Anti-Money-Laundering (AML) Policy

This Anti-Money-Laundering (AML) Policy describes the measures applied by Premium Auto Bid (the "Platform", "we", "us" or "our") to prevent, detect and deter money laundering, the financing of terrorism, sanctions evasion and related financial crime. Premium Auto Bid is a trading brand of Premium Logistics SHPK, a limited liability company (shoqëri me përgjegjësi të kufizuar) registered in the Republic of Albania with the National Business Center (QKB), NUIS/NIPT M53004202C.

Our registered office is at Rruga "Dubai", Lagjia nr. 2, cadastral zone 2066, property no. 89/38, 4-storey building, 2nd floor, Entrance 1, Kamëz, Tirana, Albania.

Effective date: 4 June 2026. Last updated: 4 June 2026. This Policy applies to all of our directors, officers, employees, operators, agents and contractors, and to every customer relationship and transaction connected with our services in the markets we serve, namely Albania, Kosovo, North Macedonia and Montenegro.

Premium Auto Bid is an independent vehicle sourcing, bidding and import-support platform that helps customers discover Copart auction vehicles, place bids on Copart in real time through the Copart API after identity verification and deposit approval, and coordinate purchase, transport, customs and import support. This Policy governs the financial-crime controls that surround those services; it should be read together with our Member Terms, Privacy Policy and any deposit or payment terms.

Premium Auto Bid is not owned by, operated by, endorsed by or affiliated with Copart, Inc. We are independent and are not an official Copart partner. Premium Auto Bid places customer bids on Copart in real time through the Copart API; there is no manual operator or human agent placing bids on auction-house accounts. Copart and the Copart logo are trademarks of Copart, Inc. The specific sample listings displayed are clearly-labelled demonstration samples shown for demonstration only; they do not represent real Copart lots and are not biddable.

The purpose of this Policy is to ensure that our services are not used, whether knowingly or unknowingly, to launder the proceeds of crime, to finance terrorism or to circumvent sanctions, and to ensure that we identify, assess and manage these risks proportionately and consistently. We are committed to conducting business honestly and in full compliance with applicable law.

This Policy is designed to give effect to the obligations applicable to us in the Republic of Albania and to the international standards that inform good practice in this field, including:

• Albanian Law no. 9917 dated 19.05.2008 'On the Prevention of Money Laundering and Financing of Terrorism' (as amended), together with the implementing acts and guidance issued under it;
• The Recommendations of the Financial Action Task Force (FATF) on combating money laundering and the financing of terrorism and proliferation;
• The principles of the European Union anti-money-laundering directives, which we observe as a matter of good practice given the markets we serve and our preparation for cross-border commercial relationships;
• United Nations, European Union and United States (OFAC) sanctions frameworks, as further described in the sanctions section below;
• Anti-corruption standards, including the corruption provisions of the Albanian Criminal Code, with principles drawn from the US Foreign Corrupt Practices Act (FCPA) and the UK Bribery Act for our international dealings.

Where this Policy and applicable law differ, applicable law prevails, and we will apply the stricter requirement where two standards both apply. This Policy is governed by the law of the Republic of Albania, and the competent courts of Tirana have jurisdiction over any dispute arising from it, without prejudice to any mandatory consumer-protection rules.

We apply a risk-based approach. This means that the intensity of the due-diligence and monitoring measures we take is proportionate to the money-laundering, terrorist-financing and sanctions risk that a given customer, transaction or arrangement presents. We focus our resources where the risk is highest, while applying a baseline standard of diligence to every relationship.

In assessing risk we consider, among other factors:

• Customer risk - for example, whether the customer is an individual or a business, the complexity of any ownership structure, whether a customer is or is associated with a politically exposed person, and whether the customer is reluctant to provide information;
• Geographic risk - for example, links to jurisdictions subject to sanctions, identified by the FATF as high-risk or non-cooperative, or otherwise associated with elevated financial-crime risk;
• Transaction and value risk - for example, the value of the vehicle and the deposit, the use of cash, unusual payment patterns, third-party payments, or requests inconsistent with a genuine vehicle purchase;
• Delivery-channel risk - for example, the fact that customers are onboarded and verified remotely as well as in person, and the steps we take to confirm identity reliably in each case.

We maintain an internal money-laundering and terrorist-financing risk assessment, reviewed periodically and whenever there is a material change in our business, our markets, our payment flows or the relevant legal framework. The controls in this Policy - including customer due diligence, enhanced due diligence, screening and monitoring - are calibrated to the outcome of that assessment.

Before a customer can bid or coordinate a purchase, we carry out customer due diligence (CDD) and verify the customer's identity (KYC). Acceptance of our Member Terms and successful identity verification are mandatory pre-conditions to bidding; a deposit may also be required and is separate from the final purchase payment.

When we apply customer due diligence

We apply customer due diligence at least when we establish a customer relationship, before a customer can bid, when we suspect money laundering or terrorist financing regardless of any threshold, when we doubt the veracity or adequacy of identification information previously obtained, and on a risk-sensitive basis during the relationship.

What customer due diligence involves

1. Identifying the customer and verifying that identity using reliable, independent documents, data or information;
2. For business customers, identifying the legal entity and the natural persons who ultimately own or control it (beneficial owners), and verifying the identity of those persons on a risk-sensitive basis;
3. Understanding the purpose and intended nature of the relationship - for our services, typically the sourcing, bidding on, purchase and import of a vehicle;
4. Screening the customer and, where relevant, connected parties against sanctions and politically-exposed-person sources;
5. Conducting ongoing monitoring of the relationship and, where required, establishing the source of funds.

We will not enable bidding, accept a deposit as confirmed, or coordinate a purchase where required due diligence cannot be completed. Verification may be carried out before or during the establishment of the relationship, but bidding will not be enabled until verification is satisfactorily completed.

To verify identity and, where applicable, source of funds, we collect documents and information appropriate to the customer and the assessed level of risk. We collect only what is necessary and proportionate, consistent with our Privacy Policy and applicable data-protection law.

Individual customers

• Full legal name, date of birth, nationality and residential address;
• A valid government-issued photographic identity document, such as a passport or national identity card;
• Where needed to confirm address or risk, supporting evidence such as a recent utility bill, bank statement or official correspondence;
• Contact details, including the email address and telephone number used for the relationship.

Business customers

• The registered name, registration number (for Albanian entities, the NUIS/NIPT) and registered address of the entity;
• Evidence of registration, such as an extract from the National Business Center (QKB) or the equivalent commercial register in the customer's jurisdiction;
• Identification of directors and authorised representatives, and evidence of authority to act on behalf of the entity;
• Identification of beneficial owners as described in the section below.

We may request additional or updated documents where the risk profile, the value of a transaction, or a change in circumstances warrants it. We may also verify documents and information against independent sources. Documents that appear altered, incomplete or unreliable will not be accepted, and we may decline or suspend the relationship pending satisfactory evidence.

Where a customer is a legal entity or arrangement, we identify the beneficial owners - the natural person or persons who ultimately own or control the customer, or on whose behalf a transaction is conducted - and we take reasonable, risk-sensitive measures to verify their identity so that we are satisfied we know who they are.

• We obtain information on the ownership and control structure of the entity, including any natural persons holding a controlling ownership interest;
• Where no natural person is identifiable through ownership, we identify the natural person or persons who control the entity through other means, or who hold the position of senior managing official;
• We may rely on official registers, corporate documents and declarations from the customer, and we may seek independent corroboration on a risk-sensitive basis;
• We assess whether any beneficial owner is a politically exposed person or is subject to sanctions, and apply the corresponding measures.

We expect business customers to provide accurate and current beneficial-ownership information and to inform us promptly of relevant changes. Where beneficial ownership cannot be established to our satisfaction, we may decline to act, or apply enhanced measures, as the circumstances require.

We screen customers and, where relevant, their beneficial owners, authorised representatives and counterparties against applicable sanctions lists. Our objective is to ensure that we do not establish or maintain a relationship with, or process a transaction for, a person who is the target of sanctions, and that we do not facilitate any prohibited dealing.

• We have regard to sanctions measures adopted by the United Nations, the European Union and the United States (including those administered by the Office of Foreign Assets Control, OFAC), and to applicable Albanian measures;
• Screening is carried out at onboarding and on an ongoing basis, including when lists are updated and when a relationship or transaction changes materially;
• Where a potential match is identified, we suspend further action pending review, assess whether the match is genuine, and take appropriate steps, which may include declining or terminating the relationship and making any report required by law.

We will not knowingly act for a sanctioned person, nor knowingly facilitate any transaction that would breach applicable sanctions. Where the law requires it, a relationship may be frozen or reported rather than simply declined, and we may be unable to disclose the reason for our action.

A politically exposed person (PEP) is an individual who is or has been entrusted with a prominent public function, together with their family members and close associates. PEP status does not imply wrongdoing, but it can present a higher risk of corruption-related money laundering, and so warrants additional scrutiny.

Where screening or other information indicates that a customer or beneficial owner is a PEP, a family member or a close associate of a PEP, we apply enhanced measures, which may include:

• Obtaining senior-management or compliance approval before establishing or continuing the relationship;
• Taking adequate measures to establish the source of the funds and, where relevant, the source of wealth involved;
• Conducting enhanced ongoing monitoring of the relationship and the related transactions.

We maintain these measures for as long as the heightened risk persists, applying a risk-sensitive view of the time that has elapsed since the person ceased to hold a prominent public function.

We monitor customer relationships and transactions throughout their life so that we can identify activity that is unusual, inconsistent with what we know about the customer, or otherwise indicative of money laundering or terrorist financing. Monitoring is risk-sensitive and is reinforced by operator review at key points, including payment confirmation.

Indicators that may prompt closer review include, without limitation:

• Transactions or deposits that are inconsistent with the customer's stated purpose or apparent means;
• Reluctance to provide, or provision of false or inconsistent, identification or source-of-funds information;
• Payments from or to third parties unconnected with the customer or the vehicle purchase;
• Requests for refunds or onward payments in a manner that appears designed to move funds rather than to purchase a vehicle;
• Unusual use of cash, structuring of payments to avoid thresholds, or rapid changes of instruction;
• Apparent links to sanctioned persons or to high-risk jurisdictions.

Internal escalation and reporting to the Albanian FIU

1. Any member of staff who knows or suspects, or has reasonable grounds to suspect, money laundering or terrorist financing must promptly escalate the matter internally to the compliance contact, without alerting the customer;
2. The compliance contact reviews the matter, gathers relevant information, and determines whether a report is required;
3. Where the legal threshold is met, we make a report to the General Directorate for the Prevention of Money Laundering (the Albanian financial intelligence unit, FIU), in the manner and within the timeframes required by law;
4. We cooperate with lawful requests from the FIU and other competent authorities, and we maintain records of internal escalations and external reports.

Where the law prohibits it, we will not 'tip off' a customer or any third party about a suspicion, an internal escalation, a report to the FIU, or an investigation. This may mean that we decline, delay or suspend a transaction without being able to explain why.

For higher-risk relationships, and for higher-value cases, we take reasonable measures to understand and, where appropriate, to verify the source of the funds used for deposits and purchases. The purpose is to satisfy ourselves that the funds are legitimate and consistent with what we know about the customer.

Depending on the assessed risk, source-of-funds measures may include:

• Asking the customer to explain the origin of the funds and the economic rationale for the transaction;
• Requesting supporting evidence, such as bank statements, payslips, sale-of-asset documentation or business records;
• Confirming that inbound payments originate from an account or source consistent with the customer's profile;
• Applying enhanced scrutiny where a politically exposed person, a high-risk jurisdiction, or an unusual payment pattern is involved.

Where the source of funds cannot be satisfactorily established, we may decline to proceed, decline to treat a deposit as confirmed, suspend the relationship, and, where required, make a report to the FIU.

Deposits and balances are denominated in USD (a standard deposit of $750, or 10% for vehicles over $7,500). Inbound payments are operator-confirmed: customers may pay by bank transfer in USD or EUR, or in cash in Albanian lek (ALL) at our Tirana office. Customers upload proof of payment, and the operator verifies each payment independently. No third-party card processors operate in this flow in Albania.

Cash is the highest-risk payment channel, and we apply specific controls to cash received at our office:

• Cash payments are accepted only in person at our registered office and are recorded against the relevant customer and case;
• A receipt is issued, and the payment is reconciled against the customer's verified identity and the expected deposit or balance;
• Cash payments are subject to source-of-funds enquiry on a risk-sensitive basis, and to any legal limits or reporting obligations that apply to cash;
• Attempts to make payments in a manner designed to avoid identification, recording or applicable thresholds (for example, splitting a payment into smaller amounts) are treated as a red flag and escalated for review;
• Identity verification and acceptance of the Member Terms must be in place before a cash deposit is treated as confirmed for the purposes of bidding.

We reserve the right to decline cash, to require payment by traceable means, or to limit cash amounts, where this is necessary to manage financial-crime risk or to comply with applicable law.

Where a relationship or transaction presents a higher risk of money laundering or terrorist financing, we apply enhanced due diligence (EDD) in addition to standard measures. Higher-risk situations include, among others, relationships involving politically exposed persons, links to high-risk or sanctioned jurisdictions, unusual or complex transactions without an apparent economic purpose, and situations where we have doubts about the reliability of information provided.

Enhanced due diligence may include:

• Obtaining additional identification and beneficial-ownership information, and corroborating it against independent sources;
• Establishing and, where appropriate, verifying the source of funds and source of wealth;
• Obtaining senior-management or compliance approval to establish or continue the relationship;
• Applying more frequent and more detailed ongoing monitoring;
• Imposing additional conditions, limits or controls on the relationship.

If enhanced due diligence cannot be completed to our satisfaction, we may decline to act, suspend or terminate the relationship, and make any report required by law.

We keep records of the customer due diligence we perform and of the transactions we facilitate, so that we can demonstrate compliance and respond to lawful requests from competent authorities.

• Identification and verification records, including copies of the documents and information obtained;
• Records of beneficial-ownership identification for business customers;
• Records of transactions, deposits and payment confirmations connected with our services;
• Records of risk assessments, screening results, internal escalations, source-of-funds enquiries and reports made to the FIU.

We retain these records for the period required by applicable law - which for anti-money-laundering records in Albania is generally at least five years from the end of the customer relationship or the completion of the transaction - and for longer where a longer period is required or where the records are needed for an ongoing investigation or legal proceedings. Records are stored securely and processed in accordance with our Privacy Policy, Albanian Law no. 9887 dated 10.03.2008 'On the Protection of Personal Data' (as amended) and the EU General Data Protection Regulation (GDPR) where applicable, under the supervision of the Information and Data Protection Commissioner of Albania (IDP).

We reserve the right to refuse to establish a relationship, to decline, delay or suspend a transaction or a customer's bidding, to decline to treat a deposit as confirmed, and to terminate a relationship, where:

• Required customer due diligence, beneficial-ownership identification, screening or source-of-funds checks cannot be completed;
• We know or suspect, or have reasonable grounds to suspect, money laundering, terrorist financing or sanctions evasion;
• A customer or connected party is, or appears to be, the target of sanctions;
• Continuing would, or might, breach applicable law or expose us to unacceptable financial-crime risk.

Vehicles are sold AS-IS by third-party auction sources. Premium Auto Bid does not guarantee vehicle condition, title, mileage, damage, history, availability, auction outcome, or shipping or customs timelines. Nothing in this Policy creates any obligation to proceed with, or any guarantee of, a particular transaction or outcome.

Where we exercise these rights to comply with law, we may be unable to give reasons, and we will not be liable for any loss arising from action taken in good faith to comply with our legal obligations. The treatment of any deposit in these circumstances is governed by our Member Terms and applicable law.

We do not facilitate, and we will not knowingly assist any person to facilitate, money laundering, terrorist financing, sanctions evasion, tax evasion, bribery or corruption, or any other financial crime. We prohibit our staff and agents from engaging in or enabling such conduct, and from offering, giving, soliciting or accepting any bribe or improper advantage.

We expect customers to use our services only for legitimate purposes and to provide accurate, complete and current information. Any attempt to misuse our services to disguise the origin of funds, to move value for an illegitimate purpose, to evade sanctions or taxes, or to deceive us or any authority, is a serious breach that may result in refusal, suspension or termination of the relationship and in reporting to the competent authorities.

Our staff, operators and relevant agents receive training appropriate to their roles so that they understand this Policy, can recognise the signs of money laundering, terrorist financing and sanctions evasion, and know how to escalate concerns promptly and confidentially.

• Training covers our legal obligations, the risk-based approach, customer due diligence, screening, red-flag indicators, the internal escalation route and the prohibition on tipping off;
• Training is provided on appointment and refreshed periodically and when there is a significant change in the law, our risk profile or our procedures;
• Overall responsibility for this Policy rests with senior management, supported by the compliance function, which oversees day-to-day implementation, internal escalations and reporting.

We may update this Policy from time to time to reflect changes in our services, our risk assessment, applicable law or good practice. When we make a material change, we will revise the "last updated" date above and, where appropriate, take additional steps to bring the change to the attention of affected customers.

The version of this Policy published on our website at the relevant time governs our anti-money-laundering practices. We encourage customers to review this Policy periodically. Continued use of our services after a change takes effect constitutes acceptance of the updated Policy, to the extent permitted by applicable law.

Questions about this Policy, or about a specific matter relating to anti-money-laundering compliance, should be directed to our compliance function.

• Compliance: compliance@premlogistics.com
• Legal: legal@premlogistics.com
• Data protection / DPO: privacy@premlogistics.com
• General enquiries: info@premlogistics.com; customer support: support@premlogistics.com
• Website: premlogistics.com

Postal correspondence may be sent to Premium Logistics SHPK (Premium Auto Bid), Rruga "Dubai", Lagjia nr. 2, cadastral zone 2066, property no. 89/38, 4-storey building, 2nd floor, Entrance 1, Kamëz, Tirana, Albania. This Policy is governed by the law of the Republic of Albania, and the competent courts of Tirana have jurisdiction over disputes arising from it.