Prevention of Money Laundering and Terrorism Financing Policy

This English version is a convenience translation. In case of any discrepancy, the Portuguese version prevails.

March 2026 — Version 1.0

Document TitleAML/CFT Policy
OwnerCompliance and AML/CFT Department
ClassificationPublic
Version1.0
Effective DateMarch 2026
Review CycleEvery 24 months (or upon a material change)

1. Objective

The objective of this Policy is to establish the concepts and guidelines to be followed by Decade Wealth Management ("the Advisory firm"), in compliance with the federal laws and regulations relating to the prevention of money laundering, terrorism financing, and the financing of the proliferation of weapons of mass destruction — AML/CFT.

2. Scope

This Policy is directed at all directors, team members, third parties, partners, counterparties, and service providers of the Advisory firm, including those who carry out activities on its behalf.

This Policy applies to any branches or subsidiaries of the Advisory firm.

3. Responsibilities

It is the responsibility of all Directors of Decade Wealth Management to approve and ensure the adequacy of the policy, to conduct the internal risk assessment, and to establish the internal rules, procedures, and controls. They must ensure that the system used for collecting, updating, and storing information related to the identification procedure is fit for its purpose. In addition, they must guarantee sufficient human and financial resources for the fulfillment of all obligations set forth in CVM Resolution No. 50/2021.

It is the responsibility of the Compliance and AML/CFT Department to have sufficient independence, autonomy, and technical knowledge to fulfill its duties, as well as to have access to all information necessary for the governance of ML/TF risks.

The Compliance Department is responsible for ensuring compliance with the legislation, standards, regulations, and policies for the prevention of money laundering, terrorism financing, and the proliferation of weapons of mass destruction.

All team members are responsible for immediately reporting any indication of ML/TF or circumvention of the financial system to Compliance, AML/CFT, and Risk.

4. General Guidelines

The crime of money laundering is characterized by a set of commercial or financial operations that seek to insert resources, assets, and values of illicit origin into a country's economy, whether temporarily or permanently. These operations occur through a dynamic process, divided into three main phases:

  • Placement: introduction of the money into the economic system, through deposits, the purchase of financial instruments, the acquisition of assets, or other mechanisms.
  • Layering: aims to hinder the tracing of illicit resources, using methods such as electronic transfers to anonymous accounts, deposits into the accounts of "straw persons," or the use of shell companies.
  • Integration: the illicit assets are formally incorporated into the economic system, through investments in legal enterprises and the creation of networks of companies.

5. Controls

5.1. Pre-Analysis Procedures

The Pre-Analysis procedure aims to preliminarily verify possible adverse records of potential clients. During prospecting, the Commercial Department must engage the Compliance Department to carry out the inquiry regarding the potential client.

Additionally, internet searches are conducted to verify whether the individuals under analysis are associated with adverse information, using key terms in Portuguese and English.

5.2. Know Your Customer (KYC) Procedures

The KYC procedure aims to verify and understand the origin, the composition of assets, and the financial resources of clients. To minimize these risks, the following procedures are adopted:

A) Individual:

  1. Verification of regular standing with the Brazilian Federal Revenue Service;
  2. Analysis of the situation with credit protection services;
  3. Identification of PEPs (Politically Exposed Persons);
  4. Verification of adverse public news;
  5. Periodic assessment of the compatibility of income and investments/contributions made.

B) Legal Entity:

  1. Verification of regular standing with the Brazilian Federal Revenue Service;
  2. Analysis of the situation with credit protection services;
  3. Identification of the company's organizational structure;
  4. Identification of the beneficial owner;
  5. Identification of PEPs;
  6. Verification of adverse public news;
  7. Periodic assessment of the compatibility of revenue generated and investments/contributions made.

C) Non-Resident Investor (NRI):

In the case of NRIs, the CVM's regulatory parameters are used. The Compliance Department will assess whether the companies or entities meet the requirements for registration and regulation by a body recognized by the CVM.

D) Politically Exposed Persons (PEP):

The list of names of individuals classified as PEPs will be obtained by consulting the list made available by COAF. On a semiannual basis, the Compliance Department will carry out the process of checking the names of individual clients and of the individuals related to legal-entity clients.

5.2.1. Process for Conducting In-Person Visits

The process for conducting in-person visits will be adopted when any of the following factors are observed:

  1. Negative media searches indicate points of concern regarding the client;
  2. There is an incompatibility between the declared income and the investment made;
  3. The corporate structure of legal-entity investors shows an overlap of partners in other companies.

5.2.2. Client Risk Level Scale

The KYC procedure establishes a "Client Risk Scale," which classifies clients into three categories:

  1. Low risk
  2. Medium risk
  3. High risk

Elements that may justify raising the risk level include:

  1. PEP (Politically Exposed Person);
  2. For domestic clients, if the client's residence is located in border areas;
  3. For domestic clients, if the client is a shareholder of an investment fund and has party political affiliation;
  4. For foreign clients, if the country of domicile is listed on monitoring lists;
  5. The occurrence of any adverse finding in the searches;
  6. Atypical transactions based on the monitoring criteria.

5.2.3. Registration

At the outset of the relationship with Decade Wealth Management, Clients must provide registration information by completing a specific form and providing scanned/digital files of personal documents.

A) Declarations signed by the client:

  1. That all information is true;
  2. A commitment to report any change to the registration data.

B) Information for a natural person:

  1. Full name;
  2. Marital status;
  3. Place and country of birth;
  4. Mother's name;
  5. Date of birth;
  6. CPF and RG together with the issuing body;
  7. Name and CPF of spouse or partner, if any;
  8. Professional occupation;
  9. Name and CNPJ of the entity where they work;
  10. Email;
  11. Place of residence and telephone number;
  12. Up-to-date information on income and assets;
  13. Information regarding the client's profile;
  14. Whether they operate on behalf of third parties;
  15. Whether the client authorizes orders given by power of attorney;
  16. Place of residence, qualifications, and description of the powers of the attorneys-in-fact;
  17. Client's signature.

C) Documents for a natural person:

  1. RG;
  2. Proof of residence;
  3. Power of attorney, RG, and CPF, when applicable.

D) Information for a legal entity:

  1. Denomination or corporate name;
  2. CNPJ registration;
  3. Complete address of the headquarters;
  4. Names and CPF/MF of the direct controlling parties;
  5. Indication of whether the controlling parties are PEPs;
  6. Names and CPF/MF of the officers and attorneys-in-fact;
  7. Telephone number;
  8. Contact email;
  9. Current information on the average monthly revenue over the last 12 months;
  10. Information about the client's profile;
  11. Denomination or corporate name and CNPJ of controlling, controlled, or affiliated legal entities;
  12. Whether the client authorizes orders given by power of attorney or by a representative;
  13. Qualifications and description of the powers of the attorneys-in-fact;
  14. Date of the registration update;
  15. Client's signature.

5.2.4. Registration Review

Clients must undergo a new KYC procedure, according to their classification:

  1. Politically Exposed Persons every 1 (one) year;
  2. High Risk, every 2 (two) years;
  3. Medium Risk, every 3 (three) years;
  4. Low Risk, every 5 (five) years.

5.2.5. Client Onboarding

Upon beginning their relationship with Decade Wealth Management, each Client is classified as "Low Risk," "Medium Risk," "High Risk," or "Politically Exposed Person," according to the likelihood of involvement in ML/TF activities.

The onboarding process must be completed before the engagement or the start of the provision of services.

A) Due Diligence Adopted to Obtain Missing Documents:

The institution requests that the client provide the missing documents and information. The Compliance or AML/CFT team actively follows up to ensure that the client completes any pending information within a reasonable period.

B) Consequences of Failing to Obtain the Information:

If the client does not provide the necessary information within the established period, the Advisory firm may temporarily suspend the execution of transactions. If the documentation is not presented within a reasonable period, the institution may terminate the business relationship with the client.

5.2.6. Monitoring

Throughout the entire period of the relationship with each Client, monitoring, review, and approval routines are carried out, based on the risk classification assigned to them.

5.3. Know Your Supplier (KYS) Procedures

The KYS procedure aims to identify and approve service suppliers to ensure that the Advisory firm does not do business with counterparties involved in illicit activities. The KYS process includes:

  1. Identification of fiscal regular standing with the Brazilian Federal Revenue Service;
  2. Identification of credit status with credit bureaus;
  3. Use of search tools for individuals and legal entities;
  4. Research on the legal situation;
  5. Internet searches for adverse information.

5.4. Know Your Employee (KYE) Procedures

The KYE procedure aims to gather information about team members, in order to prevent the Advisory firm from hiring people whose history indicates a lack of integrity in their conduct. Among the control procedures adopted:

  1. Special attention and consistent penalties for team members who disregard internal controls;
  2. Strict monitoring of team members who show unjustified changes in operating results;
  3. Requiring team members to stay up to date with the legislation;
  4. Promotion of various training sessions;
  5. Broad availability and dissemination of the Internal Policies.

5.5. Monitoring and Reporting of Transactions

The Advisory firm must monitor transactions or situations involving securities, taking into account the characteristics of the funds it manages/administers:

  1. Transactions whose values appear incompatible with the professional occupation, income, or asset situation;
  2. Transactions carried out between the same parties with successive gains or losses;
  3. Transactions that show significant fluctuation in relation to volume and/or frequency;
  4. Transactions whose developments may constitute an artifice to circumvent the identification of those involved;
  5. Transactions that evidence acting on behalf of third parties;
  6. Transactions with a sudden change in operating methods;
  7. Transactions intended to generate a loss or gain without economic basis;
  8. Transactions involving persons residing in countries that do not apply FATF recommendations;
  9. Transactions related to terrorist acts;
  10. Transactions settled in cash;
  11. Private transfers without apparent motivation;
  12. Transactions with a degree of complexity incompatible with the client's technical qualifications;
  13. Deposits or transfers made by third parties for the settlement of transactions;
  14. Payments to third parties on account of the settlement of transactions;
  15. Situations in which it is not possible to keep the registration information up to date;
  16. Situations in which it is not possible to identify the beneficial owner.

The Advisory firm devotes special attention to transactions when the client falls into the following categories:

  1. Non-Resident Investor (NRI), especially when established in the form of trusts and bearer-share companies;
  2. Politically Exposed Person (PEP).

If any atypical activity is concluded, the Advisory firm must report it to the Council for Financial Activities Control (COAF), within 24 (twenty-four) hours. Reports made to COAF must be carried out without giving notice to those involved or to third parties.

5.6. Training

The Advisory firm's Training Program is carried out annually and covers all team members, including the Executive Board. The objective of the program is to enhance knowledge of legal and regulatory requirements and responsibilities, using theoretical concepts and case studies for practical situations.

6. Whistleblowing Channel

It is the duty of the Compliance Department to verify and assess any situation reported through the Whistleblowing Channel. The whistleblowing channel must allow the reporting of any situation or activity that indicates harm or a potential violation of the law, the policies, the Code of Ethics and Conduct, the Compliance Manual, and other applicable regulations.

7. Monitoring

The institution carries out periodic monitoring of its AML/CFT program within a period not exceeding 12 months, involving the review of the practices, procedures, and policies adopted. This process aims to:

  1. Identify and correct any gaps in the AML/CFT program;
  2. Ensure that the measures implemented are aligned with regulatory changes and best practices;
  3. Assess the evolution of the risks associated with the institution's activities;
  4. Ensure the effective application of internal controls.

7.1. Monitoring Procedure

  • A) Identification and Analysis of Inconsistencies: Detection through internal audits, analysis of reports, or feedback from the departments involved.
  • B) Corrective Action: When the inconsistency represents an immediate risk, immediate corrective actions are taken, including adjustments to records or temporary measures.
  • C) Review of Procedures and Policies: A working group is designated to review internal processes and identify root causes.
  • D) Reinforcement of Capacity-Building and Training: When the inconsistencies are caused by failures in understanding the procedures, the institution conducts specific training.
  • E) Reporting and Documentation: All incidents are recorded in detail and a formal report is generated and shared with senior management.
  • F) Follow-Up and Assessment: After the implementation of corrective actions, continuous follow-up to ensure effectiveness.

7.2. Tests

Tests are essential to ensure that inconsistencies are identified and corrected effectively, carried out by the Compliance and AML/CFT Department:

  • A) Compliance and Internal Audit Tests: Assess whether the processes comply with AML/CFT regulations.
  • B) Control Effectiveness Tests: Verify whether the internal controls for detection and prevention are working properly.
  • C) Procedure Adherence Tests: Verify whether team members are correctly following the established procedures.

8. Records Retention

The records of the conclusions, of the analyses regarding transactions or proposals that supported the decision to make, or not make, the reports, must be kept for at least 5 (five) years, being available to the regulatory bodies in the event of official requests.

9. Review and Update of this Policy

This Policy will be reviewed by the Compliance Department, in a process that includes the participation of the AML/CFT Director, at intervals not exceeding 24 months or, at any time, whenever a need is identified.

This Policy was reviewed and updated in March 2026.

Annex I — AML/CFT Risk Classification Criteria

1. Clients

CriterionLowMediumHigh
IndividualPresent no external or internal restrictionPresent no external or internal restrictionPresent some external or internal restriction
Risk of Use for ML/TFLow riskMedium riskHigh risk
Financial, Legal, Reputational, Socio-environmental RiskLowMediumHigh
Caveats in the Reputational Search ProcessN/ANegative media or proceedings more than 5 years old, closed positionRecent negative media or open proceedings
Politically Exposed PersonsN/AN/AAll
CNSU Lists, Countries with FATF RestrictionsN/AN/AAll
Update and Verification of Registration DataNo pending itemsN/ANo proof or information
Financial CapacityN/ADeclared, but no documentary evidence submittedNo proof or information
Prior Authorization to OperateN/AN/AAll

2. Partners

CriterionLowMediumHigh
Individual or Legal EntityPresent no restrictionPresent no restrictionPresent some restriction
Risk of Use for ML/TFLow riskMedium riskHigh risk
Financial, Legal, Reputational, Socio-environmental RiskLowMediumHigh
Caveats in the Reputational Search ProcessN/ANegative media or proceedings more than 5 years oldRecent negative media or open proceedings
Politically Exposed PersonsN/AN/AAll
CNSU Lists, Countries with FATF RestrictionsN/AN/AAll
Update and Verification of DataN/ANo pending itemsNo proof or information
Criticality of the Activity PerformedAll partners, except medium- and high-risk onesDistributors, credit advisory firms, or similarFactoring, Trust or NGO, or at the Compliance Department's discretion
Existence of Potential Conflicts of InterestSatisfactory documentsUnsatisfactory documentsDid not present documents

3. Team and Relevant Service Providers

CriterionLowMediumHigh
Criticality of the Activity PerformedAll, except those specified as medium and highEmployees of the purchasing and finance areasEmployees of the commercial and/or trading areas
Conflicts of Interest with ClientsN/AClients or relevant Service ProvidersN/A
PEP as Related to the EmployeeN/AN/AAll
Caveats in the Reputational Search ProcessN/ANegative media or proceedings more than 5 years oldRecent negative media or open proceedings

Privacy Policy · Terms & Conditions · Information Security · Suitability · PLD/FTP · Código de Ética · Investimentos Pessoais · Formulário de Referência