Cryptix Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) Compliance

Cryptix is an authorized virtual currency service provider (License No M22806581) by the FINTRAC. RSG UNIVERSALPAYMENTS LTD. (“Cryptix”/ “Company“) has notolerance for money laundering, the financing of terrorism or any other form ofillicit activity, and is committed to implementing policies, procedures andcontrols shaped by the best industry practices and the most effectiveanti-money laundering standards applied in Canada and worldwide. These rulesapply to, without exception, all employees of the Company, its Board members,officers, contractors, and consultants.

The purpose of this document is toprovide the Company’s partners, clients, vendors, contractors, employees, regulators, law enforcement and other concerned stakeholders with a high-leveloverview of the Company’s AML/CTF compliance regime elements and procedures. Byno means this document shall not be read as an entire set of all policies, procedures and controls in place implemented by the Company for prevention ofmoney laundering, financing of terrorism and other forms of illicit activity.

This document and all underlyingpolicies, processes and procedures are prepared in line with provisions, requirements and recommendations of:

The Company operates from, andunder the laws of Canada. Canada was among the first countries in the world whointroduced Anti-money laundering (“AML“)and countering the financing of terrorism (“CTF“) requirements for businesses engaged in exchangeof virtual currency for fiat currency and virtual currency custody.

RSG UNIVERSAL PAYMENTS LTD. is an authorized virtual currency serviceprovider (License No M22806581) by the FINTRAC. The licenses can be validatedon the official websiteof the Financial Transactions and Reports AnalysisCentre of Canada.

As a regulated business, Cryptix is required to comply with the Money Laundering and Terrorist Financing Prevention Act and International SanctionsAct, which require Cryptix to identify and verify its clients’ identities, conduct ongoing monitoring of their activity, including transaction monitoring, maintain records of clients’ activity and related documents for at least fiveyears and report certain transactions to authorities.

The Company understands money laundering as:

  1. the conversion or transfer of property, knowing that such property isderived from criminal activity or from an act of participation in suchactivity, for the purpose of concealing or disguising the illicit origin of theproperty or of assisting any person who is involved in the commission of suchan activity to evade the legal consequences of that person’s action;
  2. the concealment or disguise of the true nature, source, location, disposition, movement, rights with respect to, or ownership of, property, knowing that such property is derived from criminal activity or from an act ofparticipation in such an activity;
  3. the acquisition, possession or use of property, knowing, at the time ofreceipt, that such property was derived from criminal activity or from an actof participation in such an activity;
  4. participation in, association to commit, attempts to commit and aiding, abetting, facilitating and counselling the commission of any of the actionsreferred to in points (a), (b) and (c).

Terroristfinancing provides funds for terrorist activity. Fromlegal standpoint it means the provision or collection of funds, by any means, directly or indirectly, with the intention that they be used or in the knowledge that they are to be used, in full or in part, in order to carry outany of the offences. Terrorist activity has as its main objective to intimidatea population or compel a government to do something. This is done by intentionally killing, seriously harming or end angering a person, causing substantial property damage that is likely to seriously harm people or by seriously interfering with or disrupting essential services, facilities or systems.

RISK-BASED APPROACH AND RISK ASSESSMENT

Cryptix will perform a risk-baseddue diligence and collect information and documentation on each prospectiveclient in order to assess the risk profile associated. The Company’s employeeswill exercise care, due diligence and good judgement in determining the overall character and nature of all clients. Cryptix conducts its business inaccordance with the highest ethical standards and will not enter into business relation ships with individuals or entities that may adversely affect Company’sreputation and compromise virtual currency industry.

For the purpose of identification, assessment and analysis of risks of money laundering and terrorist financing related to its activities, the Company prepares a risk assessment, taking account of the following categories:

  1. Customer risk;
  2. Geographical risk;
  3. Product risk;
  4. Delivery channel risk.

After the risk assessed and attributed to a particular customer, depending on degree of risk, it should berevised periodically upon knowledge of the customer and its activity.

COMPLIANCE OFFICER

The management board of the Company shall appoint a Compliance Officer, who acts as a contact person of the FINTRA Cand performs AML/CTF duties and obligations of the Company. A Compliance Officer reports directly to the management board and has the competence, meansand access to relevant information across all the structural units of the Company.

Only a person who has the education, professional suitability, the abilities, personal qualities, experience and impeccable reputation required for performance of the dutieslisted below may be appointed as a Compliance Officer. The appointment of aCompliance Officer is coordinated with the FINTRAC.

The duties of a Compliance Officer include, inter alia:

  1. organisation of the collection and analysis of information referring tounusual transactions or transactions or circumstances suspected of money laundering or terrorist financing, which have become evident in the activities of the Company;
  2. reporting to the FINTRAC in the event of suspicion of money laundering or terrorist financing;
  3. periodic submission of written statements on compliance with the requirements arising from the Act to the management board of the Company;
  4. performance of other duties and obligations related to compliance withthe requirements of the Act.

RULES OFPROCEDURE AND INTERNAL CONTROL RULES

The Company has developed and implemented rules of procedure that allowfor effective mitigation and management of risks relating to money laundering and terrorist financing, which are identified in the risk assessment performedin accordance with the Company’s risk-based approach described above.Each employee of the Company should strictly adhere to rules of procedure setforth herein.

The rules of procedure consist of the following:

  1. a procedure for the application of due diligence measures regarding acustomer, including a procedure for the application of simplified and enhanceddue diligence measures;
  2. a model for identification and management of risks relating to acustomer and its activities and the determination of the customer’s riskprofile;
  3. the methodology and instructions where the Company has a suspicion ofmoney laundering and terrorist financing or an unusual transaction orcircumstance is involved as well as instructions for performing the reportingobligation;
  4. the procedure for data retention and making data available;
  5. instructions for effectively identifying whether a person is apolitically exposed person or a local politically exposed person subject tointernational sanctions.

The Company applies the following due diligence measures:

  1. identification of a customer and verification of the submitted information based on information obtained from a reliable and independent source, including using means of electronic identification and of trustservices for electronic transactions;
  2. identification of the beneficial owner and, for the purpose of verifying their identity, taking measures to the extent that allows the Company to makecertain that it knows who the beneficial owner is, and understands the ownership and control structure of the customer;
  3. understanding of business relationships, and, where relevant, gatheringin formation thereon;
  4. gathering information on whether a person is a politically exposedperson, their family member or a person known to be close associate;
  5. monitoring of a business relationship.

SIMPLIFIED DUEDILIGENCE

The Company may apply simplifieddue diligence (“SDD“)measures where a risk assessment prepared on the basis of these rules ofprocedure identifies that, in the case of the economic or professionalactivity, field or circumstances, the risk of money laundering or terroristfinancing is lower than usual.

Before the application of SDDmeasures to a customer, an employee of the Company establishes that thebusiness relationship, transaction or act is of a lower risk and the Companyattributes to the transaction, act or customer a lower degree of risk.

The application of SDD measures ispermitted to the extent that the Company ensures sufficient monitoring oftransactions, acts and business relationships, so that it would be possible toidentify unusual transactions and allow for notifying of suspicioustransactions in accordance with these rules of procedure.

ENHANCED DUEDILIGENCE

The Company applies enhanced duediligence (“EDD“) measures in order to adequately manage and mitigate a higher-than-usual risk of money laundering and terrorist financing.

EDD measures are applied always when:

  1. upon identification of a person or verification of submitted information, there are doubts as to the truthfulness of the submitted data, authenticity of the documents or identification of the beneficial owner;
  2. the customer is a politically exposed person, except for a local politically exposed person, their family member or a close associate;
  3. the customer is from a high-risk third country or their place ofresidence or seat in a high-risk third country;
  4. the customer is from such country or territory that, according tocredible sources such as mutual evaluations, reports or published follow-upreports, has not established effective AML/CTF systems that are in accordance with the recommendations of the Financial Action Task Force, or that isconsidered a low tax rate territory.

The Company applies EDD measures also where a risk assessment prepared on the basis of these rules identifies that, in the case of the economic or professional activity, field or factors,the risk of money laundering or terrorist financing is higher than usual.

PEP DEFINITIONAND SCREENING

Politically Exposed Persons (“PEP“) (as well as their families and persons known to be close associates, as described below) are required to besubject to enhanced scrutiny by reporting entities. This is because international standards issued by the Financial Action Task Force recognizethat a PEP may be in a position to abuse their public office for private gainand a PEP may use the financial system to launder the proceeds of this abuse ofoffice.
PEP means a natural person who is or who has been entrusted with prominentpublic functions including:

  1. head of State;
  2. head of government;
  3. minister and deputy or assistant minister;
  4. a member of parliament or of a similar legislative body;
  5. a member of a governing body of a political party;
  6. a member of a supreme court;
  7. a member of a court of auditors or of the board of a central bank;
  8. an ambassador, a chargé d’affaires and a high-ranking officer in the armed forces;
  9. a member of an administrative, management or supervisory body of a State-owned enterprise;
  10. a director, deputy director and member of the board or equivalent function of an international organisation,

PEPs do not include middle-rankingor more junior officials.

Family member of a PEP means the spouse, or a person considered to be equivalent to a spouse, of a PEP or localPEP; a child and their spouse, or a person considered to be equivalent to aspouse, of a PEP or local PEP; a parent of a PEP or local PEP.

Person known to be close associate of a PEP means a natural person who is known to be the beneficial owner or tohave joint beneficial ownership of a legal person or a legal arrangement, orany other close business relations, with a PEP or a local PEP; and a naturalperson who has sole beneficial ownership of a legal entity or legal arrangement which is known to have been set up for the de facto benefit of a PEP or local PEP.

SANCTIONS SCREENING

Dealing with persons against which imposed international sanctions poses a great risk to the Company, its directors, officers and owners.
The Company will perform sanction screening of its customers on the samematching rules, as for PEP screening.
The Company will perform screening, at minimum, against the following sanctions lists:

  1. UN Sanctions;
  2. EU Sanctions;
  3. Sanctions administeredby the Office of Financial Sanctions Implementation (“OFSI-UK”)
  4. Sanctions administeredby the Office of Foreign Assets Control (“OFAC-US“);
  5. Sanctions imposed underthe International Sanction Act. All matches (true hits) will beescalated to a Compliance Officer for further action and processing.

All matches (true hits) will beescalated to a Compliance Officer for further action and processing.

SUSPICIOUS ACTIVITY MONITORING AND REPORTING

Where the Company identifies anactivity or facts whose characteristics refer to the use of criminal proceedsor terrorist financing or other criminal offences or an attempt thereof or withregard to which the Company suspects or knows that it constitutes money laundering or terrorist financing or the commission of another criminal offence, a Compliance Officer of the Company must report it to the FINTRA Cimmediately, but not later than within two working days after identifying the activity or facts or after getting the suspicion.

The Company and all its employees, officers and directors are prohibited to inform a person, its beneficial owner,representative or third party about a report submitted on them to the FINTRAC, an intention to submit such a report as well as about the commencement ofcriminal proceedings.

DATA RETENTION

The Company must retain thedocuments and information which served for identification and verification ofclients, no less than five years after termination of the business relationship.

The Company implements necessaryrules for protection of personal data upon application of the requirementsarising from its obligations hereunder.

The Company is allowed to processpersonal data gathered upon implementation of these rules only for the purposeof preventing money laundering and terrorist financing and the data must not beadditionally processed in a manner that does not meet the purpose, forinstance, for marketing purposes.

TRAINING

The Compliance Officer shall ensurethat Company’s employees are fully aware of their legal obligations under theAML/CTF regime, by introducing a complete employees’ education and trainingprogram.

The timing and content of thetraining provided is determined according to the needs of the Company. The frequencyof the training can vary depending on to the amendments of legal and/orregulatory requirements, employees’ duties as well as any other changes in thebusiness model. The training program aims at educating the Company’s employeeson the latest developments in the prevention of money laundering and terrorist financing, including the practical methods and trends used for this purpose.

COOPERATIONAND EXCHANGE OF INFORMATION

The Company cooperates withsupervisory and law enforcement author ities in preventing money laundering andterrorist financing, there by communicating information available to the Company and replying to queries within a reasonable time, following the duties, obligations and restrictions arising from legislation. For any relevantrequests please contact us at po@cryptix.io .