SARLAFT Policies - Thousand S.A.S.

Effective Date: 24 – September - 2024

1. Money Laundering and Terrorist Financing Prevention Policy

Thousand S.A.S. (NIT: 901605225-6), with tax domicile in Pereira, Risaralda, is committed to preventing and mitigating the risks of money laundering and terrorist financing through a comprehensive SARLAFT risk management system, in compliance with Colombian regulations and the international best practices. It is important to highlight that we are registered in the Financial Information and Analysis Unit (UIAF). These policies apply to all employees, officers, partners and suppliers, as well as anyone acting on their behalf and handling transactions or financial information.

2. Know Your Business (KYB)

• Verification of the legal existence and corporate structure of the entities with which transactions are carried out will be carried out.

• All legal clients must be identified and verified before establishing business relationships.

• Sufficient documentation will be required to corroborate the identity and evaluate the risk profile of each legal client.

• Business due diligence will be implemented to understand the nature of corporate clients' business.

3. Monitoring and Detection

• Thousand S.A.S. will establish systems for continuous monitoring of transactions, identifying unusual or suspicious patterns.

• Reports of suspicious operations will be prepared and sent to the competent authorities in compliance with current regulations.

4. Training and Education

• All employees will receive ongoing training on SARLAFT policies and suspicious activity detection, ensuring they are informed of their responsibilities.

• The effectiveness of training programs will be periodically evaluated and adjustments made as necessary.

5. Audit and Internal Control

• Periodic internal audits will be carried out to evaluate compliance with SARLAFT policies.

• Appropriate segregation of duties and security measures will be implemented to protect information and ensure data integrity.

6. Documentation and Registration

• Detailed records will be maintained of all transactions and activities relevant to the prevention of money laundering and terrorist financing.

• Documentation related to clients and transactions will be kept during the period established by regulations.

7. Communication and Reporting

• Clear procedures will be established for submitting reports to the competent authorities in case suspicious activities are detected.

• Effective communication will be encouraged between the different levels of the organization regarding matters related to SARLAFT.

8. Review and Update

• The SARLAFT manual and its policies will be reviewed and updated periodically to ensure their adaptation to changes in regulations and best practices.

9. Mandatory Compliance

• All employees of Thousand S.A.S. They must comply with established policies. Any non-compliance may give rise to internal sanctions.