AML KYC Policy

QUANTIVA EXCHANGE LLC. – AML & KYC POLICY

Effective Date: June 20, 2025

1. INTRODUCTION

Quantiva Exchange Inc. (“Quantiva” or “the Company”) is a multi-jurisdictional digital asset and financial services provider operating under applicable regulations governing Virtual Asset Service Providers (VASPs). The Company is committed to a zero-tolerance approach to money laundering, terrorist financing, and all other illicit financial activity.

This Anti-Money Laundering and Know Your Customer (“AML/KYC”) Policy outlines the mandatory procedures, control mechanisms, and legal responsibilities that govern Quantiva’s prevention, detection, and reporting of suspicious transactions and customer behaviors that may suggest illegal activity. The policy establishes the foundation for compliance with global AML/CTF frameworks and internal integrity standards, thereby protecting the Company, its stakeholders, and the broader financial system.

This Policy is binding upon all officers, directors, employees, contractors, service providers, affiliates, and any person or entity engaged in services on behalf of Quantiva. The Policy applies across all jurisdictions where the Company lawfully operates and is reviewed and updated on a regular basis to maintain alignment with regulatory expectations and industry best practices.

2. LEGAL FRAMEWORK AND APPLICABILITY

Quantiva’s AML/KYC obligations arise from national and international laws governing financial services, securities, and digital asset marketplaces. The Company implements controls consistent with the standards set by the Financial Action Task Force (FATF) and adheres to mandatory obligations under applicable legislation, including but not limited to:

  • The U.S. Bank Secrecy Act (BSA), as enforced by FinCEN;

  • The EU’s Fifth and Sixth Anti-Money Laundering Directives (AMLD5 and AMLD6);

  • The UK’s Money Laundering, Terrorist Financing and Transfer of Funds Regulations;

  • Canada’s Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA);

  • The United Arab Emirates’ Cabinet Decision No. (10) of 2019 on AML and CTF;

  • Dubai’s Virtual Assets Regulatory Authority (VARA) and Central Bank requirements.

This Policy also anticipates obligations that may arise under securities regulators, financial intelligence units (FIUs), and any additional supervisory authorities relevant to Quantiva’s licensing, product offerings, and customer base. In the event of conflict between applicable laws, the Company will apply the higher standard or seek legal guidance on jurisdictional resolution.

3. RISK-BASED APPROACH (RBA)

Quantiva adopts a structured Risk-Based Approach (“RBA”) to all AML and CTF activities. The RBA serves as a cornerstone of compliance and ensures that resources are applied proportionately to the level and type of risk presented by a given customer, transaction, product, or geography.

Rather than relying on a one-size-fits-all protocol, the RBA enables Quantiva to assess financial crime risk based on dynamic factors such as the customer’s residency, transaction patterns, economic activity, source of funds, and behavior on the platform. Higher-risk relationships are subject to enhanced scrutiny, additional documentation requirements, and more frequent reviews.

Quantiva’s risk models are embedded into onboarding flows, transactional analysis, and compliance review tools. These models are calibrated to detect risk indicators such as involvement in jurisdictions listed on FATF’s grey or black lists, activity involving anonymity-enhancing tokens or mixers, or inconsistencies in transaction flow relative to the user’s profile.

The RBA framework is reviewed periodically by the Chief Compliance Officer and is implemented through internal policies, training, and technology solutions.

4. CUSTOMER DUE DILIGENCE (CDD)

Customer Due Diligence (“CDD”) is a foundational component of Quantiva’s AML regime. The Company conducts mandatory identity verification and source validation measures for all customers prior to granting access to regulated services. CDD ensures that Quantiva maintains accurate, verifiable, and risk-sensitive information on each user, enabling effective screening, monitoring, and intervention.

The CDD process is initiated at the onboarding stage and consists of:

  • Identifying and verifying the identity of the customer through government-issued identification and reliable data sources;

  • Collecting relevant information to assess the purpose and intended nature of the customer’s relationship with Quantiva;

  • Determining the beneficial ownership and control structure in the case of legal entities;

  • Assessing source of funds, economic activity, and risk indicators.

CDD is supplemented by Enhanced Due Diligence (EDD) when customers are flagged as high risk, including politically exposed persons (PEPs), customers from jurisdictions with high levels of corruption, or users whose profiles suggest non-cooperative or opaque financial practices. EDD may include biometric verification, notarized documents, proof of source of wealth, or additional declarations regarding the origin and purpose of funds.

CDD information is updated periodically and upon any material change in customer activity, account status, or platform services used.

5. ONGOING MONITORING AND RECORDKEEPING

Quantiva engages in continuous monitoring of customer activity to ensure that all transactions are consistent with the customer’s verified profile, declared sources of funds, and the nature of services accessed. This process includes real-time and retrospective evaluation of wallet activity, transaction volume, frequency, and behavioral trends.

The Company deploys automated monitoring tools and blockchain analytics integrations to flag:

  • Unusual or uncharacteristic activity such as layering, structuring, or rapid cross-asset movement;

  • Usage of high-risk tools such as mixers, privacy coins, or high-anonymity IP regions;

  • Recurring transactions just below reporting thresholds or sudden spikes in velocity.

All suspicious or high-risk activities are reviewed by the Compliance Team and, if necessary, escalated for further investigation or regulatory reporting.

Quantiva maintains complete and auditable records of:

  • KYC documentation and identity verification results;

  • Risk ratings and CDD assessments;

  • Transactions flagged for review and associated findings;

  • Internal memos, reviews, approvals, and case resolution summaries.

All records are preserved for a minimum of five (5) years from the date of the last transaction or termination of the customer relationship, in accordance with applicable laws. These records may be made available to supervisory authorities upon legal request.

6. SANCTIONS SCREENING AND POLITICALLY EXPOSED PERSONS (PEPs)

Quantiva conducts continuous sanctions and risk screening as part of its onboarding and monitoring obligations. All users and counterparties are screened against global watchlists, including:

  • The U.S. Office of Foreign Assets Control (OFAC) Specially Designated Nationals (SDN) list;

  • The United Nations Security Council Sanctions Lists;

  • The European Union and UK Office of Financial Sanctions Implementation (OFSI) sanctions regimes;

  • The UAE Executive Office for AML/CTF;

  • Additional sanctions issued by the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), and other applicable regional authorities.

Screening is performed both at account creation and dynamically throughout the business relationship. In the event of a positive or potential match, the account is immediately frozen, escalated to the Chief Compliance Officer, and may be reported to the relevant financial intelligence unit (FIU).

Additionally, Quantiva screens all users against databases of politically exposed persons (PEPs) and individuals associated with high-profile corruption, state control, or influence. Where a user is identified as a PEP, the Company conducts enhanced due diligence, senior management approval, and ongoing risk-based monitoring of account activity.

7. SUSPICIOUS ACTIVITY DETECTION AND REPORTING (SAR/STR)

Quantiva maintains a structured internal process for detecting and reporting suspicious activity. All employees and automated systems are equipped to identify patterns of behavior or transaction structures that may indicate:

  • Money laundering or layering schemes;

  • Terrorist financing or funding of prohibited entities;

  • Use of deceptive, forged, or incomplete documentation;

  • Evasion of regulatory thresholds, including structured transactions;

  • Obfuscation using privacy coins, chain hopping, or mixers;

  • Connections to dark web markets or known fraud ecosystems.

When suspicious activity is identified, a case file is opened, and relevant information is documented. If the activity meets the reporting threshold under applicable law, the Chief Compliance Officer is responsible for submitting a Suspicious Activity Report (SAR) or Suspicious Transaction Report (STR) to the competent authority (e.g., FinCEN, FINTRAC, UAE FIU, or EU Financial Intelligence Units).

All reports are confidential, and the subject of the report is not informed (in compliance with anti–tipping-off laws). Internal staff involved in the review process are under a continuing duty of confidentiality.

8. EMPLOYEE TRAINING AND RESPONSIBILITIES

Quantiva considers employee training and awareness essential to maintaining an effective AML compliance program. All directors, officers, employees, contractors, and consultants who engage with user accounts, transactions, or compliance systems are required to undergo AML training at onboarding and on an annual basis thereafter.

Training includes:

  • Overview of global AML and CTF regulations;

  • Internal policies, procedures, and escalation channels;

  • Identifying and reporting red flags;

  • Use of transaction monitoring and screening systems;

  • Confidentiality obligations and whistleblower protections.

The Chief Compliance Officer ensures that training records are maintained, reviewed, and updated in accordance with changes to applicable law, emerging risk typologies, and internal audit findings.

Failure to comply with training obligations or to report known violations may result in disciplinary action, up to and including termination or legal referral.

9. THIRD-PARTY PROVIDERS AND OUTSOURCED COMPLIANCE FUNCTIONS

Quantiva may engage third-party service providers to support compliance functions, including identity verification (KYC), blockchain analytics, data screening, and case management. However, the Company remains ultimately responsible for the integrity and compliance of all AML/KYC obligations.

All third-party vendors are subject to:

  • Contractual due diligence and onboarding review;

  • Minimum security, privacy, and compliance standards;

  • Flow-down compliance obligations and audit rights;

  • Periodic reviews of performance, findings, and certifications.

Where data is shared with third-party compliance providers, it is done in accordance with applicable privacy laws and Quantiva’s Data Processing Agreements (DPAs). Vendors must maintain independent SOC 2 or equivalent controls.

10. TECHNOLOGY, SYSTEM CONTROLS, AND AUDIT

Quantiva employs automated tools and proprietary systems to detect, assess, and escalate AML risks in real-time. These systems are integrated into the customer onboarding, wallet tracking, transaction screening, and account monitoring processes. Key technological controls include:

  • Integration with blockchain forensics platforms (e.g., Chainalysis, Elliptic, TRM Labs);

  • Automated IP geolocation and anomaly detection;

  • Wallet clustering and risk scoring engines;

  • Role-based access control to compliance dashboards;

  • Logging of compliance case notes, approvals, and escalation actions.

Systems undergo internal control audits, vulnerability testing, and logic updates to ensure their effectiveness. The Compliance Department conducts periodic testing of AML systems and procedures, and may retain external consultants to verify regulatory alignment.


A. Confidentiality and Data Protection

All compliance-related data, including customer identities, SAR/STR reports, and monitoring outputs, are subject to confidentiality protections and may only be disclosed to regulators or law enforcement pursuant to lawful process. Internal access is strictly limited to authorized personnel.

B. Non-Retaliation for Reporting

Employees who, in good faith, report suspicious conduct or violations of this Policy are protected under internal whistleblower rules and may not be subject to demotion, retaliation, or adverse employment consequences for doing so.

C. User Cooperation

All users of Quantiva are required to cooperate with AML/KYC procedures, including requests for additional documentation or transaction verification. Refusal to comply may result in account suspension, reporting to authorities, or permanent termination of access.


11. POLICY GOVERNANCE AND PERIODIC REVIEW

This AML/KYC Policy is reviewed at least once per calendar year or more frequently if required by regulatory developments, enforcement actions, changes to business operations, or internal audit findings.

The Board of Directors has delegated oversight of this policy to the Chief Compliance Officer, who shall:

  • Propose amendments and update procedures as necessary;

  • Coordinate training and implementation of updates;

  • Maintain all compliance documentation and correspondence with regulators.

All changes must be documented in a version control log and communicated internally. If the policy is materially amended, users may be notified through official channels or required to reaffirm their consent prior to continued use of the platform.

Questions about this policy, or compliance reports, can be submitted to:

Chief Compliance Officer
Quantiva Exchange Inc.
1207 Delaware Ave, #4025
Wilmington, DE 19806
Email: compliance@quantivax.com