TRANSFER OF ASSETS POLICY
Geloro Pay Ltd
Trading as: Octapex
Registered Headquarters: 2100-1055 West Georgia St, Vancouver, British Columbia, Canada, V6E 3P3
Version: 2
Prepared by: MLRO
Approved by: Chief Compliance Officer (CCO)
Effective Date: 19 April 2026
Implementation Responsibility: CCO
1. Purpose and Scope
This Policy establishes the framework governing crypto-asset transfers executed by Octapex.
Its objective is to ensure that all transfers are conducted in a secure, compliant, and risk-controlled manner, consistent with regulatory obligations and internal risk standards.
Octapex operates under a conservative risk model and may refuse, suspend, or terminate transfers where risks cannot be sufficiently mitigated.
2. Regulatory Compliance Framework
This Policy is aligned with applicable regulatory requirements, including:
- FINTRAC (Financial Transactions and Reports Analysis Centre of Canada requirements)
- Regulation (EU) 2023/1113 (Travel Rule)
- AML/CFT legislation
- FATF Recommendations
Octapex operates in accordance with supervisory expectations of relevant financial authorities.
3. Risk Management Principles
Octapex maintains a strict risk-based approach to transfer execution.
The Company does not process transfers involving:
- High-risk customers
- Sanctioned individuals or jurisdictions
- Unverified originators or beneficiaries
- Incomplete Travel Rule data
- Exposure to high-risk blockchain activity (e.g., mixers, illicit services)
All transfers are subject to full compliance validation prior to execution.
4. Pre-Transfer Compliance Requirements
No transfer is processed unless all required compliance checks are successfully completed.
4.1 Customer Verification Status
- Customer must be classified as Low or Medium risk
- Full KYC verification must be completed
- Customer must not be a Politically Exposed Person (PEP)
- No links to high-risk jurisdictions
4.2 Sanctions and Screening Controls
- Originator and beneficiary are screened against sanctions lists
- Wallet addresses are analyzed using blockchain tools
- Continuous monitoring is applied
- Confirmed matches result in immediate restriction and escalation
5. Travel Rule Compliance
Octapex ensures full compliance with Travel Rule requirements:
- Verification of originator and beneficiary information
- Rejection of incomplete or missing data
- Validation of counterparty compliance where applicable
- Additional controls applied to unhosted wallets
Transfers are not executed without complete regulatory information.
6. Blockchain Risk Assessment
Each transfer is subject to blockchain risk analysis, including:
- Sanctions exposure
- Interaction with mixers or tumblers
- Darknet-related activity
- High-risk DeFi exposure
- Cross-chain obfuscation patterns
High-risk indicators trigger suspension and compliance review.
7. Transaction Restrictions and Rejection Criteria
Octapex may reject, suspend, or return transfers where:
- Required information is incomplete
- Sanctions exposure is identified
- Suspicious structuring is detected
- Source of funds cannot be verified
- Economic purpose is unclear
- Activity exceeds expected customer behavior
- Repeated compliance alerts occur
- Technical or network risks are present
The Company retains full discretion to decline transfers based on risk assessment.
8. Monitoring and Post-Transfer Controls
Monitoring continues after execution and includes:
- Ongoing blockchain analysis
- Detection of suspicious transaction patterns
- Escalation for regulatory reporting (STR)
- Potential relationship review or termination
9. Fraud Prevention and Security Measures
Octapex applies multiple safeguards to protect transfers:
- Multi-factor authentication (MFA)
- Withdrawal verification procedures
- Device and behavioral monitoring
- Risk-based transaction scoring
- Manual review of high-value transfers
Security-based controls may delay or override transaction execution.
10. Transfer Finality and User Acknowledgment
Users are informed that:
Crypto-asset transfers are irreversible once confirmed on the blockchain.
Octapex is not liable for correctly executed transfers where:
- Instructions were accurate
- Required compliance checks were satisfied
11. Error Handling and Liability Limitations
The Company accepts liability only where:
- Unauthorized activity results from internal failure
- The issue is reported within 48 hours
- The user complied with security requirements
No liability applies where:
- Incorrect wallet details are provided
- Security measures are not followed
- Transfers are properly executed in accordance with instructions
12. Escalation and Account Actions
Octapex may take immediate action where risks arise, including:
- Freezing transfers
- Restricting account access
- Terminating customer relationships
- Filing regulatory reports
- Notifying relevant authorities
Service continuation depends on maintaining an acceptable risk profile.
13. Governance and Oversight
Oversight of transfer activities is maintained by:
- Chief Compliance Officer (CCO)
- Money Laundering Reporting Officer (MLRO)
- Risk Management Function
- Senior Management
Governance includes:
- Monitoring transfer risk metrics
- Reviewing rejected transactions
- Assessing sanctions exposure
- Ensuring alignment with regulatory standards
14. Information Requirements and Deadlines
Where required information is missing:
- 3 business days for EU-origin transfers
- 5 business days for non-EU transfers
Failure to provide required information results in transfer rejection or return.
15. Continuous Improvement
Octapex continuously enhances its transfer controls by:
- Updating risk models
- Improving monitoring systems
- Adapting to regulatory developments
- Strengthening internal procedures
16. Final Provisions
This Policy reflects Octapex’s commitment to:
- Regulatory compliance
- Financial crime prevention
- Operational resilience
- Market integrity
The Company prioritizes compliance and security over transaction volume and reserves the right to refuse service where risk is unacceptable.