Finvex Sp. z o.o. (“Finvex,” “we,” “our,” or “the Company”) is committed to the highest standards of Anti-Money Laundering (“AML”), Countering the Financing of Terrorism (“CFT”), and Know Your Customer (“KYC”) compliance. This AML & KYC Policy outlines the processes and measures we implement to prevent the use of our platform for money laundering, terrorist financing, fraud, or any other illicit activities.
Finvex’s compliance program is designed to ensure adherence to:

• The Polish AML Act of 1 March 2018 on Anti-Money Laundering and Countering the Financing of Terrorism (as amended) and regulations issued thereunder.
• Relevant European Union directives and regulations, including EU 5th and 6th AML Directives.
• International best practices such as the Financial Action Task Force (FATF) recommendations.
• Any other applicable laws and regulations in the jurisdictions where Finvex operates or provides services.

We have a zero-tolerance approach towards money laundering, terrorist financing, and other financial crimes. All employees of Finvex are trained to follow this Policy, and the Policy is regularly reviewed and updated to reflect changes in law and emerging risks.

Finvex has established a robust AML Compliance Program (“AML Program”) which includes the following key components:

• Compliance Team: We have designated a Compliance Officer (also known as Money Laundering Reporting Officer, MLRO) who is responsible for implementing and maintaining the AML Program. The Compliance Officer has the authority to make decisions on AML matters, report suspicious activities to authorities, and ensure overall compliance.
• Internal Policies & Controls: Finvex maintains internal procedures and controls designed to prevent misuse of our services. These controls include systematic screening of accounts and transactions, record-keeping, suspicious activity monitoring, and escalation protocols.
• Risk-Based Approach: Finvex employs a risk-based approach to AML/CFT. This means we assess the money laundering risks posed by customers, geographies, and product/services and allocate resources to higher risk areas accordingly. Customers may be classified into risk categories (e.g., standard, medium, high) based on factors like nationality, occupation, transaction patterns, etc., which will dictate the level of due diligence and monitoring applied.
• Regulatory Compliance: Our Program ensures compliance with requirements of relevant regulators (e.g., the Polish Financial Intelligence Unit, or international regulators where applicable). Finvex files necessary reports, such as Suspicious Activity Reports (SARs) or Currency Transaction Reports (CTRs), as required by law.
• Independent Audits: We subject our AML Program to periodic independent audits or reviews to evaluate its effectiveness. Findings from such audits are used to strengthen our controls.

A core part of our AML Program is Know Your Customer (KYC) and Customer Due Diligence (CDD) procedures. We implement CDD measures in the following scenarios: upon account opening, periodically for ongoing business relationships, for certain high-value or suspicious transactions, and when we doubt the veracity of previously obtained customer identity information.

3.1 Identification and Verification of Customers

Individuals: When you register as an Individual Customer, we will collect identifying information such as your full name, date of birth, nationality, and residential address. You are required to provide a valid government-issued photo identification document (e.g., passport, national ID card, driver’s license). We will also ask for a selfie or live photo and/or utilize biometric verification to ensure the ID document belongs to you.
We may also require proof of address (like a utility bill or bank statement, not older than 3-6 months) to verify your residence. All documents must be clear and legible, without any signs of tampering or modification.
Corporate Entities: If a company or other legal entity opens an account (Corporate Customer), we will perform KYC on the entity and its Beneficial Owners and controlling persons. Required information includes legal name, registration number, registered address, names of directors, and ownership structure. We will request certified copies of corporate formation documents (such as Articles of Association), evidence of business address, and identification of individuals who ultimately own or control the entity (anyone owning 25% or more equity, or otherwise exercising control). We also verify the identity of the account’s authorized signatories or representatives similar to individual KYC.

3.2 Document Requirements and Verification Tools

Finvex uses a combination of manual checks and automated tools to verify documents and information provided:

• Documents are checked for authenticity. We may use third-party identity verification services that specialize in document validation and liveness checks (to prevent stolen or fake IDs).
• We cross-check customer information against databases (watchlists, politically exposed persons (PEP) lists, and sanctions lists such as those from the EU, UN, OFAC).
• We verify phone numbers and emails by sending confirmation codes.
• For payment methods (like credit cards or bank accounts) used on our platform, we may require proof that you are the account holder (e.g., small verification deposits, screenshot of bank account, or partial card number verification).

If any provided document is unclear, expired, or otherwise unsatisfactory, Finvex reserves the right to request additional or corrected documentation. All required documents should be provided in good quality; unreadable or altered documents will be rejected and delays the verification process.

3.3 Enhanced Due Diligence (EDD)

For higher-risk customers or situations, Finvex will perform Enhanced Due Diligence:

• Customers from high-risk countries (those with poor AML standards or on sanctions lists) may be subject to EDD or outright service refusal.
• If you are a Politically Exposed Person (PEP) (for example, a government official, politician, high-ranking military officer, or their close associate/family member), we will take additional steps such as senior management approval to onboard you, establishing source of wealth and source of funds, and more frequent account reviews.
• Large transactions or high volume accounts: We may ask for information regarding the source of funds for significant deposits or trading volume. For instance, proof of how you acquired the cryptocurrency or fiat you intend to use (could include bank statements, sale agreements, payslips, etc.).
• Corporate accounts in higher risk industries (e.g., crypto trading firms, money service businesses) may be asked for regulatory licenses or proof of their own AML procedures.

EDD measures are applied proportionately to the risk. If we cannot reasonably mitigate the risk to an acceptable level or if a customer refuses to provide requested information, Finvex may decide to not establish or continue the business relationship.

3.4 Ongoing Monitoring

KYC is not a one-time event. Finvex conducts ongoing monitoring of customer activity to ensure it is consistent with the customer’s profile and stated purpose of the account:

• Transaction Monitoring: We monitor transactions for patterns that could indicate money laundering or other illicit activity. For example, unusually large transactions, patterns of deposits and withdrawals that suggest layering of funds, or sudden changes in activity level. We utilize automated systems to flag unusual behavior for manual review.
• Periodic Review: Depending on risk level, we periodically review and refresh customer KYC information. Higher risk accounts are reviewed more frequently. We may reach out to customers to update their ID documents upon expiration or to reconfirm their address or source of funds if there are changes in their account behavior.
• Watchlist Screening: We continuously screen our customer base against updated sanctions lists and negative news. If a customer is found to be on a relevant sanctions list or involved in adverse media concerning financial crime, we will take appropriate steps (which could include freezing the account and reporting to authorities).

3.5 Record Keeping:

All KYC documentation and transaction records are retained for a minimum of five (5) years from the end of the customer relationship or the date of the transaction (whichever is later), in compliance with AML laws. This includes identification data, account files, business correspondence, and transaction history. Records may be kept longer if required by local law or if useful for ongoing investigations.

Finvex employees are trained to identify red flags and indicators of suspicious activity. If suspicious activity is observed, our Compliance Officer will investigate and determine whether a report to the appropriate Financial Intelligence Unit (FIU) or other authority is warranted.

• Internal Reporting: Staff must report unusual or suspicious activities internally (to the Compliance team) without tipping off the customer. Tipping off (informing the user that they are under investigation) is prohibited by law.
• SAR Filing: If a transaction or account is deemed suspicious and possibly linked to money laundering, terrorist financing, or other crime, Finvex will file a Suspicious Activity Report (SAR) or equivalent with the Polish FIU (Generalny Inspektor Informacji Finansowej) or relevant authority. We include all pertinent information in such reports, and maintain confidentiality as required.
• No Disclosure: Finvex is legally prohibited from disclosing to a customer or any third party that a SAR has been filed concerning them. We will not share details of investigations or filings with any persons not authorized to know.
• Cooperation: We cooperate with law enforcement and regulatory investigations to the fullest extent required. Upon lawful request, Finvex may share information with law enforcement agencies, both domestic and international, in line with data protection considerations.

Finvex complies with all economic and trade sanctions imposed by Poland, the European Union, the United Nations, and other applicable jurisdictions (such as the U.S. OFAC sanctions when relevant internationally). This means:

• We do not do business with individuals, entities, or jurisdictions that are on prohibited sanctions lists (e.g., UN Security Council sanctions, EU restrictive measures, OFAC SDN list, etc.).
• The platform is not available to individuals or entities in certain comprehensively sanctioned countries or regions (e.g., currently, countries like North Korea, Syria, or other regions under total sanctions).
• If we identify assets or transactions that are subject to sanctions (for example, crypto addresses associated with sanctioned persons), we will block those assets and report them to authorities as required.
• Customers are screened during onboarding and continuously against sanctions lists. Finvex also monitors for any attempts to evade sanctions (such as using our service from a sanctioned country via VPN-note, the use of VPN to hide location is forbidden on our platform).

We maintain a list of business types and activities that we do not permit on the Finvex platform due to AML/CFT risk, even if such activities might be legal in some jurisdictions. Customers engaged in the following are not allowed to use Finvex services (non-exhaustive):

• Illicit Goods/Services: Trafficking of drugs, human trafficking, arms dealing, illegal gambling operations.
• Adult content platforms (where legality or age verification is questionable).
• Shell banks or anonymous businesses that lack a physical presence or affiliation with a regulated financial group.
• Unlicensed money services or exchanges: If you are acting as an unlicensed exchange, remittance business, or offering services that mirror Finvex without proper authority.
• Ponzi or pyramid schemes; fraudulent investment schemes.
• Darknet Marketplaces or services associated with them.
• Mixers/Tumblers: Use of services meant to obfuscate the origin of crypto (these are often associated with money laundering).
• High-Risk Industries: We may also avoid certain high-cash or high-risk industries unless they can show strong AML controls (e.g., precious metals dealers, cash-intensive businesses).

Finvex reserves the right to update this list and to refuse service, block transactions, or close accounts that we determine are involved in prohibited activities.

All relevant Finvex personnel undergo AML/CFT training at onboarding and periodically (at least annually) thereafter. Training covers:

• Identifying and reporting suspicious transactions.
• KYC procedures and how to verify identities and documents.
• Internal policies and escalation paths.
• Updates on regulatory changes or new typologies (e.g., new fraud schemes, crypto-specific risks).
• Importance of abiding by this Policy and the legal implications of non-compliance (for the company and individuals, including potential fines or criminal charges).

Senior management and the board of Finvex affirm their support for the AML program and ensure that the Compliance Officer has sufficient resources and access to effectively implement the program.

This AML & KYC Policy is reviewed at least annually, or more frequently if required (e.g., upon significant regulatory changes or findings from an audit). The review ensures that:

• The Policy remains up-to-date with current laws and regulations.
• The effectiveness of procedures is evaluated (e.g., whether suspicious activity is being detected and reported properly).
• Any gaps identified through compliance audits or regulators’ feedback are addressed.

Changes to the Policy must be approved by Finvex senior management. Material changes may be communicated to users if it affects how we handle their information or interactions (for example, if we start requiring additional info due to new regulations).

Finvex is dedicated to maintaining a secure and compliant platform for cryptocurrency and digital asset transactions. By adhering to this AML & KYC Policy, we play our part in the global fight against financial crime. Customers are expected to cooperate fully with our compliance requirements; these measures ultimately serve to protect you and the integrity of our platform.
If you have any questions about our AML/KYC measures or why we require certain information, you may contact us at compliance@finvex.co. However, please understand that we cannot disclose sensitive details of our controls or any reports.
Your use of Finvex Services constitutes acceptance of these compliance measures and cooperation in ensuring a clean and lawful financial ecosystem.