AML/KYC policy

This document gives an overview of the standards of the “Know Your Customer” and “Anti-Money Laundering” policies, thereby setting our practices for the prevention of money-laundering activities while dealing with our users.

The objective of AML/KYC Policy is to prevent Exolix from being used, intentionally or unintentionally, by criminal elements for money-laundering activities. The Policy also mandates making reasonable efforts to determine the true identity and beneficial ownership of accounts, source of funds, the nature of customer’s business, the reasonableness of operations in the account in relation to the customer’s business, etc., which in turn helps us to manage its risks prudently.

We strive to protect our customers from fraudulent and scam activities in the crypto assets sphere. Our in-compliance policy stance is designed to detect funds proven to be involved in illicit activities as well as to protect the funds of our customers who have fallen victims to hacks, ransomware and malware attacks. The toolkit at work committed to fighting money laundering and its implications is comprised of policy regulations in conjunction with recent developments in software aimed at tracking suspicious transactions in real time.

Our AML/KYC Policy, procedures, and internal controls are designed to ensure compliance with all applicable regulations and rules and will be reviewed and updated on a regular basis to ensure appropriate policies, procedures, and internal controls are in place, to account for both changes in regulations and changes in our business.

In case a transaction is spotted by our risk scoring system as suspicious, the transaction will be put on hold, and we will collect the following information from the customers, if applicable, from any person, entity, or organization:

• the full name;
• date of birth (for an individual);
• the address, which will be residential and business street address (for an individual) or a principal place of business, local office, or other physical location (for a person other than an individual);
• for an individual, a valid government-issued identification, evidencing nationality or residence and bearing a photograph or a similar safeguard, such as a driver’s license or passport; and for a person other than an individual, documents showing the existence of the entity, such as certified articles of incorporation, a government-issued business license, a partnership agreement or a trust instrument.

After providing the information, the customer must ensure that the information is true, complete, and timely updated. If there are any grounds for believing that any of the information customer provided is incorrect, false, outdated, or incomplete, we reserve the right to send the customer a notice to demand correction and, as the case may be, blacklist the existing account and terminate all or part of the services we provide for the said customer.

Based on the risk, and to the extent reasonable and practicable, we will proceed with the verification to the extent that we have collected all information needed in order to know the true identity of our customers by using risk-based procedures to verify and document the accuracy of the information we get about our customers.

We have appointed a Third-Party service provider, namely Sum & Substance Ltd, which entirely complies with our Privacy Policy in respect to processing the personal information of our customers. Sum & Substance Ltd will analyze the information we obtain to determine (1) whether the information is sufficient to form a reasonable belief that we know the true identity of the customer (e.g., whether the information is logical or contains inconsistencies); (2) whether the documents provided by the customers are valid and do not appear in the Specially Designated Nationals and Blocked Persons List or any other lists of sanctioned individuals.

We will verify the information within a reasonable time, depending on the nature of the account and risk level of transactions. We may refuse to complete a transaction before we have verified the information, or in some instances, when we need more time, we may, pending verification, suspend transactions under suspicion.

When we cannot form a reasonable belief that we know the true identity of a customer, we will request additional information.

We provide notice to customers that their transactions may be subject to AML/KYC checks. This information is stated in full detail in our Terms of Use, and each customer is obliged to get acquainted with these Terms before initiating transactions.

The AML Compliance Officer is the person, duly authorized by Exolix, whose responsibility is to implement and effectively monitor the application and enforcement of the AML/KYC policy as outlined in this document. The AML Compliance Officer is obliged to oversee and conduct effective monitoring of all aspects of Exolix’s anti-money laundering and counter-terrorist financing. Any suspicious behavior or activities should be reported to the AML Compliance Officer.

Communication with the AML Compliance Officer in regards to this Policy is conducted via [email protected].

Ongoing monitoring is an essential element of effective KYC procedures. We have an understanding of the normal and reasonable activity of the customer, ensuring that we have the means of identifying transactions that fall outside the regular pattern of activity.

We have put in place appropriate procedures to ensure the effective implementation of KYC guidelines. The implementation procedure covers proper management oversight, systems and controls, segregation of duties, training, and other related matters. From time to time, the Exolix security team will carry on the necessary quality checks and file audits to ensure that the KYC policies and procedures are adhered to. From time to time, the Exolix security team shall update senior management about issues arising during the customer acquisition process.

If necessary, we may request the necessary and accurate information about the sender and the required information about the recipient when transferring virtual assets and provide it to the relevant authorities upon official request.