Introduction The CrocCoin Anti-Money Laundering and Know Your Customer Policy, hereinafter referred to as the "AML/KYC Policy" is specifically designed to proactively prevent and mitigate the potential risks associated with CrocCoin's involvement in illicit activities. Both international and local regulations mandate that we establish robust internal procedures and mechanisms aimed at thwarting money laundering, terrorist financing, drug and human trafficking, the proliferation of weapons of mass destruction, as well as corruption and bribery. Additionally, we are obligated to promptly address any suspicious activities originating from our users. The AML/KYC Policy encompasses the following key aspects: * Verification procedures. * Screening against relevant lists. * The role of a dedicated Compliance Team. * The ongoing monitoring of transactions. * Comprehensive risk assessment protocols. * Prohibited Uses and Jurisdictions. 1. Verification Procedures To adhere to international standards aimed at preventing unlawful activities, we implement customer due diligence (CDD). In line with CDD, we develop our own verification procedures in compliance with anti-money laundering and "Know Your Customer" frameworks. 1.1 Identity Verification Our identity verification process necessitates that users furnish us with credible, independent source documents or information (such as a national ID, international passport, bank statement, or utility bill) for the purposes of our AML/KYC Policy. We undertake measures to validate the authenticity of the documents and information provided by users. We employ all legally permissible means to cross-check this identification data and retain the prerogative to investigate users who raise concerns due to their perceived risk or suspicious activity. Furthermore, we retain the right to continuously verify a user's identity, particularly when there are alterations to their identification data or if their activities deviate from their typical patterns. We may also request updated documents from users, even if they have previously undergone identity verification. The collection, storage, sharing, and protection of users' identification information will be conducted strictly in compliance with our Privacy Policy and relevant regulations. Once a user's identity has been verified, we can reduce our potential legal liability in situations where our services are misused for illegal purposes. 1.2 Card Verification Users planning to utilize payment cards in conjunction with our services must complete card verification as per the instructions provided on our website. 2. Screening against relevant lists We conduct screenings of applicants against internationally recognized Sanctions and Politically Exposed Persons (PEPs) and warning lists. This screening is carried out at various stages: * During the initial onboarding process when the user submits their application. * Manually, as part of our anti-fraud and AML alert procedures by our Compliance team. To facilitate this screening process, we utilize SumSub data, which is provided by Sum and Substance Limited and integrated into our proprietary software. 3. Compliance Team The Compliance Team, duly authorized by our organization, plays a pivotal role in ensuring the effective implementation and enforcement of our AML/KYC Policy. This role encompasses various responsibilities, including but not limited to: A. Gathering users' identification information. B. Establishing and regularly updating internal policies and procedures for the creation, review, submission, and retention of all necessary reports and records as mandated by relevant laws and regulations. C. Monitoring transactions and investigating any notable deviations from typical activity. D. Instituting a records management system to facilitate the appropriate storage and retrieval of documents, files, forms, and logs. E. Regularly updating our risk assessments. F. Furnishing law enforcement with necessary information in compliance with applicable laws and regulations. The Compliance Team is empowered to collaborate with law enforcement agencies involved in the prevention of money laundering, terrorist financing, and other illicit activities. 4. Monitoring Transactions In our company, the verification of user identities extends beyond confirming their personal information and is primarily reliant on a thorough analysis of their transactional activities. To achieve this, we employ data analysis as a valuable tool for evaluating potential risks and detecting any suspicious behavior. Our compliance-related duties cover a range of activities, including data collection, filtering, maintaining records, managing investigations, and preparing reports. We conduct screening against relevant lists, review transactions using various data points, and take various other actions as needed, including managing cases and associated documents. Within the framework of our AML/KYC Policy, we diligently monitor all transactions and retains the right to: * Report transactions of a suspicious nature to the relevant law enforcement agencies. * Request additional information and documents from users in the event of suspicious transactions. * Suspend or terminate a user's account when we reasonably suspect their involvement in illegal activities. The aforementioned tasks are not exhaustive, and the Compliance Team will conduct ongoing monitoring of user transactions to determine whether they should be flagged and treated as suspicious or deemed legitimate. 5. Risk Assessment Aligned with international guidelines, we have implemented a risk-based strategy to combat money laundering and terrorist financing. This approach enables us to tailor preventive and mitigation measures according to the assessed risks. It ensures efficient resource allocation, prioritizing the most significant risks for heightened attention. Prohibited Uses and Jurisdictions: We maintain a strict policy against permitting users to engage in certain categories of activities and business relationships. These prohibitions are designed to ensure compliance with AML, CFT, and Sanctions laws, as well as to mitigate the risk of our platform being used to facilitate financial crime. The following outlines the categories of prohibited uses and jurisdictions: 6. Prohibited Uses: We do not authorize users to engage in the listed activities, and these prohibitions are not limited to those mentioned below: * Fraud * Gambling * Money laundering * Terrorist financing * Ransomware activities * Darknet market operations * Scams * Hacking or stolen funds * Use of blacklisted exchanges * Unlicensed money services * Abusive activities * Involvement with drugs * Adult material * Weapons, including nuclear, biological, and chemical arms * Any activities associated with sanctions Prohibited Jurisdictions: We do not establish business relationships with certain categories of users or have exposure to jurisdictions that are deemed high-risk due to: * Sanctions nexus * Blocked countries deemed to be a high risk by our company. Our commitment to these prohibitions helps maintain our compliance with regulatory requirements and ensures our adherence to the highest standards of financial integrity. We also cooperate fully with law enforcement and regulatory authorities to uphold these standards and prevent illicit activities within our platform.