Skip to main content

ANTI-MONEY LAUNDERING (AML) POLICY V8

ANTI-MONEY LAUNDERING POLICY


VERSION 8.0  |  MARCH 2026

 

GROOVY COMPANY, INC. DBA OTCM PROTOCOL

Wyoming Corporation  |  CIK: 1499275  |  OTC: GROO  |  12 Daniel Rd East, Fairfield, NJ 07004

 

BSA/FinCEN  |  OFAC  |  USA PATRIOT Act  |  Release No. 33-11412  |  BOARD APPROVED  |  CONFIDENTIAL

 

Field

Value

Document ID

OTCM-POL-AML-001

Version

1.8.0 (supersedes V1.0)

Effective Date

January 30,March 2026

Classification

CONFIDENTIAL

Approved By

Board of Directors

Legal Entity

Groovy Company, Inc. dba OTCM Protocol

Governing Law

Bank Secrecy Act, USA PATRIOT Act, OFAC, FinCEN, Federal Securities Law, New Jersey State Law


 

πŸ“‹ TABLE OF CONTENTS

  1. Article I: Purpose and Regulatory Framework
  2. Article II: AML Program Structure
  3. Article III: Customer Identification Program (CIP)
  4. Article IV: Customer Due Diligence (CDD)
  5. Article V: Enhanced Due Diligence (EDD)
  6. Article VI: Beneficial Ownership
  7. Article VII: Transaction Monitoring
  8. Article VIII: Suspicious Activity Reporting
  9. Article IX: OFAC Sanctions Compliance
  10. Article X: Blockchain-Specific Controls
  11. Article XI: Recordkeeping
  12. Article XII: Training Program
  13. Article XIII: Independent Testing
  14. Article XIV: Administration

🎯 ARTICLE I: PURPOSE AND REGULATORY FRAMEWORK

Section 1.1 β€” Purpose

This Anti-Money Laundering Policy (the "Policy"β€œPolicy”) establishes Groovy Company, Inc. dba OTCM Protocol, Inc.'Protocol’s (the "Company"β€œCompany”) program to prevent money laundering, terrorist financing, and other financial crimes.crimes The Policy is designed to:

🎯 Objective

Description

πŸ›‘οΈ

Prevent Crime

Detect and prevent money laundering and terrorist financing

βš–οΈ

Ensure Compliance

Comply withacross all applicableCompany AML laws and regulations

πŸ”

Identify Risk

Identify and mitigate AML/CFT risks

πŸ“’

Report Activity

File required reports with regulatory authorities

πŸ›οΈ

Protect Integrity

Protect the integrity of the financial system

πŸ”—

Platform Security

Prevent illicit use ofoperations, the OTCM Protocol platformplatform, CEDEX, and all ST22 Digital Securities and OTCM Utility Token transactions.

 

Section 1.2 β€” Regulatory Framework

This Policy is adopted pursuant to and in compliance with:

βš–οΈ Regulation

Description

Bank Secrecy Act (BSA)

31 U.S.C. Β§ 5311 et seq. β€” Recordkeeping and reporting

USA PATRIOT Act

Enhanced due diligence, CIP requirements

FinCEN Regulations

31 CFR Chapter X β€” AML program requirements

OFAC Regulations

31 CFR Parts 500-500–599 β€” Sanctions compliance

SEC Rule 17a-8

Broker-dealer SAR filing requirements

FATF Recommendations

International AML/CFT standards

SECRelease JanuaryNo. 2026 Guidance33-11412

TokenizedSEC–CFTC securitiesDigital complianceSecurities taxonomy (March 17, 2026, binding)

FATF Travel Rule

FATF Recommendation 16 β€” Virtual asset transferstransfer information requirements

 

Section 1.3 β€” Scope

This Policy applies to:

to

πŸ“‹ Scope

Coverage

🏒

Company Operations

Allall Company business activities

πŸ”—activities,

Platform Transactions

Allall OTCM Protocol and CEDEX platform transactions

πŸͺ™transactions,

Tokenall Activities

ST22 SecurityDigital TokenSecurities and OTCM Utility Token transactions

πŸ‘€transactions,

Customers

Allall issuers, investors, and platform usersusers, all partners (Empire Stock Transfer, custody providers, service providers), and all geographic operations.

🀝 

Partners

Transfer agents, custodians, service providers

🌍

Geographic

Global operations

Section 1.4 β€” Money Laundering Defined

Money laundering is the process of disguising thecriminal proceeds ofthrough criminalthree activity:

stages:

πŸ”„Placement Stage

Description

1️⃣

Placement

Introducing(introducing illicit fundsfunds), intoLayering the financial system

2️⃣

Layering

Disguising(disguising the trail through complex transactions

3️⃣transactions),

and Integration

Reintroducing (reintroducing funds as legitimate assets

🚨assets). Predicate Offensesoffenses Include:

include

πŸ’°drug Category

Examples

πŸ’Štrafficking,

Drug Trafficking

Narcotics sales and distribution

🎰

Fraud

Securitiessecurities fraud, wire fraud, bank fraudfraud, tax evasion, terrorist financing, human trafficking, public corruption, embezzlement, ransomware, and cryptocurrency theft.


πŸ’° 

Tax Evasion

Federal and state tax crimes

πŸ”«

Terrorism

Terrorist financing and material support

πŸ‘€

Human Trafficking

Human smuggling and trafficking

πŸ›οΈ

Corruption

Bribery, public corruption

πŸ’³

Theft

Embezzlement, theft, robbery

🌐

Cybercrime

Ransomware, hacking, crypto theft

πŸ›οΈ ARTICLEArticle II: AML PROGRAMProgram STRUCTUREStructure

Section 2.1 β€” ProgramFive ComponentsPillars

The Company's AML Program consists of five pillars:

πŸ›οΈ Pillar

Description

1️⃣1.

Internal Controls

Policies, procedures, and systems including 42 Transfer Hook controls and blockchain monitoring via Chainalysis KYT + TRM Labs

2️⃣2.

BSA/AML Officer

Designated compliance officer with authority, Board access, and oversight of all AML operations

3️⃣3.

Training

Ongoing employee training covering BSA, OFAC, blockchain AML, and SAR filing

4️⃣4.

Independent Testing

RegularAnnual independent program audits by qualified external auditors (CAMS/CFE certified)

5️⃣5.

Customer Due Diligence

Risk-based CDD program including KYC, KYB, KYW, and beneficial ownership verification via Empire Stock Transfer

 

Section 2.2 β€” BSA/AML Compliance Officer

πŸ‘€ Designation

The Board of Directors designates a BSA/AML Compliance Officer (the "AML Officer") with overall responsibility for the AML Program.

πŸ“‹ Qualification

Requirement

πŸŽ“

Knowledge

Comprehensivecomprehensive BSA/AML knowledge

πŸ‘”knowledge,

Authority

Sufficientsufficient authorityauthority, to implement program

πŸ’Ό

Experience

Relevant compliance experience

πŸ“Š

Access

Direct access todirect Board and senior management

πŸ“‹access. Responsibilities

πŸ“‹include Duty

Description

🎯program

Programoversight, Oversight

Overseepolicy all aspects of AML Program

πŸ“œ

Policy Development

Develop and update AML policies

πŸ”

Risk Assessment

Conductdevelopment, enterprise AML risk assessments

πŸ“’assessments,

SAR Filing

Reviewfiling anddecisions, fileregulatory Suspiciousliaison Activity Reports

πŸ›οΈ

Regulatory Liaison

Interface with (FinCEN, SEC, examiners

πŸŽ“OFAC,

Training

Ensure adequate AMLexaminers), training

πŸ“Š

Reporting

Report tooversight, Board onreporting, AML matters

πŸ”—

Blockchain Monitoring

Overseeand blockchain transaction monitoring oversight.

 

Empire Stock Transfer is the sole investor onboarding authority for all ST22 issuers. The AML Officer coordinates with Empire on all KYC/KYB/KYW/AML/OFAC procedures but does not perform investor onboarding directly.

 

Section 2.3 β€” BoardRisk OversightAssessment

πŸ“‹ Board Responsibility

Frequency

βœ…Risk

Approve AML PolicyFactor

Annually and as amendedConsiderations

πŸ“Š

Review AML Reports

Quarterly

πŸ”

Review Audit Findings

Upon completion

πŸ‘€

Approve AML Officer

Upon appointment

πŸ’°

Allocate Resources

Annually

Section 2.4 β€” Risk Assessment

The AML Officer shall conduct an enterprise-wide AML risk assessment:

πŸ” Risk Factor

Considerations

πŸ‘€

Customer Risk

Customer types, geographic locationslocations, accreditation status, wallet history

πŸ“Š

Product Risk

ProductsST22 andDigital servicesSecurities, offeredOTCM Utility Token, stablecoin settlement (GENIUS Act)

🌍

Geographic Risk

Countries and regions servedserved, FATF grey/blacklist, OFAC sanctions

πŸ”—

Channel Risk

Delivery channelsCEDEX (online,24/7 blockchain)blockchain trading), stablecoin on-ramp, wallet connectivity

πŸ’°

Transaction Risk

Transaction types, volumes, patternspatterns, velocity, Global Pool activity

πŸ“Š

 Risk Rating

🚦 Rating

Description

Review Frequency

🟒

LowRating

Standard risk customersDescription

AnnualReview Frequency

🟑Low

Medium(Green)

ElevatedStandard risk factorscustomers

Semi-annualAnnual

πŸ”΄Medium

High(Yellow)

SignificantElevated risk factors

QuarterlySemi-annual

⚫High

Prohibited(Red)

UnacceptableSignificant risk factors β€” PEPs, high-risk jurisdictions

Quarterly

Prohibited (Black)

Unacceptable risk β€” sanctioned parties, FATF blacklist

No onboarding permitted


 

πŸ‘€ ARTICLEArticle III: CUSTOMERCustomer IDENTIFICATIONIdentification PROGRAMProgram (CIP)

Section 3.1 β€” CIP Requirements

Before establishing aany business relationship, theEmpire CompanyStock must:

Transfer

βœ…(as Requirement

Description

πŸ“‹sole

Collectonboarding Information

Obtainauthority) must collect required identifying information

βœ…information,

Verify Identity

Verifyverify identity through documentsdocumentary or non-documentary methods

πŸ”methods,

Screen Lists

Screenscreen against OFAC and other watchlistswatchlists, maintain CIP records, and provide the CIP notice to all customers.

πŸ“ 

Maintain Records

Retain CIP records

πŸ“’

Provide Notice

Inform customers of CIP requirements

Section 3.2 β€” RequiredIndividual Information β€” IndividualsCIP

πŸ“‹ Information

Required

NotesVerification

πŸ‘€

Full Legal Name

βœ…Yes Yes

Asβ€” it appearsas on government ID

Government ID match

πŸ“…

Date of Birth

βœ… Yes

FullGovernment DOBID requiredmatch

🏠

Residential Address

βœ…Yes Yes

Noβ€” no P.O. boxes

Utility bill / bank statement < 90 days

πŸ”’

SSN/TIN

βœ…Yes Yes(U.S. persons)

ForDatabase U.S. personsverification

πŸ›‚

Passport Number

βœ…Yes If (non-U.S. persons)

PlusDocument verification + country of issuance

Email / Phone

πŸ“§ Yes

Email confirmation / SMS verification

EmailSolana Wallet Address

βœ…Yes Yesβ€” for KYW

ForEd25519 platformsignature access

πŸ“žchallenge (wallet ownership proof)

Phone Number

βœ… Yes

For verification

 

Section 3.3 β€” RequiredEntity Information β€” EntitiesCIP

πŸ“‹ Information

Required

Notes

 

Legal Name

βœ… Yes

Full legal entity name

🏷️

DBA Names

βœ… If applicable

All trade names

πŸ“

Principal Address

βœ… Yes

Physical address required

πŸ”’

EIN/TIN

βœ… Yes

Federal tax ID

πŸ›οΈ

State of Formation

βœ… Yes

Jurisdiction

πŸ“…

Formation Date

βœ… Yes

Date of incorporation

πŸ“‹

Entity Type

βœ… Yes

Corporation, LLC, etc.

🌐

Website

βœ… If applicable

Company website

Section 3.4 β€” Identity Verification β€” IndividualsMethods

πŸ“„ Documentary Verification

πŸ“„ Acceptable Documents

Requirement

πŸ›‚Documentary:

Government-Issuedgovernment-issued Photophoto ID

Current,ID, unexpired

πŸš—passport

Driver's License

U.S. state-issued

πŸ›‚

Passport

(U.S. or foreignforeign), driver’s license, state ID, national ID. Non-documentary: credit bureau verification, bank account verification, government databases, third-party KYC providers. All verification performed by Empire Stock Transfer.

πŸ†” 

State ID Card

Government-issued

🌍

National ID

For non-U.S. persons

πŸ’» Non-Documentary Verification

πŸ’» Method

Description

πŸ“Š

Credit Bureau

Identity verification services

🏦

Financial References

Bank account verification

πŸ“‹

Public Records

Government databases

πŸ”—

Third-Party Services

KYC/identity verification providers

Section 3.5 β€” IdentityEnhanced VerificationIssuer β€” EntitiesCIP

πŸ“„ Required Documents

Notes

πŸ“œIssuers onboarding to OTCM Protocol require: full entity CIP, CIP on all authorized signers, 25%+ beneficial owners identified (10%+ for issuers), control person identified, business operations verification, SEC/state filing review, Common Class B documentation (board resolution, Certificate of Designation draft).

 

Formation Documents

Articles of incorporation/organization

πŸ“‹

Good Standing Certificate

Recent certificate from state

πŸ”’

EIN Letter

IRS EIN confirmation

πŸ“Š

Operating Agreement

For LLCs

πŸ“‹

Bylaws

For corporations

βœ…

Board Resolution

Authorizing account opening

Section 3.6 β€” CIP for Platform Issuers

Issuers onboarding to OTCM Protocol require enhanced CIP:

πŸ“‹ Requirement

Description

🏒

Entity Verification

Full entity CIP as above

πŸ‘€

Authorized Signers

CIP on all authorized signers

🎯

Beneficial Owners

25%+ owners identified

πŸ‘”

Control Person

Individual with significant control

πŸ“Š

Business Verification

Verification of business operations

πŸ“‹

Securities Filings

Review of SEC/state filings

Section 3.7 β€” CIP Notice

TheIMPORTANT: following notice must be provided to all customers:

πŸ“’ IMPORTANT INFORMATION ABOUT PROCEDURES FOR OPENING A NEW ACCOUNT

To help the government fight the funding of terrorism and money laundering activities, federal law requires all financial institutions to obtain, verify, and record information that identifies each person who opens an account.

What this means for you: When you open an account or access our platform, we will ask for your name, address, date of birth, and other information that will allow us to identify you. We may also ask to see your driver's license or other identifying documents.information.


 

πŸ” ARTICLEArticle IV: CUSTOMERCustomer DUEDue DILIGENCEDiligence (CDD)

Section 4.1 β€” CDD RequirementsObjectives

The Company must conduct CDD on all customers to:

πŸ” Objective

Description

πŸ‘€

Understand Customer

Know who the customer is

πŸ’Όis,

Understandunderstand Business

Understandthe nature and purpose of relationship

πŸ“Šthe

Assessrelationship, Risk

Developdevelop a customer risk profile

πŸ”profile,

Monitor Activity

Conductconduct ongoing monitoring

πŸ“‹monitoring,

Updateand Information

Maintainmaintain current customer informationinformation.

 

Section 4.2 β€” Customer Risk Rating Factors

Each customer is assigned a risk rating based on:

πŸ” Factor

Risk Indicators

πŸ‘€

Customer Type

Individual,type (individual, entity, institutional

🌍institutional),

Geography

Countrygeography (country of residence/operationsoperations), occupation/industry (high-risk industries), transaction patterns (expected vs. actual), source of funds (origin of wealth), negative news (adverse media screening), and wallet risk score (Chainalysis KYT + TRM Labs).

πŸ’Ό 

Occupation/Industry

High-risk industries

πŸ’°

Transaction Patterns

Expected activity vs. actual

πŸ”—

Source of Funds

Origin of wealth/funds

πŸ“Š

Negative News

Adverse media screening

πŸ“Š Risk Categories

🚦 Category

Description

Examples

🟒

Low Risk

Standard risk profile

U.S. individuals, established businesses

🟑

Medium Risk

Elevated risk factors

Foreign nationals, newer businesses

πŸ”΄

High Risk

Significant risk factors

PEPs, high-risk jurisdictions, cash-intensive

⚫

Prohibited

Unacceptable risk

Sanctioned parties, shell banks

Section 4.3 β€” Source of Funds/Wealth

πŸ’° Inquiry

Required For

πŸ’΅

Source of Funds

Allfunds customersinquiry β€”required originfor ofall transactioncustomers. funds

πŸ’°

Source of Wealth

High-wealth documentation required for high-risk customers β€” origin of overall wealth

πŸ“‹customers. Acceptable Sources

sources

βœ…include Source

Documentation

πŸ’Όemployment

Employmentincome Income

Pay(pay stubs, tax returns), business income (financial statements), investment returns (brokerage statements), real estate proceeds, inheritance, and retirement funds.

🏒 

Business Income

Financial statements, tax returns

πŸ“ˆ

Investment Returns

Brokerage statements

🏠

Real Estate

Sale documents

🎁

Inheritance

Estate documents

πŸ’°

Retirement Funds

Account statements

Section 4.4 β€” NatureOngoing Monitoring and PurposeCDD of RelationshipRefresh

πŸ“‹ Understanding

Documentation

🎯

PurposeMonitoring

Why is customer using our services?Frequency

Method

πŸ“Š

Expected Activity

Volume, frequency, transaction types

πŸ’Ό

Business Model

How customer generates income

πŸ”—

Platform Use

Intended use of OTCM Protocol

Section 4.5 β€” Ongoing Monitoring

πŸ” Monitoring Type

Frequency

πŸ“Š

Transaction Monitoring

Continuous

Chainalysis KYT + TRM Labs + Transfer Hook controls

πŸ“‹

Profile Review

Per risk rating

Manual schedulereview by Empire / Compliance

πŸ”

Negative News

Periodic

Automated adverse media screening

πŸ›οΈ

Sanctions Screening

Daily and+ transaction-basedper transaction

Three-layer OFAC architecture

πŸ“ˆWallet

PatternRisk AnalysisRescoring

OngoingWeekly

TRM Labs 200+ behavioral features

Section

 4.6 β€” CDD Refresh

🚦 Risk Level

CDD Refresh Frequency

🟒

Low

Every 3 years

🟑

Medium

Every 2 years

πŸ”΄

High

Annually

⚠️

Trigger Event

Upon any material change in customer profile or activity


 

πŸ”΄ ARTICLEArticle V: ENHANCEDEnhanced DUEDue DILIGENCEDiligence (EDD)

Section 5.1 β€” When EDD Is RequiredTriggers

Enhanced Due DiligenceEDD is required for:

πŸ”΄high-risk Category

Description

🌍jurisdictions

High-Risk(FATF Jurisdictions

Countries identified by FATF,grey/blacklist, FinCEN

πŸ‘”

Politicallyadvisories), Exposedpolitically Persons

PEPsexposed persons (PEPs) and their associates

🏒associates,

Complexcomplex Structures

Multi-multi-layered ownership,ownership shellstructures, companies

πŸ’°high-value

High-Value Transactions

Transactionstransactions exceeding thresholds

⚠️defined

Negativethresholds, News

Adverseadverse media findings

πŸ”—findings,

High-Riskhigh-risk Industries

Casinos,industries (casinos, MSBs, crypto exchangesexchanges), and unexplained transaction patterns.

πŸ“Š 

Unusual Patterns

Unexplained transaction patterns

Section 5.2 β€” PoliticallyPEP Exposed Persons (PEPs)Requirements

πŸ‘” PEP Definition

A PEP is an individual who is or has been entrusted with a prominent public function:

πŸ‘” PEP Category

Examples

πŸ›οΈPEPs

Governmentinclude Officials

Headsheads of state, ministers, legislators

βš–οΈlegislators,

Judicial Officials

Seniorsenior judges, prosecutors

πŸŽ–οΈ

Military Officers

Seniorsenior military officials

🏦officials,

Statestate Enterpriseenterprise Executives

Seniorexecutives, executives of state-owned enterprises

πŸ›οΈ

Political Party Officials

Seniorsenior political party officials

πŸ‘¨β€πŸ‘©β€πŸ‘§β€πŸ‘¦officials,

Familyand Members

Immediateimmediate family of above

🀝

Close Associates

Knownand close associates of above

all

πŸ“‹of the above. PEP EDD Requirements

requires:

πŸ“‹ Requirement

Description

πŸ‘”

Senior Approval

Seniorsenior management approval to onboard

πŸ’°onboard,

Source of Wealth

Detaileddetailed source of wealth documentation

πŸ“Šdocumentation,

Enhancedenhanced Monitoring

Increasedongoing transaction monitoring

πŸ“‹monitoring,

Periodic Review

Moremore frequent relationship review

πŸ“’review,

Escalation

Reportand escalation to AML OfficerOfficer.

 

Section 5.3 β€” High-Risk Jurisdictions

🌍 FATF High-Risk Jurisdictions

Countries subject to FATF call to action or increased monitoring:

🚦 Category

Treatment

⚫

FATF Blacklist

ProhibitedPROHIBITED β€” no business relationships permitted

πŸ”΄

FATF Grey List

EDD required, enhanced monitoringmonitoring, quarterly review

🟑

FinCEN Advisories

Heightened scrutinyscrutiny, additional verification

OFAC Comprehensively Sanctioned

PROHIBITED β€” North Korea, Iran, Syria, Cuba, Crimea/Donetsk/Luhansk

πŸ“‹ High-Risk Jurisdiction EDD

πŸ“‹ Requirement

Description

πŸ” 

Enhanced Verification

Additional identity verification

πŸ’°

Source Documentation

Detailed source of funds/wealth

πŸ“Š

Transaction Justification

Business rationale for transactions

πŸ‘”

Senior Approval

Management approval required

πŸ“‹

Ongoing Review

Quarterly relationship review

Section 5.4 β€” Complex OwnershipStructures Structuresand Documentation

πŸ“‹ Requirement

Description

πŸ“Š

Ownership Chart

CompleteComplex ownership structurestructures require: complete ownership diagram

πŸ‘€

Ultimatethrough Beneficialall Owner

Identifylevels to natural personspersons, withidentification control

πŸ’Όof

Businessultimate Rationale

Legitimatebeneficial reasonowner, forlegitimate structure

🌍business

Jurisdictionrationale, Review

Reviewreview of all jurisdictions involved

πŸ“‹involved,

Documentation

Fulland documentationfull ofdocumentation. structure

Section 5.5 β€” EDD Documentation

All EDD must be documented including:with written risk assessment, procedures performed, findings, management approval with rationale, and all supporting documents.

πŸ“‹

Documentation

Description

🚦 

Risk Assessment

Written risk assessment

πŸ“‹

EDD Procedures

EDD steps performed

πŸ“Š

Findings

Results of EDD

βœ…

Approval

Management approval and rationale

πŸ“

Supporting Documents

All supporting documentation

πŸ‘₯ ARTICLEArticle VI: BENEFICIALBeneficial OWNERSHIPOwnership

Section 6.1 β€” Beneficial Ownership Requirements

πŸ‘€ Category

Requirement

πŸ“Š

Equity Owners

Eacheach individual owning 25%+ of the entity

πŸ‘”

Control(ownership Person

Atprong) and at least one individual with significant control (control prong β€” CEO, CFO, Managing Member, General Partner, or equivalent).

 

Section 6.2 β€” Ownership ThresholdThresholds

πŸ“Š Ownership Level

Identification Required

25%+

βœ… Yes β€” full CIP requiredRequirement

10-24%25%+

βœ…Full ForCIP high-riskrequired entitieson each beneficial owner

< 10%10–24%

⚠️Required Iffor high-risk entities and all OTCM Protocol issuers

< 10%

Required if individual has significant management control

 

Section 6.3 β€” ControlPlatform PersonIssuer Enhanced Requirements

AtFor leastissuers onetokenizing Controlequity Personas mustST22 beDigital Securities: all 10%+ owners identified β€”(lower anthreshold individualthan withstandard), significantall responsibilityofficers to(CEO, control,CTO, manage,COO orand directother theexecutives), entity:all directors, full cap table review, and ongoing reporting of material ownership changes.

πŸ‘” Examples

Description

πŸ‘” 

CEO

Chief Executive Officer

πŸ’°

CFO

Chief Financial Officer

βš–οΈ

General Counsel

Chief Legal Officer

🎯

Managing Member

For LLCs

πŸ‘”

General Partner

For partnerships

Section 6.4 β€” CertificationExemptions

Entity customers must certify beneficial ownership on the Beneficial Ownership Certification Form:

πŸ“‹ Certification Content

Required

🏒

Entity Information

Legal name, address, type

πŸ‘€

Beneficial Owners

Name, DOB, address, SSN, ownership %

πŸ‘”

Control Person

Name, DOB, address, SSN, title

✍️

Signature

Authorized representative signature

πŸ“…

Date

Date of certification

Section 6.5 β€” Verification

πŸ“‹ Verification Step

Description

πŸ“„

Document Review

Formation documents, ownership records

πŸ”

Database Verification

Third-party verification services

πŸ“Š

Public Records

Secretary of state, SEC filings

πŸ’»

Screening

Sanctions and negative news screening

Section 6.6 β€” Exemptions

Certain entities are exempt from beneficial ownership requirements:

βœ… Exempt Entity

Reason

πŸ“Šentities:

Publiclypublicly Traded

traded SEC reporting companies

🏦companies,

Regulatedregulated Financialfinancial Institutions

Subjectinstitutions subject to existing AMLAML, requirementsfederal/state/local government entities, SEC-registered investment companies, and bank-regulated entities.


πŸ›οΈ 

Government Entities

Federal, state, local governments

πŸ“‹

Registered Investment Companies

SEC-registered funds

🏦

Bank-Regulated Entities

Banks, credit unions

Section 6.7 β€” Platform Issuer Beneficial Ownership

For issuers on OTCM Protocol:

πŸ“‹ Requirement

Description

πŸ‘€

All 10%+ Owners

Lower threshold than standard

πŸ‘”

All Officers

CEO, CFO, and other executive officers

πŸ›οΈ

All Directors

Board members

πŸ“Š

Cap Table Review

Full review of capitalization table

πŸ”„

Ongoing Updates

Material ownership changes reported

πŸ“Š ARTICLEArticle VII: TRANSACTIONTransaction MONITORINGMonitoring

Section 7.1 β€” Monitoring Program

The Company maintains a transaction monitoring program tousing detect:Chainalysis KYT (continuous on-chain monitoring), TRM Labs (weekly wallet risk rescoring across 200+ features), Transfer Hook Controls 11–15 (per-transaction AML risk scoring inside Solana runtime), rules-based automated systems, behavioral analytics, manual review of flagged transactions, and scheduled account reviews.

πŸ” Detection Target

Description

πŸ’° 

Suspicious Activity

Potentially illicit transactions

πŸ“Š

Unusual Patterns

Deviations from expected activity

🚨

Structuring

Transactions designed to evade reporting

🌍

Sanctions Violations

Transactions with sanctioned parties

πŸ“ˆ

Threshold Exceedances

Transactions exceeding defined limits

Section 7.2 β€” Monitoring Methods

πŸ” Method

Description

πŸ€–

Automated Systems

Rules-based transaction monitoring

πŸ“Š

Behavioral Analytics

Pattern detection and anomaly identification

πŸ‘€

Manual Review

Human review of flagged transactions

πŸ”—

Blockchain Analysis

On-chain transaction analysis

πŸ“‹

Periodic Reviews

Scheduled account reviews

Section 7.3 β€” Red Flags

πŸ’° Transaction Red Flags

🚨 Red Flag

Description

πŸ’΅β€’       

Structuring

MultipleStructuring: multiple transactions just below thresholds$10,000 threshold

πŸ”„β€’       

Round-Tripping

Fundstripping: funds sent and returned without economic purpose

βš‘β€’       

Rapid Movement

Quickin-out: in-and-outquick movement of funds within 24 hours

πŸ“Šβ€’       

Unusual Volume

Activityvolume: activity inconsistent with customer profile

πŸŒβ€’       

High-Risk Jurisdictions

Transactions with sanctioned/high-risk countriesjurisdiction transactions

πŸ‘€β€’       

Third-Party Payments

Unexplained third-party involvement

πŸ‘€ Customer Red Flags

🚨 Red Flag

Description

πŸ“‹ 

Reluctant Documentation

Hesitancy to provide required documents

πŸ”„

Frequent Changes

Frequent changes to account information

❓

Inconsistent Information

Information doesn't match public records

😰

Unusual Behavior

Nervousness, urgency, secrecy

πŸ’Ό

No Business Purpose

Cannot explain business rationale

🚫

Avoiding Thresholds

Requests to avoid reporting requirements

πŸ”— Blockchain Red Flags

🚨 Red Flag

Description

πŸ”€β€’        Mixer/tumbler use (Tornado Cash, etc.)

Mixer/Tumbler Use

Transactions through mixing services

πŸŒ‘β€’       

Darknet Connectionsmarket connections

Wallets associated with darknet markets

πŸ’³β€’       

Multiple Wallets

Rapid transfers across many wallets

πŸ”—β€’       

Chain Hopping

Cross-hopping: cross-chain transfers to obscure origin

πŸ€–β€’       

Automated Layering

Bot-driven transactionautomated layering

πŸš¨β€’       

Sanctioned Wallets

Interaction with OFAC-listed wallet addresses

 

Section 7.43 β€” Alert Management

⚑ Step

Timeline

Action

1️⃣Step

Real-time

Alert generated by monitoring systemTimeline

2️⃣Alert generated

WithinReal-time 24(Chainalysis hoursKYT / Transfer Hook)

Alert assigned to analyst

Within 24 hours

3️⃣

Within 5 days

Initial review completed

Within 5 business days

4️⃣Investigation completed

Within 15 business days

Investigation completed

5️⃣

Within 30 days

SAR filed if warranted

Within 30 days of detection

Section


7.5 β€” Investigation Procedures

πŸ” Step

Action

πŸ“‹ 

Gather Information

Collect transaction records, customer data

πŸ”—

Blockchain Analysis

Analyze on-chain activity

πŸ“Š

Pattern Analysis

Review for patterns and anomalies

πŸ‘€

Customer Inquiry

Contact customer if appropriate

πŸ“‹

Document Findings

Complete investigation memo

🚦

Disposition

Close, escalate, or file SAR

πŸ“’ ARTICLEArticle VIII: SUSPICIOUSSuspicious ACTIVITYActivity REPORTINGReporting

Section 8.1 β€” SAR Filing ObligationObligations

The Company must file a Suspicious Activity Report (SAR) when:

πŸ“‹ Threshold

Requirement

πŸ’°

$5,000+Threshold

Suspicious activity involving $5,000 or moreRequirement

πŸ‘€$5,000+

Knownwith Subjectknown subject

WhereSAR arequired suspectβ€” canFinCEN beForm identified111 via BSA E-Filing

❓

Unknown Subject

$25,000+ with nounknown identifiablesubject

SAR suspectrequired

πŸ”—Any

Ongoingamount Relationshipwith existing relationship

AnySAR amountrequired if relationshipactivity existsis suspicious

Imminent threat

Immediate filing + law enforcement notification

 

Section 8.2 β€” What Is SuspiciousTimeline

Activity is suspicious if it:

🚨 Indicator

Description

πŸ’°

Involves Criminal Proceeds

Known or suspected proceeds of crime

🚫

Evades Reporting

Designed to evade BSA reporting

❓

Lacks Business Purpose

No apparent lawful purpose

πŸ“Š

Unusual Pattern

Unusual given customer profile

🎭

Disguises Ownership

Designed to disguise ownership/control

Section 8.3 β€” SAR Filing Timeline

⏱️ Timeline

Requirement

πŸ“…

30 Days

Fromdays from detection of suspicious activity

πŸ“…activity.

60 Days

Ifdays if no suspect identified (to identify suspect)

🚨.

Immediate

If if imminent threat to life or propertyproperty. Continuing activity: 90-day review and continuation SAR as needed.

 

Section 8.43 β€” SAR Content

πŸ“‹ Section

Required Information

πŸ‘€

Subject Information

Name, address, ID numbers, account info

🏒

Filing Institution

Company information

πŸ“Š

Suspicious Activity

Type, date, amount, instruments

πŸ“

Narrative

Detailed description of suspicious activity

πŸ“Ž

Supporting Documentation

Referenced but not attached

Section 8.5 β€” SAR Confidentiality

πŸ”’ SARs are STRICTLY CONFIDENTIAL

CONFIDENTIAL.

🚫 Prohibition

Description

🚫

No Disclosure

Cannot disclose SAR filing to subject

🚫the

Nosubject. Tipping

Cannot notify subject of investigation

🚫investigation.

Limited Sharing

Share only with authorized parties

βœ…parties.

FinCEN Requests

Must respond to FinCEN requests

βœ…requests.

LawMust Enforcement

Cooperatecooperate with law enforcementenforcement. requests

Section 8.6 β€” Continuing Activity

For ongoing suspicious activity:

πŸ“‹ Requirement

Description

πŸ”„

90-Day Review

Review and file continuation SAR

πŸ“Š

New Information

File new SAR if material new information

πŸ“‹

Document Review

Document decision to continue or close

Section 8.7 β€” SAR Safe Harbor

πŸ›‘οΈ 31 U.S.C. Β§ 5318(g)(3) provides protectionsafe harbor from liability for good faith SAR filings.


 

πŸ›οΈ ARTICLEArticle IX: OFAC SANCTIONSSanctions COMPLIANCECompliance

Section 9.1 β€” OFACThree-Layer ProgramScreening OverviewArchitecture

TheOTCM CompanyProtocol maintainsimplements athree-layer sanctionsOFAC compliancescreening: program(1) toEmpire ensure:Stock Transfer onboarding screening, (2) Chainalysis KYT + TRM Labs continuous wallet monitoring, (3) Transfer Hook Controls 8–10 real-time screening on every ST22 transaction inside the Solana runtime.

πŸ›‘οΈ Objective

Description

🚫 

Prohibited Transactions

No transactions with sanctioned parties

πŸ”

Screening

All customers and transactions screened

❄️

Blocking

Blocked property properly handled

πŸ“’

Reporting

Required reports filed

Section 9.2 β€” OFAC Lists Screened

πŸ“‹ List

Description

πŸ“Š

SDN List

SpeciallyUpdate Designated Nationals and Blocked PersonsFrequency

🏒SDN

SSI(Specially ListDesignated Nationals)

SectoralDaily Sanctions(within Identifications24 hours of OFAC publication)

🚫Consolidated

FSENon-SDN ListLists

Foreign Sanctions EvadersDaily

SSI (Sectoral Sanctions)

πŸ”—As updated by OFAC

FSE (Foreign Sanctions Evaders)

As updated

CAPTA List

CorrespondentAs Account or Payable-Through Accountupdated

🌍

Country Programs

Cuba, Iran, North Korea, Syria, Russia,Russia/Crimea etc.β€” comprehensive prohibition

 

Section 9.3 β€” Screening RequirementsPoints

πŸ” Screening Point

Requirement

πŸ‘€

Customer Onboarding

Screenonboarding (before account opening

πŸ“Šopening),

Transactionevery Processing

Screentransaction all(Transfer transactions

πŸ”„Hook

PeriodicControls Rescreening

Daily8–10), daily against updated lists

πŸ“‹lists,

Name Changes

Screen whenupon customer information changeschanges, all counterparties, and all Solana wallet addresses via Chainalysis + TRM Labs.

πŸ”— 

Counterparties

Screen all transaction counterparties

Section 9.4 β€” Blockchain Sanctions Screening

πŸ”— Screening Type

Description

πŸ’³

Wallet Screening

Screenaddress wallet addressesscreening against OFACOFAC-designated list

πŸ”—addresses,

Transactiontransaction Screening

Screenscreening blockchainon transactions

πŸ“Ševery

IndirectST22 Exposure

Identifytransfer, walletsindirect withexposure sanctionedidentification connections

πŸ”(2-hop

Blockchainaddress Analytics

Useclustering), and specialized blockchain compliance tools

🚨(Chainalysis OFAC-ListedKYT Wallet+ Addresses

TRM

Labs). OFAC has designated specific blockchain addresses. The Company:

Company

πŸ“‹blocks Requirement

Action

🚫

Block Transactions

Noall transactions with listed addresses

❄️addresses,

Freezefreezes Assets

Blockproperty, property of listed addresses

πŸ“’

Report

Filefiles blocking report within 10 days

πŸ”business

Monitor

Monitordays, and monitors for indirect exposureexposure.

 

Section 9.5 β€” Potential Match Handling

⚑ Step

Action

1️⃣1. Hold

Transaction/account placed on immediate hold

2️⃣2. Review

Compliance review within 24 hours

3️⃣3. Determine

Determine if trueTrue match or(>95%): falseblock and report. Potential (75–95%): manual review. False positive (<75%): document and release.

4️⃣4. Block/Report

If true match: block and report

5️⃣

If false positive: document and release

Section 9.6 β€” Blocking and Rejecting

πŸ“‹ Action

When Required

❄️

Block

SDN or blocked person β€” freeze assets

🚫assets,

Reject

Prohibited transaction β€” refuse to process

πŸ“’

Report

Filefile blocking report with OFAC

Section 9.7 β€” OFAC Reporting

πŸ“‹ Report

Timeline

❄️

Blocking Report

Withinwithin 10 business days of blocking

πŸ“Š5.

Annual Report

ByFile by September 30 for all blocked property

πŸ“‹

Voluntary Disclosure

Promptly upon discovery of violation


 

πŸ”— ARTICLEArticle X: BLOCKCHAIN-SPECIFICBlockchain-Specific CONTROLSControls

Section 10.1 β€” BlockchainMonitoring and Analytics

Real-time on-chain monitoring via Chainalysis KYT. Wallet risk scoring and attribution. Transaction Monitoring

πŸ”— Control

Description

πŸ“Š

On-Chain Monitoring

Real-time monitoring of blockchain transactions

πŸ”

Wallet Analysis

Risk scoring of wallet addresses

πŸ”—

Transaction Tracing

Sourcesource and destination tracking

🚨tracking.

Alert Generation

Automated alerts for suspicious patternspatterns. Cluster analysis identifying related wallets. Mixer/tumbler detection. OFAC-listed address screening.

 

Section 10.2 β€” Blockchain Analytics Tools

The Company utilizes blockchain analytics to:

πŸ” Capability

Description

πŸ’³

Wallet Attribution

Identify wallet owners where possible

πŸ”—

Cluster Analysis

Identify related wallets

πŸ“Š

Risk Scoring

Assign risk scores to addresses

πŸŒ‘

Illicit Activity Detection

Identify connections to illicit activity

πŸ”€

Mixer Detection

Identify mixing/tumbling services

πŸ›οΈ

Sanctions Screening

Screen against OFAC-listed addresses

Section 10.3 β€” Travel Rule Compliance

For virtual asset transfers exceeding applicable thresholds: originator and beneficiary full legal name, wallet address, and institution (if applicable) must be collected and transmitted per FATF Recommendation 16.

πŸ“‹ Information

Required

πŸ‘€ 

Originator Name

Full legal name

πŸ’³

Originator Wallet

Wallet address

🏦

Originator Institution

If applicable

πŸ‘€

Beneficiary Name

Full legal name

πŸ’³

Beneficiary Wallet

Wallet address

🏦

Beneficiary Institution

If applicable

Section 10.43 β€” Unhosted Wallet Controls

For transactions with unhosted (self-custodied) wallets:

πŸ“‹ Threshold

Requirement

πŸ’°

> $3,000

Collect and verify counterparty information

πŸ’°

> $10,000

Enhanced due diligence required

πŸ”΄

High Risk

May require additionalAdditional documentation and source of funds verification

 

Section 10.54 β€” Token-Specific Controls

πŸͺ™ST22 Digital Securities Controls

β€’        42 Transfer Hook compliance checks on every transfer inside Solana runtime

β€’        Whitelist verification β€” only Empire-registered wallets can hold tokens

β€’        Volume monitoring for unusual trading patterns on CEDEX

β€’        Holding period enforcement (Rule 144: 6 months Reg D / 12 months Reg S)

β€’        Circuit breakers: >10% price move in 5 minutes = 15-minute halt

 

OTCM Utility Token Controls

πŸ“‹ Control

Description

πŸ“Šβ€’       

Transaction Limits

Daily/monthly transaction limits

πŸ”β€’        Wash trading and manipulation pattern monitoring

β€’        Wallet concentration limits

β€’        Large transfer monitoring and alerts

 

Pattern

Section 10.5 β€” CEDEX and Liquidity Monitoring

MonitorGlobal Unified CEDEX Liquidity Pool monitoring for washmanipulation, trading,CPMM manipulationbonding curve monitoring for artificial price manipulation, swap and stablecoin conversion tracking, and cross-chain activity monitoring.


πŸ’³ 

Wallet Limits

Limits

Article onXI: holdings per wallet

πŸ”—

Transfer Monitoring

Monitor large transfers

πŸ”— ST22 Security Token Controls

Recordkeeping

πŸ“‹ Control

Description

πŸ”Record

Transfer HooksType

ComplianceRetention checks on every transferPeriod

βœ…

Whitelist Verification

Only verified wallets can hold tokens

πŸ“Š

Volume Monitoring

Monitor unusual trading volumes

πŸ”’

Lock Enforcement

Vesting and lock-up enforcement

🚨

Circuit Breakers

Automatic trading halts for anomalies

Section 10.6 β€” DeFi and DEX Monitoring

πŸ”— Monitoring Area

Description

πŸ’§

Liquidity Pools

Monitor pool activity for manipulation

πŸ“ˆ

Bonding Curves

Monitor for artificial price manipulation

πŸ”„

Swap Activity

Track swaps and conversions

πŸŒ‰

Bridge Transactions

Monitor cross-chain activity

πŸ“ ARTICLE XI: RECORDKEEPING

Section 11.1 β€” General Requirements

All AML records must be:

πŸ“‹ Requirement

Description

βœ…

Accurate

Complete and accurate

πŸ”’

Secure

Protected from unauthorized access

πŸ“‚

Retrievable

Retrievable within reasonable time

πŸ“

Organized

Systematically organized

Section 11.2 β€” Retention Periods

πŸ“ Record Type

Retention Period

πŸ‘€

CIP Records

5 years after account closure

πŸ”

CDD/EDD Records

5 years after account closure

KYW Wallet Records

πŸ“Š5 years after wallet deregistration

Transaction Records

5 years from transaction date

πŸ“’

SAR Records

5 years from filing date

πŸ›οΈ

OFAC Screening Records

5 years from date of record

πŸŽ“

Training Records

5 years

πŸ”

Audit Reports

5 years

πŸ”—

Blockchain Records (off-chain)

5 years (off-on-chain copies)records are permanent/immutable)

Beneficial Ownership Certifications

5 years after account closure

Section 11.3 β€” CIP Records

πŸ“‹ Record

Requirement

πŸ‘€ 

Identifying Information

Name, DOB, address, ID number

πŸ“„

ID Documents

Copies of documents used for verification

πŸ’»

Verification Methods

Description of methods used

πŸ”

Verification Results

Results of verification process

⚠️

Discrepancies

Resolution of any discrepancies

Section 11.4 β€” Transaction Records

πŸ“‹ Record

Requirement

πŸ’°

Amount

Transaction amount

πŸ“…

Date

Date and time of transaction

πŸ‘€

Parties

All parties to transaction

πŸ’³

Account/Wallet

Account numbers, wallet addresses

πŸ”—

Transaction ID

Transaction hash (for blockchain)

πŸ“‹

Purpose

Nature of transaction

Section 11.5 β€” SAR Records

πŸ“‹ Record

Requirement

πŸ“’

SAR Copy

Copy of filed SAR

πŸ“‹

Supporting Documentation

All supporting documents

πŸ”

Investigation File

Complete investigation file

πŸ“

Narrative Backup

Detailed narrative and analysis

πŸŽ“ ARTICLEArticle XII: TRAINING PROGRAM

Section 12.1 β€” Training Requirements

Program

πŸŽ“ Training Type

Audience

Frequency

πŸ“‹

General AML

All employees

Annual

πŸ”

Role-Specific AML

AML staffstaff, analysts

Upon hire + annual

πŸ‘”

Management

Senior management

Annual

πŸ›οΈ

Board

Board of Directors

Annual

πŸ”—

Blockchain AML

Technical staff (CEDEX, Transfer Hooks)

Upon hire + annual

πŸ“’

SAR Training

AML analystsanalysts, Compliance Officer

Upon hire + annual

Section 12.2 β€” Training Content

πŸ“‹ Topic

Coverage

βš–οΈContent

Legalcovers Framework

BSA, BSA/USA PATRIOT Act,Act/OFAC OFAC

πŸ”legal

Redframework, Flags

Recognizingred suspiciousflag activity

πŸ“’recognition

Reporting

Internal(transaction, escalation,customer, blockchain), internal escalation and SAR filing

πŸ‘€filing,

CIP/CDD

CustomerCDD/KYW identificationprocedures, sanctions compliance and duethree-layer diligence

πŸ›οΈscreening,

Sanctions

OFAC compliance

πŸ”—

Blockchain

Crypto-blockchain-specific AML concerns (mixers, chain hopping, darknet), and this Policy.


πŸ“œ 

Company Policy

This Policy and procedures

Section 12.3 β€” Training Documentation

πŸ“‹ Documentation

Required

πŸ“…

Date

Date of training

πŸ‘€

Attendees

List of participants

πŸ“‹

Content

Training materials/agenda

βœ…

Completion

Attestation of completion

πŸ“Š

Assessment

Test results (if applicable)

Section 12.4 β€” Ongoing Education

πŸ“‹ Method

Description

πŸ“§

Alerts

Regulatory updates and alerts

πŸ“°

Newsletters

AML compliance newsletters

πŸŽ“

Webinars

Industry webinars and conferences

πŸ“‹

Case Studies

Review of enforcement actions

πŸ” ARTICLEArticle XIII: INDEPENDENTIndependent TESTINGTesting

Section 13.1 β€” Testing Requirements

πŸ“‹ Requirement

Description

πŸ”„

Frequency

At least annually

πŸ‘€

Independence

Conducted by an independent party

πŸ“Š

(external firm with CAMS/CFE certification or independent internal audit). Scope

All aspectscovers ofall AML program

πŸ“‹

Documentation

Writtenaspects: reportpolicies, ofCIP/CDD/KYW findings

sample

Sectiontesting, 13.2 β€” Testing Scope

πŸ” Area

Testing Activities

πŸ“‹

Policies

Review of policies and procedures

πŸ”

CIP/CDD

Sample testing of customer files

πŸ“Š

Transaction Monitoring

Effectiveness oftransaction monitoring

πŸ“’

SAR Process

Review ofeffectiveness, SAR filing processprocess, OFAC screening effectiveness, training adequacy, and blockchain-specific controls.

πŸ›οΈ 

OFAC

Sanctions screening effectiveness

πŸŽ“

Training

Training program adequacy

πŸ”—

Blockchain Controls

Blockchain-specific controls

Section 13.3 β€” Qualified Auditors

Independent testing must be conducted by:

βœ… Qualified Auditor

Description

🏒

External Firm

Third-party audit firm with AML expertise

πŸ‘€

Internal Audit

Internal audit (if independent)

πŸŽ“

Qualifications

CAMS, CFE, or equivalent certification

πŸ“Š

Experience

Demonstrated AML audit experience

Section 13.4 β€” Findings and Remediation

⚑ Step

Action

1️⃣

Findings reported to AML Officer

2️⃣

Findings reported toand Board/Audit Committee

3️⃣

Committee. Remediation plan developed

4️⃣

Remediationdeveloped, implemented

5️⃣

Follow-implemented, and follow-up testingtested.

of

 remediation

πŸ›οΈ ARTICLEArticle XIV: ADMINISTRATIONAdministration

Section 14.1 β€” Policy Owner

The BSA/AML Compliance Officer is the ownerPolicy ofowner. thisAnnual Policyreview covers regulatory changes, industry best practices, audit findings, updated risk assessment, and is responsible for:

πŸ“‹ Duty

Description

πŸ“‹

Maintenance

Keeping Policy current

πŸ”

Interpretation

Providing authoritative interpretation

πŸ“Š

Reporting

Reporting to Board on AML matters

πŸŽ“

Training

Ensuring adequate training

πŸ”§

Updates

Recommending Policy updates

Section 14.2 β€” Annual Review

This Policy shall be reviewed annually and updated to reflect:

πŸ”„ Review Area

Consideration

βš–οΈ

Regulatory Changes

New laws, regulations, guidance

πŸ†

Best Practices

Industry developments

πŸ”

Audit Findings

Internal and external audit results

πŸ“Š

Risk Assessment

Updated risk assessment

πŸ”—

Technology Changes

Newnew blockchain/platform features

features.

SectionAdministrative 14.3changes β€” Amendments

πŸ“‹ Amendment Type

Approval Required

πŸ“‹

Administrative

AML Officer

πŸ“Š

Substantive

Board of Directors

🚨

Emergency

CEO (with Board ratification)

Section 14.4 β€” Regulatory Examinations

πŸ“‹ Examination Support

Responsibility

πŸ›οΈ

Primary Contact

AML Officer

πŸ“‹

Document Production

Coordinatedapproved by AML Officer

πŸ‘€Officer;

Interviewsubstantive Preparation

AMLchanges Officerrequire andBoard Legal

πŸ“Šapproval;

Findingsemergency Response

AMLchanges Officerby CEO with Board oversightratification.

Section 14.5 β€” Questions

πŸ“§ 

Contact: aml@otcmprotocol.comaml@otcm.io or compliance@otcmprotocol.comcompliance@otcm.io

Questions regarding this Policy should be directed to the AML Officer.

 

✍️Acknowledgment ACKNOWLEDGMENTand AND CERTIFICATIONCertification

 

I acknowledge that I have received and read the Groovy Company, Inc. dba OTCM Protocol, Inc.Protocol Anti-Money Laundering Policy. I understand its contents and my responsibilities under this Policy.responsibilities.

 

I understand that:

  • βœ…that I must comply with all AML/BSA requirements
  • βœ… I mustrequirements, report suspicious activity
  • βœ… I mustactivity, complete required AML training
  • βœ… I musttraining, maintain confidentiality of SAR information
  • βœ…confidentiality, Failureand that failure to comply may result in disciplinary action and personal liability
liability.

I commit to:

  • βœ… Following all CIP/CDD procedures
  • βœ… Reporting suspicious activity promptly
  • βœ… Completing required training
  • βœ… Cooperating with AML investigations
  • βœ… Maintaining required records

Field

Value 

Signature

_________________________________

Date

_________________________________

Printed Name

_________________________________

Title/Title / Position

_________________________________

Department

_________________________________


 

πŸ“Ž APPENDIXAppendix A: RED FLAGS QUICK REFERENCE

πŸ’° Transaction Red Flags

Quick Reference

Transaction

πŸš¨β€’        Red Flag

Action

Transactions just below $10,000 reporting thresholds

 β†’ Escalate to AML

β€’        Rapid movementin-out of funds inwithin and24 out

hours β†’ Escalate to AML

Transactionsβ€’        Activity inconsistent with customer profile β†’ Investigate

Investigate

β€’        High-risk jurisdiction involvement

 β†’ EDD required

Third-partyβ€’        payments without explanation

Investigate

Round-trip transactions

 with no economic purpose β†’ Escalate to AML

πŸ‘€

 

Customer

Red

β€’        Flags

🚨 Red Flag

Action

Reluctance to provide documentation

 β†’ Cannot onboard

β€’        Inconsistent or false information

 β†’ Cannot onboard

Unusualβ€’        secrecy about business

Escalate to AML

Requests to avoid reporting

 thresholds β†’ Report to AML

β€’        Multiple accounts with no business purpose β†’ Investigate

Investigate 

Blockchain

Frequentβ€’        changesMixer/tumbler totransactions accountβ†’ information

Investigate

πŸ”— Blockchain Red Flags

🚨 Red Flag

Action

Transactions through mixers/tumblers

Escalate to AML

Connectionsβ€’        toDarknet darknetmarket markets

connections β†’ Block and report

Interactionsβ€’        with OFAC-listed wallets

wallet interactions β†’ Block and report immediately

β€’        Rapid multi-wallet transfers acrossβ†’ manyInvestigate

wallets

Investigate

β€’        Cross-chain transfers to obscure source β†’ Investigate

Investigate 

Unusual smart contract interactions

Investigate

πŸ“Ž APPENDIXAppendix B: OFAC SCREENINGScreening QUICKQuick REFERENCEReference

πŸ›οΈ When to Screen

πŸ“‹ Trigger

Screening Required

NewWhen customerto onboardingScreen

βœ… YesAction

EveryNew transactioncustomer onboarding

βœ…Screen Yesbefore any account activity via Empire

DailyEvery listST22 updatestransaction

βœ…Transfer YesHook Controls 8–10 β€” automatic

CustomerDaily informationlist changesupdates

βœ…Re-screen Yesall active customers and wallets

CounterpartyCustomer transactionsinfo changes

βœ…Re-screen Yesimmediately

WalletAll address interactionscounterparties

βœ…Screen Yesbefore transaction processes

All wallet addresses

Chainalysis + TRM Labs continuous monitoring

🚨

 Potential

Match

Document Response

Information

⚑ Step

Timeline

Action

1️⃣Field

Immediate

Stop transaction/hold accountValue

2️⃣Document ID

< 24 hours

Compliance reviewOTCM-POL-AML-001

3️⃣Version

< 48 hours

Determination (true/false match)8.0

4️⃣Effective Date

IfMarch true match

Block and file report2026

5️⃣Legal Entity

IfGroovy falseCompany, positiveInc. dba OTCM Protocol

Entity Type

DocumentWyoming andCorporation

Governing releaseLaw

BSA, USA PATRIOT Act, OFAC, FinCEN, Federal Securities Law, New Jersey State Law

Approved By

Board of Directors

OTCM Protocol, Inc. A Wyoming Digital Asset Corporation

πŸ“œΒ© 2026 Groovy Company, Inc. dba OTCM Protocol  SEC| Category 1All Issuer-SponsoredRights TokenizedReserved Securities Infrastructure|  CONFIDENTIAL

Document ID: OTCM-POL-AML-001 | Version 1.0 | Effective: January 30, 2026

Back to top