AML & KYC Policy

Currency exchange services can be attractive targets for people who try to hide the illegal origin of funds, finance terrorism, avoid sanctions or commit fraud. PiPExchange is firmly committed to preventing its platform from being used for such purposes.

This Policy describes the measures we take to identify customers, understand transactions and react to suspicious activity, as well as the responsibilities you have as a user.

This AML / KYC Policy applies to all users of PiPExchange, including:

• individual clients,
• business and institutional users, and
• any person acting on behalf of another party (for example as a representative or agent).

By using our services, you agree that we may apply the checks and controls described here.

This Policy complements, and should be read together with, our Terms of Service and Privacy Policy. If there is a conflict, the Terms of Service prevail, but we aim to keep all documents consistent and mutually supportive.

PiPExchange aims to comply with all AML / CFT (Counter-Terrorist Financing), sanctions and related regulations that apply to its activities in the jurisdictions where it operates or has legal obligations.

Where requirements conflict across jurisdictions, we may apply the stricter standard to protect the integrity of our service.

Not all customers, products and transactions present the same level of risk. We apply a risk-based approach, which means we use stronger controls where risk is higher, and lighter controls where risk is lower and justified.

This allows us to protect the platform effectively while still offering a smooth experience for legitimate users.

We need to know who we are dealing with and understand the purpose of the relationship. This is achieved through identity verification (KYC), understanding source of funds where relevant, and ongoing monitoring of activity.

Depending on the product, volume, direction and risk indicators, we may require KYC:

• before you can use the service at all,
• once your total turnover reaches specific thresholds,
• when a particular transaction appears unusual or high-risk, or
• when we have doubts about the information previously provided.

We may decline to process orders or limit functionality until KYC is successfully completed.

As part of KYC, we may request some or all of the following, depending on your profile:

• Full name, date of birth and contact details
• Government-issued ID (passport, ID card, driver’s licence)
• Selfie with ID for liveness and match checks
• Proof of address (utility bill, bank statement, tax or municipal letter)
• For businesses: registration documents, ownership structure and authorised signatories
• Proof of funds or source of funds / wealth for larger or high-risk transfers

In some cases, we might rely on trusted third-party KYC providers to collect or verify this information on our behalf.

KYC is not always a one-time event. We may ask you to refresh or update your information, for example when:

• documents expire,
• your activity pattern changes significantly, or
• regulations or internal policies require updated data.

If you do not provide requested updates within a reasonable time, we may restrict or close your account.

When assessing risk, we may consider (among other things):

• the country of your residence or registration,
• the type of payment methods and currencies you use,
• the size, frequency and pattern of your transactions,
• whether you act as an individual or on behalf of a business, and
• any external information (for example, negative media or sanctions lists).

We may assign customers and transactions to different risk categories (for example low, medium, high). Higher risk categories may lead to:

• additional KYC requirements,
• lower limits or slower processing,
• manual review of specific orders, or
• in extreme cases, rejection of the relationship or transaction.

We do not publish our internal scoring models to protect the effectiveness of our controls.

We monitor transactions on PiPExchange using a combination of automated tools and manual review. The aim is to identify:

• patterns that do not match your profile,
• unusual or complex transaction structures, and
• links to sanctioned entities, high-risk jurisdictions or known fraud patterns.

Without limiting our ability to act in other situations, examples of red flags include:

• rapid movement of funds between multiple accounts with no clear purpose,
• orders split into many small transfers in a pattern that suggests “structuring”,
• use of third-party accounts without a transparent business reason,
• transactions inconsistent with stated source of funds or profile,
• attempts to bypass AML / KYC checks or provide obviously false documents.

If we detect red-flag behaviour, we may delay, block or cancel transactions and request additional information.

You may not use PiPExchange to support, directly or indirectly:

• money laundering or terrorist financing,
• fraud, scams or pyramid schemes,
• sale of illegal goods or services,
• tax evasion or concealment of criminal proceeds, or
• any activity prohibited by applicable law or our Terms of Service.

In most cases we only accept payments from, and send payouts to, accounts and wallets that belong to you personally or to the business you legally represent.

Use of “money mule” accounts, anonymous wallets controlled by third parties or nominee arrangements without a clear legitimate purpose is strictly prohibited and may lead to immediate account closure and reporting to authorities where required by law.

We may screen customers and transactions against relevant sanctions lists and restrictions (for example international, regional or local lists). If we identify a match or potential match, we may:

• deny service or terminate the relationship,
• freeze or block certain transactions, and
• make reports to competent authorities when legally required.

Customers who are, or become, politically exposed persons (PEPs) — or their close associates or family members — may be subject to additional due diligence and ongoing monitoring.

In some cases, we may decide not to enter into or continue relationships with certain PEPs if we consider the risk unacceptably high.

We may restrict or refuse services to persons or entities located in, or closely connected to, jurisdictions that are:

• subject to comprehensive sanctions, or
• classified as having strategic AML / CFT deficiencies by international bodies.

Our list of restricted or high-risk jurisdictions may change over time as regulations and risk assessments evolve.

To meet legal and regulatory requirements, we may retain:

• copies of identification documents,
• records of transactions, and
• internal notes related to risk assessments and investigations

for a period defined by applicable law or internal policy after the end of the business relationship. This period is typically measured in years, not months.

We apply technical and organisational measures to protect AML / KYC data against unauthorised access, loss or misuse. Access to such data is limited to trained staff and trusted service providers who need it to perform their duties.

Our handling of personal data, including AML / KYC information, is further described in our Privacy Policy.

Where required by law, we may file reports with competent authorities if we know, suspect, or have reasonable grounds to suspect that funds are the proceeds of crime or related to terrorist financing, or that a transaction is otherwise suspicious.

In many jurisdictions, we are legally prohibited from informing you if and when such a report has been made (“tipping off” rules).

We may respond to lawful requests from law-enforcement, regulatory or supervisory authorities, subject to applicable data-protection laws. This can include providing transaction records, KYC information or internal analysis where required.

You must provide true, accurate and complete information when creating an account, placing orders or submitting documents to PiPExchange, and keep it up to date.

Providing false information or forged documents is a serious violation and may lead to immediate account closure and reporting to authorities where required by law.

You agree to cooperate with our AML / KYC processes, including:

• responding to requests for additional information or documents,
• explaining the nature and purpose of certain transactions, and
• confirming the source of funds where reasonably requested.

Failure to cooperate may lead to restrictions, order cancellation or account closure.

You should use only accounts and wallets that belong to you or to the business you are authorised to represent. If you act on behalf of a business, you must have sufficient authority to do so and, when requested, provide evidence of such authority.

PiPExchange designates internal roles responsible for AML / KYC compliance, including oversight of procedures, staff training and periodic reviews of the effectiveness of this Policy.

Depending on the size and structure of our business, this function may be performed by a dedicated compliance officer or an equivalent role.

Employees involved in onboarding, payments, support and technical operations receive AML / KYC training appropriate to their responsibilities. Training is refreshed regularly and when regulations or internal policies change.

We may update this AML / KYC Policy from time to time, for example to reflect:

• changes in applicable law or regulatory guidance,
• evolution of our products or risk profile, or
• improvements in our controls and monitoring tools.

When we make material changes, we will update the “Last updated” date on this page and, where appropriate, inform you via the website or by email.

Important: this Policy is a template and starting point. Before using it as your formal AML / KYC Policy, it should be reviewed and adapted by a qualified legal or compliance professional who understands your exact corporate structure, licences and jurisdictions.