✨ See how much you could save with Tilli — calculate your ROI in 2 minutes.
Anti-Money Laundering Policy

Anti-Money Laundering Policy

Last updated: June 5, 2026

This Anti-Money Laundering Policy (“Policy”) describes the compliance framework maintained by Utilli LLC, doing business as Tilli (“Tilli,” “we,” “our,” or “us”) in connection with the payment facilitation, payment processing, merchant onboarding, settlement support and related services that are provided by us. This Policy outlines our compliance approach and the responsibilities of businesses and partners (“You” or “your”) that access, use, or support our Services.

1. Purpose

Tilli is committed to supporting compliance with applicable anti-money laundering, counter-terrorist financing, economic sanctions, and financial crime laws, regulations and payment network standards within the scope of the services we provide.

This policy states how Tilli collects, verifies, maintains, reviews, and protects information relating to you.

2. Scope

Tilli's business model supports three types of customers/partners as outlined below:

Indirect Customers (End Users of Tilli- Powered Platform)

Tilli provides software platforms and payment technology to businesses such as utilities, service providers, and other commercial customers that use Tilli’s systems to engage with and collect payments from their own customers.

Individuals or consumers who use Tilli-powered platforms are indirect customers and do not have a direct contractual or business relationship with Tilli. Accordingly, customer identification, verification, sanctions screening, transaction monitoring, and other consumer-level Anti-Money Laundering (AML), Know Your Customer (KYC), or Know Your Business (KYB) obligations do not rest with Tilli.

Direct Customers (Sub-Merchants)

Tilli’s direct customers include businesses, sub-merchants, that get into a contract agreement with Tilli for our using our SaaS platform for collecting payments from their consumers are relevant for AML and KYC/KYB policy and procedures outlined in this document. This also includes users of Tilli’s tilliPay wallet.

Partners and Other Third Parties

Tilli also works with partners and other third parties that support or participate in Tilli’s services, partner programs, or payment ecosystem, including payment processors, acquiring institutions, settlement providers, referral partners, ACH participants, API integrators, vendors, affiliates, and service providers.

These relationships may be subject to appropriate verification, due diligence, sanctions screening, and ongoing compliance review consistent with applicable law, contractual obligations, and risk-based compliance standards.

3. Information We May Collect

As part of onboarding, verification, compliance review, and ongoing business monitoring, Tilli may collect information including:

  • Full legal name;
  • Business name and doing-business-as name;
  • Date of birth (where applicable);
  • Physical business or residential address;
  • Taxpayer identification number or employer identification number;
  • Government-issued identification details;
  • Business formation documents;
  • Ownership and control information;
  • Beneficial ownership information;
  • Authorized signatory information; and
  • Other information reasonably required by applicable law, banking partners, payment processors, or risk management requirements.

4. How We Verify Information

Tilli may verify information through documentary and non-documentary methods, including:

  • government-issued identification documents;
  • corporate formation records;
  • licensing or registration records;
  • banking and payment partner verification;
  • publicly available databases;
  • sanctions and watchlist screening;
  • ownership and control verification;
  • independent third-party verification providers; and
  • regulated financial institutions performing verification on Tilli’s behalf where permitted.

Where we cannot form a reasonable belief regarding identity, ownership, or business legitimacy, onboarding may be delayed, restricted, declined, suspended, or terminated.

5. Recordkeeping

Tilli maintains records relating to:

  • onboarding and due diligence;
  • identity verification;
  • ownership verification;
  • compliance reviews;
  • sanctions screening;
  • contractual documentation;
  • communications;
  • legally required financial crime reporting; and
  • other compliance-related records.

6. Data Retention

Unless a longer period is required by applicable law, regulatory obligation, banking partner requirement, contractual commitment, or legal process, Tilli may retain compliance-related records for at least five (5) years after account closure or termination of the business relationship.

Certain records may be retained for longer periods where required by applicable financial crime laws or regulatory requirements.

7. Financial Institutions and Partners

Tilli works with regulated financial institutions and service providers, including sponsor banks, processors, acquirers, settlement providers, and other qualified partners.

Where permitted by law, Tilli may rely on such institutions or qualified service providers to perform certain customer identification, verification, sanctions screening, monitoring, or compliance functions.

8. Risk Assessment

Tilli maintains a risk-based anti-money laundering and financial crime compliance framework designed to identify, assess, monitor, and manage potential financial crime risks associated with customers, partners, beneficial owners, and other business relationships.

As part of this framework, Tilli may classify business relationships as low risk or high risk based on factors including:

  • ownership or control structure;
  • beneficial ownership transparency;
  • business purpose and expected activity;
  • adverse public information;
  • incomplete, inconsistent, or unverifiable information; and
  • other indicators of potential money laundering, fraud, terrorist financing, sanctions, or reputational risk.

Tilli may periodically reassess risk profiles throughout the business relationship.

Where elevated risk is identified, Tilli may apply enhanced due diligence measures, request additional information, restrict services, escalate internal review, or decline or terminate the relationship where appropriate.

9. Restricted Activities

Tilli may refuse, restrict, suspend, or terminate services where a customer, partner, beneficial owner, authorized representative, or business activity presents unacceptable compliance, legal, operational, or reputational risk.

Restricted or prohibited activities may include, without limitation:

  • providing false, misleading, incomplete, or unverifiable information;
  • failure to disclose ownership, control, or beneficial ownership information;
  • use of shell entities, nominee structures, or undisclosed controlling persons;
  • business relationships involving sanctioned persons, blocked parties, or prohibited jurisdictions;
  • activity involving jurisdictions subject to heightened anti-money laundering measures or financial secrecy concerns;
  • suspicious or unexplained business structures;
  • failure to cooperate with due diligence or compliance reviews; or
  • any activity prohibited by applicable law, regulation, banking partner requirements, payment network rules, or Tilli’s internal compliance standards.

10. Sanctions Compliance

As part of its anti-money laundering and financial crime compliance framework, Tilli may conduct risk-based sanctions and restricted-party screening during onboarding, periodic reviews, material profile changes, and other compliance events.

Screening may include collecting data, including but not limited to:

  • legal entity names;
  • doing-business-as names;
  • business owners;
  • beneficial owners;
  • authorized signatories;
  • controlling persons; and
  • other relevant parties associated with a business relationship.

Screening may be conducted against sanctions, blocked-party, and restricted-party lists administered by applicable governmental authorities, including lists maintained by the U.S. Department of the Treasury’s Office of Foreign Assets Control and other applicable authorities.

Where a potential or confirmed match is identified, Tilli may conduct further review, request additional documentation, escalate the matter to regulated financial institution partners, restrict onboarding or services, or take other actions required by applicable law or partner obligations.

11. Regulatory Cooperation

Tilli may cooperate with regulated financial institutions, payment partners, regulators, law enforcement agencies, and other competent authorities where required or permitted by applicable law.

Such cooperation may include responding to lawful requests relating to:

  • anti-money laundering investigations;
  • sanctions compliance;
  • suspicious activity investigations;
  • fraud prevention;
  • terrorism financing inquiries;
  • customer or partner identification matters;
  • financial crime investigations; and
  • other lawful governmental, judicial, or regulatory requests.

This may include requests from the Financial Crimes Enforcement Network, national security-related authorities, grand juries, courts, banking regulators, payment networks, or other competent authorities.

In certain circumstances, applicable law may prohibit Tilli from disclosing the existence, content, or handling of such requests.

Tilli may also share information with qualified financial institutions where permitted by applicable anti-money laundering laws for the purpose of detecting, preventing, or reporting suspected financial crime.

12. Financial Crime Reporting

Consistent with applicable anti-money laundering laws, the Bank Secrecy Act (BSA), contractual obligations, and requirements imposed by sponsor banks, payment processors, acquiring institutions, or other regulated financial institution partners, Tilli may support, maintain records relating to, or cooperate with financial crime compliance activities, including where suspicious activity, sanctions concerns, or other financial crime risks are identified.

Such activities may include, where applicable:

  • review, escalation, or support relating to Suspicious Activity Reports (SARs);
  • compliance with applicable Bank Secrecy Act (BSA) reporting and recordkeeping requirements;
  • sanctions-related reporting or escalation involving restricted persons, entities, or jurisdictions;
  • Currency Transaction Reports (CTRs) where reportable cash activity is identified;
  • Currency and Monetary Instrument Reports (CMIRs) where applicable;
  • recordkeeping relating to the issuance, sale, or purchase of monetary instruments, where applicable;
  • collection, verification, and maintenance of beneficial ownership information where required;
  • recordkeeping relating to funds transmittals of USD 3,000 or more, including information required under applicable recordkeeping or Travel Rule requirements; and
  • other anti-money laundering, fraud prevention, sanctions, or financial crime reporting, recordkeeping, or cooperation obligations required by applicable law, regulation, or regulated financial institution partners.

Where transaction-level reporting obligations are performed by sponsor banks, processors, acquiring institutions, or other regulated financial institutions participating in the payment flow, Tilli may provide reasonable cooperation, supporting documentation, or legally required information consistent with its contractual, legal, and compliance obligations.

Tilli may maintain records relating to such activities in accordance with applicable legal and regulatory retention requirements.

13. Customer (and Partner) Verification and Due Diligence

Tilli maintains a risk-based customer and partner identification and due diligence program designed to establish a reasonable understanding of the identity, ownership, control, legitimacy, and intended business purpose of direct customers, partners, and other relevant business counterparties.

Verification may be performed using documentary and non-documentary methods, independent public records, regulated financial institution partners, third-party verification providers, or other lawful sources.

Tilli may conduct ongoing due diligence, request updated information upon material changes, and apply enhanced due diligence to higher-risk customers, partners, beneficial owners, politically exposed persons, politically influential persons, cross-border relationships, or other elevated-risk business relationships.

Where Tilli cannot establish a reasonable belief regarding identity, ownership, control, or legitimacy, Tilli may delay onboarding, impose conditions, restrict services, suspend activity, decline transactions, or terminate the business relationship where appropriate.

14. Training Programs

Tilli maintains periodic anti-money laundering and financial crime compliance training for relevant personnel to support awareness of applicable legal obligations, emerging risks, internal procedures, and industry standards.

15. Policy Updates

Tilli may update this Policy from time to time to reflect changes in applicable law, regulatory developments and requirements, or changes in industry standards. The latest version of this Policy will be made available through Tilli's website and will become effective upon publication.

16. Contact Information

If you have any questions regarding this Policy or Tilli’s AML compliance practices, please contact us at legal@tilli.pro.