Valentina Gogaki

Responsible for constantly reviewing and kept up to date on upcoming directives/regulations related to EMIs (AML, DORA, EBA RTS/ITS, etc).

• • Responsible for creating the third party vendor risk assessment tool along with the relevant update of the Risk framework.

• • Responsible for conducting a GAP analysis on regulatory obligations such as DORA and creating an action plan to reach compliance under tight timelines.

• • Responsible for maintaining and co-handling the AML, Sanctions and Business wide risk assessments of the company. This includes performing the gap analysis, creating the remediation plan with relevant stakeholders and circulating such plan accordingly with expected completion dates.

• • Ensure that the business is conducted in good faith, and in accordance with good business practices, business conduct rules and prudential rules as set forth in applicable legislation and in the regulations of the CBC as these may be amended from time to time.

• • Ensure that all Company staff comply with its policies, procedures and applicable regulation, and the business code of conduct and ethics for Electronic Money Institutions.

• • Supervise, monitor and assess the operational performance of each department. This includes the creation of a KPI assessment program which is performed on a quarterly basis by each manager.

• • Supervise and coordinate annual audits (external, internal, IT, Penetration tests, etc) and risk assessments related to all departments (business wide risk assessment). Remediation plan circulated to relevant stakeholders.

• • Annual and ad hoc reports to the BoD and relevant Committees making recommendations and indicating in particular whether the appropriate remedial measures have been taken in the event of any deficiencies or need to be taken.

• • Create, review and approve policy description concerning information systems and monitor the policies in

place.

• • Monitoring the systems and controls (including, without limitation, the AML/CFT Procedures and other documented policies and procedures, in line with the requirements of the Regulations, as amended from time to time).

• • Carrying out regular audits of the AML/CFT Procedures and any other policies and procedures used by the Company, to adhere to the requirements of the Regulations;

• • Creation of Procedures along with relevant Flow Charts which are circulated to relevant senior staff to ensure they are followed and communicated properly. These Procedures are regularly reviewed and updated accordingly. Performance of Transactional Monitoring along with creation of reports with pre determined variables and data analysis. Coordination and Implementation of Annual IT – DPIA – Privacy Audits and Penetration tests involving the relevant regulatory framework(s) and EBA (European Banking Authority) Guidelines. Training and supervision of Staff regarding the Company's procedures and systems. Creation and Implementation of new system developments that enhance productivity and automate processes. Reporting to Skash Senior Management and AstroBank Board of Directors regarding Compliance, Risk, O&M.

• • Responsible for the supervision and launch of a new Anti-Money Laundering (AML) software.

• • Collected client information which is then formulated through the software and indicates the risk percentage of money laundering.

• • Supported the AML team in completing and reviewing client information.

• • Prepared a daily progress report for the CEO and for all managers and partners. This report indicated the completion rate of the project and each group's daily performance.

• • Prepared presentations and training for all offices in Baker Tilly Klitou and answered any queries that might have occured. Consulting Responsible for reviewing eligible applicants considering the European Funding program. Day to day communication with the applicants gathering all required documents. Reporting and analysis of the relevant documents. GDPR ( General Data Protection Regulation)

• • Weekly meetings with the clients regarding their status on data protection. These meetings provided a broad aspect of how each client performs in the operation and what measures needed to be taken in order to comply with the new data protection regulation.