Know Your Customer (KYC) and Customer Due Diligence (CDD) Policy

Introduction and Purpose

To help comply with the relevant laws and regulations in Australia, ’s best practice of Know Your Customer (KYC) and Customer Due Diligence (CDD) regulations which is subject to updates as and when relevant amendments to the Anti Money Laundering and Counter Terrorism Financing (AML/CTF) Act, 2006 and AML/CTF Rules, 2007 regulated by The Australian Transaction Reports and Analysis Centre (AUSTRAC) and is shown in this policy, which the KYC CDD procedure of abides by.

Due to increasing unscrupulous activities relating to crypto business, AUSTRAC has regulated and implemented and it is therefore, the regulatory body responsible for ensuring compliance with the AML/CTF Act, 2006. Therefore, aligns to the requisite mandates and directions by affiliating and aligning to the Anti Money Laundering and Counter Terrorism Financing (AML/CTF) Act, 2006, Anti Money Laundering and Counter Terrorism Financing (AML/CTF) Rules, 2007 and AUSTRAC Guidelines and the other relevant regulations and laws regarding any suspicious activity with the help of this policy relating to KYC and CDD Rules and Regulations. The Purpose of this policy is to considerably reduce identity theft and fraudulent activities including money laundering.

In this Policy “we”, “us”, “our” means and the terms “user”, “individuals”, “non-individuals” means the residents of Australia and the business enterprises registered in Australia under the Corporations Act, 2001¹.

The KYC and CDD Policy is uniformly applicable to all Users intending to utilise the Services or gain advantages from the Online Platforms of , constituting an integral element of the User Terms and Conditions. Before engaging with the Online Platforms or divulging any personal information, it's imperative to thoroughly examine this KYC and CDD Policy. Your use of the Online Platforms implies your explicit acknowledgment and adherence to the User Terms and Conditions and, consequently, this KYC and CDD Policy.

Besides this, the importance of KYC and CDD regulations lies in the following cardinal points:

• Improved customer transparency and trust
• Reduced potential for money laundering and other scams
• Reduced legal risks
• Enhanced stability

This policy aims to meet all of the highest security standards and store Personal Identifiable Information (PII) securely in the system, implying that the clients will not have to bear the liability of any potential infraction or violation of law or leaked customer data but still have easy and reliable access to it whenever they need it.

¹ Corporations Act, 2001 is regulated by Australian Securities and Investments Commission (ASIC)

Timing to Conduct

complies with the Anti Money Laundering and Counter Terrorism Financing Act, 2006, Anti Money Laundering and Counter Terrorism Financing Rules, 2007 and Guidelines of AUSTRAC, The Australian Securities and Investments Commission (ASIC) and The Australian Prudential Regulation Authority (APRA), imbibing the Forty Recommendations provided by the FATF. It is compulsory for the customers of to submit and/or upload their KYC documents to the KYC portal of at the time of commencement of business relationship². For existing customers, whenever there is any update in the KYC documents already submitted, the customers must submit updated KYC documents within a maximum period of 14 days of such update for revising the changed record³. The KYC and CDD processes and requirements mentioned in this Procedure shall be conducted and completed by the KYC team at in any or all of the situations as cited below:

• During the commencement of business relationship with the
• While conducting international money transfers for a person who is not an account holder/customer of .
• Whenever there is a suspicion and/or scepticism about the authenticity or adequacy of the personally identifiable information of the customer obtained by ⁴.

² Part II, Division 4, Section 32 of AML/CTF Act, 2006

³ Chapter 10.1.6 of AML/CTF Rules, 2007

⁴ Part II, Division 2, Section 29 of AML/CTF Act, 2006

Additionally, KYC and CDD procedures are also conducted and applied along with an additional report to the AUSTRAC, a customs officer or a police officer in case of an occasional transaction in cash that amounts to $10,000 or more, whether the transaction is executed in a single operation or in several operations which appear to be linked, into or out of Australia.⁵

Account opening shall not be guaranteed even if all processes and requirements are satisfied thereto. shall have its own discretion to accept the application.

Failure to Complete

obtains the Tax File Number (TFN number)⁶ or Passport number at the time of commencement of business with . If the customer fails to provide the requisite documents and/or forms at the KYC portal while logging in or signing up to avail the services of , shall temporarily cease operations in the account due to failure of KYC requirement, after providing an appropriate notice and reasonable opportunity to the customer to ventilate his infirmity to duly submit the requisite documents being Tax File Number or Passport number.

If the customer is not able to provide the KYC requisite documents for the time being due to an injury, illness or because of geriatric impediment or technological shortcoming, may hold the transaction and/or business with such a customer for the time being without ceasing and/or blocking the said account at that particular instant only after receiving a prudent and valid reason in writing and signed from the customer's end in this regard. is also entitled to suspend the account until the KYC process is completed to ensure compliance with regulations and security standards to avoid being exposed to civil penalties and criminal prosecution, possible license revocation or termination and reputation damage. However, such an account shall be subject to enhanced monitoring by the KYC team at .

For existing customers of who are not able to submit their Tax Filing Number or equivalent e-document or any other National Identification document as required, shall be at complete liberty and/or discretion to close the respective customer account and cease all obligations pertaining to the said account after establishing the identity of the customer by obtaining the identification documents of the customer.

Any existing customer who fails to complete regular or irregular KYC and CDD under this Procedure or produce a false or misleading information or document shall be deemed to have committed a fundamental breach of obligation, so the accessing services will at least be suspended tentatively or terminated completely and the customer shall also be liable to be levied a penalty. The customer might also be exposed to various regulatory risks and perils⁷ for which shall not be held responsible for any such unforeseen circumstances.

⁵ Part IV Division 1, Section 52 of AML/CTF Act, 2006

⁶ TFN is issued by the office of the Australian Tax Office (ATO)

Prohibited Customers

In any case identified as one where there is a high risk of money laundering or terrorist financing or where has determined that a customer or potential customer is a Politically Exposed Person (PEP)⁸, or a family member or known close associate of a PEP, undergoes through the procedure to be applied in case of Prohibited Customers.

does not entertain creation or existence of any account in the name of either an individual or enterprise appearing in the list of suspected high risk jurisdiction links which are approved by and periodically circulated by the AUSTRAC Guidelines, ASIC Guidelines and APRA Guidelines along with Financial Action Task Force (FATF) guidelines. Australian sanction laws implement United Nations Security Council⁹ (UNSC) sanctions regimes and Australian Autonomous Sanctions¹⁰ regimes. The regions currently implemented under Australian Sanction Laws¹¹ respectively are namely:

⁷ Division VII, Part 12 Section 136 and 137 of AML/CTF Act, 2006

⁸ Chapter 1, Part 1.2 of AML/CTF Rules Instrument 2007

• Central African Republic
• Democratic Republic of the Congo
• Guinea-Bissau
• Iraq
• ISIL (Da'esh) and Al-Qaida
• Lebanon
• Somalia
• South Sudan
• Sudan
• The Taliban
• Yemen

As per Australian Autonomous Sanctions, the following regions are demarcated as Sanctioned regions:

9 UNSC sanctions regimes are primarily implemented under Charter of the United Nations Act 1945 (the United Nations Act)

10 Australian autonomous sanctions regimes are primarily implemented under the Autonomous Sanctions Act 2011 (the Autonomous Act) and the Australian Autonomous Sanctions Regulations 2011

¹¹ Australian Govt- Department of Foreign Affairs and Trade (DFAT)

• Former Federal Republic of Yugoslavia
• Myanmar
• Russia/Ukraine
• Zimbabwe Thematic:
• Proliferation of weapons of mass destruction
• Significant cyber incidents
• Serious violations or serious abuses of human rights
• Serious corruption

Under both the Sanction laws of UNSC and Australian Autonomous Sanctions, the following regions are high-risk jurisdiction areas pertaining to AML/CTF offences.

• Democratic People’s Republic of Korea
• Iran
• Libya
• Syria

, besides carrying out the normal procedure for customer due diligence, also has appropriate risk management systems like sanction checks, name screening and transaction and account monitoring in place to determine whether the customer or potential customer or the beneficial owner is a PEP. Reasonable measures are also taken by for establishing the source of funds of the customer/applicant to ensure that no unscrupulous source of funds is involved in carrying out transactions involving .

If the customer happens to be a PEP or the family member of a PEP, the Senior Management at must be consulted in order to open and/or activate such an account at the portal and all such sensitive accounts shall be exposed to an enhanced CDD monitoring on a periodic basis if approved by the Senior Management. In case the existing customer or the beneficial owner of an existing account subsequently becomes a PEP, the approval of Senior Management shall be sought to continue the business relationship of such a customer with .

Therefore, shall be at a complete liberty and shall have complete discretion to not cease transactions altogether based on a particular potential risk factor to continue business operations¹².

Documents and Information by Individual Account

An individual shall initiate the account application from registration verification via App or Web as mentioned below and then complete the Identification and Verification processes by providing documents and information mentioned further in the following paragraph to complete fundamental steps of KYC and CDD.

The applicant shall provide the following information via mobile applications or web browsers:

¹² considers FATF’s decisions while assessing risk along with other Federal laws of Australia

• Name
• Residential Address
• Place and Date of birth
• Any other name the customer is known by
• TFN (Tax Filing Number) or Passport number
• Email
• Phone number
• Account password

The Applicant must also provide their Employment Information in the subsequent steps via their mobile applications or web browsers:

• Industry
• Occupation
• Source of Funds
• Employment Category
• Employment Type
• Annual Income
• Net Worth
• Transaction Volume
• If the Applicant is a Politically Exposed Person (PEP) or not
• Purpose of the account
• Current Banking Partner
• How long the Applicant had that banking relationship

The applicant shall also provide and upload the following documents and information via mobile applications or web browsers. Applicants obtain access to Basic Account after being identified, verified, and approved.

• One of these government-issued identity documents bearing the individual’s photograph, an identification number and date of birth:
• Passport or TFN
• Driver’s License
• Proof of residence issued within the last three
• Real-time live selfie of themselves
• Industry and occupation

Basic Account Customers can apply for the Premium Account by completing an additional form for more transaction services or a higher transaction limitation cap.

The information needs to be verified by the system to finish the Registration Verification, also known as Tier II Verification. After Tier II Verification and subsequent Approval by the designated officials at the KYC CDD Team of , the applicant obtains access to the Customer Service team, and transaction services are provided henceforth.

As needed, other relevant information or documents may be further collected for KYC and CDD purposes to evaluate the application comprehensively.

Documents and Information by Non-Individuals Account

The representative of a non-individual customer (e.g. Corporate, Enterprise) initiates the account application from registration verification via App or Web and then completes the Identification and Verification processes by providing documents and information to complete fundamental steps of KYC and CDD.

The representative of the non-individual customer shall provide the following information via mobile applications or web browsers, and the information will be verified by the system to complete the Registration Verification.

• Name
• Country
• Email
• Phone number
• Account password

After Verification, the representative only shall have limited access to the Customer Service team and basic transaction service will be provided up to a limited transaction cap. The representative of a non-individual customer shall provide and upload the following documents and information via APP or Web, and then after being identified, verified, and approved to have access to Basic Account.

Basic Company data¹³

• Company name (as registered by ASIC)
• Company registration number
• Country of incorporation

¹³ Chapter 1, Part 1.2 of AML/CTF Rules Instrument, 2007

• Corporate Structure
• Company registered address
• The ACN issued to the Company
• Whether the company is registered by ASIC as a Proprietary Company or a Public Company
• Company office address (if different from registered address)
• Company website (if applicable)
• Current Banking Partner
• Tenure of Business Relationship
• Description of Business
• Industry and business activity
• Purpose of account
• Profit
• Bank account details (if necessary)
• Source of investment funds
• Annual revenue, profit and total company assets
• Estimated transaction volumes and frequency
• Australian Company Number (ACN) or Australian Registered Body Number (ARBN)

Company Registered Address

• Company Registered Name
• Company Registered City
• Company Registered State
• Company Registered Zip Code
• Company Registered Country

Company Office Address Information (If different from Registered Address)

• Company Registered Name
• Company Registered City
• Company Registered State
• Company Registered Zip Code
• Company Registered Country

Company documents

• Certificate of Incorporation
• Memorandum and Articles of Association or Incorporation
• Business registration document or Certificate of Incumbency or company search report (issued within the last 6 months)
• Register of Directors
• Memorandum or Operating Agreement
• Register of Shareholders
• Board Resolution or similar written authorisation to open an account with
• Proof of Address (issued within the last 3 months showing company business address).

• If there are persons authorised to access and operate the account,
  • Authorisation Letter indicating the capacity
  • Identity documents of Beneficial Owners (such as the Board of Directors, Ultimate Beneficial Owners with more than 25% shares of the company, and Authorised Persons): Selfie, Proof of Identification (such as passport, national ID or driver’s license), and Proof of Address.

Ultimate Beneficial Owner (UBO) Information¹⁴

• Name of the Owner
• Email
• Phone number
• Address of the Beneficiary Owner
• Date and Place of Birth
• TFN or Passport no.
• Percentage of Ownership
• If the Beneficiary Owner is a Politically Exposed Person (PEP)
• Proof of Identity as approved by the National Authority
• Proof of Address as approved by the National Authority
• Selfie holding the identity document

¹⁴ Chapter 4, Part 4.12, section 4.12.1 of AML/CTF Rules Instrument, 2007

• Proof of document supporting the Source of Investment

Bank Details of the Ultimate Beneficial Owner

• Beneficiary name
• Bank Name
• Bank address
• Account
• Account type
• Routing
• Swift code
• IFSC Code

According to the request, information and documents provided during the account application will be considered and judged by the KYC and Compliance teams as to whether the Premium Account could be approved or not.

Other relevant information (and documents as needed) may be further collected for KYC and CDD purposes in order to evaluate the application comprehensively, e.g. documents of Board of Directors, additional information and source of funds of UBOs, AML Policy/Questionnaire as proof of compliance or audited financial statement as proof of source of funds.

Identification and Verification (ID&V)

Anyone expecting to have services by shall complete the KYC and CDD procedure first. Identification and Verification (ID&V) are fundamental requirements of KYC and CDD which shall be completed via App and Web designed by . complies with the requirements as to verify the identity of the customer, any person purporting to act on behalf of the customer and any beneficial owner of the customer before the establishment of a business relationship or the carrying out of the transaction. But if the verification of the customer/applicant, any person purporting to act on behalf of the customer and the customer’s beneficial owner as aforementioned, is completed as soon as practicable after contact is first established, the verification may be completed during the establishment of the business relationship under the following circumstances:

• this is necessary not to interrupt the normal conduct of business; and
• there is little risk of money laundering and terrorist ¹⁵

Collection of Identity Evidence: Three types of identity evidence shall be collected and uploaded into the system via mobile applications or web browsers. verifies the identity of its clients and the beneficial owner, by following the following steps:

• authentication by any Government issued identity document; or
• use of passport issued; or
• use of any other officially valid document or modes of identification as may be notified by the Government in this behalf

Document Authenticity Check: determines the authenticity of the customer’s identity documents by comprehensive image analysis for signs of tampering or modification through the use of editors. If any fraudulent or modified copy is detected, the AI will automatically flag fake or forged documents.

¹⁵ Chapter 6, Part 6.1 of AML/CTF Rules Instrument, 2007

Text Recognition: deploys an automatic recognition by extracting data from customer’s identity documents (e.g. passport, proof of address or driver’s license) and matches their data (e.g. full name, date of birth and address) against other documents (e.g. proof of address).

Facial Recognition: The AI at compares the face on the customer’s selfie with the identity document (e.g. passport, national identity card or driver’s license) by an automatic confirmation of a match of the customer’s face. The Confirmation result will be rendered of “Match” or “Doesn’t Match”.

Additional Check: The AI at also includes the following checks -

1. Completion of the identity documents;
2. If photos have been retaken from a screen;
3. Cross-check of all data from all submitted documents (name, date and place of birth and signature).
4. Duplicate

5. Address

Depending on the results of ID&V, the KYC team will take different actions, including but not limited to declining the application directly, enquiring more information from the applicants, or discussing with the Compliance team to finally allow the Applicant to commence business using .

Prohibited and High-Risk Countries

The country risk of each customer is highly relevant to the risk taken by . Thus, includes the nationality of the customers and the country they live in. As per the AUSTRAC Guidelines, ASIC Guidelines and APRA Guidelines along with Financial Action Task Force (FATF) guidelines and the Australian sanction laws which implement United Nations Security Council¹⁶ (UNSC) sanctions regimes and Australian Autonomous Sanctions¹⁷ regimes, the High Risk third countries are the countries which are at a higher risk of money laundering because of those countries being more vulnerable and at a high risk of money laundering crimes. The top ten high risk countries which are at the highest risk of money laundering are Heiti, Chad, Myanmar, the Democratic Republic of Congo, Republic of Congo, Mozambique, Gabon, Guinea-Bissau, Venezuela and Laos respectively. Hence, the KYC and CDD verification whenever conducted, is conducted in an intrinsic, minute and extensive manner calling for an Enhanced CDD Procedure.

In case either the nationality or country where the customers are located or live is treated as a Prohibited Country, then the application will be declined during the ID&V process. Similarly, if treated as a high-risk country as per the latest United Nations Security Council and Australian Autonomous Sanctions List and FATF Regulations, the KYC team will consider this factor and classify the customer’s risk level pursuant to the Scoring Mechanism.

16 UNSC sanctions regimes are primarily implemented under Charter of the United Nations Act 1945 (the United Nations Act)

17 Australian autonomous sanctions regimes are primarily implemented under the Autonomous Sanctions Act 2011 (the Autonomous Act) and the Australian Autonomous Sanctions Regulations 2011

Prohibited and High-Risk Industries

Industry risk, including the occupation and the business nature, is highly relevant to each customer. In case either the occupation or the business nature is treated as a prohibited industry, then the application will be declined. Similarly, if treated as a high-risk industry, the KYC team at will consider this factor and classify the risk level of the customer pursuant to the Scoring Mechanism. The table below shows the relevant industries for reference which are checked for risk scores.

Ultimate Beneficial Owner (UBO)

To reach the goal of Money Laundering and control of Terrorist Financing, identifying the UBO¹⁸ of the applicant is essential, whether they are Individual and Non- Individual customers. For non-individual customers, the identification of UBO is mandatory and required via the information and documents collected.

determines the UBO of the customers via various methods, including applicants’ voluntary disclosure, sales team’s inquiry, and the KYC team’s screening process. This helps to verify if an ultimate beneficial owner is a real person who is accurately representing himself. It also checks if that person is conducting legitimate business, including getting their funds from non-criminal sources.

Shareholders owning more than 25% shares of the company will be deemed as UBOs of the non-individual customer.

Anyone with significant influence on the Individual and Non-Individual customers shall be deemed as UBO as well. Information and measures mentioned below are clues to consider. For example:

• An individual identified as a UBO of a customer based on the ownership and control structure of the customer;
• A voluntary claim to act on behalf of the customer with identification and verification of their right of representation;
• Reasonable inference of a UBO of a customer based on nature of business relationships and business transaction, as shown by the information available;
• Gathering information on whether a person is a politically exposed person (PEP), their family member or a person known to be close associates;

¹⁸ UBO is an individual who holds a minimum of 10-25% (dependent on jurisdiction) of capital of the applicant (esp. enterprise)

Basic details that should be recorded about any ultimate beneficial owner here at include:

• Full name
• Title
• Date of birth
• Country of residence
• Home address
• Citizenship
• Social Security Number
• Passport number
• Any other ID issued by a Federal Government

Anyone deemed or treated as a UBO of the applicant shall provide his or her information and relevant documents to complete the ID&V process as well.

Name Screening

As an important part of the KYC and CDD, Name Screening is supported through the KYC verification team which provides vendor solutions and Watchlist Checks. The screening result shall be further reviewed by the KYC team. Name Screening shall check a customer’s name against a commercial database for possible matches of PEPs, sanctions events, or adverse media with fuzzy matching capability. KYC verification team at uses a commercial database by including the following lists:

• International sanction lists or blacklists from the FATF, the AUSTRAC, the ASIC and APRA guidelines,
• PEP lists covering 200+ countries,
• Criminal and law enforcement lists,

• Interpol wanted lists,
• Regulatory enforcement lists, and
• Adverse

Name screening has a practical application in the operation of , particularly in preventing money laundering, enhancing KYC processes, and mitigating fraud and financial crimes. By incorporating name screening into the workflows, strengthens due diligence measures by identifying potential risks associated with customers or transactions, and takes appropriate actions to mitigate those risks encompassing and not limited to money laundering and terrorist financing activities. By screening the names of customers, beneficiaries, and related parties against government sanctions lists and watchlists, identifies individuals or entities with known links to illicit activities and takes appropriate measures to prevent their involvement by conducting comprehensive screenings during customer onboarding. By cross-referencing names against adverse media databases and internal watchlists, identifies individuals or entities associated with previous fraudulent activities or negative reputations. performs the Name Screening process by the following methods:

• Conducting Comprehensive Name Screening

conducts comprehensive name screenings that cover a wide range of data sources, including government sanctions lists, PEP lists, internal watchlists, and adverse media databases.

• Utilising Advanced Screening Technologies

Advanced screening technologies used at enhances the efficiency and effectiveness of name-screening processes which utilise sophisticated algorithms and nebulous matching techniques to accurately identify potential matches for meeting with the sanction requirements.

• Implementing Risk-Based Approaches

A risk-based approach to name screening conducted by involves assessing the level of risk associated with each customer or transaction and applying appropriate screening measures accordingly pertaining to high-risk and low-risk customers and transactions respectively.

• Regularly Updating Data Sources

Name screening at always ensures that the data sources are up-to-date and regularly refreshed.

The KYC team takes appropriate actions to remove concern for any alert or reminder issued or triggered during identification, verification, or name screening. Furthermore, the KYC team shall report to the Head of Compliance to consider which actions shall be taken or not. If there is any suspicious activity found or the prospective customer is sanctioned, the application shall be declined directly.

Politically Exposed Persons (PEPs)

Recommended by the Financial Action Task Force (“FATF”) and the AUSTRAC Guidelines, PEPs are deemed as persons with higher money laundering or terrorist financing risk because they always have powerful influence or more chances to facilitate or be exploited to suspicious or illegitimate activities¹⁹. In determining what risk-management systems and procedures are appropriate for a beneficial owner or customer, takes account of—

• the risk assessment performed to evaluate the risks of money laundering and terrorist financing; and
• the extent to which the risk would be heightened by the business relationship or transactions carried out by with a PEP or a family member or known close associate of a PEP.

If has ascertained that a customer or a potential customer is a PEP, or a family member or known close associate of a PEP²⁰, assesses—

• The source of funds or wealth of the PEP or the family member or associate of the PEP,
• the extent of the enhanced customer due diligence (enhanced CDD) measures to be applied in regards to that customer.²¹

Though not equivalent to prohibited or sanctioned users, more actions shall be taken before providing services to customers of PEPs. Approval to open an account of the PEP or the family member or close associate of the PEP should be sought from the Senior Management. In the event of an existing customer subsequently becoming a PEP, approval to continue the account is to be sought from the Senior Management.

¹⁹ Part 1.2, Chapter 1 of AML/CTF Rules Instrument, 2007

20 PEP associates and relatives refer to a person who is not a PEP, however, having close relations with the PEP.

²¹ FATF’s Forty Recommendations (recent amendment in 2023)

Specifically, PEPs are treated as high-risk level and Enhanced Due Diligence (EDD) measures are taken by .

Adverse Media

Adverse media refers to negative or unfavourable information about individuals, entities, or organisations that could indicate potential involvement in financial crimes, corruption, or other illicit activities. Except for the Sanction or PEPs character, adverse media is also a significant factor which is considered to decide the ML/FT risk level of each user. includes structured adverse media, presented within the database helping the clients identify entities and individuals reported in the reputable media as being accused, investigated, arrested, or convicted of specific offences.

For any potential match of adverse media, the KYC team shall browse the media and map the information collected to determine a true match or a false match. The mapping can be based on picture, full name, location, gender, age, education, working experience and other set criteria pursuant to the procedures and risk-based approach by setting parameters to filter via secondary identifiers, keywords, categories, sub-categories, location and more.

The KYC team shall consult with the Compliance team to determine what further action may be taken if there is an uncertain concern on the adverse media and could not be removed.

The KYC team may seek advice from the Compliance team and shall input the logs of handling into the Compliance Case List which is designed to retain records of actions taken for potential match reminders.

Review and Approval

The KYC team at reviews the ID&V result and asks the customer to further explain or provide more supplement if any deficiency or concern is detected. The action, process, and result of the further checking shall be inputted into the KYC Compliance cases, and then the Compliance team reviews to decide whether to accept the application. If there persists any concern that the ID&V result can’t be removed, then the application shall be declined. If the concern is removed, the application can be accepted and the alert or reminder will be treated as a false hit. ID&V is an essential part of the KYC and CDD process, so all applications shall be verified and if found viable, approved by the KYC team. However, if necessary, the KYC team shall further seek for additional approval of the Compliance team who shall align ongoing monitoring with risk policies.

Any record or log is important to show the efforts on the AML/CTF framework. Therefore, all employees shall retain any record or log appropriately in place for any review or auditing purpose in the future.

Scoring Mechanism

The KYC Team at grants a score to each customer in accordance with the information and documents collected to decide the ML/TF risk level of each customer. These are considered, clearly articulated and recorded across the risk assessment and due diligence is readily performed. If any concern of the score, the KYC team shall discuss with the Compliance team without delay.

Hierarchy of scoring:

• below 39 is low-risk
• 40 to 79 is medium risk
• above 80 is high-risk

Factors and scoring covered under the Scoring Mechanism are listed below. The factors and scores mentioned will be updated or changed from time to time pursuant to the services provided and risk borne.

1. High-risk country, including nationality and POA: 80
2. High-risk industry, including Industry and Occupation: 80
3. PEP: 80
4. Age: 30
   1. a. Individual: below 25 or above 65 years
   2. b. Corporate: registered or changed ownership within two years
5. Adverse media (truly positive): 30
6. Premium account²²: 10
7. More than one Fiat Money: 7.
8. BitCheck²³: 10

The table tabulated below shows the various parameters on which Risk Score weightage of Individuals pertaining to the basic heads is calculated:

²² Some services or a higher transaction cap will be provided to a premium account user only

²³ BitCheck is a commercial escrow feature for both Fiat currencies and Cryptocurrencies exchanges between ’s users

Customer Risk Classification

uses deep learning to understand the details of each customer and the broader context they operate in, delivering actionable insights in seconds with much fewer false positives. All customers of thus shall be assessed and classified into three categories as per the FATF and AUSTRAC guidelines corresponding to the due diligence measures commensurate with their ML/TF risks pursuant to Scoring Mechanism:

1. Low-risk customer
2. Medium risk customer
3. High-risk customer

Rules of High-Risk Customer and Enhanced Due Diligence is applied by by adapting to changes in sanctions and other regulatory requirements.

The KYC team shall input the classification into the system to monitor when and how to conduct ongoing KYC and CDD in the future.

The Head of Compliance approves to allow the high-risk customer while on- boarding. The KYC team prepares the report and relevant evidence in regards to acceptance or decline of the application.

Enhanced Due Diligence (EDD)

duly applies Enhanced customer Due Diligence measures and enhanced ongoing monitoring, in addition to the customer due diligence measures to manage and mitigate the risks arising in any case identified by itself or in information made available to , as one where there is a high risk of money laundering or terrorist financing. has in place appropriate risk-management systems and procedures in case of a customer or the beneficial owner of a customer being a PEP or a family member or a known close associate of a PEP, and efficiently manages the enhanced risks arising from the business relationship or transactions with such a customer with expertise and prowess.

In case of scenarios requiring Enhanced Due Diligence (EDD) Procedure, KYC team shall provide the EDD form to applicable customers to complete the process taking into consideration but not limited to the risk assessment it carried out, the level of risk of money laundering and terrorist financing inherent in its business, the extent to which that risk would be increased by its business relationship or transactions with a PEP, or a family member or known close associate of a PEP and any relevant information in custody of . Relevant files or documents of EDD shall be reviewed exhaustively and approved by the Head of Compliance Team and then filed by the KYC team.

The following measures are taken by in order to manage and mitigate the ML/TF risk that is higher than usual:

• Obtain additional identification documents, data or information from credible and independent sources.
• Gather additional information or documents on the purpose and nature of the business relationship.
• Gather additional information or documents for the purpose of identifying the source of funds and wealth of the customer.
• Gather information on the underlying reasons for planned or executed transactions.
• Increasing the number and frequency of control measures in monitoring customer relationships and/or transactions.
• Receiving permission from the Management team to establish or continue a business relationship.

Watch List

designs the control of the Watch List to mitigate the ML/FT risk to those who bring higher risk, such as High-Risk Customer or Customers with adverse media. After completing the KYC and CDD process, the KYC team shall input applicable users into the Watch List depending on different risk levels. complies with KYC and CDD Procedure abiding by AML/CTF Act, 2006, AML/CTF Rules Instrument, 2007 and AUSTRAC Guidelines. Watchlist Screening provides powerful protection by screening users and other businesses against the common global watchlists and adverse media sources. The Watchlist Screening at works in the following chain:

• Collection of data
• Identifying High-Risk Profiles
• Divulging into global intelligence by flagging enterprises and individuals when they appear in the global adverse media and list search
• Staying ahead of tentative risks by an on-going monitoring for safety and compliance
• Simplifying workflows and integrations

Users on the Watch List shall be monitored regularly by the Investigator to see whether any further actions shall be taken. For more details, please refer to the “Transaction Monitoring Procedure”.

Account Type

Basic Account:

The Applicant/customer after a successful login and entry of required details as aforementioned in this instant policy shall be approved to invest and obtain the basic services from by the KYC team if deemed fit and proper. Once the KYC team passes the customer portfolio to the Compliance team, the Compliance team shall approve the same following which the customers will be allowed access to basic services provided.

Premium Account:

customers can apply to upgrade to a premium account by submitting an application form, information or documents requested for more services, increased trading limits or higher transaction limitation cap with lesser trading fees. The Applicant/customer can apply for upgradation after a successful login and entry of required details as aforementioned, shall be approved to invest and obtain the basic and premium services from by the KYC team if deemed fit and proper. Once the KYC team passes the customer portfolio to the Compliance team, the Compliance team shall approve the same following which the customers will be allowed access to basic and premium services provided.

Ongoing Monitoring

offers a risk-based approach to maintaining Customer Due Diligence (CDD) information which involves monitoring accounts and transactions for risk patterns, and routinely verifying and updating client information. Ongoing Monitoring is a critical component of effective CDD procedure which is ensured at involving:

• Systematic review of accounts, transactions, and risks
• Understanding account status, even in real time
• Identifying transactions that deviate from the regular pattern of activity
• Valuing and updating client information

To ensure the documents, data, and information previously collected from the customers are up-to-date, the KYC team shall undertake a regular review of existing records according to the following schedule:

• High-risk customers - every year.
• Medium risk customers - every two years.
• Low-risk customers - every three years.

In addition to the above periodic reviews, existing CDD records should be reviewed upon trigger events. Examples of trigger events include:

• Re-activation of a dormant account.
• Change in the beneficial ownership or control of the account.
• When a significant transaction is to take place (“Significant” is not necessarily solely linked to monetary value. It may include transactions that are unusual or not in keeping with the expected behaviour of the customer. Significant transaction includes a wide range of transaction peculiarity, such as a deviation from the user’s transactional volume or frequency)
• When a material change occurs in the way the customer’s account is operated.

will monitor customers’ transactions to ensure that the transactions are reasonable to the knowledge of the customer and risk profile.

Reporting

provides information about compliance in regards to Money Laundering and Terrorist Financing, Customer Due Diligence, Reliance and Record Keeping, Ultimate Beneficial Owner Information and Cryptoasset Transfers to the Australian Transaction Reports and Analysis Centre (AUSTRAC), being the Supervisory Authority pertaining to financial service industry which is imperative to calculate charges for cost of supervision, or is reasonably required by the AUSTRAC in connection to conduct any of its supervisory functions. The compliance information is provided to the AUSTRAC by in such form and manner as deemed fit.

Review Process

Review process at involves a comprehensive analysis that spans various facets of a project, including its market potential, tokenomics, team credibility, technological innovation, and competitive positioning. The “last approved date” is the date a periodic review or an event-triggered review was completed previously at . If the last approved date is not present or not recorded, the account opening date should be applied as the first date of the reviewing cycle.

The KYC team shall monthly check which customers to conduct the Re-KYC process and send the Re-KYC form to them according to the timeline mentioned in Ongoing CDD and KYC at least 30 days before the due date of previous CDD and KYC result. The account shall at least be suspended tentatively or terminated directly, if:

1. A periodic review can not be completed by the due

2. A triggered event review can not be completed within a reasonable time or more than one month.

Dormant Account

A dormant account is a control designed by to make sure the resources are placed in the right group of customers. An account will be treated as a dormant account to be suspended after no activity more than 6 months or any exceptional situations determined by KYC and Compliance teams. After being approached by , Customers, who fail to update their information or to clarify concerns detected and no activity more than six months, will be deemed and tagged as a dormant account and all the relevant access previously given to the customer will be blocked. To reactivate the dormant account, the client must at least complete the Re-KYC process. The KYC team may need to collect more information or documents based on its risk evaluation.

Off-Boarding

It's the right of every user to terminate the business relationship and ask for account closing. The KYC team at is in charge of helping the user to complete the relevant process of closing the account, regardless of which contact the user reaches out to express their intent to close the account. The Suspicious Transaction Reporting (STR) rule, along with other relevant policy and regulations, shall govern the issues of documentation and record-keeping when the customer begins and completes the off-boarding process.

Changes to this Privacy Policy

updates its privacy policy from time to time. Any changes whatsoever shall be notified to the customers of by posting the new Privacy Policy on this page. The customers are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page on the Website.

Contact

For any query about this Policy, the contact information is given below:

• By visiting this page on the website: [.com]

• By sending an email:[compliance@.com]