This Anti-Money Laundering & Know Your Customer (KYC) Policy (“Policy”) confirms ZamZamTecnology (“We”, “ZAM.IO”) commitment to prevent money-laundering and the financing of terrorism in its business practices and Customers' transactions using ZAM.IO services and products.

This Policy directed to declare of ZAM.IO procedures to combat the following illegal activities:

(a) Money Laundering (“ML”) is conducting or attempting to conduct a financial transaction knowing that the transaction is designed in whole or in part to conceal or disguise the nature, location, source, ownership, or control of the proceeds of specified unlawful activities.

(b) Terrorist financing (“FT”) is conducting or attempting to conduct a financial transaction for terrorist activity, meaning as the provision or collection of funds, by any means, directly or indirectly, with the intention that they are used or in the knowledge that they are to be used, in full or in part, in order to carry out any of the offenses within the meaning of the law. This activity is done by intentionally killing, seriously harming, or endangering a person, causing substantial property damage that is likely to seriously harm people, or by seriously interfering with or disrupting essential services, facilities, or systems

ZAM.IO has established Know Your Counterparty (KYC) procedures to combat ML and FT as it is required from banks and other financial institutions. These procedures allow identify every entity (individual / business) that ZAM.IO deal with, to understand the legitimacy of our business relationships, and to identify, and react to unusual or suspicious activity.

ZAM.IO committed to implementing and enforcing effective internal controls to counter ML and FT. The Policy is to apply at a minimum the standards set out in this Policy.

The purposes of this Policy are to:

(i) an effective combating of ML and TF by proper identification of actual Customers and supervision of their transactions; and

(ii) set out the responsibilities of ZAM.IO and its all staff in respect of observing, complying with, and upholding policies on anti-money laundering (“AML”) and counter-terrorist financing (“CTF”); and

(iii) to provide information and guidance to Customers and Third Parties on the money laundering/terrorist financing risks, ZAM.IO KYC procedures, and how to recognise and deal with any potential money laundering/terrorist financing issues if they arise.

ZAM.IO should identify and cease transactions made not only to purchase/sell a cryptocurrency but made mainly to hide the criminal origin of money, finance illegal activity or other unlawful behaviors.

Specific provisions of ZAM.IO policies are confidential and for internal use only, in order to prevent their avoidance by dishonest or fraudulent Customers.

This Policy, procedures, and internal controls are designed to ensure compliance with all applicable AML / CTF regulations and rules and will be reviewed and updated on a regular basis to ensure appropriate policies, procedures, and internal controls are in place to account for both changes in regulations and changes in ZAM.IO business.

Please note:

• all singular words include plural ones and vice versa;
• the term "including" does not exclude anything not listed;
• if there is no term in this Policy, then such term shall be interpreted in accordance with the designation used in the business environment and the law.

1. Internal Controls

(i) We have developed robust internal policies, procedures, and controls designed to comply with applicable laws and regulations, as well as any other reporting requirements and audits.

(ii) This Policy applies to all Customers without any exceptions. ZAM.IO will terminate its involvement with any Customers who fail to comply with this Policy and any employees who violates this Policy.

(iii) The CEO of ZAM.IO, as a senior member of the Management Board, is the main person of ZAMZAMTECHNOLOGY LLC who approves AML / CTF policies and manages AML / CTF activities in the company. The Legal Compliance Officer (“LCO”) is the main person managing the AML / CTF processes at ZAM.IO.

2. Customer Identity Program

(i) Our Customer Identity Program (“CIP”) is an important part of AML Policy and helps ZAM.IO detect suspicious activity in a timely manner and prevent fraud.

(ii) In order to open an Account and use Products, a Customer’s identity must be verified, authenticated, and checked against government watchlists, including the Office of Foreign Assets Control (“OFAC”). Failure to complete any of these steps will result in Customer’s inability to use Products.

(iii) Individual Customer:

Prior to opening an account for an individual customer, we attempt to collect, verify, and authenticate the following Personal Data:

• Full and correct name of the person;
• Permanent address and proof of address (e.g., a utility bill, bank statement);
• Email address;
• Nationality;
• Mobile phone number;
• Social Security Number (“SSN”) or any comparable identification number issued by a government;
• Date and place of birth (“DOB”);
• Proof of identity: copy of passport (e.g., driver’s license or government-issued ID), showing the following details: (1) number and country of issuance, (2) issue, and expiry date, (3) signature of the person;
• Additional information or documentation at the discretion of ZAM.IO LCO.

(iv) Business Customer:

Prior to opening an account for a business entity, we attempt to collect, verify, and authenticate the following information:

• Institution legal name;
• Employer Identification Number (“EIN”) or any comparable identification number issued by a government;
• Full legal name (of all account signatories and beneficial owners);
• Email address (of all account signatories);
• Mobile phone number (of all account signatories);
• Address (principal place of business and/or other physical location);
• Proof of legal existence (e.g., state-certified articles of incorporation or certificate of formation, certified copy of the Memorandum and Articles of Association, location of registered office, proof of good standing, unexpired government-issued business license, trust instrument, or other comparable legal documents as applicable);
• Contract information of owners, principals, UBO, and executive management (as applicable);
• Ownership structure;
• Expected activity;
• Nature of business/employment;
• Product usage plans;
• Source of funds; and source of wealth;
• Identifying information for each UBO that owns 10% or more (see individual customer information collected above for more details) and proof of identity (e.g., driver’s license, passport, or government-issued ID).

3. Standard KYC procedure

(i) Step 1: Identification and verification

• For each Customer on whom due diligence is required, ZAM.IO must identify the Customer (i.e. collect basic identity information including Personal Data) and verify that identity (i.e. check that the Customer is whom they say they are) by reference to documents and Personal Data that described this Policy.
• Individual Customers provide Data with CIP (subclause (iii) clause 2 of this Policy). ZAM.IO should obtain and verify the individual’s Account using Personal Data with the accordance ZAM.IO Privacy Policy.
• Business Customers provide Data with CIP (subclause (iv) clause 2 of this Policy).

(ii)Step 2: Name Screening

• ZAM.IO should undertake a reasonable search of available information to identify any negative information which would increase the ML/TF or reputational risk of dealing with the potential Customer.
• AML Screening: International Sanctions, Politically exposed people (PEPs), Watchlists and Adverse Media.

Determination of an individual presence or non-presence on global sanctions lists, PEP lists, watchlists, blacklists, or adverse media (OFAC, UN, HMT, EU, DFT etc.). This check is automated by a Third party. The results of this screening are solely based on potential matches between the user’s Personal Data and the data contained in databases available to a Third Party.

• The above screenings should be conducted on potential Customers and the actual Customer.

(iii) Step 3 - Country Risk

• ZAM.IO should consider the country in which the Customer is a citizen and/or resident. In accordance with our policies and Terms ZAM.IO do not open Accounts and does not process transactions for citizens and residents of, as well as people staying in, countries where transactions are prohibited by international sanctions or their internal law regulations, or countries which based on various criteria selected by ZAM.IO AML team (for example Corruption Perceptions Index by Transparency International, FATF warnings, countries with weak anti-money laundering and terrorist financing regimes determined by European Commission) impose high AML / CTF high risk.
• Currently, these countries are Afghanistan, American Samoa, Angola, Bahamas, Botswana, Burundi, Cambodia, Central African Republic, Chad, Congo, Cuba, Democratic Republic of Congo, Equatorial Guinea, Eritrea, Ethiopia, Ghana, Guam, Guinea Bissau, Iran, Iraq, North Korea, Lebanon, Libya, Mali, Nigeria, Pakistan, Panama, Puerto Rico, Samoa, Saudi Arabia, Sierra Leone, Somalia, South Sudan, Sri Lanka, Sudan, Syria, Trinidad and Tobago, Tunisia, Venezuela, Yemen, Zimbabwe, USA (citizens and residents).

(iv) Step 4 - Ongoing monitoring

• ZAM.IO should ensure that the due diligence on its Customers is regularly reviewed and kept up to date. Third parties provide us with daily re-check of our Customer database against AML watchlists (sanctions, PEPs, adverse media, etc).
• A risk-based approach may be applied: the due diligence relating to the higher risk Customers may be reviewed more frequently than that of the lower risk Customers.

4. CIP implications:

1. If a Customer as an individual successfully meets and completes ZAM.IO CIP requirements and does not appear on the OFAC or any other government watchlist, then ZAM.IO will deal with the Customer by Terms.
2. If a Customer as a business entity successfully meets and completes ZAM.IO CIP requirements and neither it nor any of its owners, principals, executive, or managers appear on OFAC or any other governmental watchlist, then ZAM.IO will provide the Product to the Customer under Terms.
3. If a potential or existing Customer either refuses to provide the information when requested under KYC or appears to have intentionally provided misleading information, ZAM.IO will not open a new Account and, after considering the risks involved, consider closing any existing Account. Such Customers may be limited in the rights and options of the ZAM.IO Product and Third Parties until the AML/CFT policy of ZAM.IO is fully satisfied.
4. In either case, our AML Compliance Person will be notified so that we can determine whether we should report the situation to FinCEN on a SAR or any other governmental authority at the Company's location authorized to review reports of suspicious financial activity.
5. Two or more accounts cannot be verified by using the same name, mobile phone number, or documents. It is prohibited to enter into a relationship with a shell bank, anonymous and fictitious named accounts and Customers involved at this activity.
6. (vi) A customer should be identified as high-risk customer when:
   • takes over another user’s account;
   • attempts to launder money;
   • borrows money with the intention of defaulting;
   • creates an account using someone else’s identity;
   • has links to high-risk countries;
   • has links to high-risk business sectors;
   • has complex ownership structures;
   • has unusual account activity;
   • is PEP;
   • has dubious reputations.

5. Transactions’ monitoring and supervision

1. ZAM.IO (and Third Parties) may analyse and monitor all Customers' transactions that take place on the Product looking for suspicious and unusual behaviors. As a suspicious and unusual activity ZAM.IO or Third Parties identify, for example, a significant number of the repeated identical transactions from one or more clients, a significant number of transactions made by one user, large inflows or outflows of funds to/from one account etc.
2. Such selected transactions are analysed by our AML specialists and evaluated if they do not provide significant AML / CTF risks or if they needed to be ceased and clarified with the Customer. Customers must provide all required risk control evidence.
3. ZAM.IO can require additional documentation proving a Customer's real, exact place of residence, education, occupation, as well as the source of money Customer are using with Products when Customer's transactions are “flagged” as suspicious or unusual, or our verification of Customer personal results in qualifying Customer as a person imposing significant AML / CTF risk.
4. The case when LCO or a Third Party's AML professional decides information received do not clarify our doubts, ZAM.IO will be obliged to end our cooperation with such Customer, terminate all agreements, and report about Customer's transactions to relevant authorities.
5. Suspicious Activity/Currency Transaction Reports Opening Process ZAM.IO file SARs if we know, suspect or have reason to suspect suspicious activities have occurred using Products by Customers. A suspicious transaction is often one that is inconsistent with a Customer’s known and legitimate business, personal activities or personal means. ZAM.IO leverage our compliance department, which performs transaction monitoring to help identify unusual patterns of Customer activity. Our LCO reviews and investigates suspicious activity to determine if sufficient information has been collected to justify the filing of a SAR. Our LCO maintains records and supporting documentation of all SARs and CTRs that have been filed. Reporting Requirements All records are retained for seven (7) years and are readily available upon official request by an applicable examiner, regulator, or law enforcement agency.

6. Tiers of KYC verification

1. When a Customer's trade volume rise AML / CTF activities increases as well.
2. ZAM.IO introduced a verification system, based on the general rule that the more money (or cryptocurrencies) a Customer deposits or wants to withdraw the more information about the Customer and its funds ZAM.IO need to exclude ML / TF risks (as we are required by law).

7. AML/CFT training

1. ZAM.IO develops ongoing employee training under the leadership of the LCO. Training occurs on at least an annual basis and is based on company size, products, customer base, and resources. It's updated as necessary to reflect any new developments in the law. All new and current employees familiarize themselves with AML and CFT activities.
2. The purpose of the AML/CFT training is to provide the opportunity for employees to identify unusual and suspicious activities.
3. ZAM.IO's training will include, at a minimum:
   1. How to identify red flags and signs of money laundering that arise during employees’ duties.
   2. What to do once the risk is identified, including how, when, and to whom to escalate unusual customer activity or other red flags for analysis and, where appropriate, the filing of SARs.
   3. Employee roles in the firm's compliance efforts and how to perform them.
   4. The firm's record retention policy.
   5. The disciplinary consequences (including civil and criminal penalties) for non-compliance with the laws.
4. ZAM.IO will develop training in itself or contract for it. Delivery may include educational pamphlets, videos, intranet systems, in-person lectures, and explanatory memos. Information for employees is gathered in the YouTrack’s “Knowledge base”, regularly updated.
5. ZAM.IO may review its operations to see if certain employees, such as those in compliance, margin, and corporate security, require specialized additional training.
6. The timing and content of the training provided are determined according to the needs of ZAM.IO. The frequency can vary based on legal or regulatory amendments, employee duties, and changes in the business model. The program aims to educate employees on the latest developments in preventing money laundering and terrorist financing.

8. Legal Compliance Officer (LCO)

1. ZAM.IO designated LCO is VLADIMIR SAVICHEV (email: [email protected]).
2. The principal function of the LCO is to act as the focal point within ZAM.IO for the oversight of all activities relating to the prevention and detection of ML/TF. This role includes providing support and guidance to ZAM.IO Individuals to ensure that ML/TF risks are adequately managed. Responsibilities include:
   1. Developing and continuously reviewing ZAM.IO's AML compliance framework, including this Policy, to ensure it remains up-to-date, effective, and consistent with statutory and regulatory requirements.
   2. Playing an active role in the identification and reporting of suspicious transactions, including reviewing reports about Customers' failing CIP and maintaining records related to internal reviews of AML/CFT activities.
   3. Providing guidance on how to avoid “tipping off” if any disclosure is made.
   4. Acting as the main point of contact with law enforcement and any other competent authorities regarding ML/TF issues.
   5. Recording and filing SARs, CTRs, and performing an AML Policy audit at least annually.
3. The LCO is responsible for ensuring that Company employees are fully aware of their legal obligations under the AML/CTF regime by introducing a comprehensive employee education and training program.
4. The LCO is also responsible for performing an audit of this Policy at least annually and presenting the results to our CEO.

9. AML / KYC Policy changes

1. The AML / CTF model described this Policy is a result of the work and experience of ZAM.IO AML team, so can be changed as the legal requirements of countries changes as well as a result of gaining new knowledge and experience. In particular transition, limits of an Account may change due to periodical audits and verification of efficiency of ZAM.IO and Third Parties' procedures about AML and CTF.
2. ZAM.IO should keep Customers updated if any changes would influence them.

ZAM.IO senior management (CEO) has approved this Anti-Bribery and Corruption Policy in writing as reasonably designed to achieve and monitor our firm’s ongoing compliance with the requirements of the legal regulations.