ANTI-MONEY LAUNDERING AND COUNTER-TERRORISM FINANCING POLICY
I. Introduction
1. Overview of AML Policy
CaizStable and its affiliated entities (hereinafter referred to as “CaizStable”, “Company”, “we”, “us”, or “our”) are committed to maintaining the highest standards of financial integrity, regulatory compliance, and risk mitigation to prevent the misuse of financial services for illicit activities, including money laundering, terrorist financing, fraud, and other financial crimes.
This Anti-Money Laundering (AML) and Counter-Terrorism Financing (CFT) Policy (“Policy”) sets forth the principles, obligations, and control measures adopted by CaizStable to detect, prevent, and report illicit financial activities while ensuring compliance with international, national, and regional AML and CFT laws and regulations.
The Policy aligns with the Financial Action Task Force (FATF) Recommendations, Basel Committee on Banking Supervision (BCBS) Guidelines, International Monetary Fund (IMF) and World Bank Standards, and national regulatory requirements applicable to the jurisdictions in which CaizStable operates.
CaizStable acknowledges that digital assets, stablecoins, and virtual currencies pose unique risks due to their pseudonymous nature, rapid global transferability, and decentralized market structure. Accordingly, the Company has implemented a risk-based AML program, incorporating enhanced due diligence (EDD), transaction monitoring, and regulatory reporting mechanisms to mitigate risks associated with illicit financial activities.
The AML Policy applies to all employees, officers, directors, customers, business partners, affiliates, third-party service providers, and any individuals or entities engaging in transactions through CaizStable’s platforms and services. Compliance with this Policy is mandatory, and failure to adhere may result in account suspension, termination of business relationships, regulatory sanctions, and legal action.
2. Purpose and Scope
a. Purpose of the Policy
The primary purpose of this Policy is to:
i. Establish stringent internal controls and procedures to prevent CaizStable’s platforms and services from being exploited for illicit financial activities, including money laundering, terrorist financing, fraud, and financial crimes.
ii. Ensure strict adherence to global AML/ CFT laws, regulatory directives, and reporting obligations.
iii. Outline the responsibilities of CaizStable’s Board of Directors, Senior Management, Compliance Team, and all employees in implementing AML measures.
iv. Set forth comprehensive guidelines for customer due diligence (CDD), enhanced due diligence (EDD), know your customer (KYC), transaction monitoring, and suspicious activity reporting (SAR).
v. Promote transparency, accountability, and regulatory cooperation with financial intelligence units (FIUs), law enforcement agencies, and other competent authorities worldwide.
vi. Establish robust risk assessment mechanisms, ensuring effective identification, mitigation, and reporting of high-risk customers, transactions, and jurisdictions.
vii. Safeguard CaizStable’s reputation, investors, customers, and stakeholders from legal, financial, and reputational risks arising from non-compliance.
b. Scope of the Policy
This Policy applies to:
i. All business operations, products, and services offered by CaizStable, including but not limited to Digital asset transactions, stablecoin transfers, fiat currency transactions, cross-border remittances, wallet services, peer-to-peer (P2P) transactions, institutional transactions, merchant payments.
ii. All jurisdictions where CaizStable operates, markets its services, or engages with customers and financial partners.
iii. All CaizStable employees, officers, agents, compliance personnel, contractors, consultants, and business associates.
iv. All third-party service providers, including financial intermediaries, payment processors, and custodial entities that facilitate transactions within the CaizStable ecosystem.
v. All users and customers of CaizStable’s platforms, including individual retail customers, institutional investors, and high-net-worth clients.
This Policy is designed to evolve dynamically, incorporating emerging financial crime risks, new regulatory requirements, and international compliance best practices.
3. Legal and Regulatory Compliance
CaizStable is committed to full compliance with international, national, and regional AML/ CFT laws, regulations, and enforcement directives governing financial services, digital assets, and blockchain transactions.
The Company adheres to a comprehensive compliance framework, which includes, national and international legislations, rules, regulations and laws.
CaizStable continuously reviews, updates, and enhances its compliance framework to reflect changes in AML/CFT laws, regulatory policies, and emerging financial crime risks.
4. Relationship with Other Policies
This AML Policy is interlinked with other key policies and regulatory frameworks adopted by CaizStable. This Policy will be updated periodically to reflect regulatory developments, risk assessments, and industry best practices.
II. Regulatory Compliance Framework
The AML Regulatory Compliance Framework of CaizStable is structured to ensure adherence to international AML/ CFT standards, compliance with national and regional regulations, and conformity with local laws in jurisdictions where the Company operates.
This framework is designed to address money laundering, terrorist financing, fraud, sanctions evasion, and other financial crimes, while fostering a culture of compliance within the organization.
1. Global AML/ CFT Compliance Standards
CaizStable follows a comprehensive risk-based approach (RBA) to Anti-Money Laundering (AML) and Counter-Terrorist Financing (CFT) in accordance with globally recognized compliance frameworks. The Company adheres to key international financial crime prevention standards set by the regulatory and oversight bodies prevalent in different jurisdictions.
2. Key International and National Regulations
CaizStable operates in multiple jurisdictions worldwide, necessitating compliance with various international AML laws, regional directives, and national financial crime regulations. The Company adheres to the key international, regional, and national AML/ CFT regulations prevalent in Europe, Asia, North America, South America, Australia and Africa. CaizStable operates globally, with a presence in multiple financial hubs and regulatory environments. The Company ensures strict adherence to local AML laws, licensing requirements, and enforcement frameworks in each jurisdiction
III. Risk-Based Approach (RBA)
1. Risk Categorization (User, Geography, Transactions, Industry)
CaizStable adopts a Risk-Based Approach (RBA) in accordance with Financial Action Task Force (FATF) guidelines, Basel Committee on Banking Supervision (BCBS) principles, and local AML/ CFT regulations in all jurisdictions where it operates. The RBA ensures that risk mitigation measures are proportionate to the assessed level of risk, enabling the Company to allocate compliance resources efficiently and effectively.
CaizStable identifies, assesses, and mitigates AML/ CFT risks by categorizing them into four key areas:
a. User Risk
Users are assessed based on their profile, transaction behaviour, and financial activities. The following factors contribute to user risk categorization:
i. Retail Users: Individual users transacting below defined AML thresholds, who do not exhibit high-risk behaviours.
ii. Corporate & Institutional Clients: Business entities and institutional investors engaging in high-value or frequent transactions, requiring enhanced due diligence.
iii. Politically Exposed Persons (PEPs): Individuals who hold or have held prominent public positions, including government officials, senior executives, and military personnel, as well as their family members and close associates.
iv. High-Net-Worth Individuals (HNWIs): Individuals with substantial assets and transaction volumes, necessitating closer scrutiny.
v. Users from High-Risk Jurisdictions: Individuals or entities residing in or transacting with sanctioned or FATF-listed high-risk countries.
vi. Unverified or Anonymous Users: Users failing to complete KYC verification or providing inconsistent documentation, posing elevated financial crime risks.
b. Geographic Risk
Geographic risk assessment is based on jurisdictional AML/ CFT compliance levels, regulatory enforcement, and financial crime exposure. Factors considered include:
i. FATF High-Risk & Non-Cooperative Jurisdictions: Countries identified by FATF for strategic deficiencies in AML/ CFT regulations.
ii. Sanctioned Countries: Countries subject to United Nations (UN), European Union (EU), United States Office of Foreign Assets Control (OFAC), UK HM Treasury, and Swiss SECO sanctions.
iii. Weak AML Jurisdictions: Countries with poor regulatory oversight, high levels of corruption, and inadequate enforcement of AML laws.
iv. High-Terrorism Financing Risk Countries: Countries identified as having strong links to terrorism financing activities, as designated by FATF and law enforcement agencies.
c. Transaction Risk
Transaction-based risk factors include:
i. Transaction Volume & Value:
• Low-risk: Transactions below predefined AML reporting thresholds.
• Medium-risk: Transactions close to the reporting threshold, potentially structured to avoid detection.
• High-risk: Large, rapid, or unusual transactions inconsistent with the user’s profile.
ii. Transaction Frequency & Pattern:
• Unusual activity such as multiple high-value transactions within short time frames.
• Structuring or smurfing: Breaking transactions into smaller amounts to avoid reporting.
• Use of high-risk financial instruments such as privacy coins, mixers, or tumblers.
iii. Cross-Border Transactions:
• Transactions originating from high-risk jurisdictions.
• Funds moving through multiple jurisdictions in rapid succession.
d. Industry Risk
Certain industries pose an elevated risk of money laundering, terrorist financing, and illicit financial flows. CaizStable categorizes industry risks as follows:
i. High-Risk Industries:
• Cryptocurrency & Virtual Assets (including unregistered Virtual Asset Service Providers).
• Gambling, Casinos, and Betting (high cash turnover, online gaming).
• Unregulated Money Services Businesses (MSBs).
• Luxury Goods & Art Market (potential for asset laundering).
• Shell Companies and Offshore Entities (opaque structures that conceal ownership).
ii. Medium-Risk Industries:
• Real Estate & Construction (large cash transactions, potential for property-based money laundering).
• Precious Metals & Jewellery Trade (ease of asset transportability).
iii. Low-Risk Industries:
• Government-regulated financial institutions.
• Publicly listed corporations subject to financial audits.
Each category is subject to customized risk mitigation measures, due diligence protocols, and transaction monitoring procedures.
2. Risk Rating Matrix
CaizStable applies a Risk Rating Matrix to systematically assess AML/ CFT risks associated with users, transactions, and jurisdictions. The matrix assigns a risk score based on key risk indicators (KRIs), guiding the level of due diligence and monitoring required.
Risk Factor
Low Risk (Green)
Medium Risk (Yellow)
High Risk (Red)
User Type
Verified retail user
Corporate clients, HNWIs
Unverified users, PEPs, high-risk entities
Geographic Risk
FATF-compliant countries
Countries with weak AML controls
Sanctioned & FATF high-risk jurisdictions
Transaction Volume
< $10,000
$10,000 – $50,000
> $50,000 or structured transactions
Transaction Frequency
Normal patterns
Unusual frequency
Rapid, high-volume movements
Industry Type
Regulated sectors
Medium-risk businesses
Gambling, crypto mixers, unregulated MSBs
Payment Method
Bank transfers, regulated platforms
Non-traditional payment methods
Privacy coins, cash deposits, darknet markets
Risk scores determine the level of due diligence, monitoring, and reporting obligations.
a. Low-Risk Users: Standard KYC verification, ongoing monitoring.
b. Medium-Risk Users: Enhanced Due Diligence (EDD), periodic risk reviews.
c. High-Risk Users: Comprehensive AML screening, real-time transaction monitoring, and regulatory reporting.
3. Enhanced Risk Mitigation Measures
For high-risk users, transactions, and jurisdictions, CaizStable applies Enhanced Due Diligence (EDD) and stricter compliance controls to mitigate financial crime risks.
a. Enhanced Due Diligence (EDD) for High-Risk Users
i. Additional Identity Verification: Government-issued ID and secondary verification (e.g., proof of address, utility bill, tax returns, bank statements).
ii. Source of Wealth and Source of Funds Verification: Documented evidence of income sources, corporate ownership records.
iii. Senior Management Approval for Onboarding: High-risk users require explicit approval from the Compliance Officer.
iv. Ongoing Transaction Monitoring & Periodic Reviews: Continuous scrutiny of high-risk accounts, quarterly re-evaluation.
b. Transaction Monitoring & Alerts for High-Risk Transactions
i. Automated & manual transaction review mechanisms.
ii. Threshold-based alerts for large, unusual, or rapid transactions.
iii. AI-driven pattern recognition to detect suspicious activity.
c. Restricted & Prohibited Transactions
i. Prohibition on transactions involving sanctioned entities or countries.
ii. Ban on the use of high-risk payment methods (e.g., anonymous wallets, crypto tumblers).
iii. Immediate freezing of accounts involved in suspicious activity.
d. Reporting & Regulatory Obligations
i. Mandatory Suspicious Activity Reports (SARs) for high-risk transactions.
ii. Notification to financial intelligence units (FIUs) & law enforcement if required.
IV. KYC & Customer Due Diligence (CDD)
1. Mandatory KYC Verification
a. Overview of Know Your Customer (KYC) Requirements
CaizStable is committed to implementing a robust Know Your Customer (KYC) verification process in compliance with statutory laws as relevant and applicable to CaizStable. The KYC process is mandatory for all users engaging in financial transactions on CaizStable’s platform, including:
i. Retail customers
ii. Corporate and institutional clients
iii. High-Net-Worth Individuals (HNWIs)
iv. Third-party service providers
v. Agents, affiliates, and business partners
The primary objectives of KYC verification are to:
i. Establish customer identity and verify authenticity.
ii. Prevent money laundering, terrorist financing, identity fraud, and illicit financial activities.
iii. Ensure compliance with global and national AML regulations.
iv. Conduct risk profiling of customers based on their geographical, transactional, and industry risk exposure.
b. KYC Documentation Requirements
All users must provide the following minimum documentation for identity verification, in compliance with global AML/ CFT laws:
i. Individual Users (Retail Customers, HNWIs, PEPs, etc.)
• Government-Issued Identification Document (Passport, National ID, or Driver’s License)
• Proof of Address (Utility bill, bank statement, or official correspondence issued within the last three months)
• Selfie Verification (Biometric face match with official ID)
• Tax Identification Number (TIN) or Social Security Number (SSN) (where applicable)
ii. Corporate & Institutional Clients
• Certificate of Incorporation/Business Registration Document
• Memorandum & Articles of Association
• Proof of Business Address
• Ultimate Beneficial Ownership (UBO) Declaration (Identifying individuals with a 25% or more ownership stake)
• Board Resolution Authorizing Account Operation
• Tax Residency Certificate (if applicable)
c. KYC Verification Procedures
KYC verification is conducted in three stages:
i. Documentary Verification: Validation of submitted documents against official databases.
ii. Biometric Authentication: Face recognition and liveness detection for fraud prevention.
iii. Database Screening: Cross-referencing customer details with global sanctions lists, watchlists, and politically exposed persons (PEP) databases.
Users who fail to provide required KYC information or submit fraudulent documents will be denied access to CaizStable’s services, and their accounts will be flagged for further investigation.
2. Enhanced Due Diligence (EDD)
a. When is Enhanced Due Diligence Required?
Enhanced Due Diligence (EDD) is triggered for high-risk customers and transactions in accordance different laws. EDD is required in the following cases:
i. High-Risk Jurisdictions: Customers from FATF blacklisted or grey listed countries.
ii. Politically Exposed Persons (PEPs): Government officials, senior executives, military leaders, and their associates.
iii. High-Value Transactions: Transactions exceeding pre-defined risk thresholds.
iv. Suspicious Transactions: Transactions that exhibit patterns indicative of money laundering, terrorist financing, or fraud.
v. Use of High-Risk Payment Methods: Transactions involving anonymous wallets, privacy coins, or cryptocurrency mixers.
b. Additional Documentation for EDD
Customers subject to EDD screening must provide additional documentation:
i. Source of Funds (SoF) Declaration: Proof of the origin of funds used for transactions.
ii. Source of Wealth (SoW) Verification: Evidence of income sources (e.g., bank statements, audited financials).
iii. Enhanced Biometric Verification: Advanced AI-based facial recognition.
iv. In-Person or Video KYC Verification (where required by local regulations).
c. Senior Management Approval for High-Risk Accounts
For high-risk accounts, onboarding must be approved by CaizStable’s Senior Compliance Officers before transactions are permitted.
d. Continuous Monitoring for EDD Customers
Customers subject to EDD undergo ongoing monitoring with more frequent transaction reviews, additional scrutiny of financial activities, and periodic KYC updates.
3. Ongoing Monitoring
a. Real-Time Transaction Monitoring
CaizStable has implemented an AI-driven transaction monitoring system that continuously scans transactions to identify suspicious activities, high-risk patterns, and unusual behaviours. Key monitoring parameters include:
i. Transaction Volume & Frequency: Detection of rapid, high-value transfers inconsistent with a user’s profile.
ii. Geolocation Anomalies: Transactions originating from multiple locations in a short time.
iii. Use of Cryptocurrency Mixers & Privacy Tools: Transactions attempting to obscure fund sources.
iv. Multiple Small Transactions (Structuring/Smurfing): Breaking down large transactions to avoid detection.
b. Automated Risk Alerts & Escalation Procedures
Suspicious transactions trigger automated alerts, which are categorized based on risk severity:
Risk Level
Indicators
Action Taken
Low Risk
Normal transaction behaviour
No action required
Medium Risk
Minor deviations from user profile
Additional verification
High Risk
Large, rapid, or structured transactions
Flag for manual review
Critical Risk
Transactions linked to sanctioned entities, terrorist networks, or illicit funds
Immediate account suspension & regulatory reporting
All high-risk and critical-risk cases are escalated to CaizStable’s AML Compliance Team for further investigation and reporting.
c. Periodic KYC Updates & Customer Risk Reassessment
Customers undergo periodic KYC re-verification based on their risk classification:
i. Low-Risk Users: KYC refresh every 3 years.
ii. Medium-Risk Users: KYC refresh every 2 years.
iii. High-Risk Users & PEPs: KYC refresh annually with continuous transaction monitoring.
d. Reporting Suspicious Activities (SAR/ STR)
CaizStable follows strict regulatory reporting requirements, ensuring all suspicious activities and transactions are reported to relevant authorities. Suspicious Activity Reports (SARs) and Suspicious Transaction Reports (STRs) must be filed within 24-48 hours of detecting suspicious activity, in accordance with local AML regulations.
e. Account Freezing & Termination for AML Violations
If a customer is suspected of engaging in money laundering, terrorist financing, or other financial crimes, CaizStable reserves the right to:
i. Freeze or suspend the account pending further investigation.
ii. Terminate account access and restrict fund withdrawals.
iii. Report the user to regulatory authorities for enforcement action.
V. Sanctions Compliance & Screening
1. Global Sanctions Lists
CaizStable is committed to ensuring full compliance with global economic sanctions, trade embargoes, and financial restrictions imposed by international and national regulatory bodies. Sanctions compliance is critical for:
a. Preventing transactions with sanctioned individuals, entities, and jurisdictions.
b. Mitigating financial crime risks associated with terrorism financing, money laundering, and proliferation of weapons of mass destruction (WMDs).
CaizStable strictly prohibits any financial engagement with sanctioned individuals, entities, or jurisdictions and maintains a robust sanctions screening program integrated into its risk-based approach (RBA).
2. Wallet & Transaction Screening
a. Overview of Crypto Wallet & Transaction Screening
Given the pseudonymous nature of blockchain transactions, CaizStable employs advanced wallet screening technologies to prevent the use of its platform for:
i. Money laundering and terrorism financing.
ii. Evasion of economic sanctions and trade restrictions.
iii. Illicit activities such as ransomware payments, darknet marketplace transactions, and crypto mixing/tumbling services.
All digital asset transactions are automatically screened against blockchain forensic tools and sanction enforcement databases to ensure compliance with international financial laws.
b. Blockchain Analysis & Forensic Tools
CaizStable integrates real-time blockchain analytics and forensic tools to monitor wallet addresses, transaction patterns, and illicit fund flows. These tools provide risk-scoring metrics for identifying wallets linked to sanctioned individuals or entities, detecting crypto assets originating from illicit sources, including darknet markets and sanctioned jurisdictions and flagging transactions routed through mixing services or high-risk exchanges.
c. Risk-Based Wallet Monitoring
CaizStable classifies wallet addresses based on risk levels:
Risk Level
Indicators
Compliance Action
Low Risk
Verified wallets from FATF-compliant jurisdictions
No additional verification required
Medium Risk
Wallets with indirect exposure to high-risk transactions
Enhanced monitoring, transaction scrutiny
High Risk
Wallets flagged in sanctions lists, darknet use, mixing services
Immediate blocklisting, regulatory reporting
3. Real-Time Blocklisting
a. Automated Sanctions List Updates & Screening: CaizStable ensures real-time updating of all sanctions lists.
b. Prohibited & Restricted Transactions
Transactions involving the following prohibited categories are immediately blocked and reported:
i. Direct transactions with sanctioned individuals or entities.
ii. Crypto deposits/withdrawals from blocklisted wallets.
iii. Payments linked to terror financing, WMD proliferation, or human trafficking.
iv. Remittances to sanctioned jurisdictions (e.g., North Korea, Iran, Syria, Crimea, etc.).
c. Immediate Freezing & Regulatory Reporting
If a transaction is identified as violating sanctions compliance, CaizStable will:
i. Immediately freeze the transaction and associated accounts.
ii. Notify regulatory authorities (FinCEN, FCA, MAS, SECO, FIU, etc.).
iii. File a Suspicious Activity Report (SAR) or Sanctions Violation Report.
iv. Engage law enforcement if required under legal obligations.
VI. Transaction Monitoring & SAR Filing
1. Automated & Manual Monitoring
a. Overview of Transaction Monitoring
Transaction monitoring at CaizStable is both automated and manual, utilizing AI-driven analytics and human intelligence to identify anomalous transaction patterns, suspicious activities, and high-risk transactions. This dual approach ensures real-time detection and compliance with international AML/ CFT laws.
b. Manual Transaction Review & Escalation
While automated systems handle real-time monitoring, CaizStable also maintains a dedicated compliance team to manually review flagged transactions. The manual review process includes:
i. Reviewing transaction history and account behaviour to assess the legitimacy of flagged transactions.
ii. Investigating transactions that exceed predefined AML thresholds or involve high-risk jurisdictions.
iii. Engaging Senior Compliance Officers for risk assessment and further escalation.
iv. Interviewing customers and requesting supporting documentation for suspicious transactions.
v. Liaising with regulatory authorities and law enforcement agencies for suspected financial crimes.
c. Ongoing Transaction Monitoring & Periodic Reviews
i. All customer transactions are continuously monitored, ensuring proactive detection of illicit activity.
ii. Periodic transaction reviews are conducted, particularly for high-risk customers (PEPs, HNWIs, cross-border transactions).
iii. Behavioural analytics are applied, ensuring risk-based monitoring tailored to each user’s transaction patterns.
2. Suspicious Activity Indicators
a. Recognizing Suspicious Transactions
CaizStable has established risk indicators based on FATF guidelines, FinCEN advisories, and international AML directives to detect suspicious transactions. These indicators trigger investigations, enhanced due diligence (EDD), and potential regulatory filings.
b. High-Risk Transaction Patterns
Transactions may be classified as suspicious if they exhibit the following characteristics:
Category
Indicators of Suspicious Activity
Unusual Transaction Behaviour
Large, rapid, or high-frequency transactions inconsistent with customer profile.
Structuring (Smurfing)
Multiple small transactions below AML reporting thresholds.
Rapid Inflows & Outflows
Funds deposited and withdrawn within a short time without logical reason.
Geographical Risks
Transactions involving FATF-blacklisted or sanctioned jurisdictions.
Use of Mixing Services
Transactions routed through privacy coins, crypto tumblers, or anonymous wallets.
Use of High-Risk Payment Methods
Transactions linked to darknet markets, gambling platforms, or unregistered money service businesses (MSBs).
Layering Activities
Complex transactions involving multiple wallets, exchanges, or intermediaries.
High-Risk Counterparties
Transactions with individuals or entities flagged on global sanctions lists (OFAC, UN, EU, FCA).
Third-Party Transactions
Unusual funding sources where the transaction originator differs from the beneficiary.
Rapid Cross-Border Transfers
Transfers moving through multiple jurisdictions in a short period.
Crypto-to-Fiat Conversions Without Justification
Large volume of cryptocurrency conversions with no clear source of funds.
c. Red Flag Indicators for Money Laundering & Terrorist Financing
i. Unverified users attempting high-value transactions.
ii. Customers providing inconsistent or falsified KYC information.
iii. Transactions using digital assets commonly associated with illicit activities (Monero, Zcash, etc.).
iv. Deposits from multiple unrelated wallets, followed by an immediate withdrawal to new wallets.
v. Transfers involving cryptocurrency ATMs in high-risk locations.
If any red flags are triggered, the transaction is automatically flagged for further review, enhanced due diligence (EDD), or regulatory reporting.
3. STR and SAR Reporting Obligations
a. CaizStable files Suspicious Transaction Reports (STRs) and Suspicious Activity Reports (SARs) with regulatory authorities in jurisdictions where it operates, when required.
b. Criteria for Filing STRs & SARs
CaizStable is required to file an STR/ SAR if:
i. A transaction lacks an apparent legitimate purpose.
ii. A user refuses to provide KYC information or supporting documentation.
iii. The funds appear linked to criminal activity, money laundering, or terrorist financing.
iv. The transaction involves high-risk jurisdictions or sanctioned entities.
c. Timeline for Filing Suspicious Reports
i. STRs (Suspicious Transaction Reports) must be filed within 24-48 hours of detecting a suspicious transaction.
ii. SARs (Suspicious Activity Reports) must be filed immediately if the transaction involves terrorist financing or imminent risk.
d. Confidentiality of STR/ SAR Filings
i. Employees are prohibited from informing users about an STR/ SAR filing (anti-tipping-off rule).
ii. All SAR/ STR filings remain confidential and can only be disclosed to regulatory bodies or law enforcement agencies.
e. Freezing & Blocking Accounts Linked to Suspicious Activity
If a transaction or user is identified as being involved in money laundering, terrorism financing, or financial crime, CaizStable will:
i. Immediately freeze the account to prevent further activity.
ii. Initiate an internal investigation and escalate the case to Senior Compliance Officers.
iii. File a SAR/STR with the relevant financial intelligence unit (FIU).
iv. Coordinate with law enforcement for further enforcement action, if necessary.
f. Regulatory Cooperation & Cross-Border Reporting
CaizStable collaborates with global regulatory bodies and FIUs to facilitate cross-border investigations and financial crime reporting.
VII. AML Governance & Compliance Structure
1. AML Compliance Officer Role
a. Designation & Authority
CaizStable has designated a qualified AML Compliance Officer (AMLCO) responsible for overseeing the implementation, enforcement, and continuous improvement of the Company’s Anti-Money Laundering (AML) and Counter-Terrorist Financing (CFT) Program. The AMLCO operates with full autonomy and direct access to the Board of Directors and Senior Management to ensure that AML/CFT measures align with international regulatory frameworks.
The AMLCO is granted full authority to implement policies, conduct investigations, escalate issues, and report suspicious activities to relevant authorities.
b. Key Responsibilities of the AML Compliance Officer
The AMLCO is responsible for:
i. Policy Implementation & Risk Assessment
• Developing, updating, and enforcing AML/ CFT policies and procedures.
• Conducting enterprise-wide risk assessments (EWRA) to evaluate AML/ CFT risks and implement risk-based mitigation strategies.
• Ensuring that all AML policies align with evolving regulatory requirements.
ii. Know Your Customer (KYC) & Customer Due Diligence (CDD) Oversight
• Overseeing customer onboarding procedures, KYC verification, and risk profiling.
• Approving Enhanced Due Diligence (EDD) for high-risk customers, including Politically Exposed Persons (PEPs).
• Ensuring that KYC/ AML records are maintained per legal retention requirements (5–10 years).
iii. Transaction Monitoring & Investigations
• Supervising the automated and manual transaction monitoring system (ATMS) to detect suspicious activities.
• Investigating unusual transactions, high-risk fund transfers, and red flag indicators of money laundering.
• Approving transaction escalations and reporting obligations for Suspicious Activity Reports (SARs) and Suspicious Transaction Reports (STRs).
iv. Sanctions Screening & Regulatory Compliance
• Ensuring real-time sanctions screening against OFAC, UN, EU, FCA, SECO, and local regulatory lists.
• Overseeing the implementation of blockchain forensic tools for detecting high-risk cryptocurrency transactions.
v. Regulatory Reporting & Law Enforcement Cooperation
• Filing mandatory reports (SARs/ STRs) with Financial Intelligence Units (FIUs) in all jurisdictions of operation.
• Coordinating with law enforcement, financial regulators, and intergovernmental agencies (e.g., FATF, Europol, Interpol) in AML/ CFT enforcement actions.
• Responding to subpoenas, regulatory inquiries, and government AML/ CFT audits.
vi. Internal Training & Awareness
• Conducting mandatory AML training programs for employees, executives, and business partners.
• Ensuring that staff is aware of AML/ CFT red flags, compliance obligations, and legal consequences of non-compliance.
The AMLCO has the unrestricted ability to escalate compliance issues directly to the Board of Directors and external regulators, ensuring full corporate accountability.
2. Internal Audits & Compliance Reviews
a. Overview of AML Internal Audits
CaizStable conducts regular internal audits and independent compliance reviews to ensure that its AML/ CFT framework remains effective, compliant, and aligned with international regulations.
b. Internal Audit Scope & Methodology
The internal audit process covers:
i. Transaction Monitoring & SAR/ STR Compliance
• Review of flagged transactions and high-risk accounts.
• Assessment of real-time and post-transaction monitoring controls.
• Analysis of SAR/STR filing accuracy and timeliness.
ii. KYC/ CDD & Risk Assessment Procedures
• Evaluation of customer onboarding, risk rating, and EDD implementation.
• Ensuring compliance with regulatory identity verification mandates.
iii. Sanctions Compliance & Wallet Screening
• Auditing sanctions screening effectiveness against OFAC, EU, UN, and FCA lists.
• Examining blockchain analytics tools for detecting high-risk wallets and transactions.
iv. Training & Awareness Program Effectiveness
• Measuring AML knowledge retention among employees.
• Ensuring periodic refresher training and compliance updates.
c. Independent Compliance Reviews
In addition to internal AML audits, CaizStable engages external compliance firms and regulatory consultants for independent AML reviews. These reviews ensure:
i. Objective evaluation of AML/CFT governance and risk controls.
ii. Compliance with evolving regulatory frameworks and emerging financial crime threats.
iii. Implementation of corrective action plans for audit findings.
d. Frequency of Internal Audits & Reporting
i. Quarterly AML risk assessments and compliance reports presented to the Board.
ii. Annual external AML compliance review conducted by independent auditors.
iii. Immediate escalation of non-compliance issues to regulatory bodies if required.
e. Whistleblower Protections & Confidentiality
CaizStable maintains strict whistleblower protections, allowing employees to confidentially report AML/ CFT violations without fear of retaliation.
VIII.AML Measures for Employees & Vendors
1. Training & Awareness
a. Overview of AML Training & Awareness
CaizStable is committed to ensuring that all employees, management personnel, and relevant third parties possess a comprehensive understanding of AML/ CFT obligations, financial crime risks, and regulatory compliance measures. As part of CaizStable’s AML Governance & Compliance Framework, all employees undergo AML training programs designed to:
i. Enhance awareness of money laundering and terrorist financing risks.
ii. Educate employees on red flag indicators of suspicious activity.
iii. Ensure compliance with international AML regulations.
iv. Equip employees with the necessary skills to detect, escalate, and report financial crimes.
b. Scope of AML Training
The AML training curriculum is structured to provide employees with up-to-date knowledge and practical application skills in key AML areas:
i. General AML Awareness Training
• Understanding AML/CFT legal obligations and regulatory frameworks.
• Overview of financial crime risks, money laundering typologies, and terrorist financing methods.
• Identifying high-risk customers, industries, and transactions.
• Introduction to CaizStable’s AML policies, risk management framework, and compliance procedures.
• Consequences of non-compliance, including legal penalties and regulatory enforcement actions.
ii. Role-Specific AML Training (For Compliance, Finance, and High-Risk Teams)
• Advanced training on Know Your Customer (KYC) and Customer Due Diligence (CDD) protocols.
• Enhanced Due Diligence (EDD) requirements for Politically Exposed Persons (PEPs), High-Net-Worth Individuals (HNWIs), and high-risk entities.
• Sanctions compliance and real-time transaction monitoring.
• Filing Suspicious Activity Reports (SARs) and Suspicious Transaction Reports (STRs) in compliance with global AML laws.
• Regulatory reporting obligations and interactions with financial intelligence units (FIUs).
iii. Executive & Board-Level AML Training
• Strategic AML risk management and governance responsibilities.
• Understanding FATF’s risk-based approach and enterprise-wide risk assessments.
• Oversight of AML/ CFT compliance structures and financial crime prevention strategies.
• Review of regulatory enforcement actions and global AML trends affecting CaizStable.
c. AML Training Frequency & Certification
i. New Employees: AML training to be conducted during the onboarding process.
ii. Annual AML Training: All employees must complete refresher training sessions annually.
iii. Real-Time AML Updates: Additional training is provided in response to regulatory changes, enforcement actions, or emerging financial crime threats.
iv. Compliance Certification: Employees receive an AML compliance certification upon successful completion of training modules.
d. Whistleblower Protections & AML Reporting Obligations
Employees are encouraged to report suspicious activities, regulatory breaches, or unethical conduct through CaizStable’s confidential whistleblower program. The Company ensures:
i. Strict confidentiality of whistleblowers and protection against retaliation.
ii. Internal escalation mechanisms for investigating reported AML concerns.
iii. Collaboration with law enforcement authorities where required.
Employees failing to comply with AML training obligations may face disciplinary action, including suspension or termination.
2. Vendor & Third-Party Compliance
a. Overview of Vendor & Third-Party AML Compliance
�CaizStable recognizes that third-party service providers, vendors, and business partners present potential AML/ CFT risks due to their role in the Company’s financial ecosystem. To mitigate risks, CaizStable has implemented a Vendor & Third-Party Due Diligence Program (VTPDDP) that ensures:
i. All vendors comply with AML laws applicable to their jurisdiction.
ii. Third-party service providers undergo thorough risk assessments before engagement.
iii. Regular audits and compliance reviews are conducted to monitor ongoing vendor compliance.
b. Risk-Based Approach to Vendor & Third-Party Screening
CaizStable applies a Risk-Based Approach (RBA) to assess vendors, business partners, and financial intermediaries based on the nature of their operations and exposure to financial crime risks.
i. Low-Risk Vendors
• Regulated financial institutions, payment processors, and publicly listed companies.
• Subject to basic KYC verification and periodic compliance reporting.
ii. Medium-Risk Vendors
• Third-party technology providers, cloud service providers, and liquidity partners.
• Subject to enhanced due diligence (EDD) and ongoing monitoring.
iii. High-Risk Vendors
• Unregulated money service businesses (MSBs), cryptocurrency brokers, offshore companies, and cash-intensive businesses.
• Require strict EDD, senior management approval, and continuous transaction monitoring.
c. Vendor Due Diligence & Onboarding Requirements
Before engaging with any vendor or third party, CaizStable conducts a comprehensive due diligence review, requiring:
i. Corporate registration documents & business licenses.
ii. Ultimate Beneficial Ownership (UBO) disclosures.
iii. Financial statements & proof of solvency.
iv. Sanctions screening & adverse media checks.
v. Past regulatory enforcement actions or compliance violations.
d. Vendor Compliance Monitoring & Audits
All vendors undergo periodic compliance audits to ensure continued adherence to AML regulations. The audit scope includes:
i. Transaction monitoring & financial crime risk exposure.
ii. Adherence to contractual AML compliance obligations.
iii. Reporting of suspicious activities linked to CaizStable’s financial ecosystem.
iv. Review of past enforcement actions or regulatory penalties.
Failure to meet AML compliance requirements may result in:
i. Contract termination and blacklisting from future engagements.
ii. Regulatory reporting to financial authorities.
iii. Legal action for violations of AML/CFT laws.
e. Prohibited Third-Party Relationships
CaizStable strictly prohibits business relationships with:
i. Vendors or third parties operating in sanctioned jurisdictions (as per OFAC, UN, EU, FCA, and SECO sanctions lists).
ii. Entities or individuals with links to organized crime, terrorism financing, or financial fraud.
iii. Anonymous companies, shell corporations, and unregulated cryptocurrency exchanges.
IX. Record Keeping & Data Security
1. Minimum Data Retention Periods
a. Overview of Record Keeping Obligations
CaizStable adheres to strict record-keeping requirements in compliance with international and national Anti-Money Laundering (AML) and Counter-Terrorist Financing (CFT) laws. The maintenance of accurate records is critical for:
i. Regulatory compliance with different AML/ CFT frameworks.
ii. Enhancing AML risk management, financial crime investigations, and regulatory audits.
iii. Supporting Suspicious Transaction Reports (STRs) and Suspicious Activity Reports (SARs) filed with financial intelligence units (FIUs).
iv. Facilitating cooperation with law enforcement agencies in AML/CFT-related investigations.
b. Categories of Records Maintained
CaizStable is required to retain the following records:
i. Customer Identification & KYC Records
• Full Name, Date of Birth, and Nationality
• Official Identification Documents (Passport, National ID, or Driver’s License)
• Proof of Address (Utility Bills, Bank Statements, or Government-Issued Correspondence)
• Tax Identification Number (TIN) or Social Security Number (SSN), where applicable
• Corporate Registration Documents & Ultimate Beneficial Ownership (UBO) Declarations for Businesses
• Politically Exposed Person (PEP) and Sanctions Screening Results
ii. Transaction & Financial Records
• All inbound and outbound transactions, including amounts, timestamps, counterparties, and transaction methods
• Cross-border payments and cryptocurrency conversions
• Deposits, withdrawals, and transfers above AML reporting thresholds
• Transaction monitoring alerts and risk assessments
iii. AML Investigation & Regulatory Reporting Records
• Suspicious Activity Reports (SARs) & Suspicious Transaction Reports (STRs)
• Regulatory filings with financial intelligence units (FIUs)
• Internal investigation records related to financial crime risk
• Law enforcement and regulatory correspondence
iv. Internal AML/CFT Compliance Documentation
• AML Risk Assessments & Compliance Audits
• Board & Senior Management AML Meeting Minutes
• Employee AML Training & Certification Records
• Third-Party Vendor AML Due Diligence Reports
c. Minimum Retention Periods
CaizStable enforces minimum data retention periods in compliance with international AML/ CFT laws.
2. GDPR & CCPA Compliance
a. Overview of Data Privacy & Security Framework
CaizStable is committed to ensuring that all customer, transactional, and AML-related data is securely stored, processed, and protected in compliance with:
i. General Data Protection Regulation (GDPR) – European Union.
ii. California Consumer Privacy Act (CCPA) – United States.
iii. Other statutory laws prevalent in different jurisdictions as appliable to CaizStable.
CaizStable integrates data security controls and risk mitigation strategies to prevent unauthorized access, data breaches, and regulatory non-compliance.
b. Key GDPR Compliance Measures
As a financial services provider with customers in the European Union (EU) and European Economic Area (EEA), CaizStable enforces GDPR-compliant data processing standards:
i. Data Minimization: Only essential KYC/AML data is collected and processed.
ii. Right to Access & Data Portability: Customers can request copies of their AML records.
iii. Right to Erasure (“Right to be Forgotten”): Customers can request deletion of personal data, subject to AML retention laws.
iv. Data Breach Notification: Any unauthorized data access is reported within 72 hours to data protection authorities.
v. Data Encryption & Access Controls: All AML-related records are encrypted, stored securely, and accessible only to authorized personnel.
c. Key CCPA Compliance Measures
For customers in California (USA), CaizStable complies with CCPA requirements, ensuring:
i. Transparency in Data Collection: Customers are informed of what data is collected, how it is used, and their rights.
ii. Opt-Out of Data Sharing: Customers can opt out of third-party data sharing for non-essential AML purposes.
iii. Right to Request Data Deletion: Users can request deletion of non-essential personal data.
iv. Strict Data Security Controls: Compliance with National Institute of Standards and Technology (NIST) Cybersecurity Framework.
d. Cross-Border Data Transfers & Compliance
CaizStable ensures that AML-related data transfers across jurisdictions comply with the relevant laws as applicable globally and under different jurisdictions.
e. Data Retention & Deletion Protocols
Upon expiration of regulatory retention periods, CaizStable ensures secure data deletion, using:
i. Cryptographic wiping & secure erasure protocols.
ii. Automated deletion workflows in compliance with GDPR & CCPA.
iii. Independent verification of data destruction by third-party security auditors.
X. Enforcement & Penalties
1. Consequences of AML Violations
a. Overview of AML Compliance Obligations
CaizStable maintains a zero-tolerance policy for money laundering, terrorist financing, and financial crime violations. All employees, customers, vendors, and business partners are required to comply with CaizStable’s AML/CFT policies, as well as applicable global regulatory requirements. Failure to comply with these AML/ CFT requirements can result in severe legal, financial, and reputational consequences for individuals and entities involved.
b. Internal Disciplinary Actions
If an employee, contractor, or associated third party is found to have violated CaizStable’s AML policies, either through negligence, non-compliance, or active participation in illicit activities, the Company may impose internal disciplinary actions, including but not limited to:
Nature of Violation
Internal Consequences
Failure to adhere to KYC/ CDD protocols
Formal warning, additional training, performance review
Negligence in transaction monitoring or SAR reporting
Mandatory re-training, compliance probation period
Knowingly facilitating a suspicious transaction
Immediate termination, regulatory reporting
Failure to disclose conflicts of interest related to AML compliance
Disciplinary action, potential legal action
Participation in or aiding financial crime
Termination, criminal referral to authorities
Tipping-off a customer about an AML investigation
Immediate dismissal, potential prosecution
c. Consequences for Customers & Business Partners
Customers, vendors, and business partners engaging in money laundering, fraud, or terrorist financing activities will face immediate enforcement actions by CaizStable, including:
i. Customer Consequences
• Account Suspension or Termination – CaizStable reserves the right to freeze or close accounts found to be involved in suspicious financial activities.
• Transaction Reversals & Asset Freezes – Transactions linked to financial crime, fraud, or AML breaches may be cancelled or subject to regulatory seizure.
• Blacklist Inclusion – Offending users may be permanently banned from accessing CaizStable’s services and reported to global AML enforcement agencies.
• Regulatory Reporting & Legal Action – CaizStable will cooperate with financial intelligence units (FIUs), law enforcement, and regulators in pursuing legal action against violators.
ii. Vendor & Business Partner Consequences
• Contract Termination – Vendors failing to meet AML compliance obligations will have their agreements terminated immediately.
• Financial Penalties – Vendors engaged in AML violations or fraudulent activities may be subject to liability claims and damage recovery actions.
• Legal & Regulatory Sanctions – CaizStable may report non-compliant vendors to authorities, resulting in fines, sanctions, and legal proceedings.
d. Criminal Liability for AML Violations
Certain AML breaches may lead to criminal prosecution under local and international financial crime laws, which can result in:
i. Imprisonment (ranging from 5–25 years depending on the jurisdiction and severity of the offense).
ii. Substantial financial penalties imposed by regulatory authorities.
iii. Personal liability for executives, compliance officers, and employees involved in violations.
iv. Regulatory blacklisting, prohibiting access to financial services.
2. Regulatory Fines & Legal Liabilities
a. Overview of Global AML Penalties
Regulatory bodies worldwide impose strict penalties for AML non-compliance, which may include multi-million dollar fines, operational restrictions, and criminal prosecution. CaizStable is fully committed to complying with all relevant AML/CFT regulations to avoid exposure to such liabilities.
b. Corporate & Individual Liability
AML violations can result in both corporate and personal liability for employees, executives, and third-party partners. Potential liabilities include:
i. Corporate Liability
• Regulatory fines and operational sanctions.
• Loss of financial licenses and business restrictions.
• Mandatory remediation programs enforced by regulators.
ii. Individual Liability (Applicable to Employees, Officers, and Directors)
• Personal fines & civil liabilities (executives may be personally fined for AML failures).
• Criminal prosecution & imprisonment for wilful AML violations.
• Disqualification from holding executive positions in financial services.
CaizStable recognizes the severe consequences of non-compliance and commits to ensuring full regulatory alignment to avoid similar penalties.
3. Dispute Resolution
In the event of a dispute, claim, or controversy arising from this Policy, CaizStable has established a structured resolution framework as specified in its Terms of Use, which is incorporated by reference in the present Policy.
