EX
.FINANCIAL
Sign In Get Started

AML/CTF & Sanctions Policy

DOCUMENT CONTROL
Document Title AML/CTF & Sanctions Policy
Entity Ex.Financial Ltda
Version 2.0 (Comprehensive)
Status Approved & Effective
Classification Internal / Partner Disclosure
Approved By Board of Directors / UBO

1. POLICY STATEMENT AND OBJECTIVE

Ex.Financial Ltda (hereinafter referred to as the "Company") is strictly committed to the highest standards of Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) compliance. The Board of Directors and Senior Management are dedicated to preventing the Company’s services from being utilized for money laundering, terrorist financing, proliferation financing, fraud, or other illicit financial crimes.

This Policy defines the comprehensive framework of internal controls, risk assessment procedures, and governance structures designed to comply with applicable laws and the requirements of our banking, payment, and liquidity partners (including but not limited to EasyBit and FacilitaPay).

2. REGULATORY FRAMEWORK

This Policy is drafted in alignment with international best practices and regulatory standards, including:

  • The Financial Action Task Force (FATF) 40 Recommendations.
  • The EU Anti-Money Laundering Directives (AMLD5/AMLD6 standards regarding virtual assets).
  • OFAC (Office of Foreign Assets Control) sanctions regulations (USA).
  • Local AML Laws: Law No. 9.613/1998 (Brazil/LatAm context for Ltda entities) and relevant Central Bank regulations where applicable.

3. SCOPE OF APPLICATION

This Policy applies globally to:

  • Ex.Financial Ltda as a corporate entity.
  • All directors, officers, employees, contractors, and agents.
  • All products, services, APIs, and technical integrations offered by the Company.
  • All Customers (Users) and Institutional Partners.

Failure to comply with this Policy may result in disciplinary action, termination of business relationships, and reporting to relevant authorities.

4. BUSINESS MODEL AND ROLE

Ex.Financial Ltda operates as a digital financial services facilitator and technical integrator.

Services: Fiat-to-crypto and Crypto-to-fiat exchange, payment processing (PIX, SEPA, Wire), and liquidity aggregation.
Custody: Unless explicitly stated otherwise in a specific product addendum, Ex.Financial acts as a non-custodial intermediary. Transaction execution and funds settlement are primarily performed through regulated third-party partners.
Liability: While relying on partners for final settlement, Ex.Financial maintains its own independent AML/KYC controls to protect the integrity of the ecosystem.

5. RISK-BASED APPROACH (RBA)

The Company adopts a Risk-Based Approach (RBA) to identify, assess, and mitigate risks.

5.1 Enterprise-Wide Risk Assessment (EWRA)

The Company periodically evaluates risks associated with:

  • Customer Demographics: Individuals vs. Corporate entities, resident vs. non-resident.
  • Geographies: Source and destination of funds.
  • Products: Anonymity features, speed of transaction, volume.
  • Delivery Channels: API, Web Interface, Mobile App.

5.2 Customer Risk Scoring

Every customer is assigned a risk score (Low, Medium, High) upon onboarding.

  • Low Risk: Regulated entities, public listed companies, low-volume retail users from FATF-compliant jurisdictions.
  • High Risk: Complex corporate structures, high-net-worth individuals from high-risk jurisdictions, frequent changes in user data.

6. KNOW YOUR CUSTOMER (KYC) & DUE DILIGENCE

No business relationship may be established without the successful completion of the Customer Due Diligence (CDD) process.

6.1 User Consent

Prior to account creation or transaction initiation, the user must explicitly accept the Terms of Service, Privacy Policy, and AML Policy. The Company logs the timestamp, IP address, and user-agent of this consent.

6.4 Enhanced Due Diligence (EDD)

EDD is mandatory for High-Risk customers, PEPs, or transactions exceeding defined high-value thresholds.

6.2 Standard Due Diligence (SDD) - Individuals

  • Full Legal Name.
  • Date of Birth.
  • Residential Address.
  • Government-issued ID: (Passport, National ID, Driver’s License) verified via automated liveness check and optical character recognition (OCR).
  • Contact Data: Email and Phone number verification (2FA).

6.3 Corporate Due Diligence (KYB)

For legal entities (B2B clients), the Company collects:

  • Certificate of Incorporation/Registration.
  • Articles of Association/Memorandum.
  • Register of Directors and Shareholders.
  • Proof of Registered Address.
  • UBO Identification: Identification of all Ultimate Beneficial Owners holding >25% stake.

7. SANCTIONS SCREENING & PEPS

7.1 Screening Mechanism

The Company screens all customers and UBOs against global watchlists prior to onboarding and on an ongoing daily basis. Lists include:

  • UN Security Council Consolidated List.
  • OFAC Specially Designated Nationals (SDN) List.
  • EU Consolidated List of Sanctions.
  • HM Treasury (UK) Sanctions List.

7.2 Politically Exposed Persons (PEPs)

PEPs (domestic and foreign) are subject to EDD. Family members and close associates of PEPs are treated with equal scrutiny.

7.3 Prohibited Jurisdictions (Geo-Blocking)

The Company utilizes IP geo-fencing, VPN detection, and address verification to block access from:

Cuba, North Korea (DPRK), Iran, Syria, Crimea/Donetsk/Luhansk regions, Sudan, South Sudan, and any other jurisdiction deemed non-cooperative by FATF.

8. CRYPTO-SPECIFIC COMPLIANCE CONTROLS

8.1 Wallet Address Screening (Blockchain Analytics)

For all cryptocurrency deposits and withdrawals, the Company utilizes blockchain analytics tools (e.g., Chainalysis, Elliptic, or equivalent API partners) to screen wallet addresses.

  • Blocks: Transactions interacting with darknet markets, mixers/tumblers, ransomware addresses, or sanctioned wallets are automatically blocked.

8.2 Travel Rule Compliance

In accordance with FATF Recommendation 16, for qualifying crypto-transfers, Ex.Financial ensures the transmission of required originator and beneficiary information to the counterparty VASP (Virtual Asset Service Provider), where technically feasible.

9. TRANSACTION MONITORING

The Company employs real-time and post-event monitoring systems.

9.1 Alert Scenarios

  • Structuring/Smurfing: Multiple transactions just below reporting thresholds.
  • Velocity Checks: Rapid succession of deposits and withdrawals.
  • Volume Spikes: Activity inconsistent with the customer's historical profile or stated income.
  • Round Tripping: Funds sent and returned without economic logic.

9.2 Investigation

Alerts are reviewed by the Compliance Team within 24 hours. Complex cases are escalated to the Compliance Officer.

10. SUSPICIOUS ACTIVITY REPORTING (SAR)

If the Company suspects that funds are the proceeds of criminal activity or are related to terrorist financing:

Freeze The transaction is halted immediately.
Report The Compliance Officer files a SAR/STR to the relevant FIU (e.g., COAF, FinCEN).
No Tipping Off Strictly prohibited to inform the customer they are under investigation.

11. DATA RETENTION AND PRIVACY

11.1 Record Keeping

In compliance with local laws, all KYC data, transaction logs, risk assessments, and SARs are retained for a minimum of five (5) years after the termination of the business relationship.

11.2 Data Protection

Personal data is processed in strict accordance with GDPR (General Data Protection Regulation) and LGPD (Lei Geral de Proteção de Dados). Data is encrypted at rest and in transit.

12. GOVERNANCE AND AUDIT

12.1 Compliance Officer

The Board appoints a designated Compliance Officer responsible for the day-to-day implementation of this Policy, training staff, and acting as the liaison with regulatory authorities.

12.2 Three Lines of Defense

  • First Line: Operational staff (Customer Support, Sales) responsible for initial KYC collection.
  • Second Line: Risk & Compliance Team responsible for monitoring and policy enforcement.
  • Third Line: Independent Audit (Internal or External) to test the effectiveness of the AML program.

12.3 Training

All employees receive AML/CTF training upon hiring and annually thereafter. Training logs are maintained for audit purposes.

13. INDEPENDENT AUDIT

The Company subjects its AML/CTF program to an independent review (audit) periodically to ensure the adequacy of controls and compliance with current regulations.

14. CONTACT AND REPORTING

For compliance inquiries, law enforcement requests, or to report suspicious activity, please contact:

Compliance Department

Ex.Financial Ltda

compliance@ex.financial
Fortaleza, Brazil

This Policy is subject to annual review and update by the Board of Directors.

HOME