Know Your Customer / Know Your Business Policy

1. Regulatory Framework

Our KYC/KYB procedures are designed to satisfy the requirements of:

• Canada: Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA), s. 6 (ascertaining identity), and associated regulations (SOR/2002-184, Part 5)
• United States: Bank Secrecy Act (BSA) and FinCEN Customer Due Diligence Rule (31 CFR 1010.230)
• European Union: Anti-Money Laundering Directives (AMLD) customer due diligence requirements, where applicable to cross-border payout corridors
• International: Financial Action Task Force (FATF) Recommendation 10 (Customer Due Diligence)

2. Verification Provider

Anton uses Persona as its identity verification platform for both KYB (business entity verification) and KYC (individual identity verification). Persona is SOC 2 Type II, ISO 27001, PCI DSS, FedRAMP, and HIPAA certified. All identity verification, beneficial ownership screening, and PEP/sanctions checks are performed through Persona's platform.

No manual document substitution is permitted for identity verification. All beneficial owners must complete individual identity verification through Persona directly.

3. Merchant Onboarding Process

All merchants must complete a four-step onboarding process before transacting:

Step 1: Email Capture

Merchants must register with a business email domain. Consumer email domains (including Gmail, Yahoo, Outlook, ProtonMail, and other common providers) are blocked at the application layer. Only business email addresses are accepted.

Step 2: Identity Verification

Merchants complete KYB and KYC verification through Persona's embedded verification flow. Information collected includes:

• Legal business name, registration number, and tax identification number
• Date and jurisdiction of incorporation
• Business type, industry classification, and MCC code
• Registered and operating addresses
• Primary contact information
• All beneficial owners: full name, date of birth, nationality, country of residence, ownership percentage, role (director, shareholder, UBO), government-issued identification, PEP screening status, and sanctions screening status

Step 3: Activity and Intent Declaration

Merchants declare their expected activity profile, including:

• Expected monthly payout volume and transaction count
• Average transaction size
• Source of funds (categorised)
• Payout purposes (categorised)
• Destination countries and source currencies

Step 4: Terms and Agreements

Merchants must review and accept all applicable legal agreements before their account is activated, including the Merchant Services Agreement, Terms of Service, Acceptable Use Policy, Data Processing Agreement, Anti-Money Laundering Policy, and Sanctions Compliance Policy.

4. Beneficial Ownership Identification

Anton identifies and verifies all Ultimate Beneficial Owners (UBOs) as required by PCMLTFA regulations and the FinCEN CDD Rule:

• Threshold: Any individual who directly or indirectly owns or controls 25% or more of the merchant entity, or who exercises effective control regardless of ownership percentage
• Verification: All UBOs must complete individual identity verification through Persona. No manual document substitution is permitted.
• Tracking: The merchant portal displays a UBO verification tracker showing the status of each identified beneficial owner
• Progression gate: The onboarding process cannot advance until all UBOs have completed verification

Each UBO record includes PEP screening status and sanctions screening status, both performed through Persona. PEP matches trigger enhanced due diligence requirements as described in our AML/ATF Policy.

5. Due Diligence Tiers

Anton applies tiered due diligence based on assessed risk:

Standard CDD

Standard CDD is the baseline applied to all merchants. It includes the full four-step onboarding flow, business entity verification, all UBO identification and verification, source of funds declaration, expected activity profiling, sanctions screening, and risk scoring with tier assignment.

Enhanced Due Diligence (EDD)

EDD is triggered automatically when elevated risk factors are identified during onboarding or ongoing monitoring, including:

• High-risk onboarding risk assessment score
• Incorporation in a FATF grey-list jurisdiction
• PEP identified among beneficial owners
• High-risk industry classification
• Expected monthly volume exceeding established thresholds
• Corridors including multiple elevated-risk jurisdictions
• Complex ownership structures (trusts, partnerships, excessive UBO count)
• Third-party or unclear source of funds
• Recently incorporated businesses (less than 12 months)

EDD measures include requests for additional documentation through our Request for Information (RFI) process, senior management review and approval, account-level conditions (volume caps, corridor restrictions), elevated ongoing monitoring, and more frequent periodic reviews.

Simplified Due Diligence

Simplified due diligence is not currently implemented. All merchants undergo standard CDD regardless of risk profile. Anton has made a deliberate policy decision to defer SDD for at least the first 12 months of operations. SDD will only be considered after the compliance programme has been independently reviewed and the enterprise-wide risk assessment confirms that the merchant population supports a reduced diligence tier.

6. Risk Scoring

Each merchant receives a risk score at onboarding that determines their risk tier (Low, Medium, High, or Critical). The risk evaluation considers factors across four categories:

• Jurisdiction factors: Registration jurisdiction risk level, operating countries, bilateral AML agreements, corridor risk
• Business and financial factors: Industry risk classification, expected volume, business structure complexity, entity age
• Compliance factors: KYB and sanctions clearance status, PEP exposure among beneficial owners
• Trust and coherence factors: Source of funds verification, payment purpose alignment, jurisdiction and corridor coherence

The risk tier persists to the merchant's profile and influences all subsequent transaction-level risk evaluations for that merchant.

7. Ongoing Monitoring and Periodic Review

KYC/KYB is not a one-time process. Ongoing due diligence is maintained through:

• Continuous transaction monitoring via real-time risk scoring and asynchronous pattern detection
• Periodic merchant reviews at frequencies determined by risk tier: Critical-tier merchants are reviewed quarterly at minimum; High-risk merchants quarterly; Medium-risk semi-annually; Low-risk annually
• Automatic risk re-evaluation when critical monitoring alerts are generated
• Requests for updated documentation, source of funds verification, or clarification of unusual activity through the RFI process

Reviews may be triggered outside the scheduled cycle by critical alerts, regulatory inquiries, adverse media, or material changes to a merchant's business profile.

8. PEP and Sanctions Screening

All merchants, beneficial owners, and payees are screened for Politically Exposed Person (PEP) status and against applicable sanctions lists through Persona. Screening covers foreign PEPs, domestic PEPs, Heads of International Organisations, family members, and close associates.

PEP and sanctions screening is performed at onboarding and on an ongoing basis through Persona's continuous monitoring. Any change in PEP or sanctions status triggers an immediate review. For full details on PEP handling and sanctions screening, see our AML/ATF Policy and Sanctions Compliance Policy.

9. Data Protection and Storage

All KYC/KYB information is collected, processed, and stored in accordance with our Privacy Policy and applicable data protection laws, including PIPEDA (Canada), GDPR (EU), and CCPA (California).

Personally identifiable information and identity documents are stored in PCI DSS-certified vault infrastructure (Basis Theory), separate from Anton's core database. KYB/KYC verification results and identity documents are maintained within Persona's SOC 2 Type II certified platform.

Records are retained for a minimum of five years from the date the business relationship ends, in accordance with PCMLTFA and BSA/FinCEN requirements. Anton's infrastructure is configured for seven-year retention, exceeding the regulatory minimum.

10. Failure to Provide Information

If a merchant fails to provide required KYC/KYB information or if verification cannot be completed, Anton may:

• Issue a Request for Information (RFI) with a defined urgency and deadline
• Suspend the merchant's account until verification is complete
• Refuse to establish a business relationship
• Terminate an existing relationship
• Report suspicious activity to the appropriate authorities

Merchants with open, unresolved RFIs are subject to elevated risk scoring on all transactions until the RFI is resolved.

11. Policy Updates

This policy is reviewed at least annually and updated following material regulatory changes, changes to products or risk profile, or findings from the independent review. Material changes are approved by the board of directors.

12. Contact

For questions about our KYC/KYB procedures or to provide updated information, please contact:

Anton Payments, Inc.
Compliance Department
Email: compliance@antonpayments.com