AML Policy

Last Updated: January 2025

1) Purpose & Scope

This Policy sets out how Soephay reduces the risk that its financial services platform is used for money laundering, terrorist financing, fraud, or other unlawful activity. It applies to all Soephay services, personnel, and contractors who handle identity data, transactions, or official requests.

2) Business Model (What We Are / Are Not)

  • Digital Financial Platform. Soephay provides a comprehensive financial services platform that enables users to manage multi-currency wallets, send and receive money, pay bills, buy airtime and data, purchase and sell cryptocurrency, access virtual accounts and cards, and book flights.
  • Regulated Services. We operate as a licensed financial services provider under applicable Nigerian regulations and comply with all relevant anti-money laundering and counter-terrorism financing requirements.
  • User Custody. Users maintain control of their funds through our platform, and we facilitate transactions in accordance with regulatory requirements.
  • Transaction Finality. Once transactions are processed and confirmed, they are generally irreversible. Users are responsible for ensuring accurate transaction details (recipient information, amounts, etc.).

3) Legal Framework

We operate under applicable laws of the Federal Republic of Nigeria, including but not limited to:

  • The Money Laundering (Prevention and Prohibition) Act
  • The Terrorism (Prevention) Act
  • Central Bank of Nigeria (CBN) regulations and guidelines
  • Any binding orders from competent authorities

Where cross-border obligations apply (e.g., information-sharing between financial institutions or virtual asset service providers), we respond in line with applicable law.

4) Risk Control Principles

  1. Know the User (ID confirmation). We confirm user identity before enabling full access to our services and higher transaction limits.
  2. Proportional controls. Controls are fit-for-purpose for a digital financial platform (Sections 5–9).
  3. Act when required. We may review, delay, restrict, refuse, reverse, or place limits on transactions or account features where required by law or to protect users or the integrity of the service.
  4. No duty created. Our actions do not constitute any promise that unlawful activity will be detected, prevented, blocked, reversed, or remedied.

5) Customer Identification & Data We Collect

To confirm identity and operate our services, we collect only what's listed here ("Identity Data" and "Operational Data"):

Identity Data

  • NIN (National Identification Number) or BVN (Bank Verification Number)
  • Phone number
  • Email address
  • Full name, date of birth, and address (derived from NIN/BVN or provided directly)
  • Government-issued identification document (e.g., National ID, Driver's License, International Passport)
  • Selfie image captured during verification (where required for KYC compliance)
  • Bank account details (for account linking and verification)

Operational Data

  • Device identifiers/user agents (app version, operating system, device type)
  • IP addresses and access timestamps
  • Bank account details (bank name, account name, account number, for transfers and payouts)
  • Transaction records (amounts, timestamps, transaction types, recipient/sender information, internal references)
  • Virtual account and card details (where applicable)
  • Cryptocurrency transaction data (wallet addresses, transaction hashes, amounts, timestamps, where applicable)
  • Bill payment records (utility provider, account numbers, payment amounts, timestamps)

Verification channel. Identity verification steps occur only inside the Soephay app or official website—never by DM, social media, or unverified third-party channels.

6) User Responsibilities & Prohibited Use

Users must:

  • Use Soephay lawfully and only for legitimate financial transactions;
  • Provide accurate and complete information and keep accounts/devices secure;
  • Ensure the lawful source of funds and satisfy any tax/filing duties that apply to them;
  • Comply with all applicable laws and regulations in their jurisdiction;
  • Report any suspicious activity or unauthorized access to their account immediately.

Prohibited: using Soephay in connection with unlawful activity, misrepresenting identity (including using another person's NIN, BVN, or identification documents), attempting to bypass controls, abusing systems, structuring transactions to avoid reporting requirements, or engaging in any activity that facilitates money laundering, terrorist financing, or fraud. Soephay may restrict, suspend, or close accounts for violations or legal reasons, and may report suspicious activity to relevant authorities.

7) Transaction Handling & Reviews

  • Large-volume awareness. We may review large-volume transactions (e.g., unusually high value or activity patterns) to protect users and service integrity. This includes monitoring for patterns that may indicate structuring, layering, or other suspicious activities.
  • Travel Rule / Information-sharing. Where required by applicable law or information-sharing obligations between financial institutions or virtual asset service providers, Soephay may share originator/beneficiary information we hold with authorized counterparties.
  • Suspicious Activity Reporting. We are required to report suspicious transactions to the Nigerian Financial Intelligence Unit (NFIU) and other competent authorities as required by law.
  • Actions we may take. Where required by law or necessary to protect users/service integrity, Soephay may review, delay, restrict, refuse, reverse, or limit activity; and provide information to competent authorities. These actions may occur without prior notice and do not create a duty to detect or prevent unlawful activity.
  • Transaction Limits. We may impose transaction limits based on account verification level, risk assessment, or regulatory requirements. Limits may be adjusted at our discretion.

8) Recordkeeping

We retain Identity and Operational Data, transaction and payment records, and official correspondence for at least the period required by applicable law (typically a minimum of 7 years for financial records) and to the extent necessary to:

  • Operate the service
  • Respond to valid legal requests
  • Protect users and Soephay
  • Comply with regulatory reporting requirements

9) Law Enforcement & Official Requests

  • Point of contact: compliance@soephay.com
  • Soephay responds to valid legal process from competent authorities (including but not limited to law enforcement agencies, regulatory bodies, courts, and the NFIU). Where lawful and necessary, we can provide only the information we hold, which may include:
    • Identity Data (Section 5)
    • Operational Data (Section 5)
    • Service records (transaction history, wallet balances, payment records, virtual account/card details, cryptocurrency transaction data, bill payment history, internal references and timestamps)
  • We can preserve records upon written request from a competent authority.
  • Where a freezing or transfer is sought, Soephay requires an appropriate freezing order or other valid legal authority.
  • Data is transmitted via secure channels (e.g., encrypted archive with out-of-band key exchange).

10) Sanctions & Regulatory Directives

Where Soephay receives a binding directive (e.g., from a competent authority, regulatory body, or regulated counterparty) identifying a person, entity, or activity that must be restricted, Soephay will act accordingly and may limit, refuse, or end services consistent with law. This includes compliance with:

  • United Nations Security Council sanctions lists
  • Office of Foreign Assets Control (OFAC) sanctions (where applicable)
  • Nigerian sanctions lists and regulatory directives
  • Any other applicable sanctions regimes

11) Governance & Accountability

  • Board/Management: oversee adoption of this Policy and ensure resources to comply with law.
  • Compliance Function: manages identity confirmation processes, handles official requests, maintains records, monitors transactions for suspicious activity, and coordinates lawful actions described in Sections 7–10.
  • Access discipline: Identity and Operational Data are accessed only by authorized personnel for legitimate business or legal reasons, subject to strict confidentiality and data protection requirements.
  • Training: relevant personnel receive regular training on AML/CFT requirements and procedures.

12) Availability, Changes & Publication

Soephay aims for 24/7 availability but does not guarantee uninterrupted service. We may update this Policy; the current version will be published in-app/website and applies moving forward. Material changes will be communicated to users through appropriate channels.

13) No Third Party Rights / No Private Cause of Action

This Policy is an internal standard and user notice. It does not create rights in favor of any third party, and does not create a private cause of action against Soephay.

14) Contact Us

If you have any questions about our AML Policy, please contact us:

  • Email: compliance@soephay.com
  • General Support: support@soephay.com
  • Phone: +2348074382484
  • Address: 55 Okere Ugborikoko Road, Warri, 332104, Delta, Nigeria
← Back to Home