AML Policy
Anti-Money Laundering & Counter-Financing of Terrorism — Last updated: 2026
PayKrypt AML/CFT Policies and Procedures
This document sets forth the provisions and procedures for countering money laundering and terrorism financing (AML/CFT) within PayKrypt. This document is intended for general informational purposes only.
1. Principles and Methods for Implementing AML/CFT Measures
The PayKrypt platform aims to support efforts to combat money laundering and terrorist financing. General principles and obligations: • Exercise due diligence when dealing with our clients and individuals assigned to act on behalf of clients. • Conducting business in accordance with high ethical standards and preventing, as much as possible, the establishment of any business relationships associated with money laundering or terrorism financing. • Providing assistance and the highest possible level of cooperation with relevant law enforcement agencies to prevent the threat of money laundering and terrorist financing.
2. Risk Assessment and Mitigation Methodology
We assume that most of our clients are individuals. In this regard, we must: A. Record and/or collect the following documentation: • The identity of our customers. • The country or jurisdiction in which our clients are located or their country of origin. B. To the maximum extent possible, evaluate and verify our clients, their affiliates, individuals designated to act on behalf of our clients, and our clients' beneficiaries through specific lists of individuals and entities. Restricted jurisdictions — the Website does not open accounts and does not provide services to clients from the following countries: Afghanistan, Angola, Belarus, Bosnia and Herzegovina, Botswana, Bahamas, Cambodia, Burundi, Democratic Republic of the Congo, Central African Republic, Republic of the Congo, Algeria, Ecuador, Eritrea, Ethiopia, Ghana, Guinea, Guinea-Bissau, Guyana, Haiti, Iraq, Iran, Japan, Kenya, North Korea, Lebanon, Liberia, Libya, Myanmar, Nigeria, Pakistan, Serbia, Russia, Sudan, Sri Lanka, Somalia, South Sudan, Syria, Tunisia, Trinidad and Tobago, Ukraine, Uganda, United States of America, Vanuatu, Venezuela, Yemen, Zimbabwe. Risk reduction: We will not cooperate with individuals included in the designated lists of individuals and legal entities when they are identified.
3. New Products, Practices, and Technological Methodology
We must provide appropriate notification of the identification and assessment of money laundering and terrorist financing risks that may arise in the following areas: • Development of new products and business practices, including new mechanisms for sending funds. • Utilizing new or emerging technologies for new and existing products. We will pay special attention to any new products and business practices that promote anonymity, including new mechanisms for sending funds and new or emerging technologies such as digital passes that promote anonymity.
3a. Customer Due Diligence (CDD)
We do not open, maintain, or accept anonymous or pseudonymous accounts. We should not enter into business relationships with clients or conduct operations for them if we have reasonable grounds to suspect that their assets or financial resources are the proceeds of drug trafficking or other criminal activities. We must submit reports on such suspicious transactions to the appropriate financial supervisory authority. We conduct customer reviews in the following situations: • When we enter into a business relationship with any client. • When we perform transactions for any client with whom we do not have an established business relationship. • When receiving cryptocurrency transfers for clients with whom we have no business relationship. • If money laundering or terrorist financing is suspected. • When we have doubts about the authenticity or adequacy of any information. If we suspect that two or more transactions are or may be related, or that a single transaction has been deliberately reorganized into smaller transactions in order to evade AML/CFT measures, we should consider such an operation as a single one and sum its cost accordingly.
3b. Customer Verification
We verify the identity of all our clients. In order to verify our clients, we need to know at least: • Full names, including aliases. • Identification document numbers (e.g. ID number, birth certificate number, passport number, or, if the client is not an individual, the registration number of their business). • The registered office or company's registered office (if applicable), the main place of business if the registered and business addresses are different. • The date of birth, foundation, or incorporation of the company. • Citizenship or place of registration. We must use reliable and independent data, documents, or information to verify the identity of our customers. If our client is a legal person or legal entity, we must use reliable and independent data, documents, or information to verify the type of legal entity, confirm its existence, its charter, and the powers that govern and bind it.
3c. Customer Relations Representatives
If the client appoints one or more individuals to represent their interests in business relations with us, or if the client is not an individual, we must identify each individual acting on behalf of the client by obtaining: • Full names. • ID card numbers. • Residential address. • Date of birth. • Nationality. • Data and documents from reliable and independent sources to verify the identity of such individuals. We also verify the proper authority of each individual designated to act on behalf of our client by obtaining: • A corresponding written confirmation authorizing the appointment of such individuals as representatives of our client. • A specimen signature of each individual.
3d. Legal Entity Clients
If the client is a legal entity, we must: • Verify individuals (acting independently or in concert) who have ultimate ownership of the legal entity. • If there is doubt that individuals who have ultimate ownership are beneficiaries, or if no individual has ultimate ownership, identify individuals who have ultimate beneficial ownership. • If such individual is not identified, specify the individual with enforcement rights against the legal entity. • For trusts, specify the founder, trustee, protector (if applicable), beneficiaries, and any individual exercising ultimate ownership or control. • For other types of legal agreements, identify individuals holding equivalent positions. We must also determine the nature, ownership, and control structure of the client's business.
3e. Continuous Monitoring
We constantly monitor business relationships with our clients. We must monitor and analyze customer account transactions throughout the entire period of our business relationship to ensure that they are consistent with our knowledge of the customer, their business and risk profile, and the source of their funds. We will apply risk prevention measures if the transaction involves the transfer or receipt of cryptocurrency to/from financial institutions monitored for compliance with FATF AML/CFT requirements. We pay special attention to all complex, unusually large, or unusual patterns of transactions made without an apparent economic purpose. We undertake to investigate the background and purpose of such operations to the greatest extent possible and record our findings in order to provide such information to the relevant authorities, if necessary. We ensure that due diligence information obtained with respect to our clients is kept up-to-date, especially with respect to high-risk clients.
3f. Non-Account Transactions
If we perform any transaction for a client who does not have a business relationship with us, we must: • Perform a comprehensive inspection, as if the customer had contacted us to establish a business relationship. • Record details of the relevant transaction to enable recovery, including the nature and date of the transaction, the type and amount of currency involved, the value date, and details of the recipient or beneficiary. Verification time: We verify the identity of the client, individuals designated to act on behalf of the client, and the client's beneficiaries prior to establishing a business relationship or performing any transaction. Joint accounts: In the case of a joint account, we perform due diligence on all joint account holders, as if each of them was a customer individually.
4. Enhanced Customer Verification
Politically Exposed Persons (PEPs): We use all reasonable means to determine whether the client, any individual designated to act on behalf of the client, any related party, or any beneficial owner is a politically exposed person, family member, or close associate of a politically exposed person. If the client or any beneficiary is recognized as a politically exposed person, we must: • Get approval from senior management to establish and continue a business relationship. • Establish, by reasonable means, the source of savings and the source of funds of the client and any beneficiary. • Conduct enhanced monitoring in the course of business relations with the client. High-risk categories: We acknowledge that circumstances presenting an increased risk of money laundering or terrorist financing include, but are not limited to: • If the client or any beneficiary is a national or resident of a country where the FATF has called for countermeasures. • If the client or any beneficiary is a national of a country known to have non-compliant AML/CFT measures in place. We are required to conduct enhanced due diligence on customers who pose an increased risk of money laundering or terrorist financing.
6. Asset Transfer Approach
If we are a customer organization, then before making a transfer of funds, we must: • Identify the initiator and take reasonable steps to verify their credentials. • Record adequate details of the transfer of funds, including the transfer date, type, and value of the digital payment token transferred. If we are a managing institution, we include in the message or payment instructions accompanying the transfer: • Name of the initiator. • Initiator's account number (or unique transaction reference number, if applicable). • Name of the beneficiary. • Beneficiary's account number (or unique transaction reference number, if applicable). Transfers exceeding a certain threshold: We must identify the sender and verify their documents, including the initiator's residential address, legal or actual address, unique identification number, or date and place of birth. We will immediately transmit to the receiving institution all information about the sender and the recipient, and document all information. If we are unable to meet these requirements, we will not transfer funds.
6a. Record Keeping and Suspicious Transaction Reporting
Keeping records: We will keep the relevant records for a minimum of five years. Personal data: We ensure the security of our clients' personal data in accordance with the established procedure. Suspicious Transaction Reporting (STR): We notify the relevant authorities and submit applications in accordance with legal requirements. We will also keep all records and transactions related to all such transactions and suspicious transaction reports. Compliance, audit and training: Among other measures, we appoint a management-level AML/CFT compliance officer, maintain independent audit capabilities, and take active steps to regularly train employees on AML/CFT issues.
7. Enterprise-Wide Risk Assessment
The enterprise-wide risk assessment of money laundering/terrorist financing is carried out in three stages: Stage 1 — Inherent risk assessment: We assess our inherent risk in relation to our: • Customers or organizations — we evaluate the clients and/or organizations we work with. • Products or services — we pay close attention to who we provide over-the-counter cryptocurrency services to. • Regional scale — we do not work with clients who are included in certain lists of individuals and legal entities. Stage 2 — Evaluation of security measures: We evaluate our controls and risk mitigation measures. We must monitor and exercise increased caution with respect to any and/or all customers who appear suspicious to us. Stage 3 — Residual risk assessment: We assess residual risks after evaluating mitigation measures.