Home · AML Policy
Legal

AML Policy.

How we screen, what we report, and what we keep off the platform.

Last updated: May 8, 2026  ·  Effective: June 1, 2026  ·  Version: 1.4

Mitu Labs Inc. (“Mitu Labs Inc.”, “Mitu”, “we”, “our”, “us”) is committed to combating all forms of financial crime, including money laundering, terrorism financing, fraud, bribery, and corruption. As a financial technology company operating in cross-border payments, we recognise that the integrity of our platform depends on robust controls that prevent our products from being used for illicit purposes.

Mitu Labs Inc. is a Delaware C Corporation, registered with the United States Financial Crimes Enforcement Network (FinCEN) as a Money Services Business under BSA ID 31000329382690. We operate in partnership with licensed banking and payment infrastructure providers, and our compliance program is designed to meet the standards expected by these partners and the regulators who oversee them.

This policy applies to all directors, officers, employees, contractors, and agents of Mitu Labs Inc. Every person associated with Mitu Labs Inc. is expected to read, understand, and follow this policy. Failure to comply may result in disciplinary action, termination, and where appropriate, referral to law enforcement.

Structure of the framework

Mitu Labs Inc. has established a comprehensive Anti-Money Laundering (“AML”), Countering Terrorism Financing (“CFT”), and Preventing the Financing and Proliferation of Weapons of Mass Destruction (“PFMD”) framework. This framework is built around international standards, including the recommendations of the Financial Action Task Force (FATF), the requirements of the Bank Secrecy Act (BSA), the USA PATRIOT Act, and applicable laws and regulations in the jurisdictions where we operate.

The framework is reviewed and updated on a regular basis to ensure its continued relevance and to reflect changes in regulatory requirements, evolving best practices, and developments in our business. This policy is reviewed and approved at least annually by senior management. If material changes are needed between cycles, an amendment is drafted, signed, and incorporated into the policy at the next annual review. As Mitu Labs Inc. grows and establishes a Board of Directors, the Board will assume formal responsibility for the annual review and approval of this policy.

The framework is accessible to all team members through our internal documentation systems and is communicated to relevant external parties, including banking partners, auditors, and regulators, as appropriate.

Mitu Labs Inc. follows a risk-based approach to financial crime risk management rather than a check-the-box, rule-based approach. This means we proactively identify, assess, and manage the risks specific to our business model, customer base, products, services, and geographies. We allocate compliance resources to the areas of highest risk and adjust our controls as our business and the regulatory landscape evolve.

The framework's scope

The framework covers governance and senior management oversight, customer due diligence, enhanced due diligence for higher-risk relationships, transaction monitoring and reporting, sanctions compliance, treatment of politically exposed persons, training and awareness, record keeping, independent review, and data protection. The sections below set out how each of these areas is implemented in practice. The framework also addresses related topics that cut across these areas, including risk assessment, partner due diligence, prohibited relationships, and anti-corruption.

Assessment of risks

Mitu Labs Inc. conducts a comprehensive risk assessment of its products, services, customers, channels, and geographies. The purpose of the assessment is to ensure that money laundering, terrorism financing, and related risks are identified, understood, and managed. The risk assessment is conducted at least annually and is updated when significant changes occur in our business, customer base, geographic footprint, product offering, or risk environment.

The output of the risk assessment informs our compliance priorities, the calibration of our controls, the allocation of compliance resources, and the topics emphasised in staff training.

Banking and payment partners

Mitu Labs Inc. establishes and maintains relationships with banking and payment partners that have appropriate anti-money-laundering and counter-terrorist-financing policies and procedures in place. We do not maintain accounts with, or relationships with, shell banks. We conduct due diligence on our partners before engaging with them and review these relationships periodically to address any AML and CFT concerns.

Prohibited business relationships

Mitu Labs Inc. does not create accounts or conduct transactions for customers using pseudonyms, numbers, or other arrangements designed to obscure their real identity. We also do not maintain relationships with sanctioned individuals or entities, shell banks, customers engaged in activities that violate our terms of service, or customers who refuse to complete required due diligence.

Anti-corruption, anti-bribery, and anti-fraud

In all of its business activities and interactions, Mitu Labs Inc. upholds high ethical standards. We have a zero-tolerance policy for any form of bribery, corruption, fraud, or unethical conduct among employees and between Mitu Labs Inc. and third parties such as customers, vendors, and partners. We expect third parties working on our behalf to adhere to the same standards.

Employees are required to report any suspected bribery, corruption, or fraud through the appropriate channels. Mitu Labs Inc. does not tolerate retaliation against employees who report concerns in good faith.

Governance and oversight

Responsibilities of senior management

Mitu Labs Inc.'s senior management is responsible for managing the AML and CFT compliance system. Senior management ensures that personnel comply with all regulatory and internal anti-money-laundering and counter-terrorist-financing standards and that Mitu Labs Inc. maintains a zero-tolerance policy for regulatory violations. Consistent with global AML and CFT best practices, the tone is set at the top.

The founder has designated a Chief Compliance Officer responsible for the day-to-day implementation of this policy. The Chief Compliance Officer has the authority, independence, and resources to discharge their responsibilities effectively. As Mitu Labs Inc. scales and establishes a Board of Directors, the Board will assume oversight responsibility for the AML and CFT program and will receive regular reports on the state of compliance, key risks, and remediation actions.

The Chief Compliance Officer is responsible for:

  • Maintaining and updating this policy and supporting procedures
  • Overseeing customer due diligence and onboarding decisions
  • Reviewing and investigating suspicious activity
  • Filing Suspicious Activity Reports with the relevant authorities
  • Ensuring sanctions screening is performed correctly
  • Coordinating staff training
  • Engaging with regulators, banking partners, and law enforcement
  • Conducting and commissioning periodic risk assessments and reviews
  • Reporting to senior management on the state of compliance

The Chief Compliance Officer can be contacted at compliance@mitu.ai.

Reporting to senior management

Regular AML and CFT updates are provided to senior management. These reports give management the information necessary to evaluate Mitu Labs Inc.'s adherence to regulatory requirements and the effectiveness of our controls. They also keep management informed of trends and developments in the financial industry, particularly in the area of anti-money-laundering and counter-terrorist-financing risk management. Reports cover key metrics such as customer onboarding outcomes, sanctions screening results, suspicious activity escalations, training completion, and any regulatory engagements.

As the company grows and establishes a Board of Directors, formal monthly and quarterly reports will be provided to the Board to support its oversight role.

Customer due diligence

A correctly completed account-opening process, along with the submission of identification and other essential information and documents, serves as the foundation for a customer's onboarding into Mitu Labs Inc. Before entering into any business relationship with a customer, Customer Due Diligence (CDD) is performed.

For individual customers, we collect and verify the following at a minimum:

  • Full legal name
  • Date of birth
  • Residential address
  • Nationality
  • Government-issued photo identification, such as a passport, national ID card, or driver's license
  • A live photograph of the customer matched against the identification document
  • Phone number and email address
  • Source of funds, where applicable

For business customers, we collect and verify the following at a minimum:

  • Legal business name
  • Country and date of incorporation
  • Business registration number
  • Registered and operating addresses
  • Nature of the business and intended use of Mitu Labs Inc. services
  • Identification documents for directors, officers, and ultimate beneficial owners
  • Ownership and control structure
  • Source of funds and source of wealth, where applicable

We use third-party identity verification providers and screening tools to confirm the information provided. We also assess the customer's risk profile based on factors such as country of residence, occupation, expected transaction volume, and the nature of the relationship. Customers who cannot complete the verification process or who refuse to provide required information are not onboarded.

Identifying the Ultimate Beneficial Owner (UBO), legal representatives, and trustees is part of KYC for business customers. The Chief Compliance Officer must approve any relationship involving a higher-risk country before it is established. Mitu Labs Inc. follows the necessary procedures before establishing relationships with Designated Non-Financial Businesses and Professionals (DNFBPs) and other prescribed business types, based on their risk profile and the regulatory requirements that apply.

Sanctions screening is performed prior to onboarding and on an ongoing basis to ensure that Mitu Labs Inc. does not establish or maintain a relationship with a sanctioned individual or entity.

Mitu Labs Inc. will comply with applicable tax information reporting frameworks, including the Foreign Account Tax Compliance Act (FATCA) and the Common Reporting Standard (CRS), where these apply to our business.

Enhanced due diligence

Enhanced Due Diligence is conducted on higher-risk customers. Categories of higher risk include:

  • Politically Exposed Persons (PEPs) and their close associates and family members
  • Customers from or transacting with higher-risk jurisdictions, including those identified by the FATF
  • Customers in higher-risk industries
  • Customers with complex ownership structures
  • Customers conducting unusually large or complex transactions
  • Customers whose transaction patterns do not match their stated profile

For these customers, we collect additional information about source of funds, source of wealth, the purpose and intended nature of the relationship, and any other relevant factors. Onboarding higher-risk customers requires sign-off from the Chief Compliance Officer, and these relationships are subject to enhanced ongoing monitoring.

Transaction monitoring and reporting

Transaction surveillance and monitoring

Monitoring of transactions is performed both manually and through automated tools. Manual monitoring is performed by the Chief Compliance Officer and authorised team members, who are familiar with red flags and unusual patterns. Automated monitoring is performed in coordination with our regulated banking and payment partners, who provide transaction screening and monitoring as part of their services.

Common red flags include but are not limited to:

  • Transactions inconsistent with the customer's known profile or stated purpose
  • Rapid movement of funds with no clear business rationale
  • Transactions involving higher-risk jurisdictions or sanctioned regions
  • Multiple transactions structured to fall below reporting thresholds
  • Sudden and unexplained changes in transaction frequency, volume, or counterparty
  • Transactions inconsistent with the customer's stated source of funds

All team members are required to promptly report any suspicious activity or transaction to the Chief Compliance Officer. The Chief Compliance Officer reviews escalated activity, conducts further investigation as needed, and decides on the appropriate response, including filing a report with regulators, freezing the account, terminating the relationship, or other action.

As Mitu Labs Inc. scales, we will implement dedicated transaction-monitoring tools and analytics platforms to support the growing volume and complexity of transactions.

Reporting on transactions

Certain regulatory and legal requirements necessitate the filing of specific reports and returns to regulatory agencies. Mitu Labs Inc. files reports as required, including Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs) where applicable, with the United States Financial Crimes Enforcement Network (FinCEN) and equivalent authorities in other jurisdictions where we operate. We do not tip off customers when filing reports about them.

Relationships with regulators and law enforcement

Mitu Labs Inc. acknowledges that supporting regulators and law enforcement in the fight against financial crime is part of its corporate and social responsibility. We seek to maintain constructive working relationships with all regulatory and law-enforcement agencies in the jurisdictions where we operate. Mitu Labs Inc. complies with lawful requests in a timely manner and provides data to regulators, courts, and other relevant government authorities in accordance with applicable laws.

Sanctions compliance

Mitu Labs Inc. does not establish or maintain relationships with sanctioned individuals or entities. As applicable to their roles, all personnel are required to ensure that customers and counterparties are screened against recognised sanctions lists, including:

  • The Office of Foreign Assets Control (OFAC) Specially Designated Nationals and Blocked Persons List
  • The United Nations Security Council consolidated sanctions list
  • The European Union consolidated sanctions list
  • His Majesty's Treasury (HMT) United Kingdom consolidated sanctions list
  • Any other lists relevant to the markets in which we operate

Account opening and outbound transactions are screened for sanctions on a real-time or near-real-time basis through a combination of internal processes and our partners' systems. As part of Mitu Labs Inc.'s policy, employees must abstain from any relationship or transaction that results in a confirmed positive match and must follow the escalation procedure. Confirmed matches are reported to the relevant authorities as required by law.

Politically exposed persons

PEPs are individuals who hold or have held prominent public positions, along with their close associates and family members. Examples include heads of state, senior government officials, senior judicial officials, senior military officers, senior executives of state-owned enterprises, and senior officials of major political parties.

As with other higher-risk customers, PEPs are subject to enhanced due diligence to mitigate the AML and CFT risks they present. The objective is to ensure that Mitu Labs Inc. does not inadvertently facilitate money laundering, corruption, or the financing of terrorism.

Mitu Labs Inc. uses screening tools to identify PEPs at onboarding and on an ongoing basis. Approval from the Chief Compliance Officer is required for the creation of new PEP relationships and the continuation of existing PEP relationships. PEP transactions and patterns are reviewed regularly.

Training and awareness

Mitu Labs Inc. places a high value on team training. Training is provided to ensure that staff are familiar with applicable AML and CFT regulations, KYC principles, sanctions requirements, and the red flags of money laundering or terrorism financing that may arise in the course of their work.

All employees, contractors, and officers receive AML and CFT training as part of onboarding. As the team grows, mandatory annual refresher training will be required for all employees, including senior management. Training is tailored to roles and responsibilities, with deeper training for staff in customer-facing, operations, and compliance functions. Training is delivered through a combination of e-learning, in-person sessions, and ad-hoc updates in response to regulatory changes or emerging risks. Training records are maintained.

Record keeping

Customer identification documents and onboarding records are stored for the duration of the customer relationship and for at least five years following the termination of the relationship with Mitu Labs Inc. Transaction records are retained for at least five years from the date of the transaction. Where there is an ongoing investigation, regulatory inquiry, or legal matter, records are retained for the duration of the matter, even if longer than five years. Records are stored securely and are accessible only to authorised personnel.

Independent review

Mitu Labs Inc.'s AML and CFT program is subject to internal review and independent assessment. As the business matures, we will conduct internal reviews of the AML and CFT function on a regular basis to verify compliance with our policies and procedures and to evaluate the appropriateness and effectiveness of our controls.

In addition, an independent review of the AML and CFT program will be conducted at least every two years by a qualified third party. The independent reviewer assesses whether our program is appropriate for our size, complexity, and risk profile, and whether it is being implemented effectively in practice. Findings are shared with the Chief Compliance Officer and senior management and are remediated according to an agreed action plan.

Data protection

Mitu Labs Inc.'s Data Protection Policy has been authorised and is updated as necessary to reflect changes in the legal, regulatory, and operational environment. Mitu Labs Inc. adheres to applicable national and international data privacy laws, including the Nigeria Data Protection Regulation (NDPR), the United States privacy framework that applies to financial institutions, and other privacy laws in the markets we serve.

Personal data is collected, processed, and stored only for legitimate business purposes, is protected through appropriate technical and organisational measures, and is shared with third parties only where lawful and necessary. Customers have rights with respect to their personal data, including the right to access, correct, and request deletion of their data, subject to applicable legal and regulatory requirements.

Questions? compliance@mitu.ai  ·  Mitu Labs Inc.  ·  FinCEN MSB ID 31000329382690.

Members

What people say.

Real moments from real Mitu members across continents and time zones.

Lagos
Sent rent to Mum, paid the wedding caterer, and split the trip pot, all before breakfast.
Adaeze O.Engineer, Lagos to London
Accra
The Detty December pot saved my friend group. Six of us, one trip, zero group-chat drama.
Kofi M.Designer, Accra
Nairobi
I landed in Tokyo and my eSIM was online before I cleared customs.
Zola N.Founder, Nairobi to Tokyo
Dakar
Paying vendors for my mum's 60th in real Naira from Paris. It just works.
Fatou D.Marketer, Dakar to Paris
Cape Town
Forty-eight currencies in one account. I haven't opened my old bank's app in months.
Lerato K.PM, Cape Town to Berlin
Cairo
The fees are honest. The rate is the rate. Nothing magic happens between hitting send and arrival.
Idris H.Consultant, Cairo to Dubai
Help

Frequently asked.

Is my money safe?
Mitu is a regulated money-services business in every country we operate in. Customer funds are held in segregated accounts with tier-1 banking partners and never touch our balance sheet. We're SOC 2 Type II certified and never lend out customer deposits.
How fast do transfers actually arrive?
92% of our transfers arrive in under a minute. Some corridors with bank-side delays (e.g. cash pickup outside business hours) take longer — we always show the expected delivery time before you hit send.
Which currencies and countries do you support?
We support sending to 25+ destinations across Africa and Latin America, including every major remittance corridor. New corridors get added regularly — vote for your country in the app.
Can I use Mitu without a US bank account?
Yes. You can fund your Mitu account with a debit card, a local bank account in any of our 38 supported sender currencies, or by receiving from another Mitu user.
What's the deal with eSIMs?
Mitu eSIMs are data-only plans for travelers, available in 200+ destinations starting at $4. Activation is one-tap from inside the app. No SIM swap, no roaming charges, no surprises on your bill.