Compliance

AML Policy

Our commitment to preventing money laundering, terrorist financing, and financial crime through robust compliance procedures and industry-leading verification standards.

Last updated: February 2026Effective immediately

1. Purpose & Scope

This Anti-Money Laundering (AML) and Know Your Customer (KYC) Policy outlines KryptoMate's commitment to preventing the use of our Platform for money laundering, terrorist financing, proliferation financing, and other financial crimes. This policy applies to all users, employees, contractors, agents, and wholesale partners of KryptoMate across all services, including gift cards, games, eSIMs, mobile top-ups, flight bookings, hotel stays, airport lounge access, KryptoCard, and wholesale/API operations.

KryptoMate complies with all applicable AML laws and regulations, including but not limited to FATF Recommendations, EU Anti-Money Laundering Directives (AMLD5/AMLD6), the U.S. Bank Secrecy Act (BSA), the UK Proceeds of Crime Act, and other relevant national and international regulations. We continuously update our compliance framework to reflect evolving regulatory requirements and emerging financial crime typologies.

2. Definitions

  • Money Laundering (ML) — The process of concealing the origins of illegally obtained money, typically through a complex sequence of transfers, transactions, or commercial activities to make it appear legitimate.
  • Terrorist Financing (TF) — The provision, collection, or management of funds or assets with the intention or knowledge that they will be used to carry out terrorist acts.
  • Proliferation Financing (PF) — The provision of funds, financial services, or economic resources for the manufacture, acquisition, or development of weapons of mass destruction.
  • Customer Due Diligence (CDD) — The process of verifying customer identity, understanding the nature of the customer's activities, and assessing associated money laundering and terrorist financing risks.
  • Enhanced Due Diligence (EDD) — Additional and more rigorous verification measures applied to higher-risk customers, transactions, products, or jurisdictions.
  • Simplified Due Diligence (SDD) — Reduced verification measures applied to lower-risk customers and transactions where permitted by applicable regulations.
  • Politically Exposed Person (PEP) — An individual who holds or has held a prominent public function, including heads of state, senior politicians, senior government officials, judicial or military officials, senior executives of state-owned enterprises, and their family members and close associates.
  • Suspicious Activity Report (SAR) — A report filed with the relevant Financial Intelligence Unit (FIU) when a transaction or activity is suspected of involving proceeds of crime, terrorist financing, or other financial crime.
  • Ultimate Beneficial Owner (UBO) — The natural person who ultimately owns or controls a legal entity or arrangement, or on whose behalf a transaction is conducted.

3. Risk-Based Approach

KryptoMate adopts a comprehensive risk-based approach to AML/KYC compliance, allocating resources proportionate to the identified risks. Our risk assessment framework evaluates the following dimensions:

  • Customer Risk — Profile characteristics, geographic location, occupation, source of funds, source of wealth, transaction patterns, and behavioral indicators.
  • Product/Service Risk — Inherent risk levels of different product categories. High-value gift cards, KryptoCard transactions, and wholesale bulk orders carry higher inherent risk than low-value mobile top-ups.
  • Geographic Risk — Heightened scrutiny for FATF-identified high-risk and non-cooperative jurisdictions, countries subject to comprehensive sanctions, and regions with known elevated financial crime risk.
  • Transaction Risk — Size, frequency, velocity, and nature of transactions, including unusually large transactions, rapid fund movement, structuring patterns, and transactions inconsistent with the customer's known profile.
  • Channel Risk — Risk associated with the delivery channel, including web platform, mobile app, Telegram bot, and API/wholesale access.

Risk assessments are reviewed and updated at least annually, or more frequently when triggered by regulatory changes, emerging threats, or significant business changes.

4. KYC Procedures

4.1 Customer Identification & Verification

All users must complete identity verification before accessing the full range of KryptoMate services. Our tiered KYC process is designed to balance security with user experience:

  • Tier 1 — Basic Verification — Full legal name, date of birth, country of residence, email verification, and phone verification. Enables limited transaction volumes and access to basic products.
  • Tier 2 — Standard Verification — Government-issued photo ID (passport, national ID card, or driver's license), proof of address document (utility bill, bank statement, or government correspondence dated within 3 months), and biometric selfie verification with liveness detection. Enables standard transaction volumes across all products.
  • Tier 3 — Enhanced Verification — Source of funds declaration with supporting documentation, proof of income (employment letter, tax returns, or bank statements), video verification interview, and enhanced background screening. Required for high-value transactions, wholesale accounts, and KryptoCard premium tiers.

4.2 Verification Process

Identity verification is conducted through a combination of automated AI-powered systems and manual review by trained compliance personnel, utilizing trusted third-party verification providers. Automated checks include document authenticity verification, facial recognition matching, liveness detection, and database cross-referencing. Standard verification is typically completed within minutes for automated approvals, or within 24 to 48 hours when manual review is required.

4.3 Business & Wholesale Verification

Wholesale and business accounts are subject to additional verification requirements, including company registration documents, certificate of incorporation, articles of association, identification of all Ultimate Beneficial Owners (UBOs) holding 25% or more ownership, director identification, and proof of business address. Enhanced due diligence is applied to all wholesale relationships.

4.4 Ongoing Monitoring & Periodic Review

KYC is not a one-time event. We conduct ongoing monitoring to ensure customer activity remains consistent with their known risk profile. Customer records and risk assessments are reviewed periodically: annually for standard-risk customers, semi-annually for medium-risk customers, and quarterly for high-risk customers. Updated documentation may be requested at any time based on changes in risk profile or regulatory requirements.

5. Enhanced Due Diligence

Enhanced Due Diligence (EDD) measures are applied in the following circumstances:

  • Politically Exposed Persons (PEPs), their family members, and known close associates.
  • Customers resident in or conducting transactions involving high-risk or sanctioned jurisdictions.
  • Unusually large, complex, or economically purposeless transactions.
  • Customers whose source of funds or source of wealth cannot be readily determined or verified.
  • Wholesale and business accounts with complex ownership structures.
  • Transactions involving privacy coins, mixing services, or high-risk blockchain addresses.
  • Customers flagged by internal monitoring systems or external intelligence.

EDD measures may include, but are not limited to: additional identification documents, enhanced background and adverse media checks, detailed source of funds and source of wealth declarations with supporting evidence, reduced transaction limits, increased monitoring frequency, senior management approval for the business relationship, and periodic relationship reviews.

6. Transaction Monitoring

We employ a multi-layered transaction monitoring framework combining automated systems with expert human analysis:

  • Real-Time Monitoring — Automated rule-based and machine learning systems that flag transactions meeting predefined risk criteria, including velocity checks, amount thresholds, geographic anomalies, and behavioral deviations.
  • Blockchain Analytics — Advanced blockchain analytics tools that trace the origin and destination of cryptocurrency funds, identify connections to known illicit addresses (darknet markets, ransomware, scams, sanctioned entities), and assess transaction risk scores.
  • Pattern Analysis — Detection of structuring (smurfing), rapid fund movement, round-tripping, layering through multiple products, and other suspicious behavioral patterns.
  • Cross-Product Monitoring — Correlation of activity across all KryptoMate services to identify users exploiting multiple product types for laundering purposes (e.g., purchasing high-value gift cards, booking refundable flights, or using KryptoCard for cash-equivalent transactions).
  • Manual Review — All flagged transactions and alerts are reviewed by trained compliance analysts who assess context, request additional information where necessary, and make disposition decisions.

7. Sanctions Screening

All customers, beneficial owners, and transactions are screened against applicable sanctions lists, including:

  • United Nations Security Council Consolidated List.
  • U.S. Office of Foreign Assets Control (OFAC) Specially Designated Nationals (SDN) List and other OFAC lists.
  • European Union Consolidated Financial Sanctions List.
  • UK HM Treasury Financial Sanctions List.
  • Other applicable national, regional, and international sanctions lists.

Screening is performed at account creation, at the time of each transaction, periodically during the business relationship, and whenever sanctions lists are updated. Confirmed matches result in immediate account freezing, transaction blocking, and mandatory reporting to the relevant authorities. Potential matches are escalated for manual review and resolution.

8. Suspicious Activity Reporting

When suspicious activity is identified, the following procedure is followed:

  1. The transaction, account, or activity is flagged and immediately escalated to the Compliance team.
  2. A thorough investigation is conducted, including review of the customer's profile, transaction history, verification documents, and any available external intelligence.
  3. If the investigation confirms reasonable grounds for suspicion, a Suspicious Activity Report (SAR) is filed with the appropriate Financial Intelligence Unit (FIU) within the legally required timeframe.
  4. The customer is not informed of the filing or the investigation. Tipping off is a criminal offense under most AML legislation.
  5. All relevant records, evidence, and investigation notes are preserved and made available to authorities upon lawful request.
  6. The account may be suspended, restricted, or terminated based on the severity of the findings and regulatory guidance.

9. Politically Exposed Persons

KryptoMate applies enhanced scrutiny to all relationships involving PEPs, including:

  • Senior management approval before establishing or continuing the business relationship.
  • Establishing and verifying the source of wealth and source of funds through documentary evidence.
  • Enhanced ongoing monitoring of all transactions and account activity.
  • Regular review (at least quarterly) of PEP status, associated risk level, and relationship justification.
  • Screening of family members and known close associates of identified PEPs.

10. Record Keeping

We maintain comprehensive records of all customer identification and verification documents, transaction records, risk assessments, monitoring alerts, investigation files, SAR filings, and compliance decisions. Records are retained for a minimum of five (5) years after the end of the business relationship or the date of the transaction, whichever is later, or longer where required by applicable law. Records are stored securely with appropriate access controls and are available for inspection by regulatory authorities upon lawful request.

11. Employee Training & Awareness

All KryptoMate employees, contractors, and relevant third parties receive comprehensive AML/KYC training, including:

  • Recognition of money laundering, terrorist financing, and financial crime indicators and red flags.
  • KYC verification procedures, documentation requirements, and escalation protocols.
  • Internal and external reporting obligations, including SAR filing procedures.
  • Sanctions compliance, screening procedures, and embargo requirements.
  • Cryptocurrency-specific risks, including blockchain analytics, privacy coins, and DeFi-related typologies.
  • Regulatory changes, enforcement actions, and emerging financial crime trends.

Training is provided upon onboarding and refreshed at least annually, with additional targeted training when significant regulatory changes occur or new products/services are launched.

12. Compliance Officer

KryptoMate's designated Money Laundering Reporting Officer (MLRO) / AML Compliance Officer is responsible for:

  • Overseeing the design, implementation, and effectiveness of this AML/KYC policy and all related procedures.
  • Ensuring compliance with all applicable AML/CFT laws, regulations, and regulatory guidance.
  • Reviewing, approving, and filing Suspicious Activity Reports with relevant authorities.
  • Liaising with regulatory authorities, Financial Intelligence Units, and law enforcement agencies.
  • Conducting and overseeing the enterprise-wide risk assessment.
  • Reporting to senior management and the board on compliance matters, risks, and program effectiveness.
  • Conducting periodic independent reviews and updates of this policy and related procedures.

13. Cooperation with Authorities

KryptoMate fully cooperates with law enforcement agencies, regulatory authorities, Financial Intelligence Units, and other competent bodies. We respond promptly and comprehensively to lawful requests for information, production orders, freezing orders, and other legal processes. We do not require a court order to voluntarily report suspicious activity to the relevant FIU.

14. Non-Compliance Consequences

Users who fail to comply with KYC requirements, provide false or misleading information, or are found to be involved in prohibited activities may face one or more of the following consequences:

  • Immediate account suspension or restriction.
  • Transaction reversal or freezing of funds (where legally required or permitted).
  • Permanent account termination and ban from the Platform.
  • Reporting to relevant law enforcement and regulatory authorities.
  • Pursuit of civil or criminal legal remedies as appropriate.

15. Independent Audit

Our AML/KYC compliance program is subject to periodic independent audit by qualified external auditors. Audit findings and recommendations are reported to senior management and acted upon in a timely manner to ensure continuous improvement of our compliance framework.

16. Contact Information

For questions regarding our AML/KYC Policy, to report suspicious activity, or for compliance-related inquiries:

KryptoMate — All rights reserved