Pay1 Exchange Sole Ltd
Registration No: 208000171
Address: Level 2, Vasil Levski No. 38, Sredets District, Sofia P.C .1142,
Bulgaria
Trade Name: Pay1 Exchange
Domain: Https://pay1exchange.com
ANTI-MONEY LAUNDERING AND SANCTIONS POLICY
Version: 1.05
Effective Date: 1 June 2025
Location: Sofia, Bulgaria (EU)
This policy reflects Pay1 Exchange Sole Ltd’s commitment to combatting money laundering, terrorist financing, and sanctions violations in alignment with Regulation (EU) 2024/1624 and applicable Bulgarian law.
· Document Type: Compliance Policy
· Purpose: To prevent and detect money laundering, terrorist financing, and breaches of international sanctions.
· Target Audience: All staff and contractors of Pay1 Exchange
- Classification: Internal Use
- Owner: Managing Board, Pay1 Exchange
- Consulted: Compliance, Legal, HR
- Informed: All staff
- Related Documents:
- Code of Business Conduct and Ethics
- Whistleblower Policy
- Anti-Bribery and Corruption Policy
- Regulatory References:
- Regulation (EU) 2024/1624
- Regulation (EU) 2023/1113 (Transfer of Funds)
- Bulgarian AML Act (2023)
1. OBJECTIVES, SCOPE, AND GOVERNANCE
1.1 Objectives
This Anti-Money Laundering and Sanctions Policy (“the Policy”) is designed to ensure that Pay1 Exchange Sole Ltd complies with applicable legal and regulatory obligations under:
- Regulation (EU) 2024/1624 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing
- Regulation (EU) 2023/1113 on the traceability of transfers of funds and crypto-assets
- Relevant Bulgarian AML legislation
The policy establishes a risk-based framework to identify, assess, and mitigate the risk of the Company being misused for financial crime, including money laundering, terrorist financing, and sanctions evasion.
1.2 Scope and Application
This Policy applies to:
- All operations of Pay1 Exchange Sole Ltd in Sofia, Bulgaria
- All employees, directors, agents, and contractors, including temporary staff and consultants
It also governs the Company’s relationships with clients, counterparties, service providers, and affiliates to ensure AML and sanctions risks are managed consistently.
Residual risks are identified, reviewed periodically, and approved by the Managing Board, in consultation with Compliance and Legal.
1.3 Governance
Managing Board: Holds ultimate responsibility for AML and sanctions compliance, including the approval of policy updates and establishing the Company’s risk appetite.
Compliance Department:
- Owns and maintains the AML framework
- Provides mandatory staff training
- Monitors the control environment
- Advises on onboarding high-risk clients
- Ensures the appointment of a qualified Money Laundering Reporting Officer (MLRO)
Money Laundering Reporting Officer (MLRO):
- Serves as the primary point of contact for all AML investigations, suspicious transaction reports (STRs), and interactions with regulators (e.g. Financial Intelligence Directorate of Bulgaria)
Internal Audit:
- Independently assesses the effectiveness of the AML framework at least annually
All Staff:
- Must read and understand the Policy
- Complete mandatory AML training
- Promptly report any suspicious behaviour or activities to the MLRO
2. LEGAL FRAMEWORK AND KEY DEFINITIONS
2.1 Applicable Legal Framework
This Policy is grounded in the following:
- Regulation (EU) 2024/1624 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing
- Regulation (EU) 2023/1113 on transfer of funds and crypto-asset traceability
- Directive (EU) 2019/1153 on use of financial and other information by authorities
- Bulgarian AML Act (2023) and relevant decrees issued by the Bulgarian Financial Intelligence Directorate (FID-SANS)
The objective of this framework is to prevent Pay1 Exchange from being misused for laundering criminal proceeds or financing terrorism and to ensure full compliance with international financial sanctions.
2.2 Definition of Money Laundering
"Money laundering" refers to the process of concealing the origins of illicit funds to make them appear legitimate. It typically occurs in three stages:
- Placement: Introduction of criminal proceeds into the financial system (e.g., through cryptocurrency deposits or fiat gateways)
- Layering: Conducting complex transactions to obscure the audit trail (e.g., chain swaps, mixers, cross-chain bridges)
- Integration: Reintroducing funds into the legal economy (e.g., by investing in crypto assets or acquiring companies)
2.3 Definition of Terrorist Financing
Terrorist financing refers to the provision or collection of funds with the knowledge or intent that they will be used, in whole or in part, to carry out terrorist acts. The origin of such funds can be legal or illegal.
2.4 Sanctions Regime
Sanctions are restrictive measures imposed by the EU, UN, OFAC, or other regulatory bodies. Sanctions may involve:
- Asset freezes
- Bans on crypto or financial transfers to designated jurisdictions or individuals
- Trade or technology restrictions
Pay1 Exchange applies screening against all relevant sanction’s lists, including:
- EU Sanctions Lists (via European Commission)
- United Nations Consolidated List
- OFAC Sanctions Lists, including SDNs and Sectoral Sanctions Identifications (SSIs)
Engaging in business with sanctioned individuals or entities may result in severe penalties and reputational harm.
3. AML AND SANCTIONS COMPLIANCE PROGRAM
3.1 Core Elements
Pay1 Exchange operates a risk-based, proportionate compliance program in line with EU and Bulgarian AML obligations. Key pillars include:
- Risk-Based Customer Due Diligence (CDD)
- Ongoing monitoring and transaction surveillance
- Sanctions and PEP screening
- Mandatory staff training and awareness
- Clear internal reporting and escalation paths
- Appointment of an MLRO and independent audit capability
3.2 Roles and Responsibilities
Stakeholder - Responsibilities:
Managing Board - Oversight of AML framework, risk appetite, approval of high-risk clients and updates.
1. Compliance Dept. - Drafts policies, monitors controls, trains staff, supports onboarding and audits.
2. MLRO - Receives suspicious activity reports (SARs), liaises with FID-SANS and regulators.
3. Internal Audit - Periodically assesses AML framework and internal controls
4. All Staff - Completes AML training, reports suspicious activity, complies with policy.
3.3 Risk-Based Approach
The company implements a proportional approach to managing AML risk, based on:
- Customer risk (e.g., business type, ownership, source of funds)
- Product risk (e.g., crypto asset type, privacy features)
- Geographic risk (e.g., client origin, exposure to high-risk jurisdictions)
- Delivery channel (e.g., remote onboarding, self-service platforms)
Each client is assigned a risk rating and monitored accordingly.
3.4 Customer Due Diligence (CDD)
Standard CDD includes:
- Identification and verification of the customer and beneficial owner(s)
- Understanding the purpose and nature of the business relationship
- Ongoing monitoring of transactions
- Verification of legal structure and source of wealth
Enhanced CDD applies to high-risk profiles, including:
- Politically Exposed Persons (PEPs)
- Clients from jurisdictions with strategic AML deficiencies
- Complex ownership structures or crypto anonymization tools
Simplified CDD may apply to:
- EU-regulated financial institutions
- Bulgarian or EU government bodies
- Listed companies on regulated markets (e.g., Euronext, Nasdaq)
3.5 Sanctions and PEP Screening
Prior to onboarding or conducting business, customers and related individuals/entities are screened against:
- EU and UN consolidated sanctions lists
- US OFAC Sanctions (as an added risk signal)
- PEP databases and adverse media
Any positive match triggers an internal escalation to Compliance and the MLRO. No onboarding or transaction is permitted until resolved.
4. TRANSACTION MONITORING, REPORTING, AND RECORDKEEPING
4.1 Transaction Monitoring
Pay1 Exchange implements automated and manual transaction monitoring to detect suspicious or unusual activity. This includes:
- Pattern analysis and anomaly detection in crypto-asset flows
- Risk-based filtering of high-value, high-frequency, or cross-jurisdictional transactions
- Review of activity inconsistent with customer risk profile
Monitoring applies across:
- Fiat-to-crypto and crypto-to-fiat transactions
- On-chain transfers
- Use of privacy-enhancing tools (e.g., mixers, tumblers)
4.2 Red Flags and Unusual Activity
Examples of red flags include:
- Structuring or repeated micro-transactions
- Sudden, unexplained changes in trading behaviour
- Incoming funds from blacklisted wallets or sanctioned jurisdictions
- Overuse of privacy coins or mixing protocols
Staff must report any such observations to the MLRO immediately.
4.3 Suspicious Transaction Reporting (STR)
Employees who suspect or become aware of possible money laundering or terrorist financing must report it internally using a Suspicious Activity Report (SAR) form. The MLRO will:
- Assess the report in confidence
- Determine whether to escalate to the Financial Intelligence Directorate (FID-SANS)
- Maintain secure and confidential records of all reports
Employees are strictly prohibited from "tipping off" any party involved.
4.4 Recordkeeping
Pay1 Exchange retains all AML-related records securely for a minimum of **five (5) years** after the end of the business relationship, in accordance with:
- Article 51 of Regulation (EU) 2024/1624
- Bulgarian AML laws
Records include:
- CDD documents and identity data
- Risk assessments and client profiling
- Transaction logs and monitoring alerts
- STRs and correspondence with FID-SANS
All staff must support these obligations and protect confidentiality at all times.
4. TRANSACTION MONITORING, REPORTING, AND RECORDKEEPING
4.1 Transaction Monitoring
Pay1 Exchange implements automated and manual transaction monitoring to detect suspicious or unusual activity. This includes:
- Pattern analysis and anomaly detection in crypto-asset flows
- Risk-based filtering of high-value, high-frequency, or cross-jurisdictional transactions
- Review of activity inconsistent with customer risk profile
Monitoring applies across:
- Fiat-to-crypto and crypto-to-fiat transactions
- On-chain transfers
- Use of privacy-enhancing tools (e.g., mixers, tumblers)
4.2 Red Flags and Unusual Activity
Examples of red flags include:
- Structuring or repeated micro-transactions
- Sudden, unexplained changes in trading behaviour
- Incoming funds from blacklisted wallets or sanctioned jurisdictions
- Overuse of privacy coins or mixing protocols
Staff must report any such observations to the MLRO immediately.
4.3 Suspicious Transaction Reporting (STR)
Employees who suspect or become aware of possible money laundering or terrorist financing must report it internally using a Suspicious Activity Report (SAR) form. The MLRO will:
- Assess the report in confidence
- Determine whether to escalate to the Financial Intelligence Directorate (FID-SANS)
- Maintain secure and confidential records of all reports
Employees are strictly prohibited from "tipping off" any party involved.
4.4 Recordkeeping
Pay1 Exchange retains all AML-related records securely for a minimum of **five (5) years** after the end of the business relationship, in accordance with:
- Article 51 of Regulation (EU) 2024/1624
- Bulgarian AML laws
Records include:
- CDD documents and identity data
- Risk assessments and client profiling
- Transaction logs and monitoring alerts
- STRs and correspondence with FID-SANS
All staff must support these obligations and protect confidentiality at all times.
5. TRAINING, INTERNAL CONTROLS, AND POLICY REVIEW
5.1 Employee Training and Awareness
All employees, contractors, and relevant third parties must complete AML and sanctions compliance training:
- Upon joining the company
- Annually thereafter
- Whenever material legal or procedural updates occur
Training includes:
- AML/CTF regulatory obligations (EU and Bulgarian law)
- Internal reporting procedures and whistleblowing mechanisms
- Identifying red flags and PEPs
- Use of onboarding and screening tools
- Recordkeeping responsibilities and prohibited activities (e.g., tipping off)
Attendance is recorded, and records are retained for audit and regulatory review.
5.2 Internal Controls and Oversight
To support effective AML compliance, Pay1 Exchange ensures:
- Clear segregation of roles and duties
- Access-controlled systems for KYC and transaction data
- Oversight committees (if necessary) to review high-risk cases
- Periodic internal reviews by Compliance and/or Internal Audit
The MLRO and Compliance Department regularly assess the effectiveness of controls and propose enhancements where gaps are identified.
5.3 Policy Review and Update
This Policy is subject to:
- **Annual review** by the Compliance Department
- **Ad hoc revision** following changes in applicable law or regulatory guidance
- **Approval** by the Managing Board prior to implementation
The most recent approved version is published on the internal company intranet and available to all employees. Compliance notifies staff of any significant updates or new obligations.
This done, ratified and approved for signature of the CEO on 1 June 2025.