Anti-Money Laundering (AML) & Know Your Customer (KYC) Policy

3.1 Partner Provider Responsibilities

All transactions processed through AceChange.io are executed by our integrated Partner Providers, each of which maintains independent regulatory licenses and comprehensive AML/KYC programs. The specific Partner Provider processing each transaction is clearly displayed to the Customer during the order process.

3.2 AceChange.io Oversight & Additional Verification Rights

While Partner Providers handle primary transaction processing and verification, AceChange.io maintains independent compliance oversight and reserves the right to:

• Conduct additional blockchain analytics screening on all transactions passing through the platform
• Request supplementary KYC verification from customers at any time
• Freeze or decline transactions that present elevated risk indicators
• Maintain independent sanctions screening against OFAC SDN lists and other watchlists
• File independent Suspicious Activity Reports (SARs) when required
• Refuse service to customers or transactions deemed high-risk regardless of Partner Provider approval

4.1 Identity Verification Methods

Identity verification is conducted through a combination of document verification and biometric liveness detection to ensure the authenticity of submitted documents and the presence of the actual document holder.

4.2 Accepted Identity Documents

The following government-issued identity documents are accepted for KYC verification. Documents must be valid (not expired), clearly legible, and show all four corners:

Document Requirements: All documents must display the holder’s full legal name, date of birth, photograph, document number, issue and expiry dates, and issuing authority. Documents must be submitted in color (JPEG or PNG format) with a minimum resolution of 300 DPI.

4.3 Proof of Address (PoA)

Proof of Address verification may be required for Enhanced Due Diligence, high-value transactions, or as determined by risk assessment. Acceptable documents include:

• Utility Bills – Electricity, gas, water, internet, or telephone bills dated within the last 3 months
• Bank Statements – Official bank or financial institution statements dated within the last 3 months
• Government Correspondence – Tax notices, voter registration, or official government letters dated within the last 3 months
• Tenancy Agreement – Valid rental or lease agreement with landlord details
• Mortgage Statement – Recent mortgage statement from a recognized financial institution

Documents must clearly display the customer’s full name and residential address matching the identity document provided. Mobile phone bills, insurance documents, and P.O. Box addresses are generally not accepted.

4.4 Source of Funds (SoF) Verification

Source of Funds verification establishes the legitimate origin of assets being exchanged. This verification may be required for:

• Transactions exceeding €15,000 or equivalent in cryptocurrency
• Cumulative transactions exceeding €50,000 within a 30-day period
• Transactions flagged by blockchain analytics tools
• Customers identified as Politically Exposed Persons (PEPs)
• Transactions involving high-risk jurisdictions
• Any transaction where the AML Officer deems verification necessary

Acceptable Source of Funds Documentation:

• Employment income: Recent payslips, employment contract, or employer verification letter
• Business income: Business registration documents, financial statements, tax returns
• Investment returns: Brokerage statements, dividend confirmations, capital gains documentation
• Property sale: Sale agreement, closing documents, funds transfer confirmation
• Inheritance: Probate documents, inheritance tax documentation, executor confirmation
• Cryptocurrency holdings: Exchange account statements, wallet screenshots showing accumulation history, mining records
• Gift or donation: Gift deed, donor identification, relationship verification

4.5 KYC Verification Process

When KYC verification is required, customers will receive notification via email with instructions. The verification process includes:

• Step 1: Submission of required identity documents in acceptable format
• Step 2: Completion of biometric liveness verification (real-time selfie/video)
• Step 3: Submission of Proof of Address documentation (if required)
• Step 4: Completion of Source of Funds questionnaire and documentation (if required)
• Step 5: Review and verification by AML compliance team
• Step 6: Additional information requests (if necessary)

5.1 Standard CDD Measures

• Identification and verification of customer identity using reliable, independent sources
• Identification of beneficial owners for legal entities or arrangements
• Understanding the purpose and intended nature of the business relationship
• Ongoing monitoring of transactions to ensure consistency with customer profile
• Maintaining current and accurate customer information through periodic reviews

5.2 Risk Assessment Factors

Customer risk assessment considers multiple factors including:

6.1 EDD Trigger Conditions

Enhanced Due Diligence is required in the following circumstances:

• Customer identified as a Politically Exposed Person (PEP) or close associate/family member of a PEP
• Customer or transaction involves high-risk jurisdictions identified by FATF or national authorities
• Transaction patterns indicate potential structuring, layering, or other suspicious behavior
• Blockchain analytics reveal exposure to high-risk addresses, mixers, or illicit activities
• Large or unusual transactions inconsistent with known customer profile
• Adverse media findings or negative news associated with the customer
• Complex ownership structures or unusual business arrangements
• Customer reluctance to provide required information or documentation

6.2 EDD Measures

When EDD is triggered, the following additional measures may be applied:

• Comprehensive Source of Funds and Source of Wealth verification
• Enhanced identity verification including video verification interview
• Senior management approval for customer onboarding or transaction processing
• More frequent monitoring and review of customer activity
• Additional documentation requirements and verification steps
• Detailed investigation of transaction purpose and counterparties
• Verification of information through independent third-party sources

7.1 Blockchain Analytics

All cryptocurrency transactions processed through AceChange.io are screened using industry-leading blockchain analytics platforms. These tools analyze:

• Direct Exposure: First-degree connections to identified high-risk addresses
• Indirect Exposure: Multi-hop analysis tracing funds through multiple transactions
• Entity Attribution: Identification of wallet ownership and service associations
• Behavioral Patterns: Detection of suspicious transaction patterns and structuring
• Risk Scoring: Automated risk assessment of wallet addresses and transactions

7.2 Monitoring Framework

The transaction monitoring program includes:

• Real-time pre-transaction screening for outbound transfers
• Post-deposit risk assessment for incoming funds
• Continuous wallet rescreening for retroactive risk detection (when new risks are identified)
• Counterparty VASP due diligence for inter-exchange transfers
• Sanctions list screening against OFAC, UN, EU, and other relevant watchlists
• PEP and adverse media screening

8.1 Severe Risk Categories (Zero Tolerance)

The following categories result in immediate transaction blocking and mandatory KYC verification. Any direct exposure triggers automatic action:

8.2 High Risk Categories

The following categories trigger enhanced review and potential blocking based on exposure levels:

8.3 Medium Risk Categories

8.4 Aggregate Risk Assessment

In addition to individual category thresholds, an aggregate risk score is calculated. Transactions with a combined risk score exceeding 40% from any high-risk categories may be subject to blocking and mandatory KYC verification regardless of individual category thresholds.

9.1 Sanctions Screening Program

All customers and transactions are screened against:

• OFAC SDN List: Specially Designated Nationals and Blocked Persons List, including designated cryptocurrency wallet addresses
• OFAC Sectoral Sanctions: Sectoral Sanctions Identifications (SSI) List
• UN Consolidated List: United Nations Security Council Consolidated List
• EU Consolidated List: European Union Consolidated Financial Sanctions List
• National Sanctions Lists: Applicable national sanctions lists based on operational jurisdictions

9.2 Prohibited Activities

AceChange.io strictly prohibits:

• Any transaction involving sanctioned individuals, entities, or wallet addresses
• Services to residents or nationals of comprehensively sanctioned jurisdictions
• Transactions that would violate any applicable sanctions program
• Attempts to evade or circumvent sanctions screening

9.3 Geographic Restrictions

AceChange.io implements IP-based geolocation screening and additional verification measures to prevent service provision to comprehensively sanctioned jurisdictions. Use of VPN, proxy services, or other methods to circumvent geographic restrictions is strictly prohibited and may result in permanent account termination and asset forfeiture.

10.1 Travel Rule Requirements

For transfers between VASPs, the following information must be collected and transmitted:

10.2 Threshold Application

In accordance with the EU Transfer of Funds Regulation, Travel Rule requirements apply to all VASP-to-VASP transfers with no minimum threshold. For transfers involving self-hosted (unhosted) wallets exceeding €1,000, additional verification of wallet ownership may be required.

10.3 Unhosted Wallet Verification

For transactions exceeding €1,000 involving self-hosted wallets, customers may be required to verify wallet ownership through one of the following methods:

• Cryptographic Signature: Signing a specific message with the private key of the wallet
• Micro-Transaction Test: Sending a small verification amount from the wallet
• Address Ownership Proof Protocol (AOPP): Using standardized wallet verification
• Alternative Documentation: Screenshots of wallet ownership from exchange accounts or other verifiable sources

11.1 Grounds for Freezing

• Blockchain analytics reveal risk scores exceeding established thresholds (Section 8)
• Detection of any severe risk category labels (sanctions, terrorism financing, CSAM, etc.)
• Request from Partner Provider’s compliance department
• Request from law enforcement or regulatory authorities
• Detection of suspicious activity by the AML Officer
• Customer failure to complete requested KYC verification
• Inconsistencies or suspected fraud in submitted documentation
• Transaction patterns indicative of money laundering or terrorist financing

11.2 Freezing Duration

Transactions may be frozen indefinitely pending:

• Successful completion of KYC verification procedures
• Resolution of compliance concerns by the AML Officer
• Completion of law enforcement investigations
• Receipt of regulatory clearance

12.1 Conditions for Asset Return

Return of frozen assets is possible only under the following conditions:

• Successful completion of all required KYC verification procedures
• Satisfactory resolution of all compliance concerns
• No active law enforcement hold or investigation
• No sanctions designation or watchlist match
• Verification of legitimate source of funds

12.2 Return Address Requirement

Asset returns following KYC verification are processed exclusively to the original sending address from which the cryptocurrency was received. Returns to alternative addresses are not permitted except in extraordinary circumstances with enhanced verification and AML Officer approval.

12.3 Processing Fee

A processing fee of 5% will be deducted from returned assets that required KYC verification due to AML risk flags. This fee covers the cost of compliance review, enhanced due diligence procedures, and administrative processing.

12.4 Asset Return Not Possible

Asset return is NOT possible under the following circumstances:

• Assets subject to seizure order or hold by law enforcement or regulatory authorities
• Assets blocked by Partner Provider’s liquidity provider with no release authorization
• Customer fails to respond to KYC verification requests within 30 calendar days
• Assets determined to be proceeds of crime or connected to sanctioned activities
• Verified connection to terrorism financing, sanctions evasion, or other serious offenses

13.1 Prohibited Jurisdictions

AceChange.io does not provide services to residents or nationals of the following jurisdictions, nor does it process transactions originating from or destined for these locations:

• OFAC Comprehensively Sanctioned: Cuba, Iran, North Korea, Syria, Crimea region of Ukraine, Donetsk People’s Republic (DNR), Luhansk People’s Republic (LNR)
• FATF High-Risk Jurisdictions: As designated by FATF and subject to periodic updates
• Additional Restricted: Any jurisdiction where cryptocurrency services are prohibited by law or where AceChange.io has determined unacceptable compliance risk

13.2 Prohibited Platforms & Services

Transactions involving the following platforms and services are automatically blocked:

• Sanctioned Exchanges: Garantex, NOBITEX, and any exchange designated by OFAC or other sanctions authorities
• Mixing Services: Tornado Cash, Blender.io, ChipMixer, Sinbad.io, and similar mixing/tumbling services
• Darknet Markets: Hydra Market, Genesis Market, and any darknet marketplace
• Sanctioned Groups: Lazarus Group and any designated cybercrime organizations
• Iranian Platforms: Any cryptocurrency platform operating from or primarily serving Iran
• Other Prohibited: Any platform, service, or address identified as high-risk by blockchain analytics or designated by regulatory authorities

14.1 Retention Period

All records are retained for a minimum of 5 years from the date of the transaction or the end of the business relationship, whichever is later. Extended retention may apply in cases of ongoing investigations or regulatory requirements.

14.2 Records Maintained

• Customer identification documents and KYC verification records
• Transaction records including wallet addresses, amounts, dates, and counterparties
• Blockchain analytics screening results and risk assessments
• Sanctions screening results and watchlist matches
• Suspicious Activity Report (SAR) filings and supporting documentation
• Compliance decisions and AML Officer determinations
• Customer communications related to compliance matters
• Training records for compliance staff

15.1 Suspicious Activity Reports (SARs)

AceChange.io files Suspicious Activity Reports with relevant Financial Intelligence Units (FIUs) when suspicious activity is identified. SAR filing triggers include:

• Any sanctions exposure or watchlist match
• Transactions connected to ransomware, darknet markets, or known hacks
• Structuring patterns or attempts to evade reporting thresholds
• Transactions with no apparent legitimate purpose
• Customer providing false or fraudulent information
• Unusual transaction patterns inconsistent with customer profile
• Any other activity the AML Officer deems suspicious

15.2 SAR Confidentiality

In accordance with applicable law, AceChange.io will not disclose to any customer or third party that a SAR has been filed or is being considered. Any inquiry about SAR filings will be declined.

15.3 Regulatory Cooperation

AceChange.io cooperates fully with law enforcement agencies, regulatory authorities, and Financial Intelligence Units in accordance with applicable legal requirements. This cooperation includes responding to information requests, providing transaction records, and assisting with investigations as legally required.

16.1 Policy Updates

This Policy is subject to periodic review and updates to ensure continued compliance with evolving regulatory requirements. Material changes will be communicated through the AceChange.io website. Continued use of services following policy updates constitutes acceptance of the revised terms.

Last Updated: December 2024
Version: 2.0
Next Scheduled Review: June 2025