1. GENERAL PROVISIONS AND REGULATORY FRAMEWORK
This Anti-Money Laundering and Countering the Financing of Terrorism (AML/KYC) Policy, which includes identification and verification of users (Customers) has been developed in accordance with the law of the Kyrgyz Republic. As a provider of virtual asset services, the Company operates in adherence to the requirements of the Law of the Kyrgyz Republic No. 87 of August 6, 2018 “On Countering the Financing of Terrorist Activity and Legalization of Criminal Proceeds (Money Laundering)” (hereinafter – the Law) and the applicable regulatory acts, including the Decree of the Government of the Kyrgyz Republic No. 606 of December 25, 2018.
This Policy applies to all users (Customers) of the company – both individuals and legal entities, and is intended to prevent the use of the company’s services for legalisation of criminal proceeds (money laundering), financing of terrorism and other illegal purposes. The company has implemented an Internal Control Program (ICP) meeting the regulator’s general requirements, appointed a designated official (AML/CFT Officer) and takes the required measures to observe the principles of “Know Your Customer” (KYC) and risk-oriented approach.
2 USER (CUSTOMER) IDENTIFICATION, VERIFICATION AND CHECKING
Within the context of its operation, the company performs a complex Customer identification and verification procedure prior to the establishment of business relations. In the course of this identification and verification procedure, the Company requests (without limitation) the following documents and data:
For individuals:
• full first name, surname, patronymic (if applicable), date of birth and residential address as per the identity document. Individual Customers must provide a national passport, ID card or any other identity document issued by competent authorities (e.g., a military registration card, a driver’s licence).
For self-employed entrepreneurs:
• The documents required of an individual, documents / certificate of state registration as a self-employed entrepreneur, documents certifying the fact of maintaining business activities without a state registration (patent) in accordance with the law.
For legal entities:
• Full name of the organisation, registered address (location) and the taxpayer identification number, as per the documents of state registration as a legal entity. Representative of a legal entity shall submit documents certifying their authority (resolutions of a governing body, powers of attorney, orders, etc.), the company’s incorporation documents (incorporation resolution, articles of association, deed of incorporation – if applicable); documents certifying state registration and registration with the tax authority, licences (when required, if the operation of the legal entity is subject to licensing). Other data thus requested includes data and documents on the company’s ownership structure and beneficial owners.
• Contact details: for the purpose of maintaining prompt contact and issuance of notices, all Users (Customers) must provide updated contact details for communication – e-mail address; if required – phone number or other contact details.
• The Customer’s purposes of interaction with the Company, origins / sources of funds: prior to the commencement of service (including the opening of an account), the Company requests the Customer to provide information on the anticipated purposes of service usage and the essence of the intended transactions (for example, investments, trade, etc.), and may also request information / documents on the source of funds. The Company performs these activities within the User (Customer) due diligence procedure, which allows assessing the risk level and identify deliberate false purpose statements for the intended cooperation.
• Beneficial owners: The Company identifies ultimate beneficial owners of the Customer (applies to legal entities, trusts, other organisational structures) and takes timely and reasonable measures to identify and verify these owners. Thus, the Company takes all appropriate measures to identify (apart from nominee shareholders or representatives) individuals who control or own substantial stakes in the organisation that acts as a Customer. Within the boundaries of such check / identification, the Company requests data / documents, verifies these using any available and legal means, including through open sources; uses other legal and available means of verification.
In the course of identifying / checking Customers, the Company acts in accordance with the provisions of Article 21 of the Law, performing the proper Customer Due Diligence procedure: identifies and verifies the Customer, identifies the purposes of business relations, identifies and verifies beneficial owner data, documents and stores the obtained data and keeps these updated. The Company reserves the right to deny / refuse to commence any service and/or suspend a transaction if the Customer in question fails to provide / delays the provision of the required identification data / documents, or if the provided data / documents have been revealed as false.
3 RISK-ORIENTED APPROACH
The Company maintains an approach based upon a comprehensive assessment of risk factors in respect of a Customer and the essence of transactions being carried out, as required by the law.
All Customers and transactions are classified into risk level groups (low, medium, high) considering a variety of factors: jurisdiction of residence or registration, the Customer’s business area, transaction volumes, sources of funds, the Customer’s affiliation with politically exposed persons (PEP) or their relatives and agents, as well as other factors.
Within the boundaries of this approach, the Company may apply enhanced measures to investigate Customers and transactions with increased risk level, and vice versa – apply simplified measures in low-risk situations.
Enhanced measures inсlude a more detailed verification of the Customer’s data and documents, which includes requesting additional documents and data on financial standing, purposes of transactions, more frequent and detailed transaction monitoring, seeking approval of the Company’s management for the performance of transactions and/or delivery of a collegial decision in respect thereof by competent employees, as well as other measures as may be required.
The Company allows simplified verification measures for Customers or transactions with negligible risk factors and within the boundaries permitted by the law. Application of simplified verification measures by the Company in respect of a Customer and the transactions effected in the latter’s interests shall not apply / be discontinued in case any respective suspicions arise of money laundering, terrorist financing or other illegal activity. Whenever such circumstances arise, the Company applies verification and control measures in respect of the Customer premised on high risk factors.
4 DENIAL OF SERVICE TO PERSONS OF PROHIBITED CATEGORIES
The Company does not provide services to persons of the following categories:
• individuals under the age of 18. The age of an individual is verified and confirmed through the identification and verification procedure that involves presenting the respective certifying documents to the Company.
• persons on sanctions lists as per the law and persons on other lists of unwanted customers.
Prior to the commencement of cooperation, the potential Customer (individual or legal entity) is checked against national and international sanctions lists, as well as lists of persons involved in terrorist, extremist or other illegal activity. The Company denies service to Customers (also considering their beneficial owners) found on any sanctions lists in accordance with the AML/CFT legislation aimed at the observance of financial sanctions and protection of the financial systеm.
The Company also reserves the right to deny service to other persons if required to do so by the law or internal policies (e.g., residents of countries subject to international prohibitions, etc.).
5 TRANSACTION MONITORING AND REPORTING SUSPICIOUS ACTIVITY
All Customer transactions in the process of service are controlled by the Company. The Company continuously monitors the Customers’ transactions to identify any suspicious operations or transactions of an unusual character. Criteria have been established to determine whether a transaction may be assessed as suspicious (for instance, considerably large amounts, uncharacteristic activity for this specific Customer, affiliation with high-risk jurisdictions, abrupt change of accustomed essence of transactions, other activities).
If the course of monitoring leads the internal control service to suspect that a specific transaction might be associated with legalisation of criminal proceeds (money laundering), terrorist financing or other illegal activity, the Company shall undertake the required measures in accordance with the law. The Company conducts a mandatory internal analysis / investigation and, if any reasonable suspicions are confirmed, the suspicious transaction is reported by the Company to the authorised government institution – the Financial Intelligence Service of the Kyrgyz Republic. Suspicious Transaction Reports are sent without notice to the Customer as per the provisions of the law which prohibits disclosure of information on the AML/CFT measures undertaken by the Company.
Apart from reporting suspicious transactions, the Company observes the established procedure by providing data on transactions subject to mandatory control (e.g., if the amount exceeds the threshold determined by the law).
The Company cooperates with competent authorities and regulatory organisations: at their request (within the boundaries of the law), the Company may disclose the available data about Customers and their transactions. At that, the disclosure of information occurs strictly within the boundaries set by the law and under control by the Company’s designated officials.
6 DATA STORAGE AND PROTECTION, CONFIDENTIALITY
All data received from Customers within the boundaries of KYC checks and transaction data are stored by the Company in accordance with the requirements of the law and the Company’s internal policy on confidentiality.
Customer identification and verification documents and information, transaction data and any other AML/CFT-relevant materials are to be stored for no less than 5 (five) years after the date of expiration of the Agreement with the respective Customer or after the time of completion of the respective transaction. This period may be extended pursuant to the provisions of any additional regulatory acts enacted by government authorities and/or upon request of financial intelligence agencies. Paper-based records are protected against loss or damage, whereas electronic data is stored in protected information systems and backed up on a regular basis.
The Company maintains confidentiality in respect of all documents / data obtained from Customers. Employees authorised to process Customer documents / data are bound by confidentiality requirements and personally responsible for disclosure of such data. Information on Customers and their transactions may only be disclosed to third parties in cases provided for by the law of the Kyrgyz Republic, e.g. upon request of authorised institutions or with the Customer’s consent. Maintaining confidentiality of Customers’ personal data and financial information is one of the Company’s key business principles.
7 INTERNAL CONTROL AND EMPLOYEE TRAINING
For the purpose of implementing this Policy, the Company employs the Internal Control Service, which is responsible for the observance of AML/CFT standards. The Service is charged with developing internal procedures, analysing risks and continuous transaction monitoring. A special employee is designated (AML/CFT Officer, Compliance Officer), who reports to the Company’s top management and is vested with the required resources and authorities to implement the respective aggregate of measures.
The Company implements employee training and professional development programs in anti-money laundering and countering the financing of terrorism.
All new employees undergo an onboarding AML/CFT briefing and familiarise themselves with the Company’s internal policies and regulations. Scheduled training events are held regularly (no less than once a year), and extraordinary target briefings are held in case of any changes in legal acts. The Company’s management ensures adequately high knowledge level of the personnel and organises additional training or certification whenever required.
The Company takes all required measures to maintain compliance with legal requirements in the domain of AML/CFT and KYC principles, which allows minimising the risks of the Company’s involvement in dubious transactions and ensuring proper operations transparency for regulatory bodies.
Published on: September 22, 2025
Revised on: January 26, 2026
