At www.soulbit.io we want to be at the forefront worldwide in Money Laundering and Terrorist Financing Risk Prevention, which is why we have rigorous policies, procedures and technological tools that allow us to operate with the highest international standards in our industry.

WHAT IS AML/CFT?

AML/CFT is the acronym for Anti-Money Laudering and Combating the Financing of Terrorism. In simple words, when a person obtains money or resources from certain crimes, he tries to "launder" them, to remove the "dirt" of the crime and be able to use them on a daily basis, trying to pass them off as money from a legal activity.

To prevent our platform from being used in these activities, we have various complementary measures, the application and mandatory compliance of which are the main responsibility of our Compliance area, involving the entire www.soulbit.io team transversally, among which we highlight:

The Platform is not a financial institution. However, all the procedures aimed at the prevention and control of the risk of Money Laundering and Terrorist Financing are part of our system, such as chainalysis, sumsub, SAGRILAFT Manual and SARLAFT. It describes our know-your-customer policies, the assignment of responsibilities, the controls to the Clients and the measures to be taken in case of detecting suspicious transactions. These anti-money laundering principles are "risk-based." That means that internal procedures and controls must be designed to address the Platform-specific money laundering risk.

Our risk assessment consists of two steps:

• The identification of money laundering/terrorist financing (ML/TF)

• The ML/TF Assessment

General principles

The Platform's AML Principles are designed to prevent money laundering by complying with AML obligations, including the need to have adequate systems and controls in place to mitigate the risk of the company being used to facilitate financial crime. These AML Principles set out the minimum standards that must be met and include:

• The appointment of a Policy Compliance Manager who has a sufficient level of seniority and independence and who is responsible for overseeing compliance with relevant industry legislation, standards, standards and guidance;

• Establish and maintain a risk-based approach to assessing and managing money laundering and terrorist financing risks to the company;

• Establish and maintain due diligence, identification, verification, and verification of customers based on risk and know your customer's procedures (KYC).

• Procedures for reporting suspicious activity internally and to relevant law enforcement authorities, as appropriate;

• Proper record keeping;

• Training and awareness for all relevant employees.

The principles of the Platform are to prohibit and actively prevent money laundering and any activity that facilitates money laundering or the financing of terrorist or criminal activities in compliance with international money laundering principles, EU principles and principles of relevant jurisdictions.

The Platform's anti-money laundering principles, procedures, and internal controls are designed to ensure compliance with all applicable regulations and will be reviewed and updated regularly to ensure that appropriate policies, procedures, and internal controls are in place to take into account changes in regulations. and changes in our business.

Anti-Money Laundering Principles, Designation of Persons and Duties

The Signature Administrator is designated to perform the functions of Policy Compliance Manager. The Director of Policy Compliance has full responsibility and authority to ensure compliance with these anti-money laundering principles. Policy Compliance Manager has a working knowledge of international principles, EU principles and monitors the other relevant anti-money laundering principles of the jurisdictions.

Policy Compliance Manager is qualified for his experience and knowledge in the area of anti-money laundering regulation. The Policy Compliance Manager will ensure that the company maintains relevant records and follows the necessary procedures in terms of these anti-money laundering principles.

Record retention and reporting of information

As part of our AML program, we maintain relevant documentation regarding the verification of the client's identity and the transmission of funds in electronic form. The retention period for records is updated in accordance with legal requirements. The average time frame for record retention is five years. The file must be completed in a way that is available to all employees who have appropriate access to the customer in question.

We will respond to written, reasoned and legally binding requests, issued and motivated by official authorities within the legal framework with respect to accounts and transactions, by searching our records to determine whether we maintain or have maintained any information, or have entered into any transactions with each person, Entity or organization appropriately defined and named in the request.

If no information is found, we will provide the relevant response, maintain documentation about the search carried out and keep a record of the company name in the application for our risk-based procedures.

We will protect the security and confidentiality of requests within the legal framework.

We will make every effort to seek and share relevant information with financial institutions and respond to their timely reasoned written and issued requests, based on the anti-money laundering regulation of the relevant jurisdiction.

Customer identification and source of funds

We will collect certain minimum customer identification information from each of our customers before the customer enters into any transaction:

For Individuals

• Name and any other names used;

• Passport number or

• National identity card, residence card or other identification number or,

• Driver's license number;

• Relevant residency information (address and/or utility customer number, data, etc.);

• Other additional customer information if necessary to meet the requirements of the risk-based approach.

For companies

• Company name;

• Information on the main place of activity;

• Contact information;

• Incorporation data (number in the corresponding register, date of incorporation, etc.);

• Payment details and/or bank details;

• Relevant information about the place of residence (address data or utility customer data);

• Details of persons authorised to operate on behalf of the company and details of the authorisation;

• Other additional customer information if necessary to meet the requirements of our risk-based approach.

We will implement relevant risk-based measures to verify each customer's identity and maintain the necessary records.

For businesses, we will identify the ultimate beneficial ownership (UBO). The beneficial ownership information of legal entities should be determined as follows:

Step 1:

(a) The identity of the natural persons who ultimately have a controlling interest in a legal person, and

(b) to the extent there is doubt as to whether the persons with the controlling property interest are the beneficial owners or whether no natural person exercises control through the ownership interests, the identity of the natural persons (if any) exercising control of the Legal Person through other means.

Step 2:

Where a natural person who ultimately owns or controls a legal entity cannot be identified, senior administrative officials should be considered as beneficial owners.

The beneficial ownership test will include three elements. These elements are:

• who owns more than 25 percent of the customer

• Who has effective control of the customer

• the persons on whose behalf a transaction is made

Once the relevant authorities have issued mandatory and legally justified lists of suspected terrorists, we will use that information in our risk-based identification process.

In order to ensure that the purchase of our services is reasonable, we will ask our clients to provide information about the source of the funds. The client must send us a statement about the sources of funds. The statement will be evaluated with the supporting documents provided by the client. The client can provide any document they deem appropriate, including: employer certificate, other certificates, tax returns, cash flow statements, etc. The list is illustrative and not exhaustive. Large individual premiums or lump sums, windfalls, or windfalls must be supported by documentation to establish the source of funds.

We may ask the client to provide further information about the source of the funds or additional documents in accordance with our risk-based approach.

Customer Information

We require our clients to provide relevant and necessary information to identify them. If a potential or existing customer refuses to provide the information when misleading information is intentionally requested or provided, our company will not enter into agreements with them and, after considering the risks involved, we may close existing agreements and/or business transactions.

When using risk-based procedures, we will consider the accuracy of the information we obtain about our customers. Our Policy Compliance Manager will analyze the information and determine whether the information is sufficient to form a reasonable belief that we know the customer's identity.

If we cannot form this reasonable belief:

• deny the customer's request for our services or

• impose terms under which a customer may transact while we attempt to verify the customer's identity, or

• Terminate all business deals and transactions after attempts to verify the customer's identity have failed.

Foreign Bank Correspondent Accounts

We will identify offshore bank accounts and any such accounts that are a correspondent account for foreign accounting banks through our risk-based approach and analysis of information provided by clients.

Upon finding or suspecting such accounts, our employees will notify the Policy Compliance Administrator, who will verify and analyze the information, request additional information, or terminate, if necessary, the relevant transactions or business relationships. We will also make best efforts to identify correspondent accounts that we have determined are not maintained by a third-party bank, but are being used to provide services to such secret bank.

Enhanced due diligence and due diligence requirements with respect to politically exposed persons (PEPs)

All natural persons defined as Politically Exposed Persons (PEPs) in accordance with relevant legislation are identified and registered in the registers as such, a PEP selection process is carried out when the natural persons are on board.

In accordance with these principles and risk approach, the following sanctions measures are taken into consideration:

• The United Nations (UN) Security Council Consolidated Sanctions List;

• the consolidated list of EU persons, groups and entities;

• The sanctions of the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC)

• The U.S. Department of the Treasury, Financial Crimes Enforcement Network (FinCEN)

The HM Treasury of the United Kingdom (HMT), Office of Financial Sanctions Implementation, "consolidated target list".

The Platform does not open or maintain private bank accounts and does not provide similar financial products. We still conduct a general review of public information to identify high-level political figures in the relevant jurisdictions.