Anti-Money Laundering & KYC Policy

1. AML/CFT Program Overview

3-102-954669 S.R.L., a sociedad de responsabilidad limitada organized under the laws of the Republic of Costa Rica (operating as "XEX"), and its affiliated entities (collectively, "XEX," "the Platform," "we," "us," or "our") are committed to the highest standards of anti-money laundering ("AML") and counter-terrorist financing ("CFT") compliance. This Anti-Money Laundering and Know Your Customer Policy (this "Policy") sets forth the principles, procedures, and controls that govern our AML/CFT program and applies to all users, employees, contractors, and agents of XEX.

XEX maintains a comprehensive, risk-based AML/CFT program designed to comply with applicable laws and regulations, including but not limited to the Bank Secrecy Act ("BSA"), the USA PATRIOT Act, the European Union Anti-Money Laundering Directives (AMLD), the Financial Action Task Force ("FATF") Recommendations, and the anti-money laundering laws and regulations of each jurisdiction in which we operate. Where local regulations impose stricter requirements than those described herein, XEX adheres to the more stringent standard.

Our AML/CFT program is built upon the following core pillars:

• Risk-Based Approach: We allocate compliance resources commensurate with the level of risk presented by individual customers, products, services, geographies, and delivery channels. Higher-risk relationships receive enhanced scrutiny and monitoring.
• Designated Compliance Officer: XEX has appointed a qualified Chief Compliance Officer ("CCO") with full authority and responsibility for the implementation, oversight, and continuous improvement of the AML/CFT program. The CCO reports directly to senior management and has unimpeded access to the Board of Directors.
• Independent Audit: The AML/CFT program is subject to periodic independent testing by qualified third parties to evaluate its effectiveness, identify deficiencies, and recommend enhancements.
• Continuous Improvement: XEX monitors evolving regulatory guidance, emerging typologies, and industry best practices to ensure that our program remains current and effective in detecting and preventing financial crime.

By accessing or using the XEX platform, you acknowledge and agree that you are subject to this Policy and that XEX may take any action it deems necessary, in its sole and absolute discretion, to comply with its AML/CFT obligations, including but not limited to restricting, suspending, or terminating your account, freezing or seizing assets, delaying or refusing transactions, and reporting suspicious activity to applicable authorities.

2. Customer Identification Program (CIP)

XEX maintains a Customer Identification Program ("CIP") that establishes reasonable and practicable procedures for verifying the identity of each individual or entity that seeks to open an account or otherwise transact on the Platform. No person may access trading, deposit, withdrawal, or other core Platform functionality until their identity has been satisfactorily verified in accordance with these procedures.

2.1 Required Information — Individual Accounts

At a minimum, XEX collects the following information from each individual customer prior to account activation:

• Full legal name (as it appears on a government-issued identity document)
• Date of birth
• Residential address (P.O. boxes are not accepted as a primary address)
• Nationality and country of residence
• Government-issued identification number (e.g., passport number, national identity card number, or equivalent)
• Valid email address and telephone number
• Tax identification number (where required by applicable law)
• Source of funds declaration

2.2 Required Information — Corporate and Institutional Accounts

For corporate, institutional, and other non-individual accounts, XEX additionally collects:

• Full legal name of the entity and any trade names
• Jurisdiction of incorporation or registration
• Certificate of incorporation, registration, or equivalent formation documents
• Registered office address and principal place of business
• Articles of association, operating agreement, or equivalent constitutional documents
• Register of directors and officers, including full legal names, dates of birth, and nationalities
• Identification and verification of all Ultimate Beneficial Owners ("UBOs") holding 10% or more of ownership or voting rights, or who otherwise exercise effective control
• Board resolution or power of attorney authorizing the person(s) operating the account on behalf of the entity
• Proof of regulatory status or licensure (if applicable)
• Tax identification number or equivalent
• Audited financial statements (for accounts above applicable thresholds)

2.3 Verification Methods

XEX employs a combination of documentary and non-documentary methods to verify customer identity:

• Documentary Verification: Government-issued photo identification (passport, national identity card, or driver's license), proof of address documentation (utility bill, bank statement, or government correspondence dated within the preceding three months), and corporate formation documents.
• Non-Documentary Verification: Comparison of customer-provided information against independent, reliable data sources including, without limitation, credit bureaus, government databases, and commercially available identity verification services.
• Biometric Verification: Liveness detection and facial recognition technology to confirm that the person presenting identity documents is the genuine holder thereof.
• Database Cross-Referencing: Real-time screening against global sanctions lists, PEP databases, adverse media databases, and law enforcement watchlists.

XEX reserves the right to request additional documentation or information at any time, including after account opening, and to restrict or suspend account functionality until satisfactory verification is completed. Failure to provide requested information within the timeframe specified by XEX may result in account closure.

3. Customer Due Diligence (CDD)

XEX performs Customer Due Diligence ("CDD") on all customers to establish a comprehensive understanding of the customer's identity, the nature and purpose of the business relationship, the expected transaction patterns, and the source of funds. CDD is conducted at account opening and on an ongoing basis throughout the duration of the relationship.

3.1 Standard Due Diligence Procedures

Standard CDD procedures include:

• Verification of the customer's identity using the CIP procedures described in Section 2
• Determination of the customer's risk profile based on the risk assessment methodology described in Section 12
• Understanding the nature and purpose of the customer's intended use of the Platform, including anticipated transaction types, volumes, and frequencies
• Identification of the source of funds and, where applicable, the source of wealth
• Screening against sanctions lists, PEP databases, and adverse media sources
• Assessment of the customer's geographic risk based on country of residence, nationality, and transaction counterparties
• Documentation and retention of all CDD findings in accordance with our record-keeping requirements

3.2 Ongoing Due Diligence

CDD is not a one-time exercise. XEX continuously monitors customer relationships and conducts periodic reviews to ensure that customer information remains current and accurate, that the customer's risk profile remains appropriate, and that transaction activity is consistent with the stated purpose of the account. Customers are required to promptly update XEX regarding any material changes to their personal information, source of funds, or intended use of the Platform.

XEX reserves the right to re-verify any customer at any time and to restrict or suspend account functionality pending the satisfactory completion of updated due diligence. Periodic re-verification shall occur at minimum intervals determined by the customer's risk classification: annually for high-risk customers, every two years for medium-risk customers, and every three years for low-risk customers.

4. Enhanced Due Diligence (EDD)

Where a customer, transaction, or relationship presents a higher level of risk, XEX applies Enhanced Due Diligence ("EDD") measures that go beyond standard CDD requirements. EDD is mandatory and is applied without exception in the circumstances described below.

4.1 Triggers for Enhanced Due Diligence

EDD is required in the following circumstances, among others as determined by the Compliance team:

• The customer is a Politically Exposed Person ("PEP"), a family member of a PEP, or a close associate of a PEP
• The customer resides in, is a national of, or conducts significant business in a jurisdiction identified as high-risk by FATF, the European Commission, or XEX's internal risk assessment
• The customer's transaction volumes exceed established thresholds or are inconsistent with the customer's stated profile
• The customer operates in a high-risk industry, including but not limited to gambling, adult entertainment, weapons, precious metals and stones, shell companies, or correspondent banking
• The customer's account activity has generated suspicious activity alerts
• The customer is a trust, nominee arrangement, bearer share corporation, or other legal structure that may obscure beneficial ownership
• The transaction involves a high-risk cryptocurrency or privacy-enhanced coin (e.g., Monero, Zcash shielded transactions, Tornado Cash-linked addresses)
• The source of funds or source of wealth cannot be readily ascertained through standard CDD

4.2 Additional EDD Measures

When EDD is triggered, XEX applies one or more of the following additional measures, as appropriate:

• Detailed source of wealth verification, including documentary evidence such as tax returns, audited financial statements, property records, employment verification, or inheritance documentation
• Enhanced source of funds verification for individual transactions, including bank statements and evidence of the legitimate origin of funds
• Senior management approval for account opening, continuation, or specific transactions
• Increased transaction monitoring frequency and reduced alert thresholds
• Ongoing adverse media screening at increased frequency
• Requirement for face-to-face or video verification
• Restriction of available products, services, or transaction types pending satisfactory completion of EDD
• Imposition of lower transaction limits and mandatory cooling-off periods for large withdrawals
• Independent review by an external compliance consultant

XEX shall decline to establish or continue a business relationship where EDD cannot be satisfactorily completed. In such circumstances, XEX will consider whether a suspicious activity report is warranted.

5. Ongoing Transaction Monitoring

XEX operates a comprehensive, multi-layered transaction monitoring program designed to detect, investigate, and report suspicious activity in real time or on a near-real-time basis. Our monitoring systems combine automated, rule-based detection with advanced machine learning models and blockchain analytics to identify patterns indicative of money laundering, terrorist financing, sanctions evasion, fraud, or other illicit activity.

5.1 Automated Monitoring Systems

XEX's automated transaction monitoring infrastructure includes:

• Real-Time Transaction Screening: All deposits, withdrawals, trades, and transfers are screened in real time against configurable rule sets and risk parameters. Transactions that exceed defined thresholds or match suspicious patterns are automatically flagged for review.
• Blockchain Analytics: On-chain transaction monitoring using industry-leading blockchain analytics tools to trace the provenance and destination of digital assets, identify exposure to high-risk addresses (including darknet markets, mixers/tumblers, sanctioned entities, ransomware, and fraud), and calculate risk scores for incoming and outgoing transactions.
• Behavioral Analytics: Machine learning models that establish baseline behavioral profiles for each customer and detect deviations from expected patterns, including unusual trading activity, atypical login behavior, rapid movement of funds, and structuring or layering attempts.
• Cross-Account Analysis: Systems that identify relationships between accounts based on shared identifiers, IP addresses, device fingerprints, wallet addresses, and behavioral correlations to detect networks of related accounts engaged in coordinated suspicious activity.

5.2 Suspicious Patterns and Indicators

Without limitation, XEX monitors for the following suspicious activity indicators:

• Structuring or splitting transactions to avoid reporting or verification thresholds
• Rapid movement of funds through the Platform with minimal or no trading activity (pass-through or layering)
• Deposits from or withdrawals to wallets associated with illicit activity, mixers, tumblers, or privacy-enhancing protocols
• Transactions involving jurisdictions subject to comprehensive sanctions or identified as high-risk
• Significant discrepancies between a customer's declared source of funds and observed transaction activity
• Frequent and unexplained changes to account details, including wallet addresses, email addresses, or identity information
• Transactions that lack an apparent economic rationale or legitimate business purpose
• Use of multiple accounts, IP addresses, or devices by a single individual
• Sudden increases in transaction volume or value inconsistent with historical patterns
• Conversion of digital assets to privacy coins or withdrawal to unhosted wallets immediately following deposit

5.3 Threshold Monitoring

XEX maintains and regularly updates transaction thresholds that trigger additional review or reporting obligations. These thresholds are calibrated to the regulatory requirements of each jurisdiction in which we operate and are supplemented by risk-based thresholds tailored to specific customer segments, products, and geographies. Threshold values are confidential and are not disclosed to customers or the public.

6. Suspicious Activity Reporting (SAR/STR)

XEX is committed to fulfilling all obligations to file Suspicious Activity Reports ("SARs"), Suspicious Transaction Reports ("STRs"), and equivalent reports as required by the laws and regulations of each jurisdiction in which we operate. The filing of such reports is a legal obligation that XEX takes with the utmost seriousness.

6.1 Filing Obligations

XEX files SARs/STRs with the appropriate Financial Intelligence Unit ("FIU") or regulatory authority whenever XEX knows, suspects, or has reasonable grounds to suspect that a transaction or attempted transaction:

• Involves funds derived from illegal activity or is intended to hide or disguise funds derived from illegal activity
• Is designed to evade any reporting or recordkeeping requirement under applicable law
• Lacks a lawful purpose or is not the sort of activity in which the particular customer would normally be expected to engage
• Involves the use of the Platform to facilitate criminal activity, including but not limited to money laundering, terrorist financing, fraud, tax evasion, or sanctions evasion
• Involves a customer or transaction party that is the subject of a law enforcement inquiry

6.2 No Tipping-Off

In accordance with applicable law, XEX strictly prohibits the disclosure to any customer, or any third party, of the fact that a SAR/STR has been or will be filed, or that a related investigation is being or has been conducted. This prohibition applies to all XEX employees, officers, directors, contractors, and agents. Any violation of this prohibition is a serious offense that may result in immediate termination of employment or engagement and referral to law enforcement authorities.

If your account is restricted, suspended, or terminated, or if a transaction is delayed or blocked, XEX is under no obligation to disclose the reason for such action, and you agree that XEX shall have no liability whatsoever for any losses, damages, or inconvenience arising from or in connection with such action.

6.3 Internal Escalation Procedures

XEX maintains documented internal escalation procedures for the identification, investigation, and reporting of suspicious activity:

1. Detection: Suspicious activity is initially identified through automated monitoring systems or by XEX personnel during the ordinary course of their duties.
2. Initial Review: The Compliance team conducts a preliminary assessment to determine whether the activity warrants further investigation.
3. Investigation: Where further investigation is warranted, a compliance analyst conducts a thorough review of all available information, including customer identification data, transaction history, blockchain analytics, and any relevant external information.
4. Decision: The investigating analyst prepares a recommendation, which is reviewed and approved by the CCO or a designated deputy. The decision to file a SAR/STR is made by the CCO.
5. Filing: Approved SARs/STRs are filed with the appropriate FIU within the timeframe required by applicable law, and in no event later than the statutory deadline.
6. Follow-Up: Filed SARs/STRs are subject to ongoing monitoring, and supplemental reports are filed as warranted by new information or continued suspicious activity.

7. Sanctions Screening (OFAC, UN, EU)

XEX maintains a robust sanctions compliance program designed to ensure that the Platform is not used, directly or indirectly, by or for the benefit of any person, entity, or jurisdiction that is the subject of economic or trade sanctions administered or enforced by any relevant authority.

7.1 Screening Scope

XEX screens all customers, transaction counterparties, and beneficial owners against the following sanctions lists, among others:

• United States: Office of Foreign Assets Control ("OFAC") Specially Designated Nationals and Blocked Persons List ("SDN List"), Sectoral Sanctions Identifications List, Non-SDN Menu-Based Sanctions List, and all other OFAC-administered lists
• United Nations: UN Security Council Consolidated Sanctions List
• European Union: EU Consolidated List of Persons, Groups, and Entities Subject to EU Financial Sanctions
• United Kingdom: HM Treasury ("HMT") Consolidated List of Financial Sanctions Targets and Office of Financial Sanctions Implementation ("OFSI") list
• Other Jurisdictions: Sanctions lists maintained by the regulatory authorities of each jurisdiction in which XEX operates, including but not limited to those of Australia, Canada, Singapore, Japan, and Hong Kong

7.2 Real-Time Screening

Sanctions screening is performed at the following touchpoints:

• At the point of account registration, prior to account activation
• On an ongoing, real-time basis against updated sanctions lists as they are published
• Prior to the execution of any deposit, withdrawal, or transfer
• At periodic intervals as part of ongoing customer due diligence reviews
• Upon the occurrence of any trigger event, such as a change in customer information or a regulatory update

7.3 Consequences of a Positive Match

In the event of a confirmed or potential positive match against any sanctions list, XEX shall immediately:

• Block or freeze all assets and accounts associated with the matched individual or entity
• Reject any pending or attempted transactions
• Report the match to the relevant sanctions authority (e.g., OFAC, OFSI) within the required timeframe
• Preserve all records and evidence related to the match for production to law enforcement or regulatory authorities upon request

XEX shall not unblock, release, or otherwise make available any blocked assets without prior written authorization from the applicable sanctions authority.

8. PEP Screening

XEX identifies and applies enhanced measures to Politically Exposed Persons ("PEPs") in accordance with FATF recommendations and applicable law. A PEP is defined as any individual who is or has been entrusted with a prominent public function, including but not limited to heads of state, senior government officials, senior judiciary members, senior military officers, senior executives of state-owned enterprises, and officials of major political parties.

8.1 PEP Identification

XEX screens all customers and their beneficial owners against comprehensive PEP databases at account opening and on a continuous, ongoing basis. Our PEP identification process covers:

• Domestic and foreign PEPs
• International organization PEPs (e.g., senior officials of the United Nations, European Commission, World Bank, IMF)
• Immediate family members of PEPs, including spouses, partners, parents, children, and siblings
• Close associates of PEPs, including known business partners, legal advisors, and individuals with joint beneficial ownership of legal entities or arrangements

8.2 Enhanced PEP Measures

Where a customer is identified as a PEP or a PEP-related person, XEX applies the following enhanced measures:

• Senior management approval is required to establish or continue the business relationship
• Rigorous verification of the source of funds and source of wealth, supported by documentary evidence
• Enhanced ongoing monitoring with increased frequency of periodic reviews and reduced alert thresholds
• Enhanced adverse media monitoring
• Lower transaction thresholds for triggering additional review
• Annual or more frequent comprehensive reviews of the relationship

XEX reserves the right to decline to establish or to terminate a business relationship with any PEP at any time, in its sole discretion, where the risk cannot be adequately managed.

9. Travel Rule Compliance

XEX complies with the Financial Action Task Force ("FATF") Recommendation 16 (the "Travel Rule") and its implementing legislation in all applicable jurisdictions. The Travel Rule requires Virtual Asset Service Providers ("VASPs") to obtain, hold, and transmit required originator and beneficiary information when conducting virtual asset transfers.

9.1 Originator and Beneficiary Information

For qualifying transfers, XEX collects and transmits the following information to the receiving VASP:

• Originator's full legal name
• Originator's account number or unique transaction reference
• Originator's physical address, national identity number, customer identification number, or date and place of birth
• Beneficiary's full legal name
• Beneficiary's account number or unique transaction reference

9.2 Threshold Amounts

Travel Rule obligations apply to virtual asset transfers that equal or exceed the applicable jurisdictional threshold. Currently, the primary thresholds recognized by XEX include:

• USD/EUR 1,000 (or equivalent) as recommended by FATF and adopted by certain jurisdictions including the European Union (under MiCA/TFR), Singapore, and others
• USD 3,000 (or equivalent) under the United States BSA/FinCEN framework
• Other thresholds as specified by applicable local regulations

Where jurisdictional thresholds differ, XEX applies the lower threshold to ensure compliance across all applicable regulatory regimes.

9.3 VASP Cooperation

XEX participates in industry Travel Rule compliance networks and protocols to facilitate the secure exchange of required information with counterparty VASPs. Where a counterparty VASP is unable or unwilling to provide the required Travel Rule information, XEX reserves the right to delay, block, or return the transfer. XEX conducts due diligence on counterparty VASPs to assess their regulatory status, AML/CFT controls, and the reliability of their Travel Rule compliance.

10. Record Keeping Requirements

XEX maintains comprehensive records of all customer identification data, due diligence findings, transaction records, and suspicious activity reports in accordance with applicable laws and regulations. Proper recordkeeping is essential to our ability to comply with regulatory requirements, respond to law enforcement inquiries, and support internal investigations.

10.1 Retention Periods

XEX retains all records for a minimum of five (5) years following the termination of the customer relationship or the date of the last transaction, whichever is later. Where applicable law or regulation requires a longer retention period, XEX adheres to the longer period. Certain categories of records may be retained indefinitely where warranted by the nature of the information or ongoing legal or regulatory proceedings.

10.2 Categories of Records Maintained

Records maintained by XEX include, without limitation:

• Identity Documents: Copies of all identity verification documents provided by or obtained in respect of customers and beneficial owners, including government-issued identification, proof of address, and corporate formation documents
• Transaction Records: Complete records of all transactions conducted on or through the Platform, including deposits, withdrawals, trades, transfers, and conversions, with timestamps, amounts, asset types, wallet addresses, and counterparty information
• Due Diligence Records: Documentation of all CDD and EDD procedures performed, including risk assessments, source of funds and source of wealth documentation, PEP screening results, and sanctions screening results
• Suspicious Activity Reports: Internal records of all SARs/STRs filed, including supporting investigation notes, analysis, and correspondence
• Correspondence: All compliance-related correspondence with customers, regulatory authorities, law enforcement agencies, and third-party compliance providers
• Training Records: Records of employee AML/CFT training, including training dates, content, attendance, and assessment results
• Audit and Testing Records: Reports from independent audits and tests of the AML/CFT program

11. Employee Training Program

XEX recognizes that the effectiveness of its AML/CFT program depends upon the knowledge, vigilance, and commitment of every member of the organization. Accordingly, XEX maintains a comprehensive employee training program that ensures all personnel understand their AML/CFT obligations and are equipped to identify and escalate potentially suspicious activity.

11.1 Annual Training

All XEX employees, officers, directors, and contractors receive mandatory AML/CFT training at least annually. Annual training covers:

• Overview of money laundering, terrorist financing, and sanctions evasion concepts, methods, and typologies
• XEX's AML/CFT policies, procedures, and controls
• Applicable laws and regulatory requirements
• Red flags and suspicious activity indicators relevant to digital assets and cryptocurrency exchanges
• Obligations regarding suspicious activity identification, escalation, and reporting
• The no tipping-off obligation and consequences of non-compliance
• Recent regulatory developments, enforcement actions, and emerging typologies
• Record keeping obligations

11.2 Role-Specific Training

In addition to annual general training, XEX provides specialized, role-specific training to personnel whose functions require enhanced AML/CFT knowledge, including:

• Compliance team members: Advanced training on investigation techniques, SAR/STR drafting, regulatory engagement, and use of compliance technology tools
• Customer support representatives: Training on recognizing and escalating suspicious customer inquiries, social engineering attempts, and red flags during customer interactions
• Product and engineering teams: Training on designing compliance-aware systems, implementing sanctions screening at new platform touchpoints, and integrating monitoring capabilities
• Senior management and Board: Governance-level training on AML/CFT program oversight, regulatory expectations, and personal liability

11.3 Compliance Culture

XEX fosters a culture of compliance throughout the organization. All personnel are expected to prioritize regulatory compliance and to report any concerns regarding potential AML/CFT violations through established internal channels without fear of retaliation. Failure by any employee to comply with this Policy or to complete required training may result in disciplinary action, up to and including termination of employment.

12. Risk Assessment Methodology

XEX employs a documented, risk-based approach to assessing and managing money laundering and terrorist financing risk across its business. Our enterprise-wide risk assessment is reviewed and updated at least annually, or more frequently when triggered by material changes in our business, products, customer base, regulatory environment, or the external threat landscape.

12.1 Customer Risk Scoring

Each customer is assigned a risk score based on a weighted assessment of multiple risk factors. Risk scores are dynamic and are recalculated on an ongoing basis as new information becomes available. Key customer risk factors include:

• Customer type (individual, corporate, trust, foundation, etc.)
• Occupation, industry, or nature of business
• PEP status or association with PEPs
• Sanctions exposure
• Adverse media findings
• Source of funds and source of wealth
• Expected and actual transaction behavior
• Length and history of the customer relationship

12.2 Geographic Risk

XEX assesses geographic risk based on the customer's country of residence, nationality, country of incorporation, and the jurisdictions of their transaction counterparties. Geographic risk factors include:

• Jurisdictions subject to comprehensive sanctions (OFAC, EU, UN)
• Jurisdictions identified by FATF as high-risk or under increased monitoring ("grey list" and "black list")
• Jurisdictions assessed as having deficient AML/CFT frameworks by XEX's internal risk assessment
• Jurisdictions with high levels of corruption, as measured by Transparency International's Corruption Perceptions Index or equivalent indices
• Jurisdictions known for narcotics trafficking, organized crime, or terrorism

12.3 Product and Service Risk

XEX evaluates the inherent risk of each product and service offered on the Platform, including:

• Privacy-enhanced cryptocurrencies and protocols
• Peer-to-peer trading functionality
• High-leverage derivatives products
• Cross-border transfers and multi-currency conversions
• Tokenized real-world assets
• Anonymous or semi-anonymous transaction methods

12.4 Delivery Channel Risk

The manner in which customers access the Platform is also considered as a risk factor. Delivery channel risk factors include:

• Non-face-to-face onboarding (inherent to digital platforms)
• Use of VPNs, Tor, or other anonymizing technologies
• Access from IP addresses in high-risk jurisdictions
• API-based access without human intervention
• Third-party platforms or aggregators routing transactions through XEX

13. Third-Party Compliance Providers

XEX leverages industry-leading third-party compliance technology providers to augment its internal capabilities and ensure the highest standards of AML/CFT compliance. The selection and ongoing oversight of third-party providers is subject to rigorous due diligence and periodic review.

13.1 Identity Verification and KYC

XEX utilizes Sumsub (Sum and Substance Ltd.) as its primary KYC and identity verification provider. Sumsub provides:

• Automated document verification across 14,000+ document types from 220+ countries and territories
• Biometric facial recognition and liveness detection
• Proof of address verification
• PEP and sanctions screening
• Adverse media monitoring
• Ongoing AML monitoring and risk scoring

13.2 Blockchain Analytics

XEX employs blockchain analytics solutions from leading providers, including Chainalysis and Elliptic, to monitor on-chain activity and assess the risk associated with digital asset transactions. These tools enable:

• Real-time risk scoring of incoming and outgoing cryptocurrency transactions
• Identification of exposure to high-risk entities, including darknet markets, ransomware operators, sanctioned addresses, mixers/tumblers, stolen funds, and fraud-associated wallets
• Transaction tracing and provenance analysis across multiple blockchains
• Compliance with the FATF Travel Rule through counterparty VASP identification
• Automated alerts for transactions exceeding configurable risk thresholds
• Investigative tools for compliance analysts to conduct in-depth reviews of flagged activity

13.3 Sanctions Screening Providers

In addition to the sanctions screening capabilities integrated into our KYC and blockchain analytics tools, XEX maintains dedicated sanctions screening through providers that offer:

• Real-time access to and automated screening against all major global sanctions lists (OFAC, UN, EU, HMT, and others)
• Fuzzy matching algorithms and name-variant detection to minimize false negatives
• Automated list update ingestion, ensuring screening reflects the most current sanctions designations
• Audit trail functionality for all screening events and dispositions

XEX conducts regular due diligence on all third-party compliance providers to verify their continued suitability, data security practices, regulatory compliance, and service quality.

14. Cooperation with Law Enforcement

XEX is committed to cooperating fully and promptly with law enforcement agencies, regulatory authorities, and judicial bodies in connection with the investigation and prosecution of financial crime and other illegal activity. At the same time, XEX is committed to protecting the privacy and legal rights of its customers and will not disclose customer information except in accordance with applicable legal process or regulatory requirements.

14.1 Legal Process Requirements

XEX responds to valid legal process, including but not limited to:

• Subpoenas, court orders, and search warrants issued by courts of competent jurisdiction
• Formal requests from law enforcement agencies and regulatory authorities with appropriate legal authority
• Production orders, freezing orders, and confiscation orders
• Mutual legal assistance treaty ("MLAT") requests
• Requests from Financial Intelligence Units ("FIUs") under information-sharing arrangements

All law enforcement requests should be directed to compliance@xex.to and must include a valid legal basis for the request, the identity and authority of the requesting party, and a clear description of the information or action sought.

14.2 Voluntary Disclosure

In addition to responding to compulsory legal process, XEX may voluntarily disclose information to law enforcement or regulatory authorities where XEX reasonably believes that such disclosure is necessary to prevent or detect serious crime, protect the safety of any individual, or protect the integrity of the financial system. Voluntary disclosures are made at the sole discretion of the CCO in consultation with legal counsel.

14.3 Asset Freezing Capabilities

XEX maintains the technical and operational capability to immediately freeze, block, or restrict access to any customer account or specific assets upon:

• Receipt of a valid freezing order, restraining order, or equivalent legal instrument from a court or regulatory authority
• Identification of assets belonging to or associated with a sanctioned person or entity
• Detection of assets reasonably believed to be the proceeds of crime or connected to terrorist financing
• Request from a law enforcement agency with appropriate legal authority, pending issuance of a formal order

Frozen assets shall remain frozen until XEX receives a valid release order from the relevant authority or is otherwise satisfied, in consultation with legal counsel, that release is legally permissible. Customers whose assets have been frozen will be notified to the extent permitted by applicable law and the terms of the relevant order.

XEX shall bear no liability to any customer for any losses, damages, or expenses arising from or in connection with the freezing, blocking, or restriction of assets or account access pursuant to this Section or any applicable law, regulation, or legal process.

Contact Information

If you have any questions regarding this AML/KYC Policy or XEX's compliance program, please contact our Compliance team at compliance@xex.to.

XEX reserves the right to amend, modify, or replace this Policy at any time, in its sole discretion, without prior notice. Your continued use of the Platform following any such changes constitutes your acceptance of the revised Policy. It is your responsibility to review this Policy periodically for updates.