AML / KYC COMPLIANCE DISCLOSURE

01 Statement of Compliance Posture

1.1 Nature of AceChange’s Activity

AceChange, operator of AceChange.io, operates a non-custodial routing and aggregation interface that:

• Displays informational rate data sourced from regulated and unregulated Partner Services;
• Embeds Partner-controlled widgets (rendered in iframes or via Partner-hosted SDKs);
• Provides educational content, comparison utilities and informational guides;
• Forwards user requests to the relevant Partner Service for execution.

1.2 Activities AceChange Does NOT Perform

AceChange does NOT:

1. Accept currency, funds or any value substituting for currency from any user (the “acceptance” element of money transmission under 31 CFR § 1010.100(ff)(5)(i)(A));
2. Transmit currency, funds or any substitute value to another location or person (the “transmission” element);
3. Buy, sell, exchange, swap or convert any digital asset on its own account or as a counterparty;
4. Custody, hold, escrow, segregate or control any user funds, fiat balances or digital assets at any point in time;
5. Possess, generate, derive or have any access to private keys, seed phrases, recovery phrases or wallet credentials of any user or any Partner Service account;
6. Issue, redeem, mint, burn or guarantee any digital asset, stablecoin, electronic-money token (EMT) or asset-referenced token (ART);
7. Operate any blockchain wallet (custodial or non-custodial), payment account, stored-value product or fiat float;
8. Provide any of the regulated services listed in Article 3(1)(16) MiCA on its own account;
9. Process card, bank-wire, SEPA, ACH, instant-payment or any other fiat payment;
10. Onboard customers, conduct identity verification or maintain customer accounts;
11. Settle, reverse, freeze, recover, refund or trace any blockchain or fiat transaction;
12. Provide investment advice, financial advice, tax advice or any regulated financial service.

1.3 Regulatory Conclusion

Based on the nature of AceChange’s activity as set out above, AceChange is not:

• A “Money Services Business” or “money transmitter” within the meaning of 31 CFR §§ 1010.100(ff) and 1010.100(ff)(5), and is not subject to the registration obligation under 31 CFR § 1022.380;
• A “Crypto-Asset Service Provider” (CASP) within the meaning of Article 3(1)(15) MiCA;
• An “obliged entity” within the meaning of Article 3 of Regulation (EU) 2024/1624 (AMLR);
• A “cryptoasset business” or “cryptoasset exchange provider” within the meaning of regulation 14A of the UK Money Laundering Regulations 2017;
• An obligated subject (“sujeto obligado”) within the meaning of Ley 8204 of Costa Rica with respect to virtual-currency exchange, custody or transfer activity;
• A “Virtual Asset Service Provider” (VASP) within the meaning of FATF Recommendation 15.

The compliance posture set out in this Disclosure is supported by the conduct of AceChange — namely, the absence of any of the activities listed in section 1.2 — which reflects the substance-over-form principle that animates BSA, MiCA, AMLR and FATF analysis.

02 Why AceChange is Not an Obliged Entity

2.1 US BSA / FinCEN Analysis

Under the BSA, only “money transmitters” are subject to MSB obligations. The statutory test (31 CFR § 1010.100(ff)(5)(i)(A)) requires both acceptance and transmission of value. AceChange performs neither. AceChange does not “accept” any user funds (which flow directly from the user’s wallet or payment instrument to the Partner Service) and does not “transmit” any value (AceChange does not custody or move any value).

FinCEN Guidance FIN-2019-G001 distinguishes (i) “anonymizing services providers” and “exchangers” who are MSBs from (ii) “users” and certain providers of internet hosting / hardware / network connectivity who are not. AceChange falls in the latter category as a provider of website infrastructure and front-end interface to regulated third parties. AceChange does not, in the words of FIN-2019-G001, “accept[] and transmit[] value, or buy[] or sell[] CVC”.

2.2 EU MiCA Analysis

Article 3(1)(16) MiCA defines “crypto-asset service” by reference to ten specific regulated activities, including custody, exchange, execution, placement, transfer service, advice, portfolio management and similar services. AceChange does not perform any of those services on its own account. The provision of website infrastructure that displays third-party rates and embeds third-party widgets is not, as such, a “crypto-asset service” within the meaning of MiCA.

For the avoidance of doubt, AceChange does not provide services to clients established or situated in the European Union. The AceChange.io interface is geo-blocked from the EEA in compliance with the ESMA Guidelines on Reverse Solicitation (ESMA35-1872330276-2030 / Final Report 18 December 2024). See Article 6 below.

2.3 EU AMLR (Regulation (EU) 2024/1624) Analysis

Article 3 AMLR defines “obliged entities” by reference to (a) credit and financial institutions, (b) crypto-asset service providers (CASPs as defined in MiCA), and (c) other specifically enumerated categories. As AceChange is neither a credit/financial institution nor a CASP, it is not an obliged entity under AMLR (which in any event applies from 10 July 2027).

2.4 UK MLRs 2017 Analysis

Under the UK Money Laundering Regulations 2017, “cryptoasset exchange providers” and “custodian wallet providers” are obliged entities. AceChange is neither — it does not exchange cryptoassets and does not custody wallets. Furthermore, AceChange does not provide services to UK persons; the AceChange.io interface is geo-blocked from the United Kingdom.

2.5 Costa Rica — Ley 8204 Analysis

Under Costa Rican law, the principal AML/CFT framework is Ley 8204 (Ley sobre Estupefacientes, Sustancias Psicotrópicas, Drogas de Uso No Autorizado, Actividades Conexas, Legitimación de Capitales y Financiamiento al Terrorismo) as amended, with supervision over financial entities exercised by SUGEF (Superintendencia General de Entidades Financieras) and intelligence functions by the Unidad de Inteligencia Financiera (UIF) of the Instituto Costarricense sobre Drogas (ICD). The category of obligated subjects (“sujetos obligados”) under Ley 8204 includes financial entities and certain non-financial professionals; the routing of users to third-party Partner Services performed by AceChange is a referral activity that does not, in itself, constitute virtual-currency exchange, custody, transfer or administration on AceChange’s own account and therefore does not bring AceChange within the scope of the obligated-subject regime in Ley 8204.

2.6 Conclusion

03 Partner Service Compliance — FixedFloat

3.1 Partner Identification

FixedFloat is operated by FFX Group Ltd, a company organised under the laws of the Republic of the Marshall Islands, with registered office at Trust Company Complex, Ajeltake Road, Ajeltake Island, Majuro, Republic of the Marshall Islands, MH 96960. FixedFloat operates the website ff.io (formerly fixedfloat.com).

3.2 FixedFloat AML Procedure (Section 7 of FixedFloat ToS)

Under Section 7 of FixedFloat’s Terms of Service, FixedFloat operates an AML programme under which:

1. No registration or KYC is required for standard crypto-to-crypto exchanges (Section 7.1);
2. Order suspension and SoF request may occur where funds appear linked to criminal activity, sanctioned addresses, mixers or non-AML-compliant centralised services;
3. Communication on AML matters occurs exclusively via [email protected];
4. Refusal or false data empowers FixedFloat to freeze funds for return to victims with law-enforcement assistance (Section 7.8);
5. Identity verification (KYC) may be required exceptionally where the user cannot provide sufficient evidence of source, with refunds only to the original sending address (Section 7.9);
6. Sanctions compliance is enforced against UN, EU and U.S. sanctions regimes (Section 6.3 of FixedFloat ToS);
7. Prohibited fund sources include funds linked to centralised services that openly facilitate laundering, refuse AML compliance or violate sanctions (Section 6.4).

3.3 FixedFloat Geographic Restrictions (Section 5)

FixedFloat prohibits use of its service by:

• Citizens and residents of the United States of America (Section 5.2);
• Persons located in countries on the United Nations Sanctions List (Section 5.2);
• Persons in countries where cryptocurrency or use of the FixedFloat service is forbidden by applicable law (Section 5.3).

3.4 FixedFloat Privacy Policy

FixedFloat processes personal data under its own GDPR-compliant Privacy Policy. FixedFloat is the data controller for all data submitted through its widget — including email address, IP address, log files, cookies, and any KYC/AML information requested under Section 7. AceChange is not a controller, joint controller or processor of FixedFloat-held data.

3.5 Reference Documents

• FixedFloat Terms of Service
• FixedFloat Privacy Policy
• FixedFloat AML / compliance: [email protected]
• FixedFloat support: [email protected]

04 Partner Service Compliance — Transak

4.1 Partner Identification & Regional Entities

Transak operates as a global web3 infrastructure services provider through a structured group of regulated regional entities. Transak’s regulatory licences and registrations include:

4.2 Transak Group AML Programme

Transak operates a comprehensive Anti-Money Laundering Compliance Programme (the “BSA/AML Programme“) aligned with the U.S. Bank Secrecy Act, UK Money Laundering Regulations 2017, EU AMLD framework, FATF Recommendations, and other applicable regimes. The Transak Programme has been reviewed and approved by Transak’s Board of Directors and includes:

• Customer Identification Programme (CIP) — multi-level systems collecting and verifying full name, email, mobile, government-issued identification number (e.g. SSN/TIN), date of birth, identity document, residential address and selfie;
• Watchlist screening against OFAC, OFSI, UN, EU and other applicable sanctions and PEP lists;
• Source-of-Funds (SoF) and Source-of-Wealth (SoW) verification;
• Transaction monitoring on a risk-based approach;
• Designated Compliance Officer / MLRO;
• SAR / STR filing with applicable Financial Intelligence Units (FIUs);
• Recordkeeping in compliance with applicable retention periods (including five (5) years post-relationship under MLRs);
• Independent audits of the AML programme;
• Risk-based approach to mitigation;
• ISO/IEC 27001:2022 certification and SOC 2 Type II compliance.

4.3 Mandatory KYC for Fiat Transactions

4.4 FATF Travel Rule Compliance

Transak applies the FATF Travel Rule (FATF Recommendation 16) for crypto-asset transfers, in line with applicable national implementations including:

• UK FCA Travel Rule (effective 1 September 2023);
• EU Transfer of Funds Regulation, Regulation (EU) 2023/1113 (applicable from 30 December 2024);
• U.S. Travel Rule under the BSA (currently $3,000 threshold, with proposed reduction to $250 for international transfers).

4.5 Transak Sanctions Compliance

Transak users undertake (per Section 6.3 of Transak ToS) compliance with OFAC, EU and UN Sanctions regimes, including the OFAC Specially Designated Nationals (SDN) List, the OFAC Consolidated Sanctions List, the Additional OFAC Sanctions List, and applicable UN, EU and local sanctions lists.

4.6 Reference Documents

• Transak Terms of Service
• Transak Global Privacy Policy
• Transak Group AML Policy
• Transak Compliance Center
• Transak FCA Travel Rule
• Transak Risk Warnings
• Transak Acceptable Use Policy

05 KYC / CDD Matrix by Transaction Type

5.1 Transaction Type Matrix

5.2 Transak Verification Levels (illustrative)

Limits are set, modified and enforced exclusively by Transak. AceChange does not set, guarantee or change these limits.

5.3 AceChange’s Position

AceChange does not perform any CDD or KYC. AceChange does not collect government IDs, selfies, biometrics, payment data, SoF documentation or PEP screening data. All such activity is performed exclusively by the relevant Partner Service. AceChange therefore cannot, and does not, validate user identity, verify residency, screen against sanctions lists or determine PEP status.

06 Sanctions Compliance & Geo-Blocking

6.1 Voluntary Geo-Blocking by AceChange

Notwithstanding that AceChange is not an obliged entity under any of the regimes referenced in Article 1, AceChange maintains a voluntary geo-blocking programme as good-faith compliance evidence and to support the Partner Services’ own compliance programmes. The geo-blocking programme covers:

• OFAC comprehensive-sanctions jurisdictions: Iran (31 CFR Part 560), North Korea / DPRK (31 CFR Part 510), Cuba, Syria, Crimea region, the so-called Donetsk People’s Republic, the so-called Luhansk People’s Republic, the occupied parts of Zaporizhzhia and Kherson regions;
• Russian Federation: in line with EU, U.S. and UK sanctions packages targeting the financial sector;
• Belarus: in line with EU and U.S. sanctions packages;
• FATF “Black List” jurisdictions: currently DPRK, Iran, Myanmar (Burma);
• Other UN-sanctioned jurisdictions: as updated from time to time;
• United States of America: all 50 states and territories, in line with FixedFloat ToS Section 5.2 and to avoid any U.S.-jurisdictional nexus;
• European Economic Area (EEA): in compliance with the ESMA Guidelines on Reverse Solicitation under MiCA (ESMA35-1872330276-2030 / Final Report 18 December 2024), to avoid being deemed to “solicit” EU clients;
• United Kingdom: to avoid the UK FCA financial promotions regime and UK Travel Rule scope.

6.2 Technical Enforcement

Geo-blocking is enforced via:

1. IP geo-location at the CDN/WAF edge (Cloudflare or equivalent);
2. HTTP 451 (“Unavailable For Legal Reasons”) response for blocked jurisdictions;
3. Jurisdictional gateway with self-attestation checkbox and 7-point declaration referencing the U.S. Person definition under 31 CFR § 560.314;
4. VPN / proxy / Tor detection at best-effort level;
5. Click-wrap acceptance of these Terms and the AML Disclosure on each session;
6. Audit logs of access attempts and acknowledgements (retained as good-faith compliance evidence in accordance with applicable record-keeping rules, including the 10-year retention recommended by 31 CFR § 501.601 for sanctions-related records).

6.3 Sanctions Lists

AceChange’s geo-blocking programme is informed by, and updated in light of, the following sanctions lists (without AceChange thereby becoming an obliged entity for sanctions screening of natural persons):

• OFAC SDN List and OFAC Consolidated Sanctions List — ingested at least once every twenty-four (24) hours from the authoritative source at treasury.gov/ofac/downloads/sdn.xml;
• UN Security Council Consolidated List;
• EU Consolidated Financial Sanctions List;
• UK HM Treasury Consolidated List of Financial Sanctions Targets;
• FATF lists of high-risk jurisdictions (“Black List”) and jurisdictions under increased monitoring (“Grey List”).

Person-level sanctions screening (against SDN and equivalent lists, for natural persons) is performed both by the Partner Services as part of their KYC processes and, on a voluntary good-faith basis, by AceChange’s seven-layer Anti-Money-Laundering Screening Engine (the “AML Engine“), which combines exact and phonetic-fuzzy matching (Soundex / Metaphone / Levenshtein ≥ 0.80) and applies the OFAC 50% Rule (revised guidance, 13 August 2014) to beneficial-ownership lookups.

6.4 No US Person Activity

6.5 Anti-Bypass Clause

Users undertake to comply with the geographic restrictions set out in Article 12 of the Terms of Service and in this Disclosure regardless of whether technical measures are perfectly effective or could be technically bypassed. This is in line with the principle established in United States v. BitMEX (S.D.N.Y. 2022) and similar enforcement actions, which held that operator awareness of bypass attempts is a key element in establishing wilful violations.

07 FATF Travel Rule

7.1 The Travel Rule

FATF Recommendation 16 (the “Travel Rule”), as applied to virtual asset transfers, requires Virtual Asset Service Providers (VASPs) to obtain, hold and transmit specified originator and beneficiary information when conducting crypto-asset transfers above the applicable de minimis threshold. The Travel Rule has been implemented in:

• European Union: Regulation (EU) 2023/1113 (Transfer of Funds Regulation, “TFR”), applicable from 30 December 2024 — applies to all crypto-asset transfers without de minimis for CASP-to-CASP transfers and with specified information requirements for transfers involving self-hosted wallets above EUR 1,000;
• United Kingdom: UK Money Laundering Regulations as amended; Travel Rule effective 1 September 2023, with a £1,000 threshold;
• United States: BSA Travel Rule under 31 CFR § 1010.410(f), currently with a $3,000 threshold (with FinCEN proposed reduction to $250 for international transfers pending);
• Other jurisdictions: per local implementation of FATF Recommendation 16.

7.2 Allocation of Travel Rule Obligations

Travel Rule obligations are obligations of VASPs / CASPs / MSBs. Since AceChange is not a VASP, CASP or MSB (see Articles 1 and 2 above), Travel Rule obligations do not apply to AceChange directly.

Travel Rule obligations relating to transfers initiated through Partner Service widgets fall on the relevant Partner:

• Transak applies the FCA Travel Rule and EU TFR via its UK and EEA entities, and the U.S. BSA Travel Rule via Transak USA LLC. See Transak Travel Rule page;
• FixedFloat handles Travel Rule obligations under its Marshall Islands jurisdiction and partner-VASP arrangements.

7.3 AceChange’s Voluntary Position

AceChange does not collect, store, transmit or have any access to Travel Rule data (originator name, address, account number, beneficiary name and account number). All such data, where required, is collected and exchanged by the Partner Services directly with their counterparty VASPs.

08 Source-of-Funds (SoF) & Source-of-Wealth (SoW)

8.1 SoF / SoW Concepts

Source-of-Funds (SoF) refers to the origin of the specific funds used in a particular transaction. Source-of-Wealth (SoW) refers to the origin of a customer’s overall wealth. Under FATF Recommendation 10 and AMLR Article 28, obliged entities must understand SoF (and, in higher-risk situations, SoW) of their customers.

8.2 Performed by Partner Services

SoF and SoW verification, where required, is performed exclusively by the relevant Partner Service:

• FixedFloat — under Section 7 of the FixedFloat ToS, may suspend Orders and request SoF documentation where there is suspicion of criminal-activity nexus. SoF correspondence is conducted via [email protected];
• Transak — applies SoF and SoW verification at higher KYC tiers (Enhanced Due Diligence and OTC). Verification is conducted via Transak’s compliance team.

8.3 AceChange’s Position

AceChange does not collect, store, review or have any access to SoF or SoW documentation. Any user request to provide SoF / SoW evidence will be redirected to the relevant Partner Service.

09 Prohibited Activities & Sources of Funds

9.1 Universally Prohibited Activities

The following activities are strictly prohibited in connection with any Order routed via AceChange.io:

• Money laundering (including layering, integration and structuring), as criminalised by:
  • USA: 18 USC §§ 1956 and 1957;
  • EU: Directive (EU) 2018/1673 on combating money laundering by criminal law;
  • UK: Proceeds of Crime Act 2002, sections 327–329;
  • Costa Rica: Ley 8204 (Article 69 — laundering of capital).
• Terrorism financing and proliferation financing;
• Sanctions evasion (UN, OFAC, EU, UK, or local);
• Tax evasion or tax fraud;
• Drug trafficking, human trafficking, modern slavery, child sexual abuse material;
• Fraud, identity theft, phishing, social engineering;
• Ransomware-related transactions and other cybercrime proceeds;
• Any other criminal activity under the laws applicable to the user, AceChange or the Partner Service.

9.2 Prohibited Sources of Funds

Funds originating from or passing through the following sources are prohibited:

• Mixers, tumblers, CoinJoin coordinators with no AML compliance (consistent with Section 6.4 of FixedFloat ToS, OFAC’s August 2022 designation of Tornado Cash, and FinCEN’s proposed Special Measure designation of CVC Mixing as a primary money-laundering concern);
• Darknet markets;
• Sanctioned addresses, smart contracts or persons — including all OFAC-designated crypto addresses, EU-sanctioned addresses, and UK-sanctioned addresses;
• Unlicensed casinos and gambling operators;
• Peer-to-peer platforms operating without AML/KYC controls;
• Shell banks within the meaning of Article 3(17) of Directive (EU) 2015/849;
• Centralised services openly facilitating laundering, refusing AML compliance or violating sanctions (consistent with Section 6.4 of FixedFloat ToS);
• Hacks, exploits, ransomware, fraud or theft;
• Any other source identified as suspicious or illegal under applicable law.

9.3 EU AMLR — Privacy-Coin and Anonymous-Account Restriction

Pursuant to Article 79 AMLR (effective 10 July 2027), credit institutions, financial institutions and CASPs in the EU are prohibited from maintaining anonymous accounts or accounts allowing anonymisation of transactions, including accounts using anonymity-enhancing crypto-assets. AceChange is not subject to this provision (not being an obliged entity), however users in transitional jurisdictions should note this evolving framework as it relates to Partner Services’ acceptance of certain assets.

10 Suspicious Activity Reporting

10.1 SAR / STR — Partner Obligation

The obligation to file Suspicious Activity Reports (SARs) with FinCEN, Suspicious Transaction Reports (STRs) with national Financial Intelligence Units (such as the National Crime Agency in the UK, FinCEN in the United States, or the Unidad de Inteligencia Financiera del Instituto Costarricense sobre Drogas in Costa Rica), and equivalent reports under other regimes is an obligation of the obliged entity / VASP. Such reports are filed:

• By Transak (via its regional licensed entities) to the applicable FIU;
• By FixedFloat per its applicable jurisdictional framework and where law enforcement requests are received.

10.2 AceChange’s Voluntary Cooperation

While AceChange is not subject to SAR/STR filing obligations, AceChange will voluntarily cooperate with lawful requests from FIUs, law-enforcement and competent authorities, including by:

• Disclosing IP logs, geo-block records, and contact correspondence in response to valid legal process;
• Preserving evidence as legally required;
• Supporting Partner Services’ SAR/STR filings to the extent of AceChange’s limited dataset.

10.3 No Tipping Off

Where a Partner Service has filed a SAR/STR or where AceChange has provided information to authorities, neither AceChange nor the user shall disclose such filing to any third party or to the subject of the report (“no tipping off”) consistent with applicable law.

11 Record-Keeping

11.1 Partner Service Recordkeeping

Partner Services maintain records as required by their applicable law, typically:

11.2 AceChange’s Records

AceChange retains the limited records described in its Privacy Policy, including geo-block / WAF event logs (5 years), server logs (12 months), email correspondence (3 years from last contact) and sanctions-screening / compliance-evidence records (up to 10 years, in line with the OFAC retention rule under 31 CFR § 501.601). These records support AceChange’s good-faith compliance posture and are produced to authorities upon valid legal process.

12 Cooperation with Authorities

12.1 Standing Cooperation Statement

AceChange will fully cooperate with valid legal process from competent courts, regulators, financial-intelligence units (FIUs), law-enforcement agencies and tax authorities. Cooperation will be subject to the applicable rules on confidentiality, privilege, data protection (GDPR Articles 6, 9, 23 and 49 where relevant) and procedural fairness.

12.2 Forms of Cooperation

• Production of records pursuant to subpoena, court order, MLAT, search warrant or equivalent;
• Production of records in response to administrative request from a regulator or FIU;
• Voluntary information-sharing where permitted by law;
• Preservation of evidence;
• Cooperation with FIU-to-FIU information exchange under FATF Recommendation 40.

12.3 Channelling of Requests

Law-enforcement and regulatory requests should be addressed to [email protected] with the appropriate subject line (Law Enforcement, Regulator, FIU, Sanctions, MLAT, Legal or Compliance), including complete identification of the requesting authority, applicable legal basis, scope of the request, and the data sought. AceChange will not respond to overly broad or vague requests. Every lawful request receives an acknowledgement within five (5) business days, and a substantive response within fifteen (15) business days, unless the complexity of the inquiry requires a longer period (in which case AceChange will communicate the expected timeline).

12.4 Partner-Held Records

For records held by Partner Services (KYC files, transaction data, payment records), authorities should approach the relevant Partner directly:

• FixedFloat: [email protected] · [email protected]
• Transak: via support.transak.com or per the Transak Group AML Policy;
• Swapped.com: as listed on swapped.com.

13 User Representations & Warranties

By accessing or using AceChange.io, the user irrevocably represents, warrants and certifies, on each visit and on each Order:

1. The user is not a “Restricted Person” as defined in Article 3.2 of the Terms of Service;
2. The user is not, and is not acting on behalf of, any person on the OFAC SDN List, OFAC Consolidated Sanctions List, OFAC Additional Sanctions List, UN Consolidated List, EU Consolidated Financial Sanctions List, UK Consolidated List or any equivalent list;
3. The user is not a “U.S. Person” within the meaning of 31 CFR § 560.314;
4. The user is not located in or a resident or citizen of any jurisdiction subject to comprehensive sanctions (DPRK, Iran, Cuba, Syria, Crimea, the so-called DNR/LNR, occupied parts of Zaporizhzhia and Kherson regions, Russia, Belarus, Myanmar, Afghanistan, Somalia, Yemen, Libya, Sudan, South Sudan, Venezuela, Nicaragua, Iraq, Lebanon, Central African Republic and DRC);
5. The user is not a “Politically Exposed Person” (PEP) within the meaning of FATF Recommendation 12 and AMLR Article 2(1)(34) — or, if the user is a PEP, the user has disclosed this fact to the relevant Partner Service and is subject to that Partner’s Enhanced Due Diligence;
6. All funds and digital assets used in connection with the Service originate from lawful sources and are not the proceeds of any criminal activity, fraud, sanctions evasion or tax evasion;
7. The user will not use the Service to facilitate any of the prohibited activities listed in Article 9 of this Disclosure;
8. The user accesses the Service entirely on the user’s own initiative and without any solicitation by AceChange, in compliance with the ESMA Guidelines on Reverse Solicitation under MiCA where applicable;
9. The user assumes full responsibility for compliance with all tax, financial, anti-money-laundering, sanctions and other laws applicable to the user;
10. All information provided to any Partner Service in connection with KYC, SoF, SoW or transaction monitoring is accurate, current, complete and truthful;
11. The user has read and understood (i) these Terms of Service, (ii) this AML/KYC Disclosure, (iii) the Privacy Policy and (iv) the terms and policies of the relevant Partner Service.

Any breach of any representation or warranty under this Article constitutes a material breach of the Terms of Service and may result in immediate termination of access, freezing of funds by the Partner Service, sanctions screening alerts and reporting to authorities.

14 Liability Allocation

14.1 AceChange’s Position

To the maximum extent permitted by applicable law, AceChange shall not be liable for any of the following — as such matters fall within the regulatory scope of the Partner Services:

1. The accuracy, completeness or timeliness of any KYC, CDD or EDD performed by a Partner Service;
2. The accuracy or completeness of any sanctions screening, PEP screening or watchlist screening performed by a Partner Service;
3. The accuracy or completeness of any source-of-funds or source-of-wealth verification;
4. The decision by a Partner Service to suspend, freeze, refund, decline or escalate any Order;
5. The decision by a Partner Service to file or not file any SAR, STR or equivalent;
6. The accuracy or completeness of any Travel-Rule data exchange between Partner Services and counterparty VASPs;
7. Any failure of a Partner Service to comply with the BSA, MiCA, AMLR, MLRs, FATF Recommendations or any other applicable AML/CTF/sanctions framework;
8. Any data breach, leak or unauthorised disclosure occurring at a Partner Service;
9. Any enforcement action taken by FinCEN, OFAC, FCA, AMLA, ESMA, SUGEF, or any other regulator against a Partner Service;
10. Any criminal proceeding, civil forfeiture or asset recovery affecting funds processed by a Partner Service.

14.2 Liability Cap

To the maximum extent permitted by applicable law, AceChange’s aggregate liability arising out of or in connection with this AML/KYC Disclosure, AML/CTF compliance, sanctions compliance and related matters shall not exceed the lesser of (a) USD 1,000 or (b) the actual loss directly suffered, in each case across all claims, in the aggregate. This cap is consistent with the cap set out in Article 14.4 of the Terms of Service.

14.3 Carve-outs

Nothing in this Article excludes or limits liability that cannot be excluded or limited under applicable mandatory law (such as liability for fraud, willful misconduct or gross negligence).

14.4 Indemnification

The user agrees to indemnify, defend and hold harmless AceChange, its directors, members, employees, agents, affiliates, contractors and licensors from any and all claims, demands, actions, proceedings, liabilities, damages, losses, costs and expenses (including reasonable legal fees) arising out of or in connection with: (a) any breach by the user of the representations and warranties in Article 13; (b) any violation by the user of any applicable AML/CTF/sanctions law; (c) any false, misleading or fraudulent information provided by the user to any Partner Service.

15 Updates & Contact

15.1 Updates to this Disclosure

AceChange may update this Disclosure from time to time to reflect changes in law (in particular as the EU AMLR comes into application on 10 July 2027), regulatory guidance, Partner Service practices or business operations. The most current version is always available on this page.

15.2 Compliance Contact

15.3 Operator

15.4 Related Documents

• Terms of Use
• Privacy Policy