AML Policy

Last Updated: March 26, 2026

1. Introduction & Purpose

1.1 Bit1 ("Bit1", "we", "us", "our") is committed to preventing money laundering, terrorist financing, and other financial crimes across our digital asset trading platform and related services.

1.2 This Anti-Money Laundering Policy ("AML Policy") outlines our comprehensive framework for combating financial crimes, including our obligations under applicable anti-money laundering and counter-terrorism financing ("AML/CFT") laws and regulations.

1.3 Our Commitment: Bit1 maintains a zero-tolerance approach to money laundering, terrorist financing, sanctions violations, and any other illicit financial activities. We are dedicated to maintaining the integrity of the global financial system.

1.4 Scope: This policy applies to all users of our platform, all transactions processed through our services, and all employees, contractors, and agents acting on behalf of Bit1.

1.5 Compliance Culture: Every member of the Bit1 team is responsible for upholding the highest standards of compliance and reporting any suspicious activity or potential violations immediately.

2. Regulatory Framework

2.1 International Standards: Bit1's AML program is designed in accordance with international standards, including the Financial Action Task Force ("FATF") recommendations and guidelines issued by relevant international bodies.

2.2 Risk-Based Approach: Our AML framework employs a risk-based approach, allocating resources and implementing controls proportionate to identified money laundering and terrorism financing risks.

2.3 Continuous Monitoring: We maintain ongoing compliance with evolving regulatory requirements and industry best practices, regularly updating our policies and procedures to reflect current standards.

2.4 Global Compliance: As a platform serving users across multiple jurisdictions, we maintain compliance standards that meet or exceed requirements in the markets where we operate.

2.5 Regulatory Cooperation: Bit1 cooperates fully with regulatory authorities, law enforcement agencies, and financial intelligence units in their efforts to combat financial crime.

3. Customer Due Diligence (CDD)

3.1 Standard Due Diligence: All customers undergo standard verification procedures including:

• Government-issued identification document verification

• Proof of address documentation

• Biometric verification through selfie photograph

• Identity matching and authentication checks

• Basic risk assessment and screening

3.2 Simplified Due Diligence: For lower-risk customer profiles, we may apply simplified due diligence measures while maintaining appropriate oversight and monitoring.

3.3 Enhanced Due Diligence (EDD): Higher-risk customers are subject to enhanced due diligence procedures including:

• Source of funds documentation and verification

• Source of wealth documentation where applicable

• Additional identity verification measures

• Enhanced ongoing monitoring of account activity

• Senior management approval for account opening

• Periodic review of account activity and risk profile

3.4 Ongoing Monitoring: Customer due diligence is not a one-time process. We conduct ongoing monitoring of customer activity to:

• Ensure transactions are consistent with customer profile and risk assessment

• Identify unusual or suspicious transaction patterns

• Update customer information and risk assessments as needed

• Trigger additional due diligence when circumstances change

3.5 Record Keeping: All CDD documentation and assessments are maintained in accordance with regulatory requirements and our internal record retention policies.

4. Know Your Customer (KYC)

4.1 Tiered Verification System: Bit1 employs a tiered KYC system with verification levels corresponding to transaction limits and platform access:

4.2 Verification Requirements:

Basic Tier:

• Valid email address verification

• Basic profile information

• Limited trading and withdrawal capabilities

Standard Tier:

• Government-issued photo identification

• Proof of address (utility bill, bank statement, or government document)

• Selfie photograph for biometric verification

• Complete profile information including occupation

Enhanced Tier:

• All Standard Tier requirements

• Source of funds documentation

• Additional identity verification measures

• Enhanced background screening

• Periodic review and re-verification

4.3 Re-verification Rights: Bit1 reserves the right to request additional documentation, re-verification, or enhanced due diligence at any time based on:

• Changes in customer circumstances

• Unusual transaction patterns

• Regulatory requirements

• Risk assessment updates

• Suspicious activity detection

4.4 Information Updates: Customers are required to maintain current and accurate information. Material changes in circumstances must be reported promptly and may trigger re-verification procedures.

4.5 Verification Standards: All verification procedures meet or exceed international standards for customer identification and employ multiple authentication methods to ensure identity accuracy.

5. Know Your Transaction (KYT)

5.1 Real-Time Monitoring: Bit1 employs advanced blockchain analytics and transaction monitoring systems to screen all deposits, withdrawals, and trading activities in real-time.

5.2 Automated Screening: Our KYT system automatically:

• Analyzes blockchain transactions for suspicious patterns

• Screens digital asset addresses against risk databases

• Monitors transaction flows and clustering patterns

• Flags unusual transaction behaviors for review

• Generates risk scores for all transactions

5.3 Transaction Risk Assessment: Each transaction is evaluated based on multiple risk factors including:

• Transaction amount and frequency

• Geographic origins and destinations

• Counterparty risk assessment

• Historical transaction patterns

• Blockchain analytics intelligence

5.4 Suspicious Pattern Detection: Our monitoring systems identify potentially suspicious activities including:

• Structuring transactions to avoid reporting thresholds

• Rapid movement of funds through multiple accounts

• Transactions involving high-risk jurisdictions or entities

• Unusual trading patterns inconsistent with customer profile

• Potential mixing or tumbling activities

5.5 Investigation and Escalation: Flagged transactions undergo immediate review by our compliance team, with suspicious activities escalated for detailed investigation and potential reporting to relevant authorities.

5.6 Continuous Improvement: Our KYT systems are regularly updated with new intelligence, risk indicators, and analytical capabilities to maintain effectiveness against evolving money laundering techniques.

6. Suspicious Activity Monitoring & Reporting

6.1 Dedicated Compliance Team: Bit1 maintains a specialized compliance team responsible for reviewing flagged activities, conducting investigations, and making suspicious activity determinations.

6.2 Suspicious Activity Reports (SARs): When suspicious activity is identified, we file Suspicious Activity Reports with relevant authorities in accordance with applicable legal requirements and timeframes.

6.3 Account Actions: Bit1 may take immediate protective actions for accounts under investigation, including:

• Freezing or suspending trading activities

• Restricting deposits or withdrawals

• Requiring additional verification or documentation

• Closing accounts where appropriate

• Reporting activities to law enforcement

6.4 Tipping Off Prohibition: In accordance with legal requirements, Bit1 does NOT notify customers when Suspicious Activity Reports have been filed regarding their accounts or transactions.

6.5 Investigation Standards: All suspicious activity investigations are conducted with:

• Appropriate documentation and record keeping

• Timely completion within regulatory timeframes

• Senior management oversight and approval

• Coordination with law enforcement when required

• Protection of investigation confidentiality

6.6 Quality Assurance: Our suspicious activity reporting program includes regular quality reviews, staff training updates, and process improvements to ensure effectiveness and compliance.

7. Sanctions Screening

7.1 Comprehensive Screening: All users, transactions, and digital asset addresses are screened against comprehensive sanctions lists including:

• Office of Foreign Assets Control (OFAC) Specially Designated Nationals List

• European Union Consolidated Sanctions List

• UK Office of Financial Sanctions Implementation (OFSI) Consolidated List

• United Nations Security Council Consolidated List

• Other relevant national and international sanctions lists

7.2 Ongoing Monitoring: Sanctions screening is conducted:

• At account opening and throughout the customer relationship

• For every transaction and digital asset transfer

• Through real-time monitoring of all platform activities

• Via regular batch screening against updated lists

• When sanctions lists are updated or modified

7.3 Politically Exposed Persons (PEP) Screening: We maintain enhanced screening procedures for Politically Exposed Persons, including:

• Identification of PEPs and their associates

• Enhanced due diligence requirements

• Senior management approval for relationships

• Ongoing monitoring of PEP accounts and activities

• Regular review of PEP classifications and status

7.4 Ownership Screening: Entities that are 50% or more owned or controlled by sanctioned persons are subject to the same restrictions and prohibitions as the sanctioned individuals themselves.

7.5 Match Resolution: When potential sanctions matches are identified:

• Immediate suspension of account access pending investigation

• Detailed review of customer information and transaction history

• Clear documentation of resolution decisions

• Reporting to authorities when required by law

• Permanent blocking of confirmed matches

7.6 List Updates: Sanctions lists are monitored continuously for updates, with new designations implemented immediately upon official publication.

8. Record Keeping

8.1 Customer Records: All customer due diligence and KYC records are retained for a minimum of five (5) years following account closure, including:

• Identity verification documents and data

• Proof of address documentation

• Biometric verification records

• Risk assessment documentation

• Enhanced due diligence materials

• Communications and correspondence

8.2 Transaction Records: Transaction data is maintained for a minimum of five (5) years, including:

• Trading history and order details

• Deposit and withdrawal records

• Digital asset transfer documentation

• Blockchain transaction hashes and confirmations

• Fee calculations and payment records

• KYT monitoring results and risk scores

8.3 Compliance Records: All compliance-related documentation is retained including:

• Suspicious activity investigation files

• SAR filings and supporting documentation

• Sanctions screening results and decisions

• Training records and certifications

• Policy updates and implementation records

• Regulatory correspondence and examinations

8.4 Regulatory Access: All records are maintained in formats readily accessible to regulatory authorities upon lawful request, with appropriate systems and procedures for:

• Rapid retrieval and production of requested materials

• Secure transmission of confidential information

• Audit trail maintenance for all record access

• Coordination with legal counsel when appropriate

8.5 Data Security: All retained records are protected through:

• Encryption of sensitive data at rest and in transit

• Access controls limiting personnel with business need

• Regular security audits and vulnerability assessments

• Backup and disaster recovery procedures

• Secure disposal procedures for expired records

9. Employee Training

9.1 Comprehensive Training Program: All relevant Bit1 personnel receive regular AML/CFT training covering:

• Legal and regulatory requirements

• Company policies and procedures

• Suspicious activity identification techniques

• Customer due diligence best practices

• Sanctions compliance requirements

• Record keeping obligations

9.2 Specialized Training: Compliance team members and other key personnel receive enhanced training including:

• Advanced investigation techniques

• Regulatory examination preparation

• Industry best practices and developments

• Technology tools and analytical methods

• Case studies and practical applications

9.3 Training Schedule: AML training is conducted:

• Upon hire for all relevant personnel

• Annually for all covered employees

• When regulations or policies change significantly

• Following regulatory guidance updates

• Prior to system implementations or process changes

9.4 Training Documentation: All training activities are documented including:

• Attendance records and completion certificates

• Training content and materials provided

• Assessment results and competency evaluations

• Remedial training where necessary

• Ongoing professional development activities

9.5 Competency Assessment: Regular evaluations ensure personnel maintain appropriate knowledge and skills through testing, practical exercises, and performance monitoring.

10. Risk Assessment

10.1 Comprehensive Risk Assessment: Bit1 conducts periodic comprehensive risk assessments evaluating money laundering and terrorism financing risks across:

• Products and services offered

• Customer types and demographics

• Geographic exposure and operations

• Transaction types and volumes

• Technology systems and processes

• Business partnerships and third-party relationships

10.2 Risk-Based Resource Allocation: Assessment results inform resource allocation decisions including:

• Staffing levels for compliance functions

• Technology investments and system enhancements

• Enhanced due diligence triggers and procedures

• Training priorities and specialized education

• Monitoring system calibration and thresholds

10.3 Higher-Risk Area Controls: Areas identified as higher risk receive enhanced controls including:

• Increased monitoring and surveillance

• Additional due diligence requirements

• Enhanced staff training and oversight

• More frequent reviews and assessments

• Specialized procedures and protocols

10.4 Risk Assessment Updates: Risk assessments are updated:

• At least annually or more frequently as needed

• When significant business changes occur

• Following regulatory guidance or industry developments

• After suspicious activity trends are identified

• When new products or services are introduced

10.5 Documentation and Governance: All risk assessments include:

• Clear methodology and analytical frameworks

• Supporting data and evidence

• Management review and approval

• Action plans for addressing identified risks

• Regular monitoring of mitigation effectiveness

11. Cooperation with Authorities

11.1 Full Cooperation: Bit1 cooperates fully and promptly with all law enforcement agencies, regulatory authorities, and financial intelligence units in their efforts to combat financial crime.

11.2 Lawful Requests: We respond expeditiously to all lawful requests for information including:

• Subpoenas and court orders

• Regulatory examination requests

• Law enforcement investigations

• Administrative summons and information requests

• International cooperation requests

11.3 Information Sharing: Subject to applicable legal requirements, we share relevant information with:

• Financial intelligence units for suspicious activity reporting

• Law enforcement for criminal investigations

• Regulatory authorities for compliance examinations

• International partners for cross-border investigations

• Industry groups for threat intelligence sharing

11.4 Response Procedures: Our authority cooperation procedures ensure:

• Immediate notification to senior management

• Coordination with legal counsel when appropriate

• Rapid retrieval and production of requested materials

• Secure transmission of confidential information

• Detailed documentation of all interactions

11.5 Compliance Contact: For all compliance-related inquiries, regulatory matters, and law enforcement cooperation:

Contact: [email protected]

11.6 Emergency Procedures: For urgent law enforcement matters requiring immediate attention, we maintain 24/7 escalation procedures to ensure rapid response capabilities.

12. Policy Updates

12.1 Regular Review: This AML Policy is reviewed and updated regularly to ensure continued effectiveness and compliance with evolving legal and regulatory requirements.

12.2 Update Triggers: Policy updates may be prompted by:

• Changes in applicable laws and regulations

• Regulatory guidance or industry best practice updates

• Internal risk assessment findings

• Examination findings or regulatory feedback

• Significant business or operational changes

• Emerging threats or typologies

12.3 Approval Process: All policy updates require:

• Senior management review and approval

• Legal and compliance assessment

• Impact analysis and implementation planning

• Employee notification and training

• System updates where necessary

12.4 Change Communication: Material changes to this policy will be:

• Posted to this page with clear effective dates

• Communicated to all relevant personnel

• Reflected in training materials and procedures

• Documented with change rationales and approvals

12.5 Version Control: We maintain comprehensive records of all policy versions, changes, and implementation dates for regulatory and audit purposes.