Aivora | AI驅動的中心化加密貨幣交易所，智能交易

Dear Global Aivora Users,

Please carefully review Aivora’s AML (Anti-Money Laundering) and KYC (Know Your Customer) policies.

**Aivora’s AML/KYC Policies and Procedures**

This policy pertains to Aivora’s Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) policies and procedures. This policy is intended solely for general information and does not create any legal obligations for Aivora or any other person (natural or otherwise).

**A. Principles and Methods of Aivora’s AML/KYC Operations**

Aivora is committed to supporting AML/KYC operations. In principle, we are dedicated to:

- Conducting due diligence when dealing with our customers and natural persons appointed to act on behalf of our customers;

- Developing business in accordance with high ethical standards and, to the extent possible, preventing the establishment of any business relationships related to or potentially facilitating money laundering or terrorism financing;

- Assisting and cooperating with relevant legal authorities to the fullest extent possible to prevent the threats of money laundering and terrorism financing.

**B. Aivora’s Risk Assessment and Mitigation Approach**

**Risk Assessment**

We anticipate that the majority of our customers will be retail clients, and as of the issuance of this policy, we will primarily operate in the Republic of Seychelles. In this regard, we will:

a. Document and/or collect information regarding:

1) The identity of our customers;

2) The countries or jurisdictions from which our customers originate or are located; and

b. To the best of our knowledge, skills, and abilities, assess and screen our customers, their associates, natural persons appointed to act on behalf of customers, and their beneficial owners, with the assistance of designated persons and entities lists, including but not limited to the following categories:

- Democratic People’s Republic of Korea;

- Democratic Republic of the Congo;

- Iran;

- Libya;

- Somalia;

- South Sudan;

- Sudan;

- Yemen;

- UN1267/1989 Al-Qaeda List;

- UN1988 Taliban List;

- Persons identified in Schedule 1 of the *Terrorism (Suppression of Financing) Act* (Chapter 325).

**Risk Mitigation**

If identified, we will not engage with any individuals or entities on the designated persons and entities lists.

**C. Approach to New Products, Practices, and Technologies**

We shall provide appropriate advice on the identification and assessment of potential money laundering and terrorism financing risks arising from:

- The development of new products and business practices, including new delivery mechanisms;

- The use of new or developing technologies for new and existing products.

We will pay particular attention to any new products, business practices, delivery mechanisms, or technologies that may facilitate anonymity, such as digital tokens (whether securities, payment, or utility tokens).

**D. Customer Due Diligence (CDD) Approach**

We will not open, maintain, or accept anonymous or pseudonymous accounts.

If we have reasonable grounds to suspect that a customer’s assets or funds are proceeds of drug trafficking or criminal conduct, we will not establish a business relationship or conduct transactions for the customer. We will file a Suspicious Transaction Report (STR) for such transactions and provide a copy to the relevant financial intelligence unit.

We will conduct Customer Due Diligence in the following cases:

- When establishing a business relationship with any customer;

- When conducting transactions for customers with whom we have no established business relationship;

- When receiving cryptocurrency via transfer for customers with whom we have no established business relationship;

- When we suspect money laundering or terrorism financing;

- When we doubt the veracity or adequacy of any information.

When we suspect that two or more transactions are or may be related, linked, or deliberately structured to evade AML/CFT measures, we will treat them as a single transaction and aggregate their value to comply with AML/CFT principles.

**Customer Authentication**

We will authenticate each of our customers. To authenticate our customers, we will at minimum ascertain:

- Their full name, including aliases;

- Their unique identification number (e.g., ID card number, birth certificate number, passport number, or business registration number for non-natural persons);

- Their registered address or, if applicable, their registered business address (or principal place of business if different);

- Their date of birth, incorporation, or registration;

- Their nationality or place of registration.

For corporate customers, we will also determine their legal form, articles of association, and powers governing and binding the entity. We will identify their associates (e.g., directors, partners, or persons with executive authority) by obtaining at least:

- Their full name, including aliases;

- Their unique identification number (e.g., ID card number, birth certificate number, or passport number).

**Identity Verification**

We will verify our customers’ identities using reliable, independent source data, documents, or information. For corporate or legal arrangements, we will verify their legal form, proof of existence, articles of association, and governing powers using reliable, independent sources.

**Identifying and Verifying Appointed Representatives**

If a customer appoints one or more natural persons to act on their behalf or is not a natural person, we will:

- Identify each natural person acting or appointed to act on behalf of the customer by obtaining:

- Their full name;

- Their unique identification number;

- Their address;

- Their date of birth;

- Their nationality;

- Verify the identity of such natural persons using reliable, independent source data or documents;

- Verify their authority by obtaining appropriate written evidence of authorization and a signature sample.

For government entities, we will only obtain information necessary to confirm the customer is the claimed government entity.

**Identifying and Verifying Beneficial Owners**

We will inquire whether there are beneficial owners related to the customer. If there are one or more beneficial owners, we will identify them and take reasonable measures to verify their identity using reliable, independent source data or information. Specifically:

- For corporate customers:

- Identify the natural person(s) who ultimately own the entity (individually or jointly);

- If there is doubt about the ultimate owner or no natural person owns the entity, identify the natural person(s) exercising ultimate control or effective control;

- If no natural person is identified, identify the natural person(s) with executive authority.

- For legal arrangements (e.g., trusts):

- Identify the settlor, trustee, protector (if applicable), beneficiaries, and any natural person exercising ultimate ownership, control, or effective control;

- For other legal arrangements, identify equivalent positions.

For non-natural person customers, we will determine the nature, ownership, and control structure of their business.

We will verify the identity of beneficial owners for:

- Entities listed on a stock exchange and subject to regulatory disclosure and transparency requirements;

- Financial institutions compliant with and supervised for FATF AML/CFT standards;

- Investment vehicles managed by such financial institutions;

unless we suspect the CDD information’s veracity or that the customer, business relationship, or transaction may be related to money laundering or terrorism financing. We will document the basis for our determinations.

**Purpose and Nature of Business Relationships and Transactions**

When processing applications to establish business relationships or transactions without an account, we will seek to understand and, where appropriate, obtain information on the purpose and intended nature of the business relationship or transaction.

**Reviewing Transactions Without Accounts**

For transactions conducted without an account, we will review prior transactions to ensure consistency with our knowledge of the customer, their business, risk profile, and source of funds.

**Continuous Monitoring**

We will continuously monitor our business relationships with customers, observing account operations and reviewing transactions to ensure consistency with our knowledge of the customer, their business, risk profile, and, where applicable, source of funds.

We will apply risk mitigation measures for transactions involving cryptocurrency transfers to or from:

- Financial institutions;

- Financial institutions compliant with and supervised for FATF AML/CFT standards.

We will pay particular attention to complex, unusually large, or unusual transaction patterns with no apparent economic or lawful purpose, investigate their background and purpose, and document findings for potential reporting to authorities.

For continuous monitoring, we will establish systems and processes proportionate to our scale and complexity to:

- Monitor business relationships;

- Detect and report suspicious, complex, unusually large, or unusual transaction patterns.

We will ensure CDD data, documents, and information remain relevant and up-to-date, particularly for higher-risk customers.

If there are reasonable grounds to suspect an existing business relationship is related to money laundering or terrorism financing, and we deem it appropriate to retain the customer, we will:

- Document the reasons for retention;

- Apply corresponding risk mitigation measures, including enhanced monitoring.

For high-risk customers, we will apply enhanced CDD measures, including obtaining senior management approval to retain the customer.

**Non-Face-to-Face Business Relationships or Transactions**

We will establish policies and procedures to address risks associated with non-face-to-face business relationships or transactions. These measures will be at least as stringent as those for face-to-face interactions. For initial non-face-to-face contact, we will engage an external auditor or independent qualified consultant to assess the effectiveness of these policies and procedures, including any technical solutions for managing fraud risks, and submit a report to the authorities within one year of implementation.

**Reliance on Measures by Acquired Payment Service Providers**

When acquiring another payment service provider’s business, we will apply measures to customers obtained through the acquisition unless we:

- Obtain all corresponding customer records (including CDD information) with no doubts about their accuracy or adequacy;

- Conduct due diligence confirming the adequacy of the acquired provider’s AML/CFT measures and document the process.

**Measures for Non-Account Holders**

For transactions with customers with no other business relationship, we will:

- Apply CDD measures as if the customer applied to establish a business relationship;

- Record sufficient transaction details to reconstruct the transaction, including its nature, date, currency type, amount, effective date, and recipient or beneficiary details.

**Timing of Verification**

We will complete identity verification of customers, appointed representatives, and beneficial owners before:

- Establishing a business relationship;

- Conducting any transaction for a customer without an established business relationship;

- Facilitating or receiving digital payment tokens via value transfer for a customer without an established business relationship.

Verification may be deferred if:

- It is critical to avoid disrupting normal business operations;

- Money laundering and terrorism financing risks can be effectively managed.

In such cases, we will:

- Implement internal risk management policies and procedures for establishing such relationships before verification;

- Complete verification as soon as reasonably practicable.

**Failure to Complete Measures**

If we cannot complete required measures, we will not commence or continue a business relationship or conduct any transactions. We will consider whether a Suspicious Transaction Report is necessary.

**Joint Accounts**

For joint accounts, we will treat each account holder as an individual customer and apply CDD measures accordingly.

**Screening**

We will screen customers, appointed representatives, associates, and beneficial owners against lists and information provided by authorities to identify money laundering or terrorism financing risks:

- When establishing a business relationship (or as soon as reasonably practicable thereafter);

- Before conducting transactions for customers without an established business relationship;

- Before facilitating or receiving digital assets via value transfer for customers without an established business relationship;

- Periodically after establishing a business relationship;

- When there are updates to authority-provided lists or information or changes to appointed representatives, associates, or beneficial owners.

We will screen all value transfer remitters and recipients and record the results.

**E. Enhanced Customer Due Diligence (ECDD)**

**Politically Exposed Persons (PEPs)**

We will use reasonable means to determine if a customer, appointed representative, associate, beneficial owner, or their family members or close associates is a PEP. If identified as a PEP, we will, in addition to standard CDD measures:

- Obtain senior management approval to establish or continue the business relationship;

- Determine the source of wealth and funds of the customer and beneficial owners;

- Enhance monitoring of the business relationship, escalating scrutiny for unusual transactions.

**High-Risk Categories**

We recognize higher money laundering or terrorism financing risks in cases including:

- Customers or beneficial owners from jurisdictions identified by FATF as requiring AML/CFT countermeasures;

- Customers or beneficial owners from jurisdictions identified by us or authorities as having inadequate AML/CFT measures.

We will apply enhanced CDD measures for high-risk customers or those identified by authorities as posing higher risks.

**F. Handling of Bearer Negotiable Instruments and Cash Payment Restrictions**

We will not make payments in the form of bearer negotiable instruments or cash.

**G. Value Transfer Approach (To Be Implemented as Needed)**

If acting as a remitting institution, before executing a value transfer, we will:

- Identify the remitter and take reasonable measures to verify their identity (if not previously done);

- Record details of the value transfer, including the date, type, value, and effective date of the transferred digital assets.

We will include in the memorandum or payment instructions accompanying the value transfer:

- Remitter’s name;

- Remitter’s account number (or unique transaction reference number, if applicable);

- Recipient’s name;

- Recipient’s account number (or unique transaction reference number, if applicable).

For value transfers exceeding a specific threshold, we will verify the remitter’s identity and include:

- Remitter’s address or registered/business address (and principal place of business if different);

- Remitter’s unique identification number or date and place of birth;

- Details of the value transfer’s registration.

We will securely and immediately submit all remitter and recipient information to the receiving institution and record it. If unable to meet these requirements, we will not execute the value transfer.

As a receiving institution, we will identify value transfers lacking necessary remitter or recipient information. If paying the value of transferred digital assets in cash or cash equivalents, we will verify the recipient’s identity (if not previously verified).

We will review and document any instances of missing remitter or recipient information before executing value transfers. As an intermediary institution, we will retain and securely provide all relevant information and store received information for at least five years.

**H. Record Keeping**

We will retain appropriate records for at least five years as required.

**I. Personal Data**

We will protect customers’ personal data in accordance with applicable regulations.

**J. Suspicious Transaction Reports (STRs)**

We will notify relevant authorities and submit STRs as required by law, maintaining records of all such transactions and reports.

**K. Compliance, Audit, and Training Policies**

Among other measures, we will appoint an AML/CFT compliance officer at the management level, maintain independent audit capabilities, and provide regular AML/CFT training to employees.

**Comprehensive Money Laundering/Terrorism Financing Risk Assessment**

We will conduct a comprehensive risk assessment in three stages:

**Stage 1: Inherent Risk Assessment**

We will assess inherent risks related to:

- Customers or entities we deal with;

- Products or services, particularly cryptocurrency OTC services;

- Geographic scope, avoiding dealings with customers on designated persons and entities lists.

**Stage 2: Risk Control Measures Assessment**

We will evaluate risk control measures for the above, monitoring and conducting enhanced due diligence on suspicious customers.

**Stage 3: Residual Risk Assessment**

We will assess residual risks after evaluating risk control measures.