CHANGEBOX LLC

Anti-Money Laundering (AML)/Know your client (KYC)

Policy

Effective Date: 14 March 2025

1. Company Policy:

• Purpose

The Anti-Money Laundering (AML) and Know Your Customer (KYC) Policy established by Changebox Limited, registered in the British Virgin Islands (hereinafter “Company” or “We”) exists to detect, prevent, and deter money laundering and terrorist financing activities. The purpose of this policy is to comply fully with the requirements of The BVI Financial Services Commission outlined in the Anti-Money Laundering Regulations, 2008 and the Anti-Money Laundering and Terrorist Financing Code of Practice, 2008. This policy aims to establish robust processes for identifying customers, verifying their identity, monitoring transactions, and reporting suspicious activities.

Terrorist financing may not involve the proceeds of criminal conduct, but rather an attempt to conceal either the origin of the funds or their intended use, which could be for criminal purposes. Legitimate sources of funds are a key difference between terrorist financiers and traditional criminal organizations. In addition to charitable donations, legitimate sources include foreign government sponsors, business ownership and personal employment. Although the motivation differs between traditional money launderers and terrorist financiers, the actual methods used to fund terrorist operations can be the same as or similar to methods used by other criminals to launder funds. Funding for terrorist attacks does not always require large sums of money and the associated transactions may not be complex.

This policy procedures and internal controls are designed to ensure compliance with all applicable regulations and rules and will be reviewed and updated on a regular basis to ensure appropriate policies, procedures and internal controls are in place to account for both changes in regulations and changes in our business.

• Scope:

This policy applies to all employees, officers, directors, contractors, and agents of Company. The scope encompasses all aspects of the Company’s business operations, including payment processing, electronic funds transfers, remittance services, cryptocurrency transactions, and any other services related to financial activities.

• Commitment:

Company is committed to implementing a strong culture of compliance throughout the organization. The Company recognizes the importance of combating financial crimes and ensuring that transactions comply with applicable laws, promoting trust and integrity within the financial ecosystem.

2. Legal and Regulatory Framework

• Overview of Key Regulations:

The primary legislation governing AML and KYC obligations in BVI is the AML Code of Practice, which outlines the requirements for risk assessment, customer due diligence (CDD), monitoring, reporting suspicious activities, and record-keeping.

Additional regulatory frameworks include the Proceeds of Crime Act (POCA), which criminalizes money laundering and provides law enforcement with the authority to investigate, prosecute, and seize assets related to crime.

International Regulations. Among the major intergovernmental legislative bodies, and international and regional regulatory organisations, with which the government and the competent authorities of the state actively collaborate within the sphere of the international AML/CFT framework are:

• The United Nations (UN).

  • The Financial Action Task Force (FATF). The Financial Action Task Force (FATF) is an intergovernmental body established in 1989, which sets international standards and promotes effective implementation of legal, regulatory and operational measures for combating money laundering, terrorist financing and other related threats to the integrity of the international financial system. FATF also monitors the implementation of its standards, the 40 ‘FATF Recommendations’, by its members and ensures that the ‘FATF Methodology’ for assessing compliance with the FATF Recommendations is properly applied by all FSRBs.

• Definitions of Key Terms:

  • Anti-Money Laundering (AML): Refers to laws, regulations, and procedures designed to prevent criminals from disguising illegally obtained funds as legitimate.

  • Know Your Customer (KYC): Refers to the process of a business verifying the identity of its clients to prevent fraud and ensure compliance with legal obligations.

  • Beneficial Ownership: Individuals who actually own or control a customer account, including individuals who exercise significant control over a corporation.

  • Politically Exposed Persons (PEPs): Individuals who are prominent public figures (e.g., heads of state, government officials, etc.) and are considered to be at a higher risk for corruption.

  • Suspicious Transaction: A transaction that raises suspicions regarding its legality or the source of the funds involved.

  • Enhanced Due Diligence (EDD): A process in which additional measures are taken to verify the identities and monitor the activities of higher-risk customers.

    3. Giving AML Information to federal law enforcement agencies and other financial institutions

The company will respond to a request concerning accounts and transactions by immediately searching our records to determine whether Company maintain or have maintained any account for, or have engaged in any transaction with, each individual, entity or organization named in the request.

If Company searches our records and does not find a matching account or transaction, then we will not reply to the request. We will maintain documentation that we have performed

We will not disclose the fact that law enforcement agencies or other financial institutions has requested or obtained information from us,.

Company will direct any questions we have about the request to the requesting federal law enforcement agency as designated in the request.

4. Statutory obligations of Company

Company has to fulfil the minimum statutory obligations set out by the BVI Financial Services Commission:

• To identify, assess, understand risks;

  • To define the scope of and take necessary due diligence measures;

  • To appoint a compliance officer in accordance with the requirements of the relevant authority;

  • To put in place adequate management and information systems, internal controls, policies, procedures to mitigate risks and monitor implementation:

  • To put in place indicators to identify suspicious transactions;

  • To report suspicious activity and cooperate with Competent Authorities

  • To promptly apply directives of competent authorities;

  • To maintain adequate records.

    5. Risk Assessment

Risk-Based Approach (RBA):

The Company employs a risk-based approach (RBA) that involves conducting periodic risk assessments (at least annually, or more frequently when significant changes occur) to identify potential money laundering and terrorist financing (ML/TF) risks. These assessments utilize a standardized methodology, ensuring consistency and traceability. Results of these assessments are reviewed and approved by the compliance officer and documented .

The Company employs a risk-based approach that emphasizes understanding and prioritizing customers based on their risk profiles. This approach involves:

• Conducting periodic risk assessments to identify potential risks related to ML and TF.

  • Tailoring KYC procedures to the assessed risk of each customer.

Risk Factors:

The following risk factors will be assessed to determine the level of risk associated with each customer:

• Customer Risks: Age, occupation, geographic location, nature of business, and previous transaction history.

  • Customer associated risks, whose factors arise from the person participating in a transaction. These factors may include:

  • whether the Customer is a PEP, family member of a PEP, or known close associate of a PEP;

  • The residency of the Customer, including whether the Customer is registered in a low tax rate jurisdiction;

  • whether the Customer is included in international sanctions lists;

  • circumstances (including those identified in the course of a prior business relationship) resulting from the experience of communicating with the Customer, representatives and any other such persons;

  • whether the origin of the Customer’s assets or the source and origin of the funds used for a transaction can be easily identified;

  • The type and characteristics of the Customer 's business;

  • The possibility of classifying the Customer as a "typical Customer "; and

  • problems during the Customer’s identification procedures.

  • Product/Service Risks: The complexity of the product, anonymity of the services offered, and whether cash transactions are involved.

  • Geographic Risks: whose factors arise from differences in the legal environment of various countries, these factors may include situation when the Customer is located in such jurisdiction:

  • countries identified by credible sources, such as mutual evaluations, detailed assessment reports or published follow-up reports, as not having effective systems to counter money laundering or terrorist financing;

  • countries identified by credible sources as having significant levels of corruption or other criminal activity, such as terrorism, money laundering, and the production and supply of illicit drugs;

  • countries subject to sanctions, embargos or similar measures issued by, for example, the European Union or the United Nations;

  • countries providing funding or support for terrorism;

  • countries that have organisations operating within their territory which have been designated by the BVI, international organisations as terrorist organisations.

  • Transaction Risks: Patterns of transactions that may indicate high volatility, unusual frequency, or large amounts inconsistent with the customer’s profile.

Risk Assessment Process:

The risk assessment process will involve:

• Initial Risk Assessment: Conducting a risk assessment when onboarding new customers to categorize them as low, medium, or high risk.

  • Periodic Re-assessments: Regularly updating customer risk profiles based on new information, changes in transaction behavior, or regulatory updates.

  • Documentation: Maintaining a documented record of risk assessments to demonstrate compliance and inform future audits.

    6. Customer Due Diligence (CDD)

Customer Identification and Verification:

Customer Identification: Acceptable identification documents include utility bills (not older than three months), bank statements (not older than three months), and other verifiable documents. If a Customer is unable to provide standard identification documents, the Company will use alternative methods of verification such as notarized documents or third-party verification services. The compliance officer must approve any use of alternative identification methods.

Customers Who Refuse to Provide Information: If a potential or existing customer either refuses to provide the information described above when requested, or appears to have intentionally provided misleading information, We will not open a new account and, after considering the risks involved, consider closing any existing account. In either case, our AML Compliance Person will be notified so that we can determine whether we should report the situation.

Lack of Verification: When We cannot form a reasonable belief that we know the true identity of a customer, we will do the following: (1) not open an account; (2) impose terms under which a customer may conduct transactions while we attempt to verify the customer’s identity; (3) close an account after attempts to verify a customer’s identity fail; and (4) determine whether it is necessary to file authorities in accordance with applicable laws and regulations.

Verification Process: Electronic verification systems will be used whenever feasible to confirm the validity of identification documents. In cases where discrepancies are detected, manual verification is performed, and the compliance officer is notified.

Beneficial Ownership Identification: The Company must identify and verify beneficial owners for corporate clients. The procedures include:

• Collecting information about the ownership structure of the customer and identifying individuals who own or control 25% or more of the shares or voting rights.

  • Utilizing corporate registries, financial statements, and similar documents to confirm beneficial ownership.

  • Keeping records of beneficial ownership information updated in line with the Company’s deadlines for document review.

Ongoing Monitoring:

A comprehensive monitoring program will be implemented to continuously assess customer activity, which includes:

• Transaction Monitoring: Regularly monitoring transactions to identify patterns or anomalies that may raise suspicion.

  • Risk-Based Approach: Applying enhanced monitoring for high-risk customers, including thorough checks on large transactions or transactions that deviate from the norm established during the CDD process.

  • Review and Reporting: Documenting any indicators of suspicious activity and reporting these promptly to the designated compliance officer within the organization.

    7. Enhanced Due Diligence (EDD)

High-Risk Customers:

For customers assessed as high-risk, the Company shall take additional measures to mitigate potential risks:

• Conduct interviews or meetings with customers to understand the source of their funds and their business operations better.

  • Request additional documentation and explanations for transactions that fall outside the expected patterns, including source of wealth documentation.

Specific Procedures:

Enhanced procedures will be established for high-risk categories, including politically exposed persons (PEPs) and non-resident clients:

• For PEPs, categorization must include assessing the individual's level of risk and their close associates and family members, leading to more stringent requirements for approval of business relationships.

  • For non-residents, additional documentation may be required to verify their business purposes and the source of funds used for transactions with the Company.

    8. Reporting Obligations

Suspicious Transaction Reports (STR):

The Company has a legal obligation to report any transactions it deems suspicious to authorirties. The procedures for reporting are as follows:

• Identification of red flags, including unusual transaction activity, requests for anonymity, or transactions inconsistent with the customer’s profile.

  • Documentation of the reasoning behind the suspicion, including relevant transaction details, communications, and supporting evidence compiled.

  • Submitting STRs promptly to authorities electronically and retaining a copy for the Company’s records.

Large Cash Transaction Reports (LCTR):

Any cash transactions exceeding USD $10,000 must be reported within the prescribed timelines. The process includes:

• Collecting detailed records of the transaction, including the date, amount, method of payment, and purpose, and ensuring compliance when gathering information about cash customers.

  • Ensuring that the management team is kept informed of large cash transactions for proper record-keeping and oversight.

    9. Training and Awareness

Employee Training:

In order for its AML risk assessment and mitigation measures to be effective, Company should ensure that its employees have a clear understanding of the risks involved and can exercise sound judgment,both when adhering to the company’s AML risk mitigation measures and when identifying suspicious transactions. Furthermore, due to the ever-evolving nature of AML risk, Company should ensure that its employees are kept up to date on an ongoing basis in relation to emerging AML typologies and new internal and external risks. Thus, to ensure a high level of competence and AML programme effectiveness, Company should formulate and implement appropriate policies, procedures and controls with regard to staff screening and training. Training measures include, but are not limited to:

• Understanding the Company’s AML/KYC policy and procedures.

  • Recognizing the types of transactions that may indicate money laundering or terrorist financing.

  • Understanding compliance obligations and internal reporting processes.

Our training will include, at a minimum:

(1) how to identify red flags and signs of money laundering that arise during the course of the employees’ duties;

(2) what to do once the risk is identified (including how, when and to whom to escalate unusual customer activity or other red flags for analysis);

(3) the disciplinary consequences (including civil and criminal penalties) for non-compliance with the AML.

Ongoing Awareness:

The Company will host periodic training sessions, workshops, and information updates on the latest trends, findings, and regulatory changes in the AML/KYC landscape. This will also include:

• Distributing newsletters or bulletins to share insights from industry developments, including case studies of recent prosecutions, emerging scams, and preventive measures.

  10. Record Keeping

Documentation Retention:

The Company will retain all client identification records, transaction records, due diligence documentation, and reports made to authorities for a minimum of five years from the completion of the transaction or the last customer account activity. The details to be maintained include:

• Identification documentation of customers.

  • Records of transactions (including amounts, dates, currency involved, and parties).

  • Documentation of activities related to the risk assessment process and customer due diligence.

Compliance with Retention Requirements:

The Company will ensure that records are stored securely, both physically and electronically, to protect customer privacy and sensitive data, ensuring compliance with privacy laws and regulations.

11. Compliance Review and Monitoring

Internal Audit:

The Company will conduct independent internal audits to evaluate the effectiveness of the AML/KYC program. The internal audit process includes:

• Regular assessments of compliance with AML/KYC policies.

  • Identifying areas for improvement and ensuring corrective actions are implemented.

  • Generating a report of findings to be presented to the management team, along with recommendations for enhancements.

Continuous Improvement:

The Company will engage in ongoing reviews of its policies and procedures to ensure alignment with:

• Changes in AML legislation and regulations.

  • Emerging risks and trends in financial crime.

  • Feedback from internal audits and employee reports.

    12. Confidentiality and Data Protection

Data Security Measures:

The Company recognizes the importance of protecting customer information and has implemented stringent data protection protocols. These include:

• Encryption of sensitive customer data during transmission and storage.

  • Restricted access to customer records to authorized personnel only.

Confidentiality Obligations:

All employees, contractors, and agents must maintain confidentiality regarding customer information and shall not disclose such information without appropriate authority or legal obligation. Breaches of confidentiality will be subject to disciplinary actions.

13. Non-Compliance Consequences

Disciplinary Actions:

Any employee found in violation of this policy, whether through negligence or willful misconduct, will be subject to disciplinary action, which may include termination of employment. Disciplinary steps will vary based on the severity of the violation.

Reporting Violations:

Employees are encouraged to report any suspected violations of this policy to their direct supervisor or designated compliance officer. The Company assures employees that reports will be handled confidentially and without fear of retaliation.

14. International Sanctions

The Company applies applicable international sanctions and pays special attention to all its Customers, their activities, and facts that indicate the possibility that a Customer is the subject of international sanctions.

15. Conclusion

Commitment to Compliance:

Company reiterates its commitment to compliance with all AML/KYC regulations and guidelines. By actively combatting money laundering and terrorist financing, the Company seeks to uphold the integrity of the financial system and promote trust amongst customers and stakeholders.

Implementation and Accountability:

All employees will receive a copy of this policy and will be required to sign an acknowledgment of its receipt and understanding. Each employee is accountable for adhering to the policies and procedures set forth herein. The Company’s management will continuously monitor compliance and foster an ethical environment that supports adherence to these principles.

16. Policy Amendment

The Company has the right to amend this AML/KYC Policy. If the current version is amended, the date of the last update of the new Policy will take effect from its publication within the website unless otherwise provided for in the new AML/KYC Policy.

17. Contact Us

If anything is left unclear in the text of this AML/KYC Policy, we will be happy to clarify its provisions. Please get in touch with us via the Platform for any further questions about this KYC/AML Policy or by info@changebox.io .