN within a defined timeframe.

Filing Requirements for SARS:

  • SARS must be filed within 30 calendar days from the date suspicious activity is detected.
  • If additional details are needed for the investigation, the company may take up to 60 days to file, provided that evidence gathering is ongoing.
  • All SARS must be kept confidential - Disclosing a SAR filing to the subject of the report is strictly prohibited under BSA and USA PATRIOT Act regulations.

Criteria for Filing SARS:

  • Transactions inconsistent with customer profiles - Activities that do not align with a customer's declared business operations or financial capacity.
  • Structuring or attempts to evade reporting thresholds - Splitting large transactions to avoid detection.
  • Unusual patterns of large or rapid fund transfers - Especially those routed through multiple jurisdictions or involving high-risk industries.
  • Use of multiple accounts without logical explanation - Opening and closing accounts frequently without clear economic rationale.
  • Transactions linked to sanctioned individuals or entities - Matches found in OFAC's Specially Designated Nationals (SDN) List.

Escalation and Internal Reporting:

  • Employees must immediately escalate any suspicious activity to the Compliance Officer or Money Laundering Reporting Officer (MLRO).
  • Compliance teams conduct an internal review before determining whether an SAR filing is necessary.
  • Law enforcement cooperation - SARS may be shared with relevant U.S. authorities, including FinCEN, FBI, OFAC, and the Department of Justice (DOJ), when required.

7. Sanctions Compliance (OFAC) Program

Buffon Services LLC is committed to maintaining a robust sanctions compliance program in line with the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) regulations. The company ensures that all customers, merchants, and transactions are screened against OFAC sanctions lists to prevent dealing with sanctioned individuals, entities, or jurisdictions.

The Sanctions Compliance Program (SCP) follows a risk-based approach, leveraging automated tools and real-time transaction monitoring to identify potential violations and ensure compliance with U.S. laws.

7.1 OFAC Screening

Buffon Services LLC conducts mandatory screening of all customers, merchants, and transactions against OFAC sanctions lists before account approval and during transaction processing.

Customer and Merchant Screening:

All individuals and entities are screened against the following OFAC-maintained lists:

  • Specially Designated Nationals (SDN) List - Identifies individuals, businesses, and organizations prohibited from conducting financial transactions in the U.S.
  • Sectoral Sanctions Identifications (SSI) List - Includes entities subject to specific restrictions under sectoral sanctions programs.
  • Consolidated Sanctions List - A comprehensive list containing all OFAC sanctions programs, including the Non-SDN Palestinian Legislative Council (NS-PLC) List and Foreign Sanctions Evaders (FSE) List.

Real-Time Transaction Screening:

  • All transactions are screened in real-time using automated compliance software.
  • Transactions that match sanctioned persons, entities, or jurisdictions are immediately flagged for review.
  • Geo-blocking measures are applied to prevent payments to or from sanctioned countries (e.g., North Korea, Iran, Syria, and Russia's sanctioned regions).

7.2 Blocked or Rejected Transactions

Buffon Services LLC takes strict action when transactions are found to involve sanctioned entities or jurisdictions.

Blocking Transactions:

  • Transactions involving Specially Designated Nationals (SDNs) or entities subject to comprehensive OFAC sanctions are blocked immediately.
  • Funds related to blocked transactions are held in a designated blocked account as required by OFAC regulations.

Rejecting Transactions:

  • Transactions that violate OFAC regulations but do not require blocking (e.g., certain sectoral sanctions restrictions) are rejected and returned to the sender.

Payments associated with entities on the Sectoral Sanctions Identifications (SSI) List may be restricted but not necessarily blocked, depending on the transaction type.

OFAC Reporting:

  • Blocked or rejected transactions must be reported to OFAC within 10 business days.
  • An annual report of blocked property must be submitted to OFAC by September 30 each year.
  • Detailed records of all blocked and rejected transactions are maintained for at least five years as per OFAC recordkeeping requirements.

Buffon Services LLC remains committed to strict adherence to OFAC regulations to prevent financial crime, regulatory violations, and reputational risks. The company continuously updates screening protocols to reflect new sanctions developments, ensuring full compliance with U.S. economic and trade sanctions laws.

8. Merchant and Third-Party Due Diligence

Buffon Services LLC enforces a comprehensive due diligence process for merchants and third-party service providers to mitigate financial crime risks, including money laundering, terrorist financing, fraud, and sanctions violations. The company follows a risk-based approach (RBA) to assess the legitimacy, compliance standards, and risk exposure of each merchant and third party before onboarding.

Strict due diligence measures help identify and prevent high-risk activities, ensuring compliance with AML/CTF regulations, OFAC sanctions requirements, and industry best practices.

8.1 Merchant Onboarding Procedures

Before onboarding a merchant, Buffon Services LLC conducts a thorough risk assessment to verify its business legitimacy, financial integrity, and compliance status. The onboarding process includes the following steps:

Verification of Business Legitimacy:

  • Obtain and verify incorporation documents, EIN, and business licenses.
  • Confirm the physical existence of the business (e.g., office address, operational facilities).
  • Review the merchant's business model to identify potential high-risk activities.

Owner and Key Management Screening:

  • Identify and verify the Ultimate Beneficial Owners (UBOs) holding 25% or more ownership.
  • Conduct background checks on directors and key management personnel.
  • Screen individuals and entities against OFAC sanctions lists and PEP databases.

Site Visits and Background Checks:

  • Conduct physical or virtual site visits for high-risk merchants to confirm operational legitimacy.
  • Perform adverse media checks to identify any negative news or reputational risks.
  • Verify business relationships with banks and payment service providers (PSPs).

AML/CTF Compliance Review:

  • Assess the merchant's AML/CTF program, including internal controls and reporting mechanisms.
  • Review prior compliance history, including regulatory fines or enforcement actions.
  • Ensure the merchant has KYC procedures in place for its customers.

8.2 Third-Party Service Providers

Buffon Services LLC relies on third-party service providers for payment processing, fraud detection, and compliance support. To ensure regulatory compliance and mitigate third-party risks, the company applies rigorous due diligence measures.

Due Diligence on Third-Party Processors and Partners:

  • Verify the registration, licensing, and financial standing of third-party providers.
  • Conduct screening against global sanctions lists, adverse media, and legal records.
  • Assess the third party's AML/CTF policies, transaction monitoring controls, and reporting procedures.

Contractual Obligations for Compliance:

  • Ensure contracts include AML/CTF and sanctions compliance clauses.
  • Require third-party service providers to comply with U.S. AML regulations (e.g., BSA, FinCEN requirements).
  • Establish clear roles and responsibilities for detecting and reporting suspicious transactions.

Periodic Compliance Audits of Third-Party Vendors:

  • Mandate regular audits and compliance assessments for critical third-party partners.
  • Require access to transaction records and compliance reports for oversight.

9. Recordkeeping and Audit Trail

Buffon Services LLC maintains comprehensive recordkeeping and audit trail procedures to ensure regulatory compliance, operational transparency, and risk management. These procedures are designed to support AML/CTF compliance, facilitate regulatory investigations, and provide historical transaction data for internal audits and risk assessments.

The company adheres to the Bank Secrecy Act (BSA), FinCEN requirements, and OFAC regulations, ensuring that all records are accurate, securely stored, and readily accessible for audits, regulatory reviews, and law enforcement requests.

9.1 Record Retention Requirements

Buffon Services LLC is required to maintain and preserve financial and compliance-related records for a minimum of five years from the date of the transaction, account closure, or customer relationship termination. This ensures that the company meets legal and regulatory obligations while allowing for retrospective reviews of transactions and customer activity.

The records retained include:

Customer Due Diligence (CDD) and Know Your Customer (KYC) Records:

  • Customer identification documents (e.g., passports, driver's licenses, national IDs).
  • Proof of address documents (e.g., utility bills, bank statements).
  • Customer risk assessments and due diligence reports.
  • Ultimate Beneficial Owner (UBO) information for corporate clients.

Transaction Records:

  • Transaction details (e.g., sender/receiver names, account details, transaction amounts, timestamps).
  • Payment methods used (e.g., wire transfers, credit cards, digital wallets).
  • Foreign exchange rates applied, if applicable.
  • Transaction monitoring alerts and investigations.

Suspicious Activity Reports (SARS) and OFAC Compliance Records:

  • Filed SARS and related investigative documents.
  • Records of blocked or rejected transactions due to OFAC sanctions.
  • Correspondence with regulatory agencies regarding compliance matters.

Internal and External Communication Records:

  • Correspondence with customers, regulators, financial institutions, and law enforcement agencies.
  • Internal emails and memos related to compliance and risk management.
  • Meeting minutes of compliance and risk committees.

9.2 Secure Storage and Accessibility of Records

Buffon Services LLC implements strict security controls to ensure records are protected against unauthorized access, tampering, or loss.

Digital and Physical Storage:

  • Electronic records are stored in encrypted databases with access controls.
  • Paper records (if applicable) are kept in secure, access-controlled locations.
  • Backup systems ensure redundancy and disaster recovery capabilities.

Access Control Measures:

  • Role-based access controls (RBAC) restrict access to compliance and audit personnel.
  • Audit logs track all access to sensitive records to prevent unauthorized changes.
  • Multi-factor authentication (MFA) is required for system access.

9.3 Audit Trail and Internal Review Process

Buffon Services LLC maintains a detailed audit trail to track financial transactions, compliance decisions, and customer interactions. The audit trail provides:

Monitoring of Financial Transactions:

  • Real-time logging of all transactions and user activity within the system.
  • Identification of discrepancies, anomalies, and unauthorized changes.

Regulatory Compliance Audits:

  • Regular internal audits to assess the effectiveness of AML/CTF controls.
  • Third-party audits and regulatory reviews to ensure compliance with FinCEN and OFAC requirements.

Audit Logs for Suspicious Activity Reports (SARS):

  • Logs of SAR filings, including timestamps and compliance officer actions.
  • Review of past SARS for patterns or emerging financial crime risks.

By maintaining a comprehensive recordkeeping and audit trail system, Buffon Services LLC ensures regulatory compliance, operational integrity, and effective risk management while providing a solid foundation for investigations and financial crime prevention.

Dispute Resolution Policy Privacy Policy Terms and Conditions

English (US)

© 2025 Buffon Services LLC. All rights reserved.