AML/KYC POLICY

CIP applies to transactions that are spotted by our scoring system as suspicious. We will collect certain customer identification information from each customer who passes CIP; utilize risk-based measures to verify the identity of each customer who passes CIP; record customer identification information and the verification methods and results; provide adequate CIP notice to customers that we will seek identification information from to verify their identities.

a. Identification

In case a transaction is spotted by our risk scoring system as suspicious, the transaction will be put on hold, and we will collect the following information from the customers, if applicable, from any person, entity, or organization:

b. Customers Who Provide Misleading Information

c. Verifying Information

Based on the risk, and to the extent reasonable and practicable, we will proceed with the verification to the extent that we have collected all information needed in order to know the true identity of our customers by using risk-based procedures to verify and document the accuracy of the information we get about our customers.

We will document our verification, including all identifying information provided by a customer, the methods used and results of verification, and the resolution of any discrepancies identified in the verification process.

According to the documentation of Sum Substance, all User data obtained during the KYC procedure is encrypted and stored on GDPR-compliant Amazon servers, which are located in the EU. These are kept at Uptime Institute classified Tier III data centers compliant with TIA-942 and PCI DSS standards. The data centers are protected technically and guarded physically around the clock by specially audited security personnel.

We will retain records of all identification information for five years after the account has been closed; we will retain records made about verification of the customer's identity for five years after the record is made.

The above-mentioned records can be made available to the competent authorities upon request.

The AML Compliance Officer is the person, duly authorized by SwapRocket, whose responsibility is to implement and effectively monitor the application and enforcement of the AML/KYC policy as outlined in this document. The AML Compliance Officer is obliged to oversee and conduct effective monitoring of all aspects of SwapRocket's anti-money laundering and counter-terrorist financing. Any suspicious behavior or activities should be reported to the AML Compliance Officer.

Ongoing monitoring is an essential element of effective KYC procedures. We have an understanding of the normal and reasonable activity of the customer, ensuring that we have the means of identifying transactions that fall outside the regular pattern of activity. However, the extent of monitoring will depend on the risk sensitivity of the account. High-risk accounts have to be subjected to intensified monitoring. In case of sudden swaps of big amounts, these accounts can be flagged by the risk scoring system as low, medium, or high risk

We have put in place appropriate procedures to ensure the effective implementation of KYC guidelines. The implementation procedure covers proper management oversight, systems and controls, segregation of duties, training, and other related matters. From time to time, the SwapRocket compliance team will carry on the necessary quality checks and file audits to ensure that the KYC policies and procedures are adhered to. From time to time, the SwapRocket compliance team shall update senior management about issues arising during the customer acquisition process.

We obtain and hold required and accurate originator information and required beneficiary information on virtual asset transfers and make it available to appropriate authorities on official request