AML/KYC Policy

AS PART OF THE IMPLEMENTATION OF COLLECTIVE MEASURES AIMED AT COMBATING THE LEGALIZATION (LAUNDERING) OF PROCEEDS FROM CRIME, THE FINANCING OF TERRORISM AND THE PROLIFERATION OF WEAPONS OF MASS DESTRUCTION, YOU AGREE THAT BY REGISTERING ON THE SITE AND USING THE COMPANY'S PRODUCTS/SERVICES, YOU UNDERTAKE TO PROVIDE US WITH ALL INFORMATION AND ASSISTANCE THAT MAY BE REQUIRED TO COMPLY WITH LAWS ON COMBATING THE LEGALIZATION (LAUNDERING) OF CRIMINAL PROCEEDS, THE FINANCING OF TERRORISM AND THE PROLIFERATION OF WEAPONS OF MASS DESTRUCTION.

1. General Provisions

1.1. UmbrellaX Company (also referred to as "Company", "Service", "we", "our", "ours") carries out its activities in strict accordance with international and national standards developed to combat the legalization (laundering) of proceeds from crime, the financing of terrorism and the proliferation of weapons of mass destruction, and in particular:

• Recommendations of the FATF (Financial Action Task Force on Money Laundering);
• The Seychelles Anti-Money Laundering and Countering the Financing of Terrorism Act 2020 and subsequent amendments thereto;
• The Anti-Money Laundering and Countering the Financing of Terrorism Regulations 2020 and subsequent amendments thereto;
• The Prevention of Terrorism Act 2004 and subsequent amendments thereto;
• and any other regulations and/or circulars and/or guidelines issued from time to time by the Seychelles Financial Services Authority.

1.2. The Company warns Users against attempts to use the Company's products/services for the purposes of legalizing funds obtained through criminal means, financing terrorism, proliferation of weapons of mass destruction, fraud, purchasing prohibited goods and services, illegal actions of any other kind. The Company also warns Users against attempts to conceal information linking them to sanctions lists of legal entities and individuals, countries, and other.

1.3. The AML/KYC Policy is compiled by the Company in accordance with international and national standards to prevent the legalization (laundering) of proceeds from crime, the financing of terrorism, drug and human trafficking, prevent the proliferation of weapons of mass destruction, corruption and bribery, as well as the timely adoption of measures in case of any suspicious activity by Users of the Site https://umbrellax.io/ ("Site") and/or the Company's products/services. The AML/KYC Policy establishes control systems and mechanisms to prevent the involvement of the Company and/or the Company's products/services in the legalization (laundering) of proceeds from crime, and/or in activities to finance terrorism, the proliferation of weapons of mass destruction, and/or violation of established sanctions restrictions, preserving and maintaining the Company's reputation when interacting with Users, counterparties and representatives of authorized bodies.

1.4. This AML/KYC Policy describes the basic standards, principles, rules and approaches used by the Company to study Users and counterparties, conduct risk management activities for money laundering (legalization) of proceeds from crime, financing of terrorism, proliferation of weapons of mass destruction, sanctions and countries.

1.5. To implement the procedures provided for in this AML/KYC Policy, the Company develops and implements an internal system for assessing the level of risk of the User and their operations, determines the minimum necessary set of requirements, procedures, mechanisms, reports, systems and control measures for managing the Company's risks. Such documents comply with this AML/KYC Policy, but are confidential information of the Company with restricted access.

1.6. To implement the procedures provided for in this AML/KYC Policy, the Company has the right to use the services of third-party providers.

1.7. More stringent procedures apply to high-risk Users and operations.

1.8. The Company ensures compliance with the requirements of this AML/KYC Policy and applicable legislation by all employees of the Company.

1.9. Prevention of legalization (laundering) of proceeds from crime, financing of terrorism and proliferation of weapons of mass destruction is one of the main obligations and goals of the Company. As part of this activity, the Company guarantees that:

• it identifies its Users and/or counterparties and ensures that they are indeed the persons they claim to be, by requesting an identity document containing all necessary details;
• it identifies and verifies the permanent address of Users and/or counterparties by providing a recently issued document;
• it monitors operations and business relationships to identify unusual and/or suspicious transactions;
• it collects, evaluates and studies information related to suspicious transactions, and reports suspicious transactions to the relevant competent authorities;
• it continuously monitors all reports of suspicious activity and cooperates closely with the relevant competent authorities;
• it retains copies of documents and information necessary to comply with due diligence requirements, supporting evidence and transaction records necessary to identify transactions and supporting records of correspondence with Users and/or counterparties and other persons with whom business relationships are maintained, for a minimum of 5 years after the end of business relations between the Company and the User and/or counterparty or after the date of a one-time transaction;
• it ensures that all employees are fully aware of their legal obligations in accordance with the Anti-Money Laundering and Countering the Financing of Terrorism Act, and are sufficiently trained in the relevant KYC and AML procedures, as well as what constitutes suspicious activity and the process of internal reporting of such activity to the Company's Responsible Officer;
• it uses all available resources and information to ensure the investigation of all suspicious activities.

1.10. This Policy is part of the User Agreement. By accepting the terms of the User Agreement, you automatically agree to the AML/KYC Policy.

1.11. Please read this AML/KYC Policy carefully. For all questions related to this AML/KYC Policy, you can contact us at the following email address support@umbrellax.io.

1.12. According to the AML/KYC Policy, the words "Site", "Company", "we", "us" or "our" refer to UmbrellaX company, including, without limitation, its owners, directors, investors, employees and other related persons. The AML/KYC Policy is an integral part of the User Agreement. By accepting the terms of the User Agreement, you automatically agree to this AML/KYC Policy.

1.13. Any use of the term "User", "You", "Your" etc. should be understood as a reference to the User of the Site and/or the Company's products/services, subject to this AML/KYC Policy, User Agreement, Privacy Policy.

2. Basic Definitions

2.1. All terms indicated in this AML/KYC Policy in capital letters and without other definitions have the same meanings as in the User Agreement.

Responsible Officer — a person whose obligation is to ensure the effective implementation and compliance with the AML/KYC Policy.

Legalization of proceeds from crime — concealment of the illegal source of funds by converting them into funds or investments that appear legitimate.

Prohibited behavior — any illegal behavior that includes fraud, corruption, money laundering, collusion, financing of terrorism and any other criminal behavior.

Fraud — the use of deception to pursue personal interests and damage the interests of Users and/or the Company through the theft of someone else's property or acquiring rights to it through deception.

Scam — a method of deception, fraud, to obtain money from internet users, may include concealing information or providing false information for the purpose of extorting money, property and inheritance from victims.

Corruption — offering, providing, receiving or soliciting, directly or indirectly, something of value that could improperly influence the actions of another party.

Money laundering — a scheme of financial transactions aimed at concealing the identity, source and destination of illegally obtained money or financing illegal activities. These are actions aimed at concealing or disguising the true origin of proceeds from crime, and further giving their receipt a legitimate character.

Anti-money laundering (AML) — a set of measures and procedures aimed at identifying and/or preventing the use of the Company, its Site and the products/services it provides for the purpose of money laundering.

Counter-terrorist financing (CTF) — a set of measures and procedures aimed at identifying and/or preventing the use of the Company, its Site or the products/services it provides for the purpose of financing terrorism.

Sanctions — economic sanctions — commercial and financial sanctions applied by one or more countries against targeted self-governing states, groups or individuals.

"Red flags" — a warning or indicator suggesting the presence of a potential problem or threat with a User's operation that passes through the Company, its Site and/or in the course of using the Company's products/services.

Collusion — an agreement between two or more parties aimed at achieving an improper purpose, including improperly influencing the actions of another party.

Transaction — a transaction with any digital assets that is made by the User through the Site.

Financing of terrorism — the provision or collection of funds for the purposes of planning or committing actions recognized as terrorist acts, or for financing the operations of terrorist organizations, or on condition that the allocated or collected funds will be used for the aforementioned purposes.

Criminal behavior — a crime in any part of the world or what would qualify as a crime in any part of the world if it occurred there.

Know Your Client (KYC) — a set of measures and procedures aimed at obtaining information about the client and their activities for the purpose of managing the company's risks.

Customer Due Diligence (CDD) — verification of data/information about the User and other checks related to studying the User and their activities, for the purpose of comprehensive risk assessment of the User when accepting them for service and during their service.

Politically Exposed Person (PEP) — an individual who plays a prominent public role within a particular country or at the international level.

Regulatory Requirements — means any applicable law, statute, regulation, order, court decision, decision, recommendation, rule, policy (including, but not exclusively, the KYC/AML Policy, which also includes measures aimed at combating the financing of terrorism and the proliferation of weapons of mass destruction) or guidance adopted or issued by parliament, government or any competent court or authority, or any payment system (including, but not limited to, banking payment systems, card payment systems such as Visa, MasterCard, or any other payment, clearing or settlement system, or similar agreement used to provide products/services).

3. Person Responsible for Policy Compliance

3.1. To control and implement the procedures reflected in the AML/KYC Policy, the Company appoints a Responsible Officer.

3.2. The Responsible Officer determines procedures and rules for identifying Users, verifying and monitoring unusual transactions. The obligation of the Responsible Officer is to control all aspects of this Policy, including:

• collection of User personal data;
• creation and updating of internal policies and procedures for completing, reviewing, providing and storing all reports and records required in accordance with applicable laws and regulations;
• monitoring User activities and investigating significant deviations from standard activity;
• implementation of a records management system for appropriate storage and retrieval of documents, files, forms and logs;
• regular updating of risk assessment;
• providing law enforcement agencies with necessary information in accordance with applicable laws and regulations.

3.3. The Responsible Officer is the Company's contact person when interacting with law enforcement agencies, for the purpose of preventing money laundering, financing of terrorism and other illegal activities.

4. Company's Rights in the Implementation of AML/KYC Policy

4.1. The identity of the User is established through their identification, as well as through analysis of the pattern of their actions. The Company uses data analysis as a tool for risk assessment and identification of suspicious activity. For the purposes of fulfilling existing obligations, the Company collects and systematizes data, maintains records, manages information collection processes and provides reporting.

4.2. In accordance with this AML/KYC Policy, the Company undertakes to monitor all activities and reserves the right to:

• interact with law enforcement agencies involved in preventing money laundering, financing of terrorism and other illegal activities, report to law enforcement agencies about activities of a suspicious nature;
• request any additional information or documents from the User in case of suspicious activities;
• fully or partially suspend the User's access to the account on the Site in case of reasonable suspicion of the User's involvement in illegal activities.

4.3. The list presented is incomplete, monitoring of User actions will be carried out by the Responsible Officer in order to determine whether the User's actions are suspicious, and whether they should be reported to law enforcement agencies or not.

5. Verification Procedure

5.1. Proper verification of Users is one of the international standards for preventing illegal activity. The Company establishes its own verification procedures within the framework of this AML/KYC Policy.

5.2. The Responsible Officer is authorized to require Users to provide documents confirming their identity.

5.3. To complete the verification procedure, the User must provide the Responsible Officer with official documents from independent sources or information (for example, national identity card, international passport, bank statement, utility bill). In order to comply with this AML/KYC Policy, the Responsible Officer reserves the right to request User personal data, as well as take steps to confirm the authenticity of documents and information provided by the User. The Responsible Officer reserves the right to collect information about Users who have been classified as dangerous or suspicious.

5.4. The Responsible Officer is not authorized and not obliged to establish the fact of whether the document provided by the User for identification is legal. However, in case of obvious inconsistencies in the information received, the Responsible Officer has the right to require the User to provide additional documents to identify their identity. The User is obliged to provide the requested data within 5 days from the moment of the request. If the User refuses to provide the required information when necessary, or attempts to mislead the Responsible Officer, this User may be denied services.

5.5. The Responsible Officer reserves the right to verify the User's identity on an ongoing basis, especially if the User has changed personal data or if their activity seemed suspicious (uncharacteristic of a particular User). In addition, the Responsible Officer reserves the right to request updated documents from Users, even if they have previously passed verification.

5.6. Collection, storage, disclosure and protection of User personal data will be carried out strictly in accordance with the Privacy Policy and only to the extent necessary to ensure proper provision of services to Users.

5.7. Once the User's identity is established, the Responsible Officer may waive potential legal liability in a situation where the Company's products/services provided are used by the User to carry out illegal activities.

5.8. If the Responsible Officer discovers signs of suspicious User activity that may be related to legalization (laundering) of proceeds from crime, financing of terrorism, drug and human trafficking, proliferation of weapons of mass destruction, corruption and bribery, information about it will be brought to the attention of competent authorities without the obligation to obtain approval or prior notification of the User.

5.9. The Responsible Officer is guided by lists published by local authorities and international organizations containing the names of persons suspected of terrorist activity, terrorist organizations, high-risk countries, a restricted list of countries subject to UN, US, EU sanctions, as well as high-risk jurisdictions that do not provide a sufficient level of anti-money laundering procedures, to determine whether the User and/or the country of jurisdiction of such User is included in the above lists.

5.10. The Company collects personal information from Users only to the extent necessary to ensure proper provision of services to Users. Such personal information about Users and former Users may be transferred to third parties only under a limited number of circumstances in accordance with applicable laws and/or requests from competent authorities or in the manner provided for in the User Agreement and/or Privacy Policy.

5.11. The Company has the right to suspend the account associated with suspicious activity (including, but not limited to activity that may be defined as legalization (laundering) of proceeds from crime, financing of terrorism, scam, etc.), and ask the owner of such account to undergo an enhanced KYC procedure (request additional necessary documents). If the User does not provide the necessary documents or the documents provided are insufficient to remove suspicion of suspicious activity, the Company has the right to suspend the service of the User's account/operations temporarily or indefinitely, including up to complete blocking of the account and blocking of all assets.

5.12. The Company reserves the right to obtain additional information about Users who have been identified as high-risk Users. Also, if identification information has been changed or the User's actions seemed suspicious to the Company, the latter has the right to request documents from the User again, even if the User has already passed verification earlier.

6. Risk Assessment

6.1. To fulfill its obligations to combat money laundering and counter the financing of terrorism, the Company conducts an annual assessment of the risks of money laundering obtained through criminal means. The purpose of risk assessment is to prevent the Site and/or the Company's products/services from being used for money laundering, highlighting risks and evaluating the controls established by the Company. A risk-based approach is used to identify Users and track how they use the Site and/or the Company's products/services.

6.2. The Responsible Officer is responsible for managing financial crime risks and making improvements in financial crime risk management by identifying general and specific money laundering risks faced by the Company, establishing how these risks are mitigated by the Company's existing controls in this area and determining the residual risk that remains with the Company.

6.3. Any financial operation that may be related to legalization (laundering) of proceeds from crime, financing of terrorism, violation of sanctions restrictions, scam, is considered suspicious.

6.4. The Company independently develops and implements a mechanism for identifying such operations, a system and definition of "red flags", criteria for determining risks. The basis for determining that a particular transaction is suspicious may be personal observations and experience of Company employees, information obtained during KYC procedures, information obtained using specialized analytical programs and/or systems, etc.

6.5. The Company regularly monitors the transactional activity of its Users, updates systems and criteria for "red flags" used to detect suspicious activities, implements best international practices to identify suspicious activities.

6.6. In accordance with applicable laws and requirements of competent international organizations, the Company may, where appropriate, and without obligation to obtain approval or notification of the User, notify regulatory and/or law enforcement agencies of any suspicious operations, as well as provide necessary information in response to requests from such organizations.

6.7. When conducting studies of Users and analyzing their operations, the Company uses the following lists:

• sanctioned persons, known terrorists and/or terrorist organizations, or persons suspected of terrorist activity, published by local authorities and international organizations — OFAC (Office of Foreign Assets Control), EU, UN, etc.;
• jurisdictions that do not provide a sufficient level of anti-money laundering procedures, in accordance with FATF policies, as well as countries subject to OFAC, EU, UN sanctions, etc.;
• high-risk countries, to determine whether the User or potential User and/or the country/jurisdiction of such User is included in the above lists, cooperation with which is prohibited or undesirable.

6.8. The Company continuously conducts due diligence procedures in relation to its Users and carefully verifies the transactions they conduct to ensure the compatibility of these transactions with KYC, their business and, if necessary, their source of income.

6.9. The Company does not establish relations with Users who are included in sanctions lists or registered/located in prohibited territories/jurisdictions or are under the control of such persons.

6.10. If a User is found to have an unacceptably high risk status, the Company may refuse such User further service.

6.11. The Company also reserves the right, upon discovery of suspicious operations, to request additional documents from the User, suspend or terminate the User's account, suspend turnover or freeze the User's assets until the circumstances are clarified, and carry out other actions commensurate with the identified risks.

7. Third Parties

7.1. To perform some of its business functions, the Company may engage third-party service providers or interact with counterparties. The Company makes every effort to study such a service provider/counterparty and their activities, as well as determine, as far as possible, their reputation (whether there are any initiated investigations and lawsuits against any such third-party service providers). The Company also determines whether a third-party provider has obtained all necessary licenses, permits and approvals before establishing a business relationship with such a third-party service provider.

7.2. The Company does not establish relations with a service provider and/or counterparty that are included in sanctions lists or registered/located in prohibited territories/jurisdictions or that are under the control of such persons.

8. Amendment of AML/KYC Policy

8.1. The Company reserves the right at its discretion and at any time to make changes to this AML/KYC Policy (as new risks are identified, new products/services are implemented, changes in applicable legislation) and to exercise control over compliance with its provisions and requirements.

8.2. The current version of the AML/KYC Policy is published on the Site https://umbrellax.io/.

8.3. You acknowledge and agree that you are responsible for periodically reviewing the AML/KYC Policy and familiarizing yourself with changes and additions.

8.4. In case of disagreement with any changes to the AML/KYC Policy, you must immediately stop using the Site and/or the Company's products/services. Your continued use of the Site and/or the Company's products/services after publication of changes to the AML/KYC Policy will be considered as your agreement to these changes.

9. User Obligations

By using the Site and/or the Company's products/services, you guarantee that you do not intend to commit any prohibited actions described in this document. In addition, you agree to any checks related to conducting an investigation in accordance with the AML/KYC Policy, and also agree to fully and promptly cooperate with the Responsible Officer and other authorized persons within the framework of such an investigation. Refusal to cooperate or failure to provide necessary information/documents may serve as grounds for suspension of your service or complete refusal of further service.