Legal

AML/KYC Policy

Risk-based compliance controls for merchant onboarding and ongoing activity monitoring.

AML/KYC Policy

Risk-based compliance controls for merchant onboarding and ongoing activity monitoring.

Last updated: February 18, 2026

1. Scope & Purpose

This Anti-Money Laundering (AML) and Know Your Customer (KYC) Policy outlines the procedures and controls implemented by XPayr to prevent the misuse of its platform for money laundering, terrorist financing, and other financial crimes.

XPayr operates as a non-custodial smart contract routing software provider. While XPayr does not custody, pool, or control user funds, we are committed to maintaining a robust compliance framework that deters illicit activity and supports the integrity of the broader cryptocurrency ecosystem.

This policy applies to all users, merchants, and entities that access or use the XPayr platform, regardless of their jurisdiction or the volume of their transactions.

2. Risk-Based Approach

XPayr employs a risk-based approach to AML/KYC compliance, meaning the intensity of verification and monitoring measures is proportional to the assessed risk level of each user or transaction.

Risk Assessment Factors: User geographical location and jurisdiction, transaction volume and frequency, nature of business activities, source of funds indicators, behavioral patterns and anomalies, and connection to politically exposed persons (PEPs) or sanctioned entities.

Risk Categories: Users are classified into low, medium, and high risk categories based on the above factors. Higher risk classifications trigger enhanced due diligence (EDD) procedures, more frequent monitoring, and additional verification requirements.

XPayr continuously updates its risk assessment methodology to reflect evolving regulatory requirements and emerging threats in the cryptocurrency space.

3. KYC / KYB Verification

Know Your Customer (KYC) and Know Your Business (KYB) verification may be required depending on your activity level and risk classification.

Individual Users (KYC): Government-issued photo identification (passport, national ID, or driving license), proof of residential address (utility bill, bank statement, or government correspondence dated within the last 3 months), and a selfie verification for identity confirmation.

Business Entities (KYB): Certificate of incorporation or registration, proof of registered business address, identification of beneficial owners holding 25% or more ownership, identification of authorized representatives, and proof of business activity.

Verification Timing: KYC/KYB verification may be required during account registration, when transaction thresholds are reached, when risk indicators are triggered, or during periodic account reviews.

Accounts that fail to complete required verification within the specified timeframe may be limited, suspended, or terminated.

4. Ongoing Monitoring

XPayr implements continuous monitoring systems to detect and prevent suspicious activities on the platform.

Transaction Monitoring: Automated systems analyze transaction patterns, volumes, and frequencies to identify anomalies that may indicate money laundering, terrorist financing, or other illicit activities.

Behavioral Analysis: Unusual account behavior, such as rapid changes in transaction patterns, use of multiple wallets for structuring, or transactions inconsistent with the stated business purpose, may trigger enhanced review.

Periodic Reviews: Account profiles and risk classifications are reviewed periodically to ensure they remain accurate and current. Users may be asked to update their information or provide additional documentation during these reviews.

Wallet Screening: XPayr may utilize blockchain analytics tools to screen wallet addresses associated with user accounts for connections to known illicit activities, sanctioned entities, or high-risk services.

5. Suspicious Activity Reporting

XPayr is committed to reporting suspicious activities to the appropriate authorities as required by applicable law.

Internal Escalation: When suspicious activity is detected, whether through automated monitoring systems or manual review, the matter is escalated to the designated compliance officer for investigation.

Filing Obligations: Where legally required, XPayr will file Suspicious Activity Reports (SARs) or equivalent reports with the relevant Financial Intelligence Unit (FIU) or regulatory authority.

Confidentiality: Under applicable law, XPayr is prohibited from informing the affected user that a report has been filed or that an investigation is underway. All SAR-related information is treated as strictly confidential.

Cooperation: XPayr cooperates fully with law enforcement agencies and regulatory bodies in their investigations, including providing requested information and documentation within the bounds of applicable law.

6. Sanctions Compliance

XPayr maintains strict compliance with international sanctions programs.

Screening: All users and their associated wallet addresses are screened against major sanctions lists, including the OFAC Specially Designated Nationals (SDN) list, EU Consolidated Sanctions list, UN Security Council Sanctions list, and other applicable national and international sanctions programs.

Prohibited Users: Persons or entities identified on any applicable sanctions list are strictly prohibited from using the XPayr platform. Any existing accounts found to be associated with sanctioned persons or entities will be immediately frozen and reported to the relevant authorities.

Geographic Restrictions: XPayr does not provide services to persons located in, or residents of, comprehensively sanctioned countries or regions. Attempts to circumvent geographic restrictions through VPNs or other means are prohibited and may result in account termination.

Ongoing Updates: Sanctions lists are updated regularly, and existing user databases are rescreened against updated lists to ensure continued compliance.

7. Record Keeping

XPayr maintains comprehensive records in accordance with applicable legal requirements.

Customer Records: KYC/KYB documentation, verification results, and customer identification records are retained for a minimum of 5 years after the termination of the business relationship.

Transaction Records: Records of all transactions processed through the platform, including transaction amounts, timestamps, wallet addresses, and associated metadata, are retained for a minimum of 5 years from the date of the transaction.

SAR Records: Records related to suspicious activity reports, including internal investigation notes and correspondence with regulatory authorities, are retained for the period required by applicable law.

Data Security: All records are stored securely with appropriate access controls and encryption to prevent unauthorized access, modification, or destruction.

8. Policy Updates & Contact

This AML/KYC Policy is reviewed and updated regularly to reflect changes in applicable laws, regulations, and industry best practices.

Training: XPayr personnel involved in compliance functions receive regular training on AML/KYC requirements, emerging threats, and updated procedures.

Policy Changes: Material changes to this policy will be communicated to users through the platform. Continued use of the platform after policy changes constitutes acceptance of the updated policy.

Compliance Officer: XPayr has designated a compliance officer responsible for overseeing the implementation and enforcement of this policy.

Questions or concerns regarding this AML/KYC Policy can be directed to: [email protected]