Fraud Policy

Geloro Pay Ltd (“the Company”) is committed to maintaining a secure, transparent, and compliant environment for digital asset services. This Fraud Policy establishes the framework used to identify, prevent, detect, investigate, and respond to fraud, money laundering, terrorist financing, and market abuse risks across all services operated under the Octapex platform.

The Company is registered as a Money Services Business (MSB) in Canada and is regulated by the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC). It operates in accordance with applicable obligations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA), FINTRAC guidance, applicable sanctions legislation, and relevant provisions of Canadian law relating to financial crime and market integrity.

This Policy applies to all users of the platform, as well as employees, directors, contractors, and any persons acting on behalf of the Company.

Regulatory Environment

The Company operates within the Canadian regulatory framework governing money services businesses and digital asset service providers. It maintains a risk-based compliance program designed to meet obligations under the PCMLTFA and FINTRAC requirements, including customer due diligence, transaction monitoring, sanctions screening, and suspicious activity reporting.

Where activities raise potential concerns related to fraud, financial crime, or market integrity, the Company may also consider applicable provisions of Canadian criminal law and relevant securities regulations. The Company cooperates with FINTRAC and other regulatory or law enforcement authorities where required by law or where legally appropriate.

In all cases, where there is any conflict between internal policies and applicable law or regulation, legal and regulatory obligations shall prevail.

Non-Custodial Operating Model

The Company operates on a strictly non-custodial basis.

It does not hold, store, or control client funds or digital assets at any time, nor does it manage or have access to client private keys. The Company does not act as a custodian, trustee, or safekeeper of client assets.

All clients retain full ownership and control of their digital assets, which are held in external wallets under their sole control. Transactions are executed directly between client-controlled wallets and external blockchain or payment systems.

The Company’s role is strictly limited to providing exchange and payment facilitation infrastructure.

The Company does not guarantee settlement outcomes, market conditions, or protection against third-party fraud outside its platform.

Definition of Fraud and Financial Crime

Fraud refers to any intentional act or omission designed to deceive, misrepresent, or unlawfully obtain financial or personal gain from the Company, its systems, or its users. This includes identity fraud, account takeover, payment fraud, unauthorized access, and misuse of platform functionality.

Money laundering refers to the process of concealing or disguising the origin of proceeds of crime through placement, layering, or integration into the financial system.

Market abuse refers to conduct that undermines fair and orderly markets, including insider trading, misuse of non-public information, spoofing, layering, wash trading, and coordinated manipulation of trading activity.

Suspicious activity refers to any transaction or behaviour that gives rise to reasonable grounds to suspect that fraud, money laundering, terrorist financing, or market abuse may be occurring or attempted.

Governance and Accountability

The Board of Directors is responsible for overseeing the effectiveness of the Company’s financial crime risk framework and ensuring that appropriate resources are allocated to compliance and risk management functions.

The Compliance Officer is responsible for the implementation and operational oversight of fraud prevention, monitoring systems, and internal controls.

The Money Laundering Reporting Officer (MLRO) is responsible for assessing suspicious activity and determining whether regulatory reporting obligations to FINTRAC arise. The MLRO has sole authority for submitting Suspicious Transaction Reports (STRs).

The Compliance Officer and MLRO operate independently in decision-making but work closely to ensure consistent execution of regulatory obligations.

Fraud Prevention Framework

The Company applies a risk-based fraud prevention framework designed to mitigate exposure to account compromise, identity fraud, and transactional abuse.

All users are subject to identity verification prior to accessing services. Enhanced due diligence is applied where higher risk indicators are identified, including unusual transaction behaviour, high-volume activity, or exposure to high-risk jurisdictions.

The Company uses layered technical controls including multi-factor authentication, device recognition, behavioural monitoring, anomaly detection, and transaction risk scoring.

Transaction limits, velocity controls, and manual review processes may be applied to withdrawals and high-risk activity.

AML and Financial Crime Controls

The Company maintains an ongoing anti-money laundering and counter-terrorist financing program in accordance with FINTRAC requirements.

This includes customer due diligence, sanctions screening, politically exposed person (PEP) checks, and continuous transaction monitoring.

Where suspicious activity is identified, it is escalated to the MLRO for assessment and potential filing of a Suspicious Transaction Report (STR) with FINTRAC.

Market Integrity Controls

The Company monitors trading activity to detect and prevent market abuse and maintain fair and orderly market conditions.

Monitoring systems identify unusual trading patterns, including rapid order placement and cancellation, abnormal price movements, and coordinated trading behaviour across accounts.

Where necessary, the Company may restrict platform access or suspend transaction execution to protect market integrity and ensure orderly investigation.

Monitoring, Detection, and Investigation

The Company operates continuous monitoring systems designed to detect fraud, AML risks, and market abuse in real time.

Alerts are reviewed by the Compliance function and escalated based on severity. Investigations may involve Compliance, Risk, Legal, and IT Security teams.

Where credible financial crime risk is identified, the Company may apply preventive measures including account restrictions or suspension of transaction execution pending investigation.

These controls are designed to mitigate risk but do not eliminate it entirely.

Reporting Obligations

The Company reports suspicious activity to FINTRAC in accordance with applicable legal requirements under the PCMLTFA.

The Company may also report suspected criminal activity to law enforcement authorities and cooperate fully with investigations where required or legally permitted.

Where relevant, the Company may also engage with provincial securities regulators regarding market integrity matters.

Enforcement Measures

Where fraud, money laundering, or market abuse is suspected or confirmed, the Company may take appropriate enforcement action.

This may include suspension or termination of accounts, restriction of platform access, suspension of transaction execution, and blocking of transactions where operationally feasible.

The Company does not hold or control client assets and therefore cannot freeze funds. However, it may restrict access to its platform and prevent transaction execution through its systems.

The Company may disclose relevant information to regulatory or law enforcement authorities where required or permitted by law.

User Responsibilities

Users are responsible for maintaining the security of their accounts, including safeguarding credentials and enabling security features such as multi-factor authentication.

Users must monitor their accounts for unauthorized activity and report any suspected compromise immediately.

The Company does not provide insurance or guarantees against fraud-related losses. Users remain responsible for maintaining adequate security practices for their accounts and external wallets.

Record Keeping

The Company maintains records of customer verification, transactions, monitoring alerts, investigations, and regulatory reporting in accordance with applicable legal retention requirements.

All records are stored securely and are available to regulatory authorities upon lawful request.

Continuous Improvement

The Company continuously reviews and enhances its fraud prevention and financial crime controls in response to evolving risks, regulatory developments, and emerging threats in the digital asset sector.

Policy Integration

This Policy forms part of the Company’s integrated financial crime framework and should be read alongside the AML/CTF Policy and Market Abuse Policy.

In the event of any inconsistency, applicable law and regulatory requirements prevail.