Luura Proportionate AML and Financial Crime Policy

Last updated: 10 October 2025  •  Applies to: Luura Ltd and all associated contractors or partners

1. Purpose

This policy sets out how Luura prevents and reduces the risk of money laundering and terrorist financing. Although Luura is not a regulated financial institution, we operate within the UK financial ecosystem and are committed to high standards of compliance and transparency.

2. Scope

This policy applies to Luura’s operations, platform, and partnerships, including:

  • User onboarding and account creation flows.
  • The use of regulated third-party providers for Open Banking and payment processing.
  • Any marketing, product, or data activities that could indirectly relate to financial transactions.

3. Risk Status Low risk

  • Luura does not hold, transmit, or directly process customer funds.
  • Luura does not have access to sensitive financial data such as account numbers or balances.
  • Luura relies on regulated third-party providers to handle all payments, transfers, and bank data.

Because of this, Luura’s exposure to money laundering and terrorist financing risk is very low.

4. Responsibilities

  • Compliance Lead: Kiesha Okeowo (Founder). Responsible for keeping this policy accurate and ensuring any concerns about suspicious activity are logged and reviewed.
  • Regulated third-party providers: Responsible for customer due diligence (CDD) and reporting suspicious activity under their own AML obligations.

5. Customer Due Diligence (CDD)

Luura’s regulated third-party providers carry out all identity verification, transaction monitoring, and payment processing.

  • Only verified users can access financial features within Luura.
  • All Open Banking and payment providers used by Luura are authorised and regulated under UK law.
  • Luura cooperates with providers and competent authorities on any legitimate request for information.

6. Suspicious Activity

While Luura does not directly monitor user transactions, any unusual or potentially fraudulent activity noticed (e.g. attempted misuse of the platform or suspicious sign-ups) will be:

  1. Logged by the Compliance Lead; and
  2. Escalated to the relevant regulated provider or, if necessary, to the National Crime Agency (NCA).

Users must not be informed if a report is made (to avoid any risk of “tipping off”).

7. Record Keeping

Luura keeps the following records securely for at least five years, in line with UK data protection and privacy laws:

  • Logs of user onboarding activity.
  • Documentation of third-party AML arrangements and contracts.
  • Copies of this and related compliance policies.

8. Staff Awareness and Training

As a single-person company, the founder maintains awareness of AML obligations through FCA and HMRC guidance. If Luura expands, AML and financial crime training will be mandatory for all new team members.

9. Review

This policy will be reviewed annually, or sooner if Luura’s operations change (for example, if Luura begins handling or viewing financial data directly) or if regulatory requirements evolve.