Loading...

Xchange AML/CTF Policy

1. General Provisions and Objectives

Xchange strictly adheres to international anti-money laundering (AML) and counter-terrorist financing (CTF) standards. This Policy has been developed in accordance with the recommendations of the Financial Action Task Force (FATF) and the laws of the countries where the Service operates .

The main objectives of the document:

  • *Preventing the use of the platform for illegal activities.
  • *Regulatory compliance.
  • *Protection of the Service"s reputation.
  • *Maintaining the trust of users and regulatory bodies.

 

2. Service obligations

As part of its regulatory compliance, Xchange undertakes the following obligations:

  1. Implementation of customer identification (KYC) and transaction monitoring (KYT) procedures.
  2. Continuous assessment of risks posed by clients and transactions.
  3. Monitor suspicious activity in real time.
  4. Blocking assets and suspending operations when AML/CTF risks are detected.
  5. Informing authorized bodies in cases regulated by law.
  6. Ensuring the legitimacy of all transferred crypto assets.
  7. Regular training of employees in the field of AML/CTF.
  8. Retention of transactional and personal data for at least 5 years.

All payments comply with the standards of international regulators (OFAC, FATF) and are carried out through:

  • *Licensed platforms.
  • *Low-risk addresses (confirmed by AML analyzers).
  • *Unique one-time crypto addresses.

 

3. Customer Identification (KYC)

To verify, the user must provide the following documents (Latin transliteration is required):

Identity verification:

  • *International or domestic passport.
  • *ID card.
  • *Driver license.

 

AML Verification Procedure

The service monitors transactions. If necessary, the system requests confirmation of the origin of funds (Source of Funds).

Acceptable document formats:

  • Screenshots of transactions or wallet balances;
  • Statements from banking systems/exchange accounts;
  • Proof of financial income.

 

Proof of residential address (not older than 3 months):

  • *Bank statement or lease agreement.
  • *Utility bills.
  • *Tax return.
  • *Other official documents indicating the address.

Additionally:

  • *A selfie with a piece of paper with the name "Xchange", a personal signature and the current date written on it.

Sanction restrictions:

The service does not serve users from jurisdictions subject to UN, EU, OFAC, or FATF sanctions. The list of prohibited territories includes: Afghanistan, Iran, North Korea, Syria, Yemen, Libya, Somalia, Cuba, Crimea, Transnistria, Venezuela, Myanmar (Burma), and any other territories included in the sanctions lists at the time of the transaction.

Inspection regulations:

  • *Standard: 1–24 hours.
  • *Extended Delivery (EDD): 24–72 hours.
  • *The service reserves the right to request re-verification if suspicions arise.

 

4. Monitoring of operations (KYT) and risk assessment

The platform utilizes data from specialized blockchain analytics providers. Among the tools used are market leaders such as Crystal, GetBlock, and BitOK, which ensure accurate verification of transaction activity.

Risk factors:

  • *Addresses associated with the darknet, scams, or sanctions lists.
  • *Use of anonymization tools (mixers, such as Tornado Cash).
  • *Suspicious behavior patterns (smurfing, operations from risky regions).

Risk assessment scale:

Risk level:

Percentage (Risk Score):

Actions:

Low

≤ 62%

The transaction is considered secure.

Medium

63% – 75%

Further verification is required.

High*

≥ 75%

Blocking, manual check by an AML officer

Note: Threshold values may vary depending on the software. Detailed information on the Risk-Score model is available at [https://www.bestchange.ru/wiki/detailed_aml_recommendations.pdf#page=72]

Transactions marked "High Risk" may be blocked automatically. A preliminary address check can be performed using the tool: https://www.bestchange.com/report/ .

 

5. Client categorization and risk management

Clients are divided into three categories depending on the level of risk:

  1. Low Risk: Passes standard check (CDD).
  2. Medium risk: Requires enhanced monitoring and re-testing every 2 years.
  3. High Risk: Enhanced Due Diligence (EDD) is applied. This includes a request to confirm the source of funds, a transaction history review, and an annual KYC update. This category includes PEPs (politically exposed persons) and their relatives, as well as residents of countries on the FATF High-Risk list.

If you refuse verification:

  • *Funds may be held for up to 7-10 business days.
  • *Upon completion of the established regulatory period, funds are subject to return to the user, or, if appropriate grounds exist, information about the transactions is sent to authorized government agencies - financial monitoring agencies or law enforcement.

 

6. Dealing with suspicious activity

If signs of illegal activity are detected, the Xchange administration will :

  1. Immediately suspends the operation.
  2. Blocks the account until the investigation is completed.
  3. Prepares an internal report (SAR/STR).
  4. Notifies regulators (Rosfinmonitoring, FinCEN, EU FIU) when necessary.

Financial terms of return:

  • *Commission for refunds in AML cases: up to 5% of the amount, but no more than $100.
  • *For bona fide users, the commission is limited to network fees.
  • *Refunds are not possible if funds are deemed criminal and subject to confiscation at the request of regulators.

 

7. Internal control and partners

Requirements for counterparties:

  • *Prohibition of cooperation with platforms from jurisdictions with weak AML regulation.
  • *Mandatory due diligence of partners.
  • *Partners must have licenses and comply with international standards.

Training and audit:

  • *Responsible AML officer: support@xchange.pub.
  • *Annual training for employees on AML/CTF issues.
  • *Quarterly internal audits (if necessary, with the involvement of external experts).

 

8. Data protection and storage

Xchange Privacy Policy:

  • *Data is encrypted according to industry standards.
  • *Data is stored on secure servers in jurisdictions that comply with the GDPR and MiCA regulations.
  • *Only authorized employees have access to information.
  • *Data storage period: at least 5 years after the end of cooperation with the client.

9. Final Provisions

This Policy is an integral part of the  Xchange Service User Agreement. The Service reserves the right to make changes unilaterally, with mandatory notification to users via the website. Use of the Service constitutes full acceptance of the terms of this Policy.