AAKMG004

Anti-Money Laundering & Counter-Terrorism Financing

Compliance Program

MoneyGram Payment Systems Inc.For Affiliates

Australia

Version 1 May 2012

Page 1 of 12

AAKMG004 AAKMG004

Table of ContentsAdoption of the Compliance Program

Statement of Policy

Purpose of the compliance program & message to moneygram affilaite employees

PART A

A1. Money Laundering and Terrorist FinancingA2. IdentificationofMoneyLaundering&Terrorist Financing RisksA3. Monitoring of TransactionsA4. Suspicious ActivityA5. AppointmentofComplianceOfficerA6. RegistrationObligationundertheAML&CTF Act (2006)A7. ReportingObligationsundertheAML&CTF Act (2006) A8. AML and CTF Risk Awareness Training ProgramA9. AffiliateEmployeeDueDiligenceProgramA10. AffiliateResponsetoLawEnforcementRequestsA11. AUSTRAC FeedbackA12. Reporting and Investigation of any violations of this Compliance Program

PART B

B1. IdentificationofMoneyLaundering&Terrorist Financing RisksB2. Know Your Customer PolicyB3. RecordKeepingRequirements

PART C

C1.MoneyGramKnowYourAffiliateProgramand Registration C2.MoneyGramComplianceTrainingtoAffiliate

Legal disclaimerAlthough this document contains legal information, it is not intended to be, nor should it be considered legal advice.

For legal advice, including the interpretation and application of any law, please consult an attorney.

Statement of policyTheAffiliatesupportsthefightagainstmoneylaundering&terrorism; it has adopted this MoneyGram Compliance Programtopreventitsfinancialservicesfrombeingused to promote criminal activity.

TheAffiliatewillfullycomplywithboththeintent&letterofalllaws&regulationsrelatingtoAnti-MoneyLaundering (“AML”) & Counter-Terrorist Financing(“CTF”). MoneyGram& the Affiliate will train theiremployees to comply with these laws and regulations.

A copy of this Compliance Program is kept at the followingofficesofMoneyGram:SydneyAustralia,HongKongandDallasU.S.A.

Every employee of an Affiliate who conducts oris involved in MoneyGram® money transfer service in Australia is required tounderstandandcomplywith thecontents of this document.

Purpose of the compliance programThis Compliance Program is prepared for the following purposes:

•clearlystatetheAffiliates&MoneyGram’scommitmenttocomplywiththerequirementsoftheAML&CTFAct;•remindAffiliatesemployees&AffiliatesofMoneyGram’sPolicyinfightingagainstmoneylaundering&terroristfinancingactivities;•outlineKnowYourCustomer(KYC)&RecordKeepingrequirements;•ensureAffiliatescompliancewithPart7oftheAML&CTFAct,i.e.obligationtomaintainanAML/CTFProgramme.

Message to affiliate employeesThe penalties for violating the AML and CTF Act are severe. Violations may cause loss of customer goodwill andunfavourablepublicity, aswell ascivil andcriminal penalties.

Affiliate staff must be aware that liability may beimposedonthemifthebusinessand/oremployeeis/arewilfully blind to suspicious activity or knew information that he/she “should have known” wassuspicious.Forexample,allEmployeesmustcompletetrainingandcertificationoftheAML/CTFprogrammeinAustraliaaspartofinductionandannualAML/CTFtrainingwhichwillprovide them with the information and skills to be reasonably expected to identify suspicious activity.

Page 2 of 12

Any employee that violates the policies & procedures, either unknowingly or intentionally may be subject to disciplinary action, including but not limited to, civil penalties and/or criminal penalties.

PART AA1. Money Laundering and Terrorist Financing

Money Laundering (ML)ML is theattempt toconcealordisguisethenature,location,source,ownershiporcontrolofillegallyobtainedmoney. If illegal money is successfully laundered,criminals maintain control over their illegally obtained funds and they can establish a separate cover for their illicit source of income. AML laws apply to any funds derivedfromillegalactivities,suchasfundsheldbydrugtraffickers,terrorists,organisedcrime,illegaltaxevaders,peoplesmuggling&othergroups&individualsseekingtotransfer,spendand/orinvestmoneyderivedfrom any type of crime.

The ML cycle includes placing funds into the financialsystem by sending money transfers. Once the funds have enteredthesystem,thesourceofillegalfundsisfurtherdisguisedbytransferringthemthroughlayersoffinancialinstitutions,suchasbankor investment accounts.Finally, the funds are legitimised by purchasingitems or investing in legitimate investments such as real estate,realproperty,stocksandbonds.

AAKMG004 Page 3 of 12Page 2 of 12

ML isnot limited tocash,MLcanbedone throughanytypeoffinancialtransaction,including,butnotlimitedto, funds transfers, money orders, checks, debit cards,storedvalue&creditcardtransactions.

Terrorist Financing (TF)TFincludesthefinancingofterroristacts,&ofterroristsand terrorist organisations.

A2. Identification of ML & TF RisksInordertoimplementareasonablerisk-basedapproach,MoneyGramtakesintoaccountthefollowingfactors:

a) Customer Type Risk

i) MoneyGram® money transfer service in Australia is only provided to individual customers. The maximum amount per MoneyGram® money transfer transaction isUSD10,000(orequivalentamount inAUD). AcapofUSD20,000(orequivalentamount inAUD) issetasthemaximum send amount per sender per day;ii)Customer’stransactionbehaviour&patternarefactorstoconsider,e.g. frequent transactionswithout justifiablereasons.

b)Product/ServiceRisk

i) The MoneyGram® money transfer service provided by MoneyGraminAustraliaisacash-to-cashdomesticandinternational cash to account in countries where availablemoneyremittanceservice.Everysenderisrestricted to send an accumulated amount of a maximumofUSD20,000(orequivalentinAUD)perday.ForanytransactionhigherthanUSD10,000(orequivalentinAUD), the sendermay be interviewed and subject tofurtherquestioningbyMoneyGramoverthephonebeforeprocessing the transaction. The abovementioned policies are designed to mitigate the risk of making use of MoneyGram’sservicetoconductML&TFactivities;ii) MoneyGram® money transfer service involves cash but every customer has to produce a Government issued photo identification document for verification.Anonymous transactions are not permitted.

c)DeliveryMethodRisk

Atpresent, cash is theonlymeansofpayment for theMoneyGram® money transfer service in Australia. EverysenderorreceiverhastogototheAffiliateLocationinperson&conductthesendorreceivetransaction.

d) Country or Geographic Risk

i)Country risk, in conjunction with other risk factors,providesusefulinformationastopotentialML&TFrisks.ii) Before a transaction is paid out to the designated receiver,thenameofeverysender&receiverischeckedagainst international sanctions lists, including thesanction list named by theOffice of ForeignAssetsControl (“OFAC”)of the U.S.A., theUnited Nations,EuropeanUnion&theReserveBankofAustralia(RBA).

e) Regulatory Risk

TheAffiliateisregisteredasanAffiliateofMoneyGramwiththe Australian Transaction Reports and Analysis Centre (AUSTRAC) who in turn is registered as a designated remittance network service provider with AUSTRAC. The entityhastocomplywiththerelevantrequirements,

includingbutnotlimitedtopropercustomerverificationprocedures, having in place an adopted AML/CTFProgram,submissionofrelevantreportsandappointmentofaComplianceOfficer.

Risk Mitigation & Control

In viewof therisks identified inpointa) tod)above,MoneyGram is adopting the following measures to mitigatetherisks:

i)themaximumamountpertransactionisUSD10,000(orequivalent amount in AUD in consideration of thefluctuationoftheexchangerate);ii)anysendtransactionhigherthanUSD10,000hastobeprocessedthroughMoneyGram’sCallCentre;iii) a capofUSD20,000 is set to be the send limit of asender per day;iv) detailed personal information has to be obtained from each sender or receiver customer (for details, pleaserefer to PART B of this Compliance Program);v) For transactions sent to countries that are considered highriskforML,terroristactivitiesorfraudulentactivities,more detailed scrutinyof the transactions iscarried out before paying out to the receivers; vi)MoneyGram’ssoftwarereviewsandchecksallnameslisted on money transfer transactions against a number of sanction lists of money launderers, terrorists,terroristorganizations,drugtraffickers,etc.Thesanctionlistsinclude,interalia,thesanctionlistsmaintainedbyOFAC of theU.S.A., theUnitedNations, the EuropeanUnion,Australia,UnitedKingdomandvariouscountries,etc. Any customer name that possibly matches with the name of a prohibited person or entity in the sanction lists is automatically blocked by the MoneyGram system and no money will be paid out to the receiver of that transaction.Theblockedtransactionissubjecttofurtherreviewofthecustomer’sidentityorinsomecircumstances,thecustomermayberequiredtobeinterviewedbyMoneyGram’s staff over the phone.MoneyGramwillpay out the money of a transaction to the receiver only if it isconfirmed thateithersenderor receiverdoesnotmatchwith all of thesanction lists.Forexample, ifacustomer’sname&otherpersonaldataexactlymatcheswith a name appearing on a Government sanction list,MoneyGramwillfreezethetransaction&informtherelevantbody,whichinturnwilladviseMoneyGramhowto proceed; vii)WorldCheck,RegulatoryDataCorp(RDC),theInternet,LexisNexis,Accuity&CorporateRiskInternational(CRI) are used to check for any possible exposure to PoliticallyExposedPersons.

Ongoing Customer Due Diligence (OCDD)The Affiliates OCDD Policy refers to the processeswherebyfurthercollectionofacustomer’spersonaldatashallbedoneviaMoneyGram’sAffiliatesorbyconductingadirecttelephoneinterviewwiththecustomer.Namesnoted under OCDDwill beprovided toMoneyGramComplianceSydneyOfficefortheirrecords.

ThereceiptofinformationasrequestedmayunderthecircumstancesinitiatetherequirementoffilingaSuspicious Matter Report (SMR) with AUSTRAC describing the activity that led to the report being

AAKMG004 AAKMG004

considered.UndertheEnhancedCustomerDueDiligence(ECDD)Policy,acustomerwillbeaskedformorepersonalinformation,whichmayincludebutisnotlimitedto:

1.Secondaryidentitydetails,e.g.Creditcards,driverslicense,utilitybillsetc.;2. Occupation;3.Dateofbirth;4.Nationality;5. Place of Birth;6. Alias or other names used in the past;7. Purpose of the transaction(s);8.Relationshipbetweenthereceiver&thesender;9. Source of funding.

For the aforementioned it would be required thatdocumentaryevidence is requestedandheld(wherepossible andappropriate) as verification of the facts aspresented.

TheECDDPolicyshall beappliedwhenanyofthefollowingsituationsarise:

•ThenameofasenderorreceiverhitsanyoftheGovernmentsanctionslists(e.g.OFAC,DFAT,etc);•Thetransactionpatternofthecustomerlookssuspicious;•Factors include the age of thepersonsendingorreceiving the funds; • Knowledge obtained from theAustralianBureau ofStatistics (ABS) regarding income for professions;•Jurisdictionsandvariouscorridorsidentifiedorknownas high risk. This would include those corridors experiencing political unrest and the like;•Increaseofactivitythroughcorridorswithnoapparentunderlying reason;•Customeroremployeeappearstostructuretransactionsin an attempt to avoid AML record keeping or reporting requirements;• An individual provides minimal or fictitiousinformationconcerningtheirname&otheridentifyingdata;•A customer engages in a discussion with anemployee to try to determine ways to avoid reporting or recordkeepingrequirements;•AcustomerusesafalseorobviouslyalteredIDorapolicecertificateand/orconsularaffidavit;•AcustomerisunableorunwillingtoprovideID;•TwoormorecustomersusethesameorsimilarIDs;•Acustomerappearstohaveanervousorsuspiciousdemeanor; •Acustomertriestoalterhis/hertransactionafterbeingaskedtoshowID;•Acustomerdeliberatelychangesthespellingofhis/hername on multiple transactions; •Acustomerstateshe/shedoesnot havea localaddressbuthe/sheappearstoresidelocallybecausehe/she is a repeat customer; •Twoormorecustomersapparentlyworktogethertobreak one transaction into two or more transactions to avoidrecordkeepingrequirements(i.e.AUD10,000);•Acustomeruses twoormore locationsorcashiersonthe same day to process transactions; •A customer offers bribes, tips or threatensemployeestoavoidrecordkeepingrequirements;•A customer admits that the cash for his/hertransactions came from illegal conduct; •Acustomermakeslargetransactionsthatarenot

consistentwithhis/heroccupationorbusinesspractice;•Acustomerhasnobusinessorapparent lawfulpurpose to transfer the money;•Whenitisknownthatamoneytransferistofacilitatecriminal activity;•A sender sendsmoney toapersonwhom thesenderdoes not know or is not familiar with and the purpose of transaction relates to a lottery or internet purchase;•Senders or receivers having the sameresidentialaddress with no known relationship;•Receiving or sending money by parties that arevisiblyacquainted,butthetransactionsappearnottoberelated;•Any other factors drawing theAffiliatesCompliance’sattention and leading to a decision of not paying out the moneywithoutfirstobtainingfurtherinformationfromthesender,receiverorboth.

AComplianceOfficer isappointedtoensuretheAffiliate is in compliance with this document and therequirementsundertheAMLandCTFAct.

A3. Monitoring of TransactionsTheAffiliate will put in placeamonitoringsystemto review transactions on a daily basis. Suspicious transactions are highlighted and alerts are generated for furtherreviews(ECDD)bythecompliancestaff.

Ifnecessary,MoneyGramwill conductspecial reviewofareasortransmissioncorridorsthathavebeenidentifiedby Regulators, law enforcementagencies,or throughpriorMoneyGramexperience,asareasthatmaybemoresusceptibletocriminalactivity,includingthefinancingofterrorism.

A4. Suspicious Activity

Structuring Structuring is the act of breaking up large transactions into several smaller transactions to avoid providing personally identifying information.

Many money launderers are familiar with the dollar thresholds that require record keeping & reporting.To remain anonymous and avoid the detection of law enforcement officials, money launders attemptto process transactions to avoid triggering record keeping and/or reporting requirements.Theprocessingof transactions thatavoid recordkeepingand/or reportrequirementsisknownas“structuring”.

Money launderers may also attempt to trick employees into allowing them to structure transactions by splitting up transactions with several accomplices or by trying to “con” employeeswith a hard luck story. Employeesneed to be on the lookout for structuring so that they can prevent it from occurring.

It is not appropriate and is suspicious to structure transactions or to help customers avoid record keeping orreporting requirements. Employees should not tellor even imply to a customer that he/she canavoid providing information by conducting transactions of smaller amounts. The following examples of potential structuring are specifically designed to avoid record keeping

Page 4 of 12

AAKMG004 Page 5 of 12

requirementsthatshouldbereportedforfurtherresearch,review&possiblesuspicioustransactionreporting.

1.AcustomeraskstosendfivemoneytransferstothesamereceiverforAUD2,000each,totallingAUD10,000.

2. Early in themorning, a customer has sent amoneytransfer for AUD5,000. Later in the day, thesamecustomer returns and sends another money transfers to the same receiver forAUD5,000. Whencombined, thetwotransactionstotalAUD10,000.

3.AcustomervisitstwodifferentMoneyGramAffiliate’slocationsonasingleday&conductstwomoneytransfersofAUD5,500ateach locationandboth transactionsaresent to the same receiver.

It is not appropriate for the Affiliate, its employees or customers to structure transactions in order to avoid the record keeping or reporting requirements.

Employees should never help anyone structure a transaction to avoid AML reporting or record keeping requirements.

Employees should never tell customers how to avoid any transaction limitation.

Suspicious ActivitySuspicious activity can vary from one transaction to another based on the circumstances surrounding the transaction or group of transactions.One customer’stransaction(s) may be normal based on knowledge of that customer,whileanothercustomer’stransaction(s)maybesuspicious.

Many factors are involved in determining whether transactionsaresuspicious, including,butnot limited tothe amount, the location of the store, commentsmadebythecustomer, thecustomer’sbehaviourandthecustomer’sprevioustransactionhistory.DetailsofECDDresultsarealsomostrelevantintheprocessof determining the legality of the transaction. The following list provides examples of potentially suspiciousactivity that maybe identified for furtherresearch,review&possiblereportingtoAUSTRAC:•A customer or employee appears to structuretransactions in an attempt to avoid AML record keepingorreportingrequirements;• An individualprovidesminimalorfictitious informationconcerningtheirname&otheridentifyingdata;• A customer engages in a discussion with anemployee to try to determine ways to avoid reporting or recordkeepingrequirements;•AcustomerusesafalseorobviouslyalteredID;•AcustomerisunableorunwillingtoprovideID;•TwoormorecustomersusethesameorsimilarIDs;•Acustomertriestoalterhis/hertransactionafterbeingaskedtoshowID;•Acustomerdeliberatelychangesthespellingofhis/hername on multiple transactions; •Acustomerstateshe/shedoesnothavea localaddressbuthe/sheappearstoresidelocallybecausehe/she is a repeat customer;• Two or more customers apparently work together tobreak one transaction into two or more transactions to avoidrecordkeepingrequirements(i.e.AUD10,000);

•Acustomeruses twoormore locationsorcashiersonthe same day to process transactions; •Acustomeroffersbribes,tipsorthreatensemployeestoavoidrecordkeepingrequirements;• A customer admits that the cash for his/hertransactions came from illegal conduct; •Acustomermakes large transactions that arenotconsistentwithhis/heroccupationorbusinesspractice;•Acustomerhasnobusinessorapparentlawfulpurposeto transfer the money;•Whenitisknownthatamoneytransferistofacilitatecriminal activity;•Asendersendsmoneytoapersonwhomthesenderdoes not know or familiar with and the purpose of transaction relates to a lottery or internet purchase;•Duringcorridortransactionreview,whenagroupofsenders having the same residential address in Australia send money on the same day to the same receiver in an overseas country while their total send amount is higher thanthereportingthresholdofAUD10,000.

(The above suggestions are not exhaustive and there maybeotherscenarioswhichtheAffiliatemayconsidersuspicious).

Affiliate Procedures in Reporting Structuring and Suspicious Activity1.The Affiliate has employed a monitoring systemto review transactions on a daily basis. Suspicious transactions are highlighted and alerts are generated for further reviews by compliance staff.2. Compliance staff also reviews Australian transactions through various corridors every month to highlight and identify any suspicious transactions. 3.IfanyAffiliate’semployeediscoversanysuspiciousactivities, transactions or violations of this ComplianceProgram,theemployeeisrequiredtoreportthesuspicious activities to the compliance staff regardless ofthedollaramount.Uponreceivingtheinformation,thecompliance staff shall investigate the case as soon as possible.4. Suspicious activities or transactions may be referred to the compliance staff. Upon receiving the information, the compliance staff shall investigate thecase as soon as possible. 5.Ifasuspiciononstructuring,moneylaundering,terrorist financing or other criminal activity is formed, aSMR shall be prepared and submitted to AUSTRAC by the compliance staff authorized to have access to AUSTRACOn-Line.6. After the SMR has been successfully submitted to AUSTRAC, the compliance staff shall keep a record oftheSMRandAUSTRAC’sacknowledgementreceiptinfilesforrecordpurposes.

Employees must not alert the customer conducting the suspicious transaction of their suspicions or that a SMR has been or will be filed.Having considered the above risk mitigation & controlmeasures the money transfer business is regarded as HIGHRISKinMLandTF.

InthecasewheretherearesignificantchangesinMLorTFriskforthepurposeofthisProgram,MoneyGramshallrecognizethechangesandre-assessbased

AAKMG004 AAKMG004

on the Risk Model and other Risk Indicators of the ML &TFriskposedbythefollowingfactors:

a.All newdesignatedservices, includingmoney transferservice,priortointroducingthemtothemarket;b.Allnewmethodsofdesignatedservicedelivery,includingmoneytransferservice,priortoadoptingthem;&c. All new or developing technologies used for the provision of a designated service prior to adopting them.

A5. Appointment of Compliance OfficerTheAffiliatehastoappointaComplianceOfficertoberesponsibleforAML&CTFcomplianceresponsibilities.The following factors are considered when designating whoundertakestherolesoftheComplianceOfficer:1. Independence2. Seniority3. Accountability4. Reporting Lines5.Accesstoexecutive/board6.Relevantskills&experience,includingknowledgeofthebusiness&thelegalobligationsundertheAML&CTFAct

TheresponsibilitiesoftheComplianceOfficeraswellastheseniormanagementoftheAffiliateinclude:

• THE ADOPTION OF THE MONEYGRAM AML/CTFPROGRAMME;•Ensuringcontinuingcompliancewiththerequirementsof theAML&CTFAct,AML&CTFRules & relevantguidelines or guidance notes issued by AUSTRAC;•CoordinatingtheAML&CTFComplianceProgram;•Reviewing&updatingtheComplianceProgram,policies&proceduresasnecessaryowingtochangesinlawsorregulations; •Ensuring AML andCTF risk awareness training isconducted in an effective manner for all appropriate employees based on a risk assessment training model;•Ensuringalltrainingisdocumented,includingthedateoftraining,nameofthetrainer/trainee&topicsdiscussed;•Ensuringemployeeduediligenceprogram;• Ensuring accurate record keeping and reporting asmandated by the AML and CTF Act;•Ensuring that theComplianceProgram is subject toperiodic independent reviews;•CooperatingwithlawenforcementorAUSTRAConAMLinvestigations;•ConsideranyAUSTRACfeedbackregardingtheAffiliate’sriskmanagementperformance;•Acting as the contact officer forAUSTRAC matters,includingbutnot limitedto, thefilingofrelevantreports,urgent reporting, compliance audits or requests forinformation or documents;•EnsuringthatthereisaprocesstoallowstafftoreportviolationsoftheComplianceProgramconfidentially,withalternative arrangements if theComplianceOfficer isimplicated;•Conductinginitialduediligence&ongoingevaluationonanythirdpartyAMLandCTFcompliance-relatedserviceproviders,ifany;•Ensuring that transaction records are properly kept inaccordance with Part 10 of the AML and CTF Act;•Actingasthecontactofficerforlawenforcementmatters,includingbutnotlimitedto,theurgentreportingand/orrequestsforinformationordocuments.

Page 6 of 12

A6. Registration Obligations under the AML and CTF Act (2006)The provision of MoneyGram® money transfer service in Australiafallsunderthedefinitionof“registrabledesignatedremittanceservice”insection5oftheAML/CTFAct.ItisalegalrequirementforprovidersofMoneyGram®moneytransfer service to register with AUSTRAC.

MoneyGram, on behalf of itsAffiliate,must submit acomplete registration application to AUSTRAC before starting to provide money transfer service. The registration application shall be submitted by either of the followingmethods:

a) Online RegistrationAnapplicationwillbesubmittedonbehalfofAffiliatesbyMoneyGram through this link: https://online.austrac.gov.au/ao/login.seam.

b) Written Registration FormThe Registration Form can be submitted in writing to the officeofAUSTRAC.

MoneyGram registeredwithAUSTRACandhas fulfilledtheregistrationrequirementundertheAML&CTFAct.

A7. Reporting Obligations under the AML and CTF Act (2006)UndertheAML&CTFAct,areportingentity,includingMoneyGram&eachofitsAffiliates,havetocomplywiththefollowingrequirementsundertheAML&CTFAct:

a) Section 41 – Reports of Suspicious MattersWhen theAffiliatehasany suspicionon the transactionpattern of any customer that the activities may relate to ML or other criminal activities, it is obliged to submit aSMRtotheAUSTRACCEOwithin3businessdaysafterthe suspicion is formed. For suspicious activity relating to TF activities, theSMRhas tobesubmittedwithin 24hours after the suspicion is formed. The original SMR Form is available from AUSTRAC and is available through AUSTRAC Online.

b) Section 123 – Offence of Tipping OffIf a suspicious matter has been reported to AUSTRAC CEOorasuspiciousmatterreportingobligationhasformedundersection41oftheAct,thereportingentitymust not disclose to someone other than the AUSTRAC CEOoramemberofAUSTRACthattheinformationhasbeencommunicated to theAUSTRACCEOor thesuspiciousopinionisformed,unlessexceptionsapply. The Affiliate’s Compliance staff are responsible forreviewing & identifying any suspicious transactionsor matters arising from MoneyGram money remittance services.

c) Section 43 – Reports of Threshold Transactions (for transaction at or above AUD10,000) WhenatransactionamountreachesAUD10,000,areporting entity has to submit a Threshold Transaction Report (TTR) to AUSTRAC within 10 business days. MoneyGram has put in place an alert in its automatic monitoring system to highlight any transaction amount reaching or exceedingAUD10,000. Upon generation ofsuch an alert, MoneyGram will submit a report toAUSTRAC.

AAKMG004 Page 7 of 12Page 6 of 12

d) Section 45 – Reports of International Funds Transfer Instructions (IFTI)All international fund transfer transactions have to be reported to AUSTRAC by each reporting entity. MoneyGramisresponsibleforcompleting&submittingIFTI reportelectronically on behalf ofall itsAffiliatesregistered with AUSTRAC in Australia.

e) Section 47 – AML & CTF Compliance ReportAs registered designated remittance service providers in Australia, MoneyGram & itsAffiliates are required toprovide a Compliance Report to AUSTRAC regarding their compliance with the AML and CTF Act 2006 and the AML and CTF Rules.

MoneyGram is responsible for completing & submittingthe Compliance Report electronically on behalf of all its AffiliatesregisteredwithAUSTRACinAustralia.

A8. AML & CTF Risk Awareness Training Program

Training requirementsTraining must be provided to all employees who are involved in the MoneyGram® money transfer service in Australia and the contents of training must include at a minimum:•Theconceptofmoneylaundering&financingofterrorism;•Identifyingsuspiciousactivity&structuredtransactions;•PreventionofFraud;•How to complywith the record keeping and reportingrequirementsundertheAML&CTFAct(2006);•KYCpolicy.

EmployeeswhoareinvolvedinMoneyGrambusinessinAustraliaarerequiredtoattendemployeeAMLTraining,understand&complywiththecontentsofthisComplianceProgram.

Scheduling Employee and Affiliate TrainingMoneyGramwillschedule&ensure thatperiodicAffiliateAML training is to be conducted on a regular basis or whenever there is an ad hoc need to deliver the training.

A9. Employee Due Diligence ProgramTheAffiliate’s Employee DueDiligenceProgram isanintegral component of the Affiliate’s risk managementmeasures&isaneffectivewayofminimisingandguardingagainstarangeofpotentialrisks.Theobjectiveof the EmployeeDueDiligenceProgram is to ensuretheintegrity,identityandcredentialsofpersonnelwithinanorganisation,& to provide assurance thatpeopleentrusted within an organisation are worthy of that trust.

The term Employee DueDiligencerefers to theconductingofML&TFriskassessmentsofemployees.IntheAffiliatecontext,‘employee’includesanyindividualperson who is engaged on a permanent, temporary,contract or volunteer basis. This will meet the requirements of Chapter 56 of theAct. Key personnelhave to attest to civil, criminal convictions and obtainNationalPoliceClearances.

Screening of new and existing employeesTheEmployee Due DiligenceProgramhasappropriatesystems&controls for the reportingentity todeterminewhetherto,&inwhatmannerto,screenanyprospective

employee who, if employed, maybe inaposition tofacilitate the commission of a money laundering or financing of terrorism offence in connectionwith theprovision of a designated service by the reporting entity.

The Employee Due Diligence Programhas includedappropriatesystems&controls for the reportingentity todeterminewhetherto,andinwhatmannerto,rescreenan employee where the employee is transferred or promoted and may be in a position to facilitate the commission of a money laundering or financingof terrorism offence in connection with the provision of a designated service by the reporting entity.

The Employee DueDiligence Program has establishedand maintains a system for the reporting entity to manageanyemployeewhofails,withoutreasonableexcuse,tocomplywithanysystem,controlorprocedure.

Employment Reference Check for New EmployeesEmployment references are required for all prospectiveand new employees.

Identity Verification on EmployeeAll employees are required to bring in their passport/photoIDontheirfirstdayofjoining.Sightingoftheoriginal identification document will be madeasapplicable.Anyadditionaldocumentationrequiredtodemonstrate their right to work in the relevant country willalsoberequested,forexamplevisas/workpermitsunlessthese are being obtained by the Company. Copies of all documentsarekeptinthestaff’spersonalfile.

Relevant Data Protection Clauses in Employment Contract for staff working in AustraliaIntermsofdataprotection,therelevantparagraphsareto be detailed in the current employment contract template for Australia.

A10. Responses to Law Enforcement Enquiries

Authority to Summon Testimony and RecordsGovernment regulators and law enforcement agencies may seek information and records from time to time. Any person associated or connected with MoneyGram who receivesorisservedwithasummons,subpoenaorcourtorder related to MoneyGram’s business shouldimmediately contact theAffiliate Compliance Officer forassistance.

In need MoneyGram may be contacted and in turn will assisttheenquiringentitiesintheirinvestigations,provided the request(s) is/are conducted in a lawfulmanner against the correct legal documentation.

Only the stated documentation is to be afforded in terms of the legal documentation and no information shall be offered voluntarily. This is necessary to ensure that MoneyGram& the Affiliate complywith theapplicableprivacylaws.Furthermore,Governmentagenciesarenotpermitted to use their summons authority to go on unwarranted “fishing” expeditions in our records.Employees should not feel pressured by Governmentagencies to release consumer or company information without first receiving a proper summons, subpoena orcourt order.

AAKMG004 AAKMG004Page 8 of 12

TheMoneyGramAffiliateshouldonlydisclosecustomerdata that they have access to the regulator or law enforcementagenciesonlyifawrittenenquiry,subpoenaor court order has been received. Should there be any doubt as to the release of information or data MoneyGramComplianceSydneyOfficeistobecontacted.

A11. AUSTRAC Feedback

The MoneyGram Affiliate will take the followingprocedures if it receives any feedback from AUSTRAC in respectoftheBusiness’performanceonthemanagementofMLorTFrisk(“AUSTRACFeedback”):

1)AfterAUSTRACFeedbackisreceived,thecompliancestaff shall submit to the Senior Management as well as MoneyGramCompliance: a) the AUSTRAC Feedback; b) in the case that the AUSTRAC Feedback contains recommendations for improvement,aproposalof remedialactions to be taken.2) Senior Management and MoneyGram Compliance shallreview,comment&approvetheproposalsubmittedby the compliance staff.3) The compliance staff shall implement the remedial actions based on the proposal that has been approved by Senior Management and MoneyGram Compliance.4) Upon successful implementation of the remedial actions,thecompliancestaff&MoneyGramComplianceshall notify AUSTRAC about the remedial measures taken inviewofAUSTRAC’sFeedback.

A12. Reporting & Investigation of any Violations of this Compliance Program

IfanystaffoftheAffiliateknowsthathe/sheoranotheremployee may have violated any part of this Compliance Program,thestaffisrequiredtoreporttheviolationorsuspected violation to the compliance staff. Once thecompliancestaffhavereceivedsucha report,thefollowingstepsshallbetaken:

1. The compliance staff shall immediately inform the SeniorManagementoftheAffiliate;2. The compliance staff shall commence investigation onthesuspectedviolation.Duringtheinvestigation,thesuspected violating staff shall be given an opportunityto respond toanyqueriesarisingduring theprocessofinvestigation. The whole investigation process must be keptinstrictconfidence;3. After the investigation is completed, the compliancestaff shall submit the findings and recommendations totheSeniorManagementoftheAffiliate&MoneyGram;4. If there is no evidence showing a violation to this Program is found, the case shallbeclosedwith theconcurrence of MoneyGram;5. In case a violation to this Program is found on the part of an Affiliate employee, the findings shall also beforwardedtotheSeniorManagementoftheAffiliateanddocumented disciplinary actions taken.

In the case where the violation or suspected violation relates to or has an implication on the part of the compliancestaff,anyemployeewhowouldliketoreport this shall send the information directly to the SeniorManagementoftheAffiliate.

Underallcircumstances,thenameofthereportingstafforinformantwillbekeptconfidentially.

PART BB1. Identification of ML and TF Risks

Risk-based KYC Policy

InthecourseofdesigningtheKYCPolicy,theAffiliateinconjunctionwithMoneyGramhasconsideredthefollowingriskfactors:

•CustomerTypeRisk•Product/ServiceRisk

Inviewofthenature,size&complexityofMoneyGram,and having considered the risk mitigation and control measures mentioned in PointA2 of thisProgram,MoneyGramandtheAffiliateregards itsrisks inrespectofKYCasHIGHRISKinMLandTF.Therefore,thefollowing KYC Policy has been developed.

B2. KYC Policy

(a) Basic KYC Policy (not applicable to Affiliates of TAFMO/Touch Networks) Required Customer Data for processing a MoneyGram® money transfer transaction

One of the most effective ways to protect MoneyGram and itsAffiliatesfrombecomingthevictimoffinancialcrimesstarts with verifying the identity of the customers and knowing with whom the money transfer transactions are conducted.

Individual Customer (Natural Person)To also ensure compliance with the Customer Identification requirements as laid down in Part 4.2 oftheAML&CTFRulesInstrument2007(No.1)issuedbyAUSTRAC,MoneyGram requires itsAffiliates to collectthe following customer data for both parties for every send or receive money transfer transaction irrespective of the transactionamount:

1.FullNameofbothparties2. Physical Address of both parties 3.TelephoneNumber(ifany)4.ValidGovernmentIssuedPhotoID5.DateofBirth6. Occupation7. Transaction Amount 8.TransactionDate9. Signature of the customer on either Send or Receive Form

Ifacustomerrefusestoprovidetheaboverequiredinformation, or if a customer’s Identification Documentdoesnotmatchwithhis/herappearance,MoneyGramoritsAffiliateinAustraliaWILL NOT process the transaction.

Note The customer must provide a physical permanent residential addresswhere he/she resides. If it isanaddressinAustralia,MoneyGramAffiliatesarerequiredtorecordandinputthePostalCodeandNameofStateintoMoneyGramsystem.APostOfficebox(P.O.Box)isnot

•DeliveryMethodRisk•Country/GeographicRisk

AAKMG004 Page 9 of 12Page 8 of 12

acceptable. The customer CANNOT use a business address to process a transaction.

•When documenting a customer’s Photo ID,MoneyGramAffiliate shall record the type of ID, the IDnumber,andtheissueroftheID.• If thecustomer indicates thathe/she isnota residentofAustralia,he/shemustpresentavalidpassport,alienidentification card or other official document evidencingnationality or residence.•Verificationofthecustomer’sidentificationmustbebasedon a reliable and independent document. The Acceptable CustomerPhotoIdentificationDocumentmustbe:a)avalidGovernmentissuedidentificationdocumentwithaphotooftheholder,suchasnationalidentitycard,passport,localdrivinglicense,etc. b)Staffmustensure that the identificationdocumentmatches the customer conducting the transaction.•UnacceptableIDincludesEmployeeID,ExpiredIDorLoyaltyCard,etcwhichisnotissuedbyanyGovernment. (b) Basic KYC Policy – applicable to-Affiliates of TAFMO/Touch Networks

TAFMO/TouchNetworksadoptsaregistrationpolicywhich requires its customers to register personaldetailswithTAFMO/TouchNetworksbeforetheycanuseMoneyGram money remittance service.

Forregistrationpurpose,acustomer,whousesTAFMO/TouchNetworksforthefirsttimetoconductaMoneyGramtransaction,hastofillinthefollowingdetailsintheSendFormorReceiveFormforbothparties:1. Full name 2. Full residential address3. Telephone number (if any)4.ValidGovernmentIssuedPhotoID5.Dateofbirth6. Occupation7. Signature of the customer on either Send or Receive Form

Upon successful registration with TAFMO/TouchNetworks, the customerwill be given a uniqueMGTNumberthatshallbegiventoAffiliatesofTAFMO/TouchNetworks in his/her subsequent requests for usingTAFMO/TouchNetworks toconductMoneyGrammoneytransfer transactions.

Ifacustomertakestheinitiativetoprovideacopyofhis/herphoto IDdocument, theBusinesswouldattachandretain such copy with the Send Form or Receive Form.

For transaction purpose, the Transaction Amount andTransactionDatemustalsobe recorded in theSendorReceive Form.

If a customer refuses to providetheaboverequiredinformation, or if a customer’s Identification Documentdoesnotmatchwithhis/herappearance,MoneyGramorTAFMO/Touch Networks and itsAffiliatesWILL NOT process the transaction.

Within the TAFMO/Touch Networks, the maximum amount of per MoneyGram money remittance transaction is AUD9,500. In case a customer requests the Affiliates of TAFMO/Touch Networks to send more

•DeliveryMethodRisk•Country/GeographicRisk

than AUD9,500, the Affiliate is not allowed to carry out the transaction nor split the transaction into two or more transactions. The Affiliate must tell the customer to go to a MoneyGram Affiliate Location other than TAFMO/Touch Networks’ Affiliate to conduct the transaction.

(c) “Third Party” InformationThe MoneyGram money remittance service is intended toserve individual customers, i.e. a natural person.Therefore, MoneyGram and itsAffiliates do not acceptanon-natural person to be asenderor receiver inaMoneyGrammoney transfer transaction. A non-naturalperson refers to a limitedcompany,a soleproprietoroperatingbyatradingname,apartnership,atrustoranyform of organizations.

Nevertheless,MoneyGramalso incorporates an enquiryprocedure on the ultimate instructor or beneficiary of atransaction. MoneyGram uses the word “Third Party” to refertotheultimateinstructororbeneficiaryofatransaction. If a customer who conducts a transaction isinfactdoingsoforsomeoneelse,theKYCinformationmust be obtained for both the customer appearing at the MoneyGramAffiliatelocationaswellasthepersonbehindwhoinstructsorbenefitsfromthetransaction.Examplesof third parties are an employee of a business conductingthetransactiononbehalfofthebusiness,oraperson who conducts a transaction on behalf of an older ordisabledrelative.MoneyGramAffiliatesarerequiredto complete the Third Party sections on either Send or Receive Form.

IftheThirdPartyisanIndividual,theKYCprocedurefollows the “Individual Customer (Natural Person)” asstated above.

NON-NATURAL PERSONS AND THIRD PARTY TRANSACTIONS ARE NOT ALLOWED IN AUSTRALIA.

For the sake of good order we include details relating to aninstanceiftheThirdPartyisnotanIndividual/NaturalPerson,MoneyGramAffiliatesarerequiredtorecordthefollowinginformationoftheThirdParty:

Sole Traders1.FullNameofbothparties2.PhysicalAddressofbothparties(Verificationwouldrequiresecondarydocumentatione.g.gasbill)3.Fulladdressofcustomer’sprincipalplaceofbusiness4. Full business name5.ABNnumberissued6.TelephoneNumber(ifany)7.ValidGovernmentIssuedPhotoID8.DateofBirth9. Occupation10. Transaction Amount 11.TransactionDate12. Signature of the customer on either Send or Receive Form

Local Company1.Fullnameofthecompany/organization2. Address3. Type of business4.AustralianCompanyNumber(ACN)5. Whether the company is registered by the

AAKMG004 AAKMG004Page 10 of 12

Australian Securities and Investments Commission (ASIC) as a proprietary or public company6.Beneficialownersofthecompanyifprivate(Pty)

Registered Foreign Company1. Fullnameofthecompany/organizationasregisteredby ASIC2. Principal and local addresses as well as those of the Affiliateifany3. Type of business4.AustralianRegisteredBodyNumber(ARBN)5.Countryofformationorregistration/incorporation6. Whether the company is registered by ASIC as a proprietary or public company.7.Beneficialownersofthecompanyifprivate(Pty)

Un-Registered Foreign Company1. Full name of the company2.Addressofthecompanyincountryofformation,incorporation or registration3.Identificationasissuedtothecompany4. Type of business5.AustralianRegisteredBodyNumber(ARBN)6.Countryofformationorregistration/incorporation7. Whether the company is registered by ASIC as a proprietary or public company8.Beneficialownersofthecompanyifprivate(Pty)

Partnership1. Full name of partnership2. Full business names as registered 3. Full name of each partner4. Residential address of each partner5. Country of establishment6. KYC as indicated relating to at least one partner

Trusts1. Full name of Trust2. Full business names as registered3. Full name of each Trustee4. Residential address of each Trustee5. Country of establishment6. KYC as indicated relating to at least one Trustee7.NamesofbeneficiariesandKYConbeneficiaries

Incorporated Association1.Nameofassociation2. Full name of chairman, secretary and treasurer orequivalentofficer3.Fulladdressofpublicofficer4.Residentialaddressofpresident,secretaryortreasurer5. Unique identifyingnumber issued toassociationbyincorporatingstate,territoryoroverseasincorporationbody

Unincorporated association1.Nameofassociation2. Full name of chairman, secretary & treasurer orequivalentofficer3. Full address of place of administration4. Where the customer is acting in capacity of a member-fullKYCrelatingtomember

Registered co-operative1.Fullnameofco-operative2. Full name of chairman, secretary or treasurer orequivalentofficerineachcase3.Fulladdressofregisteredoffice

4. Principal place of operations5.Residentialaddressoftheco-operative’ssecretary6.Residentialaddressoftheco-operative’spresidentortreasurer if no secretary7.Anyuniqueidentifyingnumber

Government Body1. Full name of Government body2.FulladdressofGovernmentbody’splaceofoperations3.ConfirmifGovernmentbodyisaseparatelegalentityorauthorityand/orestablishedunderlegislation

AffiliatesOn behalf of an individual1.FullnameofAffiliateactingonbehalfofcustomer2.Evidencetoactonbehalfofthatcustomer

On behalf of a non-individual1.FullnameofeachAffiliateactingonbehalfofcustomer2.Evidenceofactingauthorization

Verifying Officer (appointed by a non-individual customer to verify their Affiliates only)1.FullnameofAffiliate2. Titleofposition/roleheldbytheAffiliateswiththecustomer3.CopyofsignatureoftheAffiliate4.Evidenceofactingauthorization5. Information relating to theverifyingofficerperindividualKYCrequirements(e) Processing of Send & Receive TransactionsSend Transaction1. A Sender has to conduct Send Transaction(s) in personatMoneyGramAffiliatelocation(s).2. Prior to conducting any MoneyGram money transfer transaction,MoneyGramAffiliatewillverifythecustomer’sIDandhavethecustomercompleteallappropriate&necessarysections&signtheMoneyGramSendForm.3.TheemployeeofMoneyGramAffiliatewhoprocessesthetransaction isrequiredtocorrectly inputtheinformation provided by the customer into MoneyGram money transfer system. 4.MoneyGramoritsAffiliatesretaintherighttorefusetoprocess any transaction that appears suspicious.

Receive Transactions1. A Receiver has to conduct Receive Transaction(s) in personatMoneyGramAffiliatelocation(s).2. Prior to conducting any MoneyGram money transfer transaction,MoneyGramAffiliatewillverifythecustomer’sID&havethecustomercompleteallappropriate&necessarysections&signtheMoneyGramReceiveForm.3.TheemployeeofMoneyGramAffiliatewhoprocessesthe transaction is required to correctly input theinformation provided by the customer into MoneyGram money transfer system. 4.MoneyGramoritsAffiliateretainstherighttorefusetoprocess any transaction that appears suspicious. (f) Further KYC and Monitoring procedures to mitigate ML & TF risks

1. Send Transactions•Beforemoneyofatransactionispaidouttothereceiver,thenamesofallsendersandreceiversarecompared against sanction lists published by various

AAKMG004 Page 11 of 12Page 10 of 12

Governments,includingtheOFACListoftheU.S.A.andtheDFATListofAustralia.Thiscomparisonoccurswithinafew seconds after the transaction has been sent. •Ifthereisapossiblematchofacustomer’snameagainstany of the sanction lists, the transaction statusautomaticallymovesfrom“SEN”(i.e.availabletopayout)to“HLD”(i.e.putonholdandnotallowedtopayout).All possible matches are investigated by MoneyGram staff as soon as possible.• If it isa“false”match, the“HLD” transactionwouldbecleared within a few minutes by MoneyGram staff. • If the possible match cannotbequickly released,MoneyGram will need to talk to the sender or receiver &askforadditionalpersonalinformationinordertohelpMoneyGram ascertain whether or not the customer is the same person as the one listed on any sanction list. •MoneyGrammust be able to prove that the customerconcerned is not the same person as the one named on the relevant sanction list.

2. Receive Transactions•Whenthereisapossiblematch–&ithasnotyetbeenclearedbyMoneyGram–thereceiveAffiliatewillseeascreenmessageof“Code4-CallMoneyGramAffiliateServices1-800-444-3010,Int’lAffiliatecallyourtoll-free#”.•The receiveAffiliate should then contact theU.S.CallCentre at the toll free number when Code 4 appears or when a transaction was put on hold. •MoneyGrammayaskthereceiveAffiliateorthereceivecustomer for information that will prove the customer is not the person named on the OFAC List. If the possible OFAC match is to thesender’sname,MoneyGramwillask thereceiver to tell the sender to call MoneyGram.

B3. Record Keeping RequirementsSection 106- 108, 111 – 114 under the AML &CTF Act•To comply with section 106 to108 of the AMLandCTFAct,theMoneyGramAffiliatehastoretaintransactionrecords,whichincludesystemdata,for7years.MoneyGramalsorequiresitsAffiliatestocomplywiththisrecordkeepingrequirements,i.e.retainall completed Send Forms, ReceiveForms,Receiptsor documents provided by customers for 7 years. Electroniccopiesmaybeheld.

•TocomplywithSection111to114oftheAML&CTFAct,MoneyGramrequestsitsAffiliatestomakearecordofinformation which is obtained in the course of carrying out theapplicable customer identificationprocedure. Thus,customers’personalinformationhastobewrittendownonMoneyGram’sSendFormorReceiveForm.

Data Privacy of Customer RecordsInaccordancewiththeNationalPrivacyPrinciplesoftheFederalPrivacyActofAustralia,MoneyGramAffiliatesmustprotectcustomers’personal&privateinformation.Alldocumentsthatcontaincustomers’private&personalinformationwillbestoredinasecurelocation&system database. If theMoneyGramAffiliate discardsanytransactionrecordswhichcontaincustomerdata,thedocuments must be completely destroyed prior to disposal.

PART CC1. MoneyGram Know Your Affiliate Policy and Registration

In order to make the best effort possible to avoid inadvertently installing Affiliates who may be potential moneylaunderersorothercriminaloffenders,MoneyGramhasadopteda“KnowyourAffiliate”PolicyforallAffiliateapplicants. Under this Policy, it requires backgroundchecksoftheAffiliateowners,includingOFAC/WatchListreviews,criminalandcreditchecks,aswellasotherdatathat may be available about the individuals.

This policy is applicable for allAffiliate applicantsworldwide, except those companies that are publiclytraded on a major stock exchange. This policy isin addition to existing procedures used by the Sales and RiskTeamstoevaluateAffiliateapplicantspriortoapplying to AUSTRAC for registration.

For Affiliate applicants who are based inAustralia,MoneyGramwould further use the free enquiry serviceprovided by the ASIC website to conduct reference checks ontheAffiliateapplicant.

The BusinessDevelopment Team in the SydneyOfficeisresponsibleforcollectingallrequireddocumentsfromtheentitywhoapplies tobecomeanAffiliateorAffiliateof MoneyGram in Australia. The applicant entity must provide MoneyGram with documents including but not limitedtothefollowing:1. A document proving its successful registration with AUSTRAC as a registered money remittance service provider (MoneyGram Payment Systems Inc. (MPSI) will attendregistrationofAffiliates);2.Complete Business Profile formplusadditionalinformationaboutfullbackground/historyofbusiness;3. Complete MoneyGram Know Your Partner (KYP) form &copy of identification documents ofownersof theapplying entity;4. Complete Participating Location Form (PLF);5.Recent twoyearsof companyfinancial statements–Profit&LossplusBalanceSheet;6.Provide a brief Business Plan (three-year),incorporatingthefollowing:-a.Transactionsvolumeprojection–send&receiveb.Keycorridors/countriestargetc.Numberoflocations/branches

C2. MoneyGram Compliance Training to AffiliatesMoneyGram will provide Compliance Training to all Affiliatesbasedonatrainingrequirementriskassessmentmodel or whenever there is an ad hoc need to provide additional training to selected locations. Training will also beprovidedtonewAffiliatesonset-up.Thetrainingwillcoverthefollowingareas:a)MoneyGramAMLComplianceGuideforAffiliates;b)AML;c)TF;d)OCDD;e)SMR;f) Fraud and Fraud Prevention Measures;g)OfficeofForeignAssetsControl(OFAC);h) MoneyGram KYC Requirements for Tafmo/TouchNetworks;i) Relevant provisions of the AML and CTF Act 2006 and Rules/GuidelinesissuedbyAUSTRAC.Whereverpossibletrainingisprovidedviaanon-lineplatform&anattendancerecordisheldbyMoneyGramofall training successfully completed. Should circumstances warrant face to face training this alternative method will be employed.

AAKMG004 Page 12 of 12

*PO

1007

13*2

50