Region

Jurisdiction

Regulator

2026-03-25

Guidance for the Annual AML/CFT Statistical Return

The Isle of Man Financial Services Authority issues this guidance to assist regulated firms in completing the AML/CFT Annual Statistical Return via the STRIX system. The document details specific data requirements for inherent risk assessments, including customer base size, new relationships, and geographical exposures across various financial sectors. It further outlines mandatory reporting on internal controls, such as staff training, screening procedures, and transaction monitoring activities undertaken during the reporting period.

Isle of Man

Isle of Man Financial Services Authority

Guidance Issued: 06 December 2024 Version 3 Guidance for the AML/CFT Annual Statistical Return - STRIX This is a living document which is subject to change please check on www.iomfsa.im that you are using the latest version. Contact: AML/CFT Supervision Division amlreturns@iomfsa.im Isle of Man Financial Services Authority Finch Hill House, Bucks Road, Douglas, IM99 1DT

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 1 of 120 CONTENTS

GLOSSARY OF TERMS .....................................................................................................3
ABOUT THIS GUIDANCE..................................................................................................5 2.1 Purpose............................................................................................................................................................ 5 2.2 Useful links and FAQs...................................................................................................................................... 5 2.2.1 How to access STRIX?.................................................................................................................................................. 5 2.2.2 How to register more users? ....................................................................................................................................... 5 2.2.3 How to cease users?.................................................................................................................................................... 5 2.2.4 Can the return data be extracted from STRIX?............................................................................................................ 6
RETURN GUIDANCE - INHERENT RISK..............................................................................6 3.1 Firm Information.............................................................................................................................................. 6 3.1.1 Building your Survey.................................................................................................................................................... 6 3.1.2 Incidental Business...................................................................................................................................................... 7 3.2 Customer Risk.................................................................................................................................................. 7 3.2.1 Deposit Taking – Size and Significance of the Customer Base .................................................................................... 7 3.2.2 Deposit Taking – New Customer Relationships........................................................................................................... 8 3.2.3 Payment Services & E-money – Size and Significance of the Customer Base.............................................................. 9 3.2.4 Payment Services & E-money – New Customer Relationships.................................................................................. 10 3.2.5 Investment Business & Crowdfunding – Size and Significance of the Customer Base............................................... 11 3.2.6 Investment Business & Crowdfunding – New Customer Relationships..................................................................... 13 3.2.7 Insurance Intermediaries - Size and Significance of the Customer Base ................................................................... 13 3.2.8 Insurance Intermediaries – New Customer Relationships......................................................................................... 15 3.2.9 Services to CISs – Size and Significance of Scheme (Customer) Base ........................................................................ 16 3.2.10 Services to CISs – New Scheme (Customer) Relationships.................................................................................... 16 3.2.11 Investing in CISs – Size and Significance of Investor Base Investing into the Schemes......................................... 17 3.2.12 Investing in CISs – New Investor Relationships..................................................................................................... 17 3.2.13 TCSPs – Size and Significance of Customer Base .................................................................................................. 18 3.2.14 TCSPs – New Customer Relationships................................................................................................................... 19 3.2.15 TCSPs – Legal Form of Customer Entities ............................................................................................................. 20 3.2.16 TCSPs – Principal Activity of Customer Entities .................................................................................................... 21 3.2.17 Credit Unions – Size and Significance of the Customer Base ................................................................................ 22 3.2.18 Credit Unions – New Customer Relationships ...................................................................................................... 23 3.2.19 Insurance – Long Term Business (including Reinsurance) – Size & Significance of Customer Base...................... 24 3.2.20 Insurance – Long Term Business (including Reinsurance) – New Customer Relationships................................... 25 3.2.21 Insurance – General Business (including Reinsurance) or Restricted (Class 12) only or ISPV Class 13 – Size & Significance of Customer Base................................................................................................................................................. 25 3.2.22 Insurance – General Business (including Reinsurance) or Restricted (Class 12) only or ISPV Class 13 – New Customer Relationships........................................................................................................................................................... 26 3.2.23 Insurance Manager – Size & Significance of Customer Base................................................................................ 27 3.2.24 Insurance Manager – New Customer Relationships............................................................................................. 27 3.2.25 Registered Schemes Administrators – Size & Significance of Customer Base (Schemes, Members and Employers) 28 3.2.26 Registered Schemes Administrators – New Customer Relationships (Schemes, Members and Employers) ........ 30 3.2.27 Registered Schemes Administrators – ML/FT/PF Risk Profile of Customer Base.................................................. 30 3.2.28 Registered Schemes Administrators – ML/FT/PF Risk Profile of New Customer Relationships............................ 32 3.2.29 Designated Businesses (VASPs) - Size & Significance of Customer Base .............................................................. 33 3.2.30 Designated Businesses (VASPs) - New Customer Relationships ........................................................................... 34 3.2.31 Designated Businesses (EAs) - Size & Significance of Customer Base................................................................... 34 3.2.32 Designated Businesses (EAs) - New Customer Relationships ............................................................................... 35 3.2.33 Designated Businesses (SNPOs) - Size & Significance of Donor Base ................................................................... 36 3.2.34 Designated Businesses (SNPOs) - New Donor Relationships ................................................................................ 37 3.2.35 Designated Businesses (SNPOs) - Size & Significance of Beneficiary Base ........................................................... 38 3.2.36 Designated Businesses (SNPOs) - New Beneficiary Relationships ........................................................................ 38 3.2.37 Designated Business – Size & Significance of Customer Base .............................................................................. 39 3.2.38 Designated Businesses – New Customer Relationships........................................................................................ 40 3.2.39 Politically Exposed Persons (“PEPs”)..................................................................................................................... 41

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 2 of 120 3.2.40 Commercially Exposed Persons (“CEPs”) and Commercially Exposed Activities................................................... 43 3.2.41 Comments ............................................................................................................................................................ 46 3.3 Geographical Risk ..........................................................................................................................................46 3.3.1 Residency of Customers – Jurisdictional Analysis of Customers................................................................................ 46 3.3.2 Residency of UBOs – Jurisdictional Analysis of Ultimate Beneficial Owners............................................................. 47 3.3.3 Banking – Jurisdictional Analysis............................................................................................................................... 48 3.3.4 Comments................................................................................................................................................................. 50 3.4 Products & Services Risk................................................................................................................................52 3.4.1 Understanding the Firm – Payment Methods........................................................................................................... 52 3.4.2 Products and Services Scenarios ............................................................................................................................... 53 3.4.3 Incidental Business.................................................................................................................................................... 55 3.4.4 Insurance Activity ...................................................................................................................................................... 55 3.4.5 Comments................................................................................................................................................................. 56 3.5 Distribution & Due Diligence Risk..................................................................................................................56 3.5.1 Building this Section .................................................................................................................................................. 56 3.5.2 Customer Base – Reliance and Concessions – Use of Simplified Due Diligence......................................................... 56 3.5.3 New Business Relationships – Reliance and Concessions – Use of Simplified Due Diligence .................................... 59 3.5.4 New Business Relationships – Reliance and Concessions – Face-to-Face Business................................................... 62 3.5.5 New Business Relationships – Reliance and Concessions – Reliance on Third Parties for Elements of CDD ............. 63 3.5.6 New Business Relationships – Sources and Introducers – Sources of Business......................................................... 65 3.5.7 Comments................................................................................................................................................................. 66 4. RETURN GUIDANCE – CONTROLS..................................................................................66 4.1 Controls .........................................................................................................................................................66 4.1.1 Entity Control Questions............................................................................................................................................ 66 4.1.2 Firm Policies and Procedures..................................................................................................................................... 67 4.1.3 Understanding the Firm – Employees, Workers and Contractors ............................................................................. 68 4.1.4 AML/CFT Staff Training – During the Reporting Period ............................................................................................ 71 4.1.5 Activities Undertaken or Outsourced – During the Reporting Period........................................................................ 72 4.1.6 Monitoring and Testing Compliance with the AML/CFT Requirements.................................................................... 72 4.1.7 Screening and Monitoring – Screening Provider....................................................................................................... 73 4.1.8 Screening – New Customers...................................................................................................................................... 74 4.1.9 Screening – Continuing Business Relationship on a Regular Basis............................................................................ 76 4.1.10 Screening – Continuing Business Relationship when Sanctions Lists are Published / Updated............................ 77 4.1.11 Screening – Continuing Business Relationship at a Trigger Event........................................................................ 79 4.1.12 Screening – Continuing Business Relationship at an Unusual Activity Event ....................................................... 81 4.1.13 Screening – Continuing Business Relationship at Suspicious Activity Event......................................................... 83 4.1.14 Screening – Beneficial Owners – New Customers................................................................................................. 85 4.1.15 Screening – Beneficial Owners – Continuing Business Relationship on a Regular Basis....................................... 87 4.1.16 Screening – Beneficial Owners – Cont. Business Relationship, when Sanctions Lists are Published / Updated ... 89 4.1.17 Screening – Beneficial Owners – Continuing Business Relationship at a Trigger Event ....................................... 91 4.1.18 Screening – Beneficial Owners – Continuing Business Relationship at an Unusual Activity Event....................... 92 4.1.19 Screening – Beneficial Owners – Continuing Business Relationship at a Suspicious Activity Event...................... 94 4.1.20 Ongoing Monitoring............................................................................................................................................. 96 4.1.21 Scrutiny of Transactions ..................................................................................................................................... 100 4.1.22 Payment Screening – SWIFT............................................................................................................................... 102 4.1.23 Payment Screening – BACS................................................................................................................................. 106 4.1.24 Payment Screening – FASTER ............................................................................................................................. 109 4.1.25 Disclosures and Reporting – THEMIS.................................................................................................................. 112 4.1.26 Disclosures and Reporting – Disclosures to the MLRO, Sanctions Officer and FIU............................................. 113 4.1.27 Disclosures and Reporting – International ......................................................................................................... 114 4.1.28 Disclosures and Reporting – ML / FT / PF / Sanctions Enquiries Received.......................................................... 114 4.1.29 Disclosures and Reporting – Blocked or Frozen Assets for Sanctions Purposes.................................................. 116 4.1.30 Disclosures and Reporting – Blocked or Frozen Assets for Reasons other than for Financial Sanctions Purposes 116 4.1.31 Disclosures and Reporting – Declined and Terminated Relationships (ML / TF / PF / Sanctions) ...................... 117 4.1.32 Comments .......................................................................................................................................................... 118 5. SIGNATORIES PAGE .................................................................................................... 118 6. VERSION / CONTROL HISTORY.................................................................................... 120

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 3 of 120

Glossary of Terms Term Meaning in this Guidance AML/CFT Anti-Money Laundering / Countering the Financing of Terrorism BRA Business Risk Assessment CDD Customer Due Diligence CEP Commercially Exposed Person CIS Collective Investment Scheme Code The Anti-Money Laundering and Countering the Financing of Terrorism Code 2019 CRA Customer Risk Assessment Customer Should be interpreted as having the same meaning as in paragraph 3 of the AML/CFT Code1 DBRO15 Designated Businesses (Registration and Oversight) Act 2015 DMLRO Deputy Money Laundering Reporting Officer DB Defined Benefit EU European Union FATF Financial Action Task Force FIU Isle of Man Financial Intelligence Unit FSA08 Finacial Services Act 2008 FT / TF Financing of Terrorism / Terrorist Financing Handbook The Anti-Money Laundering and Countering the Financing of Terrorism Handbook HNWI High Net Worth Individual IA08 Insurance Act 2008 IC Incorporated Companies ICC Incorporated Cell Companies IOM Isle of Man 1 Further and elaborated relevant sector-specific definitions of a “customer” can be found in the Authority’s Handbook and various Sector-Specific Guidance documents available

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 4 of 120 ISPV Insurance Special Purpose Vehicle MLRO Money Laundering Reporting Officer ML Money Laundering MP Money Purchase NPO Non-Profit Organsation (other than a registered charity) NRA National Risk Assessment OFAC Office of Foreign Assets Control PCC Public Cell Company PEP Politically Exposed Person PLC Public Limited Company PF Proliferation Financing Reporting Period 1 st January to 31st December inclusive SDN Specially Designated Nationals SNPO Specified Non-Profit Organisation The Authority The Isle of Man Financial Services Authority TCSPs Trust and Corporate Service Providers UBOs Ultimate Beneficial Owners UK United Kingdom UHNWI Ultra High Net Worth Individual UN United Nations US United States

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 5 of 120 2. About this Guidance 2.1 Purpose This guidance document is designed to further assist firms with the completion of the Isle of Man Financial Services Authority (“the Authority”) AML/CFT Annual Statistical Return within the STRIX system. It gives firms the full list of questions and data being requested, guidance around the questions and in some areas the required format of the requested values. Sections 3 and 4 of this guidance detail each question within the return. The colour key/ format used in this document is as follows: Question Number Question Reference number Any questions within this guidance document highlighted in green, as shown below, consist of new questions added within the Return for the year ending 2025: Question Number Question Reference number Should you have any further questions or queries which are not covered in this guidance, please contact the AML/CFT Supervision Division by email – amlreturns@iomfsa.im 2.2 Useful links and FAQs • IOMFSA - What is STRIX? • STRIX Q&As from November 2023 Presentation • IOMFSA AML/CFT Requirements and Guidance 2.2.1 How to access STRIX? You will receive an email from the Authority advising you that the return is available for you to complete. You can also access STRIX by visiting https://fsareturns.im/. More information on the registering and login process is available within the STRIX End User Login Guide. 2.2.2 How to register more users? Regulated firms must complete the F&P2 Notification Only Form, ticking the ‘R17b’ box. Once completed the form should be returned to the firm’s relevant supervisory division. DNFBP firms must complete the New Strix User Form and return it by email to amlreturns@iomfsa.im. The users will then be added to STRIX once the form is processed. It is important to note the form must be fully completed in order for the Authority to process it, including the email address of the new user. Please note that new users will be sent an invitation to create their STRIX account only when and once a new questionnaire/return is live. 2.2.3 How to cease users? Regulated firms should complete the F&P5 Form and return this to the firm’s relevant supervisory division.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 6 of 120 DNFBP firms should submit their request by email to amlreturns@iomfsa.im, ensuring the designated business portal is updated accordingly where the person is named primary contact for the firm in their latest approved ‘Business Details’ form. 2.2.4 Can the return data be extracted from STRIX? A STRIX user can extract data from the return by starting the survey and saving it (either part way through completing the return or when complete). Once the return is opened and saved, the user will have to go back to the home screen where there will be an option to download the return or survey in either a Microsoft Excel or PDF format. Please note however that if the extracted version of the return is used to gather data to collate and answer questions within the survey, depending on the number of conditional questions answered, the extracted version may not detail all the drop-down options available to some of the questions within the return. Firms should first complete the ‘Building your Survey’ Risk tab and ‘Entity Control Questions’ Controls tab as a minimum before downloading, which would allow for the majority of relevant questions to first appear. It should be noted that a return completed in this format cannot be accepted as a submission and all submission must be through STRIX. 3. Return Guidance - Inherent Risk 3.1 Firm Information 3.1.1 Building your Survey Q1 to Q16 Selection of permissions 1.1.1 to 1.1.16 This section of the return will appear for all firms and requires firms to select each of the exact Class(es) and/or Permission(s) that applies to the regulated or registered business under the following Acts: • Financial Services Act 2008; • Insurance Act 2008; • Retirement Benefits Schemes Act 2000; and • Designated Businesses (Registration and Oversight) Act 2015. Where a firm undertakes multiple regulated or registered activities, all activities undertaken must be selected. This includes where a firm may have or consider some secondary or ancillary regulated or registered activities, classes and/or permissions. Please note that each question within the ‘Building your Survey’ section must be answered as ‘Yes’ or ‘No’ to enable for all the relevant questions to appear within the other sections of the return. Where a licenceholder carries out designated business activity and is exempt from registration under Schedule 1 to the DBRO15, these firms should answer ‘No’ to Q11 under the ‘Building your Survey’ section of the return, which asks if the firm holds a registration under the DBRO15. For clarity, where a firm does undertake incidental designated business activities under (and as part of) their licence, this will be captured in Q17.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 7 of 120 FSA08 Class 4 service providers - for the avoidance of doubt, firms whose main activity is corporate services, but who also provide management or administration services to collective investment schemes under FSA08 Class 3 (11), must select “Yes” for Q3, the permission “Services to CIS - Classes 3 (1), (2) and (9)-(12)”, to enable the relevant questions to appear. 3.1.2 Incidental Business Q17 Have you conducted any incidental designated business activities under your licence or registration during the reporting period? 1.2.1 This question will appear for those firms who have answered ‘No’ to Q13 to Q16, which asks whether the business holds a registration under the DBRO15. Please answer ‘Yes’ or ‘No’. For clarity, this question refers to the Activities as per Schedule 1, Part 1 of the DBRO15, in line with the exemption Schedule 1, Part 2. This question is only applicable for licenced or registered firms under the FSA08, IA08, CIS08 or RBS00. 3.2 Customer Risk 3.2.1 Deposit Taking – Size and Significance of the Customer Base This section of the return will appear for those firms who have selected that they hold a Class 1 – Deposit Taking licence within the ‘Building your Survey’ section of the return. Q18 Provide the total number of customers that have been assessed as higher risk at the end of the reporting period, by customer type 2.1.1 Q19 Provide the total number of customers that have been assessed as standard risk at the end of the reporting period, by customer type 2.1.2 Q20 Provide the total number of customers that have been assessed as lower risk at the end of the reporting period, by customer type 2.1.3 For the above questions, input the total number of customers as at the end of the reporting period (as at the 31st December), assessed by the relevant risk rating, and categorised using the following ‘customer type’ dropdowns: o 1-1. Natural Persons – IOM Resident o 1-2. Natural Persons – Non-IOM Resident o 1-3. IOM Charities / NPOs o 1-4. Non-IOM Charities / NPOs o 1-5. Corporate / Trusts managed by IOM TCSPs o 1-6. Other corporate and trust customers o 1-7. Other customers including banks and public sector For clarity, the total number of customers should include all existing customers, including any new customers on-boarded in the reporting period. ‘Customers’ should be interpreted as per the definition in the Code. For the avoidance of doubt, ‘customers’ in the above questions refers to all customers of the bank irrespective of the services provided and includes those with deposit, savings, loans, and mortgage accounts. The Authority understands firms may not currently use all three available risk scoring options. If the firm utilises different risk ratings, please choose the equivalent risk score from the options available (higher, standard, lower).

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 8 of 120 Q21 Provide the total number of customer accounts that have been assessed as higher risk at the end of the reporting period, by customer type 2.1.5 Q22 Provide the total number of customer accounts that have been assessed as standard risk at the end of the reporting period, by customer type 2.1.6 Q23 Provide the total number of customer accounts that have been assessed as lower risk at the end of the reporting period, by customer type 2.1.7 For the above questions, input the total number of customer accounts as at the end of the reporting period (as at the 31st December), assessed by the relevant risk rating, and categorised using the following ‘customer type’ dropdowns: o 1-1. Natural Persons – IOM Resident o 1-2. Natural Persons – Non-IOM Resident o 1-3. IOM Charities / NPOs o 1-4. Non-IOM Charities / NPOs o 1-5. Corporate / Trusts managed by IOM TCSPs o 1-6. Other corporate and trust customers o 1-7. Other customers including banks and public sector The total number of customer accounts should include all customer accounts, including any new customer accounts established/ on-boarded in the reporting period. For the avoidance of doubt, ‘customer accounts’ in the above questions refers to all customer accounts of the bank irrespective of the services provided and include deposit, savings, loans, and mortgage accounts. The Authority understands firms may not currently use all three available risk scoring options. If the firm utilises different risk ratings, please choose the equivalent risk score from the options available (higher, standard, lower). 3.2.2 Deposit Taking – New Customer Relationships This section of the return will only appear for those firms who have selected they hold a Class 1 – Deposit Taking licence within the ‘Building your Survey’ section of the return. Q24 Provide the number of new customers that have been assessed as higher risk at the end of the reporting period, by customer type 2.2.1 Q25 Provide the number of new customers that have been assessed as standard risk at the end of the reporting period, by customer type 2.2.2 Q26 Provide the number of new customers that have been assessed as lower risk at the end of the reporting period, by customer type 2.2.3 For the above questions, input the total number of new customers established/ on-boarded as at the end of the reporting period (as at the 31st December), assessed by the relevant risk rating, and categorised using the following ‘customer type’ dropdowns: o 1-1. Natural Persons – IOM Resident o 1-2. Natural Persons – Non-IOM Resident o 1-3. IOM Charities / NPOs o 1-4. Non-IOM Charities / NPOs o 1-5. Corporate / Trusts managed by IOM TCSPs o 1-6. Other corporate and trust customers o 1-7. Other customers including banks and public sector

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 9 of 120 The Authority understands firms may not currently use all three available risk scoring options. If the firm utilises different risk ratings, please choose the equivalent risk score from the options available (higher, standard, lower). ‘Customers’ should be interpreted as per the definition in the Code. For the avoidance of doubt, ‘new customers’ in the above questions refersto new customers established as at the end of the reporting period, and includes those with deposit, savings, loans, and mortgage accounts. Q27 Provide the number of new customer accounts that have been assessed as higher risk at the end of the reporting period, by customer type 2.2.5 Q28 Provide the number of new customer accounts that have been assessed as standard risk at the end of the reporting period, by customer type 2.2.6 Q29 Provide the number of new customer accounts that have been assessed as lower risk at the end of the reporting period, by customer type 2.2.7 For the above questions, input the total number of new customer accounts established/ on-boarded as at the end of the reporting period (as at the 31st December), assessed by the relevant risk rating, and categorised using the following ‘customer type’ dropdowns: o 1-1. Natural Persons – IOM Resident o 1-2. Natural Persons – Non-IOM Resident o 1-3. IOM Charities / NPOs o 1-4. Non-IOM Charities / NPOs o 1-5. Corporate / Trusts managed by IOM TCSPs o 1-6. Other corporate and trust customers o 1-7. Other customers including banks and public sector The Authority understands firms may not currently use all three available risk scoring options. If the firm utilises different risk ratings, please choose the equivalent risk score from the options available (higher, standard, lower). For the avoidance of doubt, ‘new customer accounts’ in the above questions refers to new customer accounts established as at the end of the reporting period and include deposit, savings, loans, and mortgage accounts. 3.2.3 Payment Services & E-money – Size and Significance of the Customer Base This section of the return will only appear for those firms who have selected they hold a Class 8 – Money Transmission Services licence within the ‘Building your Survey’ section of the return. This section has been split out within the 2025 return. However, the questions remain the same as previous returns, and firms should respond in the same manner as previous returns. Q30 Provide the total number of customers that have been assessed as higher risk at the end of the reporting period, by customer type 2.3.1 Q31 Provide the total number of customers that have been assessed as standard risk at the end of the reporting period, by customer type 2.3.2 Q32 Provide the total number of customers that have been assessed as lower risk at the end of the reporting period, by customer type 2.3.3 For the above questions, input the total number of customers as at the end of the reporting period (as at the 31st December), assessed by the relevant risk rating, and categorised using the following ‘customer type’ dropdowns:

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 10 of 120 o 1-1. Natural Persons – IOM Resident o 1-2. Natural Persons – Non-IOM Resident o 1-3. IOM Charities / NPOs o 1-4. Non-IOM Charities / NPOs o 1-5. Corporate / Trusts managed by IOM TCSPs o 1-6. Other corporate and trust customers o 1-7. Other customers including banks and public sector For clarity, the total number of customers should include all existing customers, including any new customers on-boarded in the reporting period. The Authority understands firms may not currently use all three available risk scoring options. If the firm utilises different risk ratings, please choose the equivalent risk score from the options available (higher, standard, lower). Q33 Provide the total number of customer accounts that have been assessed as higher risk at the end of the reporting period, by customer type 2.3.5 Q34 Provide the total number of customer accounts that have been assessed as standard risk at the end of the reporting period, by customer type 2.3.6 Q35 Provide the total number of customer accounts that have been assessed as lower risk at the end of the reporting period, by customer type 2.3.7 For the above questions, input the total number of customer accounts as at the end of the reporting period (as at the 31st December), assessed by the relevant risk rating, and categorised using the following ‘customer type’ dropdowns: o 1-1. Natural Persons – IOM Resident o 1-2. Natural Persons – Non-IOM Resident o 1-3. IOM Charities / NPOs o 1-4. Non-IOM Charities / NPOs o 1-5. Corporate / Trusts managed by IOM TCSPs o 1-6. Other corporate and trust customers o 1-7. Other customers including banks and public sector For clarity, the total number of customer accounts should include all customer accounts, including any new customer accounts established/ on-boarded in the reporting period. The Authority understands firms may not currently use all three available risk scoring options. If the firm utilises different risk ratings, please choose the equivalent risk score from the options available (higher, standard, lower). 3.2.4 Payment Services & E-money – New Customer Relationships This section of the return will only appear for those firms who have selected they hold a Class 8 – Money Transmission Services licence within the ‘Building your Survey’ section of the return. This section has been split out within the 2025 return. However, the questions remain the same as previous returns, and firms should respond in the same manner as previous returns. Q36 Provide the number of new customers that have been assessed as higher risk at the end of the reporting period, by customer type 2.4.1 Q37 Provide the number of new customers that have been assessed as standard risk at the end of the reporting period, by customer type 2.4.2

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 11 of 120 Q38 Provide the number of new customers that have been assessed as lower risk at the end of the reporting period, by customer type 2.4.3 For the above questions, input the total number of new customers established/ on-boarded as at the end of the reporting period (as at the 31st December), assessed by the relevant risk rating, and categorised using the following ‘customer type’ dropdowns: o 1-1. Natural Persons – IOM Resident o 1-2. Natural Persons – Non-IOM Resident o 1-3. IOM Charities / NPOs o 1-4. Non-IOM Charities / NPOs o 1-5. Corporate / Trusts managed by IOM TCSPs o 1-6. Other corporate and trust customers o 1-7. Other customers including banks and public sector The Authority understands firms may not currently use all three available risk scoring options. If the firm utilises different risk ratings, please choose the equivalent risk score from the options available (higher, standard, lower). Q39 Provide the number of new customer accounts that have been assessed as higher risk at the end of the reporting period, by customer type 2.4.5 Q40 Provide the number of new customer accounts that have been assessed as standard risk at the end of the reporting period, by customer type 2.4.6 Q41 Provide the number of new customer accounts that have been assessed as lower risk at the end of the reporting period, by customer type 2.4.7 For the above questions, input the total number of new customer accounts established/ on-boarded as at the end of the reporting period (as at the 31st December), assessed by the relevant risk rating, and categorised using the following ‘customer type’ dropdowns: o 1-1. Natural Persons – IOM Resident o 1-2. Natural Persons – Non-IOM Resident o 1-3. IOM Charities / NPOs o 1-4. Non-IOM Charities / NPOs o 1-5. Corporate / Trusts managed by IOM TCSPs o 1-6. Other corporate and trust customers o 1-7. Other customers including banks and public sector The Authority understands firms may not currently use all three available risk scoring options. If the firm utilises different risk ratings, please choose the equivalent risk score from the options available (higher, standard, lower). 3.2.5 Investment Business & Crowdfunding – Size and Significance of the Customer Base This section of the return will appear for those firms who have selected the following Class(es) or Permission(s) within the ‘Building your Survey’ section of the return; FSA08 Class 2 (3), (6-7): Financial Advisors only, FSA08 Class 6: Crowdfunding Platforms. Q42 Provide the total number of customers that have been assessed as higher risk at the end of the reporting period, by customer type 2.5.1 Q43 Provide the total number of customers that have been assessed as standard risk at the end of the reporting period, by customer type 2.5.2 Q44 Provide the total number of customers that have been assessed as lower risk at the end of the reporting period, by customer type 2.5.3

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 12 of 120 For the above questions, input the total number of customers as at the end of the reporting period (as at the 31st December), assessed by the relevant risk rating, and categorised using the following ‘customer type’ dropdowns: o 2-1. Natural Persons – IOM Resident o 2-2. Natural Persons – Non-IOM Resident o 2-3. Corporate / Trusts managed by IOM TCSPs o 2-4. Other corporate and trust customers o 2-5. Other customers including banks and public sector For clarity, the total number of customers should include all existing customers, including any new customers on-boarded in the reporting period. The Authority understands firms may not currently use all three available risk scoring options. If the firm utilises different risk ratings, please choose the equivalent risk score from the options available (higher, standard, lower). Q45 Provide the total number of customer accounts that have been assessed as higher risk at the end of the reporting period, by customer type 2.5.5 Q46 Provide the total number of customer accounts that have been assessed as standard risk at the end of the reporting period, by customer type 2.5.6 Q47 Provide the total number of customer accounts that have been assessed as lower risk at the end of the reporting period, by customer type 2.5.7 For the above questions, input the total number of customer accounts as at the end of the reporting period (as at the 31st December), assessed by the relevant risk rating, and categorised using the following ‘customer type’ dropdowns: o 2-1. Natural Persons – IOM Resident o 2-2. Natural Persons – Non-IOM Resident o 2-3. Corporate / Trusts managed by IOM TCSPs o 2-4. Other corporate and trust customers o 2-5. Other customers including banks and public sector For clarity, the total number of customer accounts should include all customer accounts, including any new customer accounts established/ on-boarded in the reporting period. The Authority understands firms may not currently use all three available risk scoring options. If the firm utilises different risk ratings, please choose the equivalent risk score from the options available (higher, standard, lower). Q48 Provide the total number of customers, from whom 20% or more of the annual fee income of the firm is derived 2.5.9 This question relates to where a significant part (20% or higher) of the firm’s regulated or registered activity annual income is derived from one or a small number of customers. The Authority is seeking high-level information about the number of customers that are material to the firm’s income. In this context the Authority is interested to understand how many customers exist which, alone or with associates, individually account for more than 20% of the firm’s income (being a material concentration). By definition, the minimum reported can be zero, and the maximum can be five.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 13 of 120 3.2.6 Investment Business & Crowdfunding – New Customer Relationships This section of the return will appear for those firms who have selected the following Class(es) or Permission(s) within the ‘Building your Survey’ section of the return; FSA08 Class 2 (3), (6-7): Financial Advisors only, FSA08 Class 6: Crowdfunding Platforms. Q49 Provide the number of new customers that have been assessed as higher risk at the end of the reporting period, by customer type 2.6.1 Q50 Provide the number of new customers that have been assessed as standard risk at the end of the reporting period, by customer type 2.6.2 Q51 Provide the number of new customers that have been assessed as lower risk at the end of the reporting period, by customer type 2.6.3 For the above questions, input the total number of new customers established/ on-boarded as at the end of the reporting period (as at the 31st December), assessed by the relevant risk rating, and categorised using the following ‘customer type’ dropdowns: o 2-1. Natural Persons – IOM Resident o 2-2. Natural Persons – Non-IOM Resident o 2-3. Corporate / Trusts managed by IOM TCSPs o 2-4. Other corporate and trust customers o 2-5. Other customers including banks and public sector The Authority understands firms may not currently use all three available risk scoring options. If the firm utilises different risk ratings, please choose the equivalent risk score from the options available (higher, standard, lower). Q52 Provide the number of new customer accounts that have been assessed as higher risk at the end of the reporting period, by customer type 2.6.5 Q53 Provide the number of new customer accounts that have been assessed as standard risk at the end of the reporting period, by customer type 2.6.6 Q54 Provide the number of new customer accounts that have been assessed as lower risk at the end of the reporting period, by customer type 2.6.7 For the above questions, input the total number of new customer accounts established/ on-boarded as at the end of the reporting period (as at the 31st December), assessed by the relevant risk rating, and categorised using the following ‘customer type’ dropdowns: o 2-1. Natural Persons – IOM Resident o 2-2. Natural Persons – Non-IOM Resident o 2-3. Corporate / Trusts managed by IOM TCSPs o 2-4. Other corporate and trust customers o 2-5. Other customers including banks and public sector The Authority understands firms may not currently use all three available risk scoring options. If the firm utilises different risk ratings, please choose the equivalent risk score from the options available (higher, standard, lower). 3.2.7 Insurance Intermediaries - Size and Significance of the Customer Base This section of the return will appear for those firms who have selected they hold the permission/ registration of a General Insurance Intermediary (IA08) within the ‘Building your Survey’ section of the return.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 14 of 120 This section has been split out within the 2025 return. However, the questions remain the same as previous returns, and firms should respond in the same manner as previous returns. Q55 Provide the total number of customers that have been assessed as higher risk at the end of the reporting period, by customer type 2.7.1 Q56 Provide the total number of customers that have been assessed as standard risk at the end of the reporting period, by customer type 2.7.2 Q57 Provide the total number of customers that have been assessed as lower risk at the end of the reporting period, by customer type 2.7.3 For the above questions, input the total number of new customers established/ on-boarded as at the end of the reporting period (as at the 31st December), assessed by the relevant risk rating, and categorised using the following ‘customer type’ dropdowns: o 2-1. Natural Persons – IOM Resident o 2-2. Natural Persons – Non-IOM Resident o 2-3. Corporate / Trusts managed by IOM TCSPs o 2-4. Other corporate and trust customers o 2-5. Other customers including banks and public sector The Authority understands firms may not currently use all three available risk scoring options. If the firm utilises different risk ratings, please choose the equivalent risk score from the options available (higher, standard, lower). Q58 Provide the total number of customer accounts that have been assessed as higher risk at the end of the reporting period, by customer type 2.7.5 Q59 Provide the total number of customer accounts that have been assessed as standard risk at the end of the reporting period, by customer type 2.7.6 Q60 Provide the total number of customer accounts that have been assessed as lower risk at the end of the reporting period, by customer type 2.7.7 For the above questions, input the total number of customer accounts as at the end of the reporting period (as at the 31st December), assessed by the relevant risk rating, and categorised using the following ‘customer type’ dropdowns: o 2-1. Natural Persons – IOM Resident o 2-2. Natural Persons – Non-IOM Resident o 2-3. Corporate / Trusts managed by IOM TCSPs o 2-4. Other corporate and trust customers o 2-5. Other customers including banks and public sector For clarity, the total number of customer accounts should include all customer accounts, including any new customer accounts established/ on-boarded in the reporting period. The Authority understands firms may not currently use all three available risk scoring options. If the firm utilises different risk ratings, please choose the equivalent risk score from the options available (higher, standard, lower). Q61 Provide the total number of customers, from whom 20% or more of the annual fee income of the firm is derived 2.7.9 This question relates to where a significant part (20% or higher) of the firm’s annual income coming from their registered activity is derived from one or a small number of customers.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 15 of 120 The Authority is seeking high-level information about the number of customers that are material to the firm’s income. In this context the Authority is interested to understand how many customers exist which, alone or with associates, individually account for more than 20% of the firm’s income (being a material concentration). By definition, the minimum reported can be zero, and the maximum can be 5. 3.2.8 Insurance Intermediaries – New Customer Relationships This section of the return will appear for those firms who have selected they hold the permission/ registration of a General Insurance Intermediary (IA08) within the ‘Building your Survey’ section of the return. This section has been split out within the 2025 return. However, the questions remain the same as previous returns, and firms should respond in the same manner as previous returns. Q62 Provide the number of new customers that have been assessed as higher risk at the end of the reporting period, by customer type 2.8.1 Q63 Provide the number of new customers that have been assessed as standard risk at the end of the reporting period, by customer type 2.8.2 Q64 Provide the number of new customers that have been assessed as lower risk at the end of the reporting period, by customer type 2.8.3 For the above questions, input the total number of new customers established/ on-boarded as at the end of the reporting period (as at the 31st December), assessed by the relevant risk rating, and categorised using the following ‘customer type’ dropdowns: o 2-1. Natural Persons – IOM Resident o 2-2. Natural Persons – Non-IOM Resident o 2-3. Corporate / Trusts managed by IOM TCSPs o 2-4. Other corporate and trust customers o 2-5. Other customers including banks and public sector The Authority understands firms may not currently use all three available risk scoring options. If the firm utilises different risk ratings, please choose the equivalent risk score from the options available (higher, standard, lower). Q65 Provide the number of new customer accounts that have been assessed as higher risk at the end of the reporting period, by customer type 2.8.5 Q66 Provide the number of new customer accounts that have been assessed as standard risk at the end of the reporting period, by customer type 2.8.6 Q67 Provide the number of new customer accounts that have been assessed as lower risk at the end of the reporting period, by customer type 2.8.7 For the above questions, input the total number of new customer accounts established/ on-boarded as at the end of the reporting period (as at the 31st December), assessed by the relevant risk rating, and categorised using the following ‘customer type’ dropdowns: o 2-1. Natural Persons – IOM Resident o 2-2. Natural Persons – Non-IOM Resident o 2-3. Corporate / Trusts managed by IOM TCSPs o 2-4. Other corporate and trust customers o 2-5. Other customers including banks and public sector The Authority understands firms may not currently use all three available risk scoring options. If the firm utilises different risk ratings, please choose the equivalent risk score from the options available (higher, standard, lower).

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 16 of 120 3.2.9 Services to CISs – Size and Significance of Scheme (Customer) Base This section of the return will only appear for those firms who have selected they hold a Class 3 – Services to Collective Investment Schemes licence within the ‘Building your Survey’ section of the return. Q68 Provide the total number of customers (‘being schemes’) that have been assessed as higher risk at the end of the reporting period, while distinguishing between IOM and NonIOM 2.9.1 Q69 Provide the total number of customers (‘being schemes’) that have been assessed as standard risk at the end of the reporting period, while distinguishing between IOM and Non-IOM 2.9.2 Q70 Provide the total number of customers (‘being schemes’) that have been assessed as lower risk at the end of the reporting period, while distinguishing between IOM and NonIOM 2.9.3 For the above questions, input the total number of customers ('being schemes') as at the end of the reporting period (as at the 31st December), assessed by the relevant risk rating, and categorised using the following ‘customer type’ dropdowns: o 3-1. IOM Customer o 3-2. Non-IOM Customer For clarity, the total number of customers should include all existing customers, including any new customers on-boarded in the reporting period. The Authority understands firms may not currently use all three available risk scoring options. If the firm utilises different risk ratings, please choose the equivalent risk score from the options available (higher, standard, lower). Q71 Provide the total number of customers from whom 20% or more of the annual fee income of the firm is derived 2.9.5 This question relates to where a significant part (20% or higher) of the firm’s regulated activity annual income is derived from one or a small number of customers. The Authority is seeking high-level information about the number of customers that are material to the firm’s income. In this context the Authority is interested to understand how many customers exist which, alone or with associates, individually account for more than 20% of the firm’s income (being a material concentration). By definition, the minimum reported can be zero, and the maximum can be 5. 3.2.10 Services to CISs – New Scheme (Customer) Relationships This section of the return will only appear for those firms who have selected they hold a Class 3 – Services to Collective Investment Schemes licence within the ‘Building your Survey’ section of the return. Q72 Provide the number of new customers ('being schemes') that have been assessed as higher risk at the end of the reporting period, while distinguishing the customer as IOM and Non-IOM 2.10,1 Q73 Provide the number of new customers ('being schemes') that have been assessed as standard risk at the end of the reporting period, while distinguishing the customer as IOM and Non-IOM 2.10.2

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 17 of 120 Q74 Provide the number of new customers ('being schemes') that have been assessed as lower risk at the end of the reporting period, while distinguishing the customer as IOM and Non-IOM 2.10.3 For the above questions, input the total number of new customers ('being schemes') established/ onboarded as at the end of the reporting period (as at the 31st December), assessed by the relevant risk rating and categorised using the following ‘customer type’ dropdowns: o 3-1. IOM Customer o 3-2. Non-IOM Customer The Authority understands firms may not currently use all three available risk scoring options. If the firm utilises different risk ratings, please choose the equivalent risk score from the options available (higher, standard, lower). 3.2.11 Investing in CISs – Size and Significance of Investor Base Investing into the Schemes This section of the return will appear for those firms who have selected they hold a Class 3 – Services to Collective Investment Schemes licence within the ‘Building your Survey’ section of the return. Q75 Provide the total number of customers ('being investors of the schemes') that have been assessed as higher risk at the end of the reporting period, by customer type 2.11.1 Q76 Provide the total number of customers ('being investors of the schemes') that have been assessed as standard risk at the end of the reporting period, by customer type 2.11.2 Q77 Provide the total number of customers ('being investors of the schemes') that have been assessed as lower risk at the end of the reporting period, by customer type 2.11.3 For the above questions, input the total number of customers ('being investors of the schemes') as at the end of the reporting period (as at the 31st December), assessed by the relevant risk rating and categorised using the following ‘customer type’ dropdowns: o 4-1. Natural Persons – IOM Resident o 4-2. Natural Persons – Non-IOM Resident o 4-3. Corporate / Trusts / Nominees managed by IOM financial institutions o 4-4. Other corporate and trust customers o 4-5. Other customers including public sector For clarity, the total number of customers should include all existing customers, including any new customers on-boarded in the reporting period. The Authority understands firms may not currently use all three available risk scoring options. If the firm utilises different risk ratings, please choose the equivalent risk score from the options available (higher, standard, lower). 3.2.12 Investing in CISs – New Investor Relationships This section of the return will only appear for those firms who have selected they hold a Class 3 – Services to Collective Investment Schemes licence within the ‘Building your Survey’ section of the return. Q78 Provide the number of new customers ('being investors of the schemes') that have been assessed as higher risk at the end of the reporting period, by customer type 2.12.1 Q79 Provide the number of new customers ('being investors of the schemes') that have been assessed as standard risk at the end of the reporting period, by customer type 2.12.2

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 18 of 120 Q80 Provide the number of new customers ('being investors of the schemes') that have been assessed as lower risk at the end of the reporting period, by customer type 2.12.3 For the above questions, input the total number of new customers ('being investors of the schemes') established/ on-boarded as at the end of the reporting period (as at the 31st December), assessed by the relevant risk rating, and categorised using the following ‘customer type’ dropdowns: o 4-1. Natural Persons – IOM Resident o 4-2. Natural Persons – Non-IOM Resident o 4-3. Corporate / Trusts / Nominees managed by IOM financial institutions o 4-4. Other corporate and trust customers o 4-5. Other customers including public sector The Authority understands firms may not currently use all three available risk scoring options. If the firm utilises different risk ratings, please choose the equivalent risk score from the options available (higher, standard, lower). 3.2.13 TCSPs – Size and Significance of Customer Base This section of the return will appear for those firms who have selected they hold a Class 4 – Corporate Services and/ or a Class 5 – Trust Services licence within the ‘Building your Survey’ section of the return. Q81 Provide the total number of customers that have been assessed as higher risk at the end of the reporting period, by customer type 2.13.1 Q82 Provide the total number of customers that have been assessed as standard risk at the end of the reporting period, by customer type 2.13.2 Q83 Provide the total number of customers that have been assessed as lower risk at the end of the reporting period, by customer type 2.13.3 For the above questions, input the total number of customers as at the end of the reporting period (as at the 31st December), assessed by the relevant risk rating and categorised using the following ‘customer type’ dropdowns: o 5-01. Companies on a fully managed basis o 5-02. Companies on a mixed board basis o 5-03. Companies on a registered office / registered agent basis* o 5-04. Trusts on a fully managed basis o 5-05. Trusts on a joint trustee basis o 5-06. Trust – admin only o 5-07. Foundations on a fully managed basis o 5-08. Foundations joint council basis o 5-09. Foundations agent only o 5-10. Foundations admin only o 5-11. Partnerships Fully Managed o 5-12. Partnerships Mixed o 5-13. Partnerships Admin Only For clarity, the total number of customers should include all existing customers, including any new customers on-boarded in the reporting period.

For “Companies on a registered office / registered agent basis”, this includes where firms may also provide administrative services short of mixed board or fully managed (for example, accounts preparation and statutory work).

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 19 of 120 The Authority understands firms may not currently use all three available risk scoring options. If the firm utilises different risk ratings, please choose the equivalent risk score from the options available (higher, standard, lower). Q84 Has the firm provided Nominee Shareholding services only within the reporting period? 2.13.5 Q85 Total number of customers to whom Nominee Shareholding services only are provided 2.13.6 This section of the return is seeking information on whether the firm has solely provided Nominee Shareholding Services and the total number of customers these have been provided to, as at the end of the reporting period (as at the 31st December). For the above question Q84, please answer ‘Yes’ or ‘No’. If answered ‘Yes’ question Q85 will appear. Q86 Has the firm provided Registered Office/Registered Agent services within the reporting period? 2.13.7 Q87 Of the total Registered Office/Registered Agent services provided within the reporting period, confirm how many have been Registered Office services only 2.13.8 Q88 Of the total Registered Office/Registered Agent services provided within the reporting period, confirm how many have been Registered Agent services only 2.13.9 Q89 Of the total Registered Office/Registered Agent services provided within the reporting period, confirm how many have been Registered Office and Registered Agent services only 2.13.10 Q90 Of the total Registered Office/Registered Agent services provided within the reporting period, confirm how many have been Registered Office and/or Registered Agent and Nominee Shareholding services only 2.13.11 This section of the return asks for a further breakdown in the services provided. For the above question Q86, please answer ‘Yes’ or ‘No’ confirming whether any Registered Office/Registered Agent services were provided within the reporting period. If answered ‘Yes’ question Q87 to Q90 will appear. Please provide the total number of the specified service provided as at the end of the reporting period (as at the 31st December). Q91 Provide the total number of principals from whom 20% or more of the annual fee income of the firm is derived 2.13.12 This question relates to where a significant part (20% or higher) of the firm’s regulated activity annual income is derived from one or a small number of customers. The Authority is seeking high-level information about the number of customers that are material to the firm’s income. In this context the Authority is interested to understand how many customers exist which, alone or with associates, individually account for more than 20% of the firm’s income (being a material concentration). By definition, the minimum reported can be zero, and the maximum can be 5. For clarity, the term ‘principal’ within this question refers to the unique person(s) (generally the UBO, being a natural person) who the T/CSP initially engages with for services prior to the client onboarding. For example, one principal may engage a T/CSP to form multiple customer entities during the reporting period. 3.2.14 TCSPs – New Customer Relationships This section of the return will appear for those firms who have selected they hold a Class 4 – Corporate Services and/ or a Class 5 – Trust Services licence within the ‘Building your Survey’ section of the return.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 20 of 120 Q92 Provide the number of new customers that have been assessed as higher risk at the end of the reporting period, by customer type 2.14.1 Q93 Provide the number of new customers that have been assessed as standard risk at the end of the reporting period, by customer type 2.14.2 Q94 Provide the number of new customers that have been assessed as lower risk at the end of the reporting period, by customer type 2.14.3 For the above questions, input the total number of new customers established/ on-boarded as at the end of the reporting period (as at the 31st December), assessed by the relevant risk rating and categorised using the following ‘customer type’ dropdowns: o 5-01. Companies on a fully managed basis o 5-02. Companies on a mixed board basis o 5-03. Companies on a registered office / registered agent basis* o 5-04. Trusts on a fully managed basis o 5-05. Trusts on a joint trustee basis o 5-06. Trust – admin only o 5-07. Foundations on a fully managed basis o 5-08. Foundations joint council basis o 5-09. Foundations agent only o 5-10. Foundations admin only o 5-11. Partnerships Fully Managed o 5-12. Partnerships Mixed o 5-13. Partnerships Admin Only *For “Companies on a registered office / registered agent basis”, this includes where firms may also provide administrative services short of mixed board or fully managed (for example, accounts preparation and statutory work). The Authority understands firms may not currently use all three available risk scoring options. If the firm utilises different risk ratings, please choose the equivalent risk score from the options available (higher, standard, lower). Q95 Provide the number of new principals on-boarded in the reporting period 2.14.5 Please input the total number of new principals on-boarded in the reporting period (1st January to 31st December). For clarity, the term ‘principal’ within this question refers to the unique person(s) (generally the UBO, being a natural person) who the T/CSP initially engages with for services prior to the client onboarding. For example, one principal may engage a T/CSP to form multiple customer entities during the reporting period. 3.2.15 TCSPs – Legal Form of Customer Entities This section of the return will only appear for those firms who have selected they hold a Class 4 – Corporate Services and/ or a Class 5 – Trust Services licence within the ‘Building your Survey’ section of the return. Q96 Provide the total number of Isle of Man entities incorporated under the Isle of Man Companies Act 1931, by type of legal form 2.15.1 Q97 Provide the total number of Isle of Man entities incorporated under the Isle of Man Companies Act 2006, by type of legal form 2.15.2 Q98 Provide the total number of ‘other’ incorporated entities in the Isle of Man 2.15.3 Q99 Provide the total number of non-Isle of Man incorporated entities, by type of legal form 2.15.5

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 21 of 120 For the above questions, input the total number of customer entities incorporated as at the end of the reporting period (as at the 31st December), categorised using the following ‘legal form type’ dropdowns: o ICCs o ICs o Other Private o PCCs o PLCs Q98 captures ‘other’ IOM incorporated entities, this includes Industrial Societies, Limited Liability Companies, Limited Partnerships and Foundations. Q100 For customers who are non-Isle of Man incorporated entities, provide the number registered on the Foreign Companies Registry 2.15.7 Q101 For customers who are non-Isle of Man incorporated entities, provide the number not registered on the Foreign Companies Registry 2.15.8 For the above questions, input the total number of non-Isle of Man customer entities, split out by those which are registered and not registered on the Foreign Companies Registry, as at the end of the reporting period (as at the 31st December), categorised using the following dropdowns: o Limited Liability Companies o Overseas Companies Q102 Provide the total number of non-incorporated entities with the legal form of Partnerships 2.15.10 Q103 Provide the total number of non-incorporated entities with the legal form of Trusts 2.15.11 Q104 Provide the total number of non-incorporated entities with the legal form of Foundations 2.15.12 Q105 Provide the total number of non-incorporated entities with the legal form of Other 2.15.13 For the above questions, input the total number of non-incorporated entities as at the end of the reporting period (as at the 31st December), assessed by their legal form (Partnerships, Trusts, Foundations and Other) and categorised by the following dropdowns: o Isle of Man established entities o Non-Isle of Man established entities 3.2.16 TCSPs – Principal Activity of Customer Entities This section of the return will only appear for those firms who have selected they hold a Class 4 – Corporate Services and/ or a Class 5 – Trust Services licence within the ‘Building your Survey’ section of the return. Q106 Provide an analysis of the principal activity of the customer entities to which services are provided by the firm that are: Corporates 2.16.1 Q107 Provide an analysis of the principal activity of the customer entities to which services are provided by the firms that are: Trusts 2.16.2 Q108 Provide an analysis of the principal activity of the customer entities to which services are provided by the firm that are: Foundations 2.16.3 Q109 Provide an analysis of the principal activity of the customer entities to which services are provided by the firm that are: Partnerships 2.16.4 For the above questions, input the total number of customer entities to which services are provided by the firm, split out by the relevant legal form (Corporates, Trusts, Foundations and Partnerships), as at the end of the reporting period (as at the 31st December), categorised using the following ‘principal activity’ dropdowns: o Asset Holding;

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 22 of 120 o Charitable Activities; o Other; or o Trading. Where it is unclear to firms which principal activity category a customer entity falls into, or which entity type a customer should be categorised as, the firm should use its best judgement and apply a consistent methodology in the allocation for all their customers. 3.2.17 Credit Unions – Size and Significance of the Customer Base This section of the return will only appear for those firms who have selected they hold a Class 9 – Credit Union licence within the ‘Building your Survey’ section of the return. Q110 Provide the total number of customers that have been assessed as higher risk at the end of the reporting period, by customer type 2.17.1 Q111 Provide the total number of customers that have been assessed as standard risk at the end of the reporting period, by customer type 2.17.2 Q112 Provide the total number of customers that have been assessed as lower risk at the end of the reporting period, by customer type 2.17.3 For the above questions, input the total number of customers as at the end of the reporting period (as at the 31st December), assessed by the relevant risk rating, and categorised using the following ‘customer type’ dropdowns: o 1-1. Natural Persons – IOM Resident o 1-2. Natural Persons – Non-IOM Resident o 1-3. IOM Charities / NPOs o 1-4. Non-IOM Charities / NPOs o 1-5. Corporate / Trusts managed by IOM TCSPs o 1-6. Other corporate and trust customers o 1-7. Other customers including banks and public sector For clarity, the total number of customers should include all existing customers, including any new customers on-boarded in the reporting period. The Authority understands firms may not currently use all three available risk scoring options. If the firm utilises different risk ratings, please choose the equivalent risk score from the options available (higher, standard, lower). Q113 Provide the total number of customer accounts that have been assessed as higher risk at the end of the reporting period, by customer type 2.17.5 Q114 Provide the total number of customer accounts that have been assessed as standard risk at the end of the reporting period, by customer type 2.17.6 Q115 Provide the total number of customer accounts that have been assessed as lower risk at the end of the reporting period, by customer type 2.17.7 For the above questions, input the total number of customer accounts as at the end of the reporting period (as at the 31st December), assessed by the relevant risk rating, and categorised using the following ‘customer type’ dropdowns: o 1-1. Natural Persons – IOM Resident o 1-2. Natural Persons – Non-IOM Resident o 1-3. IOM Charities / NPOs o 1-4. Non-IOM Charities / NPOs

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 23 of 120 o 1-5. Corporate / Trusts managed by IOM TCSPs o 1-6. Other corporate and trust customers o 1-7. Other customers including banks and public sector For clarity, the total number of customer accounts should include all customer accounts, including any new customer accounts established/ on-boarded in the reporting period. The Authority understands firms may not currently use all three available risk scoring options. If the firm utilises different risk ratings, please choose the equivalent risk score from the options available (higher, standard, lower). 3.2.18 Credit Unions – New Customer Relationships This section of the return will appear for those firms who have selected they hold a Class 9 – Credit Union licence within the ‘Building your Survey’ section of the return. Q116 Provide the number of new customers that have been assessed as higher risk at the end of the reporting period, by customer type 2.18.1 Q117 Provide the number of new customers that have been assessed as standard risk at the end of the reporting period, by customer type 2.18.2 Q118 Provide the number of new customers that have been assessed as lower risk at the end of the reporting period, by customer type 2.18.3 For the above questions, input the total number of new customers established/ on-boarded in the reporting period, assessed by the relevant risk rating, and categorised using the following ‘customer type’ dropdowns: o 1-1. Natural Persons – IOM Resident o 1-2. Natural Persons – Non-IOM Resident o 1-3. IOM Charities / NPOs o 1-4. Non-IOM Charities / NPOs o 1-5. Corporate / Trusts managed by IOM TCSPs o 1-6. Other corporate and trust customers o 1-7. Other customers including banks and public sector The Authority understands firms may not currently use all three available risk scoring options. If the firm utilises different risk ratings, please choose the equivalent risk score from the options available (higher, standard, lower). Q119 Provide the number of new customer accounts that have been assessed as higher risk at the end of the reporting period, by customer type 2.18.5 Q120 Provide the number of new customer accounts that have been assessed as standard risk at the end of the reporting period, by customer type 2.18.6 Q121 Provide the number of new customer accounts that have been assessed as lower risk at the end of the reporting period, by customer type 2.18.7 For the above questions, input the total number of new customer accounts established/ on-boarded as at the end of the reporting period (as at the 31st December), assessed by the relevant risk rating, and categorised using the following ‘customer type’ dropdowns: o 1-1. Natural Persons – IOM Resident o 1-2. Natural Persons – Non-IOM Resident o 1-3. IOM Charities / NPOs o 1-4. Non-IOM Charities / NPOs o 1-5. Corporate / Trusts managed by IOM TCSPs

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 24 of 120 o 1-6. Other corporate and trust customers o 1-7. Other customers including banks and public sector The Authority understands firms may not currently use all three available risk scoring options. If the firm utilises different risk ratings, please choose the equivalent risk score from the options available (higher, standard, lower). 3.2.19 Insurance – Long Term Business (including Reinsurance) – Size & Significance of Customer Base This section of the return will only appear for those firms who have selected Classes 1, 2, & 10: Long Term Business within the ‘Building your Survey’ section of the return. Q122 Provide the total number of customers with in-force policies that have been assessed as higher risk at the end of the reporting period, by customer type 2.19.1 Q123 Provide the total number of customers with in-force policies that have been assessed as standard risk at the end of the reporting period, by customer type 2.19.2 Q124 Provide the total number of customers with in-force policies that have been assessed as lower risk at the end of the reporting period, by customer type 2.19.3 For the above questions, input the total number of customers with in-force policies as at the end of the reporting period (as at the 31st December), assessed by the relevant risk rating, and categorised using the following ‘customer type’ dropdowns: o 6-1. Single Premium Investment o 6-2. Portfolio Bond o 6-3. Portfolio Bond (private company shares permitted) o 6-4. Single Premium Capital Redemption Bond o 6-5. Regular Premium Capital Redemption Bond o 6-6. Regular Premium Savings o 6-7. Pure Protection ‘In-force’ policies are those which are live and active, which typically have value and the ability to receive additional premiums. This excludes those policies which are either closed, surrendered or terminated. For clarity, the total number of customers should include all existing customers, including any new customers on-boarded in the reporting period. Where a customer has multiple policies/ contracts please ensure that all of these are recorded and reflected in the above questions Q122 to Q124. For example, where 1 customer has been assessed as higher risk and has the following multiple contracts: • 1x Portfolio Bond • 2x Regular Premium Capital Redemption Bond • 1x Regular Premium Savings Please report 4 higher risk customers in Q122. The Authority understands firms may not currently use all three available risk scoring options. If the firm utilises different risk ratings, please choose the equivalent risk score from the options available (higher, standard, lower). Q125 Provide the total number of customers from whom 20% or more of the annual fee income of the firm is derived 2.19.5

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 25 of 120 This question relates to where a significant part (20% or higher) of the firm’s annual income coming from their regulated activity is derived from one or a small number of customers. The Authority is seeking high-level information about the number of customers that are material to the firm’s income. In this context the Authority is interested to understand how many customers exist which, alone or with associates, individually account for more than 20% of the firm’s income (being a material concentration). By definition, the minimum reported can be zero, and the maximum can be 5. 3.2.20 Insurance – Long Term Business (including Reinsurance) – New Customer Relationships This section of the return will appear for those firms who have selected Classes 1, 2, & 10: Long Term Business within the ‘Building your Survey’ section of the return. Q126 Provide the number of new customers that have been assessed as higher risk at the end of the reporting period, by customer type 2.20.1 Q127 Provide the number of new customers that have been assessed as standard risk at the end of the reporting period, by customer type 2.20.2 Q128 Provide the number of new customers that have been assessed as lower risk at the end of the reporting period, by customer type 2.20.3 For the above questions, input the total number of new customers established/ on-boarded as at the end of the reporting period (as at the 31st December), assessed by the relevant risk rating, and categorised using the following ‘customer type’ dropdowns: o 6-1. Single Premium Investment o 6-2. Portfolio Bond o 6-3. Portfolio Bond (private company shares permitted) o 6-4. Single Premium Capital Redemption Bond o 6-5. Regular Premium Capital Redemption Bond o 6-6. Regular Premium Savings o 6-7. Pure Protection The Authority understands firms may not currently use all three available risk scoring options. If the firm utilises different risk ratings, please choose the equivalent risk score from the options available (higher, standard, lower). 3.2.21 Insurance – General Business (including Reinsurance) or Restricted (Class 12) only or ISPV Class 13 – Size & Significance of Customer Base This section of the return will appear for those firms who have selected the following Class(es) or Permission(s) within the ‘Building your Survey’ section of the return; Classes 3-9 & 11 – General Business (including Reinsurance), Class 12 Only / Class 13 Only – Restricted (all insurance types) or ISPV Class 13. Q129 Provide the total number of customers with in-force policies that have been assessed as higher risk at the end of the reporting period, by customer type 2.21.1 Q130 Provide the total number of customers with in-force policies that have been assessed as standard risk at the end of the reporting period, by customer type 2.21.2 Q131 Provide the total number of customers with in-force policies that have been assessed as lower risk at the end of the reporting period, by customer type 2.21.3 For the above questions, input the total number of customers with in-force policies as at the end of the reporting period (as at the 31st December), assessed by the relevant risk rating, and categorised using the following ‘customer type’ dropdowns:

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 26 of 120 o 7-1. Natural persons IOM resident o 7-2. Natural persons Non-IOM resident o 7-3. Corporate and trust customers o 7-4. Other policyholders including public sector For clarity, the total number of customers should include all existing customers, including any new customers on-boarded in the reporting period. ‘In-force’ policies are those which are live and active, which typically have value and the ability to receive additional premiums. This excludes those policies which are either closed, surrendered or terminated. The Authority understands firms may not currently use all three available risk scoring options. If the firm utilises different risk ratings, please choose the equivalent risk score from the options available (higher, standard, lower). Q132 Number of customers from whom 20% or more of the annual fee income of the firm is derived 2.21.5 This question relates to where a significant part (20% or higher) of the firm’s regulated activity annual income is derived from one or a small number of customers. The Authority is seeking high-level information about the number of customers that are material to the firm’s income. In this context the Authority is interested to understand how many customers exist which, alone or with associates, individually account for more than 20% of the firm’s income (being a material concentration). By definition, the minimum reported can be zero, and the maximum can be 5. 3.2.22 Insurance – General Business (including Reinsurance) or Restricted (Class 12) only or ISPV Class 13 – New Customer Relationships This section of the return will appear for those firms who have selected the following Class(es) or Permission(s) within the ‘Building your Survey’ section of the return; Classes 3-9 & 11 – General Business (including Reinsurance), Class 12 Only / Class 13 Only – Restricted (all insurance types) or ISPV Class 13. Q133 Provide the number of new customers with in-force policies that have been assessed as higher risk at the end of the reporting period, by customer type 2.22.1 Q134 Provide the number of new customers with in-force policies that have been assessed as standard risk at the end of the reporting period, by customer type 2.22.2 Q135 Provide the number of new customers with in-force policies that have been assessed as lower risk at the end of the reporting period, by customer type 2.22.3 For the above questions, input the total number of new customers with in-force policies as at the end of the reporting period (as at the 31st December), assessed by the relevant risk rating, and categorised using the following ‘customer type’ dropdowns: o 7-1. Natural persons IOM resident o 7-2. Natural persons Non-IOM resident o 7-3. Corporate and trust customers o 7-4. Other policyholders including public sector For clarity, ‘in-force’ policies are those which are live and active, which typically have value and the ability to receive additional premiums. This excludes those policies which are either closed, surrendered or terminated.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 27 of 120 The Authority understands firms may not currently use all three available risk scoring options. If the firm utilises different risk ratings, please choose the equivalent risk score from the options available (higher, standard, lower). 3.2.23 Insurance Manager – Size & Significance of Customer Base This section of the return will appear for those firms who have selected they hold the permission/ registration of an Insurance Manager within the ‘Building your Survey’ section of the return. Q136 Provide the total number of customers with in-force policies that have been assessed as higher risk at the end of the reporting period, by customer type 2.23.1 Q137 Provide the total number of customers with in-force policies that have been assessed as standard risk at the end of the reporting period, by customer type 2.23.2 Q138 Provide the total number of customers with in-force policies that have been assessed as lower risk at the end of the reporting period, by customer type 2.23.3 For the above questions, input the total number of customers with in-force policies as at the end of the reporting period (as at the 31st December), assessed by the relevant risk rating, and categorised using the following ‘customer type’ dropdowns: o 8-1. Self-Insurer of PLC Group o 8-2. Self-Insurer of Mutuals o 8-3. Self-Insurer of Private Groups o 8-4. Producer Owned (re) Insurer o 8-5. Third Party Writer o 8-6. Insurance Manager – Other For clarity, the total number of customers should include all existing customers, including any new customers on-boarded in the reporting period. ‘In-force’ policies are those which are live and active, which typically have value and the ability to receive additional premiums. This excludes those policies which are either closed, surrendered or terminated. The Authority understands firms may not currently use all three available risk scoring options. If the firm utilises different risk ratings, please choose the equivalent risk score from the options available (higher, standard, lower). Q139 Number of customers from whom 20% or more of the annual fee income of the firm is derived 2.23.5 This question relates to where a significant part (20% or higher) of the firm’s regulated or registered activity annual income is derived from one or a small number of customers. The Authority is seeking high-level information about the number of customers that are material to the firm’s income. In this context the Authority is interested to understand how many customers exist which, alone or with associates, individually account for more than 20% of the firm’s income (being a material concentration). By definition, the minimum reported can be zero, and the maximum can be 5. 3.2.24 Insurance Manager – New Customer Relationships This section of the return will appear for those firms who have selected they hold the permission/ registration of an Insurance Manager within the ‘Building your Survey’ section of the return.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 28 of 120 Q140 Provide the number of new customers with in-force policies that have been assessed as higher risk at the end of the reporting period, by customer type 2.24.1 Q141 Provide the number of new customers with in-force policies that have been assessed as standard risk at the end of the reporting period, by customer type 2.24.2 Q142 Provide the number of new customers with in-force policies that have been assessed as lower risk at the end of the reporting period, by customer type 2.24.3 For the above questions, input the total number of new customers with in-force policies established/ onboarded as at the end of the reporting period (as at the 31st December), assessed by the relevant risk rating, and categorised using the following ‘customer type’ dropdowns: o 8-1. Self-Insurer of PLC Group o 8-2. Self-Insurer of Mutuals o 8-3. Self-Insurer of Private Groups o 8-4. Producer Owned (re) Insurer o 8-5. Third Party Writer o 8-6. Insurance Manager – Other For clarity, ‘in-force’ policies are those which are live and active, which typically have value and the ability to receive additional premiums. This excludes those policies which are either closed, surrendered or terminated. The Authority understands firms may not currently use all three available risk scoring options. If the firm utilises different risk ratings, please choose the equivalent risk score from the options available (higher, standard, lower). 3.2.25 Registered Schemes Administrators – Size & Significance of Customer Base (Schemes, Members and Employers) This section of the return will appear for those firms who have selected they hold the permission/ registration of a Retirement Benefits Scheme Administrator within the ‘Building your Survey’ section of the return. Q143 Total number of administered Defined Benefit or Mixed (both DB and Money Purchase) occupational pension schemes at the end of the reporting period, broken down by scheme type 2.25.1 Q144 Total number of members of Defined Benefit or Mixed (both DB and Money Purchase) occupational pension schemes at the end of the reporting period, broken down by scheme type 2.25.2 Q145 Total number of participating employers to Defined Benefit or Mixed (both DB and Money Purchase) occupational pension schemes at the end of the reporting period, broken down by scheme type 2.25.3 For the above questions, input the total number of defined benefit or mixed occupational pension schemes administered/members/participating employers as at the end of the reporting period (as at the 31st December), categorised using the following ‘scheme type’ dropdowns: o 9-1. Defined Benefit Only Occupational Schemes, Domestic o 9-2. Defined Benefit Only Occupational Schemes, International o 9-3. Mixed Occupational Schemes, Domestic o 9-4. Mixed Occupational Schemes, International Mixed schemes refers to being both defined benefit (“DB”) and Money Purchase (“MP”).

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 29 of 120 Q146 Total number of Defined Benefit or Mixed (both DB and Money Purchase) occupational pension schemes from whom 20% or more of the annual fee income of the firm is derived at the end of the reporting period, broken down by scheme type 2. 25.4 This question relates to where a significant part (20% or higher) of the firm’s regulated activity annual income is derived from one or a small number of customers, categorised by the following ‘scheme type’ dropdowns: o 9-1. Defined Benefit Only Occupational Schemes, Domestic o 9-2. Defined Benefit Only Occupational Schemes, International o 9-3. Mixed Occupational Schemes, Domestic o 9-4. Mixed Occupational Schemes, International The Authority is seeking high-level information about the number of customers that are material to the firm’s income. In this context the Authority is interested to understand how many customers exist which, alone or with associates, individually account for more than 20% of the firm’s income (being a material concentration). By definition, the minimum reported across the dropdowns can be zero, and the maximum can be 5. Mixed schemes refers to being both defined benefit (“DB”) and Money Purchase (“MP”). Q147 Total number of administered Money Purchase pension schemes at the end of the reporting period, broken down by scheme type 2.25.5 Q148 Total number of members of Money Purchase pension schemes at the end of the reporting period, broken down by scheme type 2.25.6 Q149 Total number of contributing employers to Money Purchase pension schemes at the end of the reporting period, broken down by scheme type 2.25.7 For the above questions, input the total number of Money Purchase pension schemes administered/members/contributing employers as at the end of the reporting period (as at the 31st December), categorised using the following ‘scheme type’ dropdowns: o 9-5. Occupational MP, Domestic o 9-6. Occupational MP, International o 9-7. Personal MP, Domestic o 9-8. Personal MP, International Q150 Total number of Money Purchase pension schemes from whom 20% or more of the annual fee income of the firm is derived at the end of the reporting period, broken down by scheme type 2.25.8 This question relates to where a significant part (20% or higher) of the firm’s regulated activity annual income is derived from one or a small number of customers, categorised by the following ‘scheme type’ dropdowns: o 9-5. Occupational MP, Domestic o 9-6. Occupational MP, International o 9-7. Personal MP, Domestic o 9-8. Personal MP, International The Authority is seeking high-level information about the number of customers that are material to the firm’s income. In this context the Authority is interested to understand how many customers exist which, alone or with associates, individually account for more than 20% of the firm’s income (being a material concentration). By definition, the minimum reported across the dropdowns can be zero, and the maximum can be 5.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 30 of 120 3.2.26 Registered Schemes Administrators – New Customer Relationships (Schemes, Members and Employers) This section of the return will appear for those firms who have selected they hold the permission/ registration of a Retirement Benefits Scheme Administrator within the ‘Building your Survey’ section of the return. Q151 Number of new administered Defined Benefit or Mixed (both DB and Money Purchase) occupational pension schemes at the end of the reporting period, broken down by scheme type 2.26.1 Q152 Number of new members of Defined Benefit or Mixed (both DB and Money Purchase) occupational pension schemes at the end of the reporting period, broken down by scheme type 2.26.2 Q153 Number of new participating employers to Defined Benefit or Mixed (both DB and Money Purchase) occupational pension schemes at the end of the reporting period, broken down by scheme type 2.26.3 For the above questions, input the total number of new defined benefit or mixed occupational pension schemes administered/members/participating employers as at the end of the reporting period (as at the 31st December), categorised using the following ‘scheme type’ dropdowns: o 9-1. Defined Benefit Only Occupational Schemes, Domestic o 9-2. Defined Benefit Only Occupational Schemes, International o 9-3. Mixed Occupational Schemes, Domestic o 9-4. Mixed Occupational Schemes, International Mixed schemes refers to being both defined benefit (“DB”) and Money Purchase (“MP”). Q154 Number of new administered Money Purchase pension schemes at the end of the reporting period, broken down by scheme type 2.26.4 Q155 Number of new members of Money Purchase pension schemes at the end of the reporting period, broken down by scheme type 2.26.5 Q156 Number of new contributing employers to Money Purchase pension schemes at the end of the reporting period, broken down by scheme type 2.26.6 Q157 Number of other third parties paying into Money Purchase pension schemes at the end of the reporting period, broken down by scheme type 2.26.7 For the above questions, input the total number of new Money Purchase pension schemes administered/members/contributing employers/other paying in third parties as at the end of the reporting period (as at the 31st December), categorised using the following ‘scheme type’ dropdowns: o 9-5. Occupational MP, Domestic o 9-6. Occupational MP, International o 9-7. Personal MP, Domestic o 9-8. Personal MP, International 3.2.27 Registered Schemes Administrators – ML/FT/PF Risk Profile of Customer Base This section of the return will appear for those firms who have selected they hold the permission/ registration of a Retirement Benefits Scheme Administrator within the ‘Building your Survey’ section of the return.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 31 of 120 Q158 Provide the total number of Defined Benefit or Mixed (both DB and Money Purchase) occupational pension schemes customers ('being schemes') that have been assessed as higher risk at the end of the reporting period, by customer type 2.27.1 Q159 Provide the total number of Defined Benefit or Mixed (both DB and Money Purchase) occupational pension schemes customers ('being schemes') that have been assessed as standard risk at the end of the reporting period, by customer type 2.27.2 Q160 Provide the total number of Defined Benefit or Mixed (both DB and Money Purchase) occupational pension schemes customers ('being schemes') that have been assessed as lower risk at the end of the reporting period, by customer type 2.27.3 For the above questions, input the total number of defined benefit or mixed occupational pension schemes customers (‘being schemes’) as at the end of the reporting period (as at the 31st December), categorised using the following ‘scheme type’ dropdowns: o 9-1. Defined Benefit Only Occupational Schemes, Domestic o 9-2. Defined Benefit Only Occupational Schemes, International o 9-3. Mixed Occupational Schemes, Domestic o 9-4. Mixed Occupational Schemes, International The Authority understands firms may not currently use all three available risk scoring options. If the firm utilises different risk ratings, please choose the equivalent risk score from the options available (higher, standard, lower). Mixed schemes refers to being both defined benefit (“DB”) and Money Purchase (“MP”). For clarity, the above questions should only provide the risk ratings for administered schemes rather than scheme members. Q161 Provide the total number of Money Purchase pension schemes customers ('being schemes') that have been assessed as higher risk at the end of the reporting period, by customer type 2.27.5 Q162 Provide the total number of Money Purchase pension schemes customers ('being schemes') that have been assessed as standard risk at the end of the reporting period, by customer type 2.27.6 Q163 Provide the total number of Money Purchase pension schemes customers ('being schemes') that have been assessed as lower risk at the end of the reporting period, by customer type 2.27.7 For the above questions, input the total number of Money Purchase pension schemes customers (‘being schemes’) as at the end of the reporting period (as at the 31st December), categorised using the following ‘scheme type’ dropdowns: o 9-5. Occupational MP, Domestic o 9-6. Occupational MP, International o 9-7. Personal MP, Domestic o 9-8. Personal MP, International The Authority understands firms may not currently use all three available risk scoring options. If the firm utilises different risk ratings, please choose the equivalent risk score from the options available (higher, standard, lower). For clarity, the above questions should only provide the risk ratings for administered schemes rather than scheme members.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 32 of 120 3.2.28 Registered Schemes Administrators – ML/FT/PF Risk Profile of New Customer Relationships This section of the return will appear for those firms who have selected they hold the permission/ registration of a Retirement Benefits Scheme Administrator within the ‘Building your Survey’ section of the return. Q164 Provide the number of new Defined Benefit or Mixed (both DB and Money Purchase) occupational pension schemes customers ('being schemes') that have been assessed as higher risk at the end of the reporting period, by customer type 2.28.1 Q165 Provide the number of new Defined Benefit or Mixed (both DB and Money Purchase) occupational pension schemes customers ('being schemes') that have been assessed as standard risk at the end of the reporting period, by customer type 2.28.2 Q166 Provide the number of new Defined Benefit or Mixed (both DB and Money Purchase) occupational pension schemes customers ('being schemes') that have been assessed as lower risk at the end of the reporting period, by customer type 2.28.3 For the above questions, input the total number of new defined benefit or mixed occupational pension schemes customers (‘being schemes’) as at the end of the reporting period (as at the 31st December), categorised using the following ‘scheme type’ dropdowns: o 9-1. Defined Benefit Only Occupational Schemes, Domestic o 9-2. Defined Benefit Only Occupational Schemes, International o 9-3. Mixed Occupational Schemes, Domestic o 9-4. Mixed Occupational Schemes, International The Authority understands firms may not currently use all three available risk scoring options. If the firm utilises different risk ratings, please choose the equivalent risk score from the options available (higher, standard, lower). Mixed schemes refers to being both defined benefit (“DB”) and Money Purchase (“MP”). For clarity, the above questions should only provide the risk ratings for administered schemes rather than scheme members. Q167 Provide the number of new Money Purchase pension schemes customers ('being schemes') that have been assessed as higher risk at the end of the reporting period, by customer type 2.28.5 Q168 Provide the number of new Money Purchase pension schemes customers ('being schemes') that have been assessed as standard risk at the end of the reporting period, by customer type 2.28.6 Q169 Provide the number of new Money Purchase pension schemes customers ('being schemes') that have been assessed as lower risk at the end of the reporting period, by customer type 2.28.7 For the above questions, input the total number of new Money Purchase pension schemes customers (‘being schemes’) as at the end of the reporting period (as at the 31st December), categorised using the following ‘scheme type’ dropdowns: o 9-5. Occupational MP, Domestic o 9-6. Occupational MP, International o 9-7. Personal MP, Domestic o 9-8. Personal MP, International

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 33 of 120 The Authority understands firms may not currently use all three available risk scoring options. If the firm utilises different risk ratings, please choose the equivalent risk score from the options available (higher, standard, lower). For clarity, the above questions should only provide the risk ratings for administered schemes rather than scheme members. 3.2.29 Designated Businesses (VASPs) - Size & Significance of Customer Base This section of the return will only appear for those firms who have selected they hold the permission/ registration of a Designated Business (Virtual Asset Service Provider) within the ‘Building your Survey’ section of the return. This section has been split out from the designated business section within the 2025 return. However, the questions remain the same as previous returns, and firms should respond in the same manner as previous returns. Q170 Provide the total number of customers assessed as higher risk at the end of the reporting period, by customer type 2.29.1 Q171 Provide the total number of customers assessed as standard risk at the end of the reporting period, by customer type 2.29.2 Q172 Provide the total number of customers assessed as lower risk at the end of the reporting period, by customer type 2.29.3 For the above questions, input the total number of customers as at the end of the reporting period (as at the 31st December), assessed by the relevant risk rating, and categorised using the following ‘customer type’ dropdowns: o 1-1. Natural Persons - IOM Resident o 1-2. Natural Persons – Non-IOM Resident o 1-3. IOM Charities / NPOs o 1-4. Non-IOM Charities / NPO’s o 1-5. Corporate / Trusts managed by IOM TCSPs o 1-6. Other corporate and trust customers o 1-7. Other customers including banks and public sector For clarity, the total number of customers should include all existing customers, including any new customers on-boarded in the reporting period. The Authority understands firms may not currently use all three available risk scoring options. If the firm utilises different risk ratings, please choose the equivalent risk score from the options available (higher, standard, lower). Q173 Provide the number (if any) of customers from whom 20% or more of the annual fee income of the firm is derived 2.29.5 This question relates to where a significant part (20% or higher) of the firm’s annual income coming from their registered activity is derived from one or a small number of customers. The Authority is seeking high-level information about the number of customers that are material to the firm’s income. In this context the Authority is interested to understand how many customers exist which, alone or with associates, individually account for more than 20% of the firm’s income (being a material concentration). By definition, the minimum reported can be zero, and the maximum can be 5.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 34 of 120 Q174 Provide the income received over the past 12 months from Designated Business activities 2.29.6 Please input the total income in GBP received from designated business activity(ies) in the reporting period (1st January to 31st December). This can be based on the most recent annual audited accounts data. If no audited accounts are prepared, input the approximate income for the 12-month period. 3.2.30 Designated Businesses (VASPs) - New Customer Relationships This section of the return will only appear for those firms who have selected they hold the permission/ registration of a Designated Business (Virtual Asset Service Provider) within the ‘Building your Survey’ section of the return. Q175 Provide the total number of new customers assessed as higher risk in the reporting period, by customer type 2.30.1 Q176 Provide the total number of new customers assessed as standard risk in the reporting period, by customer type 2.30.2 Q177 Provide the total number of new customers assessed as lower risk in the reporting period, by customer type 2.30.3 For the above questions, input the total number of new customers established/ on-boarded as at the end of the reporting period (as at the 31st December), assessed by the relevant risk rating, and categorised using the following ‘customer type’ dropdowns: o 1-1. Natural Persons - IOM Resident o 1-2. Natural Persons – Non-IOM Resident o 1-3. IOM Charities / NPOs o 1-4. Non-IOM Charities / NPO’s o 1-5. Corporate / Trusts managed by IOM TCSPs o 1-6. Other corporate and trust customers o 1-7. Other customers including banks and public sector The Authority understands firms may not currently use all three available risk scoring options. If the firm utilises different risk ratings, please choose the equivalent risk score from the options available (higher, standard, lower). For clarity for the above questions, ‘new customers’ includes returning customers where the firm has had to re-engage with any customers and subsequently on-boarded them again within the reporting period (i.e. new CDD, terms of business etc.). 3.2.31 Designated Businesses (EAs) - Size & Significance of Customer Base This section of the return will only appear for those firms who have selected they hold the permission/ registration of a Designated Business (Estate Agent) within the ‘Building your Survey’ section of the return. This section has been split out from the designated business section within the 2025 return. However, the questions remain the same as previous returns, and firms should respond in the same manner as previous returns. Q178 Provide the total number of customers assessed as higher risk at the end of the reporting period, by customer type 2.31.1 Q179 Provide the total number of customers assessed as standard risk at the end of the reporting period, by customer type 2.31.2

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 35 of 120 Q180 Provide the total number of customers assessed as lower risk at the end of the reporting period, by customer type 2.31.3 For the above questions, input the total number of customers as at the end of the reporting period (as at the 31st December), assessed by the relevant risk rating, and categorised using the following ‘customer type’ dropdowns: o 1-1. Natural Persons - IOM Resident o 1-2. Natural Persons – Non-IOM Resident o 1-3. IOM Charities / NPOs o 1-4. Non-IOM Charities / NPO’s o 1-5. Corporate / Trusts managed by IOM TCSPs o 1-6. Other corporate and trust customers o 1-7. Other customers including banks and public sector For clarity, the total number of customers should include all existing customers, including any new customers on-boarded in the reporting period. The Authority understands firms may not currently use all three available risk scoring options. If the firm utilises different risk ratings, please choose the equivalent risk score from the options available (higher, standard, lower). Q181 Provide the number (if any) of customers from whom 20% or more of the annual fee income of the firm is derived 2.31.5 This question relates to where a significant part (20% or higher) of the firm’s annual income coming from their registered activity is derived from one or a small number of customers. The Authority is seeking high-level information about the number of customers that are material to the firm’s income. In this context the Authority is interested to understand how many customers exist which, alone or with associates, individually account for more than 20% of the firm’s income (being a material concentration). By definition, the minimum reported can be zero, and the maximum can be 5. Q182 Provide the income received over the past 12 months from Designated Business activities 2.31.6 Please input the total income in GBP received from designated business activity(ies) in the reporting period (1st January to 31st December). This can be based on the most recent annual audited accounts data. If no audited accounts are prepared, input the approximate income for the 12-month period. 3.2.32 Designated Businesses (EAs) - New Customer Relationships This section of the return will only appear for those firms who have selected they hold the permission/ registration of a Designated Business (Estate Agent) within the ‘Building your Survey’ section of the return. Q183 Provide the total number of new customers assessed as higher risk in the reporting period, by customer type 2.32.1 Q184 Provide the total number of new customers assessed as standard risk in the reporting period, by customer type 2.32.2 Q185 Provide the total number of new customers assessed as lower risk in the reporting period, by customer type 2.32.3

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 36 of 120 For the above questions, input the total number of new customers established/ on-boarded as at the end of the reporting period (as at the 31st December), assessed by the relevant risk rating, and categorised using the following ‘customer type’ dropdowns: o 1-1. Natural Persons - IOM Resident o 1-2. Natural Persons – Non-IOM Resident o 1-3. IOM Charities / NPOs o 1-4. Non-IOM Charities / NPO’s o 1-5. Corporate / Trusts managed by IOM TCSPs o 1-6. Other corporate and trust customers o 1-7. Other customers including banks and public sector The Authority understands firms may not currently use all three available risk scoring options. If the firm utilises different risk ratings, please choose the equivalent risk score from the options available (higher, standard, lower). For clarity for the above questions, ‘new customers’ includes returning customers where the firm has had to re-engage with any customers and subsequently on-boarded them again within the reporting period (i.e. new CDD, terms of business etc.). 3.2.33 Designated Businesses (SNPOs) - Size & Significance of Donor Base This section of the return will only appear for those firms who have selected they hold the permission/ registration of a Designated Business (Specified Non-Profit Organisation) within the ‘Building your Survey’ section of the return. This section has been split out from the designated business section within the 2025 return. However, the questions remain the same as previous returns, but in the context of SNPOs. Q186 Provide the total number of donors assessed as higher risk at the end of the reporting period, by customer type 2.33.1 Q187 Provide the total number of donors assessed as standard risk at the end of the reporting period, by customer type 2.33.2 Q188 Provide the total number of donors assessed as lower risk at the end of the reporting period, by customer type 2.33.3 “donor” means a person who makes a gift, or a series of linked gifts, to an SNPO where — (a) the amount of the gift, or, as the case may be, the aggregate in a series of linked gifts, is more than €15,000; and (b) the person ultimately making the gift is not located in the Island. For the above questions, input the total number of donors as at the end of the reporting period (as at the 31st December), assessed by the relevant risk rating, and categorised using the following ‘customer type’ dropdowns: o 1-1. Natural Persons - IOM Resident o 1-2. Natural Persons – Non-IOM Resident o 1-3. IOM Charities / NPOs o 1-4. Non-IOM Charities / NPO’s o 1-5. Corporate / Trusts managed by IOM TCSPs o 1-6. Other corporate and trust customers o 1-7. Other customers including banks and public sector

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 37 of 120 For clarity, the total number of donors should include all existing donors, including any new donors reported in questions Q191 to Q193. The Authority understands that the SNPO may not currently use all three available risk scoring options. If different risk ratings are utilised, please choose the equivalent risk score from the options available (higher, standard, lower). Q189 Provide the number (if any) of donors from whom 20% or more of the annual income of the firm is derived 2.33.5 This question relates to where a significant part (20% or higher) of the SNPO’s annual income coming from their registered activity is derived from one or a small number of customers. The Authority is seeking high-level information about the number of donors that are material to the SNPO’s income. In this context the Authority is interested to understand how many customers exist which, alone or with associates, individually account for more than 20% of the SNPO’s income (being a material concentration). By definition, the minimum reported can be zero, and the maximum can be 5. Q190 Provide the income received over the past 12 months from Designated Business activities 2.33.6 Please input the total income in GBP received from designated business activity(ies) in the reporting period (1st January to 31st December). This can be based on the most recent annual audited accounts data. If no audited accounts are prepared, input the approximate income for the 12-month period. 3.2.34 Designated Businesses (SNPOs) - New Donor Relationships This section of the return will only appear for those firms who have selected they hold the permission/ registration of a Designated Business (Specified Non-Profit Organisation) within the ‘Building your Survey’ section of the return. Q191 Provide the total number of new donors assessed as higher risk at the end of the reporting period, by customer type 2.34.1 Q192 Provide the total number of new donors assessed as standard risk at the end of the reporting period, by customer type 2.34.2 Q193 Provide the total number of new donors assessed as lower risk at the end of the reporting period, by customer type 2.34.3 “donor” means a person who makes a gift, or a series of linked gifts, to an SNPO where — (a) the amount of the gift, or, as the case may be, the aggregate in a series of linked gifts, is more than €15,000; and (b) the person ultimately making the gift is not located in the Island. For the above questions, input the total number of new donors established/ on-boarded as at the end of the reporting period (as at the 31st December), assessed by the relevant risk rating, and categorised using the following ‘customer type’ dropdowns: o 1-1. Natural Persons - IOM Resident o 1-2. Natural Persons – Non-IOM Resident o 1-3. IOM Charities / NPOs o 1-4. Non-IOM Charities / NPO’s o 1-5. Corporate / Trusts managed by IOM TCSPs o 1-6. Other corporate and trust customers o 1-7. Other customers including banks and public sector

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 38 of 120 The Authority understands that the SNPO may not currently use all three available risk scoring options. If different risk ratings are utilised, please choose the equivalent risk score from the options available (higher, standard, lower). 3.2.35 Designated Businesses (SNPOs) - Size & Significance of Beneficiary Base This section of the return will only appear for those firms who have selected they hold the permission/ registration of a Designated Business (Specified Non-Profit Organisation) within the ‘Building your Survey’ section of the return. Q194 Provide the total number of beneficiaries assessed as higher risk at the end of the reporting period, by customer type 2.35.1 Q195 Provide the total number of beneficiaries assessed as standard risk at the end of the reporting period, by customer type 2.35.2 Q196 Provide the total number of beneficiaries assessed as lower risk at the end of the reporting period, by customer type 2.35.3 “beneficiary”, in relation to an SNPO, means the person who receives benefit (either directly or indirectly) for charitable, religious, cultural, educational, political, social, fraternal or philanthropic purposes and, for the avoidance of doubt, this includes both the ultimate beneficiary and any intermediaries. For the above questions, input the total number of beneficiaries as at the end of the reporting period (as at the 31st December), assessed by the relevant risk rating, and categorised using the following ‘customer type’ dropdowns: o 1-1. Natural Persons - IOM Resident o 1-2. Natural Persons – Non-IOM Resident o 1-3. IOM Charities / NPOs o 1-4. Non-IOM Charities / NPO’s o 1-5. Corporate / Trusts managed by IOM TCSPs o 1-6. Other corporate and trust customers o 1-7. Other customers including banks and public sector For clarity, the total number of beneficiaries should include all beneficiaries, including any new beneficiaries reported in questions Q197 to Q199. The Authority understands that the SNPO may not currently use all three available risk scoring options. If different risk ratings are utilised, please choose the equivalent risk score from the options available (higher, standard, lower). 3.2.36 Designated Businesses (SNPOs) - New Beneficiary Relationships This section of the return will only appear for those firms who have selected they hold the permission/ registration of a Designated Business (Specified Non-Profit Organisation) within the ‘Building your Survey’ section of the return. Q197 Provide the total number of new beneficiaries assessed as higher risk at the end of the reporting period, by customer type 2.36.1 Q198 Provide the total number of new beneficiaries assessed as standard risk at the end of the reporting period, by customer type 2.36.2 Q199 Provide the total number of new beneficiaries assessed as lower risk at the end of the reporting period, by customer type 2.36.3

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 39 of 120 “beneficiary”, in relation to an SNPO, means the person who receives benefit (either directly or indirectly) for charitable, religious, cultural, educational, political, social, fraternal or philanthropic purposes and, for the avoidance of doubt, this includes both the ultimate beneficiary and any intermediaries. For the above questions, input the total number of new beneficiaries established/ on-boarded as at the end of the reporting period (as at the 31st December), assessed by the relevant risk rating, and categorised using the following ‘customer type’ dropdowns: o 1-1. Natural Persons - IOM Resident o 1-2. Natural Persons – Non-IOM Resident o 1-3. IOM Charities / NPOs o 1-4. Non-IOM Charities / NPO’s o 1-5. Corporate / Trusts managed by IOM TCSPs o 1-6. Other corporate and trust customers o 1-7. Other customers including banks and public sector The Authority understands that the SNPO may not currently use all three available risk scoring options. If different risk ratings are utilised, please choose the equivalent risk score from the options available (higher, standard, lower). 3.2.37 Designated Business – Size & Significance of Customer Base This section of the return will only appear for those firms who have selected they hold the permission/ registration of a Designated Business within the ‘Building your Survey’ section of the return. Please note that the registrations for Virtual Asset Service Provider, Estate Agent and Specified Non-Profit Organisation are captured separately within the ‘Building your Survey’ section of the return and this section of the return is only to be completed by Designated Businesses that do not hold those permissions. Q200 Provide the total number of customers assessed as higher risk at the end of the reporting period, by customer type 2.37.1 Q201 Provide the total number of customers assessed as standard risk at the end of the reporting period, by customer type 2.37.2 Q202 Provide the total number of customers assessed as lower risk at the end of the reporting period, by customer type 2.37.3 For the above questions, input the total number of customers as at the end of the reporting period (as at the 31st December), assessed by the relevant risk rating, and categorised using the following ‘customer type’ dropdowns: o 1-1. Natural Persons - IOM Resident o 1-2. Natural Persons – Non-IOM Resident o 1-3. IOM Charities / NPOs o 1-4. Non-IOM Charities / NPO’s o 1-5. Corporate / Trusts managed by IOM TCSPs o 1-6. Other corporate and trust customers o 1-7. Other customers including banks and public sector For clarity, the total number of customers should include all existing customers, including any new customers on-boarded in the reporting period. Where a firm may operate on a ‘matters’ basis, for example in the case of legal professionals, the data reported in the above questions should be based on customers rather than matters. For example, if two

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 40 of 120 individuals engage a law firm for one conveyancing matter, the two individuals should be classed as customers in the above questions and therefore recorded separately. The Authority understands firms may not currently use all three available risk scoring options. If the firm utilises different risk ratings, please choose the equivalent risk score from the options available (higher, standard, lower). Q203 Provide the number (if any) of customers from whom 20% or more of the annual fee income of the firm is derived 2.37.5 This question relates to where a significant part (20% or higher) of the firm’s annual income coming from their registered activity is derived from one or a small number of customers. The Authority is seeking high-level information about the number of customers that are material to the firm’s income. In this context the Authority is interested to understand how many customers exist which, alone or with associates, individually account for more than 20% of the firm’s income (being a material concentration). By definition, the minimum reported can be zero, and the maximum can be 5. Q204 Provide the income received over the past 12 months from Designated Business activities 2.37.6 Please input the total income in GBP received from designated business activity(ies) in the reporting period (1st January to 31st December). This can be based on the most recent annual audited accounts data. If no audited accounts are prepared, input the approximate income for the 12-month period. 3.2.38 Designated Businesses – New Customer Relationships This section of the return will only appear for those firms who have selected they hold the permission/ registration of a Designated Business within the ‘Building your Survey’ section of the return. Q205 Provide the total number of new customers assessed as higher risk in the reporting period, by customer type 2.38.1 Q206 Provide the total number of new customers assessed as standard risk in the reporting period, by customer type 2.38.2 Q207 Provide the total number of new customers assessed as lower risk in the reporting period, by customer type 2.38.3 For the above questions, input the total number of new customers established/ on-boarded as at the end of the reporting period (as at the 31st December), assessed by the relevant risk rating, and categorised using the following ‘customer type’ dropdowns: o 1-1. Natural Persons - IOM Resident o 1-2. Natural Persons – Non-IOM Resident o 1-3. IOM Charities / NPOs o 1-4. Non-IOM Charities / NPO’s o 1-5. Corporate / Trusts managed by IOM TCSPs o 1-6. Other corporate and trust customers o 1-7. Other customers including banks and public sector The Authority understands firms may not currently use all three available risk scoring options. If the firm utilises different risk ratings, please choose the equivalent risk score from the options available (higher, standard, lower).

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 41 of 120 For clarity for the above questions, ‘new customers’ includes returning customers where the firm has had to re-engage with any customers and subsequently on-boarded them again within the reporting period (i.e. new CDD, terms of business etc.). 3.2.39 Politically Exposed Persons (“PEPs”) Q208 Did the firm have any PEP customers during the reporting period? 2.39.1 The above question will appear for all firms for completion and is seeking confirmation on whether the firm has had any Politically Exposed Persons customers throughout the reporting period (1 st January to 31st December). Please answer ‘Yes’ or ‘No’. If answered ‘Yes’ the below questions Q209 to Q217 will appear. Q209 Total number of customers associated with a domestic PEP 2.39.2 Q210 Total number of customers associated with a foreign PEP 2.39.3 For the above questions, input the total number of customers associated with a PEP, split out by domestic and foreign PEPs. For clarity, customers may be natural or non-natural persons, and this question seeks to understand how many customer relationships a firm has where there is an association to an individual who is classed as a PEP. It is important to recognise that the definitions of domestic PEP and foreign PEP are based on where the individual PEP’s prominent functions are undertaken, and not the residency of the individual: • A Domestic PEP is an individual who is either a PEP (being an individual who is entrusted with a prominent public function), or a PEP by association (being any family members or close associates of a PEP) whereby the prominent public function is in the Isle of Man. • A Foreign PEP is an individual who is either a PEP (being an individual who is entrusted with a prominent public function), or a PEP by association (being any family members or close associates of a PEP) whereby the prominent public function is outside of the Isle of Man (including the United Kingdom and Channel Islands). Q211 Of the above reported customers with a domestic PEP connection, how many unique PEPs are a domestic PEP? 2.39.4 Q212 Of the above reported customers with a foreign PEP connection, how many unique PEPs are a foreign PEP? 2.39.5 For the above questions input the total number of unique PEPs (being PEPs and PEPs by association), split out by domestic and foreign PEPs. A unique PEP is an individual classified as a PEP as defined in the Code; they may be a customer, or they may be an individual within a customer structure / relationship. “PEP Customer” vs “Unique PEP” A PEP customer is any customer (natural or legal person) of the firm having an association or connection to a PEP, as defined by the Code. A unique PEP is an individual natural person. For example; o One unique PEP could have multiple customer relationships/accounts; or o One unique PEP could be a director or trustee across multiple companies/trusts; or

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 42 of 120 o Multiple unique PEPs could have one customer relationship/account; or o Multiple unique PEPs could have one company/trust. Q213 For the unique domestic PEP relationships reported above, please indicate the PEP position held and numbers of position held using the drop-down list 2.39.6 Q214 For the unique foreign PEP relationships reported above, please indicate the PEP position held and numbers of position held using the drop-down list 2.39.7 For the above questions, input the number of unique PEPs reported, split out by domestic and foreign PEPs and categorised using the following ‘position type’ dropdown list: o PEP01 - Head of state, head of government, minister or deputy / assistant minister o PEP02 - Senior government official o PEP03 - Member of parliament o PEP04 - Senior politician o PEP05 - Important political party official o PEP06 - Senior judicial official o PEP07 - Member of court of auditors or the board of a central bank o PEP08 - Ambassador, chargé d'affaires or another high-ranking officer in a diplomatic service o PEP09 - High-ranking officer in an armed force o PEP10 - Senior member of an administrative, management or supervisory body of a state-owned enterprise o PEP11 - Senior member of management of, or a member of, the governing body of an international entity or organisation o PEP12 – Member of Royal Family o PEP13 - Other* A PEP is any person who is (or has been) entrusted with any prominent public functions such as the above. A customer may also be a PEP due to being associated to a PEP, for example family members or close associates of such a person. In this case, please select the most appropriate dropdown option to record the position of the PEP they are connected to. For example, where a customer is classed as a PEP due to being a family member of a member of parliament, for the position please select ‘member of parliament’. *‘Other’ being a politically exposed position/role which is not prescribed by the Code and included in the available dropdown list. Do not use this option for a PEP by association. Q215 Provide the nationality for all unique PEPs reported above (domestic and foreign) 2.39.8 Q216 Provide the residency for all unique PEPs reported above (domestic and foreign) 2.39.9 For the above questions, input the nationality and residency of the reported unique PEPs. Please ensure that you report the total number of unique PEPs reported in Q211 and Q212. Q217 Does the firm declassify PEPs? 2.39.11 Please answer ‘Yes’ or ‘No’. If answered ‘Yes’ the below questions Q218 to Q221 will appear. This question seeks to understand whether or not firms ‘declassify’ any individuals as PEPs (i.e. going from a PEP status to a non-PEP status). This question should be answered in line with the firm’s overall approach, in line with its policies and procedures, rather than if any PEPs have been declassified within the reporting period.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 43 of 120 Declassified PEPs are those individuals who for example the firm once classed as a PEP, they may match and fit the definition of a PEP, as defined by the Code, but the firm has reviewed the individual’s relationship to political influence and has chosen to no longer classify them as a PEP. Q218 Number of domestic PEPs declassified in the reporting period 2.39.12 Q219 Total number of domestic PEPs declassified 2.39.13 Q220 Number of foreign PEPs declassified in the reporting period 2.39.14 Q221 Total number of foreign PEPs declassified 2.39.15 If the firm does declassify PEPs, the above questions seek to understand how many unique PEPs have been declassified, split out by domestic and foreign, in both the reporting period (the last 12 months) and in total. It is important to recognise that the definitions of domestic PEP and foreign PEP are based on where the PEP’s prominent functions are undertaken, rather than the residency of the individual: • Domestic PEP is a PEP who is (or has been) entrusted with a prominent public function in the Island. This includes any family members or close associates of the PEP regardless of the location of that PEP, or the PEPs family members or close associates. • Foreign PEP is a PEP who is (or has been) entrusted with a prominent public function outside of the Island (including the United Kingdom and Channel Islands). This includes any family members or close associates of the PEP regardless of the location of that PEP, or the PEPs family members or close associates. 3.2.40 Commercially Exposed Persons (“CEPs”) and Commercially Exposed Activities This section of the return will appear for all firms to complete. Where firms do not have any customers associated with a commercially exposed activity or commercially exposed person, please input 0 to the below questions Q222 to Q224. The definition of a CEP is a natural person who, through their position or activity, may be exposed to an increased risk of bribery, corruption, fraud, ML, FT, or PF risk. This, in turn, may increase the risk to relevant persons where funds and transactions may be linked to, or the result of, illicit activity. The term CEP is used as a synonym for persons involved in industries or activities typically exposed to a higher risk of financial crime. Examples of such industries and activities are provided in the dropdown list below. There are two key components that need to be met to determine whether an individual is considered a CEP: • they are associated, through occupation, with an industry posing higher corruption risk; AND • they have decision-making power / influence, or ultimate effective control, within that role. For example, a Board member, senior executive, or person with decision-making power or influence (such as an Owner, CEO or Senior Manager) in one of the listed occupational activities would be considered a CEP. However, an administrator or employee with no decision-making power or influence would not be classed as a CEP. Q222 Number of customers (natural or non-natural) associated with a commercially exposed person, split by the principal activity list 2.40.1 For the above question, input the total number of customers associated with a CEP. For clarity, customers may be natural or non-natural persons, and this question seeks to understand how many customer

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 44 of 120 relationships a firm has, as at the as at the end of the reporting period (as at the 31st December), where customers (natural or non-natural) are associated with a commercially exposed person. For example, a natural customer, who through their position or activity is a CEP, should be reported in this question. A non-natural customer, for example a company, which is connected to a CEP, should also be included. Please input the relevant number, split by the following ‘principal activity’ dropdown: o Arms / weapons trading, dealing and defence o Casinos, gambling and betting o Construction / development industry o Dating / adult entertainment industry o Decision-making members of high-profile sporting bodies o Import/export companies/industry o Money services businesses o Oil and gas industry o Pharmaceuticals and healthcare o Precious metals and stones mining and trading o Shipping and transport of goods o Virtual asset service providers o Other CEP category Q223 Number of customers who are non-natural persons with a commercially exposed principal activity, split by the principal activity list 2.40.2 For the above question, input the number of non-natural customers only, where the principal activity is included in the list. Non-natural persons being Companies, Trusts, Foundations, etc. The below table provides a non-exhaustive list of examples for the above CEP ‘principal activity’ list as per section 3.8.13.4 of the Handbook. CEP Industry / Activity Example Exclusions Arms / weapons trading, dealing and defence • The production and sale of weapons and military technology. • The involvement or management of private military and security armies. • The involvement in the defence sector. • Clay shooting ranges. • Paintball, pellet, air or replica gun shop. Casinos, gambling and betting • A casino or games room. • An online gambling and betting platform. • A slot, fruit or poker machine company. • Administrative employees of casinos, gambling and betting companies. Construction / development industry • Property development firms. • City planning and construction enterprises. • Property management companies. • Local sole or small builder tradesmen. Dating / adult entertainment industry • Adult entertainment subscription service. • Adult webcam, film, photo provider. • Online dating and companion service. • Local dating arrangement service. • Adult retail shop.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 45 of 120 Decision-making members of highprofile sporting bodies • The International Olympic Committee (IOC) • The Fédération Internationale de Football Association (FIFA). • The Union of European Football Associations (UEFA). • Players, managers, or agents who may be vulnerable to corruption. • Former athletes. • Small local sporting bodies or groups. Import/export companies/industry • A private airport or ship port. • A company involved in the movement of goods and services across international borders. • A global warehouse or trade firm. • Local or domestic retail shops buying stock. Money services businesses • An online e-money entity that deals in transmitting, converting, or exchanging money. • A currency dealer or exchanger. • A bureau de change. • Local or domestic retail shop. Oil and gas industry • An exploration, extraction, refining, transportation, and marketing of crude oil and natural gas. • A pipeline firm transporting liquids and gases (oil, natural gas). • Gas canisters shop. • Petrol stations. Pharmaceuticals and healthcare • The research, development, manufacturing, and distribution of medications. • A hospital or healthcare service provider. • A medical cannabis manufacturer or supplier. • Biotechnology or medical device designer, manufacturer or seller. • Local or domestic pharmacist or GP. • Wellness/health shop. • Medical or health clinics and staff. Precious metals and stones mining and trading • A diamond or gold mine. • A large or international jeweller or gem trader. • Cash for gold offerings. • Watch or jeweller repair shop. • Garden and DIY centre. Shipping and transport of goods • A cargo shipping maritime entity. • An international logistics company. • A transporting of goods via land (road and rail) or air. • Local yacht club. • Yachting crew. • Commercial and residential movers. Virtual asset service providers • A firm offering exchange between virtual assets and fiat currencies, or one or more forms of virtual assets • A firm involved in the transfer of virtual assets; • A firm offering safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets • Individual trading as a hobby or enthusiast.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 46 of 120 • A firm offering participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset. Other • Other industries / activities as determined by the relevant person. Q224 Of the above reported customers with a commercially exposed activity in Q222, how many unique CEPs are there? 2.40.3 For the above question, input the total number of unique CEPs. A unique CEP is an individual (natural person) classified as a CEP as defined in the Handbook; they may be a customer, or they may be an individual within a customer structure / relationship. “Unique CEP” A unique CEP is an individual, natural person. This question seeks the overall number of individuals who are CEPs. For example; o One unique CEP could have multiple customer relationships/accounts; or o One unique CEP could be a director or trustee across multiple companies/trusts; or o Multiple unique CEPs could have one customer relationship/account; or o Multiple unique CEPs could have one company/trust. The Authority does not intend to capture decision-makers where such roles are held as part a professional service provision agreement; for example, through an individual holding controlled functions R23, R24, R25, R26, or R27. 3.2.41 Comments Q225 Do you have any comments to the previous sections? 2.41.1 This section of the return will appear for all firms. Please select ‘Yes’ or ‘No’. If answered ‘Yes’ the below comment box will appear:- Q226 This section is provided to allow firms to provide any commentary that is relevant to the completion of this form 2.41.2 3.3 Geographical Risk 3.3.1 Residency of Customers – Jurisdictional Analysis of Customers Q227 Does the firm have any natural persons customers? 3.1.1 This question will appear for all firms for completion and should be answered as at the end of the reporting period (as at the end of 31st December). Please answer ‘Yes’ or ‘No’. If answered ‘Yes’ question Q228 will appear. Q228 For each jurisdiction in which a customer of the firm resides, please indicate the number of natural persons customers in that jurisdiction 3.1.2

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 47 of 120 For the above question, input the total number and jurisdiction of all customers which are natural persons as at the end of the reporting period (as at the 31st December). Please ensure that the customer figures reported across Q228 and Q230 add up to the total number of customers reported within the ‘Customer Risk’ tab. Q229 Does the firm have any non-natural persons customers? 3.1.3 This question will appear for all firms for completion and should be answered as at the end of the reporting period (as at the end of 31st December). Please answer ‘Yes’ or ‘No’. If answered ‘Yes’ questions Q230 will appear. For clarity, a non-natural person consists of legal person or arrangement for example a: • 1931 Act Company • 2006 Act Company • Limited Liability Company • Foreign Company • Limited Partnership • Trust • Foundation Q230 For each jurisdiction in which a customer of the firm resides, please indicate the number of non-natural persons customers in that jurisdiction 3.1.4 For the above question, input the total number and jurisdiction of all customers which are non-natural persons (a legal person or arrangement) as at the end of the reporting period (as at the end of 31st December). Please ensure that the customer figures reported across Q228 and Q230 add up to the total number of customers reported within the ‘Customer Risk’ tab. Q231 Provide the total number of customers 3.1.5 For the above question, input the sum total of both natural and non-natural persons across all aspects of the licenced or registered business. Please note the number provided in this question should add up to those figures provided in questions Q228 and Q230. 3.3.2 Residency of UBOs – Jurisdictional Analysis of Ultimate Beneficial Owners This section of the return will appear for those firms who have answered ‘Yes’ to question Q229, confirming to have non-natural person customers. Q232 Provide the total number of ultimate beneficial owners resident in each jurisdiction for all non-natural persons customers (e.g. legal persons or arrangements) 3.2.1 For the above question, input the total number of ultimate beneficial owners and their country of residence for all non-natural person(s) customers reported in question Q230. For clarity, this question is referring to the ultimate beneficial owners identified in line with paragraph 12 of the AML/CFT Code.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 48 of 120 Q233 Provide the total number of unique ultimate beneficial owners resident in each jurisdiction for all non-natural persons customers (e.g. legal persons or arrangements) 3.2.2 For the above question, input the total number of unique ultimate beneficial owners and their country of residence for all non-natural person(s) customers reported in question Q230. The purpose of this question is to understand where one unique UBO from a jurisdiction may be reported multiple times, if they are the UBO of multiple non-natural persons (i.e. legal persons or arrangements). The number of unique UBOs will always be equal to or lower than the total number of UBOs resident in each jurisdiction for each customer. Examples of how 5 non-natural persons UBOs could be reported as unique UBOs: • Example 1 - 5 non-natural persons and the UBO is 1 unique natural person = 1 unique UBO • Example 2 - 4 non-natural persons are shared by 2 unique UBOs and 1 non-natural person has 1 unique UBO = 3 unique UBOs • Example 3 - 1 non-natural person is shared by 3 unique UBOs and 4 separate non-natural persons each has 1 unique UBO = 7 unique UBOs 3.3.3 Banking – Jurisdictional Analysis This section of the return will appear for all firms, except for those who have selected to hold a Class 1 – Deposit Taking licence within the ‘Building your Survey’ section of the return. Q234 Provide the jurisdiction where your firm maintains its primary business bank account 3.3.1 For the above question, select the jurisdiction in which the firm maintains its primary business bank account. A business bank account being a financial operating account for the firm to manage income and expenses, for example paying employees. The primary account should be determined based on the monetary value, rather than the number of accounts held. This should be an indicative breakdown. Q235 Does the firm operate a secondary business bank account? 3.3.2 For the above question please answer ‘Yes’ or ‘No’. If answered ‘Yes’ question Q236 will appear. A secondary business bank account being an additional account to the one reported above, being a financial operating account for the firm to manage income and expenses, for example paying employees. The top 3 accounts should be determined based on the monetary value rather than the number of accounts held. This should be an indicative breakdown. Q236 Provide the jurisdiction where your firm maintains its secondary business bank account 3.3.3 For the above question, select the jurisdiction in which the firm maintains its secondary business bank account. Q237 Does the firm operate a tertiary business bank account? 3.3.4 For the above question please answer ‘Yes’ or ‘No’. If answered ‘Yes’ question Q238 will appear.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 49 of 120 A tertiary business bank account being an additional account to the two reported above, being a financial operating account for the firm to manage income and expenses, for example paying employees. The top 3 accounts should be determined based on the monetary value rather than the number of accounts held. This should be an indicative breakdown. Q238 Provide the jurisdiction where your firm maintains its tertiary business bank account 3.3.5 For the above question, select the jurisdiction in which the firm maintains its tertiary business bank account. Q239 Does the firm hold or manage client/customer funds? 3.3.6 For the above question, please answer ‘Yes’ or ‘No’. If answered ‘Yes’ question Q240 will appear. This question is seeking information on whether the firm holds or manages any client monies as part of the products and services offered. This does not include the receipt of payments for services. Those firms which do not hold, collect or manage client monies/assets could include the following; tax advisors, estate agents, independent financial advisors and general insurance intermediaries. Please note this list is not exhaustive. Q240 Provide the jurisdiction where your firm maintains its primary customer/client bank account 3.3.7 For the above question, select the jurisdiction in which the firm maintains its primary customer bank account(s). These should be the accounts used to hold client money. The primary account should be determined based on the monetary value rather than the number of accounts held. This should be an indicative breakdown. Q241 Does the firm operate a secondary bank account used to maintain customer/client funds? 3.3.8 For the above question please answer ‘Yes’ or ‘No’. If answered ‘Yes’ question Q242 will appear. A secondary customer account being an additional account to the one reported above, being an account which the firm uses to hold client money. The top 3 customer accounts should be determined based on the monetary value rather than the number of accounts held. This should be an indicative breakdown. Q242 Provide the jurisdiction where your firm maintains its secondary customer/client bank account 3.3.9 For the above question, select the jurisdiction in which the firm maintains its secondary customer bank account(s). These should be the accounts used to hold client money. Q243 Does the firm operate a tertiary bank account used to maintain customer/client funds? 3.3.10 For the above question please answer ‘Yes’ or ‘No’. If answered ‘Yes’ question Q244 will appear. A tertiary customer account being an additional account to the two reported above, being an account which the firm uses to hold client money.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 50 of 120 The top 3 customer accounts should be determined based on the monetary value rather than the number of accounts held. This should be an indicative breakdown. Q244 Provide the jurisdiction where your firm maintains its tertiary customer/client bank account 3.3.11 For the above question, select the jurisdiction in which the firm maintains its tertiary customer bank account(s). These should be the accounts used to hold client money. 3.3.4 Comments Q245 Do you have any comments to the previous sections? 3.4.1 This section of the return will appear for all firms. Please select ‘Yes’ or ‘No’. If answered ‘Yes’ the below comment box will appear: Q246 This section is provided to allow firms to provide any commentary that is relevant to the completion of this form 3.4.2

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 51 of 120

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 52 of 120 3.4 Products & Services Risk 3.4.1 Understanding the Firm – Payment Methods Q247 In relation to the regulated activities or designated business please confirm if you: Accept incoming cash and their frequency 4.1.1 Q248 Utilise outgoing cash and their frequency 4.1.2 Q249 Accept incoming bank transfer (incl. DD/SO) and their frequency 4.1.3 Q250 Utilise outgoing bank transfer (incl. DD/SO) and their frequency 4.1.4 Q251 Accept incoming cheque / bankers draft and their frequency 4.1.5 Q252 Utilise outgoing cheque / bankers draft and their frequency 4.1.6 Q253 Accept incoming debit / credit card and their frequency 4.1.7 Q254 Utilise outgoing debit / credit card and their frequency 4.1.8 Q255 Accept incoming prepaid card and their frequency 4.1.9 Q256 Utilise outgoing prepaid card and their frequency 4.1.10 Q257 Accept incoming online e-money payments system (e.g. PayPal or similar) and their frequency 4.1.11 Q258 Utilise outgoing online e-money payments system (e.g. PayPal or similar) and their frequency 4.1.12 Q259 Accept incoming crypto / virtual asset and their frequency 4.1.13 Q260 Utilise outgoing crypto / virtual asset and their frequency 4.1.14 Q261 Accept incoming in-specie transfer of property with monetary value (e.g. shares) and their frequency 4.1.15 Q262 Utilise outgoing in-specie transfer of property with monetary value (e.g. shares) and their frequency 4.1.16 This section of the return will appear for all firms for completion and asks to confirm as at the end of the reporting period (as at 31st December) what payment methods are utilised and their frequency in relation to the firms regulated activities or designated business activities. For each of the above questions, please answer using the following dropdowns: o Usual – This method is used frequently as part of business as usual o Occasional – Whilst considered to be a method within business as usual the frequency is less o By Exception – Not a method utilised within business as usual and requires consideration of risk and senior sign off before accepted o Never – Method is not utilised by the business o Unknown – Indicate here if a payment type not otherwise indicated above has been made but not identified The Authority seeks to understand the payment methods accepted or utilised by the firm for incoming and outgoing transfer of funds to and from customers in respect of all regulated or registered business carried out. The Authority appreciates that some payment methods are utilised or accepted as part of ‘business as usual’, others are accepted on a case-by-case basis after due consideration of the risks presenting, and others are not acceptable due to the firm’s policy.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 53 of 120 3.4.2 Products and Services Scenarios This section of the return will appear for all firms for completion. Q263 Does the firm send/receive any third party payments for products or services on behalf of any customers? 4.2.1 For the above question, indicate if the firm accepts or transfers monies and/or assets for any of the products and services offered by the firm to or from a third party who is not the customer. Please answer ‘Yes’ or ‘No’. For example, a third party including a related entity or family member paying on behalf of the customer. Q264 Does the firm offer any online, no contact, non-face-to-face products or services? 4.2.2 For the above question, indicate if the firm has any products or services where a customer is onboarded and approved/accepted through an online, no contact system. E.g. via an online system with automated decision making/approval onboarding function. Please answer ‘Yes’ or ‘No’. This may be related to applying for a product or service which is offered through an online system which automatically onboards the customer. Examples of products and services which could be applicable include; bank accounts, lending products, life/investment policies, pension products, pre-approved rental agreements or VASP accounts/wallets. Please note that this list is non-exhaustive. For clarity, non-face-to-face customer relationships occur without the customer being physically present or who have been met virtually face-to-face. Non-visual mediums such as telephone calls or emails do not qualify as meeting the customer. Q265 Does the firm offer any products or services designed specifically for HNWIs? 4.2.3 For the above question, indicate if the firm’s products and services are specifically designed to be targeted, offered to and/or attract HNWIs or UHNWIs. The criteria and definition of HNWIs or UHNWIs may vary across sectors and should be defined as per firm’s own procedures and controls. Please answer ‘Yes’ or ‘No’. Where a firm’s products or services may not specifically target HNWIs or UHNWIs, if the firm offers a more tailored service to HNWIs or UHNWIs customers the above question should be answered as ‘Yes’. Q266 Does the firm offer any products or services it considers to be complex or multilayered? 4.2.4 For the above question, indicate if the firm provides products and services it considers to be complex and multi-layered when considering the firm’s risk assessment of their own products and services within its BRA. Please answer ‘Yes’ or ‘No’. For clarity, the Authority does not provide a definition of ‘complex’ or ‘multi-layered’. The complexity of the firms products, services and transactions should be considered within the firms BRA and the above question should be answered based on this. Q267 Does the firm offer products or services to family office arrangements? 4.2.5 For the above question, indicate if the firm offers any products or services to family offices. Please answer ‘Yes’ or ‘No’. If answered ‘Yes’ the below questions Q268 to Q269 will appear.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 54 of 120 Where a firm offers products or services which may be operated by family offices but does not offer bespoke products or services to family office arrangements, the above question should be answered as ‘Yes’. For clarity, a family office is a private wealth management advisory firm which services U/HNWIs and/or provides services to a family. Q268 Number of Isle of Man resident family office customers 4.2.6 Q269 Number of non-Isle of Man resident family office customers 4.2.7 Please provide the total number of family office customers split out by those which are Isle of Man and nonIsle of Man resident. Q270 Does the firm hold, collect or manage any client monies/assets with the products or services offered (except in the form of payments)? 4.2.8 This question is seeking information on whether the firm holds, collects or manages any client monies or assets as part of the products and services offered, not including being in receipt of payments for services. Many financial services and designated business firms typically hold, collect and manage client monies and assets i.e. Legal Professional Client Accounts. Those firms which do not hold, collect or manage client monies/assets could include the following; tax advisors, estate agents, independent financial advisors and general insurance intermediaries. Please note this list is not exhaustive. Please answer ‘Yes’ or ‘No’. Q271 Does the firm consider customers, inclusive of all products or services offered, when assessing ML/FT/PF risk, instead of separately and individually? 4.2.9 For the above question, indicate if the firm considers or would consider the multiple products/ services utilised by a customer when assessing the risk of that customer. Please answer ‘Yes’ or ‘No’. This question seeks to understand whether the firm choose to risk rate customers inclusive of, or risk rate isolated accounts, where firms have customers who may hold multiple accounts. For example, a bank with multiple customer accounts, an accountant where businesses are owned by the same UBO, investment or life firms where you have multiple family/solo/corporate accounts, legal advice looking beyond just the current matter. Q272 Does the firm document, record and monitor possible red flags, actions or alerts in relation to specific products or services offered? 4.2.10 When considering red flags of any products and services offered by the firm, indicate if the firm documents these within its risk assessments, policies, procedures, controls and guidance documentation. Please answer ‘Yes’ or ‘No’. Q273 Does the firm establish trusts? 4.2.11 This question will appear for those firms who have selected ‘no’ to holding a Class 4 – Corporate Services and/ or a Class 5 – Trust Services licence within the ‘Building your Survey’ section of the return. Please answer ‘Yes’ or ‘No’.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 55 of 120 Q274 Number of trusts established in the reporting period 4.2.12 Please input the number of trusts established in the reporting period (1st January to 31st December) as per the firm’s technical definition, and only capture those trusts established whereby the firm also provides a role to the trust. 3.4.3 Incidental Business This section of the return will only appear for those firms who have answered ‘Yes’ to question Q17, which asks firms whether the firm has conducted any incidental designated business activities under their licence. Q275 Total number of customers receiving incidental designated business activities services via the firm? 4.3.1 For the above question, input the total number of customers for which the firm has been providing incidental designated business activities services as at the end of the reporting period (as at the 31st December). Designated business activities being those as per schedule 1 to the DBRO15. Q276 Does the firm provide any incidental designated business services exclusively to customers whom are not customers of the firm for its primary licenced/registered permission(s) 4.3.2 Please answer ‘Yes’ or ‘No’. 3.4.4 Insurance Activity This section of the return will appear for those firms who have selected the following permissions/ registrations within the ‘Building your Survey’ section of the return; Classes 3-9 & 11: General Business (including Reinsurance) and Class 12 Only / Class 13 Only: Restricted (all insurance types) or ISPV Class 13. Q277 In respect of the type of insurance written by the firm, please indicate the activity that best reflects the business of the firm 4.4.1 For the above question, indicate the type of insurance written that best reflects the activity of the firm, using the following dropdown options: o Self-Insurer – a firm that underwrites the insurance risks of its own group. o Producer Owned – a firm that underwrites the risks of customers of a company within the same ownership structure of the firm. The insurance may be written through a fronting insurer in the first instance. o Third Party Writer – a firm that underwrites the insurance risks of parties that are not related parties. o Combination – a firm that underwrites a combination of the above. Select the most appropriate response using the dropdown boxes provided. Q278 Indicate whether the firm performs the activity of Self Insurer 4.4.2 Q279 Indicate whether the firm performs the activity of Producer Owned 4.4.3 Q280 Indicate whether the firm performs the activity of Third Party Writer 4.4.4 Q281 Indicate whether the firm performs the activity of Combination 4.4.5

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 56 of 120 For the above questions please answer ‘Yes’ or ‘No’. For a definition of the different activities please see the above question Q277. 3.4.5 Comments Q282 Do you have any comments to the previous sections? 4.6.1 This section of the return will appear for all firms. Please select ‘Yes’ or ‘No’. If answered ‘Yes’ the below comment box will appear: Q283 This section is provided to allow firms to provide any commentary that is relevant to the completion of this form 4.6.2 3.5 Distribution & Due Diligence Risk 3.5.1 Building this Section Q284 Have you taken on any new business during the reporting period? The reporting period for this return being:- 1st January to 31st December inclusive 5.1.1 This section of the return will appear for all firms. Please answer ‘Yes’ or ‘No’. If answered ‘Yes’ questions Q299 to Q329 will appear. Please ensure that the answer for the above question is consistent and match what was reported within the ‘Customer Risk’ tab of the return. 3.5.2 Customer Base – Reliance and Concessions – Use of Simplified Due Diligence This section of the return will appear for all firms for completion. The AML/ CFT Code provides certain exemptions and simplifications from the standard CDD requirements, this section of the return therefore seeks information about the use and reliance of concessions and simplified due diligence measures in relation to the firm’s entire customer base. Q285 In respect of the firm’s entire customer / business relationship base, indicate whether any of the following concessions were utilised by the firm: Acceptable Applicants (Paragraph 16 of the Code) 5.2.1 This question will appear for all firms for completion. Please answer ‘Yes’ or ‘No’. If answered ‘Yes’ the below question Q286 will appear. For ‘Acceptable Applicants’, the Code provides an exemption from certain identification and verification requirements where a customer is acting on its own behalf, is of a particular category (a trusted person or is a company listed on a recognised stock exchange), and meets the specified criteria. For full details on the ‘Acceptable Applicants’ concession please refer to paragraph 16 of the AML/CFT Code. Q286 Total number of customers utilising the Acceptable Applicants (Paragraph 16 of the Code) concession 5.2.2

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 57 of 120 For the above question, input the total number of customers across the customer base where the ‘Acceptable Applicants’ concession (as per paragraph 16 of the Code) has been applied, as at the end of the reporting period (as at the 31st December). Q287 In respect of the firm’s entire customer / business relationship base, indicate whether any of the following concessions were utilised by the firm: Acting on Behalf of (Paragraph 17 of the Code) 5.2.4 This question will appear for all firms for completion. Please answer ‘Yes’ or ‘No’. If answered ‘Yes’ the below question Q288 will appear. The ‘Acting on Behalf of’ concession provides an exemption for a restricted group of regulated persons(Class 1, Class 2, Class 3 and Class 8 licenceholders) from the requirement to look through certain types of customers to the customer’s underlying clients and the beneficial owners of those underlying clients where the allowed business is acting for another person. Please refer to paragraph 17 of the AML/CFT Code for full details and requirements around this concession. Q288 Total number of customers utilising the Acting on Behalf of (Paragraph 17 of the Code) concession 5.2.5 For the above question, input the total number of customers across the customer base where the ‘Acting on Behalf of’ concession (as per paragraph 17 of the Code) has been applied, as at the end of the reporting period (as at the 31st December). Q289 In respect of the firm’s entire customer / business relationship base, indicate whether any of the following concessions were utilised by the firm: Generic Designated Business (Paragraph 18 of the Code) 5.2.7 The above question will only appear for those firms who have selected they hold the permission/ registration of a Designated Business within the ‘Building your Survey’ section of the return. If answered ‘Yes’ the below question Q290 will appear. The ‘Generic Designated Business’ concession provides that, if certain conditions are met (as detailed in paragraph 18(3) of the Code), a firm does not have to verify the identity of the customer or comply with paragraph 12(2)(a)(ii) of the Code, taking reasonable measures to verify identity of any beneficial owner. Pease refer to paragraph 18 of the AML/CFT Code for full details and requirements around this concession. Q290 Total number of customers utilising the Generic Designated Business (Paragraph 18 of the Code) concession 5.2.8 For the above question, input the total number of customers across the customer base where the ‘Generic Designated Business’ concession (as per paragraph 18 of the Code) has been applied, as at the end of the reporting period (as at the 31st December). Q291 In respect of the firm’s entire customer / business relationship base, indicate whether any of the following concessions were utilised by the firm: Eligible Introducers (Paragraph 19 of the Code) 5.2.10 This question will appear for all firms for completion. Please answer ‘Yes’ or ‘No’. If answered ‘Yes’ the below question Q292 will appear.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 58 of 120 The Code allows firms to rely on certain third parties, ‘Eligible Introducers’, to undertake and hold verification of identity on the customers they introduce to the firm and the beneficial owners of those customers. Firms can rely on the eligible introducer to retain the verification of identity documents, data or information without passing it on to the relevant person at the outset of the business relationship/occasional transaction. For clarity, eligible introducers can either be a restricted category of “trusted persons” as defined in the Code, or group companies subject to listed conditions. Please refer to paragraph 19 of the AML/CFT Code for full details and requirements around this concession. Q292 Total number of customers utilising the Eligible Introducers (Paragraph 19 of the Code) concession 5.2.11 For the above question, input the total number of customers across the customer base where the ‘Eligible Introducers’ concession (as per paragraph 19 of the Code) has been applied, as at the end of the reporting period (as at the 31st December). Q293 In respect of the firm’s entire customer / business relationship base, indicate whether any of the following concessions were utilised by the firm: Insurer Concessions (Paragraph 20 of the Code) 5.2.13 This section of the return will appear for all firms. Please select ‘Yes’ or ‘No’. If answered ‘Yes’ the below question Q294 will appear. The ‘Insurance’ concession allows an insurer or insurance intermediary to either not undertake the requirements of Parts 4 (Customer Due Diligence) and 5 (Enhanced Measures) of the Code or to defer such compliance provided certain criteria is met; the annual premium is less than €1,000 or the single premium, or series of linked premiums, is less that €2,500; or there is neither a surrender value nor a maturity value (for example, term insurance). For full details and requirements around the use of this concession please refer to paragraph 20 of the Code or the Non-Life Secor Specific AML/CFT Guidance. Q294 Total number of customers utilising the Insurer (Paragraph 20 of the Code) concession 5.2.14 For the above question, input the total number of customers across the customer base where the ‘Insurer’ concession (as per paragraph 20 of the Code) has been applied, as at the end of the reporting period (as at the 31st December). Q295 In respect of the firms entire customer / business relationship base, indicate whether any of the following concessions were utilised by the firm: Scheme Concessions (Paragraph 21 of the Code) 5.2.16 This section of the return will appear for all firms. Please select ‘Yes’ or ‘No’. If answered ‘Yes’ the below question Q296 will appear. In respect of a pension, superannuation or similar scheme that provides retirement benefits to employees, if contributions are made by way of deduction from wages and the scheme rules do not permit the assignment of a member’s interest under the scheme, the ‘Scheme’ concession allows firms to treat the employer, trustee or any other person who has control over the business relationship, including the administrator or the scheme manager, as the customer; and need not comply with paragraph 12(2)(b) of the Code.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 59 of 120 For full details and requirements around the use of this concession please refer to paragraph 21 of the Code or the Private Pensions Sector Specific AML/CFT Guidance. Q296 Total number of customers utilising the Scheme (Paragraph 21 of the Code) concession 5.2.17 For the above question, input the total number of customers across the customer base where the ‘Scheme’ concession (as per paragraph 21 of the Code) has been applied, as at the end of the reporting period (as at the 31st December). Q297 Has the firm conducted any exempted occasional transactions (as specifically defined in the Code) within the reporting period? 5.2.19 This section of the return will appear for all firms. Please select ‘Yes’ or ‘No’. If answered ‘Yes’ the below question Q298 will appear. The Code provides an exemption from certain verification requirements where occasional transactions fall below certain value thresholds – i.e. they are exempted occasional transactions. As defined by the Code, an “exempted occasional transaction” means an occasional transaction (whether a single transaction or a series of linked transactions) where the amount of the transaction or, the aggregate in the case of a series of linked transactions, is less in value than — (a) €5,000 in relation to an activity being undertaken which is included in Class 8(1) (bureau de change) and Class 8(3) (cheque encashment) of the Regulated Activities Order; (b) €1,000 in relation to an activity being undertaken which is included in Class 8(4) (money transmission services apart from cheque encashment) of the Regulated Activities Order and paragraph 2(6)(r) (convertible virtual currency) of Schedule 4 to the Proceeds of Crime Act 2008; or (c) €15,000 in any other case; Sub-paragraph 11(4) of the Code enables relevant persons to conduct exempted occasional transactions (as specifically defined by the Code) without verifying the identity or legal status of the customer. In addition, where the customer is not a natural person, 11(5) provides that relevant persons conducting exempted occasional transactions do not need to verify the identity of any beneficial owner of the customer. The Authority is therefore seeking information within the question on whether the firm has used the exempted occasional transactions measures within the reporting period (1st January to 31st December). Q298 Total number of exempted occasional transactions conducted within the reporting period 5.2.20 For the above question, input the total number of customers across the customer base where the exempted transactions measures (as per paragraph 11 of the Code) have been applied, as at the end of the reporting period (as at the 31st December). 3.5.3 New Business Relationships – Reliance and Concessions – Use of Simplified Due Diligence This section of the return will appear for those firms who have taken on new business during the reporting period (this being 1st January to 31st December) as confirmed in question Q284. This section of the return seeks information about the use and reliance of concessions and simplified due diligence measures in relation to the firm’s new customers.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 60 of 120 Q299 In respect of the new customer / business relationships entered into during the reporting period, indicate whether any of the following concessions were utilised by the firm: Acceptable Applicants (Paragraph 16 of the Code) 5.3.1 The information requested in this question is only in respect of new customer relationships established in the reporting period. Please select ‘Yes’ or ‘No’. If answered ‘Yes’ the below question Q300 will appear. For ‘Acceptable Applicants’, the Code provides an exemption from certain identification and verification requirements where a customer is acting on its own behalf, is of a particular category (a trusted person or is a company listed on a recognised stock exchange), and meets the specified criteria. For full details on the ‘Acceptable Applicants’ concession please refer to paragraph 16 of the AML/CFT Code. Q300 How many new customers were they applied to? 5.3.2 For the above question, input the number of new customers where the ‘Acceptable Applicants’ concession (as per paragraph 16 of the Code) has been applied, as at the end of the reporting period (as at the 31st December). Q301 In respect of the new customer / business relationships entered into during the reporting period, indicate whether any of the following concessions were utilised by the firm: Acting on Behalf of (Paragraph 17 of the Code) 5.3.3 The information requested in this question is only in respect of new customer relationships established in the reporting period. Please select ‘Yes’ or ‘No’. If answered ‘Yes’ the below question Q302 will appear. The ‘Acting on Behalf of’ concession, provides an exemption for a restricted group of regulated persons (Class 1, Class 2, Class 3 and Class 8 licenceholders) from the requirement to look through certain types of customers to the customer’s underlying clients and the beneficial owners of those underlying clients where the allowed business is acting for another person. Please refer to paragraph 17 of the AML/CFT Code for full details and requirements around this concession. Q302 How many new customers were they applied to? 5.3.4 For the above question, input the number of new customers where the ‘Acting on Behalf of’ concession (as per paragraph 17 of the Code) has been applied, as at the end of the reporting period (as at the 31st December). Q303 In respect of the new customer / business relationships entered into during the reporting period, indicate whether any of the following concessions were utilised by the firm: Generic Designated Business (Paragraph 18 of the Code) 5.3.5 The above question will only appear for those firms who have selected they hold the permission/ registration of a Designated Business within the ‘Building your Survey’ section of the return. The information requested in this question is only in respect of new customer relationships established in the reporting period. Please select ‘Yes’ or ‘No’. If answered ‘Yes’ the below question Q304 will appear. The ‘Generic Designated Business’ concession provides that, if certain conditions are met (as detailed in paragraph 18(3) of the Code), a firm does not have to verify the identity of the customer or comply with paragraph 12(2)(a)(ii) of the Code, taking reasonable measures to verify identity of any beneficial owner.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 61 of 120 Pease refer to paragraph 18 of the AML/CFT Code for full details and requirements around this concession. Q304 How many new customers were they applied to? 5.3.6 For the above question, input the number of new customers where the ‘Generic Designated Business’ concession (as per paragraph 18 of the Code) has been applied, as at the end of the reporting period (as at the 31st December). Q305 In respect of the new customer / business relationships entered into during the reporting period, indicate whether any of the following concessions were utilised by the firm: Eligible Introducers (Paragraph 19 of the Code) 5.3.7 The information requested in this question is only in respect of new customer relationships established in the reporting period. Please select ‘Yes’ or ‘No’. If answered ‘Yes’ the below question Q306 will appear. The Code allows firms to rely on certain third parties, ‘Eligible Introducers’, to undertake and hold verification of identity on the customers they introduce to the firm and the beneficial owners of those customers. Firms can rely on the eligible introducer to retain the verification of identity documents, data or information without passing it on to the relevant person at the outset of the business relationship/occasional transaction. For clarity, eligible introducers can either be a restricted category of “trusted persons” as defined in the Code, or group companies subject to listed conditions. Please refer to paragraph 19 of the AML/CFT Code for full details and requirements around this concession. Q306 How many new customers were they applied to? 5.3.8 For the above question, input the number of new customers where the ‘Eligible Introducers’ concession (as per paragraph 19 of the Code) has been applied, as at the end of the reporting period (as at the 31st December). Q307 In respect of the new customer / business relationships entered into during the reporting period, indicate whether any of the following concessions were utilised by the firm: Insurer Concessions (Paragraph 20 of the Code) 5.3.9 The information requested in this question is only in respect of new customer relationships established in the reporting period. Please select ‘Yes’ or ‘No’. If answered ‘Yes’ the below question Q308 will appear. The ‘Insurance’ concession allows an insurer or insurance intermediary to either not undertake the requirements of Parts 4 (Customer Due Diligence) and 5 (Enhanced Measures) of the Code or to defer such compliance provided certain criteria is met; the annual premium is less than €1,000 or the single premium, or series of linked premiums, is less that €2,500; or there is neither a surrender value nor a maturity value (for example, term insurance). For full details and requirements around the use of this concession please refer to paragraph 20 of the Code or the Non-Life Secor Specific AML/CFT Guidance. Q308 How many new customers were they applied to? 5.3.10 For the above question, input the number of new customers where the ‘Insurer’ concession (as per paragraph 20 of the Code) has been applied, as at the end of the reporting period (as at the 31st December).

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 62 of 120 Q309 In respect of the new customer / business relationships entered into, indicate whether any of the following concessions were utilised by the firm: Scheme Concessions (Paragraph 21 of the Code) 5.3.11 The information requested in this question is only in respect of new customer relationships established in the reporting period. Please select ‘Yes’ or ‘No’. If answered ‘Yes’ the below question Q310 will appear. In respect of a pension, superannuation or similar scheme that provides retirement benefits to employees, if contributions are made by way of deduction from wages and the scheme rules do not permit the assignment of a member’s interest under the scheme, the ‘Scheme’ concession allows firms to treat the employer, trustee or any other person who has control over the business relationship, including the administrator or the scheme manager, as the customer; and need not comply with paragraph 12(2)(b) of the Code. For full details and requirements around the use of this concession please refer to paragraph 21 of the Code or the Private Pensions Sector Specific AML/CFT Guidance. Q310 How many new customers were they applied to? 5.3.12 For the above question, input the number of new customers where the ‘Scheme’ concession (as per paragraph 21 of the Code) has been applied, as at the end of the reporting period (as at the 31st December). Q311 In respect of the new customer / business relationships entered into during the reporting period, indicate whether any of the following concessions were utilised by the firm: Transfer of a Block of Business Concessions (Paragraph 22 of the Code) 5.3.13 The information requested in this question is only in respect of new customer relationships established in the reporting period. Please select ‘Yes’ or ‘No’. If answered ‘Yes’ the below question Q312 will appear. The ‘Transfer of a Block of Business’ concession may be used when business is transferred from one business to another (in line with the vendor types listed in paragraph 22(3) of the Code) and allows the “purchaser” to rely on the CDD that has already been obtain on those customers by the “vendor”. Please refer to paragraph 22 of the AML/CFT Code for full details and requirements around this concession. Q312 How many new customers were they applied to? 5.3.14 For the above question, input the number of new customers where the ‘Transfer of a Block of Business’ concession (as per paragraph 22 of the Code) has been applied, as at the end of the reporting period (as at the 31st December). 3.5.4 New Business Relationships – Reliance and Concessions – Face-to-Face Business This section of the return will appear for those firms who have taken on new business during the reporting period (this being 1st January to 31st December) as confirmed in question Q284. Please note that the overall figures reported in this section of the return should match the total number of new customer relationships reported within the ‘Customer Risk’ tab.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 63 of 120 Q313 For new customer relationships established in the reporting period, provide the number of customers met face-to-face by the firm 5.4.1 For the above question, input the total number of new customers established/on-boarded in the reporting period who have been met face-to-face by the firm. For clarity, face-to-face customer relationships occur when the customer is physically present and a nonvisual medium such as a telephone call or email does not qualify as meeting the customer. Q314 For new customer relationships established in the reporting period, provide the number of customers met face-to-face by a related party of the firm 5.4.2 For the above question, input the total number of new customers established/ on-boarded in the reporting period who have been met face-to-face by a related party of the firm. A related party being a linked firm with a legal outsourcing or servicing agreement. Q315 For customer relationships established in the reporting period, provide the number of non-face-to-face customer relationships 5.4.3 For the above question, input the total number of new customers established/ on-boarded in the reporting period who have not been met face-to-face by the firm. This includes where the customer has not been met by the supervised firm, but may have been met by an introducer or sales referrer. For clarity, non-face-to-face customer relationships occur without the customer being physically present, a non-visual medium such as a telephone call or email does not qualify as meeting the customer. 3.5.5 New Business Relationships – Reliance and Concessions – Reliance on Third Parties for Elements of CDD This section of the return will appear for those firms who have taken on new business during the reporting period (this being 1st January to 31st December) as confirmed in question Q284. This section of the return is seeking information on whether or not third parties are utilised in the due diligence process and where they have been utilised, to what extent. Please note that the overall figures reported in this section of the return should match the total number of new customer relationships reported within the ‘Customer Risk’ tab. Therefore, please ensure that in this section of the return you are reporting on both, where third parties are utilised, and where they are not. Q316 For new customer relationships, indicate the extent to which third parties are utilised in the due diligence process where; (i) Reliance has been placed on third parties (including introducers) - evidence obtained and held by the firm; and (a) Original certified copies of verification of identity documentation is retained by the firm 5.5.1 For the above question, input the total number of new customers established/ on-boarded in the reporting period where reliance was placed on third parties (including introducers) as part of the due diligence process, the evidence was obtained and held by the firm and original certified copies of verification of identity documentation is retained by the firm. Q317 Does the firm, in all cases, understand who has met the customer face-to-face regarding the above (i)-(a) process? 5.5.2

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 64 of 120 Please answer ‘Yes’ or ‘No’. Q318 For new customer relationships, indicate the extent to which third parties are utilised in the due diligence process where; (i) Reliance has been placed on third parties (including introducers) - evidence obtained and held by the firm; and (b) Certified copies of certified copies of verification of identity documentation is retained by the firm 5.5.3 For the above question, input the total number of new customers established/ on-boarded in the reporting period where reliance was placed on third parties (including introducers) as part of the due diligence process, the evidence was obtained and held by the firm and certified copies of certified copies of verification of identity documentation is retained by the firm. Q319 Does the firm, in all cases, understand who has met the customer face-to-face regarding the above (i)-(b) process? 5.5.4 Please answer ‘Yes’ or ‘No’. Q320 For new customer relationships, indicate the extent to which third parties are utilised in the due diligence process where; (ii) Reliance is placed on the eligible introducer ('EI') to verify the identity and hold that evidence 5.5.5 For the above question, input the total number of new customers established/ on-boarded in the reporting period where reliance was placed on the eligible introducer ('EI') to verify the identity of the customer, and the EI hold the evidence obtained. Q321 Does the firm, in all cases, understand who has met the customer face-to-face regarding the above (ii) process? 5.5.6 Please answer ‘Yes’ or ‘No’. Q322 For new customer relationships, indicate the extent to which third parties are utilised in the due diligence process where; (iii) No reliance was placed on third parties; and (a) CDD is collected directly from the customer face-to-face 5.5.7 For the above question, input the total number of new customers established/ on-boarded in the reporting period where no reliance was placed on third parties as part of the due diligence process and your firm collected CDD directly from the customer face-to-face. Q323 For new customer relationships, indicate the extent to which third parties are utilised in the due diligence process where; (iii) No reliance was placed on third parties; and (b) CDD is collected directly from the customer but remotely 5.5.8 For the above question, input the total number of new customers established/ on-boarded in the reporting period where no reliance was placed on third parties for the CDD process and your firm collected CDD directly from the customer but remotely. For clarity remotely, meaning non-face-to-face and includes CDD being obtained by email for example.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 65 of 120 Q324 For new customer relationships, indicate the extent to which third parties are utilised in the due diligence process where; (iv) No reliance - other concessions not requiring verification utilised i.e. No verification of identity held by the firm - other simplified due diligence concession taken (other than EI) 5.5.9 For the above question, input the total number of new customers established/ on-boarded in the reporting period where no reliance was placed on third parties for the CDD process due to the firm not requiring verification of identity from the customer. This for example could be where the firm has utilised simplified measures by applying a concession as per the AML/CFT Code. 3.5.6 New Business Relationships – Sources and Introducers – Sources of Business This section of the return will appear for those firms who have taken on new business during the reporting period (this being 1st January to 31st December) as confirmed in question Q284. Please note that the overall figures reported in Q325 to Q327 should match the total number of new customer relationships reported within the ‘Customer Risk’ tab. Q325 In relation to the new customer relationships established in the reporting period, provide details on how many of these customers are direct business 5.6.1 For the above question, input the total number of new customers established/ on-boarded in the reporting period who have been direct business. For clarity, direct business meaning the customer approaching the firm directly, with no third-party involvement. Q326 In relation to the new customer relationships established in the reporting period, provide details on how many of these customers are existing customer referrals, including referrals from related parties 5.6.2 For the above question, input the total number of new customers established/ on-boarded in the reporting period who have been existing customer referrals. For clarity, a referral is for example, where a third party informs a prospective customer to go to a particular relevant person and the third party does not provide any CDD to the relevant person. Q327 In relation to the new customer relationships established in the reporting period, provide details on how many of these customers are introduced business 5.6.3 For the above question, input the total number of new customers established/ on-boarded in the reporting period who have been introduced. For clarity, an introducer includes any third party(ies), who is not the customer, that is involved in the provision of CDD to the relevant person, whether or not that third party is bringing the customer to the relevant person in a broader introductory sense. This can include, but is not limited to; • A financial adviser (whether in the Island or elsewhere): for example, establishing an investment relationship for a customer with an investment management firm or life insurer in the Island (relevant person), where the adviser provides elements of the CDD to the investment manager / life insurer; • A lawyer or accountant (individual or firm, whether in the Island or elsewhere): for example, introducing / bringing a customer to a TCSP in the Island (relevant person) for the purpose of establishing / transferring a structure, where the lawyer (including a family office) provides elements of the CDD in respect of the customer;

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 66 of 120 • A TCSP (whether in the Island or elsewhere): for example, establishing a banking relationship for a client company with a bank in the Island (relevant person), where the TCSP provides elements of the CDD in respect of the client company; • Any other employee(s) of a third party or non-trusted persons engaged to act on behalf of a beneficial owner(s). Q328 For introduced business in the reporting period, provide the number of new introducers, by jurisdiction 5.6.5 For those customers that have been introduced in the reporting period, input the number of new introducers used in the reporting period (1st January to 31st December), split by their jurisdiction. The jurisdiction should be based on the correspondence address / residency of the introducer. Where there has been no introduced business in line with paragraph 9 of the Code during the reporting period, please answer as 0. Q329 For introduced business in the reporting period, provide the number of new customers, by jurisdiction 5.6.6 For those customers that have been introduced in the reporting period, input the number of customers introduced in the reporting period (1st January to 31st December), split by the jurisdiction of the customer. The jurisdiction should be based on the residency of the customer. Where there has been no introduced business in line with paragraph 9 of the Code during the reporting period, please answer as 0. 3.5.7 Comments Q330 Do you have any comments to the previous sections? 5.7.1 This section of the return will appear for all firms. Please select ‘Yes’ or ‘No’. If answered ‘Yes’ the below comment box will appear: Q331 This section is provided to allow firms to provide any commentary that is relevant to the completion of this form. 5.7.2 4. Return Guidance – Controls 4.1 Controls 4.1.1 Entity Control Questions This controls section of the return will appear for all firms for completion. The Authority note that some of these questions are repeated from the previous sections of the return, however it is the most effective way for firms to only need to answer those questions which will be applicable to them. C1 Does the firm hold any of the following permissions under the Financial Services Act 2008? • Class 1 - Deposit Taking • Class 8 - Money Transmission Services 1.1.1

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 67 of 120 C2 Did the firm have any higher risk rated customers during the reporting period? 1.1.2 C3 Did the firm have any standard risk rated customers during the reporting period? 1.1.3 C4 Did the firm have any lower risk rated customers during the reporting period? 1.1.4 C5 Did the firm have any PEP customers during the reporting period? 1.1.5 Please answer ‘Yes’ or ‘No’ to the above C1-C5 questions. When answered, these questions will influence and tailor the firm’s controls questions to only the relevant and applicable questions. Please ensure that the answers for the above questions are consistent and match those reported in the inherent risk section of the return. 4.1.2 Firm Policies and Procedures C6 Who has ultimate responsibility for approving the establishment of higher-risk customer relationships? Please input the function/role(s) with the most senior approval responsibility 1.2.1 The above question will only appear for those firms who have reported to have higher risk customers during the reporting period. For the above question, confirm which function/role(s) has the ultimate/most senior responsibility for approving the establishment of higher risk customer relationships using the following dropdowns: o Any 1st line employee o Any 1st line employee above manager grade o A 2nd line compliance officer o A 2nd line Head of Compliance, MLRO or DMLRO o A Director or Senior Management o A Director or Senior Management and the Head of Compliance (‘HoC’) or D/MLRO o Committee or Board Decision A 1st line employee typically being the staff that has direct contact with the customers for example, onboarding, sales or administrative staff. ‘Senior Management’ meaning the directors and officers or any other persons who are nominated to ensure that the relevant person is effectively controlled on a day-to-day basis and who have responsibility for overseeing the relevant person’s proper conduct. Please choose the most relevant dropdown from the options available. Further commentary may also be provided within the comment box at the end of the controls section. C7 Does the firm have established, documented and recorded AML/CFT policies, procedures and controls? In line with paragraph 4 of the Code 1.2.2 C8 Have you identified any areas within the business/firm where you have not complied with the AML/CFT Legislation? In relation to any areas of the business activities during the reporting period 1.2.3 Please answer ‘Yes’ or ‘No’ to the above C7 and C8 questions. If C8 is answered as ‘Yes’ the below comment box C9 will appear in order for firms to provide some context and further detail around the areas where the firm has not complied with the AML/CFT legislation within the reporting period.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 68 of 120 C9 If selected ‘Yes’ provide details 1.2.4 C10 From the BRA, what is the firm’s estimation of ML/TF risk posed by your business and customers? This should be the residual risk score as assessed within the firm’s BRA in line with paragraph 5 of the Code 1.2.5 For the above question, please provide the residual risk score (the level of risk that remains after mitigation) as assessed within the firm’s BRA as at the end of the reporting period (as at 31st December), using the following dropdown list: o Low o Medium-Low o Medium o Medium-High o High The Authority understands that firms may not currently use these five available risk scoring options. If the firm utilises different risk ratings, please choose the most relevant risk score from the options available. Further commentary may be provided within the comment box at the end of the controls section. 4.1.3 Understanding the Firm – Employees, Workers and Contractors This section of the return will appear for all firms for completion. C11 Total number of staff engaged by the firm whether directly or through a contract for services 1.3.1 C12 Total number of full-time equivalent staff engaged by the firm whether directly or through a contract for services 1.3.2 C13 Total number of full-time equivalent staff engaged by the firm whether directly or through a contract for services – per additional guidance on “Banded FTE” basis 1.3.3 C14 Turnover of employed staff as a percentage 1.3.4 C15 Total number of full-time equivalent staff vacancies at the firm whether directly or through a contract for services 1.3.5 Provide the number of staff, including directors, officers, employees, workers and contractors (including through group service companies where applicable), including the full-time equivalent number, and the number of those positions that were vacant as at the end of the reporting period (as at the 31st December). Where multiple entities share staff or employees across a group of firms or linked firms, firms must document all staff correctly within this section of the return for all relevant entities. An answer of 0 members of staff is not acceptable. The number of staff must equal the total number of individual staff, employees and/or contractors engaged by the firm (wherever they may be based), in line with the below definition of staff member. Calculation of Staff Numbers and Full Time Equivalent (“FTE”) Staff Numbers The following provides guidance on how to calculate staff numbers and FTE staff numbers for the submission. Interpretation Contract of Employment means: An agreement between two or more parties whether express or implied and (if it is express) whether oral or in writing.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 69 of 120 A Staff Member is an individual who: (a) works under a contract of employment or any other contract of service; (b) works alone or with others under the terms of a formal agreement; or (c) is otherwise engaged within the business of a firm in all cases where: (i) the individual undertakes to do or perform, directly or indirectly, any work or service within a firm, whether or not engaged directly by the firm or through another entity forming part of the group of entities of which the firm is a part; and (ii) the firm is not by virtue of the contract a client or customer of the individual, and “staff member” shall be construed accordingly. Calculation of the number of staff members For clarity, for the purposes of this guidance, “staff member” includes but is not limited to: (a) an individual classified as self-employed for tax or social security purposes but in all other respects meets the definition of employee, including partners practicing in a firm whether alone or with others; (b) an individual based or working outside of the Isle of Man but engaged within the Isle of Man business of the firm; and (c) an individual engaged by a firm which is an Isle of Man entity, wherever in the world that individual works or is based, and whether or not that individual is engaged in the Isle of Man business of that firm. For the calculation of number of staff members, each staff member is counted as one. Calculation of FTE Please note that the number of full-time equivalent staff reported should not be 0. For individuals with fixed term contracts that do not span the full calendar year, the hours worked should be annualised when calculating the number of FTE staff members. The calculation of FTE should be split between employees and vacant roles. The calculation of the FTE staff members should be undertaken as at the reporting date based upon the staff member’s engagement over the preceding 12 months. FTE for vacancies: if, on the reporting date, there exists a post (or posts) that is vacant but would normally be occupied by an individual who meets the definition of staff member, then the calculation for FTE for vacancies should include that position. Example 1: fixed term contract An individual who has a fixed term contract and is contracted to work full-time (35 hours per week) for four months would equate to: 35 hours x 4 months ÷ 12 months = 11.67 hours per week 11.67 hours ÷ 35 hours = 0.33 The individual would therefore be equivalent to 0.33 of a person in the calculation of the number of FTE staff members.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 70 of 120 Example 2: part time working An individual who is employed part-time for the whole year at 25 hours per week would represent 0.71 of a person in the calculation of the number of FTE staff members. 25 hours ÷ 35 hours = 0.71 Example 3: part time working + fixed term contract An individual who is employed part-time on a fixed contract (20 hours per week for 6 months) would equate to: 20 hours x 6 months ÷ 12 months = 10 hours per week 10 hours ÷ 35 hours = 0.29 The individual would therefore be equivalent to 0.29 of a person in the calculation of the number of FTE staff members Note: Zero-hour contract working falls under part time working and should reflect the annual staff member equivalent as at the reporting date based upon the engagement over the preceding 12 months. Banded FTE Basis All elements of the calculation remain the same as per the main guidance, other than the fact that for each individual employee the following FTE banding is applied based on annualised hours worked per week. So, for individuals with fixed term contracts that do not span the full calendar year, the hours worked should be annualised and the bandings applied when calculating the number of FTE staff members. The following bandings should be applied when calculating the number of total number of staff: (a) up to and including 9 hours per week 0.25 of a person (b) over 9 hours and up to and including 18 hours per week 0.50 of a person (c) over 18 hours and up to and including 27 hours per week 0.75 of a person (d) over 27 hours per week 1 person Please note that an answer of 0 Banded FTE staff is not acceptable. Example A: fixed term contract An individual who has a fixed term contract and is contracted to work full-time (35 hours per week) for four months would equate to: 35 hours x 4 months ÷ 12 months = 11.67 hours per week. The individual would therefore be equivalent to 0.5 of a person in the calculation of the number of FTE staff members. Example B: part time working An individual who is employed part-time for the whole year at 25 hours per week would represent 0.75 of a person in the calculation of the number of FTE staff members. Example C: part time working + fixed term contract An individual who is employed part-time on a fixed contract (20 hours per week for 6 months) would equate to:

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 71 of 120 20 hours x 6 months ÷ 12 months = 10 hours per week The individual would therefore be equivalent to 0.5 of a person in the calculation of the number of FTE staff members. Turnover of employed staff as a percentage This field relates to total number of staff engaged by the firm whether directly or through a contract for services and staff employed through a group service company for the firm. Calculate this percentage using the formula: (total number of leavers in the reporting period / average number of employees in the reporting period) x 100. To calculate the average number of employees, just add the number of employees at the beginning of the time-period (e.g. as at 1 January) to the number of employees at the end of the time-period (e.g. at 31 December), and divide by two. C16 Total number of individual compliance staff (including the MLRO) engaged by the firm whether directly or through a contract for services 1.3.6 C17 Total number of full-time equivalent compliance staff (including the MLRO) engaged by the firm whether directly or through a contract for services 1.3.7 C18 Total number of full-time equivalent compliance staff vacancies (including the MLRO) at the firm whether directly or through a contract for services 1.3.8 Provide the number of compliance personnel engaged by the firm and the full time equivalent of those persons (including the MLRO) and the number of those positions that were vacant at the end of the reporting period (as at the 31st December). For example, if a firm employs two compliance personnel and one of those only works for 25% of the hours of a full-time employee, the FTE would be 1.25. 4.1.4 AML/CFT Staff Training – During the Reporting Period This section of the return will appear for all firms for completion. C19 Total number of staff who received annual AML/CFT education / training 1.4.1 C20 Total number of staff who received specialist / more detailed AML/CFT education / training 1.4.2 For the above questions, provide details of the AML/CFT training provided in the year (1st January to 31st December). For C19 provide the number of individuals who have received annual AML/CFT education / training in line with paragraph 32 of the Code. For C20 provide the number of individuals who have received specialist / more detailed training in the reporting period. Specialist training being advanced level training of a particular task, function or aspect. For example, a relevant paid qualification provided in addition to the annual education / training received in line with paragraph 32 of the Code. C21 Did staff receive specific training related to money laundering ("ML")? 1.4.4 C22 Did staff receive specific training related to financing of terrorism ("FT")? 1.4.5 C23 Did staff receive specific training related to proliferation financing ("PF")? 1.4.6

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 72 of 120 C24 Did staff receive specific training related to sanctions? 1.4.7 C25 Did staff receive specific training related to fraud? 1.4.8 C26 Did staff receive specific training related to human trafficking/slavery? 1.4.9 C27 Did staff receive specific training related to bribery and corruption? 1.4.10 For the above questions, indicate if the annual AML/CFT education / training provided within the reporting period (1st January to 31st December) included the above aspects. Please answer ‘Yes’ or ‘No’. 4.1.5 Activities Undertaken or Outsourced – During the Reporting Period This section of the return will appear for all firms for completion. C28 Who undertook and carried out customer risk assessments? 1.5.1 C29 Who undertook and carried out the collection of customer due diligence? 1.5.2 C30 Who undertook and carried out screening? 1.5.3 C31 Who undertook and carried out the acceptance of the business? 1.5.4 C32 Who undertook and carried out the ongoing monitoring? 1.5.5 C33 How was the activity / position of MLRO managed? 1.5.6 C34 How was the activity / position of DMLRO managed? 1.5.7 C35 How was the activity of the compliance function (AML/CFT only) managed? 1.5.8 C36 How was the activity of the staff screening and recruitment managed? 1.5.9 In respect of each of the specified activities above, indicate whether the activity was undertaken by the firm, outsourced to a fellow group entity or was outsourced to a third party at any point throughout the year under review (1st January to 31st December). Please answer using the below dropdown options: o Undertaken by the Firm o Outsourced to Group o Outsourced to a Third Party For where the activity is undertaken by multiple parties, please select the most applicable by way of business option. Further commentary may also be provided within the comment box at the end of the controls section. 4.1.6 Monitoring and Testing Compliance with the AML/CFT Requirements This section of the return will appear for all firms for completion. C37 Indicate if the 1st line of defence undertakes the monitoring and testing of compliance of the internal control environment in accordance with paragraph 30 of the AML/CFT Code 1st line of defence typically being onboarding, sales or administrative staff 1.6.1 C38 Indicate if the 2nd line of defence undertakes the monitoring and testing of compliance of the internal control environment in accordance with paragraph 30 of the AML/CFT Code 2nd line of defence typically being compliance or risk staff 1.6.2 C39 Indicate if the 3rd line of defence undertakes the monitoring and testing of compliance of the internal control environment in accordance with paragraph 30 of the AML/CFT Code 1.6.3

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 73 of 120 3rd line of defence typically being internal audit staff The Authority wishes to understand which functions (1st line, 2nd line, 3rd line) undertake the monitoring and testing of compliance of the AML/CFT internal control environment and whether those functions or persons are independent (or not) from AML/CFT operational functions. For each of the questions above please select from the following dropdown list: o Yes – Independent o Yes – Not Independent o No – Undertaken by another function / line o No – Not undertaken For the purposes of completing this section, firms should note the following: • 1st line (of defence) generally means functions that own and manage the risks and where managers / staff have responsibility for identifying and managing risk • 2nd line (of defence) generally means the functions in the firm that oversee or specialise in compliance or the management of risk, and undertake monitoring • 3rd line (of defence) means independent assurance functions, for example internal audit C40 Are there any others who undertake the monitoring and testing of compliance of the internal control environment in accordance with paragraph 30 of the AML/CFT Code? Others typically being external audit, compliance consultants or outsourced staff 1.6.4 Please answer ‘Yes’ or ‘No’. If answered ‘Yes’ the below questions C41 and C42 will appear. C41 Indicate if any others undertake the monitoring and testing of compliance of the internal control environment in accordance with paragraph 30 of the AML/CFT Code 1.6.5 Please select the appropriate answer from the dropdown list: o Yes – Independent o Yes – Not independent C42 Please specify ‘others’ 1.6.6 This is a comment box, please state the name of any persons / bodies who provide other testing or assurance not covered elsewhere for AML/CFT only. 4.1.7 Screening and Monitoring – Screening Provider C43 Does the firm carry out screening and monitoring? E.g. open-source, third party screening or search tools for adverse media, PEP or sanction checks 1.7.1 This question within the return will appear for all firms for completion. Please answer ‘Yes’ or ‘No’. If answered ‘Yes’ the below questions C44 to C45 will appear. C44 Which screening provider(s) do you utilise? 1.7.2 This is a comment box, please state the screening provider(s) used. C45 What type of search logic is used when screening is undertaken? 1.7.3 For the above question answer using the following dropdown list:

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 74 of 120 o Fuzzy o Exact o Combination (both Exact and Fuzzy) C46 Is the firm subscribed to a sanctions notification service? 1.7.4 Please answer ‘Yes’ or ‘No’. If answered ‘Yes’ the below question C47 will appear. C47 Please confirm the name of the service provider 1.7.5 This is a comment box, please state the service provider used for sanctions. 4.1.8 Screening – New Customers This section of the return will appear for all firms, with the specific questions around higher, standard and lower risk customers appearing accordingly based on the answers provided within the ‘Entity Control Questions’ of this return. This section of the return is seeking information specifically relating to the extent and type of screening undertaken on new customer/ business relationships. C48 Indicate if the firm screens higher risk new customer / business relationships for PEPs 1.8.1 C49 Indicate if the firm screens standard risk new customer / business relationships for PEPs 1.8.2 C50 Indicate if the firm screens lower risk new customer / business relationships for PEPs 1.8.3 For the above questions, indicate whether new customer/ business relationships are screened for PEPs, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk. For clarity, PEP screening is where a firm seeks to establish whether a customer is, or is associated with, a PEP by comparing the identity of the customer and other parties to the business relationship (including beneficial owners) to a database of politically exposed persons. If the firm has not had any new customers in the reporting period, please answer as per the firm’s procedures and controls. C51 Indicate if the firm screens higher risk new customer / business relationships for sanctions 1.8.4 C52 Indicate if the firm screens standard risk new customer / business relationships for sanctions 1.8.5 C53 Indicate if the firm screens lower risk new customer / business relationships for sanctions 1.8.6 For the above questions, indicate whether new customer/ business relationships are screened for sanctions, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool)

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 75 of 120 o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk. For clarity, sanctions screening is where a firm compares the identity of the customer, beneficial owner and other parties to the business relationship to sanction lists in issue in order to identify a person or entity on any sanctions list. If the firm has not had any new customers in the reporting period, please answer as per the firm’s procedures and controls. C54 Indicate if the firm screens higher risk new customer / business relationships for ML/FT/PF 1.8.7 C55 Indicate if the firm screens standard risk new customer / business relationships for ML/FT/PF 1.8.8 C56 Indicate if the firm screens lower risk new customer / business relationships for ML/FT/PF 1.8.9 For the above questions, indicate whether new customer/ business relationships are screened for ML/FT/PF, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk. For clarity, ML/FT/PF screening is where a firm seeks to establish whether a customer, beneficial owner, or any other party to the business relationship has links to money laundering, financing of terrorism or proliferation. If the firm has not had any new customers in the reporting period, please answer as per the firm’s procedures and controls. C57 Indicate if the firm screens higher risk new customer / business relationships for adverse media 1.8.10 C58 Indicate if the firm screens standard risk new customer / business relationships for adverse media 1.8.11 C59 Indicate if the firm screens lower risk new customer / business relationships for adverse media 1.8.12 For the above questions, indicate whether new customer/ business relationships are screened for adverse media, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 76 of 120 For clarity, adverse media screening is where a firm seeks to establish whether a customer, beneficial owner, or any other party to the business relationship is negatively portrayed in the press or other public arena. If the firm has not had any new customers in the reporting period, please answer as per the firm’s procedures and controls. 4.1.9 Screening – Continuing Business Relationship on a Regular Basis This section of the return will appear for all firms, with the specific questions around higher, standard and lower risk customers appearing accordingly based on the answers provided within the ‘Entity Control Questions’ of this return. This section of the return is seeking information specifically relating to the extent and type of screening undertaken on continuing customer business relationships. C60 Indicate if the firm screens its higher risk continuing customer / business relationships for PEPs, on a regular basis 1.9.1 C61 Indicate if the firm screens its standard risk continuing customer / business relationships for PEPs, on a regular basis 1.9.2 C62 Indicate if the firm screens its lower risk continuing customer / business relationships for PEPs, on a regular basis 1.9.3 For the above questions, indicate whether continuing customer/ business relationships are screened on a regular basis for PEPs, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk. For clarity, PEP screening is where a firm seeks to establish whether a customer is, or is associated with, a PEP by comparing the identity of the customer and other parties to the business relationship (including beneficial owners) to a database of politically exposed persons. C63 Indicate if the firm screens its higher risk continuing customer / business relationships for sanctions, on a regular basis 1.9.4 C64 Indicate if the firm screens its standard risk continuing customer / business relationships for sanctions, on a regular basis 1.9.5 C65 Indicate if the firm screens its lower risk continuing customer / business relationships for sanctions, on a regular basis 1.9.6 For the above questions, indicate whether continuing customer/ business relationships are screened on a regular basis for sanctions, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 77 of 120 For clarity, sanctions screening is where a firm compares the identity of the customer, beneficial owner and other parties to the business relationship to sanction lists in issue in order to identify a person or entity on any sanctions list. C66 Indicate if the firm screens its higher risk continuing customer / business relationships for ML/FT/PF, on a regular basis 1.9.7 C67 Indicate if the firm screens its standard risk continuing customer / business relationships for ML/FT/PF, on a regular basis 1.9.8 C68 Indicate if the firm screens its lower risk continuing customer / business relationships for ML/FT/PF, on a regular basis 1.9.9 For the above questions, indicate whether continuing customer/ business relationships are screened on a regular basis for ML/FT/PF, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk. For clarity, ML/FT/PF screening is where a firm seeks to establish whether a customer, beneficial owner, or any other party to the business relationship has links to money laundering, financing of terrorism or proliferation. C69 Indicate if the firm screens its higher risk continuing customer / business relationships for adverse media, on a regular basis 1.9.10 C70 Indicate if the firm screens its standard risk continuing customer / business relationships for adverse media, on a regular basis 1.9.11 C71 Indicate if the firm screens its lower risk continuing customer / business relationships for adverse media, on a regular basis 1.9.12 For the above questions, indicate whether continuing customer/ business relationships are screened on a regular basis for adverse media, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk. For clarity, adverse media screening is where a firm seeks to establish whether a customer, beneficial owner, or any other party to the business relationship is negatively portrayed in the press or other public arena. 4.1.10 Screening – Continuing Business Relationship when Sanctions Lists are Published / Updated This section of the return will appear for all firms, with the specific questions around higher, standard and lower risk customers appearing accordingly based on the answers provided within the ‘Entity Control Questions’ of this return. This section of the return is seeking information specifically relating to the extent and type of screening undertaken on continuing customer business relationships when sanctions lists are published / updated.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 78 of 120 C72 Indicate if the firm screens its higher risk continuing customer / business relationships for PEPs, when sanctions lists are published / updated 1.10.1 C73 Indicate if the firm screens its standard risk continuing customer / business relationships for PEPs, when sanctions lists are published / updated 1.10.2 C74 Indicate if the firm screens its lower risk continuing customer / business relationships for PEPs, when sanctions lists are published / updated 1.10.3 For the above questions, indicate whether continuing customer/ business relationships are screened for PEPs when sanctions lists are published / updated, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk. For clarity, PEP screening is where a firm seeks to establish whether a customer is, or is associated with, a PEP by comparing the identity of the customer and other parties to the business relationship (including beneficial owners) to a database of politically exposed persons. C75 Indicate if the firm screens its higher risk continuing customer / business relationships for sanctions, when sanctions lists are published / updated 1.10.4 C76 Indicate if the firm screens its standard risk continuing customer / business relationships for sanctions, when sanctions lists are published / updated 1.10.5 C77 Indicate if the firm screens its lower risk continuing customer / business relationships for sanctions, when sanctions lists are published / updated 1.10.6 For the above questions, indicate whether continuing customer/ business relationships are screened for sanctions when sanctions lists are published / updated, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk. For clarity, sanctions screening is where a firm compares the identity of the customer, beneficial owner and other parties to the business relationship to sanction lists in issue in order to identify a person or entity on any sanctions list. C78 Indicate if the firm screens its higher risk continuing customer / business relationships for ML/FT/PF, when sanctions lists are published / updated 1.10.7 C79 Indicate if the firm screens its standard risk continuing customer / business relationships for ML/FT/PF, when sanctions lists are published / updated 1.10.8 C80 Indicate if the firm screens its lower risk continuing customer / business relationships for ML/FT/PF, when sanctions lists are published / updated 1.10.9 For the above questions, indicate whether continuing customer/ business relationships are screened for ML/FT/PF when sanctions lists are published / updated, split by the relevant risk rating. Please answer using the following dropdown list:

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 79 of 120 o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk. For clarity, ML/FT/PF screening is where a firm seeks to establish whether a customer, beneficial owner, or any other party to the business relationship has links to money laundering, financing of terrorism or proliferation. C81 Indicate if the firm screens its higher risk continuing customer / business relationships for adverse media, when sanctions lists are published / updated 1.10.10 C82 Indicate if the firm screens its standard risk continuing customer / business relationships for adverse media, when sanctions lists are published / updated 1.10.11 C83 Indicate if the firm screens its lower risk continuing customer / business relationships for adverse media, when sanctions lists are published / updated 1.10.12 For the above questions, indicate whether continuing customer/ business relationships are screened for adverse media when sanctions lists are published / updated, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk. For clarity, adverse media screening is where a firm seeks to establish whether a customer, beneficial owner, or any other party to the business relationship is negatively portrayed in the press or other public arena. 4.1.11 Screening – Continuing Business Relationship at a Trigger Event This section of the return will appear for all firms, with the specific questions around higher, standard and lower risk customers appearing accordingly based on the answers provided within the ‘Entity Control Questions’ of this return. This section of the return is seeking information specifically relating to the extent and type of screening undertaken on continuing customer business relationships at a trigger event. For clarity, a trigger event consists of administrative tasks defined by the firm which could be reasonably expected during the course of the customer / business relationship. This can include changes in the customer profile or activity, with things such as the customer looking to take on a new product or service, a subsequent business transaction, change in address etc. C84 Indicate if the firm screens its higher risk continuing customer / business relationships for PEPs, at a trigger event 1.11.1 C85 Indicate if the firm screens its standard risk continuing customer / business relationships for PEPs, at a trigger event 1.11.2 C86 Indicate if the firm screens its lower risk continuing customer / business relationships for PEPs, at a trigger event 1.11.3

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 80 of 120 For the above questions, indicate whether continuing customer/ business relationships are screened for PEPs at a trigger event, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk. For clarity, PEP screening is where a firm seeks to establish whether a customer is, or is associated with, a PEP by comparing the identity of the customer and other parties to the business relationship (including beneficial owners) to a database of politically exposed persons. C87 Indicate if the firm screens its higher risk continuing customer / business relationships for sanctions, at a trigger event 1.11.4 C88 Indicate if the firm screens its standard risk continuing customer / business relationships for sanctions, at a trigger event 1.11.5 C89 Indicate if the firm screens its lower risk continuing customer / business relationships for sanctions, at a trigger event 1.11.6 For the above questions, indicate whether continuing customer/ business relationships are screened for sanctions at a trigger event, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk. For clarity, sanctions screening is where a firm compares the identity of the customer, beneficial owner and other parties to the business relationship to sanction lists in issue in order to identify a person or entity on any sanctions list. C90 Indicate if the firm screens its higher risk continuing customer / business relationships for ML/FT/PF, at a trigger event 1.11.7 C91 Indicate if the firm screens its standard risk continuing customer / business relationships for ML/FT/PF, at a trigger event 1.11.8 C92 Indicate if the firm screens its lower risk continuing customer / business relationships for ML/FT/PF, at a trigger event 1.11.9 For the above questions, indicate whether continuing customer/ business relationships are screened for ML/FT/PF at a trigger event, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 81 of 120 For clarity, ML/FT/PF screening is where a firm seeks to establish whether a customer, beneficial owner, or any other party to the business relationship has links to money laundering, financing of terrorism or proliferation. C93 Indicate if the firm screens its higher risk continuing customer / business relationships for adverse media, at a trigger event 1.11.10 C94 Indicate if the firm screens its standard risk continuing customer / business relationships for adverse media, at a trigger event 1.11.11 C95 Indicate if the firm screens its lower risk continuing customer / business relationships for adverse media, at a trigger event 1.11.12 For the above questions, indicate whether continuing customer/ business relationships are screened for adverse media at a trigger event, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk. For clarity, adverse media screening is where a firm seeks to establish whether a customer, beneficial owner, or any other party to the business relationship is negatively portrayed in the press or other public arena. 4.1.12 Screening – Continuing Business Relationship at an Unusual Activity Event This section of the return will appear for all firms, with the specific questions around higher, standard and lower risk customers appearing accordingly based on the answers provided within the ‘Entity Control Questions’ of this return. As part of this section of the return, the Authority is interested to understand whether additional screening is applied if unusual activity (as defined by the Code) is identified. ‘Unusual activity’ meaning any activity including the receipt of information during the course of a business relationship, occasional transaction or attempted transaction where – a) the transaction has no apparent economic or lawful purpose, including a transaction which is — (i) complex; (ii) both large and unusual; or (iii) of an unusual pattern b) the relevant person becomes aware of anything that causes the relevant person to doubt the identity of a person it is obliged to identify; or c) the relevant person becomes aware of anything that causes the relevant person to doubt the good faith of a customer, beneficial owner, beneficiary, introducer or eligible introducer. C96 Indicate if the firm screens its higher risk continuing customer / business relationships for PEPs, at an unusual activity event 1.12.1 C97 Indicate if the firm screens its standard risk continuing customer / business relationships for PEPs, at an unusual activity event 1.12.2 C98 Indicate if the firm screens its lower risk continuing customer / business relationships for PEPs, at an unusual activity event 1.12.3

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 82 of 120 For the above questions, indicate whether continuing customer/ business relationships are screened for PEPs at an unusual activity event, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk. For clarity, PEP screening is where a firm seeks to establish whether a customer is, or is associated with, a PEP by comparing the identity of the customer and other parties to the business relationship (including beneficial owners) to a database of politically exposed persons. C99 Indicate if the firm screens its higher risk continuing customer / business relationships for sanctions, at an unusual activity event 1.12.4 C100 Indicate if the firm screens its standard risk continuing customer / business relationships for sanctions, at an unusual activity event 1.12.5 C101 Indicate if the firm screens its lower risk continuing customer / business relationships for sanctions, at an unusual activity event 1.12.6 For the above questions, indicate whether continuing customer/ business relationships are screened for sanctions at an unusual activity event, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk. For clarity, sanctions screening is where a firm compares the identity of the customer, beneficial owner and other parties to the business relationship to sanction lists in issue in order to identify a person or entity on any sanctions list. C102 Indicate if the firm screens its higher risk continuing customer / business relationships for ML/FT/PF, at an unusual activity event 1.12.7 C103 Indicate if the firm screens its standard risk continuing customer / business relationships for ML/FT/PF, at an unusual activity event 1.12.8 C104 Indicate if the firm screens its lower risk continuing customer / business relationships for ML/FT/PF, at an unusual activity event 1.12.9 For the above questions, indicate whether continuing customer/ business relationships are screened for ML/FT/PF at an unusual activity event, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 83 of 120 For clarity, ML/FT/PF screening is where a firm seeks to establish whether a customer, beneficial owner, or any other party to the business relationship has links to money laundering, financing of terrorism or proliferation. C105 Indicate if the firm screens its higher risk continuing customer / business relationships for adverse media, at an unusual activity event 1.12.10 C106 Indicate if the firm screens its standard risk continuing customer / business relationships for adverse media, at an unusual activity event 1.12.11 C107 Indicate if the firm screens its lower risk continuing customer / business relationships for adverse media, at an unusual activity event 1.12.12 For the above questions, indicate whether continuing customer/ business relationships are screened for adverse media at an unusual activity event, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk. For clarity, adverse media screening is where a firm seeks to establish whether a customer, beneficial owner, or any other party to the business relationship is negatively portrayed in the press or other public arena. 4.1.13 Screening – Continuing Business Relationship at Suspicious Activity Event This section of the return will appear for all firms, with the specific questions around higher, standard and lower risk customers appearing accordingly based on the answers provided within the ‘Entity Control Questions’ of this return. As part of this section of the return, the Authority is interested to understand whether additional screening is applied if a suspicious activity event is identified. ‘Suspicious activity’ meaning any activity including the receipt of information, which in the course of a business relationship, occasional transaction or attempted transaction which causes the relevant person to– (a) know or suspect; or (b) have reasonable grounds for knowing or suspecting, that the activity is ML/FT or that the information is related to ML/FT. C108 Indicate if the firm screens its higher risk continuing customer / business relationships for PEPs, at a suspicious activity event 1.13.1 C109 Indicate if the firm screens its standard risk continuing customer / business relationships for PEPs, at a suspicious activity event 1.13.2 C110 Indicate if the firm screens its lower risk continuing customer / business relationships for PEPs, at a suspicious activity event 1.13.3 For the above questions, indicate whether continuing customer/ business relationships are screened for PEPs at a suspicious activity event, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm)

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 84 of 120 Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk. For clarity, PEP screening is where a firm seeks to establish whether a customer is, or is associated with, a PEP by comparing the identity of the customer and other parties to the business relationship (including beneficial owners) to a database of politically exposed persons. C111 Indicate if the firm screens its higher risk continuing customer / business relationships for sanctions, at a suspicious activity event 1.13.4 C112 Indicate if the firm screens its standard risk continuing customer / business relationships for sanctions, at a suspicious activity event 1.13.5 C113 Indicate if the firm screens its lower risk continuing customer / business relationships for sanctions, at a suspicious activity event 1.13.6 For the above questions, indicate whether continuing customer/ business relationships are screened for sanctions at a suspicious activity event, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk. For clarity, sanctions screening is where a firm compares the identity of the customer, beneficial owner and other parties to the business relationship to sanction lists in issue in order to identify a person or entity on any sanctions list. C114 Indicate if the firm screens its higher risk continuing customer / business relationships for ML/FT/PF, at a suspicious activity event 1.13.7 C115 Indicate if the firm screens its standard risk continuing customer / business relationships for ML/FT/PF, at a suspicious activity event 1.13.8 C116 Indicate if the firm screens its lower risk continuing customer / business relationships for ML/FT/PF, at a suspicious activity event 1.13.9 For the above questions, indicate whether continuing customer/ business relationships are screened for ML/FT/PF at a suspicious activity event, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk. For clarity, ML/FT/PF screening is where a firm seeks to establish whether a customer, beneficial owner, or any other party to the business relationship has links to money laundering, financing of terrorism or proliferation. C117 Indicate if the firm screens its higher risk continuing customer / business relationships for adverse media, at a suspicious activity event 1.13.10

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 85 of 120 C118 Indicate if the firm screens its standard risk continuing customer / business relationships for adverse media, at a suspicious activity event 1.13.11 C119 Indicate if the firm screens its lower risk continuing customer / business relationships for adverse media, at a suspicious activity event 1.13.12 For the above questions, indicate whether continuing customer/ business relationships are screened for adverse media at a suspicious activity event, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk. For clarity, adverse media screening is where a firm seeks to establish whether a customer, beneficial owner, or any other party to the business relationship is negatively portrayed in the press or other public arena. 4.1.14 Screening – Beneficial Owners – New Customers This section of the return will appear for all firms, with the specific questions around higher, standard and lower risk customers appearing accordingly based on the answers provided within the ‘Entity Control Questions’ of this return. This section of the return is seeking information specifically relating to the extent and type of screening undertaken on the beneficial owners for new business relationships. C120 Indicate if the firm screens the beneficial owners of its customers for PEPs in each of the higher risk new business relationships 1.14.1 C121 Indicate if the firm screens the beneficial owners of its customers for PEPs in each of the standard risk new business relationships 1.14.2 C122 Indicate if the firm screens the beneficial owners of its customers for PEPs in each of the lower risk new business relationships 1.14.3 For the above questions, indicate whether the beneficial owners of new customers are screened for PEPs, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk. For clarity, PEP screening is where a firm seeks to establish whether a customer is, or is associated with, a PEP by comparing the identity of the customer and other parties to the business relationship (including beneficial owners) to a database of politically exposed persons. If the firm has not had any new customers in the reporting period, please answer as per the firm’s procedures and controls. C123 Indicate if the firm screens the beneficial owners of its customers for sanctions in each of the higher risk new business relationships 1.14.4

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 86 of 120 C124 Indicate if the firm screens the beneficial owners of its customers for sanctions in each of the standard risk new business relationships 1.14.5 C125 Indicate if the firm screens the beneficial owners of its customers for sanctions in each of the lower risk new business relationships 1.14.6 For the above questions, indicate whether the beneficial owners of new customers are screened for sanctions, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk. For clarity, sanctions screening is where a firm compares the identity of the customer, beneficial owner and other parties to the business relationship to sanction lists in issue in order to identify a person or entity on any sanctions list. If the firm has not had any new customers in the reporting period, please answer as per the firm’s procedures and controls. C126 Indicate if the firm screens the beneficial owners of its customers for ML/FT/PF in each of the higher risk new business relationships 1.14.7 C127 Indicate if the firm screens the beneficial owners of its customers for ML/FT/PF in each of the standard risk new business relationship 1.14.8 C128 Indicate if the firm screens the beneficial owners of its customers for ML/FT/PF in each of the lower risk new business relationships 1.14.9 For the above questions, indicate whether the beneficial owners of new customers are screened for ML/FT/PF, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk. For clarity, ML/FT/PF screening is where a firm seeks to establish whether a customer, beneficial owner, or any other party to the business relationship has links to money laundering, financing of terrorism or proliferation. If the firm has not had any new customers in the reporting period, please answer as per the firm’s procedures and controls. C129 Indicate if the firm screens the beneficial owners of its customers for adverse media in each of the higher risk new business relationships 1.14.10 C130 Indicate if the firm screens the beneficial owners of its customers for adverse media in each of the standard risk new business relationships 1.14.11 C131 Indicate if the firm screens the beneficial owners of its customers for adverse media in each of the lower risk new business relationships 1.14.12 For the above questions, indicate whether the beneficial owners of new customers are screened for adverse media, split by the relevant risk rating. Please answer using the following dropdown list:

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 87 of 120 o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk. For clarity, adverse media screening is where a firm seeks to establish whether a customer, beneficial owner, or any other party to the business relationship is negatively portrayed in the press or other public arena. If the firm has not had any new customers in the reporting period, please answer as per the firm’s procedures and controls. 4.1.15 Screening – Beneficial Owners – Continuing Business Relationship on a Regular Basis This section of the return will appear for all firms, with the specific questions around higher, standard and lower risk customers appearing accordingly based on the answers provided within the ‘Entity Control Questions’ of this return. This section of the return is seeking information specifically relating to the extent and type of screening undertaken on the beneficial owners for continuing customer/ business relationships. C132 Indicate if the firm screens the beneficial owners of its higher risk continuing customer / business relationships for PEPs, on a regular basis 1.15.1 C133 Indicate if the firm screens the beneficial owners of its standard risk continuing customer / business relationships for PEPs, on a regular basis 1.15.2 C134 Indicate if the firm screens the beneficial owners of its lower risk continuing customer / business relationships for PEPs, on a regular basis 1.15.3 For the above questions, indicate whether the beneficial owners of customers are screened on a regular basis for PEPs, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk. For clarity, PEP screening is where a firm seeks to establish whether a customer is, or is associated with, a PEP by comparing the identity of the customer and other parties to the business relationship (including beneficial owners) to a database of politically exposed persons. C135 Indicate if the firm screens the beneficial owners of its higher risk continuing customer / business relationships for sanctions, on a regular basis 1.15.4 C136 Indicate if the firm screens the beneficial owners of its standard risk continuing customer / business relationships for sanctions, on a regular basis 1.15.5 C137 Indicate if the firm screens the beneficial owners of its lower risk continuing customer / business relationships for sanctions, on a regular basis 1.15.6 For the above questions, indicate whether the beneficial owners of customers are screened on a regular basis for sanctions, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person)

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 88 of 120 o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk. For clarity, sanctions screening is where a firm compares the identity of the customer, beneficial owner and other parties to the business relationship to sanction lists in issue in order to identify a person or entity on any sanctions list. C138 Indicate if the firm screens the beneficial owners of its higher risk continuing customer / business relationships for ML/FT/PF, on a regular basis 1.15.7 C139 Indicate if the firm screens the beneficial owners of its standard risk continuing customer / business relationships for ML/FT/PF, on a regular basis 1.15.8 C140 Indicate if the firm screens the beneficial owners of its lower risk continuing customer / business relationships for ML/FT/PF, on a regular basis 1.15.9 For the above questions, indicate whether the beneficial owners of customers are screened on a regular basis for ML/FT/PF, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk. For clarity, ML/FT/PF screening is where a firm seeks to establish whether a customer, beneficial owner, or any other party to the business relationship has links to money laundering, financing of terrorism or proliferation. C141 Indicate if the firm screens the beneficial owners of its higher risk continuing customer / business relationships for adverse media, on a regular basis 1.15.10 C142 Indicate if the firm screens the beneficial owners of its standard risk continuing customer / business relationships for adverse media, on a regular basis 1.15.11 C143 Indicate if the firm screens the beneficial owners of its lower risk continuing customer / business relationships for adverse media, on a regular basis 1.15.12 For the above questions, indicate whether the beneficial owners of customers are screened on a regular basis for adverse media, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk. For clarity, adverse media screening is where a firm seeks to establish whether a customer, beneficial owner, or any other party to the business relationship is negatively portrayed in the press or other public arena.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 89 of 120 4.1.16 Screening – Beneficial Owners – Cont. Business Relationship, when Sanctions Lists are Published / Updated This section of the return will appear for all firms, with the specific questions around higher, standard and lower risk customers appearing accordingly based on the answers provided within the ‘Entity Control Questions’ of this return. This section of the return is seeking information specifically relating to the extent and type of screening undertaken on the beneficial owners when sanctions lists are published/updated. C144 Indicate if the firm screens the beneficial owners of its higher risk continuing customer / business relationships for PEPs, when sanctions lists are published / updated 1.16.1 C145 Indicate if the firm screens the beneficial owners of its standard risk continuing customer / business relationships for PEPs, when sanctions lists are published / updated 1.16.2 C146 Indicate if the firm screens the beneficial owners of its standard risk continuing customer / business relationships for PEPs, when sanctions lists are published / updated 1.16.3 For the above questions, indicate whether the beneficial owners of customers are screened for PEPs when sanctions lists are published / updated, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk. For clarity, PEP screening is where a firm seeks to establish whether a customer is, or is associated with, a PEP by comparing the identity of the customer and other parties to the business relationship (including beneficial owners) to a database of politically exposed persons. C147 Indicate if the firm screens the beneficial owners of its higher risk continuing customer / business relationships for sanctions, when sanctions lists are published / updated 1.16.4 C148 Indicate if the firm screens the beneficial owners of its standard risk continuing customer / business relationships for sanctions, when sanctions lists are published / updated 1.16.5 C149 Indicate if the firm screens the beneficial owners of its lower risk continuing customer / business relationships for sanctions, when sanctions lists are published / updated 1.16.6 For the above questions, indicate whether the beneficial owners of customers are screened for sanctions when sanctions lists are published / updated, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 90 of 120 For clarity, sanctions screening is where a firm compares the identity of the customer, beneficial owner and other parties to the business relationship to sanction lists in issue in order to identify a person or entity on any sanctions list. C150 Indicate if the firm screens the beneficial owners of its higher risk continuing customer / business relationships for ML/FT/PF, when sanctions lists are published / updated 1.16.7 C151 Indicate if the firm screens the beneficial owners of its standard risk continuing customer / business relationships for ML/FT/PF, when sanctions lists are published / updated 1.16.8 C152 Indicate if the firm screens the beneficial owners of its lower risk continuing customer / business relationships for ML/FT/PF, when sanctions lists are published / updated 1.16.9 For the above questions, indicate whether the beneficial owners of customers are screened for ML/FT/PF when sanctions lists are published / updated, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk. For clarity, ML/FT/PF screening is where a firm seeks to establish whether a customer, beneficial owner, or any other party to the business relationship has links to money laundering, financing of terrorism or proliferation. C153 Indicate if the firm screens the beneficial owners of its higher risk continuing customer / business relationships for adverse media, when sanctions lists are published / updated 1.16.10 C154 Indicate if the firm screens the beneficial owners of its standard risk continuing customer / business relationships for adverse media, when sanctions lists are published / updated 1.16.11 C155 Indicate if the firm screens the beneficial owners of its lower risk continuing customer / business relationships for adverse media, when sanctions lists are published / updated 1.16.12 For the above questions, indicate whether the beneficial owners of customers are screened for adverse media when sanctions lists are published / updated, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk. For clarity, adverse media screening is where a firm seeks to establish whether a customer, beneficial owner, or any other party to the business relationship is negatively portrayed in the press or other public arena.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 91 of 120 4.1.17 Screening – Beneficial Owners – Continuing Business Relationship at a Trigger Event This section of the return will appear for all firms, with the specific questions around higher, standard and lower risk customers appearing accordingly based on the answers provided within the ‘Entity Control Questions’ of this return. This section of the return is seeking information specifically relating to the extent and type of screening undertaken on the beneficial owners at a trigger event. For clarity, a trigger event consists of administrative tasks defined by the firm which could be reasonably expected during the course of the customer / business relationship. This can include changes in the customer profile or activity, with things such as the customer looking to take on a new product or service, a subsequent business transaction, change in address etc. C156 Indicate if the firm screens the beneficial owners of its higher risk continuing customer / business relationships for PEPs, at a trigger event 1.17.1 C157 Indicate if the firm screens the beneficial owners of its standard risk continuing customer / business relationships for PEPs, at a trigger event 1.17.2 C158 Indicate if the firm screens the beneficial owners of its lower risk continuing customer / business relationships for PEPs, at a trigger event 1.17.3 For the above questions, indicate whether the beneficial owners of customers are screened for PEPs at a trigger event, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk. For clarity, PEP screening is where a firm seeks to establish whether a customer is, or is associated with, a PEP by comparing the identity of the customer and other parties to the business relationship (including beneficial owners) to a database of politically exposed persons. C159 Indicate if the firm screens the beneficial owners of its higher risk continuing customer / business relationships for sanctions, at a trigger event 1.17.4 C160 Indicate if the firm screens the beneficial owners of its standard risk continuing customer / business relationships for sanctions, at a trigger event 1.17.5 C161 Indicate if the firm screens the beneficial owners of its lower risk continuing customer / business relationships for sanctions, at a trigger event 1.17.6 For the above questions, indicate whether the beneficial owners of new customers are screened for sanctions at a trigger event, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 92 of 120 For clarity, sanctions screening is where a firm compares the identity of the customer, beneficial owner and other parties to the business relationship to sanction lists in issue in order to identify a person or entity on any sanctions list. C162 Indicate if the firm screens the beneficial owners of its higher risk continuing customer / business relationships for ML/FT/PF, at a trigger event 1.17.7 C163 Indicate if the firm screens the beneficial owners of its standard risk continuing customer / business relationships for ML/FT/PF, at a trigger event 1.17.8 C164 Indicate if the firm screens the beneficial owners of its lower risk continuing customer / business relationships for ML/FT/PF, at a trigger event 1.17.9 For the above questions, indicate whether the beneficial owners of new customers are screened for ML/FT/PF at a trigger event, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk. For clarity, ML/FT/PF screening is where a firm seeks to establish whether a customer, beneficial owner, or any other party to the business relationship has links to money laundering, financing of terrorism or proliferation. C165 Indicate if the firm screens the beneficial owners of its higher risk continuing customer / business relationships for adverse media, at a trigger event 1.17.10 C166 Indicate if the firm screens the beneficial owners of its standard risk continuing customer / business relationships for adverse media, at a trigger event 1.17.11 C167 Indicate if the firm screens the beneficial owners of its lower risk continuing customer / business relationships for adverse media, at a trigger event 1.17.12 For the above questions, indicate whether the beneficial owners of new customers are screened for adverse media at a trigger event, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk. For clarity, adverse media screening is where a firm seeks to establish whether a customer, beneficial owner, or any other party to the business relationship is negatively portrayed in the press or other public arena. 4.1.18 Screening – Beneficial Owners – Continuing Business Relationship at an Unusual Activity Event This section of the return will appear for all firms, with the specific questions around higher, standard and lower risk customers appearing accordingly based on the answers provided within the ‘Entity Control Questions’ of this return.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 93 of 120 This section of the return is seeking information specifically relating to the extent and type of screening undertaken on the beneficial owners, at an unusual activity (as defined by the Code) event. ‘Unusual activity’ meaning any activity including the receipt of information during the course of a business relationship, occasional transaction or attempted transaction where – a) the transaction has no apparent economic or lawful purpose, including a transaction which is — (i) complex; (ii) both large and unusual; or (iii) of an unusual pattern b) the relevant person becomes aware of anything that causes the relevant person to doubt the identity of a person it is obliged to identify; or c) the relevant person becomes aware of anything that causes the relevant person to doubt the good faith of a customer, beneficial owner, beneficiary, introducer or eligible introducer. C168 Indicate if the firm screens the beneficial owners of its higher risk continuing customer / business relationships for PEPs, at an unusual activity event 1.18.1 C169 Indicate if the firm screens the beneficial owners of its standard risk continuing customer / business relationships for PEPs, at an unusual activity event 1.18.2 C170 Indicate if the firm screens the beneficial owners of its lower risk continuing customer / business relationships for PEPs, at an unusual activity event 1.18.3 For the above questions, indicate whether the beneficial owners of customers are screened for PEPs at an unusual activity event, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk. For clarity, PEP screening is where a firm seeks to establish whether a customer is, or is associated with, a PEP by comparing the identity of the customer and other parties to the business relationship (including beneficial owners) to a database of politically exposed persons. C171 Indicate if the firm screens the beneficial owners of its higher risk continuing customer / business relationships for sanctions, at an unusual activity event 1.18.4 C172 Indicate if the firm screens the beneficial owners of its standard risk continuing customer / business relationships for sanctions, at an unusual activity event 1.18.5 C173 Indicate if the firm screens the beneficial owners of its lower risk continuing customer / business relationships for sanctions, at an unusual activity event 1.18.6 For the above questions, indicate whether the beneficial owners of new customers are screened for sanctions at an unusual activity event, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 94 of 120 For clarity, sanctions screening is where a firm compares the identity of the customer, beneficial owner and other parties to the business relationship to sanction lists in issue in order to identify a person or entity on any sanctions list. C174 Indicate if the firm screens the beneficial owners of its higher risk continuing customer / business relationships for ML/FT/PF, at an unusual activity event 1.18.7 C175 Indicate if the firm screens the beneficial owners of its standard risk continuing customer / business relationships for ML/FT/PF, at an unusual activity event 1.18.8 C176 Indicate if the firm screens the beneficial owners of its lower risk continuing customer / business relationships for ML/FT/PF, at an unusual activity event 1.18.9 For the above questions, indicate whether the beneficial owners of new customers are screened for ML/FT/PF at an unusual activity event, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk. For clarity, ML/FT/PF screening is where a firm seeks to establish whether a customer, beneficial owner, or any other party to the business relationship has links to money laundering, financing of terrorism or proliferation. C177 Indicate if the firm screens the beneficial owners of its higher risk continuing customer / business relationships for adverse media, at an unusual activity event 1.18.10 C178 Indicate if the firm screens the beneficial owners of its standard risk continuing customer / business relationships for adverse media, at an unusual activity event 1.18.11 C179 Indicate if the firm screens the beneficial owners of its lower risk continuing customer / business relationships for adverse media, at an unusual activity event 1.18.12 For the above questions, indicate whether the beneficial owners of new customers are screened for adverse media at an unusual activity event, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk. For clarity, adverse media screening is where a firm seeks to establish whether a customer, beneficial owner, or any other party to the business relationship is negatively portrayed in the press or other public arena. 4.1.19 Screening – Beneficial Owners – Continuing Business Relationship at a Suspicious Activity Event This section of the return will appear for all firms, with the specific questions around higher, standard and lower risk customers appearing accordingly based on the answers provided within the ‘Entity Control Questions’ of this return.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 95 of 120 This section of the return is seeking information specifically relating to the extent and type of screening undertaken on the beneficial owners, at a suspicious activity event. ‘Suspicious activity’ meaning any activity, including the receipt of information, which in the course of a business relationship, occasional transaction or attempted transaction which causes the relevant person to– (a) know or suspect; or (b) have reasonable grounds for knowing or suspecting, that the activity is ML/FT or that the information is related to ML/FT. C180 Indicate if the firm screens the beneficial owners of its higher risk continuing customer / business relationships for PEPs, at a suspicious activity event 1.19.1 C181 Indicate if the firm screens the beneficial owners of its standard risk continuing customer / business relationships for PEPs, at a suspicious activity event 1.19.2 C182 Indicate if the firm screens the beneficial owners of its lower risk continuing customer / business relationships for PEPs, at a suspicious activity event 1.19.3 For the above questions, indicate whether the beneficial owners of customers are screened for PEPs at a suspicious activity event, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk. For clarity, PEP screening is where a firm seeks to establish whether a customer is, or is associated with, a PEP by comparing the identity of the customer and other parties to the business relationship (including beneficial owners) to a database of politically exposed persons. C183 Indicate if the firm screens the beneficial owners of its higher risk continuing customer / business relationships for sanctions, at a suspicious activity event 1.19.4 C184 Indicate if the firm screens the beneficial owners of its standard risk continuing customer / business relationships for sanctions, at a suspicious activity event 1.19.5 C185 Indicate if the firm screens the beneficial owners of its lower risk continuing customer / business relationships for sanctions, at a suspicious activity event 1.19.6 For the above questions, indicate whether the beneficial owners of new customers are screened for sanctions at a suspicious activity event, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk. For clarity, sanctions screening is where a firm compares the identity of the customer, beneficial owner and other parties to the business relationship to sanction lists in issue in order to identify a person or entity on any sanctions list. C186 Indicate if the firm screens the beneficial owners of its higher risk continuing customer / business relationships for ML/FT/PF, at a suspicious activity event 1.19.7

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 96 of 120 C187 Indicate if the firm screens the beneficial owners of its standard risk continuing customer / business relationships for ML/FT/PF, at a suspicious activity event 1.19.8 C188 Indicate if the firm screens the beneficial owners of its lower risk continuing customer / business relationships for ML/FT/PF, at a suspicious activity event 1.19.9 For the above questions, indicate whether the beneficial owners of new customers are screened for ML/FT/PF at a suspicious activity event, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk. For clarity, ML/FT/PF screening is where a firm seeks to establish whether a customer, beneficial owner, or any other party to the business relationship has links to money laundering, financing of terrorism or proliferation. C189 Indicate if the firm screens the beneficial owners of its higher risk continuing customer / business relationships for adverse media, at a suspicious activity event 1.19.10 C190 Indicate if the firm screens the beneficial owners of its standard risk continuing customer / business relationships for adverse media, at a suspicious activity event 1.19.11 C191 Indicate if the firm screens the beneficial owners of its lower risk continuing customer / business relationships for adverse media, at a suspicious activity event 1.19.12 For the above questions, indicate whether the beneficial owners of new customers are screened for adverse media at a suspicious activity event, split by the relevant risk rating. Please answer using the following dropdown list: o Yes – Automatic (screening is carried out by a system/ screening tool) o Yes – Manual (screening is undertaken manually by a person) o No (no screening is undertaken by the firm) Screening of customers and other parties to the business relationship is a key component of the customer due diligence process, the nature and extent of which will vary according to risk. For clarity, adverse media screening is where a firm seeks to establish whether a customer, beneficial owner, or any other party to the business relationship is negatively portrayed in the press or other public arena. 4.1.20 Ongoing Monitoring The nature and extent of ongoing monitoring procedures (for reviewing customer risk assessments, customer due diligence information, and scrutinising transactions) can vary according to customer risk and type. This section of the return seeks information on each customer type, along with the risk categorisation of that customer, the type of ongoing monitoring performed, and the frequency of that monitoring. C192 Indicate the frequency of ongoing monitoring processes regarding - Review of customer risk assessment for higher risk PEP customers 1.20.1 C193 Indicate the frequency of ongoing monitoring processes regarding - Review of customer risk assessment for standard risk PEP customers 1.20.2 C194 Indicate the frequency of ongoing monitoring processes regarding - Review of customer risk assessment for lower risk PEP customers 1.20.3

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 97 of 120 The above three questions will appear for those firms who have reported to have PEP customers throughout the reporting period within the ‘Entity Control Questions’ of this return. Please answer using the following dropdown list: o At least every 1 year o At least every 3 years o Trigger event only o Constant o N/A – no higher risk customers o N/A – no standard risk customers o N/A – no lower risk customers C195 Indicate the frequency of ongoing monitoring processes regarding - Review of customer risk assessment for higher risk natural persons customers, not associated with PEPs 1.20.4 C196 Indicate the frequency of ongoing monitoring processes regarding - Review of customer risk assessment for standard risk natural persons customers, not associated with PEPs 1.20.5 C197 Indicate the frequency of ongoing monitoring processes regarding - Review of customer risk assessment for lower risk natural persons customers, not associated with PEPs 1.20.6 This section of the return will appear for all firms, with the specific questions around higher, standard and lower risk customers appearing accordingly based on the answers provided within the ‘Entity Control Questions’ of this return. Please answer using the following dropdown list: o At least every 1 year o At least every 3 years o Trigger event only o Constant C198 Indicate the frequency of ongoing monitoring processes regarding - Review of customer risk assessment for higher risk non-natural persons customers, not associated with PEPs 1.20.7 C199 Indicate the frequency of ongoing monitoring processes regarding - Review of customer risk assessment for standard risk non-natural persons customers, not associated with PEPs 1.20.8 C200 Indicate the frequency of ongoing monitoring processes regarding - Review of customer risk assessment for lower risk non-natural persons customers, not associated with PEPs 1.20.9 This section of the return will appear for all firms, with the specific questions around higher, standard and lower risk customers appearing accordingly based on the answers provided within the ‘Entity Control Questions’ of this return. Please answer using the following dropdown list: o At least every 1 year o At least every 3 years o Trigger event only o Constant C201 Indicate the frequency of ongoing monitoring processes regarding - Review of customer due diligence for higher risk PEP customers 1.20.10

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 98 of 120 C202 Indicate the frequency of ongoing monitoring processes regarding - Review of customer due diligence for standard risk PEP customers 1.20.11 C203 Indicate the frequency of ongoing monitoring processes regarding - Review of customer due diligence for lower risk PEP customers 1.20.12 This section of the return will appear for all firms, with the specific questions around higher, standard and lower risk customers appearing accordingly based on the answers provided within the ‘Entity Control Questions’ of this return. Please answer using the following dropdown list: o At least every 1 year o At least every 3 years o Trigger event only o Constant C204 Indicate the frequency of ongoing monitoring processes regarding - Review of customer due diligence for higher risk natural persons customers, not associated with PEPs 1.20.13 C205 Indicate the frequency of ongoing monitoring processes regarding - Review of customer due diligence for standard risk natural persons customers, not associated with PEPs 1.20.14 C206 Indicate the frequency of ongoing monitoring processes regarding - Review of customer due diligence for lower risk natural persons customers, not associated with PEPs 1.20.15 This section of the return will appear for all firms, with the specific questions around higher, standard and lower risk customers appearing accordingly based on the answers provided within the ‘Entity Control Questions’ of this return. Please answer using the following dropdown list: o At least every 1 year o At least every 3 years o Trigger event only o Constant C207 Indicate the frequency of ongoing monitoring processes regarding - Review of customer due diligence for higher risk non-natural persons customers, not associated with PEPs 1.20.16 C208 Indicate the frequency of ongoing monitoring processes regarding - Review of customer due diligence for standard risk non-natural persons customers, not associated with PEPs 1.20.17 C209 Indicate the frequency of ongoing monitoring processes regarding - Review of customer due diligence for lower risk non-natural persons customers, not associated with PEPs 1.20.18 This section of the return will appear for all firms, with the specific questions around higher, standard and lower risk customers appearing accordingly based on the answers provided within the ‘Entity Control Questions’ of this return. Please answer using the following dropdown list: o At least every 1 year o At least every 3 years o Trigger event only o Constant C210 Indicate the frequency of ongoing monitoring processes regarding - Scrutiny of transactions for higher risk PEP customers 1.20.19

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 99 of 120 C211 Indicate the frequency of ongoing monitoring processes regarding - Scrutiny of transactions for standard risk PEP customers 1.20.20 C212 Indicate the frequency of ongoing monitoring processes regarding - Scrutiny of transactions for lower risk PEP customers 1.20.21 The above three questions will appear for those firms who have reported to have PEP customers throughout the reporting period within the ‘Entity Control Questions’ of this return. Please answer using the following dropdown list: o At least every 1 year o At least every 3 years o Trigger event only o Constant C213 Indicate the frequency of ongoing monitoring processes regarding - Scrutiny of transactions for higher risk natural persons customers, not associated with PEPs 1.20.22 C214 Indicate the frequency of ongoing monitoring processes regarding - Scrutiny of transactions for standard risk natural persons customers, not associated with PEPs 1.20.23 C215 Indicate the frequency of ongoing monitoring processes regarding - Scrutiny of transactions for lower risk natural persons customers, not associated with PEPs 1.20.24 This section of the return will appear for all firms, with the specific questions around higher, standard and lower risk customers appearing accordingly based on the answers provided within the ‘Entity Control Questions’ of this return. Please answer using the following dropdown list: o At least every 1 year o At least every 3 years o Trigger event only o Constant C216 Indicate the frequency of ongoing monitoring processes regarding - Scrutiny of transactions for higher risk non-natural persons customers, not associated with PEPs 1.20.25 C217 Indicate the frequency of ongoing monitoring processes regarding - Scrutiny of transactions for standard risk non-natural persons customers, not associated with PEPs 1.20.26 C218 Indicate the frequency of ongoing monitoring processes regarding - Scrutiny of transactions for lower risk non-natural persons customers, not associated with PEPs 1.20.27 This section of the return will appear for all firms, with the specific questions around higher, standard and lower risk customers appearing accordingly based on the answers provided within the ‘Entity Control Questions’ of this return. Please answer using the following dropdown list: o At least every 1 year o At least every 3 years o Trigger event only o Constant

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 100 of 120 4.1.21 Scrutiny of Transactions This section of the return will appear for all firms, with the specific questions around PEP, higher, standard and lower risk customers appearing accordingly based on the answers provided within the ‘Entity Control Questions’ of this return. This section of the return is seeking information on whether, for each risk category of customer (including PEPs), transactions are scrutinised. C219 Does the firm undertake automated transactional monitoring for PEP customers? 1.21.1 C220 Does the firm undertake automated transactional monitoring for higher risk customers? 1.21.2 C221 Does the firm undertake automated transactional monitoring for standard risk customers? 1.21.3 C222 Does the firm undertake automated transactional monitoring for lower risk customers? 1.21.4 For the above questions, please answer using the following dropdown list: o Yes o No An example of an automated transactional monitoring system includes an automated system which analyses all transactions and flags results for consideration and review. C223 Does the firm undertake non-automated transactional monitoring for PEP customers? 1.21.5 C224 Does the firm undertake non-automated transactional monitoring for higher risk customers? 1.21.6 C225 Does the firm undertake non-automated transactional monitoring for standard risk customers? 1.21.7 C226 Does the firm undertake non-automated transactional monitoring for lower risk customers? 1.21.8 For the above questions, please answer using the following dropdown list: o Yes o No An example of a non-automated transactional monitoring system includes where a manual review of a business transaction is undertaken. C227 Does the firm undertake system generated exception reports monitoring (if applicable) for PEP customers? 1.21.9 C228 Does the firm undertake system generated exception reports monitoring (if applicable) for higher risk customers? 1.21.10 C229 Does the firm undertake system generated exception reports monitoring (if applicable) for standard risk customers? 1.21.11 C230 Does the firm undertake system generated exception reports monitoring (if applicable) for lower risk customers? 1.21.12 For the above questions, please answer using the following dropdown list: o Yes o No o N/A

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 101 of 120 An example of system generated exception report monitoring could be where a firms system produces a report on a set criteria (e.g. situations that are out of range), and these are considered and reviewed. C231 Does the firm undertake trigger events monitoring for PEP customers? 1.21.13 C232 Does the firm undertake trigger events monitoring for higher risk customers? 1.21.14 C233 Does the firm undertake trigger events monitoring for standard risk customers? 1.21.15 C234 Does the firm undertake trigger events monitoring for lower risk customers? 1.21.16 For the above questions, please answer using the following dropdown list: o Yes o No For clarity, ‘trigger events’ consist of administrative matters defined by the firm which could be reasonably expected during the course of the customer / business relationship. This could include changes in the customer profile or activity; such as the customer looking to take on a new product or service, a unexpected or unusual transaction or, change of address etc. Trigger event monitoring identifies, assesses and re-risk rates a customer’s risk profile reviewing the current CDD, ECDD and KYC held, to ensure sufficient and suitable information and documentation is held according to the risk rating of the customer. C235 Does the firm undertake value driven monitoring for PEP customers? 1.21.17 C236 Does the firm undertake value driven monitoring for higher risk customers? 1.21.18 C237 Does the firm undertake value driven monitoring for standard risk customers? 1.21.19 C238 Does the firm undertake value driven monitoring for lower risk customers? 1.21.20 For the above questions, please answer using the following dropdown list: o Yes o No An example of value driven monitoring could include scrutiny of transactions over a set value. C239 Does the firm undertake cash transaction monitoring (if applicable) for PEP customers? 1.21.21 C240 Does the firm undertake cash transaction monitoring (if applicable) for higher risk customers? 1.21.22 C241 Does the firm undertake cash transaction monitoring (if applicable) for standard risk customers? 1.21.23 C242 Does the firm undertake cash transaction monitoring (if applicable) for lower risk customers? 1.21.24 For the above questions, please answer using the following dropdown list: o Yes o No o N/A An example of cash transaction monitoring includes scrutiny of cash transactions.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 102 of 120 C243 Does the firm undertake geographic origin / destination of transaction monitoring for PEP customers? 1.21.25 C244 Does the firm undertake geographic origin / destination of transaction monitoring for higher risk customers? 1.21.26 C245 Does the firm undertake geographic origin / destination of transaction monitoring for standard risk customers? 1.21.27 C246 Does the firm undertake geographic origin / destination of transaction monitoring for lower risk customers? 1.21.28 For the above questions, please answer using the following dropdown list: o Yes o No An example of geographic origin / destination of transaction monitoring includes reviews of transactions from set jurisdictions. C247 Does the firm undertake event driven monitoring for PEP customers? 1.21.29 C248 Does the firm undertake event driven monitoring for higher risk customers? 1.21.30 C249 Does the firm undertake event driven monitoring for standard risk customers? 1.21.31 C250 Does the firm undertake event driven monitoring for lower risk customers? 1.21.32 For the above questions, please answer using the following dropdown list: o Yes o No For clarity, ‘event driven’ refers to unexpected undefined trigger events, for example a country list change, a global event or adverse media on an individual. C251 Does the firm undertake scheduled periodic reviews and sampling monitoring for PEP customers? 1.21.33 C252 Does the firm undertake scheduled periodic reviews and sampling monitoring for higher risk customers? 1.21.34 C253 Does the firm undertake scheduled periodic reviews and sampling monitoring for standard risk customers? 1.21.35 C254 Does the firm undertake scheduled periodic reviews and sampling monitoring for lower risk customers? 1.21.36 For the above questions, please answer using the following dropdown list: o Yes o No 4.1.22 Payment Screening – SWIFT This section of the return will only appear for those firms who have selected to be a Class 1 – Deposit Taking or Class 8 – Money Transmission Services licenceholder within the ‘Entity Control Questions’ section of the return. This section of the return is seeking information on which customer screening is applied to for outward and inward SWIFT payments.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 103 of 120 C255 Are you a 'SWIFT' network member? 1.22.1 Please answer ‘Yes’ or ‘No’. If answered ‘Yes’ the below questions C256 to C284 will appear. This section is applicable to SWIFT network members only. C256 For outward SWIFT payments, indicate if the sender of the payment is screened regarding IOM/UK/EU/UN sanction lists 1.22.2 C257 For outward SWIFT payments, indicate if the beneficiary of the payment is screened regarding IOM/UK/EU/UN sanction lists 1.22.3 C258 For outward SWIFT payments, indicate if any other parties of the payment are screened regarding IOM/UK/EU/UN sanction lists 1.22.4 For the above questions, please answer using the following dropdown list: o Yes: Real time – Yes screening against the list detailed for the party shown is applied as the transaction is processed but prior to it completing o Yes: Prior – Yes screening against the list detailed for the party shown is undertaken prior to the transaction being completed o Yes: After – Yes screening against the list detailed for the party shown is undertaken subsequent to the transaction being completed o No – No screening is not applied against the list detailed in respect of the party shown C259 For inward SWIFT payments, indicate if the sender of the payment is screened regarding IOM/UK/EU/UN sanction lists 1.22.5 C260 For inward SWIFT payments, indicate if the beneficiary of the payment is screened regarding IOM/UK/EU/UN sanction lists 1.22.6 C261 For inward SWIFT payments, indicate if any other parties of the payment are screened regarding IOM/UK/EU/UN sanction lists 1.22.7 For the above questions, please answer using the following dropdown list: o Yes: Real time – Yes screening against the list detailed for the party shown is applied as the transaction is processed but prior to it completing o Yes: Prior – Yes screening against the list detailed for the party shown is undertaken prior to the transaction being completed o Yes: After – Yes screening against the list detailed for the party shown is undertaken subsequent to the transaction being completed o No – No screening is not applied against the list detailed in respect of the party shown C262 For outward SWIFT payments, indicate if the sender of the payment is screened regarding US sanction lists (e.g. OFAC / SDN lists) 1.22.8 C263 For outward SWIFT payments, indicate if the beneficiary of the payment is screened regarding US sanction lists (e.g. OFAC / SDN lists) 1.22.9 C264 For outward SWIFT payments, indicate if any other parties of the payment are screened regarding US sanction lists (e.g. OFAC / SDN lists) 1.22.10 For the above questions, please answer using the following dropdown list: o Yes: Real time – Yes screening against the list detailed for the party shown is applied as the transaction is processed but prior to it completing

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 104 of 120 o Yes: Prior – Yes screening against the list detailed for the party shown is undertaken prior to the transaction being completed o Yes: After – Yes screening against the list detailed for the party shown is undertaken subsequent to the transaction being completed o No – No screening is not applied against the list detailed in respect of the party shown C265 For inward SWIFT payments, indicate if the sender of the payment is screened regarding US sanction lists (e.g. OFAC / SDN lists) 1.22.11 C266 For inward SWIFT payments, indicate if the beneficiary of the payment is screened regarding US sanction lists (e.g. OFAC / SDN lists) 1.22.12 C267 For inward SWIFT payments, indicate if any other parties of the payment are screened regarding US sanction lists (e.g. OFAC / SDN lists) 1.22.13 For the above questions, please answer using the following dropdown list: o Yes: Real time – Yes screening against the list detailed for the party shown is applied as the transaction is processed but prior to it completing o Yes: Prior – Yes screening against the list detailed for the party shown is undertaken prior to the transaction being completed o Yes: After – Yes screening against the list detailed for the party shown is undertaken subsequent to the transaction being completed o No – No screening is not applied against the list detailed in respect of the party shown C268 For outward SWIFT payments, indicate if the sender of the payment is screened regarding other sanction lists 1.22.14 C269 For outward SWIFT payments, indicate if the beneficiary of the payment is screened regarding other sanction lists 1.22.15 C270 For outward SWIFT payments, indicate if any other parties of the payment are screened regarding other sanction lists 1.22.16 For the above questions, please answer using the following dropdown list: o Yes: Real time – Yes screening against the list detailed for the party shown is applied as the transaction is processed but prior to it completing o Yes: Prior – Yes screening against the list detailed for the party shown is undertaken prior to the transaction being completed o Yes: After – Yes screening against the list detailed for the party shown is undertaken subsequent to the transaction being completed o No – No screening is not applied against the list detailed in respect of the party shown C271 For inward SWIFT payments, indicate if the sender of the payment is screened regarding other sanction lists 1.22.17 C272 For inward SWIFT payments, indicate if the beneficiary of the payment is screened regarding other sanction lists 1.22.18 C273 For inward SWIFT payments, indicate if any other parties of the payment are screened regarding other sanction lists 1.22.19 For the above questions, please answer using the following dropdown list: o Yes: Real time – Yes screening against the list detailed for the party shown is applied as the transaction is processed but prior to it completing

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 105 of 120 o Yes: Prior – Yes screening against the list detailed for the party shown is undertaken prior to the transaction being completed o Yes: After – Yes screening against the list detailed for the party shown is undertaken subsequent to the transaction being completed o No – No screening is not applied against the list detailed in respect of the party shown C274 For outward SWIFT payments, indicate if the sender of the payment is screened regarding proprietary lists 1.22.20 C275 For outward SWIFT payments, indicate if the beneficiary of the payment is screened regarding proprietary lists 1.22.21 C276 For outward SWIFT payments, indicate if any other parties of the payment are screened regarding proprietary lists 1.22.22 For the above questions, please answer using the following dropdown list: o Yes: Real time – Yes screening against the list detailed for the party shown is applied as the transaction is processed but prior to it completing o Yes: Prior – Yes screening against the list detailed for the party shown is undertaken prior to the transaction being completed o Yes: After – Yes screening against the list detailed for the party shown is undertaken subsequent to the transaction being completed o No – No screening is not applied against the list detailed in respect of the party shown C277 For inward SWIFT payments, indicate if the sender of the payment is screened regarding proprietary lists 1.22.23 C278 For inward SWIFT payments, indicate if the beneficiary of the payment is screened regarding proprietary lists 1.22.24 C279 For inward SWIFT payments, indicate if any other parties of the payment are screened regarding proprietary lists 1.22.25 For the above questions, please answer using the following dropdown list: o Yes: Real time – Yes screening against the list detailed for the party shown is applied as the transaction is processed but prior to it completing o Yes: Prior – Yes screening against the list detailed for the party shown is undertaken prior to the transaction being completed o Yes: After – Yes screening against the list detailed for the party shown is undertaken subsequent to the transaction being completed o No – No screening is not applied against the list detailed in respect of the party shown C280 For inward SWIFT payments, indicate if the sender of the payment is screened regarding FATF 16 (wire transfer) checks 1.22.26 C281 For inward SWIFT payments, indicate if the beneficiary of the payment is screened regarding FATF 16 (wire transfer) checks 1.22.27 C282 For inward SWIFT payments, indicate if any other parties of the payment are screened regarding FATF 16 (wire transfer) checks 1.22.28 For the above questions, please answer using the following dropdown list: o Yes: Real time – Yes screening against the list detailed for the party shown is applied as the transaction is processed but prior to it completing

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 106 of 120 o Yes: Prior – Yes screening against the list detailed for the party shown is undertaken prior to the transaction being completed o Yes: After – Yes screening against the list detailed for the party shown is undertaken subsequent to the transaction being completed o No – No screening is not applied against the list detailed in respect of the party shown C283 Where screening is undertaken subsequent to the transaction completion, detail the timeframe in which screening is undertaken or state N/A 1.22.29 The above is a comment box, please state the timeframe if applicable, if not applicable input ‘N/A’. C284 Where published lists other than IOM, UK, EU, UN and US sanction lists are used, specify the lists utilised or state N/A 1.22.30 The above is a comment box, please specify the lists used if applicable, if not applicable input ‘N/A’. 4.1.23 Payment Screening – BACS This section of the return will appear for those firms who have selected to be a Class 1 – Deposit Taking or Class 8 – Money Transmission Services licenceholder within the ‘Entity Control Questions’ section of the return. This section of the return is seeking information on which customer screening is applied to for outward and inward BACS payments. C285 Do you participate in the 'BACS' payments scheme? 1.23.1 Please answer ‘Yes’ or ‘No’. If answered ‘Yes’ the below questions C286 to C312 will appear. This section is applicable to BACS payments scheme participants only. C286 For outward BACS payments, indicate if the sender of the payment is screened regarding IOM/UK/EU/UN sanction lists 1.23.2 C287 For outward BACS payments, indicate if the beneficiary of the payment is screened regarding IOM/UK/EU/UN sanction lists 1.23.3 C288 For outward BACS payments, indicate if any other parties of the payment are screened regarding IOM/UK/EU/UN sanction lists 1.23.4 For the above questions, please answer using the following dropdown list: o Yes: Real time – Yes screening against the list detailed for the party shown is applied as the transaction is processed but prior to it completing o Yes: Prior – Yes screening against the list detailed for the party shown is undertaken prior to the transaction being completed o Yes: After – Yes screening against the list detailed for the party shown is undertaken subsequent to the transaction being completed o No – No screening is not applied against the list detailed in respect of the party shown C289 For inward BACS payments, indicate if the sender of the payment is screened regarding IOM/UK/EU/UN sanction lists 1.23.5 C290 For inward BACS payments, indicate if the beneficiary of the payment is screened regarding IOM/UK/EU/UN sanction lists 1.23.6

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 107 of 120 C291 For inward BACS payments, indicate if any other parties of the payment are screened regarding IOM/UK/EU/UN sanction lists 1.23.7 For the above questions, please answer using the following dropdown list: o Yes: Real time – Yes screening against the list detailed for the party shown is applied as the transaction is processed but prior to it completing o Yes: Prior – Yes screening against the list detailed for the party shown is undertaken prior to the transaction being completed o Yes: After – Yes screening against the list detailed for the party shown is undertaken subsequent to the transaction being completed o No – No screening is not applied against the list detailed in respect of the party shown C292 For outward BACS payments, indicate if the sender of the payment is screened regarding US sanction lists (e.g. OFAC / SDN lists) 1.23.8 C293 For outward BACS payments, indicate if the beneficiary of the payment is screened regarding US sanction lists (e.g. OFAC / SDN lists) 1.23.9 C294 For outward BACS payments, indicate if any other parties of the payment are screened regarding US sanction lists (e.g. OFAC / SDN lists) 1.23.10 For the above questions, please answer using the following dropdown list: o Yes: Real time – Yes screening against the list detailed for the party shown is applied as the transaction is processed but prior to it completing o Yes: Prior – Yes screening against the list detailed for the party shown is undertaken prior to the transaction being completed o Yes: After – Yes screening against the list detailed for the party shown is undertaken subsequent to the transaction being completed o No – No screening is not applied against the list detailed in respect of the party shown C295 For inward BACS payments, indicate if the sender of the payment is screened regarding US sanction lists (e.g. OFAC / SDN lists) 1.23.11 C296 For inward BACS payments, indicate if the beneficiary of the payment is screened regarding US sanction lists (e.g. OFAC / SDN lists) 1.23.12 C297 For inward BACS payments, indicate if any other parties of the payment are screened regarding US sanction lists (e.g. OFAC / SDN lists) 1.23.13 For the above questions, please answer using the following dropdown list: o Yes: Real time – Yes screening against the list detailed for the party shown is applied as the transaction is processed but prior to it completing o Yes: Prior – Yes screening against the list detailed for the party shown is undertaken prior to the transaction being completed o Yes: After – Yes screening against the list detailed for the party shown is undertaken subsequent to the transaction being completed o No – No screening is not applied against the list detailed in respect of the party shown C298 For outward BACS payments, indicate if the sender of the payment is screened regarding other sanction lists 1.23.14 C299 For outward BACS payments, indicate if the beneficiary of the payment is screened regarding other sanction lists 1.23.15

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 108 of 120 C300 For outward BACS payments, indicate if any other parties of the payment are screened regarding other sanction lists 1.23.16 For the above questions, please answer using the following dropdown list: o Yes: Real time – Yes screening against the list detailed for the party shown is applied as the transaction is processed but prior to it completing o Yes: Prior – Yes screening against the list detailed for the party shown is undertaken prior to the transaction being completed o Yes: After – Yes screening against the list detailed for the party shown is undertaken subsequent to the transaction being completed o No – No screening is not applied against the list detailed in respect of the party shown C301 For inward BACS payments, indicate if the sender of the payment is screened regarding other sanction lists 1.23.17 C302 For inward BACS payments, indicate if the beneficiary of the payment is screened regarding other sanction lists 1.23.18 C303 For inward BACS payments, indicate if any other parties of the payment are screened regarding other sanction lists 1.23.19 For the above questions, please answer using the following dropdown list: o Yes: Real time – Yes screening against the list detailed for the party shown is applied as the transaction is processed but prior to it completing o Yes: Prior – Yes screening against the list detailed for the party shown is undertaken prior to the transaction being completed o Yes: After – Yes screening against the list detailed for the party shown is undertaken subsequent to the transaction being completed o No – No screening is not applied against the list detailed in respect of the party shown C304 For outward BACS payments, indicate if the sender of the payment is screened regarding proprietary lists 1.23.20 C305 For outward BACS payments, indicate if the beneficiary of the payment is screened regarding proprietary lists 1.23.21 C306 For outward BACS payments, indicate if any other parties of the payment are screened regarding proprietary lists 1.23.22 For the above questions, please answer using the following dropdown list: o Yes: Real time – Yes screening against the list detailed for the party shown is applied as the transaction is processed but prior to it completing o Yes: Prior – Yes screening against the list detailed for the party shown is undertaken prior to the transaction being completed o Yes: After – Yes screening against the list detailed for the party shown is undertaken subsequent to the transaction being completed o No – No screening is not applied against the list detailed in respect of the party shown C307 For inward BACS payments, indicate if the sender of the payment is screened regarding proprietary lists 1.23.23 C308 For inward BACS payments, indicate if the beneficiary of the payment is screened regarding proprietary lists 1.23.24

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 109 of 120 C309 For inward BACS payments, indicate if any other parties of the payment are screened regarding proprietary lists 1.23.25 For the above questions, please answer using the following dropdown list: o Yes: Real time – Yes screening against the list detailed for the party shown is applied as the transaction is processed but prior to it completing o Yes: Prior – Yes screening against the list detailed for the party shown is undertaken prior to the transaction being completed o Yes: After – Yes screening against the list detailed for the party shown is undertaken subsequent to the transaction being completed o No – No screening is not applied against the list detailed in respect of the party shown C310 For inward BACS payments, indicate if the sender of the payment is screened regarding FATF 16 (wire transfer) checks 1.23.26 C311 For inward BACS payments, indicate if the beneficiary of the payment is screened regarding FATF 16 (wire transfer) checks 1.23.27 C312 For inward BACS payments, indicate if any other parties of the payment are screened regarding FATF 16 (wire transfer) checks 1.23.28 For the above questions, please answer using the following dropdown list: o Yes: Real time – Yes screening against the list detailed for the party shown is applied as the transaction is processed but prior to it completing o Yes: Prior – Yes screening against the list detailed for the party shown is undertaken prior to the transaction being completed o Yes: After – Yes screening against the list detailed for the party shown is undertaken subsequent to the transaction being completed o No – No screening is not applied against the list detailed in respect of the party shown 4.1.24 Payment Screening – FASTER This section of the return will appear for those firms who have selected to be a Class 1 – Deposit Taking or Class 8 – Money Transmission Services licenceholder within the ‘Entity Control Questions’ section of the return. This section of the return is seeking information on which customer screening is applied to for outward and inward FASTER payments. C313 Do you participate in the Faster Payment System? 1.24.1 Please answer ‘Yes’ or ‘No’. If answered ‘Yes’ the below questions C314 to C340 will appear. This section is applicable to Faster Payment System participants only. C314 For outward FASTER payments, indicate if the sender of the payment is screened regarding IOM/UK/EU/UN sanction lists 1.24.2 C315 For outward FASTER payments, indicate if the beneficiary of the payment is screened regarding IOM/UK/EU/UN sanction lists 1.24.3 C316 For outward FASTER payments, indicate if any other parties of the payment are screened regarding IOM/UK/EU/UN sanction lists 1.24.4 For the above questions, please answer using the following dropdown list:

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 110 of 120 o Yes: Real time – Yes screening against the list detailed for the party shown is applied as the transaction is processed but prior to it completing o Yes: Prior – Yes screening against the list detailed for the party shown is undertaken prior to the transaction being completed o Yes: After – Yes screening against the list detailed for the party shown is undertaken subsequent to the transaction being completed o No – No screening is not applied against the list detailed in respect of the party shown C317 For inward FASTER payments, indicate if the sender of the payment is screened regarding IOM/UK/EU/UN sanction lists 1.24.5 C318 For inward FASTER payments, indicate if the beneficiary of the payment is screened regarding IOM/UK/EU/UN sanction lists 1.24.6 C319 For inward FASTER payments, indicate if any other parties of the payment are screened regarding IOM/UK/EU/UN sanction lists 1.24.7 For the above questions, please answer using the following dropdown list: o Yes: Real time – Yes screening against the list detailed for the party shown is applied as the transaction is processed but prior to it completing o Yes: Prior – Yes screening against the list detailed for the party shown is undertaken prior to the transaction being completed o Yes: After – Yes screening against the list detailed for the party shown is undertaken subsequent to the transaction being completed o No – No screening is not applied against the list detailed in respect of the party shown C320 For outward FASTER payments, indicate if the sender of the payment is screened regarding US sanction lists (e.g. OFAC / SDN lists) 1.24.8 C321 For outward FASTER payments, indicate if the beneficiary of the payment is screened regarding US sanction lists (e.g. OFAC / SDN lists) 1.24.9 C322 For outward FASTER payments, indicate if any other parties of the payment are screened regarding US sanction lists (e.g. OFAC / SDN lists) 1.24.10 For the above questions, please answer using the following dropdown list: o Yes: Real time – Yes screening against the list detailed for the party shown is applied as the transaction is processed but prior to it completing o Yes: Prior – Yes screening against the list detailed for the party shown is undertaken prior to the transaction being completed o Yes: After – Yes screening against the list detailed for the party shown is undertaken subsequent to the transaction being completed o No – No screening is not applied against the list detailed in respect of the party shown C323 For inward FASTER payments, indicate if the sender of the payment is screened regarding US sanction lists (e.g. OFAC / SDN lists) 1.24.11 C324 For inward FASTER payments, indicate if the beneficiary of the payment is screened regarding US sanction lists (e.g. OFAC / SDN lists) 1.24.12 C325 For inward FASTER payments, indicate if any other parties of the payment are screened regarding US sanction lists (e.g. OFAC / SDN lists) 1.24.13 For the above questions, please answer using the following dropdown list:

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 111 of 120 o Yes: Real time – Yes screening against the list detailed for the party shown is applied as the transaction is processed but prior to it completing o Yes: Prior – Yes screening against the list detailed for the party shown is undertaken prior to the transaction being completed o Yes: After – Yes screening against the list detailed for the party shown is undertaken subsequent to the transaction being completed o No – No screening is not applied against the list detailed in respect of the party shown C326 For outward FASTER payments, indicate if the sender of the payment is screened regarding other sanction lists 1.24.14 C327 For outward FASTER payments, indicate if the beneficiary of the payment is screened regarding other sanction lists 1.24.15 C328 For outward FASTER payments, indicate if any other parties of the payment are screened regarding other sanction lists 1.24.16 For the above questions, please answer using the following dropdown list: o Yes: Real time – Yes screening against the list detailed for the party shown is applied as the transaction is processed but prior to it completing o Yes: Prior – Yes screening against the list detailed for the party shown is undertaken prior to the transaction being completed o Yes: After – Yes screening against the list detailed for the party shown is undertaken subsequent to the transaction being completed o No – No screening is not applied against the list detailed in respect of the party shown C329 For inward FASTER payments, indicate if the sender of the payment is screened regarding other sanction lists 1.24.17 C330 For inward FASTER payments, indicate if the beneficiary of the payment is screened regarding other sanction lists 1.24.18 C331 For inward FASTER payments, indicate if any other parties of the payment are screened regarding other sanction lists 1.24.19 For the above questions, please answer using the following dropdown list: o Yes: Real time – Yes screening against the list detailed for the party shown is applied as the transaction is processed but prior to it completing o Yes: Prior – Yes screening against the list detailed for the party shown is undertaken prior to the transaction being completed o Yes: After – Yes screening against the list detailed for the party shown is undertaken subsequent to the transaction being completed o No – No screening is not applied against the list detailed in respect of the party shown C332 For outward FASTER payments, indicate if the sender of the payment is screened regarding proprietary lists 1.24.20 C333 For outward FASTER payments, indicate if the beneficiary of the payment is screened regarding proprietary lists 1.24.21 C334 For outward FASTER payments, indicate if any other parties of the payment are screened regarding proprietary lists 1.24.22 For the above questions, please answer using the following dropdown list:

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 112 of 120 o Yes: Real time – Yes screening against the list detailed for the party shown is applied as the transaction is processed but prior to it completing o Yes: Prior – Yes screening against the list detailed for the party shown is undertaken prior to the transaction being completed o Yes: After – Yes screening against the list detailed for the party shown is undertaken subsequent to the transaction being completed o No – No screening is not applied against the list detailed in respect of the party shown C335 For inward FASTER payments, indicate if the sender of the payment is screened regarding proprietary lists 1.24.23 C336 For inward FASTER payments, indicate if the beneficiary of the payment is screened regarding proprietary lists 1.24.24 C337 For inward FASTER payments, indicate if any other parties of the payment are screened regarding proprietary lists 1.24.25 For the above questions, please answer using the following dropdown list: o Yes: Real time – Yes screening against the list detailed for the party shown is applied as the transaction is processed but prior to it completing o Yes: Prior – Yes screening against the list detailed for the party shown is undertaken prior to the transaction being completed o Yes: After – Yes screening against the list detailed for the party shown is undertaken subsequent to the transaction being completed o No – No screening is not applied against the list detailed in respect of the party shown C338 For inward FASTER payments, indicate if the sender of the payment is screened regarding FATF 16 (wire transfer) checks 1.24.26 C339 For inward FASTER payments, indicate if the beneficiary of the payment is screened regarding FATF 16 (wire transfer) checks 1.24.27 C340 For inward FASTER payments, indicate if any other parties of the payment are screened regarding FATF 16 (wire transfer) checks 1.24.28 For the above questions, please answer using the following dropdown list: o Yes: Real time – Yes screening against the list detailed for the party shown is applied as the transaction is processed but prior to it completing o Yes: Prior – Yes screening against the list detailed for the party shown is undertaken prior to the transaction being completed o Yes: After – Yes screening against the list detailed for the party shown is undertaken subsequent to the transaction being completed o No – No screening is not applied against the list detailed in respect of the party shown 4.1.25 Disclosures and Reporting – THEMIS This section of the return will appear for all firms for completion. C341 Is the firm registered with THEMIS? 1.25.1 Please answer ‘Yes’ or ‘No’. For clarity, THEMIS is the online reporting system of the FIU, through which MLROs are able to report SARs, other disclosures, and receive advisory notices. The Authority strongly encouragesthat all firms and MLROs are signed-up and active use THEMIS where appropriate. Please contact the FIU for further guidance on steps to sign-up and register.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 113 of 120 4.1.26 Disclosures and Reporting – Disclosures to the MLRO, Sanctions Officer and FIU The first question of this section will appear for all firms for completion. C342 Did the firm make any internal or external disclosures in the reporting period? 1.26.1 Please answer ‘Yes’ or ‘No’. If answered ‘Yes’ the below questions C343 to C350 will appear. C343 Number of internal disclosures made within the reporting period, by disclosure type 1.26.2 C344 Number of external disclosures made within the reporting period to Isle of Man Financial Intelligence Unit, by disclosure type 1.26.4 For the above questions, input the total number of internal and external disclosures made in the reporting period (1st January to 31st December) using the below ‘disclosure type’ dropdowns: o Money Laundering Disclosures (POCA - Proceeds of Crime Act) o Terrorism Disclosures (ATCA - Anti-Terrorism and Crime Act) Firms are required under POCA and ATCA to submit a suspicious activity report to the FIU in respect of information that comes to them in the course of their business, if they know or suspect, or have reasonable grounds for knowing or suspecting, that a person is engaged in, or attempting, money laundering or terrorist financing. This requirement is also set out in the AML/CFT Code. A suspicious activity report, or external disclosure, must be submitted to the FIU as soon as practicable. An external disclosure will usually, but not always, follow an internal disclosure to the MLRO of the firm. C345 Number of Section 24 disclosures made under the FIU Act by the firm in the reporting period 1.26.5 Input the total number of Section 24 disclosures made in the reporting period (1st January to 31st December). If no Section 24 disclosures have been made during the period, please input ’0’. Section 24 of the FIU Act allows any person to disclose information to the FIU if the disclosure is made for the purposes of the exercise by the FIU of any of its functions. C346 Number of UN sanctions disclosures made under relevant legislation by the firm in the reporting period 1.26.6 Input the total number of UN sanctions disclosures made in the reporting period (1st January to 31st December). UN Sanctions being: • UN sanctions (made by UN Security Council Resolutions) • UK sanctions (made by Regulations under the Sanctions and Anti-Money Laundering Act 2018) • Designations relating to terrorism (made under the Terrorism and Other Crime (Financial Restrictions) Act 2014) If no UN sanctions disclosures have been made during the period, please input ’0’. C347 Number of non-UN sanctions disclosures made under the FIU Act by the firm in the reporting period 1.26.7

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 114 of 120 Input the total number of non-UN sanctions disclosures made in the reporting period (1st January to 31st December). Non-UN sanctions being OFAC for example. If no non-UN sanctions disclosures have been made during the period, please input ’0’. C348 Provide the aggregate value of assets (GBP) of internal disclosures 1.26.9 C349 Provide the aggregate value of assets (GBP) of external disclosures to the Isle of Man Financial Intelligence Unit 1.26.10 C350 Provide the aggregate value of assets (GBP) of disclosures made for suspected breaches of sanctions 1.26.11 For the above questions, please input the aggregate value of assets in GBP. 4.1.27 Disclosures and Reporting – International The first question of this section will appear for all firms for completion. C351 Did the firm make any ML / FT / PF / sanction disclosures to International Agencies in the reporting period? 1.27.1 Please answer ‘Yes’ or ‘No’. If answered ‘Yes’ the below questions C352 to C354 will appear. For clarity, international agencies are those agencies outside the Isle of Man and this excludes the Isle of Man FIU. C352 Number of disclosures made within the reporting period to International Agencies, by disclosure type 1.27.2 For the above question, input the total number of disclosures made to international agencies in the reporting period (1st January to 31st December) using the below ‘disclosure type’ dropdowns: o Money Laundering Disclosures (POCA - Proceeds of Crime Act) o Terrorism Disclosures (ATCA - Anti-Terrorism and Crime Act) o Sanctions Disclosures C353 Of these disclosures to International Agencies, how many have been dual reported to the Isle of Man FIU? 1.27.3 Please input the number of disclosures. C354 Provide the aggregate value of assets (GBP) of disclosures to International Agencies 1.27.4 For the above questions, please input the aggregate value of assets in GBP. 4.1.28 Disclosures and Reporting – ML / FT / PF / Sanctions Enquiries Received C355 Did the firm receive any enquiries from law enforcement authorities on ML / FT / PF / sanctions in the reporting period? 1.28.1 This question of the return will appear for all firms for completion. ‘Law enforcement authorities’ in relation to this question including the following: • Attorney General • International Co-operation and Asset Recovery Team (“ICART”) • Financial Intelligence Unit (“FIU”) • Economic Crime Unit (“ECU”)

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 115 of 120 • Proactive International Money Laundering Investigation Team (“PIMLIT”) • Isle of Man Constabulary For clarity, firms are not required to record general advisory notices received in response to this question. This section of the return is seeking information in relation to any Section 18 notices and court orders received by the firm. Please answer ‘Yes’ or ‘No’. If answered ‘Yes’ the below questions C356 to C360 will appear. C356 Number of ML/FT/PF enquires received and recorded within the register (as required by Part 7 of the AML/CFT Code), in the reporting period from: Law enforcement authorities about money laundering 1.28.2 C357 Law enforcement authorities about financing of terrorism 1.28.3 C358 Law enforcement authorities about proliferation financing 1.28.4 C359 Law enforcement authorities about targeted financial sanctions 1.28.5 C360 Law enforcement authorities about other enquiries or reason not known 1.28.6 The AML/CFT Code requires firms to maintain a register of ML and FT enquiries received from law enforcement authorities. For the above questions, state the number of enquiries received in the year (1st January to 31st December) from law enforcement authorities, split between ML, FT, PF, financial sanctions and others. This question of the return will appear for all firms for completion. Please answer ‘Yes’ or ‘No’. If answered ‘Yes’ the below questions C362 to C366 will appear. ‘Other competent authorities’ in relation to this question including the following: • Isle of Man Financial Services Authority • Isle of Man Gambling Supervision Commission • Customs & Excise Division • Income Tax Division/Treasury • Social Security Benefit Office • Isle of Man Office of Fair Trade C362 Number of ML/FT/PF enquires received and recorded within the register (as required by Part 7 of the AML/CFT Code), in the reporting period from: Other competent authorities about money laundering 1.28.9 C363 Other competent authorities about financing of terrorism 1.28.10 C364 Other competent authorities about proliferation financing 1.28.11 C365 Other competent authorities about targeted financial sanctions 1.28.12 C366 Other competent authorities about other enquiries or reason not known 1.28.13 The AML/CFT Code requires firms to maintain a register of ML and FT enquiries received from other competent authorities. For the above questions, state the number of enquiries received in the year (1st C361 Did the firm receive any enquiries from other competent authorities on ML / FT / PF / sanctions in the reporting period? 1.28.8

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 116 of 120 January to 31st December) from other competent authorities, split between ML, FT, PF, financial sanctions and others. 4.1.29 Disclosures and Reporting – Blocked or Frozen Assets for Sanctions Purposes C367 Has the firm had any blocked or frozen assets for sanctions purposes in or at the end of the reporting period? 1.29.1 This question of the return will appear for all firms for completion. The reporting period being from 1 st January to 31st December. Please answer ‘Yes’ or ‘No’. If answered ‘Yes’ the below questions C368 to C373 will appear. C368 Provide the number of accounts blocked or frozen for financial sanctions purposes in the reporting period 1.29.2 C369 Provide the aggregate value of assets (GBP) for accounts blocked or frozen for financial sanctions purposes in the reporting period 1.29.3 C370 Provide the number of blocked or frozen accounts for financial sanctions purposes released in the reporting period 1.29.4 C371 Provide the aggregate value of assets (GBP) for blocked or frozen accounts for financial sanctions purposes released in the reporting period 1.29.5 C372 Provide the total number of accounts blocked or frozen for financial sanctions purposes at the end reporting period 1.29.6 C373 Provide the total aggregate value of assets (GBP) for blocked or frozen accounts for financial sanctions purposes at the end of the reporting period 1.29.7 Pease input the aggregate value of assets in GBP. 4.1.30 Disclosures and Reporting – Blocked or Frozen Assets for Reasons other than for Financial Sanctions Purposes C374 Has the firm had any blocked or frozen assets for reasons other than for financial sanctions purposes in or at the end of the reporting period? 1.30.1 This question of the return will appear for all firms for completion. The reporting period being from 1 st January to 31st December. Please answer ‘Yes’ or ‘No’. If answered ‘Yes’ the below questions C375 to C382 will appear. C375 Provide the number of accounts blocked or frozen for ML purposes at the end of the reporting period Subject to consent including restraint orders etc. 1.30.2 C376 Provide the aggregate value of assets (GBP) of blocked or frozen accounts for ML purposes at the end of the reporting period Subject to consent including restraint orders etc. 1.30.3 C377 Provide the number of accounts blocked or frozen for FT purposes at the end of the reporting period Subject to consent including restraint orders etc. 1.30.4 C378 Provide the aggregate value of assets (GBP) of blocked or frozen accounts for FT purposes at the end of the reporting period Subject to consent including restraint orders etc. 1.30.5 C379 Provide the number of accounts blocked or frozen for PF purposes at the end of the reporting period 1.30.6

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 117 of 120 Subject to consent including restraint orders etc. C380 Provide the aggregate value of assets (GBP) of blocked or frozen accounts for PF purposes at the end of the reporting period Subject to consent including restraint orders etc. 1.30.7 C381 Provide the number of accounts blocked or frozen for other purposes at the end of the reporting period E.g. gone away 1.30.8 C382 Provide the aggregate value of assets (GBP) of blocked or frozen accounts for other purposes at the end of the reporting period E.g. gone away 1.30.9 Pease input the aggregate value of assets in GBP. 4.1.31 Disclosures and Reporting – Declined and Terminated Relationships (ML / TF / PF / Sanctions) This question of the return will appear for all firms for completion. The reporting period being from 1 st January to 31st December. Please answer ‘Yes’ or ‘No’. If answered ‘Yes’ the below questions C384 to C392 will appear. For clarity, the firm may decline customer/ business relationships for a number of reasons for example, including due to the customer/ business relationship being outside of the firm’s risk appetite. However, please only consider those relationships declined due to suspicious activity for ML/ FT / PF or Sanctions reasons in this section. Please input the number of new customer relationships declined in the reporting period (1st January to 31st December) split between ML, FT, PF, and sanctions reasons. Please input the indicative value, in GBP, of those new customer relationships declined in the reporting period (1st January to 31st December) split between ML, FT, PF, and sanctions reasons. C383 Did the firm decline any customer / business relationships for ML / FT / PF / Sanctions reasons in the reporting period? 1.31.1 C384 Number of potential new customer relationships declined in the reporting period for ML reasons 1.31.2 C385 Number of potential new customer relationships declined in the reporting period for FT reasons 1.31.3 C386 Number of potential new customer relationships declined in the reporting period for PF reasons 1.31.4 C387 Number of potential new customer relationships declined in the reporting period for sanctions reasons 1.31.5 C388 Indicative value (GBP) of assets relating to the potential new customer relationships declined in the reporting period for ML reasons 1.31.6 C389 Indicative value (GBP) of assets relating to the potential new customer relationships declined in the reporting period for FT reasons 1.31.7 C390 Indicative value (GBP) of assets relating to the potential new customer relationships declined in the reporting period for PF reasons 1.31.8 C391 Indicative value (GBP) of assets relating to the potential new customer relationships declined in the reporting period for sanctions reasons 1.31.9

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 118 of 120 This question of the return will appear for all firms for completion. The reporting period being from 1 st January to 31st December. Please answer ‘Yes’ or ‘No’. If answered ‘Yes’ the below questions C393 to C400 will appear. For clarity, the firm may terminate a customer/ business relationships for a number of reasons for example, including due to the customer/ business relationship being outside of the firm’s risk appetite. However, please only consider those relationships terminated due to suspicious activity for ML/ FT / PF or Sanctions reasons in this section. Please input the number of customer relationships terminated in the reporting period (1st January to 31st December) split between ML, FT, PF, and sanctions reasons. Please input the value of assets, in GBP, relating to the customer relationships terminated in the reporting period (1st January to 31st December) split between ML, FT, PF, and sanctions reasons. 4.1.32 Comments C401 Do you have any comments to the previous sections? 1.32.1 This section of the return will appear for all firms. Please select ‘Yes’ or ‘No’. If answered ‘Yes’ the below comment box will appear: C402 This section is provided to allow firms to provide any commentary that is relevant to the completion of this form 1.32.2 5. Signatories Page S1 Do you declare this information, data collected and submitted to be correct and accurate? Please note the legislation references available here in relation to making false or misleading statements to the Authority. 1.1.1 C392 Did the firm terminate any customer / business relationships for ML / FT / PF / Sanctions reasons in the reporting period? 1.31.10 C393 Number of customer relationships terminated in the reporting period for ML reasons 1.31.11 C394 Number of customer relationships terminated in the reporting period for FT reasons 1.31.12 C395 Number of customer relationships terminated in the reporting period for PF reasons 1.31.13 C396 Number of customer relationships terminated in the reporting period for sanctions reasons 1.31.14 C397 Value of assets (GBP) relating to the customer relationships which were terminated in the reporting period for ML reasons 1.31.15 C398 Value of assets (GBP) relating to the customer relationships which were terminated in the reporting period for FT reasons 1.31.16 C399 Value of assets (GBP) relating to the customer relationships which were terminated in the reporting period for PF reasons 1.31.17 C400 Value of assets (GBP) relating to the customer relationships which were terminated in the reporting period for sanctions reasons 1.31.18

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 119 of 120 The above is a comment box. Please type 'Yes'. The Authority is registered with the Information Commissioner as a data controller. The Authority collects and processes personal data to carry out its functions under relevant legislation and may share personal data with other parties where there is a legal basis for doing so. Information on how the Authority collects and processes personal data can be found in the Privacy Notice. S2 Name of the submitting individual, who does so on behalf of the firm 1.1.2 S3 Position of the submitting individual, who does so on behalf of the firm 1.1.3 The above are comment boxes, please type in the name and position of the individual submitting the return.

Guidance for the AML/CFT Annual Statistical Return – STRIX Page 120 of 120 6. Version / Control History Issue Date Version Changes Log 15/01/2024 1.0 Initial guidance release following the AML/CFT annual statistical return’s migration from Excel to the STRIX system for the 2023 annual statistical return. Small number of additional questions such as commercially exposed persons, screening provider, sanctions notification service added. 01/02/2024 2.0 Enhancements and further guidance added throughout the document following the initial release. 06/12/2024 3.0 Full questions included with guidance provided for each. Updates added for release of the 2024 annual statistical return; 80 total questions removed, 27 new conditional questions and 35 new risk and control data questions. 23/12/2024 3.1 Small guidance enhancements. Added four further questions within the ‘Products and Services Scenarios’ section regarding trusts and the residency of family office customers. 08/01/2025 3.1.1 Guidance added to the following questions: Q133-Q135, Q138-Q140 and C189-C191. 14/02/2025 3.1.2 Further guidance added to the following questions: Q163, Q185, Q187 and C352. Section 2.2.4 added to ‘2.2 Useful links and FAQs’ 30/12/2025 4.1 Annual updates added for the release of the 2025 annual statistical return, with new questions highlighted in green throughout the guidance. Key changes include the following: • Further permissions split out within the ‘Building your Survey’ section with the corresponding customer questions; e.g. SNPO customer risk section has been separated out and the questions tailored to the sector • Updates to ‘customer type’ drop downs for TCSPs, with additional questions on the type of services provided • Added ‘Royal Family’ member as an option to PEP drop down • Adjustments to CEP questions • Adjusted introducer questions to make it clearer on introducer and introduced customer geographical locations • New questions added on the firm’s banking relationships • Additional concession questions; exempted occasional transactions and transfer of a block of business • A new section has been created titled ‘Firm Policies and Procedures’ within the controls tab; this contains existing questions with one additional question on approval of higher risk relationships. • New ‘Banded FTE’ staff question and turnover of employed staff Additional clarity provided throughout guidance. 09/01/2026 4.1.1 Update to guidance in section ‘4.1.31 Disclosures and Reporting – Declined and Terminated Relationships (ML / TF / PF / Sanctions)’ 04/02/2026 4.1.2 Small enhancements and additional guidance provided for Q221 and Q274. Further guidance added to the following sections: ‘3.2.1 Deposit Taking – Size and Significance of the Customer Base’ and ‘3.2.2 Deposit Taking – New Customer Relationships’. 25/03/2026 4.1.3 Further clarity and guidance added to the following sections: ‘3.5.4 New Business Relationships – Reliance and Concessions – Face-to-Face Business’ ‘3.5.5 New Business Relationships – Reliance and Concessions – Reliance on Third Parties for Elements of CDD’ ‘3.5.6 New Business Relationships – Sources and Introducers – Sources of Business’