Anti-Money Laundering and Anti-Terrorist Financing Policy

1. Regulatory Framework

Our AML/ATF compliance programme is designed to satisfy the requirements of:

• Canada: The Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and associated regulations, FINTRAC guidance and directives applicable to Money Services Businesses
• United States: The Bank Secrecy Act (BSA) and FinCEN regulations applicable to Money Services Businesses
• International: Financial Action Task Force (FATF) Recommendations, particularly Recommendations 1, 10, 15, 16, 20, and 26
• Sanctions: Canadian sanctions legislation (SEMA, JVCFOA, United Nations Act) and U.S. sanctions administered by OFAC

2. Regulatory Status

Anton Payments Inc. maintains the following registrations and certifications relevant to this policy:

3. Governance and Oversight

The board of directors of Anton Payments Inc. bears ultimate responsibility for the effectiveness of the AML/ATF compliance programme. A designated Compliance Officer is responsible for day-to-day implementation and oversight, with direct reporting to the board on all AML/ATF matters independent of business line management.

Anton adopts the three lines of defence model for AML/ATF risk management:

• First Line: Business operations apply customer due diligence procedures, identify and escalate unusual activity, and comply with screening requirements
• Second Line: The compliance function designs and maintains the programme, monitors effectiveness, reviews alerts, and files regulatory reports
• Third Line: Independent external review assesses programme effectiveness at least every two years as required by PCMLTFA

4. Risk Assessment

Anton conducts a comprehensive enterprise-wide ML/TF risk assessment and updates it at least annually or when triggered by material changes to products, jurisdictions, merchant mix, regulations, or compliance incidents.

The risk assessment evaluates ML/TF risk across the following dimensions:

• Customer risk: Industry type, business structure, jurisdiction of incorporation, ownership complexity, PEP exposure, and source of funds
• Product and service risk: Cross-border payouts, cryptocurrency and stablecoin corridors, high-value transactions, and batch processing
• Geographic risk: Destination countries, FATF grey/black list status, sanctioned jurisdictions, and high-risk corridors
• Delivery channel risk: API-only access, white-label integrations, and batch file uploads
• Transaction risk: Velocity patterns, amount anomalies, structuring indicators, payee diversity, and corridor concentration

Anton's risk appetite for ML/TF risk is low. We will not knowingly process transactions that present an unacceptable risk of money laundering, terrorist financing, or sanctions evasion.

5. Customer Due Diligence Programme

All merchants must complete a multi-step onboarding process before transacting, which includes:

• Business email domain validation (consumer email domains are blocked)
• Identity verification through our KYB/KYC provider, including legal entity verification, registration, and address confirmation
• Beneficial ownership identification and verification for all individuals who directly or indirectly own or control 25% or more of the entity
• Expected activity declaration, including volume, corridors, source of funds, and payout purposes
• Acceptance of all applicable legal agreements, including this AML policy

Enhanced Due Diligence

Enhanced due diligence is triggered automatically when elevated risk factors are identified, including:

• High-risk onboarding risk assessment
• Incorporation in a FATF grey-list jurisdiction
• Politically Exposed Person (PEP) identified among beneficial owners
• High-risk industry classification
• Expected monthly volume exceeding established thresholds
• Complex ownership structures or third-party source of funds

EDD measures include requests for additional documentation, senior management review and approval, account-level conditions (such as volume caps or corridor restrictions), and elevated ongoing monitoring.

Ongoing Monitoring

Ongoing CDD is maintained through continuous transaction monitoring, periodic merchant reviews (frequency determined by risk tier), and automated risk re-evaluation when critical alerts are generated. Merchants may be asked to provide updated documentation at any time through our Request for Information (RFI) process.

6. Transaction Monitoring

Transaction monitoring is embedded in the core of Anton's payout processing infrastructure. Every payout submitted to Anton is evaluated in real time before it can proceed to a payment rail.

Our monitoring programme operates across multiple intelligence layers, including:

• Deterministic rules: Transactions are evaluated against a comprehensive set of rules covering compliance requirements, amount and velocity thresholds, corridor and geography risk, payee and instrument risk, merchant profile factors, and temporal patterns
• Anomaly detection: Machine learning models identify transactions that deviate from a merchant's established behavioural baseline
• Graph intelligence: Network analysis detects structural patterns in merchant-to-payee relationships indicative of financial crime
• Payee network intelligence: Cross-platform payee profiling identifies risk patterns across the network while maintaining strict privacy boundaries between merchants
• Adaptive recalibration: The monitoring system learns from outcomes to improve accuracy, with all adjustments subject to human review and governance approval

In addition to real-time scoring, an asynchronous monitoring engine runs in batch cycles to detect patterns across rolling time windows, including structuring, velocity anomalies, behavioural deviations, payee network patterns, and failure patterns.

A separate velocity rules engine operates at the API boundary with fail-closed semantics, meaning that if the monitoring infrastructure is unavailable, transactions are blocked rather than allowed to bypass controls.

7. Sanctions Screening

Anton screens all merchants, beneficial owners, payees, and transactions against applicable sanctions lists, including:

• OFAC Specially Designated Nationals and Blocked Persons List (SDN)
• OFAC Consolidated (non-SDN) Lists
• United Nations Security Council Consolidated List
• Canadian Consolidated Autonomous Sanctions List (CCASL)
• EU Consolidated List of Sanctions
• FATF High-Risk Jurisdictions (Black List)

Sanctions screening occurs at multiple points in the transaction lifecycle: merchant onboarding, payee creation, payout submission, and rail submission. Weekly batch rescreening ensures that entities added to sanctions lists between point-in-time events are identified within a maximum of seven days.

At the infrastructure level, traffic from OFAC-sanctioned countries (North Korea, Iran, Syria, Cuba) is blocked at the network edge before reaching any application. High-risk jurisdictions are subject to stricter rate limiting.

8. Politically Exposed Persons

Anton identifies and applies enhanced measures to relationships involving Politically Exposed Persons (PEPs), including foreign PEPs, domestic PEPs, Heads of International Organisations (HIOs), family members of PEPs, and close associates of PEPs.

When a PEP is identified, the following measures apply:

• Senior management approval before establishing or continuing the relationship
• Enhanced source of funds verification
• Enhanced ongoing monitoring through elevated risk scoring
• Quarterly periodic reviews (more frequent than standard review schedules)

PEP status is screened at onboarding and re-screened at least annually through continuous monitoring. Any change in PEP status triggers an immediate EDD review.

9. Suspicious Activity Reporting

Anton has established procedures for identifying, investigating, and reporting suspicious activities to the appropriate authorities:

• Suspicious Transaction Reports (STRs): Filed with FINTRAC within 30 calendar days when there are reasonable grounds to suspect that a transaction is related to money laundering or terrorist financing. There is no monetary threshold for STRs.
• Suspicious Activity Reports (SARs): Filed with FinCEN within 30 days of initial detection for transactions of USD 2,000 or more involving known or suspected illegal activity.
• Electronic Funds Transfer Reports (EFTRs): Filed with FINTRAC for international electronic funds transfers of CAD 10,000 or more (single or aggregated within 24 hours).
• Terrorist Property Reports (TPRs): Filed immediately with FINTRAC, the RCMP, and CSIS upon knowledge or suspicion of terrorist property. Associated funds are frozen immediately.

Anton is prohibited by law from disclosing to any person that a suspicious transaction report has been filed or is being considered.

10. Record Keeping

Anton maintains comprehensive records of all AML/ATF-related activities as prescribed by PCMLTFA regulations and BSA/FinCEN requirements, including:

• Client identification and verification records
• Beneficial ownership records
• Transaction records including risk scoring and screening results
• Suspicious transaction and activity report filings
• Risk assessment records
• Training records
• Compliance programme documentation

Records are retained for a minimum of five years from the applicable trigger date (end of business relationship, date of transaction, or date of filing), in accordance with regulatory requirements. Anton's infrastructure is configured for seven-year retention on all audit logs and compliance artifacts, exceeding the regulatory minimum.

All records are encrypted at rest and in transit. Personally identifiable information and payment instruments are stored in PCI DSS-certified vault infrastructure, separate from Anton's core database.

11. Training Programme

All employees, contractors, and directors must complete AML/ATF training within 30 days of joining Anton. Refresher training is required at least annually and within 30 days of material changes to policies, regulations, or products.

Training is role-specific and includes money laundering and terrorist financing typologies relevant to cross-border payout processing, red flag indicators, reporting obligations, tipping-off prohibitions, sanctions awareness, and the structure of Anton's compliance programme. Training records are retained for a minimum of five years.

12. Independent Review and Audit

Anton's AML/ATF compliance programme is subject to independent review at least once every two years as required by PCMLTFA. The review assesses the adequacy of policies and procedures, risk assessment methodology, CDD application, transaction monitoring effectiveness, sanctions screening, reporting timeliness, training, and record-keeping.

Findings are documented with severity classification, assigned to responsible owners with remediation deadlines, tracked to closure with evidence, and reported to the board of directors.

13. Prohibited Activities

Anton prohibits the use of its services for money laundering, terrorist financing, sanctions evasion, or other financial crimes. Prohibited activities include:

• Processing transactions involving proceeds of crime
• Facilitating transactions for or with sanctioned parties, countries, or entities
• Structuring transactions to avoid reporting thresholds
• Processing transactions without proper customer identification and verification
• Any activity that violates applicable AML/ATF laws or sanctions legislation

Non-compliance with this policy may result in disciplinary action, revocation of system access, referral to law enforcement, and personal liability under applicable law.

14. Cooperation with Authorities

Anton fully cooperates with FINTRAC, FinCEN, law enforcement, and other authorised regulatory bodies in the investigation and prevention of money laundering and terrorist financing. Anton is prepared to respond to regulatory examinations and produce records within committed timeframes.

15. Policy Updates

This policy is reviewed at least annually and updated following material regulatory changes, changes to products or risk profile, significant compliance incidents, or the independent review. All material changes are approved by the board of directors.

16. Contact

For questions about this policy or to report suspicious activity, please contact:

Anton Payments, Inc.
Compliance Department
Email: compliance@antonpayments.com