Anti-Money Laundering (AML) and Sanctions Policy for EasyStaﬀ Payroll

EasyStaﬀ UAB (Lithuania) — Company Code: 305643163.
Version: 2.0
Date: 31.10.2025

1. Introduction

EasyStaﬀ Payroll follows a zero-tolerance approach to money laundering, terrorist financing, fraud, and breaches of international sanctions. This Policy describes risk-based controls to identify, mitigate, and manage financial crime risks within the EasyStaﬀ Payroll service.

This Policy is designed to support compliance with applicable AML/CFT and sanctions requirements and international standards, including (where applicable):

Directive (EU) 2015/849 (as amended, including Directive (EU) 2018/843) on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing.
Directive (EU) 2018/1673 on combating money laundering by criminal law.
Regulation (EU) 2023/1113 on information accompanying transfers of funds and certain cryptoassets (replacing Regulation (EU) 2015/847).
Law of the Republic of Lithuania on the Prevention of Money Laundering and Terrorist Financing (No. VIII-275).
EU restrictive measures (sanctions) (including Russia-related measures under Council Regulation (EU) No 833/2014 and Council Regulation (EU) No 269/2014, as amended) and applicable national implementation acts, including the Law of Lithuania on the Implementation of Economic and Other International Sanctions (No. IX-2160).
FATF Recommendations and relevant guidance.
The Policy applies to directors, officers, employees, agents, and contractors involved in service delivery, as well as to Clients (legal entities) and payees (freelancers and remote employees) to the extent related to onboarding and payment processing.

2. Objectives

Prevent money laundering, terrorist financing, fraud, and sanctions breaches.
Apply a risk-based approach to onboarding, verification, and monitoring.
Identify and escalate suspicious activity and, where necessary, report it to competent authorities.
Ensure proper record-keeping and staﬀ awareness.
Protect the reputation and resilience of the EasyStaﬀ Payroll service.

3. Roles and Responsibilities for AML/Sanctions

EasyStaﬀ appoints a Compliance Officer or an equivalent function responsible for implementing and maintaining this Policy. Key responsibilities include:

Maintaining the risk assessment and updating controls when the product, jurisdictions, or regulations change.
Overseeing onboarding and verification, including applying Enhanced Due Diligence (EDD) where needed.
Ensuring eﬀective sanctions screening and escalation procedures.
Organising training and awareness for employees and contractors on relevant topics.
Coordinating internal reviews and interacting with competent authorities where applicable.

4. KYC and Due Diligence

EasyStaﬀ Payroll applies Customer Due Diligence (CDD) measures based on a risk assessment.

Verification may be required before funds are withdrawn or received and may include additional checks for higher-risk cases.

The EasyStaﬀ Payroll user verification guide is available on the following page: https://easystaﬀ.io/helpcenter/verification-payroll

Payee verification (freelancer/contractor):
- Collection and verification of basic payee data (e.g., first and last name), residential address, and proof of address.
- Payout details (e.g., bank account/card, PayPal) and other information required for fraud prevention.
- Depending on the risk assessment, additional information and documents may be requested (e.g., an identity document, including a passport; a selfie (presence check); source of funds; tax residency).
Client verification (legal entity):
- Basic company information and verification using reliable sources (e.g., name, registration number, address, management). Where necessary, corporate documents may be requested from a legal entity client, including:
  - Certificate of Incorporation
  - Certificate of Directors
  - Proof of authority
  - Registered Address Certificate
- Banking details for payment processing.
- Identification and, where necessary, verification of beneficial owners (UBOs) and authorised signatories.
- Understanding the expected nature of activities (e.g., payout geography, payment methods, expected volumes).
Enhanced Due Diligence (EDD) and ongoing monitoring:
- EDD may be applied to higher-risk relationships and transactions (e.g., high-risk jurisdictions, complex ownership structure, unusual transactions, use of cryptoassets, potential sanctions risks).
- Client and payee data may be periodically reviewed and updated based on the risk level.

5. PEP (Politically Exposed Persons) and Related Persons

EasyStaﬀ takes into account increased risks associated with PEPs, their family members, and close business associates. Where necessary, the following measures may be applied:

Screening for PEP status at onboarding and during periodic reviews.
Applying EDD, including requesting information on the source of funds/wealth (where appropriate).
In certain cases, management approval may be required to establish/continue a relationship with a PEP.

6. Sanctions Screening of Customers and Transactions

EasyStaﬀ performs sanctions screening to avoid dealing with persons, entities, and financial institutions subject to applicable sanctions, including restrictive measures related to Russia, sanctioned banks, and payment infrastructure operators. Screening is performed at onboarding and (where appropriate) on an ongoing basis.

In addition to mandatory sanctions compliance, EasyStaﬀ may apply stricter internal restrictions and refuse/limit onboarding, transactions, or certain payment/payout methods depending on the jurisdiction, sanctions linkage, risk assessment, and the requirements of banks and payment partners.

Screening is conducted against official lists and reliable sources, including (but not limited to):

European Union (EU): EU Sanctions Map and the EU Consolidated Financial Sanctions List.
United Kingdom: UK Sanctions List (FCDO) and related data.
United States: OFAC Sanctions List Search (including the SDN List).
FATF public statements and lists (high-risk and other monitored jurisdictions) and European Commission information on high-risk third countries.

If a potential match is identified, EasyStaﬀ may pause processing, request additional information, decline or block the transaction, freeze funds (if required by law), and/or report to competent authorities where necessary.

Procedures include:

Checks at onboarding and during periodic reviews.
Screening of clients, payees/beneficiaries, and, where appropriate, counterparties and payment routes.
Investigation and escalation of alerts, including manual review where necessary.
Blocking/declining transactions involving sanctioned persons or where there are indicators of prohibited activity, including attempts to circumvent sanctions.

7. Transaction Monitoring and Record Keeping

EasyStaﬀ monitors activity to identify unusual patterns and financial crime risks. Additional verification or control measures may be required if:

Identification data or payment details are inconsistent or raise doubts as to their accuracy.
Transactions are atypical for the client’s profile or stated purpose.
A transaction is linked to a jurisdiction recognised as high-risk by competent authorities or public lists.
There are indicators of sanctions evasion or prohibited activity (e.g., intermediaries, mismatch between payer and beneficiary).

Records related to KYC, screening, and transactions are retained for at least five years (and longer where required by law or justified business needs). Access to data is restricted to authorised persons.

8. Consequences of Non-Compliance

If mandatory verification is not completed, EasyStaﬀ may refuse service or suspend services and, where necessary, process a refund.
Transactions from high-risk jurisdictions or with prohibited payment methods may be declined.
EasyStaﬀ may freeze, withhold, or block funds if required by sanctions or law.
Breaches of this Policy by employees/contractors may result in disciplinary measures up to termination of cooperation.

9. Review and Updates

The Policy is reviewed and updated in case of changes in regulation, the product, or the risk assessment.

10. Governing Law and Jurisdiction

Governing law and dispute resolution are determined by the terms of the relevant agreement for the specific product and EasyStaﬀ legal entity.