RULES FOR THE PREVENTION OF MONEY LAUNDERING AND (OR) TERRORIST FINANCING

Effective Date: 05.2026
Issued By: Geloro Pay Ltd
Registered Headquarters: 2100-1055 West Georgia St, Vancouver, British Columbia, Canada, V6E 3P3
Platform Operated: Crypto-Asset Exchange (Octapex)

Registered as a Money Services Business (MSB) with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC)

1. General Provisions

Purpose
Geloro Pay Ltd (the “Company”) maintains a low-risk appetite and zero-tolerance approach toward knowingly facilitating money laundering (ML), terrorist financing (TF), sanctions evasion, or other financial crime.

The Company will refuse or terminate any business relationship where ML/TF risk cannot be reduced to an acceptable level.

These Rules establish a comprehensive AML/CFT framework designed to:

  • Prevent misuse of the Platform;
  • Detect suspicious financial activity;
  • Report relevant activity to FINTRAC and other competent authorities;
  • Protect financial system integrity;
  • Comply with applicable Canadian AML/CFT laws.

Scope
These Rules apply to:

  • All crypto-asset services provided by the Company;
  • All employees, officers, directors, and contractors;
  • All Customers and business relationships.

AML/CFT obligations apply at onboarding, throughout the relationship, and post-termination where required.

2. Legal Basis

These Rules are established in accordance with:

  • Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA)
  • Regulations under the PCMLTFA
  • Guidance issued by FINTRAC
  • Financial Action Task Force (FATF) Recommendations

The Company operates as a registered Money Services Business (MSB) in Canada and is subject to regulatory oversight by FINTRAC.

3. Definitions

Customer: A natural or legal person entering into a business relationship with the Company.

Beneficial Owner: The natural person who ultimately owns or controls the Customer.

Politically Exposed Person (PEP): An individual entrusted with prominent public functions, including close associates.

Crypto-Asset: A digital representation of value transferable electronically.

KYC: Know Your Customer identity verification process.

KYT: Ongoing transaction monitoring process.

STR: Suspicious Transaction Report submitted to FINTRAC.

4. Risk-Based Approach

The Company applies a structured risk-based AML framework evaluating:

  • Customer risk;
  • Geographic risk;
  • Product and service risk;
  • Delivery channel risk;
  • Transactional behavior risk.

A formal ML/TF risk assessment is conducted at least annually and approved by senior management and the Board.

5. Customer Identification & Verification (KYC)

The Company shall:

  • Verify Customer identity prior to establishing a relationship;
  • Identify and verify Beneficial Owners;
  • Conduct sanctions and PEP screening;
  • Prohibit anonymous accounts and fictitious identities.

Remote identification is conducted using compliant digital verification methods in accordance with FINTRAC requirements.

6. Sanctions & Restrictive Measures Compliance

The Company conducts continuous screening against:

  • Canadian sanctions lists;
  • United Nations sanctions lists;
  • Other applicable international sanctions regimes.

Confirmed sanctions matches result in:

  • Immediate account restriction or freeze;
  • Escalation to the MLRO;
  • Reporting to FINTRAC and/or relevant authorities where required.

7. Travel Rule Compliance

In accordance with FATF standards and Canadian regulatory expectations:

The Company:

  • Collects originator and beneficiary information for transfers;
  • Verifies counterpart Virtual Asset Service Providers (VASPs);
  • Securely transmits required transfer data;
  • Rejects transfers lacking mandatory information;
  • Applies enhanced scrutiny to unhosted wallets.

8. Customer Risk Classification

Customers are classified into:

Low Risk
Regulated institutions and public bodies.

Medium Risk
Standard customers without elevated risk indicators.

High Risk
Includes:

  • Politically Exposed Persons (PEPs);
  • High-risk jurisdictions;
  • Complex ownership structures;
  • High-risk crypto exposure;
  • Adverse media;
  • Suspicious behavioral indicators.

9. High-Risk Customer Controls

The Company applies enhanced due diligence (EDD) to high-risk customers, including:

  • Source of funds and source of wealth verification;
  • Senior management approval;
  • Increased monitoring frequency.

The Company reserves the right to decline or terminate relationships where risk remains unacceptable.

10. Crypto-Specific Monitoring Controls

The Company utilizes blockchain analytics tools to detect:

  • Sanctioned wallet exposure;
  • Mixer/tumbler usage;
  • Obfuscation techniques;
  • High-risk DeFi interaction;
  • Structuring and layering activity.

Alerts trigger immediate review and escalation.

11. Ongoing Monitoring (KYT)

Continuous monitoring includes:

  • Transaction pattern analysis;
  • Behavioral anomaly detection;
  • Risk-based alert systems;
  • Manual review of high-value transactions.

12. Reporting Obligations

The Company complies with all reporting obligations under the PCMLTFA, including:

  • Suspicious Transaction Reports (STRs);
  • Large Virtual Currency Transaction Reports (LVCTR), where applicable;
  • Terrorist Property Reports;
  • Electronic Funds Transfer Reports, where applicable.

All reports are submitted to FINTRAC within required timeframes.

13. Reporting Suspicious Activity

Where there are reasonable grounds to suspect ML/TF:

  • An STR shall be submitted to FINTRAC without delay;
  • Transactions may be restricted or suspended;
  • Tipping-off is strictly prohibited.

14. Relationship Termination

The Company shall terminate relationships where:

  • Sanctions are identified;
  • Source of funds cannot be verified;
  • Beneficial ownership cannot be confirmed;
  • Repeated suspicious activity occurs;
  • Risk becomes unmanageable.

All decisions are documented and escalated.

15. AML Compliance Program

The Company maintains a comprehensive AML program including:

  • Written policies and procedures;
  • Formal risk assessment;
  • Ongoing AML training;
  • Appointment of a Compliance Officer (MLRO);
  • Independent effectiveness review.

16. Governance & Oversight

Escalation structure:
Employee → Compliance → MLRO → Senior Management → Board

The Board:

  • Approves AML risk assessments;
  • Reviews compliance metrics;
  • Oversees risk management.

17. Independent Testing

The AML framework is subject to:

  • Internal reviews;
  • Independent audits;
  • Remediation tracking;
  • Regulatory readiness procedures.

18. Data Retention

Records are retained for a minimum of five (5) years following the end of the business relationship or transaction, in accordance with Canadian law.

19. Information Protection

Employees are prohibited from:

  • Disclosing STRs;
  • Informing customers of investigations;
  • Circumventing AML controls.

20. Responsibilities

MLRO

  • Oversees AML framework
  • Submits reports to FINTRAC
  • Acts as regulatory contact

Employees

  • Conduct KYC/KYT
  • Report suspicious activity
  • Complete AML training

21. Monitoring & Metrics

The Company tracks:

  • Risk classifications
  • STR volumes
  • Sanctions matches
  • Terminations
  • Monitoring alerts

22. Final Provisions

These Rules:

  • Are reviewed annually;
  • Updated as required by law;
  • Approved by senior management;
  • Supported by mandatory AML training.
This is a staging environment