Global Anti-Money Laundering Policy

1. Introduction and Global Regulatory Framework

NomercyX ("Company") operates as a global cryptocurrency exchange platform committed to the highest standards of Anti-Money Laundering (AML) and Counter-Financing of Terrorism (CFT) compliance. This comprehensive policy establishes our framework for preventing, detecting, and reporting money laundering, terrorist financing, and other financial crimes across all jurisdictions where we operate.

1.1 International Regulatory Standards

• Financial Action Task Force (FATF) Recommendations: 40 Recommendations and interpretive notes (Updated February 2025)
• Bank Secrecy Act (BSA): US federal law requiring financial institutions to assist government agencies
• FinCEN Regulations: Financial Crimes Enforcement Network rules and guidance (Updated September 2024)
• EU AML Package 2024: 6th Anti-Money Laundering Directive and new AMLA framework
• Basel Committee Guidelines: International banking supervision standards
• Wolfsberg Principles: Global banking AML standards
• FATF Travel Rule: Virtual Asset Service Provider (VASP) requirements
• UN Security Council Resolutions: Counter-terrorism financing measures

1.2 Jurisdictional Compliance Framework

1.3 Virtual Asset Specific Regulations

• FATF Virtual Asset Guidelines: Updated recommendations for VASPs (July 2024)
• Travel Rule Implementation: Threshold of USD/EUR 1,000 for information sharing
• Unhosted Wallet Regulations: Enhanced due diligence for self-hosted wallets
• DeFi Protocol Oversight: Emerging regulatory frameworks for decentralized finance
• Stablecoin Regulations: Specific AML requirements for stablecoin issuers and exchanges

2. Global Customer Due Diligence (CDD) Framework

2.1 Risk-Based Customer Identification Program

Our Customer Identification Program (CIP) implements a risk-based approach aligned with international best practices and local regulatory requirements across all operating jurisdictions.

Standard Customer Due Diligence (CDD)

2.2 Enhanced Due Diligence (EDD) Requirements

EDD Documentation Requirements

• Source of Wealth Documentation: Bank statements, investment portfolios, business ownership records
• Source of Funds Verification: Transaction history, employment records, business income proof
• Purpose of Relationship: Detailed explanation of intended platform usage
• Enhanced Background Checks: Adverse media screening, sanctions list verification
• Senior Management Approval: Required for all EDD customer onboarding
• Ongoing Monitoring: Increased frequency of reviews and transaction monitoring

2.3 Simplified Due Diligence (SDD)

Simplified Due Diligence may be applied to low-risk customers and transactions, subject to regulatory approval and ongoing risk assessment:

• Regulated Financial Institutions: Banks, investment firms with equivalent AML standards
• Government Entities: Public sector organizations and agencies
• Listed Companies: Publicly traded companies with disclosure requirements
• Low-Value Transactions: Transactions below $1,000 USD equivalent (subject to aggregation rules)

3. Global Transaction Monitoring and Reporting

3.1 International Reporting Thresholds

3.2 FATF Travel Rule Implementation

3.3 Advanced Transaction Monitoring System

Our AI-powered transaction monitoring system employs machine learning algorithms and behavioral analytics to detect suspicious patterns:

Monitoring Scenarios

Blockchain Analytics Integration

• Address Risk Scoring: Real-time assessment of wallet addresses and transaction history
• Cluster Analysis: Identification of related addresses and entities
• Mixing Service Detection: Identification of privacy-enhancing services and tumblers
• Exchange Attribution: Tracking funds to/from other exchanges and services
• Sanctions Screening: Real-time screening against OFAC and other sanctions lists
• Dark Web Monitoring: Detection of addresses associated with illicit marketplaces

4. Global Sanctions and Prohibited Activities

4.1 International Sanctions Compliance

4.2 Prohibited Jurisdictions and Activities

4.3 High-Risk Jurisdiction Management

We maintain enhanced controls for customers and transactions involving high-risk jurisdictions as identified by FATF and other international bodies:

• Enhanced Due Diligence: Additional documentation and verification requirements
• Transaction Limits: Reduced transaction limits and enhanced monitoring
• Senior Approval: Management approval required for all transactions
• Ongoing Monitoring: Increased frequency of account reviews and updates
• Exit Strategy: Procedures for ceasing business relationships when required

5. Governance and Organizational Structure

5.1 AML/CFT Governance Framework

5.2 Key Personnel and Responsibilities

5.3 Board and Senior Management Oversight

• Board Approval: Annual approval of AML/CFT policy and program
• Quarterly Reporting: Regular updates on compliance metrics and issues
• Resource Allocation: Adequate staffing and technology resources
• Risk Appetite: Definition of acceptable risk levels and tolerances
• Culture and Tone: Promoting a strong compliance culture throughout the organization

6. Training and Awareness Program

6.1 Comprehensive Training Framework

6.2 Training Topics and Content

• Money Laundering Typologies: Traditional and cryptocurrency-specific schemes
• Terrorist Financing: Methods, indicators, and reporting requirements
• Sanctions Compliance: Screening procedures and violation consequences
• Customer Due Diligence: Risk assessment and documentation requirements
• Transaction Monitoring: Alert investigation and case management
• Regulatory Reporting: SAR/STR preparation and filing procedures
• Record Keeping: Documentation and retention requirements
• Privacy and Confidentiality: Information handling and protection

7. Technology and Systems

7.1 AML Technology Stack

7.2 Blockchain Analytics and Intelligence

• Address Risk Assessment: Real-time evaluation of cryptocurrency addresses
• Transaction Graph Analysis: Mapping of fund flows and relationships
• Clustering Algorithms: Identification of related addresses and entities
• Exchange Attribution: Tracking funds to/from other platforms
• Mixing Service Detection: Identification of privacy-enhancing services
• Compliance Reporting: Automated generation of regulatory reports

7.3 Data Management and Privacy

• Data Encryption: End-to-end encryption of sensitive customer data
• Access Controls: Role-based access and audit trails
• Data Retention: Automated retention and disposal procedures
• Backup and Recovery: Secure data backup and disaster recovery
• Privacy Compliance: GDPR, CCPA, and other privacy regulation compliance

8. Record Keeping and Reporting

8.1 Global Record Retention Requirements

8.2 Required Documentation

• Customer Identification: All CDD/EDD documentation and verification records
• Transaction Records: Complete transaction history and supporting documentation
• Monitoring Records: Alert generation, investigation notes, and disposition decisions
• Reporting Records: Copies of all regulatory reports (SARs, CTRs, etc.)
• Training Records: Employee training completion and certification records
• Audit Records: Internal and external audit reports and remediation actions

8.3 Regulatory Reporting Framework

9. Independent Testing and Audit

9.1 Annual Independent Testing

We conduct comprehensive annual independent testing of our AML/CFT program by qualified third-party auditors:

• Program Assessment: Evaluation of policy adequacy and implementation effectiveness
• Transaction Testing: Sample-based testing of monitoring and reporting procedures
• Customer File Review: Assessment of CDD/EDD documentation and risk ratings
• Training Evaluation: Review of training program effectiveness and completion rates
• Technology Testing: Assessment of system controls and data integrity
• Regulatory Compliance: Verification of compliance with applicable laws and regulations

9.2 Continuous Monitoring and Quality Assurance

• Monthly Metrics Review: Analysis of key performance indicators and trends
• Quarterly Risk Assessment: Updated assessment of AML/CFT risks and controls
• Semi-Annual Policy Review: Review and update of policies and procedures
• Ongoing Staff Assessment: Regular evaluation of staff performance and training needs

10. Enforcement and Remediation

10.1 Violation Response Framework

10.2 Remediation Procedures

• Root Cause Analysis: Identification of underlying causes of compliance failures
• Corrective Action Plans: Development of specific remediation measures and timelines
• Process Improvements: Enhancement of policies, procedures, and controls
• Staff Retraining: Additional training for affected personnel
• System Enhancements: Technology upgrades and configuration changes
• Ongoing Monitoring: Enhanced oversight until full remediation is achieved

11. Contact Information and Reporting