Verification Type

Applicability

Regulatory Basis

KYC (Know Your Customer)

All platform users

Bank Secrecy Act, FinCEN CDD Rule

KYB (Know Your Business)

Entity investors and issuers

BSA, FinCEN Beneficial Ownership Rule, SEC regulations

KYW (Know Your Wallet)

All ST22 and OTCM token holders

Empire Stock Transfer Master Securityholder File, Transfer Hook whitelist

AML (Anti-Money Laundering)

All transactions

Bank Secrecy Act, USA PATRIOT Act

Accredited Investor Verification

ST22 Digital Securities purchasers

SEC Rule 501, Reg D

OFAC/SDN Screening

All users and all transactions

U.S. Treasury OFAC regulations, Executive Orders

Objective

Description

Regulatory Compliance

Meet all federal and state compliance requirements under Release No. 33-11412 and BSA

Investor Protection

Ensure only verified accredited investors (Reg D) and non-U.S. persons (Reg S) access ST22 Digital Securities

Crime Prevention

Prevent money laundering, terrorist financing, sanctions evasion, and market manipulation

Record Keeping

Maintain complete audit trail for SEC, FinCEN, OFAC, and state regulatory review

Transfer Hook Integration

Enable real-time compliance verification via 42 controls on every ST22 transaction inside the Solana runtime

Wallet Integrity

Ensure every wallet holding ST22 tokens is registered, verified, and continuously monitored via Empire Stock Transfer

Data Element

Requirement

Verification Method

Full Legal Name

Required

Government ID match

Date of Birth

Required

Government ID match

Residential Address

Required

Document verification (utility bill, bank statement < 90 days)

SSN/TIN

Required (U.S.) / Passport (non-U.S.)

Database verification

Email Address

Required

Email confirmation

Phone Number

Required

SMS verification

Country of Citizenship

Required

Government ID

Country of Residence

Required

Address verification

Tier

Access Level

Requirements

Verification

Tier 1: Basic

Platform browsing only

Email, phone

Automated

Tier 2: Standard

OTCM Utility Token only

Tier 1 + government photo ID

Automated + manual review

Tier 3: Enhanced

ST22 Digital Securities access

Tier 2 + accreditation + wallet verification

Manual verification by Empire required

Check

Standard

Action on Failure

Image Quality

Minimum 300 DPI, all text readable

Request re-upload

Document Authenticity

Security features verified

Manual review by Empire

Face Match

>95% confidence score

Manual review

Liveness Detection

Anti-spoofing verification

Reject or video verification

Expiration Check

Document must be current

Reject, request valid document

Tampering Detection

No signs of alteration

Reject, flag for investigation

Risk Level

Review Frequency

Trigger Events

Low Risk

Every 24 months

Address change, large transaction

Medium Risk

Every 12 months

Unusual activity, country change

High Risk

Every 6 months

Watchlist proximity, PEP status, FATF high-risk jurisdiction

Entity Type

Required Documents

Beneficial Owner Threshold

Corporation

Articles of Incorporation, Certificate of Good Standing

25%+ ownership

LLC

Operating Agreement, Articles of Organization

25%+ ownership

Trust

Trust Agreement, Trustee identification

All trustees

Partnership

Partnership Agreement, GP identification

25%+ ownership

Fund / Investment Vehicle

Formation documents, Manager identification

25%+ ownership or control

Category

Definition

Ownership Prong

Each individual who owns 25% or more of the entity, directly or indirectly

Control Prong

One individual with significant responsibility to control, manage, or direct the entity (CEO, CFO, COO, Managing Member, GP, or equivalent)

Requirement

Description

Verification

Corporate Formation

Full formation documents

Secretary of State records

Cap Table

Complete ownership structure through all levels

Manual review

Officers/Directors

All C-suite and board members

Individual KYC on each

Business Description

Nature of business operations

Due diligence review

Financial Statements

Most recent financial information available

CPA review if available

Litigation History

Pending or recent litigation

Legal database search

Regulatory Status

Any regulatory actions, SEC/FINRA/state

FINRA BrokerCheck, SEC EDGAR

OTC Markets Status

Current tier (OTCQX, OTCQB, OTCID, Pink Limited, Grey/Expert)

OTC Markets Group verification

Common B Documentation

Board resolution, Certificate of Designation draft

Legal Counsel review

Requirement

Description

Wallet Ownership Verification

Investor must prove ownership of the Solana wallet address by signing a cryptographic challenge message with the wallet’s private key

Single-Owner Binding

Each wallet address is bound to exactly one verified investor identity. Multi-signature wallets require verification of all signers.

Empire Registration

Verified wallet address is registered in Empire Stock Transfer’s Master Securityholder File as an effective entitlement holder under UCC Article 8

Transfer Hook Whitelist

Wallet address is added to the on-chain Transfer Hook whitelist (Control 15). Only whitelisted wallets can send or receive ST22 tokens.

Supported Wallets

Phantom, Solflare, Backpack, Coinbase Wallet, Ledger (via Ledger Enterprise for institutional issuers)

Risk Factor

Scoring Criteria

Action

Transaction History

Prior interactions with sanctioned addresses, mixers, darknet markets, or high-risk protocols

Score >70: reject. Score 50–70: enhanced review. Score <50: approve.

Source of Funds

Origin of SOL and tokens in the wallet — traceable to known exchanges, DEXs, or direct mining

Unidentifiable source: enhanced review required

Counterparty Exposure

Degree of interaction with wallets flagged by Chainalysis or TRM Labs

Direct exposure to sanctioned wallet: reject

Mixer/Tumbler Usage

Any usage of mixing services (Tornado Cash, etc.)

Any mixer interaction: reject pending manual review

Age and Activity

Wallet age, transaction frequency, and consistency with stated investor profile

New wallet with no history: standard review

Monitoring Activity

Description

Continuous Chainalysis KYT

All registered wallets monitored in real-time via Chainalysis KYT for post-registration interactions with sanctioned, high-risk, or illicit addresses

TRM Labs Risk Rescoring

Weekly automated risk rescoring across 200+ behavioral features for all active wallets

OFAC SDN Address Updates

Daily OFAC SDN list updates cross-referenced against all registered wallet addresses

2-Hop Address Clustering

Wallets within 2 transaction hops of newly sanctioned addresses are flagged for enhanced review

Velocity Anomaly Detection

Transfer Hook Control 23 flags wallets exceeding 50 transactions/hour for 24-hour review hold

Wallet Revocation

Wallets that fail ongoing monitoring are removed from the Transfer Hook whitelist and Empire Master Securityholder File. Tokens in revoked wallets are frozen pending resolution.

Component

Description

Responsible Party

Written Policies

Documented AML procedures (this manual)

Compliance Officer

Compliance Officer

Designated BSA/AML officer with full authority

Named individual

Training Program

Annual staff training on AML, red flags, SAR filing

Compliance Department

Independent Testing

Annual independent audit of AML program

External auditor

Transaction Monitoring

Automated + manual monitoring via Chainalysis KYT + TRM Labs

AML Team + automated systems

Parameter

Threshold

Action

Large Transaction

>$10,000

Enhanced review

Structuring Pattern

Multiple transactions near $10,000

SAR consideration

Unusual Volume

>300% of normal activity

Enhanced review

FATF High-Risk Jurisdiction

FATF grey/blacklist countries

Enhanced due diligence

Rapid In-Out

In-out within 24 hours

Enhanced review

Chain Transactions

Multiple rapid sequential transfers

Pattern analysis via Chainalysis KYT

Circular Transactions

Funds returning to origin within 48 hours

Wash trading investigation

SAR Requirement

Standard

Dollar Threshold

$5,000+ involving suspicious activity

Filing Deadline

30 days from detection (60 days if no suspect identified)

Form

FinCEN Form 111 (BSA E-Filing System)

Confidentiality

SAR existence cannot be disclosed to the subject under any circumstances

Retention

5 years from filing date

Category

Qualification Criteria

Verification Method

Income Test

$200,000+ individual income in each of past 2 years, with reasonable expectation of same

Tax returns (IRS Form 1040), W-2s, CPA/attorney letter

Joint Income Test

$300,000+ joint income with spouse in each of past 2 years

Joint tax returns

Net Worth Test

$1,000,000+ net worth excluding primary residence

Asset statements, liability disclosure, third-party letter

Professional Certification

Series 7, 65, or 82 license in good standing

FINRA BrokerCheck automated lookup

Knowledgeable Employee

Executive officer, director, GP, or knowledgeable employee of fund

Employment verification

Category

Qualification

Verification

Institutional

Banks, insurance companies, registered investment companies, BDCs

Registration verification

Broker-Dealer

SEC-registered broker-dealer

FINRA BrokerCheck

Investment Adviser

SEC or state-registered RIA

SEC IARD or state registration

$5M+ Entity

Entity with $5,000,000+ in assets, not formed to acquire the securities

Audited financial statements

All Accredited Owners

Entity where all equity owners are individually accredited

Individual verification of each owner

Family Office

Family office with $5,000,000+ AUM and sophisticated investor

Documentation + sophistication assessment

Trigger

Requirement

New Purchase

Re-verify if >90 days since last verification

Large Purchase

>$250,000 single transaction requires current verification

Annual Review

Annual re-verification for active investors

Material Change

Re-verify if investor reports significant financial change

Employment Change

Re-verify if income-based qualification and employment changes

License Expiration

Re-verify if certification-based qualification and license expires

List

Abbreviation

Update Frequency

Specially Designated Nationals and Blocked Persons

SDN List

Daily (within 24 hours of OFAC publication)

Consolidated Sanctions List

Non-SDN Lists

Daily

Sectoral Sanctions Identifications

SSI List

As updated by OFAC

Foreign Sanctions Evaders

FSE List

As updated

Palestinian Legislative Council

NS-PLC List

As updated

Non-SDN Menu-Based Sanctions

NS-MBS List

As updated

Correspondent Account or Payable-Through Account Sanctions

CAPTA List

As updated

Layer

Mechanism

Timing

Layer 1: Exact Wallet Match

Direct comparison of investor wallet address against OFAC SDN blockchain addresses published by Chainalysis and TRM Labs

Every transaction (Transfer Hook Control 8)

Layer 2: Fuzzy Entity Name Match

Probabilistic name matching of investor identity against SDN entity names, aliases, and known associated names using Levenshtein distance and phonetic algorithms

Onboarding + daily rescreening

Layer 3: 2-Hop Address Clustering

Graph analysis identifying wallets within 2 transaction hops of known sanctioned addresses. Wallets with direct (1-hop) exposure are blocked. Wallets with indirect (2-hop) exposure are flagged for enhanced review.

Continuous via Chainalysis KYT

Data Point

Screening Method

Full Legal Name

Exact match + fuzzy match (aliases, transliterations, name variations)

Date of Birth

Exact match for identity confirmation

Country of Citizenship/Residence

Country-based comprehensive sanctions screening

Residential/Business Address

Address matching against SDN addresses

Government ID Numbers

Passport, national ID, tax ID matching

Entity Name

Entity name + all known aliases and DBAs

Solana Wallet Address

Direct blockchain address screening via Chainalysis + TRM Labs

Beneficial Owners

All beneficial owners (25%+ ownership prong) screened individually

Match Type

Confidence

Required Action

Exact Match (True Positive)

>95% confidence

Immediate block. Freeze all assets. Notify Compliance Officer within 1 hour. File OFAC report within 10 business days. Maintain block until OFAC guidance received.

Potential Match

75–95% confidence

Immediate hold on all transactions. Manual review by Compliance Officer within 24 hours. Escalate to Legal Counsel if unresolved. Document resolution rationale.

False Positive

<75% confidence

Document the match, the data reviewed, and the rationale for clearing. Retain documentation for 5 years. No further action required.

Country/Region

Sanctions Program

North Korea

North Korea Sanctions Regulations (31 CFR Part 510)

Iran

Iranian Transactions and Sanctions Regulations (31 CFR Part 560)

Syria

Syrian Sanctions Regulations (31 CFR Part 542)

Cuba

Cuban Assets Control Regulations (31 CFR Part 515)

Crimea / Donetsk / Luhansk

Ukraine-/Russia-Related Sanctions (Executive Order 13685)

Region

Action Required

Russia (non-Crimea)

Sectoral sanctions apply. Case-by-case review. Enhanced screening of all beneficial owners.

Belarus

Targeted sanctions. Enhanced screening required.

Venezuela

Sectoral sanctions (government of Venezuela, PdVSA). Enhanced screening.

Myanmar

Targeted sanctions. Enhanced screening required.

FATF Grey List Countries

Enhanced due diligence per FATF Recommendation 19. Additional documentation and source-of-funds verification.

Check

Verification

Action on Failure

KYC Status (Controls 1–5)

Verify sender and receiver have completed KYC

Transaction reverts — blocked

Accreditation (Control 6)

Verify ST22 buyer is accredited (Reg D) or non-U.S. (Reg S)

Transaction reverts — blocked

OFAC/SDN (Controls 8–10)

Three-layer sanctions screening on both counterparties

Transaction reverts — blocked. Wallet frozen.

AML Risk Score (Controls 11–15)

Chainalysis KYT + TRM Labs 200+ feature risk scoring

Score above threshold: transaction reverts

Wallet Whitelist (Control 15)

Verify both wallets are Empire-registered and whitelisted

Transaction reverts — blocked

Circuit Breaker (Control 21)

>10% price move in 5 minutes

All trading halted for 15 minutes

Price Impact (Control 22)

Single transaction causes >2% price impact

Transaction reverts — blocked

Velocity (Control 23)

>50 transactions/hour from one wallet

Wallet blocked for 24 hours

Holding Period (Control 24)

Rule 144 (6-month) / Reg S (12-month)

Transaction reverts — blocked until period expires

Custody (Controls 27–30)

1:1 token-to-share attestation via Empire oracle

Transaction reverts if supply exceeds custodied shares

Regulatory Freeze (Control 42)

Legal Counsel authorization + 3-of-5 multi-sig

Immediate freeze — no timelock

Code

Status

Trading Allowed

0x00

Not verified

No

0x01

KYC pending

No

0x02

KYC complete, not accredited

OTCM Utility Token only

0x03

KYC complete, accredited (Reg D) or non-U.S. (Reg S)

ST22 + OTCM

0x04

KYC expired

No

0x05

OFAC blocked

No — assets frozen

0x06

Account suspended (investigation)

No

0x07

Account closed

No

Role

Training Modules

Frequency

All Staff

AML Awareness, OFAC Basics, Data Privacy

Annual

KYC/KYW Analysts

CIP, Document Verification, Wallet Verification, Enhanced Due Diligence

Annual + regulatory updates

Accreditation Analysts

SEC Rule 501, Reg D, Reg S, verification methods

Annual + regulatory updates

AML/Transaction Monitoring

Red flags, SAR filing, investigation procedures, Chainalysis KYT

Annual + regulatory updates

OFAC Specialists

SDN screening, match handling, reporting, 2-hop analysis

Annual + list updates

Compliance Officers

Full program, regulatory updates, enforcement actions

Quarterly

Test Type

Frequency

Performed By

Independent AML Audit

Annual

External auditor

Internal Compliance Testing

Quarterly

Compliance team

OFAC Screening Effectiveness

Monthly

Automated + manual verification

KYW Wallet Integrity

Monthly

Automated reconciliation (on-chain whitelist vs. Empire MSF)

Transfer Hook Verification

Continuous

Automated — every transaction

SAR Filing Quality

Annual

External auditor

Record Type

Retention Period

Regulatory Basis

KYC Records

5 years after account closure

Bank Secrecy Act

KYB Records

5 years after relationship ends

BSA, FinCEN CDD Rule

KYW Wallet Records

5 years after wallet deregistration

BSA, Empire MSF requirements

Transaction Records

7 years

Securities laws, IRS requirements

Accreditation Records

5 years

Reg D

OFAC Screening Records

5 years

OFAC regulations

SAR Filings

5 years from filing date

BSA

CTR Filings

5 years

BSA

Correspondence

5 years

BSA

Training Records

5 years

BSA

Audit Reports

5 years

BSA

Contact

Email

Responsibility

Compliance Officer

compliance@otcm.io

Overall compliance program, SAR decisions, regulatory liaison

KYC/KYW Team

kyc@otcm.io

Customer and wallet verification

Accreditation Team

accreditation@otcm.io

Accredited investor verification

AML Team

aml@otcm.io

Transaction monitoring, SAR filing, investigation

Legal Counsel

frank@otcm.io

Legal questions, OFAC escalation, Control 42 authorization

Field

Value

Document Title

Compliance Operations Manual

Version

8.0

Effective Date

March 2026

Legal Entity

Groovy Company, Inc. dba OTCM Protocol

Entity Jurisdiction

Wyoming Corporation

Governing Law

Federal (BSA, Securities Act, Exchange Act, OFAC) and New Jersey State Law

Regulatory Framework

SEC Category 1 Model B, Release No. 33-11412, BSA, FinCEN, OFAC

Classification

CONFIDENTIAL — Internal Use Only

Review Frequency

Annual or upon regulatory change