Anti-Money Laundering Policy

1. Regulatory Framework

CoinVault complies with applicable Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) laws and standards, including the FATF (Financial Action Task Force) Recommendations, the EU 5th and 6th AML Directives, the U.S. Bank Secrecy Act, FinCEN guidance on virtual assets, and the jurisdiction-specific AML acts applicable to our licensing and operations. We are committed to the Travel Rule and similar cross-border transparency obligations.

2. Know Your Customer (KYC)

All users must complete identity verification before depositing or investing. KYC procedures include:

• Collection of full legal name, date of birth, nationality, and residential address.
• Government-issued photo ID verification (passport, national ID, or driver's license).
• Proof of address (utility bill or bank statement, less than 3 months old).
• Liveness check and biometric verification where required.
• Politically Exposed Person (PEP) screening and adverse media checks.
• Source of Funds (SOF) and Source of Wealth (SOW) declarations for higher-tier accounts.

3. Sanctions Screening

We screen all users and counterparties against global sanctions lists, including OFAC (US), UN, EU, UK HMT, and other relevant consolidated lists. Screening is performed at onboarding and on an ongoing basis. We refuse service to individuals or entities located in sanctioned jurisdictions (e.g., OFAC comprehensive sanctions countries) and report any positive matches to the appropriate authorities.

4. Transaction Monitoring

We use automated and manual monitoring to detect:

• Structuring or smurfing (multiple sub-threshold transactions).
• Rapid in-and-out movement of funds (potential layering).
• Transfers involving high-risk jurisdictions or non-compliant VASPs.
• Unusual transaction patterns inconsistent with stated account purpose.
• Use of mixers, tumblers, or non-KYC exchanges.
• Transactions linked to darknet markets, scams, or fraud typologies.

Triggered alerts are reviewed by our Compliance team within 24 hours.

5. Enhanced Due Diligence (EDD)

Enhanced Due Diligence is applied to higher-risk relationships, including: PEPs, high-net-worth individuals, users from FATF grey/black-listed jurisdictions, users with complex ownership structures, and any account with unusual activity. EDD measures may include senior management approval, source-of-funds verification, ongoing enhanced monitoring, and reduced transaction thresholds.

6. Suspicious Activity Reporting (SAR/STR)

We file Suspicious Activity Reports (SARs) or Suspicious Transaction Reports (STRs) with the relevant Financial Intelligence Unit (FIU) when activity is suspected to involve money laundering, terrorist financing, sanctions evasion, or other financial crime. Users are not notified of SAR filings ("tipping off" is prohibited).

7. Travel Rule Compliance

For crypto transfers above applicable thresholds, we collect and transmit required originator and beneficiary information to receiving VASPs, in accordance with FATF Recommendation 16 and the Travel Rule.

8. Record Keeping

KYC records and transaction history are retained for a minimum of 5 years after the end of the business relationship, in line with FATF and most jurisdictional requirements. Records are made available to competent authorities upon lawful request.

9. Internal Controls & Training

CoinVault maintains a written AML program approved by senior management, including designated Money Laundering Reporting Officers (MLROs), independent audit, ongoing employee training, and a risk-based approach updated at least annually.

10. Prohibited Activity

CoinVault does not facilitate:

• Money laundering, terrorist financing, or sanctions evasion.
• Tax evasion or fraud.
• Trade in illegal goods or services.
• Market manipulation or insider trading.
• Use of funds derived from criminal activity.

11. Reporting Concerns

If you have concerns about suspicious activity on the platform, contact compliance@coinvault.io. We protect good-faith reporters from retaliation.