Anti-Money Laundering Policy
AML / CFT Compliance Framework
Effective: May 25, 2026
AML Act 2010
Version 1.0
Zero Tolerance Policy: DropMandi has a zero tolerance policy toward money laundering, terrorist financing, and any financial crime. Violations will result in immediate account termination and reporting to relevant authorities including FMU, FIA, and NAB.
1. Introduction & Legal Basis
DropMandi is committed to preventing its platform from being used for money laundering, terrorist financing, or any other financial crime. This Anti-Money Laundering (AML) and Countering Financing of Terrorism (CFT) Policy establishes our framework for detecting, preventing, and reporting suspicious activities.
1.1 Legal Framework
| Law / Regulation | Scope |
|---|---|
| Anti-Money Laundering Act 2010 | Core AML obligations for businesses |
| Anti-Terrorism Act 1997 | Terrorist financing prohibition |
| Financial Monitoring Unit (FMU) Regulations | Suspicious transaction reporting |
| PECA 2016 | Electronic financial fraud |
| Income Tax Ordinance 2001 | Tax evasion via platform |
| NAO 1999 | Corruption and illegal gains |
1.2 Scope
This policy applies to all users of the DropMandi platform including buyers, sellers, dropshippers and any person accessing our services. It also applies to all DropMandi employees, contractors and agents.
2. Definitions
| Term | Definition |
|---|---|
| Money Laundering | The process of making illegally obtained money appear legitimate through placement, layering and integration into the financial system |
| Terrorist Financing | Providing or collecting funds with the intention that they be used to support terrorist acts or organizations |
| Suspicious Transaction | Any transaction that raises reasonable grounds to suspect it involves money laundering, fraud or terrorist financing |
| STR | Suspicious Transaction Report filed with FMU Pakistan |
| KYC | Know Your Customer - identity verification process |
| FMU | Financial Monitoring Unit - Pakistan's financial intelligence unit |
| CDD | Customer Due Diligence - ongoing monitoring of customer activity |
3. Customer Due Diligence (KYC)
3.1 Identity Verification
DropMandi collects and verifies the following information for all sellers and dropshippers:
| Information | Required For | Purpose |
|---|---|---|
| Full Name | All users | Identity verification |
| CNIC Number | All sellers/dropshippers | National ID verification |
| CNIC Photo (front & back) | All sellers/dropshippers | Document verification |
| Selfie with CNIC | All sellers/dropshippers | Liveness verification |
| Phone Number | All users | Contact verification |
| Bank Account Details | Sellers/dropshippers | Payout verification |
| NTN Number | Business/Corporate sellers | Tax identity verification |
| Business Registration | Corporate sellers | Business identity verification |
3.2 Enhanced Due Diligence
DropMandi applies enhanced due diligence for:
- High-volume sellers (monthly transactions above Rs 500,000)
- Sellers dealing in high-risk product categories
- Accounts with unusual transaction patterns
- Politically Exposed Persons (PEPs) or their associates
- Users from high-risk jurisdictions (if international operations added)
3.3 Ongoing Monitoring
- All transactions are logged with timestamps and IP addresses
- Automated alerts for unusual transaction volumes
- Periodic re-verification of high-risk accounts
- KYC documents reviewed annually or on significant account changes
4. Suspicious Transaction Indicators
The following activities may indicate money laundering or financial crime:
4.1 Transaction Red Flags
- Sudden unexplained spike in transaction volume
- Multiple transactions just below reporting thresholds
- Payments from unusual or inconsistent sources
- Requests to split payments across multiple accounts
- Transactions inconsistent with seller's stated business type
- Buyer pays large amounts and immediately requests refund to different account
- Same product ordered and returned repeatedly without clear reason
4.2 Account Red Flags
- Multiple accounts with same CNIC
- Account registered with false identity documents
- User refuses to provide KYC documentation
- Inconsistency between stated business and actual transactions
- Requests to process transactions outside platform (off-platform payments)
- Use of multiple bank accounts without clear business reason
4.3 Product/Listing Red Flags
- Listings for non-existent or undeliverable products
- Significantly overpriced or underpriced products
- Products that appear to be used for value transfer
- Counterfeit or fake branded goods
- Products on prohibited items list
Important: The presence of one or more red flags does not necessarily indicate money laundering. Each case must be assessed on its individual merits by the DropMandi compliance team.
5. Reporting Obligations
5.1 Internal Reporting
- Any suspicious activity must be reported to DropMandi compliance team immediately
- Report via email: customercare@dropmandi.com with subject "COMPLIANCE: Suspicious Activity"
- Do NOT alert the suspected user that a report has been filed
- Preserve all relevant transaction records and communications
5.2 FMU Reporting (STR)
DropMandi will file a Suspicious Transaction Report (STR) with the Financial Monitoring Unit (FMU) when:
- There are reasonable grounds to suspect money laundering or terrorist financing
- A transaction involves proceeds of any criminal activity
- Required by any law enforcement or regulatory authority
FMU Pakistan: goaml.fmu.gov.pk | The Financial Monitoring Unit is Pakistan's financial intelligence unit. STRs are filed electronically through their goAML system.
5.3 Law Enforcement Cooperation
DropMandi will fully cooperate with:
- FIA (Federal Investigation Agency) investigations
- NAB investigations related to our platform
- FBR audits and inquiries
- Court orders for data disclosure
- SBP inspections related to payment activities
6. Record Keeping
DropMandi maintains the following records in compliance with AML Act 2010:
| Record Type | Retention Period | Purpose |
|---|---|---|
| KYC documents (CNIC, selfie) | 7 years after account closure | Identity verification |
| Transaction records | 7 years | Financial audit trail |
| Suspicious transaction reports | 7 years | Regulatory compliance |
| Login and IP logs | 3 years | Security and fraud investigation |
| Communication logs | 3 years | Dispute resolution |
| Payout records | 7 years | Financial audit |
All records are stored on secure Pakistan-based servers. Access is restricted to authorized DropMandi personnel and regulatory authorities with valid legal requests.
7. Prohibited Activities
The following are strictly prohibited on DropMandi platform:
- Using DropMandi to launder proceeds of any criminal activity
- Structuring transactions to avoid detection or reporting thresholds
- Providing false identity information or fake KYC documents
- Facilitating payments for terrorist organizations or individuals
- Processing payments for prohibited goods or services
- Using DropMandi for Hawala or informal money transfer
- Using DropMandi to evade taxes or customs duties
- Creating fictitious transactions to generate false payment records
- Operating multiple accounts to circumvent transaction limits
- Bribery or corruption involving DropMandi staff or agents
Violations of this policy may result in immediate account suspension, funds freezing, and mandatory reporting to FMU, FIA, NAB, and other relevant authorities. DropMandi reserves the right to deduct any losses caused by fraudulent activity from withheld funds.
8. Platform Controls
8.1 Technical Controls
- All transactions logged with timestamp, IP address and device information
- Automated alerts for unusual transaction patterns
- CNIC uniqueness check prevents duplicate identity registration
- KYC verification required before payouts are enabled
- Bank account verification required for seller payouts
- Transaction limits for new accounts (graduated trust system)
- Encrypted storage of all sensitive user data
8.2 Operational Controls
- Manual review of high-value or unusual transactions
- KYC document review by trained staff
- Periodic audit of seller transaction patterns
- Regular review of banned/suspended accounts
- Separation of duties between operations and compliance
8.3 Payout Controls
- Payouts only to verified bank accounts in seller's name
- No payout to third-party accounts
- Payout withheld during active investigations
- Minimum payout threshold: Rs 500
- Large payouts subject to additional verification
9. Training & Awareness
- All DropMandi staff receive AML/CFT training on joining
- Annual refresher training on AML regulations and red flags
- Staff briefed on new AML typologies and regulatory changes
- Clear escalation procedures for suspicious activity reports
- Staff aware of legal protections for reporting in good faith
Staff who report suspicious activity in good faith are protected from liability under the Anti-Money Laundering Act 2010. "Tipping off" a suspect is a criminal offense never inform a user that their account is under investigation.
10. Enforcement
10.1 Consequences for Users
| Violation | Action |
|---|---|
| Suspicious transaction pattern | Account review, temporary hold on payouts |
| False KYC documents | Immediate suspension, FIA report, funds frozen |
| Confirmed money laundering | Permanent ban, STR to FMU, police report |
| Terrorist financing | Immediate account freeze, report to FIA, NAB, NACTA |
| Tax evasion via platform | Account suspension, data shared with FBR |
10.2 Policy Review
This AML policy is reviewed annually or whenever significant regulatory changes occur. The latest version is always available at dropmandi.com/aml_policy.php
11. Report Suspicious Activity
If you suspect any user of money laundering, fraud or financial crime on DropMandi, please report immediately:
Email Report
customercare@dropmandi.comFMU Pakistan
goaml.fmu.gov.pk
Confidentiality: All reports are treated with strict confidentiality. Your identity will not be disclosed to the reported party. Reporting in good faith is protected under Pakistani law.
AML Compliance Contact
For AML/compliance queries contact our team
customercare@dropmandi.comDropMandi AML Policy v1.0 | Effective May 25, 2026 | Reviewed Annually