Global Know Your Customer Policy

Last Updated: October 10, 2025

Effective Date: October 10, 2025

Applicable Jurisdiction: Global Operations

Policy Version: 3.0 (Updated for 2024-2025 Global Standards)

1. Introduction and Global Framework

NomercyX ("Company") implements a comprehensive global Know Your Customer (KYC) policy to ensure compliance with international standards for customer identification, verification, and ongoing due diligence. This policy establishes our framework for preventing identity fraud, money laundering, terrorist financing, and other financial crimes across all jurisdictions where we operate.

1.1 International KYC Standards

  • FATF Recommendations: Customer Due Diligence and record-keeping requirements
  • Basel Committee Principles: Customer due diligence for banks and financial institutions
  • Wolfsberg Group Standards: Global KYC standards for correspondent banking
  • OECD Guidelines: Common Reporting Standard (CRS) and tax transparency
  • EU AML Directives: Customer due diligence and beneficial ownership requirements
  • US BSA/AML Requirements: Customer Identification Program (CIP) and beneficial ownership
  • UK Money Laundering Regulations: Customer due diligence and enhanced due diligence
  • AUSTRAC Guidelines: Customer identification and verification procedures

1.2 Regulatory Compliance Framework

ЁЯМН Multi-Jurisdictional KYC Compliance

Americas:
  • тАв USA: BSA, USA PATRIOT Act, FinCEN CDD Rule
  • тАв Canada: PCMLTFA, FINTRAC guidance
  • тАв Brazil: COAF regulations, Central Bank rules
  • тАв Mexico: CNBV KYC requirements
Europe & Asia-Pacific:
  • тАв EU: 6AMLD, AMLA framework
  • тАв UK: MLR 2017, FCA guidance
  • тАв Singapore: MAS AML/CFT requirements
  • тАв Australia: AML/CTF Act, AUSTRAC rules

1.3 Virtual Asset Specific Requirements

  • FATF Virtual Asset Guidelines: Enhanced CDD for virtual asset service providers
  • Travel Rule Compliance: Customer information sharing for transfers тЙе $1,000
  • Unhosted Wallet Verification: Enhanced verification for self-hosted wallet transactions
  • DeFi Protocol KYC: Emerging requirements for decentralized finance interactions
  • Cross-Chain Transactions: Multi-blockchain identity verification and tracking

2. Customer Risk Classification Framework

2.1 Risk-Based Approach

We implement a comprehensive risk-based approach to customer classification, considering multiple risk factors to determine appropriate due diligence levels:

ЁЯЯв Low Risk

  • тАв Regulated financial institutions
  • тАв Government entities
  • тАв Listed public companies
  • тАв Low-risk jurisdictions
  • тАв Small transaction volumes
  • тАв Established customer history

ЁЯЯб Medium Risk

  • тАв Non-regulated businesses
  • тАв High-value individuals
  • тАв Cross-border transactions
  • тАв Cash-intensive businesses
  • тАв Complex ownership structures
  • тАв Moderate transaction volumes

ЁЯФ┤ High Risk

  • тАв Politically Exposed Persons (PEPs)
  • тАв High-risk jurisdictions
  • тАв Shell companies
  • тАв Large transaction volumes
  • тАв Privacy coin usage
  • тАв Adverse media exposure

2.2 Geographic Risk Assessment

ЁЯЧ║я╕П Jurisdictional Risk Factors

High-Risk Indicators:
  • тАв FATF blacklisted countries
  • тАв Sanctions-affected jurisdictions
  • тАв Weak AML/CFT frameworks
  • тАв High corruption levels
  • тАв Limited regulatory oversight
  • тАв Terrorist financing concerns
Enhanced Monitoring:
  • тАв Increased transaction monitoring
  • тАв More frequent reviews
  • тАв Additional documentation
  • тАв Senior management approval
  • тАв Enhanced reporting
  • тАв Ongoing risk assessment

2.3 Product and Service Risk Assessment

  • Cryptocurrency Trading: Risk varies by asset type, volume, and frequency
  • Fiat Currency Services: Higher risk for cash transactions and money transfers
  • Institutional Services: Lower risk for regulated institutional clients
  • Cross-Border Transfers: Enhanced risk for international transactions
  • Privacy Coins: Higher risk for privacy-focused cryptocurrencies
  • DeFi Integration: Emerging risks from decentralized finance protocols

3. Customer Identification and Verification

3.1 Individual Customer Requirements

Basic Identification Information

  • Full Legal Name: As appearing on government-issued identification
  • Date of Birth: Complete date including day, month, and year
  • Place of Birth: City and country of birth
  • Nationality: Current citizenship(s) and any dual nationalities
  • Tax Residency: Country(ies) of tax residence for CRS reporting
  • Residential Address: Current physical address (not P.O. Box)
  • Contact Information: Phone number and email address

Document Verification Requirements

Identity Documents (Primary)
  • тАв Passport (preferred for international customers)
  • тАв National ID card with photo
  • тАв Driver's license (government-issued)
  • тАв Military ID (active or veteran)
  • тАв Permanent resident card
Address Verification
  • тАв Utility bill (electricity, gas, water)
  • тАв Bank statement (last 3 months)
  • тАв Government correspondence
  • тАв Lease agreement or mortgage statement
  • тАв Tax assessment or council tax bill

3.2 Corporate Customer Requirements

Corporate Documentation

ЁЯПв Required Corporate Documents
Formation Documents:
  • тАв Certificate of incorporation/registration
  • тАв Articles of association/bylaws
  • тАв Memorandum of association
  • тАв Operating agreement (LLCs)
  • тАв Partnership agreement
Operational Documents:
  • тАв Business license/permits
  • тАв Tax registration certificate
  • тАв VAT/GST registration
  • тАв Regulatory licenses (if applicable)
  • тАв Audited financial statements

Beneficial Ownership Identification

  • Ownership Threshold: Individuals owning тЙе25% of shares or voting rights
  • Control Persons: Individuals exercising ultimate control over the entity
  • Senior Managing Officials: If no individual meets ownership threshold
  • Trust Beneficiaries: For trust structures, identification of settlors, trustees, and beneficiaries
  • Complex Structures: Full ownership chain documentation for multi-layered entities

3.3 Advanced Verification Technologies

Digital Identity Verification

Document Authentication
  • тАв OCR and data extraction
  • тАв Security feature verification
  • тАв Template matching
  • тАв Forensic analysis
  • тАв Real-time validation
Biometric Verification
  • тАв Facial recognition
  • тАв Liveness detection
  • тАв Voice recognition
  • тАв Fingerprint matching
  • тАв Behavioral biometrics
Database Verification
  • тАв Government databases
  • тАв Credit bureau checks
  • тАв Sanctions screening
  • тАв PEP database matching
  • тАв Adverse media screening

Video-Based Customer Identification (V-CIP)

  • Live Video Session: Real-time interaction with trained verification agents
  • Document Presentation: Physical presentation of original documents
  • Identity Confirmation: Verbal confirmation of personal details
  • Liveness Verification: Confirmation that the person is physically present
  • Session Recording: Secure recording for audit and compliance purposes
  • Multi-Language Support: Verification in customer's preferred language

4. Enhanced Due Diligence (EDD) Procedures

4.1 EDD Trigger Events

ЁЯЪи Enhanced Due Diligence Requirements

Customer-Based Triggers:
  • тАв Politically Exposed Persons (PEPs)
  • тАв High Net Worth Individuals (>$1M)
  • тАв Customers from high-risk countries
  • тАв Non-resident customers
  • тАв Complex corporate structures
  • тАв Adverse media mentions
Transaction-Based Triggers:
  • тАв Large transaction volumes (>$50,000)
  • тАв Unusual transaction patterns
  • тАв Cross-border transfers
  • тАв Privacy coin transactions
  • тАв Mixing service usage
  • тАв Suspicious activity alerts

4.2 PEP Identification and Management

PEP Categories

Domestic PEPs
  • тАв Senior government officials
  • тАв Senior political party officials
  • тАв Senior judicial officials
  • тАв Senior military officials
  • тАв State-owned enterprise executives
Foreign PEPs
  • тАв Heads of state/government
  • тАв Senior government ministers
  • тАв Supreme court judges
  • тАв Central bank governors
  • тАв Ambassadors and diplomats
International PEPs
  • тАв UN senior officials
  • тАв EU institution leaders
  • тАв World Bank executives
  • тАв IMF senior management
  • тАв International court judges

PEP-Related Persons

  • Family Members: Spouse, children, parents, siblings, and their spouses
  • Close Associates: Business partners, close personal friends, advisors
  • Beneficial Owners: Entities where PEPs hold significant ownership or control
  • Former PEPs: Individuals who held PEP positions within the last 12-18 months

4.3 Source of Wealth and Funds Verification

ЁЯТ░ Wealth and Funds Documentation

Source of Wealth:
  • тАв Employment contracts and pay slips
  • тАв Business ownership documentation
  • тАв Investment portfolio statements
  • тАв Property ownership records
  • тАв Inheritance documentation
  • тАв Tax returns and assessments
Source of Funds:
  • тАв Bank statements (6-12 months)
  • тАв Sale of assets documentation
  • тАв Loan agreements and approvals
  • тАв Investment redemption records
  • тАв Business income verification
  • тАв Gift or donation documentation

5. Ongoing Monitoring and Review

5.1 Periodic Review Schedule

ЁЯУЕ Review Frequency by Risk Level

Low Risk:
  • тАв Full review: Every 3 years
  • тАв Document update: Every 5 years
  • тАв Transaction monitoring: Standard
  • тАв Sanctions screening: Daily
Medium Risk:
  • тАв Full review: Every 2 years
  • тАв Document update: Every 3 years
  • тАв Transaction monitoring: Enhanced
  • тАв Sanctions screening: Daily
High Risk:
  • тАв Full review: Annually
  • тАв Document update: Every 2 years
  • тАв Transaction monitoring: Intensive
  • тАв Sanctions screening: Real-time

5.2 Transaction Monitoring and Behavioral Analysis

  • Real-Time Monitoring: Continuous analysis of all transactions and activities
  • Pattern Recognition: AI-powered detection of unusual transaction patterns
  • Velocity Checks: Monitoring of transaction frequency and volume changes
  • Geographic Analysis: Tracking of cross-border and high-risk jurisdiction activities
  • Counterparty Analysis: Assessment of transaction counterparties and their risk profiles
  • Behavioral Scoring: Dynamic risk scoring based on customer behavior changes

5.3 Information Updates and Maintenance

Automatic Updates
  • Sanctions list screening (daily)
  • PEP database updates (weekly)
  • Adverse media monitoring (daily)
  • Risk score recalculation (monthly)
  • Regulatory list updates (real-time)
Customer-Initiated Updates
  • Address changes (immediate verification)
  • Contact information updates
  • Employment status changes
  • Beneficial ownership changes
  • Document renewals and replacements

6. Record Keeping and Data Management

6.1 Global Record Retention Standards

ЁЯУБ Retention Requirements by Document Type

Customer Records:
  • тАв Identity documents: 5-7 years after closure
  • тАв Address verification: 5-7 years after closure
  • тАв Beneficial ownership: 5-7 years after closure
  • тАв Risk assessments: 5-7 years after update
  • тАв Due diligence files: 5-7 years after closure
Transaction Records:
  • тАв Transaction history: 5-7 years from date
  • тАв Monitoring alerts: 5-7 years from closure
  • тАв Investigation files: 5-7 years from completion
  • тАв Correspondence: 5-7 years from date
  • тАв Audit trails: 5-7 years from creation

6.2 Data Security and Privacy

  • Encryption Standards: AES-256 encryption for data at rest and in transit
  • Access Controls: Role-based access with multi-factor authentication
  • Audit Logging: Comprehensive logging of all data access and modifications
  • Data Minimization: Collection and retention of only necessary information
  • Privacy Rights: Support for GDPR, CCPA, and other privacy regulation rights
  • Secure Disposal: Certified destruction of records at end of retention period

6.3 Cross-Border Data Transfers

  • Adequacy Decisions: Transfers to countries with adequate data protection
  • Standard Contractual Clauses: EU-approved clauses for international transfers
  • Binding Corporate Rules: Internal data transfer frameworks for multinational operations
  • Certification Schemes: Compliance with recognized international certification programs
  • Local Data Residency: Compliance with local data localization requirements

7. Training and Competency

7.1 Comprehensive Training Program

Foundation Training
  • тАв KYC fundamentals and principles
  • тАв Regulatory requirements overview
  • тАв Customer risk assessment
  • тАв Document verification techniques
  • тАв System training and procedures
Advanced Training
  • тАв Enhanced due diligence procedures
  • тАв PEP identification and management
  • тАв Complex corporate structures
  • тАв Sanctions compliance
  • тАв Investigation techniques
Specialized Training
  • тАв Cryptocurrency-specific KYC
  • тАв Blockchain analytics
  • тАв Digital identity verification
  • тАв Cross-border compliance
  • тАв Emerging technologies

7.2 Competency Assessment and Certification

  • Initial Certification: Mandatory certification before handling customer onboarding
  • Annual Recertification: Yearly competency testing and knowledge updates
  • Role-Specific Assessment: Tailored testing based on job responsibilities
  • Continuous Learning: Ongoing education on regulatory changes and best practices
  • Performance Monitoring: Regular assessment of KYC decision quality and accuracy

8. Technology and Innovation

8.1 Digital KYC Infrastructure

ЁЯФз Technology Stack

Core Systems:
  • тАв Customer onboarding platform
  • тАв Document verification engine
  • тАв Biometric authentication system
  • тАв Risk assessment engine
  • тАв Case management system
Integration Services:
  • тАв Government database APIs
  • тАв Credit bureau integrations
  • тАв Sanctions screening services
  • тАв PEP database connections
  • тАв Blockchain analytics tools

8.2 Artificial Intelligence and Machine Learning

  • Document Analysis: AI-powered document authenticity verification and data extraction
  • Risk Scoring: Machine learning models for dynamic customer risk assessment
  • Fraud Detection: Behavioral analytics and anomaly detection algorithms
  • Identity Matching: Advanced algorithms for identity verification and deduplication
  • Predictive Analytics: Forecasting of customer risk changes and compliance issues
  • Natural Language Processing: Automated analysis of adverse media and regulatory updates

8.3 Emerging Technologies

  • Blockchain Identity: Decentralized identity verification and self-sovereign identity
  • Zero-Knowledge Proofs: Privacy-preserving identity verification techniques
  • Digital Identity Wallets: Secure storage and sharing of verified identity credentials
  • Quantum-Resistant Cryptography: Future-proof security for identity data protection
  • IoT Integration: Device-based identity verification and authentication

9. Governance and Oversight

9.1 KYC Governance Structure

ЁЯПЫя╕П Organizational Structure

Board of Directors:

Ultimate oversight responsibility, policy approval, and resource allocation for KYC program.

Chief Compliance Officer:

Overall KYC program management, regulatory liaison, and senior management reporting.

KYC Manager:

Day-to-day operations, staff management, quality assurance, and process improvement.

KYC Analysts:

Customer onboarding, document review, risk assessment, and ongoing monitoring activities.

9.2 Quality Assurance and Control

  • Dual Control: Independent review of high-risk customer onboarding decisions
  • Quality Sampling: Regular sampling and review of KYC decisions and documentation
  • Performance Metrics: KPIs for accuracy, timeliness, and compliance effectiveness
  • Continuous Improvement: Regular process review and enhancement based on findings
  • External Validation: Independent third-party assessment of KYC program effectiveness

9.3 Regulatory Reporting and Communication

  • Regulatory Updates: Regular communication with relevant regulatory authorities
  • Compliance Reporting: Periodic reports on KYC program effectiveness and metrics
  • Incident Reporting: Prompt notification of significant compliance issues or breaches
  • Examination Support: Cooperation with regulatory examinations and audits
  • Best Practice Sharing: Participation in industry forums and working groups

10. Contact Information and Support

ЁЯУЮ KYC Support Team

KYC Manager

Email: kyc@nomercyx.com

Phone: +1-555-KYC-HELP

Customer Onboarding

Email: onboarding@nomercyx.com

Live Chat: Available 24/7

Document Verification

Email: verification@nomercyx.com

Upload Portal: docs.nomercyx.com

ЁЯЖШ Customer Support

General Inquiries

Email: support@nomercyx.com

Phone: +1-555-SUPPORT

Technical Support

Email: tech@nomercyx.com

Ticket System: help.nomercyx.com

Escalations

Email: escalations@nomercyx.com

Priority Line: +1-555-URGENT

тЪая╕П Important Notice

This KYC Policy is subject to regular updates to reflect changes in laws, regulations, and industry best practices. All customers and employees are responsible for staying informed of the current version and complying with all requirements.

Policy Effective Date: October 10, 2025 | Next Review Date: October 10, 2026