AML/KYC Policy

This is the Anti-Money Laundering / Know Your Customer Policy (the "Policy") of Bitwallet Service Group ("Bitwallet").

Bitwallet Pay is a cross border payment solution (the "Services").

Bitwallet shall implement the Policy utilizing a risk-based approach. As a best practice, Bitwallet shall document instances in which it deviates from initial requirements of the Policy and utilizes a risk-based approach.

Bitwallet may utilize the resources of its affiliates ("Affiliates") or third parties in the implementation of the Policy. Bitwallet shall enter into agreements with such Affiliates or third parties as may be necessary to ensure that the Policy is implemented properly and with reasonable care. Any references to Bitwallet or its staff shall apply to Bitwallet's Affiliates or third parties, or such Affiliates' or third parties' staff, to the extent elements of the Policy are performed by Affiliates or outsourced.

For the purposes of the Policy, the term "Customers" shall include such persons who are considered "customers" as such term is defined in the Notice.

Money Laundering
Money Laundering is a process by which criminal proceeds are sanitized to disguise their illicit origins. Acquisitive criminals will attempt to distance themselves from their crimes by finding safe havens for their profits where they can avoid confiscation orders and to make them appear legitimate.

Money Laundering schemes range from very simple to highly sophisticated. Usually, they involve three stages:

• Placement - the process of getting criminal money into the financial system,
• Layering - the process of moving money in the financial system through complex webs of transactions, often via offshore companies
• Integration - the process by which criminal money ultimately become absorbed into the economy

Bitwallet's senior management has a zero-tolerance policy towards financial crime, money laundering, bribery, corruption, fraud and terrorist financing. Bitwallet requires staff to be vigilant for signs of financial crime and to immediately report any suspicious activities/incidents to the Compliance Officer (the "Compliance Officer"), as appropriate.

Customer Due Diligence ("CDD") shall be conducted on each prospective Customer before providing a Service to such prospective Customer. Bitwallet shall not share any anomalies of a CDD review with Customers (other than a statement notifying the prospective Customer that he/she has not satisfied Bitwallet's onboarding requirements). In the event business relations are established prior to completion of Bitwallet's due diligence procedures, the reasons and process for managing money laundering and terrorist financing risks shall be documented and approved by the Risk Committee.

In general, CDD comprises the following activities:

• Identifying the prospective Customer by obtaining certain information;
• Verifying the identification information obtained; and
• Reviewing the earlier Customer transactions in the case of refresher CDD.

Bitwallet takes the following measures to conduct CDD (parentheticals identifying parties responsible):

• Gather CDD data from prospective Customers, including such additional information deemed appropriate after Bitwallet has reviewed the Bitwallet Review.
• Collect internet protocol addresses from each Customer. Bitwallet retains a record of each Customer's internet protocol address (Operations Manager);
• Review the CDD data collected (Compliance Manager);
• Conduct politically exposed person ("PEP") and sanctions screening checks (Appendix B), plus any additional detailed due diligence considered necessary; and
• Based on the foregoing, approve or reject the prospective Customer's application to use Services, including documenting such approval/rejection. (General Manager)

Bitwallet acknowledges that, while Bitwallet may delegate certain tasks to third parties, ultimate responsibility for onboarding any Customer or the CDD measures taken shall remain the responsibility of Bitwallet.

CDD records shall be maintained for a minimum of seven years after the later of (i) a Customer's onboarding or (ii) a rejection of a prospective Customer or Customer's application to use Services. Bitwallet shall comply with applicable law regarding the storage and safe-keeping of CDD records.

2.1 Determination of Levels of CDD and Required Customer Information

In accordance with the Notice, Bitwallet conducts CDD utilizing a risk-based approach. Bitwallet's approach varies depending on the risk assessment of a prospective Customer; provided, however, that the application of an initial risk assessment constitutes a refutable presumption which may be overridden by the Risk Committee.

An initial risk assessment of a prospective Customer is conducted based on the nationality and jurisdiction of residence of the prospective Customer. Appendix A hereto sets out Bitwallet's jurisdiction risk assessment. Thereafter, the Customer's transaction activities shall determine the ongoing statistical risk which will go along with the initial risk assessment to complete an overview of the Customer's risk assessment.

In all cases, Bitwallet will obtain the information (the "Basic Information") set forth in Appendix C hereto. In addition to the Basic Information, Bitwallet may collect such other information as it may deem appropriate.

Prospective Customers shall submit the Basic Information to Bitwallet via its website. The Basic Information will first be reviewed by the Marketing Manager (the "Bitwallet Review"). Bitwallet uses World-Check by Refinitiv for its sanctions list screening.

Simplified Due Diligence and Regular Due Diligence

At its sole discretion, Bitwallet applies Regular Due Diligence standards in cases where Simplified Due Diligence could be applied.

In the event (i) Simplified or Regular Due Diligence is applicable based on Bitwallet's initial risk assessment and (ii) the Bitwallet Review does not yield any anomalies, Bitwallet may permit Customers to transfer up to S$20,000 to any of Bitwallet's stored value facilities.

In the event the Bitwallet Review yields any anomalies, (i) the application of the prospective Customer to use Services will be provisionally declined (subject to a further review by Bitwallet, which may include Enhanced Due Diligence or other procedures being undertaken).

Enhanced Due Diligence

In cases which require Enhanced Due Diligence, certified documents must be certified by a qualified third party such as a notary public or practicing CPA. The certifier must sign and date the copy document (printing his/her name clearly in capitals underneath) and clearly indicate his/her position or capacity on it and provide his/her contact details. The certifier must also state that it is a true copy of the original document. The completion of this exercise will be documented by Bitwallet.

In addition, Bitwallet will establish, by appropriate and reasonable means, the source of wealth and source of funds of the prospective Customer by requesting proof. Proof of sources of wealth/funds may be achieved by any collection of documents that explains where the funds transferred to a stored value facility originated.

In the event (i) Enhanced Due Diligence successfully completed and (ii) the Bitwallet Review does not yield any anomalies, Bitwallet may offer Services of an unlimited dollar amount to a prospective Customer.

In the event the Bitwallet Review yields any anomalies, (i) the application of the prospective Customer to use Services will be provisionally declined (subject to a further review by the Risk Committee, which may include additional procedures being undertaken).

All documents, information and details obtained shall be further verified through independent 3rd party sources to ensure authenticity. Further clarification should be sought from the applicant for any discrepancy and/or inconsistency. 3rd party sources would include screening identities through services such as Refinitiv WorldCheck or public sources for adverse news.

2.2 Disposition of Prospective Customer Applications

Bitwallet shall record the disposition of all prospective Customer applications.

As part of the Bitwallet Pre-requisite Review, Bitwallet uses World-Check by Refinitiv to screen each prospective Customer against certain sanction watchlist databases. In the event of a screening hit, Bitwallet will exercise its discretion and judgement to determine whether the prospective Customer should be treated as a PEP, having regard to the risks and circumstances of each case. Bitwallet may decide to conduct Enhanced Due Diligence on the prospective Customer, conduct additional procedures or escalate the case to the Compliance Manager for a decision as to whether Bitwallet will onboard the prospective Customer.

The rationale for approving a prospective Customer with such a screening hit shall be documented.

In addition to PEP status, factors such as the age and nature of a screening hit may be considered to present a greater or lesser risk of money laundering and terrorist financing. Attention will be paid to Customers applications and transactions with Customers from or residing in countries that have inadequate anti-money laundering/countering the financing of terrorism measures.

4.1 Monitoring

Bitwallet will monitor, on an ongoing basis, its business relations with Customers. Bitwallet will observe the conduct of the Customer's account and scrutinise transactions undertaken throughout its relationship with the Customer to ensure that the transactions are consistent with Bitwallet's knowledge of the Customer, its risk profile and, where appropriate, the source of the Customer's funds. Bitwallet will pay special attention to all complex, unusually large or unusual patterns of transactions undertaken by the Customer, particularly any transactions that have no apparent or visible economic or lawful purpose.

4.2 Refresher CDD

It is a basic legal requirement that CDD information be kept up to date. Pursuant to Bitwallet's terms of business with Customers, Customers are required to notify Bitwallet in writing of certain changes (if any) to their Basic Information. Upon such notification, Bitwallet will conduct a new Bitwallet Review on the Customer prior to any new transfers of funds by the Customer to a stored value facility.

In addition, Bitwallet will require Customers to undergo mandatory refresher CDD on a periodic basis. At a minimum:

• Customers who were approved on the basis of Simplified Due Diligence will undergo refresher CDD every three years.
• Customers who were approved on the basis of Regular Due Diligence will undergo refresher CDD every two years.
• Customers who were approved on the basis of Enhanced Due Diligence will undergo refresher CDD every year.

4.3 Suspicious Transaction Reporting

Bitwallet staff must report suspicions concerning any Customer, the source of funds or a transaction immediately to the Compliance Officer, who shall be responsible for determining next steps, documenting the disposition of the case and reporting suspicious activities to the appropriate authorities (as necessary). The report must be made to the Suspicious Transaction Reporting Office, under the Commercial Affairs Department of the Local police Force, as soon as it is reasonably practicable after the matter comes to the Compliance Officer's attention.

By raising such suspicions with the Compliance Manager, a Bitwallet staff will discharge his/her legal duty to make a report and the Compliance Manager will then take on responsibility for escalating the issue as appropriate.

It is critical that Bitwallet staff member do not:

• Express their suspicion within earshot of others;
• Discuss the matter with any of their colleagues, including their manager, either before or after notification; and
• Discuss the matter with the Customer or any of his/her affiliates or professional advisors.

Any of the above could cause a Bitwallet staff member to commit the offence of "tipping off" which carries a prison sentence or a fine in many jurisdictions.

Bitwallet shall provide training in the prevention of money laundering and financial crime. The Compliance Manager will ensure that appropriate levels of training are provided to all staff. The Compliance Manager will decide on the training to be provided for staff on an annual basis, including the subject matter, delivery method and timing. A record of the training completed by each staff shall be kept by the Human Resources Department. An annual review of Bitwallet's operations will be undertaken by the Compliance Manager to see if certain employees require specialised additional training.