(IT)DUE DILIGENCE POLICY
Purpose of Policy
The Kayndrex Foundation is dedicated to the management of its activities to the highest standard to ensure that investments come from legitimate and ethical sources and contributes positively to peace, human rights, and finance practices. This IT Due Diligence Policy and the Foundation’s practices for managing services are consistent with international regulatory requirements.
Due Diligence Application Process
Each new stakeholder is required to complete the relevant application contained in our websites. The completed application form together with documents (where necessary) is provided by the Relationship Manager to the Compliance Officer for review. The Compliance Officer reviews the Due Diligence File (complete application form together with documents) and assesses if it is adequate. Only complete Due Diligence Files can be accepted for consideration. The Compliance Officer can request additional documents or information if necessary. The Compliance Officer further performs a personal history check.
Supply Chain risk Assessment
Once the Compliance Officer determines the Due diligence File contains sufficient information for a decision to be made, the Compliance Officer assigns a risk profile rating (low, medium, high, or extreme) to the file. For all stakeholders deemed to be ‘high risk’ and ‘extreme risk’, enhanced due diligence shall be performed. Enhanced due diligence includes the completion of an in-person visit (virtually) by a Foundation representative and completion of a report in the form approved by the Foundation.
Each Due Diligence File shall either be ‘approved’ or ‘disapproved’ for business on the basis of the Foundation’s risk-based approach to due diligence. No new stakeholder can be approved for business until they have been subjected to the Foundation’s Due Diligence Process.
The Compliance Officer is responsible to oversee the due diligence process with the support of the Foundation’s Compliance Committee. Senior Management retains the ultimate management and responsibility for the supply chain. Senior Management will carefully select and supervise the Compliance Officer and give him/her the necessary resources to perform his/her duty. Senior Management should approve each new supply chain assessed as ‘high’ or ‘extreme risk’ and should revisit each year the decision whether to continue with these organisational relationships or discontinue with them. The Compliance Committee shall provide Senior Management with a report and its recommendation of whether a ‘high’ or ‘extreme risk’ stakeholder should be approved each year.
Once approved, each stakeholder is assigned with a unique stakeholder identification number. Each service received from the stakeholder is assigned with a sub-identification number before the service is processed.
On-going Stakeholder Due Diligence and Monitoring
Once the stakeholder has been approved, all Foundation personnel that have contact with the investor have a duty to report any known change in information contained in the Due Diligence File, or any suspicious information, to the Compliance Officer in accordance with the Foundation’s Whistleblowing Policy.
Modification to Due Diligence File
All modifications regarding the stakeholder shall be submitted to the Compliance Officer. The Compliance Officer shall submit the modification request for approval by the appropriate party with ultimate responsibility for the stakeholder.
In the event of stakeholders who have been inactive for one (1) year, the Due Diligence File shall be updated, validated, and resubmitted for approval should they elect to recommence business.
Due Diligence Document Retention
All due diligence files shall be maintained in a safe and secure manner and for a modicum of five (5) years following the end of the fiscal year. This applies to both approved and unapproved stakeholders.