AML/CFT Policy – Spikex Support

I. Introduction and Policy Statement

Spikex is a digital financial platform providing global virtual asset trading services, committed to delivering secure, compliant, and efficient trading experiences for users worldwide. To uphold the legitimacy of platform operations and prevent money laundering, terrorist financing, and other financial crimes, Spikex has established this Anti-Money Laundering and Counter-Terrorist Financing Policy (hereinafter referred to as “this Policy”). This Policy ensures strict adherence to international standards, including the Financial Action Task Force (FATF) Recommendations, as well as relevant laws and regulations established by regulatory authorities across all jurisdictions.

This Policy applies to all users, affiliates, employees, agents, and partners, and covers all products, services, and technical interfaces involved in platform operations.

Spikex maintains a zero-tolerance policy toward any individual or organization attempting to use the platform for illegal activities. We have established a comprehensive and systematic AML/CFT governance framework to prevent, identify, and report potential risks.

II. Fundamental Principles of Anti-Money Laundering

Spikex consistently adheres to the following fundamental principles of anti-money laundering and counter-terrorist financing in its business operations:

1. Know Your Customer (KYC) and Customer Due Diligence (CDD) as the primary defense: The platform must complete robust identity verification procedures before any user executes relevant transactions.

2. Ongoing review and risk management as process safeguards: All customers and transactions undergo lifecycle monitoring through a combination of automated and manual mechanisms.

3. Regulatory Cooperation and Timely Reporting of Suspicious Activities: Spikex maintains a dedicated compliance team responsible for investigating and analyzing suspicious activities, submitting reports to regulatory authorities as required by law.

4. Global Intelligence Sharing with Compliance Authorities: The platform proactively collaborates with international law enforcement agencies and compliance service providers on risk management.

5. Technology-Enabled Systemic Prevention: Advanced behavioral recognition engines, address risk labeling, and on-chain tracking tools are employed to detect anomalous transactions.

III. Customer Due Diligence (CDD) System

Spikex categorizes customers into three risk tiers (low, medium, high) and implements differentiated due diligence measures based on risk level:

1. Basic Due Diligence (Standard CDD)

Applicable to most standard customers, requiring completion of the following processes:

· Submit basic information including real name, date of birth, nationality, address, and contact details;

· Upload identification documents (ID card/passport) and proof of residence (e.g., utility bills, bank statements);

· Pass liveness verification via facial recognition system;

· Complete mobile number or email verification;

· Undergo anti-fraud and sanctions list screening against third-party databases (e.g., OFAC, UN, FATF blacklists);

· Restrict account functionality for unverified users (e.g., withdrawal restrictions, transaction limits).

2. Enhanced Due Diligence (EDD)

Applies to users or accounts meeting any of the following criteria:

· Originating from high-risk countries or regions (including jurisdictions sanctioned or warned by the UN or FATF);

· Political Public Figures (PEPs) or their immediate family members/close associates;

· Complex, frequent, or unusually large transaction patterns;

· High-frequency interactions with wallet addresses flagged as suspicious;

· Opaque ultimate beneficial ownership (UBO) structures in corporate accounts.

Enhanced Due Diligence includes but is not limited to:

· Providing proof of funds origin, asset declarations, or income verification;

· Requiring video interviews for identity verification;

· Submitting ownership structure diagrams and board of directors documentation;

· Providing authorization documents to verify operator permissions;

· Conducting transaction-by-transaction explanations and audits.

IV. Account and Transaction Monitoring Mechanisms

Spikex has established a multi-tiered, real-time transaction monitoring system that integrates with on-chain data analysis platforms (such as Chainalysis and Elliptic) to execute behavioral tracking.

1. Real-Time Risk Engine

Evaluates user behavior through multi-dimensional models:

· Whether frequent small-value split transfers occur to the same address (structured transactions);

· Whether deposits are immediately followed by withdrawals (rapid fund transfers);

· Use of bridge wallets or coin mixing services (Coin Mixer, Tumbler);

· Attempts to bypass IP/device identification systems to conceal behavioral patterns;

· Use of high-anonymity cryptocurrencies (e.g., Monero, Zcash) for illicit activities.

The system assigns a risk score to each transaction and triggers automated alerts and freezing measures based on predefined thresholds.

2. Behavioral Analysis Strategy

Accounts with cumulative deposits or withdrawals exceeding statutory thresholds (e.g., equivalent to $10,000 USD) will undergo additional review.

Spikex's behavioral identification includes but is not limited to:

· Addresses involved in fraudulent DApps or hacking incidents;

· Wallet groups associated with black market chains (identified via address clustering);

· Suspected pump-and-dump schemes involving token manipulation;

· Money laundering activities using multiple accounts or bots.

All transaction logs will be retained for at least five years and submitted to judicial authorities for review when necessary.

V. Prohibited Service Regions and User Screening

Spikex refuses service to users from the following countries/regions:

North Korea, Iran, Cuba, Sudan, Syria, Crimea, Afghanistan, Myanmar, Belarus, Russia, Yemen, Venezuela, Democratic Republic of the Congo, Zimbabwe, Iraq, Somalia, Lebanon, Libya, South Sudan.

The platform updates its sanctions list monthly and re-screens existing users. Accounts matching any list entries will be immediately frozen and reported.

VI. Employee Training and Compliance Framework

Spikex conducts regular training for all employees on:

· Fundamental patterns and trends in money laundering and terrorist financing;

· Identifying high-risk customers and transactions;

· Compliance reporting procedures and confidentiality requirements;

· Response procedures for regulatory investigations.

The platform designates a Chief Compliance Officer (CCO) as the responsible party, overseeing policy updates, risk incident decision-making, and external regulatory communications.

VII. Suspicious Transaction Reporting (STR) Mechanism

Upon detecting any of the following circumstances in a client account, Spikex will prompt the compliance department to initiate immediate investigation and determine whether to submit a Suspicious Transaction Report:

1. Failure to provide a reasonable explanation for the source of funds;

2. Repeated changes to identity information or refusal to cooperate with verification;

3. Frequent interactions with addresses associated with on-chain illicit activities;

4. Large-scale fund transfers involving high-risk countries;

5. Utilization of multiple accounts for wash trading to fabricate trading volume.

Spikex is obligated to submit STRs to regulatory authorities or partner banks within the legally mandated timeframe and retain all operational logs.

VIII. Data Retention and Information Disclosure

1. Spikex encrypts and stores all user KYC, transaction, IP, device, communication, and fund flow data for a minimum retention period of five years;

2. The compliance department has the right to disclose relevant information to regulatory authorities without further notice to users;

3. All data disclosure processes require internal approval to ensure legality and prudence.

IX. Policy Review and Updates

This policy shall be reviewed at least annually or updated immediately upon occurrence of any of the following:

· Changes to international sanctions lists;

· Policy update requirements issued by national regulatory authorities;

· Discovery of major security incidents or new money laundering patterns;

· Changes to partner compliance policies.

All revisions shall be publicly announced to users and take effect on the specified implementation date.