Global Know Your Customer Policy

Last Updated: October 25, 2025

Effective Date: October 25, 2025

Applicable Jurisdiction: Global Operations

Policy Version: 3.0 (Updated for 2024-2025 Global Standards)

1. Introduction and Global Framework

NomercyX ("Company") implements a comprehensive global Know Your Customer (KYC) policy to ensure compliance with international standards for customer identification, verification, and ongoing due diligence. This policy establishes our framework for preventing identity fraud, money laundering, terrorist financing, and other financial crimes across all jurisdictions where we operate.

1.1 International KYC Standards

  • FATF Recommendations: Customer Due Diligence and record-keeping requirements
  • Basel Committee Principles: Customer due diligence for banks and financial institutions
  • Wolfsberg Group Standards: Global KYC standards for correspondent banking
  • OECD Guidelines: Common Reporting Standard (CRS) and tax transparency
  • EU AML Directives: Customer due diligence and beneficial ownership requirements
  • US BSA/AML Requirements: Customer Identification Program (CIP) and beneficial ownership
  • UK Money Laundering Regulations: Customer due diligence and enhanced due diligence
  • AUSTRAC Guidelines: Customer identification and verification procedures

1.2 Regulatory Compliance Framework

🌍 Multi-Jurisdictional KYC Compliance

Americas:
  • β€’ USA: BSA, USA PATRIOT Act, FinCEN CDD Rule
  • β€’ Canada: PCMLTFA, FINTRAC guidance
  • β€’ Brazil: COAF regulations, Central Bank rules
  • β€’ Mexico: CNBV KYC requirements
Europe & Asia-Pacific:
  • β€’ EU: 6AMLD, AMLA framework
  • β€’ UK: MLR 2017, FCA guidance
  • β€’ Singapore: MAS AML/CFT requirements
  • β€’ Australia: AML/CTF Act, AUSTRAC rules

1.3 Virtual Asset Specific Requirements

  • FATF Virtual Asset Guidelines: Enhanced CDD for virtual asset service providers
  • Travel Rule Compliance: Customer information sharing for transfers β‰₯ $1,000
  • Unhosted Wallet Verification: Enhanced verification for self-hosted wallet transactions
  • DeFi Protocol KYC: Emerging requirements for decentralized finance interactions
  • Cross-Chain Transactions: Multi-blockchain identity verification and tracking

2. Customer Risk Classification Framework

2.1 Risk-Based Approach

We implement a comprehensive risk-based approach to customer classification, considering multiple risk factors to determine appropriate due diligence levels:

🟒 Low Risk

  • β€’ Regulated financial institutions
  • β€’ Government entities
  • β€’ Listed public companies
  • β€’ Low-risk jurisdictions
  • β€’ Small transaction volumes
  • β€’ Established customer history

🟑 Medium Risk

  • β€’ Non-regulated businesses
  • β€’ High-value individuals
  • β€’ Cross-border transactions
  • β€’ Cash-intensive businesses
  • β€’ Complex ownership structures
  • β€’ Moderate transaction volumes

πŸ”΄ High Risk

  • β€’ Politically Exposed Persons (PEPs)
  • β€’ High-risk jurisdictions
  • β€’ Shell companies
  • β€’ Large transaction volumes
  • β€’ Privacy coin usage
  • β€’ Adverse media exposure

2.2 Geographic Risk Assessment

πŸ—ΊοΈ Jurisdictional Risk Factors

High-Risk Indicators:
  • β€’ FATF blacklisted countries
  • β€’ Sanctions-affected jurisdictions
  • β€’ Weak AML/CFT frameworks
  • β€’ High corruption levels
  • β€’ Limited regulatory oversight
  • β€’ Terrorist financing concerns
Enhanced Monitoring:
  • β€’ Increased transaction monitoring
  • β€’ More frequent reviews
  • β€’ Additional documentation
  • β€’ Senior management approval
  • β€’ Enhanced reporting
  • β€’ Ongoing risk assessment

2.3 Product and Service Risk Assessment

  • Cryptocurrency Trading: Risk varies by asset type, volume, and frequency
  • Fiat Currency Services: Higher risk for cash transactions and money transfers
  • Institutional Services: Lower risk for regulated institutional clients
  • Cross-Border Transfers: Enhanced risk for international transactions
  • Privacy Coins: Higher risk for privacy-focused cryptocurrencies
  • DeFi Integration: Emerging risks from decentralized finance protocols

3. Customer Identification and Verification

3.1 Individual Customer Requirements

Basic Identification Information

  • Full Legal Name: As appearing on government-issued identification
  • Date of Birth: Complete date including day, month, and year
  • Place of Birth: City and country of birth
  • Nationality: Current citizenship(s) and any dual nationalities
  • Tax Residency: Country(ies) of tax residence for CRS reporting
  • Residential Address: Current physical address (not P.O. Box)
  • Contact Information: Phone number and email address

Document Verification Requirements

Identity Documents (Primary)
  • β€’ Passport (preferred for international customers)
  • β€’ National ID card with photo
  • β€’ Driver's license (government-issued)
  • β€’ Military ID (active or veteran)
  • β€’ Permanent resident card
Address Verification
  • β€’ Utility bill (electricity, gas, water)
  • β€’ Bank statement (last 3 months)
  • β€’ Government correspondence
  • β€’ Lease agreement or mortgage statement
  • β€’ Tax assessment or council tax bill

3.2 Corporate Customer Requirements

Corporate Documentation

🏒 Required Corporate Documents
Formation Documents:
  • β€’ Certificate of incorporation/registration
  • β€’ Articles of association/bylaws
  • β€’ Memorandum of association
  • β€’ Operating agreement (LLCs)
  • β€’ Partnership agreement
Operational Documents:
  • β€’ Business license/permits
  • β€’ Tax registration certificate
  • β€’ VAT/GST registration
  • β€’ Regulatory licenses (if applicable)
  • β€’ Audited financial statements

Beneficial Ownership Identification

  • Ownership Threshold: Individuals owning β‰₯25% of shares or voting rights
  • Control Persons: Individuals exercising ultimate control over the entity
  • Senior Managing Officials: If no individual meets ownership threshold
  • Trust Beneficiaries: For trust structures, identification of settlors, trustees, and beneficiaries
  • Complex Structures: Full ownership chain documentation for multi-layered entities

3.3 Advanced Verification Technologies

Digital Identity Verification

Document Authentication
  • β€’ OCR and data extraction
  • β€’ Security feature verification
  • β€’ Template matching
  • β€’ Forensic analysis
  • β€’ Real-time validation
Biometric Verification
  • β€’ Facial recognition
  • β€’ Liveness detection
  • β€’ Voice recognition
  • β€’ Fingerprint matching
  • β€’ Behavioral biometrics
Database Verification
  • β€’ Government databases
  • β€’ Credit bureau checks
  • β€’ Sanctions screening
  • β€’ PEP database matching
  • β€’ Adverse media screening

Video-Based Customer Identification (V-CIP)

  • Live Video Session: Real-time interaction with trained verification agents
  • Document Presentation: Physical presentation of original documents
  • Identity Confirmation: Verbal confirmation of personal details
  • Liveness Verification: Confirmation that the person is physically present
  • Session Recording: Secure recording for audit and compliance purposes
  • Multi-Language Support: Verification in customer's preferred language

4. Enhanced Due Diligence (EDD) Procedures

4.1 EDD Trigger Events

🚨 Enhanced Due Diligence Requirements

Customer-Based Triggers:
  • β€’ Politically Exposed Persons (PEPs)
  • β€’ High Net Worth Individuals (>$1M)
  • β€’ Customers from high-risk countries
  • β€’ Non-resident customers
  • β€’ Complex corporate structures
  • β€’ Adverse media mentions
Transaction-Based Triggers:
  • β€’ Large transaction volumes (>$50,000)
  • β€’ Unusual transaction patterns
  • β€’ Cross-border transfers
  • β€’ Privacy coin transactions
  • β€’ Mixing service usage
  • β€’ Suspicious activity alerts

4.2 PEP Identification and Management

PEP Categories

Domestic PEPs
  • β€’ Senior government officials
  • β€’ Senior political party officials
  • β€’ Senior judicial officials
  • β€’ Senior military officials
  • β€’ State-owned enterprise executives
Foreign PEPs
  • β€’ Heads of state/government
  • β€’ Senior government ministers
  • β€’ Supreme court judges
  • β€’ Central bank governors
  • β€’ Ambassadors and diplomats
International PEPs
  • β€’ UN senior officials
  • β€’ EU institution leaders
  • β€’ World Bank executives
  • β€’ IMF senior management
  • β€’ International court judges

PEP-Related Persons

  • Family Members: Spouse, children, parents, siblings, and their spouses
  • Close Associates: Business partners, close personal friends, advisors
  • Beneficial Owners: Entities where PEPs hold significant ownership or control
  • Former PEPs: Individuals who held PEP positions within the last 12-18 months

4.3 Source of Wealth and Funds Verification

πŸ’° Wealth and Funds Documentation

Source of Wealth:
  • β€’ Employment contracts and pay slips
  • β€’ Business ownership documentation
  • β€’ Investment portfolio statements
  • β€’ Property ownership records
  • β€’ Inheritance documentation
  • β€’ Tax returns and assessments
Source of Funds:
  • β€’ Bank statements (6-12 months)
  • β€’ Sale of assets documentation
  • β€’ Loan agreements and approvals
  • β€’ Investment redemption records
  • β€’ Business income verification
  • β€’ Gift or donation documentation

5. Ongoing Monitoring and Review

5.1 Periodic Review Schedule

πŸ“… Review Frequency by Risk Level

Low Risk:
  • β€’ Full review: Every 3 years
  • β€’ Document update: Every 5 years
  • β€’ Transaction monitoring: Standard
  • β€’ Sanctions screening: Daily
Medium Risk:
  • β€’ Full review: Every 2 years
  • β€’ Document update: Every 3 years
  • β€’ Transaction monitoring: Enhanced
  • β€’ Sanctions screening: Daily
High Risk:
  • β€’ Full review: Annually
  • β€’ Document update: Every 2 years
  • β€’ Transaction monitoring: Intensive
  • β€’ Sanctions screening: Real-time

5.2 Transaction Monitoring and Behavioral Analysis

  • Real-Time Monitoring: Continuous analysis of all transactions and activities
  • Pattern Recognition: AI-powered detection of unusual transaction patterns
  • Velocity Checks: Monitoring of transaction frequency and volume changes
  • Geographic Analysis: Tracking of cross-border and high-risk jurisdiction activities
  • Counterparty Analysis: Assessment of transaction counterparties and their risk profiles
  • Behavioral Scoring: Dynamic risk scoring based on customer behavior changes

5.3 Information Updates and Maintenance

Automatic Updates
  • Sanctions list screening (daily)
  • PEP database updates (weekly)
  • Adverse media monitoring (daily)
  • Risk score recalculation (monthly)
  • Regulatory list updates (real-time)
Customer-Initiated Updates
  • Address changes (immediate verification)
  • Contact information updates
  • Employment status changes
  • Beneficial ownership changes
  • Document renewals and replacements

6. Record Keeping and Data Management

6.1 Global Record Retention Standards

πŸ“ Retention Requirements by Document Type

Customer Records:
  • β€’ Identity documents: 5-7 years after closure
  • β€’ Address verification: 5-7 years after closure
  • β€’ Beneficial ownership: 5-7 years after closure
  • β€’ Risk assessments: 5-7 years after update
  • β€’ Due diligence files: 5-7 years after closure
Transaction Records:
  • β€’ Transaction history: 5-7 years from date
  • β€’ Monitoring alerts: 5-7 years from closure
  • β€’ Investigation files: 5-7 years from completion
  • β€’ Correspondence: 5-7 years from date
  • β€’ Audit trails: 5-7 years from creation

6.2 Data Security and Privacy

  • Encryption Standards: AES-256 encryption for data at rest and in transit
  • Access Controls: Role-based access with multi-factor authentication
  • Audit Logging: Comprehensive logging of all data access and modifications
  • Data Minimization: Collection and retention of only necessary information
  • Privacy Rights: Support for GDPR, CCPA, and other privacy regulation rights
  • Secure Disposal: Certified destruction of records at end of retention period

6.3 Cross-Border Data Transfers

  • Adequacy Decisions: Transfers to countries with adequate data protection
  • Standard Contractual Clauses: EU-approved clauses for international transfers
  • Binding Corporate Rules: Internal data transfer frameworks for multinational operations
  • Certification Schemes: Compliance with recognized international certification programs
  • Local Data Residency: Compliance with local data localization requirements

7. Training and Competency

7.1 Comprehensive Training Program

Foundation Training
  • β€’ KYC fundamentals and principles
  • β€’ Regulatory requirements overview
  • β€’ Customer risk assessment
  • β€’ Document verification techniques
  • β€’ System training and procedures
Advanced Training
  • β€’ Enhanced due diligence procedures
  • β€’ PEP identification and management
  • β€’ Complex corporate structures
  • β€’ Sanctions compliance
  • β€’ Investigation techniques
Specialized Training
  • β€’ Cryptocurrency-specific KYC
  • β€’ Blockchain analytics
  • β€’ Digital identity verification
  • β€’ Cross-border compliance
  • β€’ Emerging technologies

7.2 Competency Assessment and Certification

  • Initial Certification: Mandatory certification before handling customer onboarding
  • Annual Recertification: Yearly competency testing and knowledge updates
  • Role-Specific Assessment: Tailored testing based on job responsibilities
  • Continuous Learning: Ongoing education on regulatory changes and best practices
  • Performance Monitoring: Regular assessment of KYC decision quality and accuracy

8. Technology and Innovation

8.1 Digital KYC Infrastructure

πŸ”§ Technology Stack

Core Systems:
  • β€’ Customer onboarding platform
  • β€’ Document verification engine
  • β€’ Biometric authentication system
  • β€’ Risk assessment engine
  • β€’ Case management system
Integration Services:
  • β€’ Government database APIs
  • β€’ Credit bureau integrations
  • β€’ Sanctions screening services
  • β€’ PEP database connections
  • β€’ Blockchain analytics tools

8.2 Artificial Intelligence and Machine Learning

  • Document Analysis: AI-powered document authenticity verification and data extraction
  • Risk Scoring: Machine learning models for dynamic customer risk assessment
  • Fraud Detection: Behavioral analytics and anomaly detection algorithms
  • Identity Matching: Advanced algorithms for identity verification and deduplication
  • Predictive Analytics: Forecasting of customer risk changes and compliance issues
  • Natural Language Processing: Automated analysis of adverse media and regulatory updates

8.3 Emerging Technologies

  • Blockchain Identity: Decentralized identity verification and self-sovereign identity
  • Zero-Knowledge Proofs: Privacy-preserving identity verification techniques
  • Digital Identity Wallets: Secure storage and sharing of verified identity credentials
  • Quantum-Resistant Cryptography: Future-proof security for identity data protection
  • IoT Integration: Device-based identity verification and authentication

9. Governance and Oversight

9.1 KYC Governance Structure

πŸ›οΈ Organizational Structure

Board of Directors:

Ultimate oversight responsibility, policy approval, and resource allocation for KYC program.

Chief Compliance Officer:

Overall KYC program management, regulatory liaison, and senior management reporting.

KYC Manager:

Day-to-day operations, staff management, quality assurance, and process improvement.

KYC Analysts:

Customer onboarding, document review, risk assessment, and ongoing monitoring activities.

9.2 Quality Assurance and Control

  • Dual Control: Independent review of high-risk customer onboarding decisions
  • Quality Sampling: Regular sampling and review of KYC decisions and documentation
  • Performance Metrics: KPIs for accuracy, timeliness, and compliance effectiveness
  • Continuous Improvement: Regular process review and enhancement based on findings
  • External Validation: Independent third-party assessment of KYC program effectiveness

9.3 Regulatory Reporting and Communication

  • Regulatory Updates: Regular communication with relevant regulatory authorities
  • Compliance Reporting: Periodic reports on KYC program effectiveness and metrics
  • Incident Reporting: Prompt notification of significant compliance issues or breaches
  • Examination Support: Cooperation with regulatory examinations and audits
  • Best Practice Sharing: Participation in industry forums and working groups

10. Contact Information and Support

πŸ“ž KYC Support Team

KYC Manager

Email: kyc@nomercyx.com

Phone: +1-555-KYC-HELP

Customer Onboarding

Email: onboarding@nomercyx.com

Live Chat: Available 24/7

Document Verification

Email: verification@nomercyx.com

Upload Portal: docs.nomercyx.com

πŸ†˜ Customer Support

General Inquiries

Email: support@nomercyx.com

Phone: +1-555-SUPPORT

Technical Support

Email: tech@nomercyx.com

Ticket System: help.nomercyx.com

Escalations

Email: escalations@nomercyx.com

Priority Line: +1-555-URGENT

⚠️ Important Notice

This KYC Policy is subject to regular updates to reflect changes in laws, regulations, and industry best practices. All customers and employees are responsible for staying informed of the current version and complying with all requirements.

Policy Effective Date: October 25, 2025 | Next Review Date: October 25, 2026

Global Know Your Customer (KYC) Policy - NomercyX - NomercyX