Travel Currency Pty Ltd – Integrated Risk, Conduct, and Comp

This policy outlines the framework under which Travel Currency Pty Ltd manages its regulatory, operational, and reputational risks. It covers our commitments in: - Anti-Money Laundering (AML) / Counter-Terrorism Financing (CTF) - Code of Conduct - Dispute Resolution - Information Security & Data Management - Privacy, including third-party information sharing

Travel Currency Pty Ltd adopts a risk-based approach to managing money laundering and terrorism financing risks, consistent with our obligations under the AML/CTF Act 2006. Our general risk appetite is conservative. We do not tolerate knowingly facilitating criminal activity and maintain systems and controls to identify, assess, mitigate, and manage ML/TF risks proportionate to our business model.

Travel Currency Pty Ltd prioritises early detection and prevention of suspicious activities through robust customer due diligence, transaction monitoring, and employee training. All employees are required to report any suspicious matters to the Money Laundering Reporting Officer (MLRO) as soon as practicable, but no later than 24 hours after forming a suspicion. The MLRO is responsible for reviewing and, where appropriate, lodging Suspicious Matter Reports (SMRs) with AUSTRAC in accordance with regulatory timeframes.

Travel Currency Pty Ltd is committed to maintaining a strong culture of compliance. Where we engage with companies or partners to deliver services—including to obtain web traffic, referrals, or client acquisition—we may also conduct Know Your Business (KYB) checks on those entities to ensure compliance with our AML/CTF obligations. The AML/CTF Program is reviewed regularly to ensure its effectiveness and alignment with evolving legal requirements and industry standards.

We prioritise early detection and prevention of suspicious activities through robust customer due diligence, transaction monitoring, and employee training. All employees are required to report any suspicious matters to the Money Laundering Reporting Officer (MLRO) as soon as practicable, but no later than 24 hours after forming a suspicion. The MLRO is responsible for reviewing and, where appropriate, lodging Suspicious Matter Reports (SMRs) with AUSTRAC in accordance with regulatory timeframes.

Travel Currency Pty Ltd is committed to maintaining a strong culture of compliance. The AML/CTF Program is reviewed regularly to ensure its effectiveness and alignment with evolving legal requirements and industry standards.

For further information, refer to our detailed AML/CTF Program.

3.1 Principles

• Act lawfully, honestly, and transparently.
• Avoid conflicts of interest.
• Report misconduct.
• Maintain customer fairness.

3.2 Misconduct

Violations of this Code may lead to disciplinary action, including termination.

4.1 Complaints Procedure

1. Complaint received (email, phone, web)
2. Acknowledgement within 3 business days
3. Final response within 30 days

4.2 Escalation

• Internal review by Compliance or Operations
• External resolution (e.g., AFCA) if unresolved
   

4.3 Logging

All complaints are logged and reviewed for trends every quarter.

5.1 Security Principles

• Data encryption (at rest/in transit)
• Multi-factor authentication
• Role-based access
• Regular patching and threat monitoring

5.2 Vendor Risk Management

• Contracts include data protection clauses
• Regular security assessments
• Breach notification within 48 hours

5.3 Retention

Records are kept for at least 7 years. Secure disposal or anonymization follows.

6.1 Order Payment and Timelines

You must pay for your order within 3 working days from the time the order is placed. Any payment received after this period may result in cancellation of the order at our sole discretion.

6.2 Cancellation Policy

If you choose to cancel an order after it has been placed and paid for, a cancellation fee of $50 applies. We reserve the right to deduct this fee from any refund processed.

6.3 Refund Policy

All refunds will be processed to the originating bank account only and will be completed within 7 working days of approval. Refunds will not be made to any third-party accounts or alternative payment methods.

To complete any order, we are required to verify personal information using a government-approved Know Your Customer (KYC) provider. We reserve the right to cancel, reject, or place a hold on any order at our sole discretion if we are unable to verify identity, or if we require further personal information or documents to confirm the source of funds.

We do not accept third-party payments under any circumstances. As part of this process, we may collect your banking details to verify that the payment originates from an account held in your name. All payments must originate from an account held in the same name as the customer placing the order.

We also do not accept liability for any loss or damage—direct or indirect—arising from delays in delivery, failure of the customer to receive their order on time, or inability on our part to fulfil the order for any reason, including regulatory, operational, or technical issues.

We retain all customer data and transaction records for a minimum of 7 years, in compliance with applicable AML/CTF and financial regulations.

7.1 Data Collected

To comply with anti-money laundering obligations, we are required to verify your identity before fulfilling any order. This process is conducted using a government-approved Know Your Customer (KYC) provider. By placing an order, you provide your consent for us to collect, verify, and use your personal information for this purpose. As part of this process, we may collect additional personal information or request documents to confirm your identity and the source of funds. - Identity & contact details - Government ID - IP address, geolocation, device info - Payment and transaction data

7.2 Purpose

• Identity verification (KYC/AML)
• Transaction processing
• Regulatory compliance
• Customer communication

7.3 Sharing

We share personal data with: - Payment processors - Identity verification partners - Couriers for order delivery - Government or regulators as required

7.4 Access & Complaints

Customers may request access or correction. Privacy complaints are acknowledged within 7 days and resolved within 30.

8.1 Scope

This Fraud Management Policy applies to all directors, employees, contractors, partners, and third-party providers engaged with Travel Currency Pty Ltd. Its primary purpose is to protect customer money by ensuring that robust systems and controls are in place to prevent, detect, investigate, and respond to fraud. It covers all aspects of fraud management in relation to our travel currency services, with a strong emphasis on safeguarding customer funds and maintaining trust.

8.2 Objectives

8.2.1 Fraud Prevention

Establish robust customer due diligence (KYC) procedures to verify customer identity and prevent fraudulent activity.

Apply strict controls to ensure payments originate only from the customer’s own bank account -  no third-party payments are accepted.

Monitor transactions for unusual patterns, duplicate orders, or inconsistencies that may indicate attempted fraud.

8.2.2. Employee Training

• Provide mandatory fraud awareness and AML/CTF training to all staff on induction and annually thereafter.
• Train staff to identify red flags such as false identification, suspicious payment methods, and unusual order behavior.

8.2.3 Reporting and Investigation

• Maintain an internal reporting mechanism for staff to escalate suspected fraudulent activity to the Compliance Officer immediately.
• Investigate all suspected fraud cases promptly, documenting findings and actions taken.
• Where appropriate, report confirmed fraud cases to AUSTRAC, law enforcement, or regulators.

8.2.4 Customer Communication

• Inform customers transparently if their order is placed on hold or cancelled due to suspected fraud.
• Provide clear contact points for fraud-related questions or disputes.

8.2.5 Technology and Data Security

• Use strong information security measures, including encryption, firewalls, and transaction monitoring tools, to protect customer data.
• Regularly update systems to prevent exploitation of known vulnerabilities.

8.2.6. Collaboration and Compliance

• Cooperate with banks, industry peers, regulators, and law enforcement to share fraud intelligence and best practices.
• Comply fully with all applicable laws and AML/CTF requirements.

8.2.7. Audit and Review

• Conduct periodic audits to test fraud controls and assess effectiveness.
• Review and update this Fraud Management Policy at least annually or sooner if new threats emerge.

8.3 Policy Commitment

Travel Currency Pty Ltd is committed to the highest standards of integrity, security, and compliance. Fraud prevention is integral to protecting our customers, our business, and the wider financial system.

This policy will be reviewed annually or whenever required due to changes in law, regulations, business operations, or risk conditions—without any prior notice.

This policy is approved by senior management and subject to regular audit and compliance oversight.