RPFAS Technologies Private Limited

Know Your Customer (KYC), Anti Money Laundering (AML) and Combating Financing of Terrorism Policy [KYC/AML/CFT Policy]

1. Policy Statement

Mudrex TR UAB Holdings (hereinafter “we”, “us”, “Company”, “Mudrex”) and its employees, third parties, customers and clients are at all times committed to the highest standards of Anti-Money Laundering (AML), including anti-terrorist financing, anti-fraud, anti-corruption and taking measures to mitigate against financial crime.

The objective of this policy is to ensure that Mudrex takes all necessary actions and actively prevents money laundering and any activity that facilitates money laundering or the funding of terrorists or criminal activity.

Mudrex adheres to all applicable laws and regulations regarding AML and KYC and fully understands that the money laundering regulations and legislation place a responsibility upon us to combat money laundering with regard to a wide area of financial transactions.

In case of any clarification on this policy, please connect with the Director – Legal and Compliance.

2. Background

Mudrex is a Company registered as per the Laws of Lithuania and is registered with the Centre of Registers for Lithuania under registration number 306070243. As a crypto asset investment provider Mudrex TR UAB Holdings is subject to the requirements of the Law on the Prevention of Money Laundering and Terrorist Financing, 5 AMLD Rules (Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU) and all other applicable country specific and EU laws (“the MLRs”).

3. Purpose & Statement of the Policy

This purpose of this policy is to ensure that Mudrex:

• complies with the obligations and requirements set out by the Lithuanian legislation, regulations and rules regarding AML and CTF;
• manages the risk of being used for the purposes of money laundering or terrorist financing, breaching financial sanctions and financial crime;
• only undertakes business in line with its risk appetite and;
• detects potential or suspected money laundering, terrorist financing, financial sanction breaches and financial crimes.

This includes ensuring that Mudrex have adequate systems and controls in place to mitigate against the risks posed to the firm and its clients. This policy is also in place to ensure that all employees know and understand their obligations with regards to our 'know your customer', customer due diligence and specific activity reporting measures and the consequences of non-compliance in this area.

Mudrex takes reasonable steps to protect its staff and clients from being exposed to money laundering, proportionate to the AML / CTF risks to the business as identified in our firmwide risk assessment. Mudrex complies with the rules laid out in the MLRs. Any actual or suspected acts of money laundering shall be reported to the concerned authorities and where applicable to regulatory requirements.

4. Scope

The policy relates to all employees including, permanent, fixed term, and temporary staff, any third-party representatives or sub-contractors, agency workers, volunteers, interns and agents engaged with Mudrex and its group companies that is direct subsidiaries and the holding company. This policy shall also be applicable to such parties that are contractually obliged to adhere to this policy. All or any portion of this policy shall be overridden and replaced by such stricter requirements prescribed by local laws in such jurisdictions where Mudrex operates.

5. Key Terms

5.1. What is Money Laundering and Terrorist Financing?

"Money laundering" or "ML" means the following conduct when committed intentionally:

• the conversion or transfer of property, knowing that such property is derived from criminal activity or from an act of participation in such activity, for the purpose of concealing or disguising the illicit origin of the property or of assisting any person who is involved in the commission of such an activity to evade the legal consequences of that person's action;
• the concealment or disguise of the true nature, source, location, disposition, movement, rights with respect to, or ownership of, property, knowing that such property is derived from criminal activity or from an act of participation in such activity;
• the acquisition, possession or use of property, knowing, at the time of receipt, that such property was derived from criminal activity or from an act of participation in such activity;
• participation in, association to commit, attempts to commit and aiding, abetting, facilitating, and counseling the commission of any of the actions referred to in points a, b, and c.

"Terrorist financing" or "TF" means the provision of funds, directly or indirectly, with the intention that they should be used or in the knowledge that they are to be used in order to carry out any of the offenses within the meaning of Articles 1-4 of Council of the European Union Framework Decision 2002/475/JHA of 13 June 2002 on combating terrorism (as amended by Framework Decision 2008/919/JHA of 28 November 2008) and falling under Articles 250, 250 1 – 250 6 of the Criminal Code of the Republic of Lithuania.

5.2. What are financial sanctions?

Financial sanctions mean restrictions on the rights of entities, with respect to which international sanctions are implemented, to manage, use and dispose of cash, securities, goods, other assets and property rights; payment restrictions for entities with respect to which international sanctions are implemented; other restrictions on financial activities.

5.3. No Exceptions

Compliance with this policy is obligatory for all staff.

An MLRO (that is, Money Laundering Reporting Officer) is the person appointed to oversee all aspects of the anti-money laundering functions.

If for whatever reason you wish to depart from any provision in this policy, you must obtain prior approval from the MLRO.

If you discover a breach of this policy, you must report immediately to the MLRO.

If you have any suspicions about a customer's request to open an account or carry out a transaction, you must report this to the MLRO and await further instruction.

5.4. Data Protections

In designing procedures and measures to mitigate AML/CTF/Sanctions risk, regard is given to the rights and freedoms of citizens as regards the protection of personal data. Measures designed are proportionate and in compliance with the EU General Data Protection Regulation, and the Law on Legal Protection of Personal Data of the Republic of Lithuania.

5.5. Penalties for Non-Compliance with Laws

Penalties for breaching AML Regulations are both corporate and individual: A firm which does not observe its obligations can have a number of penalties levied against it, including a caution or reprimand, a fine, a direction to stop the breach of the law. Fines levied for breaches of AML regulation are substantial and designed to be dissuasive. In addition, the regulatory body can revoke registration / permission to undertake activities within Lithuania if they do not believe AML / CTF controls are sufficiently robust.

Activities which constitute non-compliance for individuals include not appropriately reporting reasonable suspicions, tipping off or otherwise assisting customers. Penalties for individuals include fines and / or prison sentences.

In addition, contravention of AML regulations, once in the public domain, can cause reputational damage which can be substantial and irreparable.

5.6 "Terms and Conditions" mean an agreement between a Client and the Company published on the company’s website and available in a company's app.

5.7 "Client" means a natural person or a legal entity that uses Services provided by the Company by accepting Terms and Conditions.

5.8 "Services" means services provided to the Client by the Company, specifically:

• Custodian Virtual Currency operator service, which allows the Client to open a Custodian Virtual Currency Wallet on the Client's name and make transactions with this wallet: to deposit Virtual Currency and to withdraw deposited Virtual Currency to another wallet(s);
• Virtual Currency exchange operator service, which allows the Client to exchange, purchase, and sell Virtual Currency.

5.9 "Business relationship" means a business, professional, or commercial relationship of the Company with a Client that is expected, at the time when entering into such a relationship, to have an element of duration.

5.10 "Transaction" means a contractual arrangement between the Company and the Client on the provision of the Services.

5.11 "Politically exposed natural person" or "(PEP)" means a natural person who is or has been entrusted with Prominent public functions and Close family members or close associates. A person is considered to be a PEP for a period of 1 year after ceasing to be entrusted with Prominent public functions.

5.12 "Third Party" shall mean a financial institution supervised by competent authorities, another obliged entity or a financial institution or any other obliged entity registered in another Member State of the European Union or a state that is not a Member State of the European Union (hereinafter: a ‘third country’) meeting the following requirements:

• they are subject to mandatory professional registration prescribed by law;
• they are registered in the Member State of the European Union or a third country which imposes requirements equivalent to those established by the European Union for the identification of the customer and of the beneficial owner and storage of information and they are supervised by competent authorities for compliance with those requirements.

5.13 "High risk third countries"

• According to Directive (EU) 2015/849, Article 9, Third-country jurisdictions which have strategic deficiencies in their national AML/CFT regimes that pose significant threats to the financial system of the Union (‘high-risk third countries’) shall be identified in order to protect the proper functioning of the EU internal market.
• Please refer to annex 1: The jurisdictions are identified as having strategic deficiencies in their AML/CFT regimes. The list of the countries is provided under the following link: Countries.

5.14 "Target territory" means a foreign state or zone as specified in the Law on Corporate Income Tax of the Republic of Lithuania.

6. Know Your Customer (KYC) Procedure

Client Due Diligence Refers to the acts of collecting identifying information in order to verify a Client’s identity and more accurately assess the level of ML/TF risk they present.

Identification Includes collection and verification of a Client’s full name, date of birth, gender, address, proof of residence, ID documents, selfie and/or a video of yourself, email, and phone number.

The following procedures which constitute the ML/TF prevention measures shall be carried out in order to perform customer due diligence at the inception of a Business relationship with a Client:

• Identification of persons who apply to Mudrex as the potential Client
• verification if the potential Client acts as a principal; if the potential Client is represented by another person (agent), the identification and verification of the representative (agent) apply as well;
• Obtaining information on the purpose and intended nature of the relationship with Mudrex
• The above steps are essential prior to initiation of a Business relationship with the potential Client and after the Client is engaged in the Business relationship, the following ML/TF prevention measure must be taken:
• Ongoing monitoring of the Business relationship with the Client and Transactions of the Client

6.1 Identification of the Clients

Mudrex performs identification and verification of the customer and its beneficial owner on the following occasions:

• Prior to establishing a business relationship
• prior to carrying out one-off or several linked monetary operations or concluding transactions amounting to EUR 15 000 or more, or an equivalent amount in foreign currency, whether the transaction is carried out in a single operation or in several operations which appear to be linked, except for the cases where the customer and the beneficial owner have already been identified;
• Before carrying out virtual currency exchange operations or transactions in virtual currency with funds amounting to EUR 700 or more, or the equivalent amount in foreign or virtual currency, or before depositing virtual currency to or withdrawing virtual currency from the depository virtual currency wallet in the amount equal to EUR 700 or more, or the equivalent amount in foreign or virtual currency, whether that transaction is carried out in a single operation or in several operations which appear to be linked (the value of the virtual currency is determined at the time the monetary operation is carried out or the transaction is concluded), except for the cases where the customer and the beneficial owner have been already identified;
• when there are doubts about the veracity or authenticity of the previously obtained identification data of the customer and of the beneficial owner;
• in any other case, when there are suspicions that an act of money laundering and/or terrorist financing is, was or will be carried out.

In the case of several interconnected monetary transactions, the identity of the customer must be established immediately after it is determined that several monetary transactions are interconnected. Several monetary transactions are considered related if the customer:

• performs several operations of depositing money into accounts per day, the amount of which is equal to or exceeds 15,000 euros or an equivalent amount in foreign currency;
• performs several withdrawal operations from accounts per day, the amount of which is equal to or exceeds 15,000 euros or the equivalent amount in foreign currency;
• performs other monetary operations during the day or enters into transactions which, according to the data available by the financial institution or other obligated entity, are interrelated and the amount of which is equal to or exceeds 15,000 euros or the equivalent amount in foreign currency;
• n the case referred to in paragraph 3 of this article, performs several monetary transactions per day or enters into transactions, the amount of which is equal to or exceeds 10,000 euros or the equivalent amount in foreign currency;

6.2 Identification Method

Clients may be identified by face-to-face contact or using non-face-to-face identification methods. This also applies to those cases where the Client is represented by another person.

Mudrex only uses a non-face-to-face identification when dealing with its Clients. It can be executed:

• When information about the Client’s identity is certified by his qualified electronic signature which complies with the requirements of Regulation (EU) No 910/2014.
• When information about the Client’s identity is confirmed by electronic identification means issued in the European Union and functioning under electronic identification schemes with high or substantial assurance level under Regulation (EU) No 910/2014.
• Using electronic means, allowing direct view transmission, in one of the following ways:
  • dentity document issued by the government body is captured using video-streaming and identity is confirmed using at least an advanced electronic signature, meeting the requirements referred to in Article 26 of Regulation (EU) No 910/2014;
  • Client’s facial image and original identity document issued by the government body are captured using video-streaming.
• A selfie video to certify Liveness of the User.
  As part of the selfie-taking process the user is asked to position their face within an oval on the screen, about 12 inches away, and then move closer. The entire process takes a few seconds, but it allows for the capture of hundreds of frames within that video to definitively assess whether the person is physically present, based on capturing the micromovements and other biometric data that senses liveness. The said verification is done through the help of platform Sumsub and / or Chainalysis for Mudrex.

6.3 Sanction Screening

Following the identification process, the company will then conduct screening for the following:

• The customer.
• It’s appointed representatives i.e, natural persons appointed to act on the customer’s behalf.
• Connected parties of the customer.

The Company uses software services provided by independent service providers such as Chainalysis Inc and Sumsub, for AML/CFT screening purposes (details are set out below under the section “Third Party Service Provider and Agents). All the screenings shall be documented prior to acceptance of the customer.

6.4 Due Diligence Checks

Mudrex ensures to conduct background checks prior to account acceptance, details of which are kept on file as evidence of due diligence and anti-money laundering checks.

In addition to evidence of identity and address Mudrex also considers the circumstances of the customer to determine the appropriate level and type of due diligence to be completed. Based on the information we have about the customer we take steps to understand whether the anticipated value and level of transactions is reasonable for their circumstances. The specific approach taken depends upon the individual circumstances of each customer but generally includes:

For individuals, this includes considering the customer's source of wealth and whether their funds are reasonable for their circumstances. For corporate customers, publicly available accounts and accountants' declarations are reviewed.

• For individuals: considering the customer's source of wealth and whether their customers are such that they would reasonably be expected to have the funds available to carry out their proposed transactions - requesting additional evidence of wealth and funds where this is unclear. Evidence of source of wealth / funds would also be requested and assessed where they are from a non-standard source (e.g. an inheritance) or where a customers job / income does not appears to have been able to reasonably generate the funds being declared;
• For corporate customers: reviewing publicly available accounts and / or accountants' declarations to understand how the business generates its income and the level of funds they may have for crypto asset purchases.

We use Chainalysis for our cryptocurrency business and Sumsub for our fiat currency operations. These tools are used for checking the transactions that are being carried out by the customers of Mudrex. They let us know if the transaction is exposed to any suspicious activity (involvement of suspicious wallets, darknet etc). These checks are carried out near real time. In case the tools suspects something for a transaction marked as safe previously, they do flag the associated parties and call out the risk.

Where the evidence and/or explanations provided do not adequately demonstrate the customer's funds/wealth have been sourced legitimately, consideration must be given to whether a suspicious activity report should be made to the MLRO.

We use Chainalysis and Sumsub for checking the transactions that are being carried out by the customers of Mudrex:

• These tools let us know if the transaction is exposed to any suspicious activity (involvement of suspicious wallets, darknet etc). These checks are carried out near real time. In case they suspects something for a transaction marked as safe previously, they do flag the associated parties and call out the risk.
  • The trail of funds that flow in is traced to check if they have come from historically tainted or flagged sources. In such cases, the funds are kept on hold until additional documents have been collected from the user who has initiated the transfer of funds.
  • The destination for the outflow of funds is monitored against a database of high-risk/tainted wallets/accounts. In such cases, the funds are kept on hold until additional documents have been collected from the user who has initiated the transfer of funds.
  • Continuous monitoring based on various risk parameters is performed to generate a sophisticated risk matrix and score for enabling decision-making by compliance officer(s).
• These tools help monitor AML & FATF compliance by screening customers against consolidated AML profiles and automating ongoing monitoring, and checking the flow of funds against a dynamic set of rules.

6.5 Politically Exposed Persons (PEPs)

Mudrex has appropriate controls and procedures in place to determine whether a customer, beneficial owner, or significant controller of a customer is a Politically Exposed Person (PEPs) and their Relatives and Close Associates (RCAs). Mudrex uses third-party tools, namely, Sumsub and Chainalysis, for this purpose. They use a three-step verification process:

• Identity Verification: Identification proofs and other basic KYC information are obtained.
• Address Verification: Proof of address is sought, including bank account statements and utility bills.
• AML Check Verification: The tool checks whether the customer is a part of any international list.

Any identified PEP/RCA is subject to Enhanced Due Diligence, including determining the source of wealth and source of funds, as well as senior management approval prior to onboarding being completed.

6.6 Enhanced Due Diligence (EDD)

Mudrex applies enhanced due diligence procedures in the following instances:

High-Risk Clients and High-Risk Products and Services:

• All High-Risk Clients must be subject to the application of enhanced due diligence. For instance, PEPs and the Clients from the target territories are considered to pose a higher risk of ML/TF and automatically require the application of enhanced due diligence and ongoing monitoring.
• High-Risk Clients are also those Clients who are assigned to this category after the risk assessment or due to the results of the ongoing monitoring, e.g. the High-Risk Clients are as follows:
• those who do not correspond to the profile of the typical Client of the Company significantly and after carrying an additional investigation the Employee decided that the Client or its activity raises high ML/TF risk;
• those whose behavior during the due diligence procedure was suspicious and, therefore, reported to the Officer who after carrying an additional investigation decided to proceed further with the enhanced due diligence;
• those behaviour during the due diligence procedure were unusual and after carrying an additional investigation it is decided that the Client or its activity raises high ML/TF risk; the Client is from a target territory;
• the permanent place of residence of the Client – natural person is a territory other than FATF country;
• the main place of the interests of the Client is situated in the country other than FATF country or in the Target territory;
• the unusual behaviour of the Client is established that does not correspond to the ordinary course of activities of the Client (e.g. increasing amounts of Transactions);
• those who were assigned to the category of the High Risk Client due to other reasons that raises high ML/TF risk of the Client.

6.7 Enhanced Due Diligence Measures:

In all of the above instances and apart from normal due diligence procedures, all of the following additional measures must be taken:

• the additional data, documents or information have to be used to establish the Client’s identity;
• the supplementary measures have to be undertaken to verify or certify the submitted documents or the confirmatory certification issued by other financial institution has to be required;
• ensuring that the first payment is carried out through an account held by the Client in his name with a credit institution authorized in the EEA Member State or the third country which imposes equivalent requirements to those laid down in the laws of the Republic of Lithuania;
• obtaining additional information on the intended nature of the Business Relationship;
• obtaining information on the source of funds and source of wealth of the Client;
• obtaining information on the reasons for the intended or performed transactions;
• perform ongoing monitoring of the Business Relationship with the Client by increasing the number and timing of controls applied, and selecting patterns of Transactions that need further examination.

6.8 Simplified Due Diligence

The simplified due diligence is allowed when the Client represents a low ML/TF risk.

Simplified due diligence cannot apply if there exist circumstances when the conduction of the enhanced.

Client identification is required. Simplified due diligence also cannot apply, if a separate decision of the European Commission has been adopted on this issue.

Where it is established that the simplified due diligence can be used, the Company has to apply measures listed in Annex II.

This notwithstanding, the Company must ensure that supporting documentation is available in the Company’s records and may be made available if required by the relevant authorities.

6.9 Source of Wealth (For Individuals and Corporations)

Mudrex ensures that the security checks in all business relationships are taken with utmost sincerity and seriousness. As part of customer onboarding Mudrex will determine the expected number and value of transactions for the individual / corporate customer. For all customer relationships which require EDD Mudrex will request evidence of source of wealth. In addition, evidence of source of wealth will be requested for all customers, regardless of risk rating, where the expected value of transactions over 12 months exceeds £50,000 (individual) or £250,000 (corporate). These thresholds are reviewed at least annually based on customer activity, AML risk assessments and identified fraud / AML / CTF behaviour.

6.10 Ongoing Monitoring and Review

All transactions are monitored on an on-going basis to identify any which are not in line with the expected behaviour of the customer. This assessment is based on information provided by ChainAnalysis and Sumsub as well as KYC information obtained as part of customer / enhanced due diligence.

Where it is identified that a transaction is not aligned to what is known about the customer's circumstances then additional verification will be carried out. This will include obtaining evidence of the source of funds being used to carry out the transaction and / or other activities as appropriate to the individual circumstances. In such circumstances consideration will be given to whether the customer's risk rating should be reassessed and whether a suspicious activity report should be made to the MLRO. If the customer is unable to provide a satisfactory explanation (with evidence as appropriate) of the source of the funds then the transaction will not be carried out.

KYC information is refreshed periodically based on the risk rating of the customer or immediately where there is any reason for suspicion that the information provided originally was not correct or new information has come to light (e.g. media coverage) which should be considered.

6.11 Storage of Information

Client Identification Records:

• all records of steps taken to obtain identification records, as well as copies of evidence of the identity of the Clients;
• all risk assessment records as well as the Client risk profile;
• a standard application form must be completed for every new Client as well as for the existing Client where the identification of the Client is needed under this Policy; the filled application form must be signed off by all the Clients and prospective Clients;
• all records related to the ongoing monitoring of the Clients;
• direct video streaming/direct video broadcasting recordings.

6.12 Record of Transactions

• A record containing details of all Transactions undertaken in the course of an established Business relationship, including a record of all work performed for or the Services provided to the Clients.
• Transaction records are to be kept in a form that will allow a satisfactory audit trail to be completed where necessary, and which may establish a financial profile of any suspect Client.
• This includes records on internal and external Suspicious Transactions reporting.

6.13 Other Records

- Evidence of the training programs on ML/TF prevention, whether in-house or external.

- Evidence of the proper acknowledgment of the Employees with this Policy and their amendments as may be needed from time to time.

- Other records if required under this Policy or the Law on the Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania as well as other legal acts related to the prevention of ML/TF.

6.14 Registers

Mudrex keeps electronic Registers, and entries must be executed in chronological order without any delay, but not later than within 3 (three) business days as if the respective Transaction is executed or the respective circumstances occurred. The Registers are managed and the respective entries in the Registers are made by the Officer unless another person(s) is(are) appointed by the managing director of the Company.

The following data have to be filled in the Registers:

• Name, surname, date of birth, personal number (or another unique combination of characters assigned to the person for identification purposes if the personal number is not available)
• Data on the Transaction: date, description of the assets used and its value, amount, Virtual Currency
• Data on the payee, if available: name, surname, date of birth, personal number (or another unique combination of characters assigned to the person for identification purposes if the personal number is not available)
• For the Register of the Suspicious Transactions and the Register of the Clients with whom Transactions or Business relationships have been terminated due to the circumstances related to ML/TF or the infringement of this Policy: reasons for the termination of the Transactions or Business relationship.

The Registers are managed in digital format, stored on the Company's servers, and accessible via the internal network of the Company. They are managed in Microsoft Office Excel format and can be printed on paper. The IT system includes a backup function that allows reversing the Registers, and data duplication is stored on another server in less than 24 hours.

All Client information and documentation have to be kept for the period of 8 (eight) years as of the end of the Transactions or Business relationship with the Client, except the correspondence with the Client regarding the business relationship, which has to be kept for the period of 5 (five) years as of the end of the Transaction or Business relationship with the Client.

The data of the Registers have to be kept for the period of 8 (eight) years as of the end of the Transaction or Business relationship with the Client.

Records may be kept both in hard copies and in soft copies, save the Registers which are kept in digital format only.

Backups of soft copies of all Transactions undertaken are to be taken on a regular basis at least once a month. Certain original documents or certified copies of documents obtained are to be retained in hard copies and these should never be held exclusively in electronic format.

7. Training

Mudrex has a comprehensive Anti-Money Laundering and Financial Crime training program to ensure that all staff, especially those responsible for transaction processing and establishing business relationships, undergo AML knowledge, competency, and awareness training.

All staff undergo AML training as part of their induction. Refresher training is provided at least annually, or sooner where appropriate due to changes in processes, legal requirements, or operational deficiencies identified as part of ongoing monitoring oversight.

8. Responsibilities

• The MLRO ensures compliance with all Lithuanian and EU legislations and regulations regarding the prevention and mitigation of money laundering and the implementation of this Policy.
• Mudrex ensures that all staff are provided with the time, resources, and support to learn, understand, and implement processes and actions to prevent money laundering. They are expected to be vigilant at all times with respect to any acts of suspected financial crime. Any suspicions are to be reported to the MLRO immediately.
• Employees may report concerns directly to the MLRO at any point, whether or not they have used internal procedures and whether or not an internal investigation is ongoing. Contact details for the MLRO are as follows:

To do so you may report directly to the MLRO using the contact details found on this page which are as follows at the time of writing:

Email: taleh@mudrex.com

MLRO is responsible for making mandatory reports and notifications to the FNTT, for liaising with the FNTT on processing requests and keeping communication as well as for the independent review, whether the Company is compliant with the requirements of the identification and reporting of the suspicious monetary operations or transactions, mandatory notifications and keeping mandatory registrars and logs. First point of contact for compliance issues from Employees. MLRO undertakes a regular random analysis of transactions including assessment of documentary evidence provided by Clients and suggests necessary amendments to the Policy in line with risk assessment. MLRO ensures everyone is periodically informed of any changes in local anti-money laundering and anti-terrorist financing legislation, policies, and procedures, as well as current developments and changes in ML or TF schemes particular to their jobs, constructing AML/CTF-related content for Employee’s training programs.

9. Making Use of Information from Third Parties

Mudrex has outsourced KYC and transaction monitoring activities to third part tools for different branches of our operations viz. Chainalysis (Crypto) and Sumsub (Fiat). Mudrex has contracted with these third parties to track technology and databases related to KYC including but not limited to individual customer verification, due diligence and transaction monitoring.

The tools are also responsible for providing information regarding identifying PEPs and RCA's as well as conducting screening of all individuals and entities.

These tools also monitor transactions so as to significantly reduce the risk of money laundering. They observe the history of funds in the case of deposits and in matters of withdrawals, it tracks the addresses to which the money/asset is transferred to in order to ascertain the legitimacy of transactions. A dashboard is maintained by these third parties which records all wrongdoing or potential wrongdoing in transactions so as to ensure accountability.

• Technology and database related to KYC.
• Customer due diligence and monitoring.
• Transaction monitoring.

As part of the on-boarding process; due diligence is conducted for such service providers.

Third party will comply with both of the following conditions:

• it will, upon request, immediately provide to Mudrex all the requested information and data which are required to be held in compliance with the customer due diligence requirements laid down in Republic of Lithuania Law on the Prevention of Money Laundering and Terrorist Financing;
• it will, upon request, immediately provide to Mudrex copies of the documents relating to identification of the customer or of the beneficial owner and other documents relating to the customer or the beneficial owner which are required to be held in compliance with the customer due diligence requirements laid down in Republic of Lithuania Law on the Prevention of Money Laundering and Terrorist Financing.

10. Review of the Policy

This policy is subject to periodic review in light of various factors, including regulatory changes, changes in business, market intelligence, and industry standards.