Anti-Money Laundering Policy

Last updated on July 2025

Important: This is a transparency and compliance document. It should be reviewed and adapted to the specific AML/CFT laws, regulatory expectations, and reporting requirements of each jurisdiction where Santripe operates or targets users.
Program pillarWhat Santripe does
Customer Due Diligence (KYC) Verifies customer identity using risk-based tiers;
refreshes verification when triggers occur.
Sanctions & PEP screening Screens at onboarding and continuously;
blocks/freezes where required by law or risk controls.
Monitoring (fiat + on-chain) Monitors transaction patterns and uses blockchain analytics
where appropriate to identify risk exposure.
Reporting & cooperation Escalates suspicious activity and reports to authorities
where required; responds to lawful requests.
Governance & audit Designated MLRO; staff training; periodic independent testing;
continuous improvements.

1. Purpose and scope

This Anti-Money Laundering and Countering the Financing of Terrorism policy (the “Policy”) describes how Santripe prevents, detects, and reports money laundering, terrorist financing, and related financial crime risks while delivering digital-asset wallet services.

This Policy applies to Santripe’s officers, employees, contractors, and agents; all users and accounts; and all products and channels provided or enabled by Santripe, including any fiat on/off-ramp flows facilitated through third-party partners.

2. Definitions

  • AML/CFT: Measures to prevent money laundering and counter the financing of terrorism (and where applicable, proliferation financing).
  • CDD (Customer Due Diligence): Identity verification and risk assessment procedures applied to customers.
  • EDD (Enhanced Due Diligence): Additional verification and monitoring applied to higher-risk customers or activities.
  • MLRO: Money Laundering Reporting Officer (or equivalent compliance officer).
  • PEP: Politically Exposed Person (including family members and close associates where applicable).
  • Sanctions: Restrictions imposed by the UN Security Council and/or relevant national authorities.
  • SAR/STR: Suspicious Activity/Transaction Report filed with a competent authority/Financial Intelligence Unit.
  • Travel Rule: Requirements for certain originator and beneficiary information to accompany qualifying transfers (where adopted).

3. Governance and accountability

Santripe maintains a risk-based AML/CFT program overseen by senior management. Responsibilities include:

Board / Senior management

  • Approve this Policy and set the overall risk appetite.
  • Ensure adequate resourcing (people, tools, and budgets) for compliance.
  • Review AML/CFT reporting metrics and material incidents.

MLRO / Compliance Officer

  • Own the AML/CFT program design, implementation, and continuous improvement.
  • Maintain the risk assessment methodology, red flags, and escalation rules.
  • File SARs/STRs where required and manage regulatory/law-enforcement requests.
  • Maintain records, training, and audit readiness.

Operations & Support

  • Execute onboarding checks and gather additional information when requested.
  • Follow escalation workflows for suspicious behavior, disputes, or partner flags.
  • Avoid unlawful “tipping off” customers during investigations.

Engineering & Data

  • Implement monitoring rules, logging, and audit trails.
  • Ensure security controls and data retention support compliance requirements.

4. Risk-based approach

Santripe applies a risk-based approach to allocate controls proportionate to risk. Risk is assessed at onboarding and continuously thereafter using customer, geographic, product, and transaction factors.

4.1 Risk factors considered

  • Customer profile (occupation, expected activity, source of funds).
  • Geography (customer location, funding corridor, destination corridor, high-risk jurisdictions).
  • Product/features used (on/off-ramp, withdrawals, transfer frequency, speed of cash-out).
  • Behavior patterns (size, frequency, structuring attempts, velocity spikes).
  • On-chain risk indicators (exposure to sanctioned addresses, mixers, scam clusters), where applicable.

4.1.1 Identification and Verification

  • Santripe does not permit anonymous accounts.
  • Santripe prohibits accounts opened under fictitious names or with false/forged documentation.
  • Santripe may restrict, suspend, or close accounts where identity cannot be verified or where information appears false, and may file reports as required by law.

4.2 Risk rating outcomes

  • Low / Medium / High risk ratings (or equivalent) drive KYC level required, limits, monitoring intensity, and review frequency.

5. Customer due diligence (CDD) and KYC

Santripe verifies identity before enabling higher-risk features. CDD includes collecting customer information, verifying it using reliable sources, and screening against sanctions and PEP lists.

5.1 Standard identity information (individuals)

  • Full name; date of birth; nationality; residential address and/or proof of address (where required).
  • Government-issued ID (and selfie/liveness where appropriate).
  • Phone number and email address.
  • Source of funds and purpose of account (risk-based).

5.2 Verification

  • Verification may be performed directly or via an approved identity verification provider.
  • Santripe may re-verify periodically after 1 year or less or when triggers occur (e.g., unusual volume or inconsistencies).

5.3 KYC tiers (example)

  • Tier 0 (Limited): view-only or limited features; no fiat cash-out; restricted transfers.
  • Tier 1 (Basic): basic verification; low limits; enhanced monitoring.
  • Tier 2 (Standard): full verification; higher limits; standard monitoring.
  • Tier 3 (EDD): source of funds/wealth and additional checks; highest limits; intensive monitoring.

6. Enhanced due diligence (EDD) and source of funds/wealth

EDD is applied for higher-risk customers and activities (including PEPs, high-risk jurisdictions, unusually high volumes, complex patterns, or adverse media indicators).

EDD measures may include

  • Source of funds documentation (salary slips, invoices, business records, statements).
  • Source of wealth explanation for high-value activity.
  • Confirmation of purpose and expected activity profile.
  • Senior management approval for onboarding/continuation where required.
  • More frequent reviews and tighter limits until risk reduces.

7. Sanctions, PEP and adverse media screening

Santripe screens customers (and where feasible, relevant counterparties) against sanctions lists, PEP lists, and adverse media sources at onboarding and on an ongoing basis.

Where a true match is confirmed, Santripe will take appropriate action consistent with applicable law, including rejection, restriction, freezing, reporting, and/or blocking transactions.

8. Transaction monitoring and blockchain analytics (KYT)

Santripe monitors transactions to identify patterns consistent with money laundering, fraud, and terrorist financing. Monitoring includes both fiat rails (via partners) and on-chain signals where applicable.

8.1 Common red flags (non-exhaustive)

  • Structuring/smurfing: multiple smaller transactions designed to avoid limits or checks.
  • Rapid in-and-out activity (deposit → buy → withdraw) with minimal holding time.
  • Sudden spikes in volume/frequency inconsistent with the stated profile.
  • Multiple accounts sharing identifiers (device, IP, phone) or circular transfer patterns.
  • On-chain exposure to sanctioned entities, mixers, darknet markets, or known scam clusters.

8.2 Actions on alerts

  • Request additional information, apply temporary holds (where permitted), restrict withdrawals, freeze accounts (where required), and/or file SAR/STR.

9. Travel Rule and counterparty controls

Where Travel Rule obligations apply, Santripe will collect and transmit required originator and beneficiary information for qualifying transfers between regulated entities, and retain records for audit and competent authorities.

  • Collect required originator/beneficiary information and transmit securely where required.
  • Apply risk-based counterparty due diligence for VASP-to-VASP transfers.
  • Where transfers are missing required information, apply risk-based decisions: delay, reject, restrict, or report.

10. Prohibited use and high-risk activity

Santripe prohibits illegal use of its services and may deny service where risk cannot be mitigated.

  • Money laundering, terrorist financing, sanctions evasion, proliferation financing.
  • Fraud, scams, theft, identity misuse.
  • Funds derived from corruption, bribery, trafficking, or other criminal activity.
  • Use by or on behalf of sanctioned individuals/entities or in sanctioned jurisdictions.
  • Attempts to circumvent controls (multiple accounts, falsified documents, structuring).

11. Suspicious activity reporting and law enforcement cooperation

Santripe maintains internal escalation procedures to identify, review, and (where required) report suspicious activity to relevant authorities and cooperates with lawful requests, consistent with privacy obligations.

High-level workflow

  • Detection (monitoring alert, partner flag, user complaint)
  • Triage (operations + compliance review)
  • Investigation (request info, collect evidence, analytics)
  • Decision (close alert or restrict/freeze/report)
  • Reporting (SAR/STR where required) and record retention

12. Record keeping and data retention

Santripe retains records required to evidence compliance, support investigations, and respond to lawful requests, including KYC files, transaction logs, monitoring alerts, investigations, and SAR/STR decisions.

Retention periods vary by jurisdiction; where not specified, Santripe targets a minimum of 5 years from the end of the customer relationship or completion of the transaction.

13. Training and awareness

Santripe provides AML/CFT training to relevant personnel and refreshes training at least annually and whenever material regulatory or product changes occur.

14. Independent testing and audit

Santripe conducts periodic independent testing of the AML/CFT program (internal audit, external review, or an equivalent independent function) and tracks findings to remediation.

15. Third-party and partner risk management

Santripe relies on partners for certain services (e.g., mobile money collections, bank transfers, identity verification, blockchain analytics). Santripe performs risk-based due diligence on partners and contracts for minimum compliance and data protection standards.

15.1 Prohibition on Shell Banks

Santripe does not establish or maintain any account, relationship, or provide services to a shell bank. A shell bank is a bank that has no physical presence in any country and is not affiliated with a regulated financial group that is subject to effective consolidated supervision.

Santripe also prohibits relationships with any financial institution that permits its accounts to be used by shell banks, including correspondent or payable-through arrangements that could enable shell bank access.

To enforce this prohibition, Santripe conducts risk-based due diligence on financial institution partners, including verification of licensing/registration, regulatory oversight, and physical presence, and will refuse, suspend, or terminate relationships where shell bank involvement is suspected or confirmed.

Use of Santripe services by, for, or on behalf of shell banks, or through institutions that facilitate shell bank access, is prohibited.

16. Enforcement and customer communications

Santripe may apply holds, restrictions, or freezes where permitted or required by law. Customer communications are handled carefully to avoid unlawful disclosure that could compromise investigations.

17. Policy review and updates

This Policy is reviewed at least annually, and more frequently when products, corridors, or legal obligations materially change.

18. References (non-exhaustive)

This Policy is informed by widely used industry practices and public guidance, including FATF guidance for virtual assets/VASPs and Travel Rule materials, and public AML/CFT policy outlines from major digital asset platforms.

19. Contact

For AML/CFT inquiries, please contact: [email protected]