AML/CFT & KYC Policy

Effective date: 2 June 2026 · Version: 1.0

This is a public summary of the anti-money-laundering, counter-terrorist-financing and sanctions programme of BINIBIT S.A. (Republic of Panama) (“Binibit”). It does not disclose confidential internal procedures, controls or thresholds. It forms part of the Terms of Service.

1. Our commitment

Binibit is committed to preventing the use of its crypto-to-crypto exchange and custodial wallet services for money laundering, terrorist financing, proliferation financing, sanctions evasion or other financial crime. We apply controls aligned with the international standards of the Financial Action Task Force (FATF) and with Applicable Law, and we keep our programme under regular review.

2. Risk-based approach

We operate a risk-based programme: we assess the money-laundering, terrorist-financing and sanctions risks associated with our customers, products, delivery channels, geographies and counterparties, and we apply controls proportionate to those risks. Higher-risk situations are subject to enhanced measures; we may decline relationships or transactions that fall outside our risk appetite.

3. Customer due diligence (KYC)

Before granting access to the Services, and on an ongoing basis, we identify and verify our customers. For individuals this includes name, date of birth, nationality, address and government-issued identification, with identity verification (including biometric/liveness checks) carried out with the assistance of our verification provider Sumsub. For corporate customers we additionally identify and verify the entity, its beneficial owners, directors and authorised representatives. We do not provide anonymous or pseudonymous accounts.

4. Enhanced due diligence (EDD)

We apply enhanced due diligence to higher-risk customers and situations, including politically exposed persons (PEPs), customers connected to higher-risk jurisdictions, and unusual or complex activity. EDD may include additional verification, source-of-funds and source-of-wealth checks, senior-management approval and closer monitoring.

5. Sanctions and prohibited persons

We screen customers and, where relevant, counterparties against applicable sanctions lists, including those of the United Nations, the United States (OFAC), the European Union and the United Kingdom. We do not provide Services to sanctioned persons, to persons owned or controlled (50% or more) by them, to US persons, or to persons in Restricted Jurisdictions. We may freeze or block assets and report as required by Applicable Law.

6. Ongoing monitoring

We monitor accounts and transactions on a risk-sensitive basis, including screening against sanctions, PEP and adverse-media data and analysing on-chain activity using blockchain-analytics tools, to detect activity that is unusual, inconsistent with our knowledge of the customer, or potentially linked to financial crime.

7. Travel Rule

For qualifying crypto-asset transfers we collect and transmit required originator and beneficiary information to other virtual-asset service providers, financial institutions or authorities, in line with the FATF “Travel Rule” and Applicable Law.

8. Suspicious activity and reporting

Where we identify suspicious activity, we investigate and, where required or appropriate, report it to the competent authorities and cooperate with them. We may suspend, restrict, freeze or close accounts and decline, hold or reverse transactions in connection with such matters. Where the law requires confidentiality, we will not “tip off” the customer.

9. Record-keeping

We retain customer-identification records, transaction records and supporting documentation for the period required by Applicable Law and in any event for the maximum applicable period, including after the end of the customer relationship.

10. Governance, compliance function and training

Our programme is overseen by senior management and a dedicated compliance function, including a designated officer responsible for AML/CFT (an MLRO or equivalent). Relevant staff receive regular AML/CFT and sanctions training. We engage qualified third parties (such as identity-verification and blockchain-analytics providers) to support our controls.

11. Your obligations

You must provide accurate and up-to-date information and any documents we request, promptly, and you must not use the Services for any prohibited purpose (see the Prohibited Use Policy). Failure to do so may result in suspension or closure of your account.