Brightsun Travel Ltd. Anti-Money Laundering (AML) Policy
I. Purpose
This policy establishes a framework for identifying, assessing, and mitigating money laundering risks associated with Brightsun Travel Ltd.'s travel services. It applies to all employees, contractors, and agents.
II. Scope
This policy covers all transactions and customer interactions related to the provision of travel services by Brightsun Travel Ltd.
III. Core Principles
Brightsun Travel Ltd. is committed to:
- Compliance: Adhering to all relevant AML laws and regulations.
- Risk-Based Approach: Identifying and assessing money laundering risks and implementing appropriate controls.
- Customer Due Diligence (CDD): Verifying customer identities and understanding their travel arrangements.
- Transaction Monitoring: Continuously monitoring transactions for suspicious activity.
- Reporting: Reporting suspicious activity to relevant authorities.
- Training: Providing regular AML training to all relevant personnel.
IV. Legal and Regulatory Framework
This policy is based on:
- The Proceeds of Crime Act 2002 (POCA)
- The Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 (MLR 2017)
- The Terrorism Act 2000
- Guidance issued by the Financial Conduct Authority (FCA) and National Crime Agency (NCA)
V. Customer Due Diligence (CDD)
Brightsun Travel Ltd. uses a risk-based approach to CDD. Low-risk customers (e.g., families booking standard holidays) undergo standard CDD: verifying identity with acceptable documents (passport, ID card) and collecting basic information (name, address, DOB, contact details, travel purpose).
Medium-risk customers (e.g., those with complex itineraries or overseas payments) receive enhanced scrutiny, potentially including additional documentation.
High-risk customers (e.g., PEPs, those from high-risk jurisdictions, or involved in large/unusual transactions) require Enhanced Due Diligence (EDD). EDD includes verifying source of wealth and funds (e.g., bank statements), scrutinizing transaction patterns, increased monitoring frequency, and seeking independent data.
Ongoing monitoring of accounts and transactions occurs [frequency, e.g., monthly/quarterly] or when triggered by events like large transactions, last-minute changes, or unusual payments. This includes name-matching alerts and manual reviews for suspicious activity.
VI. Customer Identification and Verification (KYC)
Brightsun Travel Ltd. implements a robust KYC program:
- Identity Verification: Collecting and verifying customer information using acceptable documents (passport, national ID card, driver's license). Electronic document verification services may be used, complying with data privacy regulations.
- Corporate Client Verification: Verifying the legal existence of the entity, its ownership structure, and the identity of beneficial owners. This includes obtaining company registration documents, articles of incorporation, and identifying key management personnel and Ultimate Beneficial Owners (UBOs).
VII. Transaction Monitoring
Brightsun Travel Ltd. monitors transactions for suspicious activity, including:
- Unusual booking patterns (large/frequent bookings, last-minute changes).
- Transactions involving high-risk countries/jurisdictions.
- Payments from unusual/unrelated sources.
- Transactions inconsistent with customer travel history.
- Large cash transactions (where applicable and compliant with regulations).
- Unusual payment methods.
- Large round-number transactions.
- Bookings made on behalf of someone else.
VIII. Suspicious Activity Reporting (SAR)
- Internal Reporting: Any employee suspecting suspicious activity must immediately report it to the AML Compliance Officer Kevin Patel. Reports will be treated confidentially.
- External Reporting: The AML Compliance Officer will report suspicious transactions to the National Crime Agency (NCA) via the SAR regime, within timeframe.
IX. Risk Assessment
Brightsun Travel Ltd. conducts annual risk assessments, considering customer types (individuals, businesses, PEPs), geographic locations (domestic, international, high-risk jurisdictions), products/services (package tours, flights, hotels, cruises), transaction volumes (frequency and value), and payment methods (cash, credit card, online payments). The assessment identifies inherent risks for each category, evaluates the likelihood and impact of money laundering, and determines the overall risk level. Existing controls, such as CDD procedures and transaction monitoring, are then evaluated to determine residual risk. This process informs the development of action plans to mitigate identified risks and is documented thoroughly. The risk assessment is reviewed and updated as needed to reflect changes in the business or regulatory environment.
X. Policies and Procedures
Brightsun Travel Ltd. maintains the following documented policies and procedures:
- Customer Due Diligence (CDD) Procedures
- Transaction Monitoring Procedures
- Suspicious Activity Reporting (SAR) Filing Procedures
- Record-Keeping Procedures
- Data Privacy Policy
- Sanctions Screening Procedures
- Whistleblowing Policy
XI. Training
All relevant employees receive annual AML training covering:
- Recognizing red flags
- Reporting procedures
- Consequences of non-compliance
- Relevant regulatory updates
XII. Record Keeping
Brightsun Travel Ltd. maintains records of customer identification documents, transaction records, risk assessment reports, and training records for at least five years, securely stored in Cloud and File.
XIII. Compliance Officer
The AML Compliance Officer Kevin Patel is responsible for implementing and enforcing this policy.
XIV. Review and Updates
This policy is reviewed and updated annually or more frequently as needed.
XV. Data Privacy
Brightsun Travel Ltd. complies with the General Data Protection Regulation (GDPR) and all other applicable data privacy regulations regarding the collection, storage, and use of personal information. This includes adhering to principles of data minimization (collecting only necessary data), purpose limitation (using data only for specified purposes), accuracy (keeping data accurate and up-to-date), storage limitation (retaining data only for as long as necessary), integrity and confidentiality (protecting data from unauthorized access or disclosure), and accountability (demonstrating compliance with data protection laws). We have implemented appropriate technical and organizational measures to safeguard personal data and respect individuals' rights regarding their data, including access, rectification, erasure, restriction of processing, and data portability. Our Data Privacy Policy provides further details on how we handle personal data
XVI. Sanctions Screening
Brightsun Travel Ltd. screens customers and transactions against relevant sanctions lists of government.OFSI Consolidated List Search
XVII. Whistleblowing
Brightsun Travel Ltd. has a separate Whistleblowing Policy that encourages employees to report potential AML violations without fear of retaliation.
XVIII. Consequences of Non-Compliance
Failure to comply with this AML policy may result in disciplinary action, up to and including termination of employment, and potential legal consequences 1 for the company and individuals involved.
