Version: 2025

Approved By: Board of Directors

Applies To:

• RealDeed Proptech (DIFC) Ltd

• India, UAE, United Kingfom

  
  

Licence: DIFC Innovation Licence – PropTech Category

Nature of Business: PropTech, DLT-based Digital Infrastructure

NOT a Financial Services Firm / No Crypto Selling / No Brokerage

RealDeed provides technology only, not financial, investment, brokerage, custody.

===============================

SECTION 1 — INTRODUCTION

===============================

1.1 Purpose of This Policy

The RealDeed AML/KYC Policy establishes the compliance, verification, and fraud-prevention framework designed to ensure that RealDeed’s technology platform is not misused for:

• Identity fraud

• Forged title deeds

• Illegitimate property tokenization

• Property-related scams

• Cross-border document misuse

• Unlawful impersonation

• Transaction structuring related to illicit assets

  
  

This Policy reflects RealDeed’s commitment to:

• Responsible innovation

• User identity integrity

• Document authenticity

• Prevention of misuse of DLT infrastructure

• Compliance with UAE Federal AML laws

• Adherence to international AML/CFT principles

• Jurisdiction-specific best practices for property verification

  
  

RealDeed voluntarily structures its compliance program in line with:

• FATF recommendations

• UAE Federal AML legislation

• DIFC expectations for responsible technology providers

• UK AML principles for property fraud prevention

• Indian government anti-fraud and property verification frameworks

  
  

RealDeed does not conduct:

• Brokerage

• Custody

• Secondary trading

• Investment promotion

• Token circulation

• Money services

======================================

SECTION 2 — POLICY OBJECTIVES

======================================

RealDeed’s AML/KYC objectives include:

2.1 Identity Verification Integrity

Ensuring the person tokenizing a property is:

• The legitimate owner, or

• A legally authorized representative

2.2 Property Document Authenticity

Verifying the legal existence and validity of:

• Title Deeds (UAE, India, UK)

• Sale Deeds

• Mutation records

• Index-II

• EC (Encumbrance Certificate)

• HM Land Registry registers

• Registered POA documents

2.3 Fraud Prevention

Prevent platform misuse by detecting:

• Forged documents

• Impersonation

• Attempts to tokenize disputed properties

• Stolen identity submissions

• Fraudulent transfer intentions

2.4 Clear Ownership Validation SOP

Establishing a strict Standard Operating Procedure for:

• UAE properties

• Indian properties

• UK properties

2.5 Digital Security

Applying:

• AI fraud detection

• Metadata hashing

• Blockchain-based audit logs

• Device fingerprinting

• Geolocation mapping

• Access control

2.6 International Compliance Alignment

Even though RealDeed is not a financial institution, the Company aligns with:

• FATF global AML principles

• UAE AML laws

• India anti-fraud real estate laws

• UK Land Registry anti-property fraud measures

=============================================

SECTION 3 — REGULATORY & LEGAL FRAMEWORK

=============================================

(RealDeed is not a financial services provider; references relate only to fraud prevention and identity integrity)

3.1 Applicable UAE Laws

• UAE Federal AML-CFT Law

• UAE Real Estate Registry Laws

• DIFC expectations for responsible tech companies

3.2 Applicable India Laws

• Registration Act 1908

• Indian Evidence Act

• State-specific real estate registry laws

3.3 Applicable UK Laws

• Land Registration Act 2002

• Money Laundering Regulations 2017 (for property fraud context)

• HM Land Registry Fraud Prevention Guidelines

==============================================================

SECTION 4 — GOVERNANCE, ROLES & RESPONSIBILITIES

==============================================================

4.1 Board of Directors

• Approves AML/KYC policies

• Ensures adequate resources

4.2 Money Laundering Reporting Officer (MLRO)

Responsible for:

• KYC oversight

• Document verification

• Fraud detection

• Investigations

• Escalations

• Staff training

• Annual AML reporting

4.3 Compliance Team

Supports MLRO in:

• KYC checks

• Document verification

• Property verification

• Suspicious activity detection

4.4 All Employees

Must:

• Follow this policy

• Report suspicious activity

• Avoid “tipping off”

• Maintain confidentiality

=====================================================

SECTION 5 — RISK ASSESSMENT FRAMEWORK (FULL RBA)

=====================================================

5.1 Overview of RealDeed’s Risk Model

RealDeed uses a 6-layer risk model:

1. User Risk

2. Property Risk

3. Document Risk

4. Jurisdiction Risk

5. Behavioural/Transactional Risk

6. Technology Risk

Each is scored Low / Medium / High.

5.2 USER RISK MATRIX

RealDeed’s User Risk Assessment Matrix evaluates each individual or entity interacting with the Platform through a multilayered scoring system that considers identity integrity, sanctions exposure, behavioural patterns, and document authenticity. Every user is assessed across weighted criteria that collectively determine a Low, Medium, or High risk classification. Identity verification contributes significantly to risk scoring, where a seamless match between DIDIT biometric data and government-issued identification indicates low risk, while discrepancies, failures in liveness detection, or inconsistent personal information elevate risk. Additional weight is assigned to the user’s legal authority to tokenize the property, including verification of ownership or Power of Attorney; fully verified authority is considered low risk, whereas unclear or unverifiable authorization results in high risk. Sanctions screening is also integral: users with no sanctions associations are low risk, false-positive matches represent medium risk, and confirmed matches immediately trigger a high-risk designation and compliance escalation. Jurisdictional elements, such as residency or nationality, also influence the score—users from stable, low-risk jurisdictions like the UAE or UK are categorized lower risk, while users from high-risk or FATF-listed countries are automatically flagged for enhanced due diligence. Behavioural indicators such as device fingerprinting, IP consistency, login velocity, VPN usage, and geolocation mismatches are assessed for anomalies; stable behaviour reflects low risk while frequent inconsistencies elevate risk. Document uploads undergo AI-driven authenticity scoring, where clear, original, tamper-free documents fall under low risk, partially inconsistent or low-resolution documents fall under medium risk, and documents showing metadata manipulation, pixel-level distortion, or integrity tampering are classified as high risk. These weighted factors collectively produce a composite risk score, ensuring that RealDeed maintains strict identity assurance standards and prevents impersonation, document fraud, and misuse of the tokenization platform.

5.3 PROPERTY RISK MATRIX

Property Risk FactorLowMediumHighClear title✓--Minor encumbrances-✓-Multiple mortgages--✓Property under dispute--✓POA usage✓✓✓Joint ownership✓✓✓New developer project✓✓-Unregistered property (India)--✓

5.4 DOCUMENT RISK MATRIX

Includes:

• Title deed PDF metadata

• Scanned image analysis

• Signature comparison

• Digital seal comparison

• QR code or registry number authentication

• AI fraud score

• Hashing & file integrity check

  
  

5.5 JURISDICTION RISK MATRIX

UAE = Low–Medium

UK = Low

India = Medium–High

High in cases such as:

• POA transactions

• Inheritance properties

• Rural land (7/12 extracts)

• Unregistered sale agreements

  
  

5.6 RISK CLASSIFICATION OUTCOME

• Low Risk: Standard KYC + Standard Property SOP

• Medium Risk: Enhanced Verification

• High Risk:

  • Manual MLRO review

  • Secondary registry validation

  • Optional legal opinion

    
    

==========================================================

SECTION 6 — USER IDENTIFICATION (DIDIT KYC FRAMEWORK)

==========================================================

RealDeed uses DIDIT Business Console for:

• Biometric facial verification

• Liveness detection

• Document OCR & forgery analysis

• Sanctions checks

• Address validation

• Device fingerprinting

• IP geolocation

Mandatory KYC Fields

• Full legal name

• Date of birth

• Nationality

• Address

• Passport/ID

• Selfie + liveness check

• Phone number & email

• Purpose of tokenization

  
  

====================================================================

SECTION 7 — PROPERTY VERIFICATION SOP (UAE, INDIA, UK)

====================================================================

This is one of the most important sections.
Below is the full verification workflow.

7.1 UAE PROPERTY VERIFICATION SOP

Documents Required

• Title Deed (DLD / ADREC)

• Oqood or SPA (if off-plan)

• Emirates ID / Passport

• NOC for mortgaged properties

• Utility bills.

  
  

Verification Steps

1. Title deed number validation

2. Verification through registry portals

3. AI document authenticity scan

4. Owner name matching

5. Mortgage check

6. Developer project status (if applicable)

7. Sanctions & identity match

8. Fraud risk scoring

9. MLRO approval

   
   

7.2 INDIA PROPERTY VERIFICATION SOP

Documents Required

Based on state:

For Maharashtra

• Title Deed

• Index-II

• Encumbrance Certificate (EC)

• Mutation Entry (7/12 extract)

• Tax receipt

• Aadhar & PAN

• RERA (if applicable)

• POA (if applicable)

  
  

For Delhi NCR

• Sale Deed

• Mutation Certificate (MC)

• Jamabandi / Khasra-Khatauni

• Tax receipts

• Builder-Buyer Agreement (if apartment)

  
  

Verification Steps

1. Registry number validation

2. Index-II check for prior sales

3. Encumbrance check

4. Mortgage/lien check

5. Mutation record validation

6. Owner identity match

7. Fraud pattern analysis

8. Survey number validation

9. AI document authenticity analysis

10. MLRO review for risk

    
    

7.3 UNITED KINGDOM PROPERTY VERIFICATION SOP

Documents Required

• Title Register (OC1)

• Title Plan (OC2)

• Proprietorship Register

• Charges Register

• Identity documents matching owner

• Lease information (if applicable)

  
  

Verification Steps

1. Land Registry document verification

2. HM Land Registry API/portal checks

3. Proprietor name match

4. Registered charges verification

5. Restriction clause review

6. Leasehold/freehold classification

7. Fraud indicator analysis

8. MLRO manual approval

=====================================================================

SECTION 8 — AI FRAUD DETECTION & BLOCKCHAIN AUDIT TRAILS

=====================================================================

Includes:

• Document metadata hashing

• Pixel-level forgery scanning

• Digital seal integrity checking

• EXIF data validation

• Blockchain-based activity logs

• Device behaviour mapping

• IP velocity checks

===================================================

SECTION 9 — SUSPICIOUS ACTIVITY INDICATORS

===================================================

Examples:

• Document mismatch

• Title deed lacking registry seal

• Different fonts in the same document

• User refusing liveness check

• Multiple submissions from different IPs

• Property under legal dispute

• Attempt to tokenize inherited property without probate

===================================================

SECTION 10 — ESCALATION & REPORTING

===================================================

Three tiers:

Tier 1 — Compliance Review

Tier 2 — MLRO Review

Tier 3 — Legal Review (External if needed)

RealDeed may:

• Reject tokenization

• Request more documents

• Suspend user

• Blacklist user

• Report fraud to law enforcement (if required)

========================================================

SECTION 11 — STAFF ACCESS CONTROL & VENDOR MANAGEMENT

========================================================

Role-based access:

• Level 0 – Frontline

• Level 1 – Compliance

• Level 2 – Senior Compliance

• Level 3 – MLRO

• Level 4 – CTO/Board

Vendors monitored:

• DIDIT (KYC/AML)

• DocuSign (Digital singing)

• Title registry portals

• AI fraud detection tools

====================================================

SECTION 12 — CYBERSECURITY & DATA PROTECTION

====================================================

ISO-27001 aligned:

• Encryption

• Secure storage

• Access logs

• Firewall segmentation

• SIEM monitoring

• Data retention for 8 years

=====================================================

SECTION 13 — DOCUMENT RETENTION POLICIES

=====================================================

• Identity verification: 8 years

• Property documents: 8 years

• Tokenization logs: permanent (hashed on-chain)

• Audit logs: permanent (hashed on-chain)

====================================================

SECTION 14 — STAFF TRAINING REQUIREMENTS

====================================================

• Annual AML training

• Bi-annual fraud patterns workshop

• Quarterly compliance refresher

====================================================

SECTION 15 — POLICY REVIEW & APPROVAL

====================================================

• Annual board review

• MLRO updates quarterly

• Mandatory review after major regulatory changes

Recognised Low-Risk and High-Risk Jurisdictions

For the purpose of RealDeed Group’s jurisdictional risk assessment, certain countries and territories are categorised as lower risk due to their strong regulatory frameworks, robust AML/CFT controls, and stable governance environments. These lower-risk jurisdictions typically maintain stringent financial oversight, transparent legal systems, and adherence to international standards. They include Australia, Austria, Belgium, Bermuda, Canada, Denmark, Estonia, Finland, France, Gibraltar, Greece, Guernsey, Hong Kong, Ireland, Isle of Man, Israel, Italy, Jersey, Luxembourg, Malta, the Netherlands, New Zealand, Norway, Portugal, Singapore, Spain, Sweden, Switzerland, the United Kingdom, and the United States. Users residing in or submitting properties from these jurisdictions generally present reduced AML/CFT concern, although standard verification procedures still apply.

Conversely, RealDeed recognises a separate group of countries classified as high-risk or non-cooperative based on sanctions imposed by bodies such as the United Nations and United Kingdom, as well as those identified by the Financial Action Task Force (FATF) for significant deficiencies in their AML/CTF frameworks. These jurisdictions may exhibit weak regulatory governance, high corruption levels, ongoing conflict, or inadequate financial transparency, thereby requiring enhanced due diligence and potential escalation. High-risk or non-cooperative jurisdictions include Afghanistan, Albania, Bahamas, Belarus, Bolivia, Bosnia and Herzegovina, Botswana, Bulgaria, Burma (Myanmar), Burundi, Cambodia, the Central African Republic, Crimea, Croatia, Cuba, the Democratic Republic of Congo, Egypt, Eritrea, Ethiopia, Ghana, Iceland, Iran, Iraq, ISIL and Al-Qaida–associated regions, Ivory Coast, Jamaica, Kosovo, Laos, Lebanon, Libya, Macedonia, Mali, Mauritius, Mongolia, Montenegro, Myanmar, Nicaragua, North Korea, Pakistan, Palestine, Panama, the Republic of Guinea, Guinea-Bissau, Romania, the Russian Federation, Saudi Arabia, Serbia, Slovenia, Somalia, South Sudan, Sri Lanka, Sudan, Syria, Trinidad and Tobago, Tunisia, Uganda, Ukraine, Venezuela, Yemen, and Zimbabwe. This list is dynamic and subject to frequent updates; RealDeed monitors changes through recognised international sources and adjusts its risk classifications accordingly.