AML, KYC and KYB Policy
Cryptonly Ltd.
Effective date: 22 April 2026. Legal entity: Cryptonly Ltd.
1. General provisions
1.1 Cryptonly Ltd., trading as "Cryptonly" ("Cryptonly Ltd.", "Cryptonly", "we", "us", or "our"), is committed to the highest standards of anti-money laundering (AML) and counter-terrorist financing (CFT) compliance. Cryptonly Ltd. requires its management, employees, and contractors to follow these standards and to prevent any activity that facilitates the laundering of criminal proceeds or the financing of terrorism.
1.2 This AML, KYC and KYB Policy ("Policy") sets out the measures Cryptonly Ltd. applies to conduct merchant due diligence, monitor transactions, detect suspicious activity, and manage financial crime risk across its business-to-business custodial crypto payment services.
1.3 This Policy applies to all personnel involved in customer onboarding, transaction processing, compliance review, and risk management. A current version of this Policy is maintained and made available to relevant staff.
1.4 This Policy should be read together with the Cryptonly Ltd. Terms of Use and Privacy Policy.
2. Definitions
"Customer" has the meaning given in the Terms of Use: the business entity that registers for and uses the Services, together with its authorised users acting on its behalf.
"Digital Assets", "Internal Account", and "Services" have the meanings given in the Terms of Use.
"KYB" (know your business) means the due diligence process applied to verify and assess a Customer before and during a business relationship.
"UBO" (ultimate beneficial owner) means the natural person(s) who ultimately owns or controls a Customer, or on whose behalf a transaction is conducted, including any person exercising ultimate effective control through a chain of ownership or other means. A UBO includes any private individual owning or controlling more than 25% of a legal entity.
"PEP" (politically exposed person) means a natural person who performs or has performed prominent public functions, as well as their family members and close associates, except where such person has not performed prominent public functions for at least one year before the relevant transaction.
"High-risk jurisdiction" means a country or territory identified by the Financial Action Task Force (FATF) as high risk, subject to increased monitoring, or otherwise designated by Cryptonly Ltd. as presenting elevated AML, CFT, or sanctions risk.
"Compliance Officer" means the person appointed by Cryptonly Ltd. to oversee AML/CFT compliance, reporting, and training.
3. Merchant KYB onboarding
3.1 Cryptonly Ltd. conducts KYB on Customers who register for or use the Services. Cryptonly Ltd. may require a Customer to complete KYB verification before or during use of the Services, and may request updated information at any time.
3.2 Each Customer must declare its legal entity type from the following categories:
sole individual; incorporated company; partnership; publicly listed company; non-profit organisation; government organisation.
Sole individual
3.3 Where the Customer is a sole individual, Cryptonly Ltd. collects the following information:
| Information collected | Purpose of collection |
|---|---|
| first name and last name |
|
| date of birth | |
| phone number | |
| contact email address | |
| annual revenue band | |
| expected Cryptonly turnover band | |
| industry classification (one to five sectors) | |
| regulatory licence details (where applicable) |
Incorporated company, partnership, publicly listed company, non-profit organisation, or government organisation
3.4 Where the Customer is an incorporated company, partnership, publicly listed company, non-profit organisation, or government organisation, Cryptonly Ltd. collects the following information:
| Information collected | Purpose of collection |
|---|---|
| legal entity name |
|
| date of incorporation or registration | |
| phone number | |
| contact email address | |
| VAT or tax identification number (where applicable) | |
| annual revenue band | |
| expected Cryptonly turnover band | |
| industry classification (one to five sectors) | |
| regulatory licence details (where applicable) | |
| information on directors, beneficial owners, and authorised representatives (where required) |
3.5 Revenue and turnover bands are collected in the following ranges: under USD 100,000; USD 100,000 to USD 500,000; USD 500,000 to USD 5,000,000; and over USD 5,000,000.
3.6 Where the Customer declares that regulatory licences are required for its activities, Cryptonly Ltd. collects the licence title, country of issuance, and a reference URL for each applicable licence.
3.7 Cryptonly Ltd. reviews KYB submissions and may approve, reject, or request additional information. Cryptonly Ltd. may use third-party KYB, identity, and AML screening tools, including document verification and sanctions screening services, to verify information and assess risk.
3.8 Cryptonly Ltd. screens Customers and related parties against international sanctions lists including, where applicable, OFAC SDN, United Nations Security Council sanctions, EU financial sanctions, UK HMT financial sanctions, and other lists maintained by competent authorities or reputable screening providers.
4. Enhanced due diligence
4.1 Cryptonly Ltd. applies enhanced due diligence (EDD) where there is a higher risk of money laundering or terrorist financing, including where:
(a) there are doubts as to the truthfulness of submitted data, authenticity of documents, or identification of beneficial owners;
(b) the Customer or a beneficial owner is a PEP (other than a local PEP, their family members, or close associates);
(c) the Customer is from, operates in, or has material links to a high-risk jurisdiction;
(d) the Customer operates in a high-risk industry sector, including gambling, adult materials, virtual asset services, or other sectors designated by Cryptonly Ltd.;
(e) the ownership or control structure appears unusual or excessively complex;
(f) the Customer uses nominee shareholders, bearer shares, or similar arrangements; or
(g) products or transaction patterns favour anonymity or involve unknown third-party payers.
4.2 EDD measures may include additional document verification, open-source research, senior management approval, enhanced ongoing monitoring, and collection of information on the source of wealth and source of funds.
5. Sanctions and restricted jurisdictions
5.1 Cryptonly Ltd. is prohibited from providing the Services to, or for the benefit of, persons, entities, or jurisdictions subject to applicable sanctions, embargoes, or asset-freezing measures.
5.2 Cryptonly Ltd. screens Customers, beneficial owners, authorised representatives, and relevant wallet addresses against sanctions lists on an ongoing basis and upon onboarding or material change of circumstances.
5.3 Cryptonly Ltd. does not offer the Services to, and may refuse or terminate any Customer located in, organised in, resident in, or ordinarily operating from Russia, or any other jurisdiction Cryptonly Ltd. designates as prohibited or restricted.
5.4 Where a sanctions match or elevated sanctions risk is identified, Cryptonly Ltd. may freeze, block, suspend, or reject transactions, restrict account access, and report to competent authorities as required by law.
6. Inbound transaction controls
6.1 When an inbound Digital Asset payment is detected on-chain, Cryptonly Ltd. processes the payment through its deposit workflow before crediting the Customer's Internal Account.
6.2 Prior to crediting a Customer's Internal Account, Cryptonly Ltd. conducts compliance screening of the relevant blockchain address and transaction using specialist on-chain risk and blockchain analytics tools.
6.3 Where screening identifies elevated risk, sanctions exposure, or other compliance concerns, Cryptonly Ltd. may suspend the deposit, withhold balance credit, suspend the linked invoice, and quarantine the receiving address pending review.
6.4 Cryptonly Ltd. documents compliance decisions relating to inbound transactions and retains relevant records in accordance with Section 10.
7. Outbound transaction controls
7.1 Withdrawal requests are subject to Cryptonly Ltd.'s risk-based compliance controls before Digital Assets are dispatched on-chain.
7.2 Cryptonly Ltd. screens withdrawal destination addresses using on-chain risk and blockchain analytics tools and may apply additional review where risk indicators are present, including elevated address risk scores, sanctions exposure, unusual transaction patterns, high-risk Customer profiles, or EDD cases.
7.3 Where review is required, Cryptonly Ltd. may hold a withdrawal pending compliance approval. Approved withdrawals proceed to on-chain dispatch; rejected withdrawals are failed and any debited balance is restored to the Customer's Internal Account, subject to these Terms and applicable fees.
7.4 Cryptonly Ltd. maintains an audit trail of withdrawal compliance decisions, including reviewer identity and rationale where applicable.
8. Ongoing monitoring
8.1 Cryptonly Ltd. monitors Customer activity, including deposits, invoices, withdrawals, and account behaviour, on an ongoing basis to identify unusual, suspicious, or inconsistent patterns.
8.2 Monitoring may be triggered automatically by system rules or initiated manually by compliance personnel. Each case is assessed using a risk-based approach proportionate to the identified risk.
8.3 Cryptonly Ltd. may request updated KYB information where Customer details change, where risk indicators emerge, or where periodic re-verification is appropriate.
8.4 Cryptonly Ltd. conducts research on transaction counterparties and wallet addresses where relevant to a compliance case.
9. Risk assessment
9.1 Cryptonly Ltd. assigns risk ratings to Customers based on information collected during KYB, transaction activity, jurisdiction, industry sector, PEP status, and other relevant factors.
9.2 Cryptonly Ltd.'s policy is to work with low-risk and normal-risk Customers. Risk ratings may change over time based on Customer behaviour or new information. Cryptonly Ltd. applies the following risk categories:
LOW RISK — The Customer is considered lower risk where Cryptonly Ltd. has reliable information about the Customer's identity, business activities, and consistent transaction behaviour over a sustained relationship.
NORMAL RISK — The Customer is considered normal risk where no circumstances indicate elevated or reduced risk, and the Customer uses the Services in the expected manner for its declared business activities.
HIGH RISK — The Customer is considered high risk where, without limitation: (a) the Customer or a representative is a PEP or close associate; (b) negative media or adverse information is identified; (c) past suspicious activity notifications exist; (d) identification information is unreliable; (e) transaction patterns are inconsistent with the Customer profile; or (f) the Customer operates in a high-risk industry or jurisdiction.
9.3 When establishing or updating a Customer's risk category, Cryptonly Ltd. takes into account country of incorporation, industry sector, PEP status, and transaction behaviour.
9.4 Where multiple higher-risk indicators are present, Cryptonly Ltd. addresses each indicator. The following table sets out illustrative higher-risk indicators and corresponding due diligence measures (the list is not exhaustive):
| Higher risk indicator | Due diligence measures |
|---|---|
| The Customer or a beneficial owner is a politically exposed person (except for a local politically exposed person, their family members, or close associates). | Senior management approval before establishing or continuing the business relationship. |
| Information that the Customer is suspected to be, or to have been, linked with a financial offence or other suspicious activity. |
|
| Doubts as to the truthfulness of submitted data, authenticity of documents, or identification of beneficial owners. |
|
| The Customer is from a high-risk third country, or their place of residence, seat, or the seat of a relevant payment counterparty is in a high-risk third country. | Seek guidance from the Compliance Officer and apply enhanced due diligence measures. |
| Unusual factors in merchant onboarding, or unusual transaction patterns without clear economic or lawful purpose. |
|
| The Customer operates in, or has material links to, a jurisdiction with ineffective AML/CFT systems or that is considered a low-tax territory. |
|
10. Record-keeping
10.1 Cryptonly Ltd. maintains records of Customer identification, KYB documentation, transaction data, compliance screening results, case notes, and audit logs in a manner that permits retrieval for regulatory, legal, and audit purposes.
10.2 Customer identification data, transaction records, and compliance documentation are retained for at least five (5) years after termination of the business relationship, or for such longer period as required by applicable law.
10.3 The Compliance Officer is responsible for ensuring that compliance records are complete, accurate, and securely stored.
11. Reporting
11.1 Any employee or contractor who suspects money laundering, terrorist financing, or other financial crime must promptly report the suspicion to the Compliance Officer.
11.2 Employees and contractors must not disclose to a Customer that a report has been made or that an investigation is underway ("tipping off").
11.3 The Compliance Officer reviews internal reports and determines whether a suspicious activity report (SAR) or other disclosure to a competent UK authority is required under applicable law.
11.4 Where required by law, Cryptonly Ltd. reports suspicious activity to the National Crime Agency or other competent authority. Cryptonly Ltd. cooperates with law enforcement and regulatory requests in accordance with applicable law.
11.5 Reporting to competent authorities in accordance with this Policy does not constitute a breach of confidentiality obligations under law or contract.
12. Compliance governance and training
12.1 The Compliance Officer is responsible for: (a) monitoring compliance with AML/CFT requirements; (b) reviewing internal suspicious activity reports; (c) filing SARs where required; (d) maintaining compliance records; (e) delivering AML/CFT training to relevant personnel; and (f) proposing updates to this Policy.
12.2 Cryptonly Ltd. provides AML/CFT training to relevant employees and contractors upon onboarding and on a periodic basis thereafter. Training participation is documented.
12.3 The Compliance Officer monitors compliance activities and may recommend changes to Cryptonly Ltd.'s AML/CFT controls, systems, and procedures.
13. Contact
Questions regarding this Policy may be directed to: [email protected]