AML & KYC Policies

Effective Date: April 01, 2025

 

1. Introduction

Globally United Tech Corporation (“the Company”) is committed to full compliance with all applicable Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations in Canada and internationally. This policy outlines the procedures the Company follows to prevent and detect money laundering, terrorist financing, and other illicit activities.

Globally United Tech Corporation has established a global Compliance Program to manage risks associated with Anti-Money Laundering (AML) & Anti-Terrorist Financing (ATF) and to comply with applicable laws and regulations. The Company operates as a registered Money Service Business (MSB) with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC). Our policy adheres to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA), FINTRAC Guidelines, and global standards set by the Financial Action Task Force (FATF).

 

2. Definitions

AML (Anti-Money Laundering): Measures, policies, and procedures implemented to detect, deter, and prevent money laundering and terrorist financing, in compliance with applicable regulations, including the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA).

KYC (Know Your Customer): The process of verifying the identity of a customer to assess risks, ensure compliance with legal and regulatory requirements, and prevent illicit activities such as money laundering or terrorist financing. Includes identity verification, ongoing monitoring, and due diligence.

Compliance Officer: The individual designated by the organization to oversee the implementation and effectiveness of the AML/ATF compliance program, including risk assessment, transaction monitoring, and regulatory reporting obligations in line with FINTRAC requirements.

FATF (Financial Action Task Force): An intergovernmental organization that sets international standards to combat money laundering, terrorist financing, and proliferation financing, providing guidance on risk-based approaches and promoting global compliance.

Travel Rule: A regulation requiring financial institutions and cryptocurrency service providers to share specific customer and transaction details when conducting cross-border wire transfers or virtual asset transactions exceeding applicable thresholds, as recommended by FATF.

Politically Exposed Person (PEP): An individual who holds or has held a prominent public position, such as a head of state, senior government official, judge, military leader, or executive of a state-owned corporation, as well as their family members or close associates, requiring enhanced due diligence under AML regulations.

Beneficial Owner: The natural person(s) who ultimately owns or controls a legal entity or arrangement, directly or indirectly, including those who exercise significant influence or control over the entity’s activities, as defined by FINTRAC and FATF standards.

High-Risk Jurisdiction: Countries or geographic areas identified as posing higher risks of money laundering, terrorist financing, or other financial crimes, due to weak AML/ATF controls, systemic corruption, or inclusion on FATF’s «High-Risk Jurisdictions» or «Jurisdictions Under Increased Monitoring» lists.

Sanctions List: An official registry of individuals, entities, or jurisdictions subject to financial or economic restrictions, prohibitions, or enhanced scrutiny, maintained by regulatory bodies such as the United Nations, the Canadian government, or other international authorities.

 

3. Scope

This AML Policy applies to any visitor of the Site/ the user/ the cryptocurrency buyer/ the client/ the customer (further the “Customer”, “you”, “your”) who uses the Site, registers on it and uses Globally United Tech Corporation services. It governs all products and services provided by Globally United Tech Corporation, including but not limited to:

• Foreign exchange dealing
• Crypto exchange dealing
• Remitting or transmitting funds, including electronic funds transfers
• Dealing in virtual currencies
• Payment services

The policy ensures consistent compliance measures are applied across all operations, irrespective to geographic location.

 

4. Regulatory Framework

Globally United Tech Corporation’s Compliance Program is designed to align with the following:

1. Canadian Laws and Guidelines:

• Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA)
• FINTRAC Guidelines
• Relevant directives from Canadian regulatory authorities

2. International Standards:

• FATF Recommendations

3. Global Operations:

• Jurisdictional requirements in regions where the Company operates to ensure compliance with local regulations.

 

5. Compliance Program

Globally United Tech Corporation has implemented a comprehensive compliance program consisting of the following six key elements:

1. Written Policies and Procedures: Clearly define responsibilities under applicable AML/CTF laws and the controls in place to mitigate risks effectively.
2. Risk Assessment: The Risk Assessment Policy Annexes (e.g., Risk Matrix Template and Customer Profile Template) are integral to assessing and managing customer risks. These tools ensure a consistent application of the scoring methodology across all operations.
3. Appointment of a Money Laundering Reporting Officer (Compliance Officer):

The Compliance Officer is responsible for:

• Developing, maintaining, and updating the AML/CTF program.
• Acting as the primary point of contact with FINTRAC and other regulators.
• Investigating flagged transactions and ensuring timely reporting.
• Approving key compliance measures, such as correspondent banking relationships.

4. Training: Provide regular AML/CTF training to employees to ensure they understand their roles and obligations. Advanced sessions are conducted for compliance personnel.
5. Effectiveness Reviews: Perform independent assessments at least every two years to evaluate the program’s adequacy and identify areas for improvement.
6. Travel Rule Compliance: Implement processes to ensure accurate and secure transmission of originator and beneficiary information in cross-border transfers.

     6. Operational Compliance

In addition to our documented Compliance Program, Globally United Tech Corporation operates in a FINTRAC-compliant manner. This includes:

1. Legal Entity Verification and Due Diligence

The Company operates with legal entities and implements a robust risk-based approach for due diligence to ensure compliance with Canadian regulations and international standards using a risk-based approach to determine the appropriate level of due diligence with enhanced measures for high-risk clients. Such approach comprises of:

Normal Due Diligence for Legal Entities which requires checking:

• Full legal name of the entity.
• Registration documents (e.g., certificate of incorporation, business license).
• Tax identification number (TIN) or equivalent.
• Details of beneficial owners (individuals with 25% or more ownership).
• Organizational structure, including key executives and directors.

 Verification Process under Normal Due Diligence is the following:

• Cross-checking provided information against government or third-party databases.
• Validation of beneficial ownership using reliable sources.
• Ensuring all documentation is current and valid.

Simplified Due Diligence for Legal Entities

Simplified due diligence is applied in cases where the risk level is assessed as low, such as transactions with publicly traded companies or government entities. Simplified Measures Include:

• Collection of basic company registration documents.
• Verification of the entity’s existence and primary contact details.
• No additional verification of beneficial ownership unless flagged during monitoring.

Enhanced Due Diligence for Legal Entities

Enhanced due diligence (EDD) is mandatory for high-risk clients, such as entities operating in high-risk industries, from high-risk jurisdictions, or flagged as Politically Exposed Persons (PEPs). EDD Measures Include:

• Detailed documentation of the entity’s source of funds and wealth.
• Ongoing transaction monitoring and periodic reviews of the client’s risk profile.
• Additional scrutiny of business activities and third-party relationships.
•       Conducting frequent updates to client profiles and reassessing their risk levels.

2. Ongoing Monitoring:

Globally United Tech Corporation conducts continuous monitoring of customer activities to ensure consistency with their risk profiles. The key measures include:

•     Conducting continuous monitoring of customer activities to ensure consistency with their risk profiles.
•     Periodic reviews of transactions to ensure they align with declared business purposes.
•       Enhanced scrutiny of high-risk transactions involving large amounts, high-risk jurisdictions, or Politically Exposed Persons (PEPs).
•     The Compliance Officer intensifies monitoring in cases where unusual transaction patterns are identified, documenting findings and recommending necessary actions.

Customer activities are monitored continuously, with risk scores derived from the scoring matrix detailed in the Risk Assessment Policy. Dynamic updates to customer profiles are applied when flagged transactions occur, and these scores are used to determine whether enhanced due diligence (EDD) or reporting is required.

3. Third Parties Engagement and Software Usage

Globally United Tech Corporation may involve third parties to perform the AML/KYC procedures in whole or in part in order to fulfill the AML/CFT function in best endeavors with respect to the Privacy Notice.

Company can use software of any complexity, both developed by itself and supplied by third parties, to carry out the AML/KYC procedure, such as customer verification and transaction monitoring.

Company reserves the right to appoint a third-party service provider to perform the whole AML/KYC procedure on behalf of Globally United Tech Corporation. Prior to engagement a third-party provider, all third-party vendors undergo a due diligence review to assess compliance capabilities and ensure alignment with Canadian regulations. When processing the Customer’s information, such service provider fully complies with our Privacy Notice regarding our Customers’ personal information.

4. Transaction Monitoring

Company utilizes automated, real-time monitoring systems to:

•     Detect suspicious or unusual patterns.
• Screening all transactions against global sanctions lists, high-risk indicators, and a blacklist of wallet addresses flagged for suspicious activities.

Transactions flagged as unusual or inconsistent with the customer’s risk profile are escalated to the Compliance Officer for investigation. These incidents are recorded in the Incident Register (Annex 3 of the Risk Assessment Policy) and may result in Suspicious Transaction Reports (STRs) to FINTRAC. 

5. Sanctions Compliance

Company regularly checks sanctions databases, including those maintained by the United Nations, FATF, and Canadian authorities for:

• Freezing accounts or rejecting transactions that involve flagged wallet addresses or sanctioned entities.
• Blacklisting clients or wallet addresses associated with fraudulent or illegal activities.

6. Obligation Triggers

Company’s reporting obligations are triggered under specific conditions, such as:

• Transactions exceeding CAD 10,000 (e.g., Large Cash Transaction Reports).
• Identification of suspicious activities during monitoring.
• Establishment of new business relationships.

7. Travel Rule for Virtual Currency Transactions

Company complies with the Travel Rule, a global standard established by the FATF for cross-border virtual currency transactions.

For transactions exceeding CAD 1,000, the Company collects and transmits:

• The sender’s name, address, account number, and transaction details.
• The recipient’s name and wallet address or equivalent account details.
• These details are shared with the receiving institution in a secure and compliant manner.

All data shared complies with Canadian privacy laws and international data protection standards. Suspicious or non-compliant transactions are flagged and escalated to the Compliance Officer for review and potential reporting to FINTRAC.

8. Record-Keeping is followed by Company by:

• Maintaining encrypted records of all transactions, client verification documents, and compliance logs for a minimum of five years.
• Ensuring access is restricted to authorized personnel.

All records associated with customer risk profiles, including scoring matrices and updates documented in the Risk Assessment Policy, are maintained securely for a minimum of five years and are accessible for regulatory audits.

9. Client Outreach:

The Company ensures that clients are contacted to provide missing documentation or clarification, where applicable. Clients will be informed of updates to compliance requirements or procedures through email notifications, platform updates, or website announcements.

 

7. Training and Awareness

The Company emphasizes continuous education for its employees regarding AML/CTF responsibilities. Training initiatives are organized under the oversight of the Compliance Officer.

1. Regular Training Sessions:

Employees undergo annual training tailored to their specific roles and the regulatory landscape.

2. Advanced Training for Compliance Personnel:

Advanced training sessions are conducted for the compliance team, focusing on risk identification, regulatory updates, and IT monitoring tools.

3. Training Records:

The Compliance Officer ensures that detailed logs of all training sessions, including attendance and materials used, are maintained for regulatory audits and internal evaluations.

 

8. Data Security and Privacy

The Compliance Officer ensures the integrity and security of all sensitive information related to AML/CTF compliance.

1. Encryption and Secure Storage:

Client information, including KYC records and transaction logs, is encrypted and securely stored in compliance with data protection regulations.

2. Access Control:

Access to compliance-related information is restricted to authorized personnel only.

3. Incident Management:

The Compliance Officer oversees the Company’s incident response plan, ensuring rapid resolution of data breaches and regulatory notification, if required.

 

9. Tailoring and Continuous Improvement

The Company tailors its AML/CTF policy to reflect operational risks and regulatory requirements. The Compliance Officer is responsible for updating the policy in response to legal or operational changes.

1. Regular Reviews:

The AML/CTF policy is reviewed annually or whenever material changes occur in the regulatory environment.

2. Feedback Integration:

Input from audits, employees, and regulators is incorporated into the policy to maintain its effectiveness.

3. Independent Assessments:

The Compliance Officer ensures the performance of biannual independent reviews to identify gaps or inefficiencies in the program.

The AML Policy is tailored in alignment with the scoring methodologies and risk assessment framework detailed in the Risk Assessment Policy. Updates to either document are coordinated to ensure consistency.

 

10. Customer Communication

The Company maintains open communication with its clients to ensure transparency in compliance processes. The Compliance Officer oversees the following:

1. Information Disclosure:

Clients are informed about AML/KYC requirements and the reasons for collecting certain information.

2. Compliance Support:

A dedicated compliance support team is available to answer client questions or concerns regarding verification or compliance-related restrictions.

3. Notifications:

Clients are notified promptly if additional documentation or verification steps are required to maintain compliance.

 

11. Sanctions for Non-Compliance

The Company enforces strict measures for non-compliance with AML/CTF obligations. These measures are applied under the supervision of the Compliance Officer:

1. Transaction Refusals:

Transactions that fail to meet compliance standards are declined immediately.

2. Account Restrictions or Terminations:

Accounts associated with non-compliance or illicit activities may be restricted or terminated following a thorough review by the Compliance Officer.

3. Blacklist Maintenance:

Clients or wallet addresses involved in high-risk or non-compliant activities are added to the Company’s internal blacklist.

4. Regulatory Reporting:

Cases of confirmed money laundering, terrorist financing, or other financial crimes are reported to FINTRAC and other relevant authorities.

By implementing these sanctions, Globally United Tech Corporation ensures compliance with regulatory requirements and mitigates the risk of financial crimes within its platform.