IXFI’s Anti-Money Laundering and Combating the Financing of Terrorism (AML/CTF) Policy

Public Version - Material & General Presentation

The current AML policy has been developed in accordance with the applicable legislation of the Republic of Poland and it presents in a concise manner IXFI’s set of applied internal rules and regulations used in order to check and reveal documentation and information regarding its operation that is under obligatory control, and other operations with money or property that may be in any way connected to money laundering and/or financing of terrorism, and the provision of such information to the state authorities.

MYLTARON spółka z ograniczoną odpowiedzialnością, its subsidiaries and its branches, its directors (together hereinafter referred to as “IXFI” or the « group ») are part of the newest and most dynamic decentralised finance (hereinafter DeFi) services operating from its registered address in the Republic of Poland, Warsaw, registered under the no. 0001133305, tax ID 5214090173, registered as authorised VASP under the Polish FIU with no. RDWW-1582, providing a wide range of products and services in the crypto industry and/or related to the blockchain technology.

IXFI has established this Policy on Anti-Money Laundering and Counter Terrorist Financing (hereinafter « Policy » or « ML/TF Policy ») to ensure compliance with its regulatory obligations, support the broader customer strategy that will ensure a good reputation and contribute to the stability of the DeFi industry and, broader financial system.

As a company, IXFI is committed to carrying on business in accordance with the legal requirements in each jurisdiction where it operates and with respect to the highest ethical standards, including complying with all applicable laws and regulations aimed at combating money laundering and terrorist financing.

This document has been developed with the scope to reduce the risk of money laundering and terrorist financing associated with its business and the sale and/or providing of its services and/or products, explaining how IXFI is complying with Anti-Money Laundering and Counter Terrorist Financing (hereinafter ”AML/CTF”) legislation (hereinafter « AML Laws ») of Poland and around the world and ensuring that any third parties that we engage to act on our behalf, do the same.

IXFI adheres to general money laundering principles that presents this nefarious activity occurring in three stages:

Because the crypto industry is unique in that it can be used to launder funds obtained elsewhere and to generate illicit funds within the industry itself through fraudulent activities, examples of such activities include insider trading, market manipulation, Ponzi schemes, cybercrime, and other investment-related fraudulent activities.

This Policy is intended to help employees, contractors, and other third parties acting on the company’s behalf to understand where breaches of AML Laws might arise and to support them in making the right decisions in line with our corporate position as stated in this Policy.

In case of any employee of IXFI who violates the established internal rules or any legal requirements in relation to AML/CTF legislation or who even permits any third party to violate those rules may be subject to appropriate disciplinary action, up to and including dismissal, and may be subject to personal civil or criminal fines.

Money laundering and terrorist financing activities are threats to the integrity and the stability of the industry, including the DeFi worldwide industry and/or even the international financial system.

IXFI takes very seriously its responsibility to public authorities, its customers, shareholders and regulators to prevent being used to facilitate the movement of criminal proceeds or transfer of funds destined to finance terrorism. IXFI is committed to identifying and managing the AML/CTF-related risks that it is exposed to and to taking proportionate measures required to manage these risks across all jurisdictions in which it operates.

IXFI is determined and undeterred to apply a robust and consistent AML/CTF procedure and/or standards to prevent the use of products, services, or channels for purposes of money laundering and terrorist financing in the jurisdictions in which it operates. This document provides a uniform set of high-level risk management principles and minimum requirements which shall be established, maintained, and operated to prevent, detect, and take proper action against money laundering and terrorist financing.

This Policy applies to IXFI, but wherever local regulations are stricter than the requirements set out in this Policy, the stricter standard shall be applied.

In case any applicable local legal requirements are in conflict with this Policy prohibiting its full application, IXFI may adopt the Policy with amendments. Any material deviations from the Policy shall be reported to IXFI.

Also, this policy shall be read in conjunction with any associated AML/CTF policies and/or related decisions made by IXFI.

To this end, IXFI will only conduct business with clients and/or partners who are involved in legitimate business activity and whose funds are derived from legitimate sources.

Effective AML/CTF risk management is applied in multiple departments and/or activities that are undertaken by IXFI’s team, having proper governance and the establishment of clearly defined roles and responsibilities across its corporate structure.

Decisions are made either based on legal authority, which is held by the Board and the Director/CEO, or based on a delegated mandate from either the Board or the CEO. The function or person with the legal authority or with the mandate to make the final decision is accountable. Accountability may never be delegated—there can only be one accountable function or person with respect to a task.

The function or person assigned to perform a task is responsible. Responsibility can be delegated. There can be multiple responsibilities if a task is performed in several business areas or functions. Roles and responsibilities (hence what a function or person can be held accountable for) are clearly defined and documented in mandates or job descriptions and properly agreed and assigned.

IXFI is committed to having processes and procedures in place to identify and manage the risks that it is exposed to and to take proportionate measures adequate to manage these risks across all jurisdictions in which it operates. The activities through which IXFI is committed to managing ML/TF risks are summarized under its risk strategy, described below, and key risk-related activities further described in this Policy.

As defined in the Policy related to the Risk Management of the risk strategy of the Company, in what regards the assuming, steering, and exercising control of the risks to which IXFI is or could become exposed.

As the overall boundaries for risk-taking are set by the Board through its Risk Appetite statements, the risk strategy for ML/TF risk shall be defined as the framework and processes IXFI has established in order to assume, steer, and exercise control of the ML/TF risks in accordance with the Board’s Risk Appetite statement. Thus, the risk strategy constitutes the holistic output formed by all steering components of IXFI’s AML/CTF framework.

The following types of activities are considered to be “money laundering” and

are prohibited under this Policy:

1. a) the conversion or transfer of property (including money and /or any

other financial assets or elements considered equivalent and /or similar

to a financial asset), knowing or suspecting that such property is derived

from criminal or certain specified unlawful activity ("criminal property"),

for the purpose of concealing or disguising the illicit origin of the

property or of assisting any person who is involved in the commission of

such activity to evade the legal consequences of his action;

2. b) conducting a financial transaction which involves criminal property;

3. c) the concealment or disguise of the true nature, source, location,

disposition, movement, rights with respect to, ownership or control of

criminal property;

4. d) the acquisition, possession or use of criminal property;

5. e) promoting the carrying on of unlawful activity; and

6. f) participation in, association to commit, attempts to commit and

aiding, abetting, facilitating and counselling the commission of any of

the actions mentioned in the foregoing points.

1. Violations of AML Laws may lead to severe civil and/or criminal penalties

against companies and individuals, including significant monetary fines,

imprisonment, extradition, blacklisting, revocation of licences, and

disqualification of directors.

2. In addition, violations of AML Laws can lead to damaging practical

consequences, including harm to reputation and commercial relationships,

restrictions in the way we can do business, and extensive time and cost in

conducting internal investigations and/or defending against government

investigations and enforcement actions.

Examples of red flags to be reported include:

1. Any individual, entity or activity prohibited under applicable AML/CTF laws and

regulations including:

- any bank without a physical presence in a country/jurisdiction (“Shell Bank”)

or a correspondent bank providing services to Shell Banks

- any anonymous, alias or numbered customer, account or safe deposit box

1. A customer provides insufficient, false or suspicious information

or is reluctant to provide complete information

2. Methods or volumes of payment that are not consistent with the

payment policy or that are not customarily used in the course of

business, e.g., payments with money orders, traveller’s checks,

and/or multiple instruments, and payments from unrelated third

parties

3. Receipts of multiple negotiable instruments to pay a single

invoice

4. Requests by a customer or partner to pay in cash

5. Early repayments of a loan, especially if payment is from an

unrelated third party or involves another unacceptable form of

payment

6. Orders or purchases that are inconsistent with the customer’s

trade or business

7. Payments to or from third parties that have no apparent or logical

connection with the customer or transaction

2. Customers operating Payable-Through-Accounts.

3. Customers that provide or facilitate trade in virtual currencies.

4. Customers that have been reviewed in a Customer Review Committee with a

decision to off board due to ML/TF reasons.

5. Entities providing bank services or any other financial services without required

authorisation, license, registration or equivalent requirement for the business.

6. Customers issuing bearer shares or having bearer shares entities within their

ownership structure due to possibility to hide ownership structure (anonymity).

Any customer who is listed on an applicable sanctions list (see Group Policy on

Financial Sanctions).

7. Any activities, customer segments or businesses that are known or suspected to be

illegal, based on applicable laws and regulations governing the business and/or the

business relationship:

• Payment to or from countries considered high risk for money laundering or

terrorist financing ;

• Payments to or from countries considered to be tax havens or offshore

jurisdictions ;

• Payments from countries unrelated to the transaction or not logical for the

customer ;

• A customer’s business formation documents are from a tax haven, or a country

that poses a high risk for money laundering, terrorism or terrorist financing, or

a country that is not logical for the customer ;

• Overpayments followed by directions to refund a payment, especially if

requested to send the payment to a third party ;

• Any customer for whom you cannot determine the true beneficial owner ;

• Structuring transactions to avoid government reporting or record keeping

requirements ;

• Unusually complex business structures, payment patterns that reflect no real

business purpose ;

• Wire transfer activity that is not consistent with the business activities of the

customer, or which originates or terminates with parties unrelated to the

transaction ;

• Unexpected spikes in a customer’s activities ;

The above is not intended to be an exhaustive list.

Deviation from customer and accepted business practice should alert you to further

investigate the activity in accordance with this Policy.

The risk of being exposed to ML/TF depends on multiple risk factors, such as different customer segments, countries/geographic areas, products and services offered, distribution channels used, and transaction flows, and thus changes over time. It is also recognized that the ML/TF risks may vary across IXFI depending on the activities carried out. To adequately and effectively manage and mitigate the ML/TF risks, a risk-based approach shall be applied.

Senior management is responsible for ensuring that their business has a culture of compliance and effective controls to comply with AML laws and regulations to prevent, detect, and respond to money laundering and counter-terrorism financing and to communicate the serious consequences of non-compliance to employees.

Each legal entity within IXFI shall perform a General Risk Assessment to identify, assess, and classify the inherent risks of ML/TF, taking into account risk factors including those relating to customer segments, countries or geographic areas, products, services, transactions, or distribution channels. The risk assessment shall clearly present an overview of the nature and type of risks for ML/TF faced by each legal entity, as well as assessing and describing the levels of those risks. In addition, the mitigating measures and controls in place shall be documented, mapped, and evaluated to assess the residual risks in view of the exposure to inherent risks.

The Registered Users, employees, collaborators, and any third parties have the obligation to read and follow this Policy, to understand and identify any red flags that may arise in their business activities, and to escalate potential compliance concerns related to AML to the Legal & Compliance Department without notifying anyone involved in the transaction. They should not take any actions prior to receiving advice and/or instructions.

In accordance with consistent KYC procedures, IXFI shall have established and well-known methods for customer risk classification. KYC measures include the initial assessment of ML/TF risks associated with the customer relationship, customer due diligence, enhanced customer due diligence where required, simplified customer due diligence where permitted, and ongoing customer due diligence to keep KYC information up-to-date and follow up on the ML/TF risk associated with the customer relationship.

IXFI may receive requests for information from competent authorities or law enforcement in connection with ML/TF investigations. IXFI is fully committed to cooperating with such requests in an effective, prompt, and expedient way.

All alerts generated by the transaction monitoring system and reports of unusual activities filed internally shall be reviewed, and if needed, investigated by IXFI. If required, escalated investigations will result in external reporting to the local Financial Intelligence Unit (in Poland, the Generalny Inspektor Informacji Finansowej - « GIIF »).

Examples of Red Flags:

Prohibited Activities:

All AML/CTF-related documentation, including KYC records, transaction monitoring reports, and escalations, is retained and archived in line with regulatory requirements to ensure traceability and availability without undue delay.

This Policy reflects IXFI’s commitment to robust AML/CTF measures, protecting the integrity of its operations and contributing to the global effort to combat financial crime.