Anti-Money Laundering (AML) Policy

Last Updated: April 2025

1. Purpose and Scope

The All in One Shop is committed to conducting business with integrity and in compliance with
all applicable laws, including anti-money laundering (AML) and counter-terrorist financing
regulations. This AML Policy outlines the measures and internal controls we have in place to
prevent our e-commerce platform from being used to facilitate money laundering or any
financial crime. While The All in One Shop operates primarily as a retail business (selling
consumer goods worldwide) and only accepts card payments at this time, we recognize that even
retail businesses can be targeted for illicit financial activities.Therefore, we implement a riskbased approach to identify and mitigate any such risks.

This policy applies to all officers, employees, and contractors of The All in One Shop (TechFerry Ltd). We also expect our payment processing partners and other third parties we engage with to maintain robust AML controls.

2. Legal Compliance Framework
Our company is based in the United Kingdom and thus adheres to UK AML laws and regulations, as well as relevant international standards. The primary AML laws that inform our program include:

• Proceeds of Crime Act 2002 (POCA): Establishes money laundering offenses and obligations to report suspicious activities.
• UK Money Laundering Regulations 2017 (as amended): Implements EU/UK requirements for AML controls (customer due diligence, record-keeping, etc.) Although retail businesses like ours are generally not “regulated entities” under these regulations unless dealing in high-value cash transactions, we voluntarily align with their principles.
• Terrorism Act 2000 & Terrorist Asset-Freezing etc. Act 2010: We are vigilant that our platform is not used for terrorist financing, and we comply with any reporting obligations regarding terrorist finance.
• Sanctions and Anti-Money Laundering Act 2018 (SAMLA): Provides the framework for UK sanctions compliance. We ensure we do not engage in transactions with sanctioned persons or countries, in line with UK sanctions lists and other applicable sanctions
regimes.
Global Reach: As we provide services worldwide, we also take into account international best
practices (such as Financial Action Task Force recommendations) and any local AML
requirements in key jurisdictions, to the extent they apply to our operations. We remain
committed to cooperation with law enforcement and regulatory agencies worldwide in the fight
against financial crime.

3. Prohibited Transactions & Payment Methods
We have chosen to accept card payments only (credit and debit cards) for our online transactions.
By doing so, we leverage the fact that card issuers (banks) already perform KYC (Know Your
Customer) on cardholders, and card networks have fraud and AML controls in place. We do not
accept cash, cash equivalents, money orders, or anonymous payment methods. In particular, we
do not accept large cash payments or bank transfers from unknown third parties. According to
UK regulations, businesses that accept cash payments of €10,000 or more for goods must register
as high-value dealers and implement enhanced AML measures.

The All in One Shop explicitly prohibits any cash transaction of this nature – in fact, we do not
handle cash at all in our online sales. All customer payments must go through our approved
electronic payment channels. It is our company policy not to accept high-value cash payments,
and staff are trained and instructed to refuse any attempt by a customer to arrange a cash
payment for goods.

Additionally, we do not support cryptocurrency payments at this time, as they carry higher AML
risk and anonymity. By limiting accepted payment methods to well-regulated financial channels,
we reduce the risk of money laundering on our platform.

4. Customer Due Diligence (CDD)
Given that we are a retail e-commerce business with card-only payments, the risk profile of our
customer base is generally low. We typically sell low to mid-value consumer goods to
individuals for personal use. Thus, we do not routinely perform intensive customer due diligence
like a bank would (for example, we do not require customers to submit identity documents for
standard purchases). However, we do implement the following due diligence measures:
• Basic Identity Information: Customers must provide personal details (name, billing and
shipping address, email, phone) when placing an order. We require this information to
fulfill the order and as a basic record of who our customer is. We reserve the right to
verify the accuracy of this information, for instance by checking that the name on the
credit card matches the name provided, or that the address appears valid. If we notice
clearly fictitious names or suspect information, we may reach out for confirmation or
cancel the order if concerns persist.
• Age Restrictions: Our services are intended for adults. By accepting the Terms at
checkout, the customer confirms they are at least 18 years old or the age of majority in
their jurisdiction. We do not knowingly do business with minors without parental
consent, which also mitigates certain risks.
• High-Risk Situations – Enhanced Due Diligence: For the vast majority of orders, no
further verification is needed beyond payment authorization. However, if an order
triggers certain red flags (see Transaction Monitoring below), we may perform
additional checks. Enhanced due diligence could include requesting the customer to
provide a copy of an ID or the credit card billing statement to confirm their identity and
address, or verifying the identity through open sources. We only do this in exceptional
cases where the potential risk justifies it, as asking for documents in a low-risk retail
context can deter legitimate customers. We aim to follow practices of large e-commerce
sites, which typically do not require upfront ID verification but may intervene on
suspicious activity.
• PEP and Sanctions Screening: Our business generally does not engage in financial
services that would require screening for Politically Exposed Persons (PEPs) or
sanctioned individuals as a routine matter. However, our payment processor and banking
partners handle much of this screening on the funding side. We also make sure not to
knowingly ship any goods to countries or regions under comprehensive trade sanctions,
nor to individuals or organizations that are on UK, EU, or OFAC (U.S.) sanctions lists. If
we have information that a customer is a sanctioned party, we will not complete the
transaction. We stay updated on sanctions by consulting the UK HM Treasury sanctions
list and other relevant sources periodically.

5. Transaction Monitoring & Red Flags
We monitor incoming orders and transactions for signs of unusual or suspicious activity. Our
team is trained to be attentive to certain red flags that could indicate potential money laundering
or fraud, including but not limited to:
• Unusually Large Orders: Our typical sales are modest. If we receive an abnormally
large order (either in total value or quantity of high-value items) that is inconsistent with
a normal consumer purchase, especially from a first-time customer, this will be flagged
for review. For example, an order far exceeding our average order value, or repeated
high-value orders in a short time frame, may be an attempt to use our goods to move
illicit funds.
• Multiple Transactions in Succession: A single customer placing several orders back-toback, particularly with the same high-priced item or using multiple cards, could signal an
attempt to test stolen cards or launder money. We will review such patterns, and we may
choose to consolidate inquiries or cancel orders pending verification.
• Mismatch in Customer Information: If the billing address and shipping address are in
different countries or far apart, or if the name on the order doesn’t match the name on the
payment method (where visible to us), we consider this higher risk. Often, there may be
innocent reasons (gifts, etc.), but combined with other factors it could indicate fraud or
reshipping schemes. We may contact the customer for clarification or require shipping
only to the verified billing address for first-time high-value orders.

• Use of Multiple Cards or Declined Transactions: Numerous payment attempts using
different cards or repeated payment declines can indicate fraudulent activity. We record
such events and if patterns emerge (e.g., the same user or IP address triggering many
declines), we investigate or block the activity.
• Suspicious Customer Behavior: This could include a customer who is oddly eager to
complete a purchase regardless of price or details, or who asks atypical questions (like
whether they can overpay, or request unusual payment arrangements). We train staff to
recognize social engineering or scenarios where the sale doesn’t feel right.
• Shipping to High-Risk Regions: Orders shipping to countries known for high risk of
fraud or money laundering (or that are not typical for our customer base) may get extra
scrutiny. We ensure compliance with export controls and will not ship to sanctioned
countries.
For any transaction that raises red flags, our procedure is to pause processing (if possible) and
escalate the case to a manager or our compliance officer for review. We will not dispatch goods
until concerns are addressed. This may involve contacting the customer for additional
information or verification. If fraud is confirmed or we strongly suspect money laundering, we
will cancel the transaction and blacklist the individual from future transactions.

6. Record Keeping
We maintain records of all transactions and related customer information as required by law and
good practice. Order records (including customer’s name, contact, payment method details
(tokenized), billing/shipping addresses, and order contents) are retained in our systems. In line
with UK guidelines, we keep these records for a minimum of five (5) years from the date of the
transaction or the end of the customer relationship.
This retention helps us assist in any investigations by authorities and to conduct retrospective
reviews if needed.

Additionally, if any transactions were flagged as suspicious or subject to an internal review, we
document the reasons, steps taken, and outcome of that review. These internal reports will also
be retained for at least five years (or longer if advised by authorities). All such records are kept
securely and confidentially, in compliance with data protection laws, and will only be shared
with competent authorities if required.

7. Reporting Suspicious Activity
Despite our preventive measures, if we identify a transaction or customer activity that we know
or suspect involves proceeds of crime or is linked to money laundering/terrorist financing, we
will take appropriate action. In the UK, the law (POCA 2002 and the Terrorism Act 2000)
requires that if we have knowledge or suspicion of money laundering, we must report it promptly
to the authorities (failing to do so can be an offense).

Our designated Compliance Officer (see Section 9 below) will be responsible for evaluating any
such suspicious activity and deciding whether a formal report (Suspicious Activity Report, SAR)
needs to be filed with the UK National Crime Agency (NCA). We will err on the side of caution
– if we have a credible suspicion, we will file a SAR, providing all relevant details of the
customer and the activity, as per the required format. We acknowledge that we are not required
to prove that money laundering is occurring; suspicion is sufficient to make a report. Once a
SAR is filed, we will follow any guidance from law enforcement (for example, if they advise us
to hold a shipment or funds).

Importantly, we will refrain from “tipping off” the customer. Staff members are trained not to
disclose to the subject of an investigation that a SAR has been filed or that they are under
scrutiny, as doing so could be a criminal offense. We handle such matters discretely and share
information only with those who need to know for compliance purposes.

8. Sanctions Compliance
As part of our AML program, we also comply with economic and trade sanctions regimes. We
ensure that our business does not facilitate transactions with sanctioned countries, entities, or
individuals. Our measures include:
• Screening destinations: We do not ship to countries under comprehensive UK/US/EU
sanctions (for example, we currently do not ship to North Korea, Iran, Syria, and any
other region subject to broad trade embargoes). Our website will either prevent checkout
for addresses in those regions or we will cancel such orders with an explanation to the
customer (excluding details that it’s sanctions-related, to avoid any potential tipping off if
relevant).
• Screening parties: While our direct customers are individuals making card payments
(which are screened by banks), if we ever have any information that a customer or
supplier is a known sanctioned party or owned/controlled by one, we will cease dealings
and report as appropriate. We periodically compare our customer list (especially for any
larger wholesale orders or unusual transactions) against public sanctions databases (such
as the UK Sanctions List or US OFAC SDN list) to ensure no matches.

• Payment filtering: Our payment processors also have checks in place that may block
transactions involving certain countries or sanctioned banks. We cooperate with them and
follow up on any alerts they provide.
Compliance with sanctions is critical, as violations can lead to severe penalties. By following
these steps, we mitigate the risk of breaching sanctions laws as part of our overall AML
compliance.

9. Compliance Officer and Employee Training
We have appointed an internal AML Compliance Officer (CO) responsible for overseeing our
anti-money laundering efforts. Currently, this role is fulfilled by [Name/Position] (e.g., the
compliance manager or a director of Tech Ferry Ltd). The Compliance Officer’s duties include:
staying updated on relevant AML laws, evaluating and approving AML policies and procedures,
providing guidance to staff on AML matters, reviewing any suspicious activity reports, and
serving as the point of contact for law enforcement or bank inquiries about our AML controls.
Employee Training: Although we are a small retail operation, we train all relevant personnel on
AML awareness. 

This training covers the basics of what money laundering is, why it’s relevant
even to retail, our specific policies (as outlined in this document), and how to identify red flags
of suspicious activity. New employees in roles handling payments or order reviews receive AML
training as part of their orientation. We also conduct refresher training at least once a year or
whenever there are updates to laws or our policies. The training emphasizes practical scenarios
(e.g., an unusual order example) to ensure staff know how to respond. Employees are encouraged
to escalate any concerns to the Compliance Officer without fear of repercussion. A culture of
compliance is promoted, wherein preventing financial crime is seen as everyone’s responsibility,
not just a checkbox.

We maintain records of the trainings conducted (dates, attendees, topics) as evidence of our
compliance efforts and to ensure all staff remain informed.

10. Ongoing Monitoring and Review of Program
The All in One Shop is committed to regularly reviewing and updating our AML program to
adapt to any changes in our risk profile or regulatory requirements. At least annually, the
Compliance Officer will carry out an assessment of the effectiveness of our AML controls. This
includes reviewing a sample of transactions to ensure our monitoring is working, evaluating
whether any new product lines or business expansions introduce higher risk, and checking if any
regulatory changes (UK law or card network rules) require adjustments to our procedures.
If weaknesses are identified (for example, if a suspicious transaction was missed or a procedure
was not followed correctly), we will take prompt corrective action. This could involve additional
staff training, refining our internal systems (maybe adding an automated flag in our order
management software), or updating this policy.

Any material changes to our AML Policy will be documented and, if relevant, communicated to
our acquiring bank or other stakeholders to maintain transparency. We recognize that criminals’
techniques evolve, as do legal standards, so our AML measures must remain dynamic and
robust.

11. Cooperation with Authorities and Banks
We understand the importance of cooperation in the fight against money laundering. We will
comply promptly with any lawful requests for information from law enforcement agencies
investigating financial crime. This can include providing transaction records, communication
logs, or other relevant data, in accordance with data protection laws and only to authorized
requestors.

Moreover, as part of maintaining our merchant account for card processing, we work with our
acquiring bank and payment processor to ensure our business meets their compliance
expectations. This document itself is intended to demonstrate to our acquiring bank that we have
a thoughtful, professional AML policy in place that meets compliance checks. We will provide
any additional information the bank requires and update them if we make significant changes to
how we operate (for instance, if we started accepting new payment methods or selling into new
regions, we’d reassess AML risks accordingly).

By following this AML Policy and continuously improving our practices, The All in One Shop
aims to prevent any misuse of our platform for illicit purposes and to protect our customers,
partners, and the broader financial system from the harms of money laundering and fraud. Our
commitment to compliance not only satisfies our legal obligations but also underpins the trust
that customers and financial institutions place in our business.

Document Control: This AML Policy is approved by the director(s) of Tech Ferry and is
reviewed at least annually or when significant changes in regulations or our business occur. All
staff are required to be familiar with and adhere to this policy. Any questions about the policy or
related compliance matters should be directed to the Compliance Officer at
compliance@theallinoneshop.com (or via internal contact methods).