Cryptocurrency Volatility Mitigation for Corporations

AML POLICY

Anti-Money Laundering (AML) Policy

Smart Volatility Mitigation S.A.

1. Definitions

Anti-Money Laundering (AML): The processes, laws, regulations, and procedures aimed at preventing criminals from disguising illegally obtained funds as legitimate income. AML policies are designed to detect and report suspicious activities, including money laundering and terrorism financing.

Money Laundering: The process of concealing the origins of money obtained from illegal activities such as drug trafficking, corruption, or fraud, by transforming it into seemingly legitimate assets. Money laundering typically involves three stages: placement, layering, and integration.

Terrorist Financing: The provision or collection of funds, by any means, directly or indirectly, with the intention that they should be used, or in the knowledge that they are to be used, in order to carry out terrorist activities. Unlike money laundering, the funds involved in terrorist financing may originate from both legitimate and illegitimate sources.

<strong The process of verifying the identity of clients to assess their suitability and the potential risks of illegal intentions, such as money laundering. KYC processes involve collecting and verifying information such as name, address, and identification documents.

Customer Due Diligence (CDD): The procedures carried out by a business to verify the identity of its customers and assess their risk profiles. CDD is a critical part of the KYC process and includes gathering information on customers’ identities, business activities, and the source of funds.

Enhanced Due Diligence (EDD): A more stringent level of scrutiny applied to customers who are identified as high risk. EDD involves additional measures to understand the customer’s activities and to mitigate the higher risk of money laundering or terrorist financing associated with that customer.

Suspicious Activity Report (SAR): A report filed by a financial institution or other regulated entity when it suspects that a transaction may be related to illegal activity, including money laundering or terrorism financing. SARs are typically submitted to relevant authorities, such as the Panamanian Supervisory Authorities.

Beneficial Owner: The individual or entity that ultimately owns or controls a customer or the person on whose behalf a transaction is being conducted. Beneficial ownership information is critical in assessing the risk of money laundering or terrorist financing.

Sanctioned Jurisdiction: Countries or territories that are subject to sanctions by international organizations such as the United Nations, European Union, or the Office of Foreign Assets Control (OFAC-US). SVM will not conduct business with entities or individuals in sanctioned jurisdictions.

Office of Foreign Assets Control (OFAC): A division of the U.S. Department of the Treasury that administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals. SVM screens all transactions against the OFAC Sanctions List.

Know Your Business (KYB): The process similar to KYC, but specifically focused on businesses and corporate entities. KYB involves verifying the identity of the business, understanding its structure, and identifying its ultimate beneficial owners.

Cryptocurrency: A digital or virtual currency that uses cryptography for security and operates independently of a central bank. In the context of SVM, this includes Bitcoin (BTC) and ERC20 tokens.

Stablecoin: A type of cryptocurrency that is pegged to a reserve asset (such as a fiat currency) to reduce volatility. SVM facilitates the conversion of cryptocurrencies into stablecoins as part of its services.

Blockchain: A decentralized ledger of all transactions across a peer-to-peer network. SVM uses blockchain exploratory tools to track and monitor cryptocurrency transactions for AML purposes.

Suspicious Transaction: Any transaction that does not appear to be legitimate, lacks an economic basis, or deviates significantly from a customer’s normal pattern of activity. Such transactions are flagged for further investigation and may result in filing a SAR.

Acting Compliance Manager: The designated individual responsible for overseeing and managing SVM’s AML compliance program, including the implementation of the AML policy, training of staff, and the filing of SARs with the relevant authorities.

2. Introduction

Smart Volatility Mitigation S.A. (“SVM” or “the Company”) is a Panamanian corporation, duly registered under Folio 155755087 of the mercantile section of the Public Registry of Panama. SVM is committed to the highest standards of Anti-Money Laundering (AML) compliance and aims to prevent its platform and services from being used for money laundering, terrorism financing, or other illicit activities.

3. Purpose of the Policy

The purpose of this AML Policy is to establish the principles, standards, and procedures for detecting, preventing, and reporting money laundering and terrorist financing activities within SVM. This policy ensures compliance with applicable Panamanian laws and international AML regulations.

4. Scope

This policy applies to all employees, board members, officers, contractors, and consultants of SVM. All parties must adhere to the standards set forth in this policy and ensure that the Company’s operations are conducted in compliance with applicable AML regulations.

5. Regulatory Framework

SVM adheres to the anti-money laundering standards applied in the Republic of Panama and international best practices. The Company complies with the regulations issued by Panamanian Supervisory Authorities and other relevant international bodies. SVM’s AML program is designed to meet the requirements of applicable laws and regulations.

6. Risk Assessment

SVM conducts a comprehensive risk assessment to identify, assess, and mitigate the risks of money laundering and terrorist financing related to its activities.

6.1 Customer Risk: SVM performs risk-based due diligence on each prospective client to assess their risk profile. Factors considered include the customer’s business activities, geographic location, and the nature of their transactions.

6.2 Geographical Risk: SVM considers the jurisdictional risk of its clients, particularly those from or operating in high-risk regions or sanctioned jurisdictions.

6.3 Product and Delivery Channel Risk: The Company assesses the risks associated with its products, such as the conversion of cryptocurrencies (BTC and ERC20 tokens) to stablecoins, and the delivery channels used.

6.4 Transaction Risk: Specific criteria, such as the size and frequency of transactions, are used to assess the risk level associated with individual transactions.

7. Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD)

7.1 CDD Procedures: SVM uses a risk-based approach to conduct Customer Due Diligence. Information and documentation are collected through the ETT software platform to verify the identity of clients. Additionally, a third-party service, Sumsub, is used for ID verification and liveliness checks.

7.2 EDD Triggers: Enhanced Due Diligence is required when certain thresholds are met, such as withdrawal requests exceeding defined amounts or transactions involving high-risk jurisdictions.

8. Transaction Monitoring

SVM employs robust transaction monitoring procedures to detect suspicious activities.

8.1 Monitoring Tools: The Company uses tools such as Crystal-Lite and Sumsub to monitor transactions. These tools allow SVM to set thresholds and conditions that trigger alerts for further investigation.

8.2 Suspicious Activity Indicators: Transactions that exceed USD 10,000, or multiple transactions that together exceed this amount within a 7-day period, will trigger automated alerts.

8.3 Screening Procedures: All beneficiaries and BTC addresses are screened against the OFAC-US Sanctions List and using blockchain exploratory tools to identify potential risks.

9. Reporting and Record Keeping

9.1 SAR Filing: The Acting Compliance Manager is responsible for filing Suspicious Activity Reports (SARs) with the Panamanian Supervisory Authorities. SARs must be accurate, filed promptly, and in compliance with regulatory requirements.

9.2 Record Retention: SVM retains all AML-related records, including KYC and KYB documents, for a minimum of five years after the termination of the business relationship. Records are securely stored in a cloud environment to ensure they are accessible for audits.

10. Internal Controls and Governance

10.1 Compliance Oversight: The Acting Compliance Manager oversees the AML program, ensuring that all internal controls, procedures, and processes are effectively implemented and followed.

10.2 Ongoing Reviews: SVM conducts periodic reviews of its AML policy, procedures, and customer profiles to maintain compliance and address any emerging risks.

11. Training Awareness

11.1 Staff Training: SVM provides regular training sessions to all employees, ensuring they are fully aware of their legal obligations under AML laws. Training sessions are tailored to reflect changes in regulations, business operations, and the latest AML trends.

11.2 Frequency: Training is conducted periodically, and at minimum, annually, with additional sessions as needed based on changes in the legal or regulatory environment.

12. Thirt-Party Due Diligence

12.1 Assessment: SVM reviews the AML policies of partners, suppliers, and third-party vendors to ensure they meet the Company’s AML standards. Due diligence includes verifying the validity of licenses, reviewing KYB documentation, and ensuring compliance with applicable regulations.

12.2 Ongoing Monitoring: The Acting Compliance Manager will continuously monitor third-party compliance and take appropriate action if any party fails to meet the required standards.

13. Policy Review and Updates

SVM will review and update this AML Policy at least once a year or as required by changes in regulatory requirements or business operations. The effectiveness of the policy will be regularly assessed to ensure it remains appropriate and effective in addressing the risks faced by the Company.

14. Emerging Trends and Proactive Measures

14.1 Staying Updated: The Acting Compliance Manager is responsible for staying ahead of emerging trends and risks in the cryptocurrency space by participating in relevant events, seminars, and training sessions.

14.2 Proactive Measures: SVM will modify and enhance its internal procedures, risk levels, withdrawal thresholds, and AML policy as necessary to address new and evolving threats.

15. Whistleblowing Policy

15.1 The Whistleblowing Policy provides a secure and confidential avenue for employees, contractors, and other stakeholders to report any suspected or actual misconduct, including violations of the Anti-Money Laundering (AML) Policy, unethical behavior, or illegal activities. This policy ensures that all reported concerns are addressed promptly, fairly, and without fear of retaliation.

15.2 This policy applies to all employees, board members, officers, contractors, consultants, and any other stakeholders associated with SVM. The policy covers concerns related to:

15.2.1 Violations of the AML Policy or other compliance policies.

15.2.2 Fraud, theft, or embezzlement.

15.2.3 Corruption, bribery, or unethical behavior.

15.2.4 Harassment or discrimination.

15.2.5 Any other illegal or unethical conduct.

15.3 SVM encourages individuals to report concerns as soon as they arise. The Company provides multiple channels for reporting:

15.3.1 Confidential Reporting: Concerns can be reported confidentially to the Acting Compliance Manager, or through a designated whistleblowing hotline or email address (to be provided by the Company).

15.3.2 Anonymous Reporting: Individuals may choose to report concerns anonymously. Anonymous reports will be treated with the same seriousness and confidentiality as those where the whistleblower’s identity is disclosed.

15.4 SVM strictly prohibits any form of retaliation against individuals who report concerns in good faith. Retaliation may include dismissal, demotion, harassment, or any other form of adverse treatment. Employees found to engage in retaliatory actions will face disciplinary measures, up to and including termination of employment.

15.5 Upon receiving a whistleblowing report, the Acting Compliance Manager or a designated officer will conduct an initial review to determine the appropriate course of action, which may include a formal investigation. Investigations will be conducted impartially, respecting the rights of all parties involved. The whistleblower’s identity will be kept confidential to the extent possible, consistent with the need for a thorough investigation. The whistleblower will be informed of the outcome and any actions taken as a result, where possible.

15.6 Reports must be made in good faith. Deliberately making false or malicious reports is a serious offense and will result in disciplinary action, up to and including termination of employment.

15.7 SVM will maintain confidential records of all whistleblowing reports, investigations, and outcomes. These records will be securely stored and accessible only to authorized personnel.

15.8 This Whistleblowing Policy will be reviewed periodically to ensure its effectiveness and relevance in addressing emerging risks or changes in the regulatory environment. Necessary amendments will be made as required.

15.9 SVM is committed to fostering a culture of transparency, accountability, and compliance. The Company encourages all employees and stakeholders to report any concerns without fear of retaliation, ensuring that SVM operates under the highest ethical standards.

16. Record Keeping

16.1 Smart Volatility Mitigation S.A. (“SVM” or “the Company”) recognizes the importance of maintaining comprehensive and accurate records as part of its commitment to compliance with Anti-Money Laundering (AML) regulations and other legal obligations. This Record Keeping clause outlines the standards and procedures for the retention, security, and accessibility of records related to customer due diligence, transactions, and other AML-related activities.

16.2 SVM will maintain the following types of records as part of its AML program:

16.2.1 Customer Due Diligence (CDD) Records: Documentation collected during the Know Your Customer (KYC) process, including identification documents, verification details, and any information obtained during the risk assessment process.

16.2.2 Transaction Records: Detailed records of all transactions conducted on the platform, including the nature, amount, and dates of transactions, as well as any supporting documentation.

16.2.3 Suspicious Activity Reports (SARs): Copies of all Suspicious Activity Reports filed with the relevant authorities, including the reasoning and supporting documentation for the reports.

16.2.4 Communication Records Any communication related to AML compliance, including customer notifications, internal communications, and reports to regulatory authorities.

16.2.5 Audit and Compliance Reports: Records of internal and external audits, compliance reviews, and any remedial actions taken as a result of these reviews.

16.3 All records related to AML compliance will be retained for a minimum of five years from the date of the transaction or the termination of the business relationship, whichever is later. In some cases, longer retention periods may be required to comply with specific legal or regulatory obligations.

16.4 Secure Storage: SVM will ensure that all AML-related records are stored securely in a manner that protects them from unauthorized access, alteration, or destruction. Records will be stored in a secure cloud storage environment with appropriate access controls.

16.5 Confidentiality: The confidentiality of all records will be maintained, with access limited to authorized personnel only. SVM will implement safeguards to protect the sensitive information contained within these records.

16.6 Records must be readily accessible and available for inspection by authorized personnel, including regulatory authorities and auditors, upon request. SVM will ensure that records can be retrieved efficiently and in a timely manner for audit and compliance purposes.

16.7 After the retention period has expired, records may be securely destroyed to prevent unauthorized access or use. Destruction of records will be carried out in accordance with established procedures to ensure that all data is rendered irretrievable.

16.8 SVM will periodically review its record-keeping practices to ensure they remain compliant with applicable legal and regulatory requirements. Any changes to the legal framework or best practices will prompt an update to this clause and associated procedures.

17. Conclusion

SVM is dedicated to maintaining a robust AML program that aligns with industry best practices and regulatory requirements. This policy underscores the Company’s commitment to preventing money laundering, terrorism financing, and other illicit activities.

Cryptocurrency Volatility Mitigation for Corporations