AML & CTF Policy

Zyrix's AML/CTF program is built on the following regulatory foundations:

• Turkey: Law No. 5549 on Prevention of Laundering Proceeds of Crime, Regulation on Measures Regarding Prevention of Laundering Proceeds of Crime and Financing of Terrorism, MASAK (Financial Crimes Investigation Board) guidelines

• Saudi Arabia: Anti-Money Laundering Law (Royal Decree No. M/20), Counter-Terrorism Law, SAMA AML/CFT Rules

• UAE: Federal Decree-Law No. 20 of 2018 on Anti-Money Laundering, CBUAE AML/CFT Guidelines

• Qatar: Law No. 20 of 2019 on Anti-Money Laundering and Terrorism Financing

• Kuwait: Law No. 106 of 2013 on Combating Money Laundering and Terrorism Financing

• International: FATF 40 Recommendations, Basel Committee guidelines

Zyrix maintains a zero-tolerance policy toward money laundering, terrorism financing, and any financial crime. We are committed to:

• Preventing our platform from being used for illegal financial activities

• Identifying, assessing, and managing AML/CTF risks

• Reporting suspicious transactions to relevant Financial Intelligence Units (FIUs)

• Cooperating fully with law enforcement and regulatory authorities

• Training our staff on AML/CTF obligations

• Continuously improving our compliance program

All merchants and users must complete our KYC/KYB verification before accessing payment services.

For Individual Merchants:

• Government-issued photo ID (national ID, passport)

• Proof of address (utility bill or bank statement, not older than 3 months)

• Selfie/liveness check

• Source of funds declaration (for transactions above applicable thresholds)

For Business Merchants:

• Commercial registration certificate

• Tax identification document

• Memorandum & Articles of Association

• Proof of business address

• Identity documents for all Ultimate Beneficial Owners (UBOs) holding 25%+ ownership

• Board resolution authorizing the signatory

• Business activity description and expected transaction volumes

**Enhanced Due Diligence (EDD)** is applied to:

• Politically Exposed Persons (PEPs) and their associates

• Merchants in high-risk industries or jurisdictions

• Merchants with unusual transaction patterns

• High-value accounts exceeding defined thresholds

Zyrix applies a risk-based approach to AML/CTF compliance. Merchants and transactions are assessed based on:

Geographic Risk:

• Transactions involving high-risk jurisdictions as identified by FATF, EU, or OFAC

• Cross-border transactions above defined thresholds

Customer Risk:

• PEP status

• Adverse media or sanctions screening results

• Complex or opaque ownership structures

Transaction Risk:

• Unusual transaction volumes or frequencies

• Transactions inconsistent with the merchant's stated business activity

• Large cash equivalent transactions

• Rapid cycling of funds

• Transactions involving multiple jurisdictions without clear business rationale

Product/Channel Risk:

• Cryptocurrency transactions (subject to Travel Rule compliance)

• High-value COD transactions

• New payment channels or merchant categories

Zyrix operates an automated transaction monitoring system that screens all transactions in real time for:

• Transactions exceeding defined thresholds (currently $10,000 USD equivalent or local regulatory thresholds)

• Structuring (breaking transactions into smaller amounts to avoid reporting)

• Unusual transaction patterns compared to the merchant's historical behavior

• Transactions involving sanctioned individuals, entities, or jurisdictions

• Velocity alerts (abnormal transaction frequency in short timeframes)

• Cross-border transactions to/from high-risk jurisdictions

Alerts generated by the monitoring system are reviewed by our Compliance team. Confirmed suspicious activity is escalated for filing a Suspicious Transaction Report (STR) or Suspicious Activity Report (SAR).

All merchants, beneficial owners, and transaction counterparties are screened against:

• OFAC (Office of Foreign Assets Control) Specially Designated Nationals (SDN) list

• UN Security Council consolidated sanctions list

• EU consolidated financial sanctions list

• MASAK (Turkey) designated persons list

• SAMA (Saudi Arabia) sanctions list

• UAE Cabinet Resolution sanctions list

• PEP databases (Politically Exposed Persons)

• Adverse media databases

Screening is conducted at onboarding, at each transaction, and on an ongoing basis. Any match triggers an immediate hold and compliance review. Confirmed matches result in account suspension and mandatory reporting to the relevant authority.

Zyrix is legally required to report suspicious transactions to the relevant Financial Intelligence Units:

• Turkey: MASAK (Mali Suçları Araştırma Kurulu) — within the timeframes specified under Law No. 5549

• Saudi Arabia: Saudi FIU (SAFIU) — within 3 business days of identifying suspicion

• UAE: goAML portal (CBUAE/UAE FIU) — within 35 days of suspicion arising

• Qatar: Qatar FIU — as per Law No. 20 of 2019

• Kuwait: Kuwait FIU — as per Law No. 106 of 2013

Reporting obligations apply regardless of transaction amount. Zyrix maintains strict confidentiality regarding STR filings — merchants must not be 'tipped off' that a report has been made. Tipping off is a criminal offense in all jurisdictions where we operate.

By using Zyrix's services, merchants agree to:

• Provide accurate and truthful information during KYC/KYB onboarding

• Notify Zyrix immediately of any material changes to business structure, ownership, or activity

• Not process transactions on behalf of undisclosed third parties without Zyrix's written approval

• Maintain their own AML/CTF compliance program as required by applicable law

• Cooperate fully with Zyrix's compliance requests, including providing additional documentation when requested

• Not use Zyrix's platform for structuring, smurfing, or any other technique designed to circumvent AML reporting obligations

• Immediately notify Zyrix if they become aware of or suspect money laundering or terrorism financing activity through their platform

Zyrix maintains comprehensive records in compliance with applicable law:

• KYC/KYB documents: Minimum 5 years from account closure (Turkey, Saudi Arabia, UAE requirements)

• Transaction records: Minimum 10 years (Turkey MASAK requirement)

• STR/SAR filings: Minimum 5 years

• Correspondence related to AML investigations: Minimum 5 years

All records are stored securely with access restricted to authorized compliance personnel and regulatory authorities upon lawful request.

For cryptocurrency transactions (USDT, BTC, and other supported assets), Zyrix applies enhanced AML/CTF measures:

• Travel Rule Compliance: Zyrix complies with the FATF Travel Rule, transmitting originator and beneficiary information for virtual asset transfers above applicable thresholds

• Blockchain Analytics: All crypto transactions are screened using blockchain analytics tools to identify wallet addresses associated with illicit activity

• Wallet Screening: Incoming and outgoing wallet addresses are checked against sanctions lists and known high-risk addresses

• Suspicious Wallet Reporting: Transactions involving flagged wallets are suspended and reported to relevant authorities

• VASP Compliance: Zyrix operates as a Virtual Asset Service Provider (VASP) in compliance with applicable licensing requirements

All Zyrix employees involved in compliance, operations, and customer service receive:

• Mandatory AML/CTF training upon joining

• Annual refresher training covering regulatory updates

• Specialized training for compliance officers on STR filing procedures

• Training on recognizing red flags for money laundering and terrorism financing

Training records are maintained and available for regulatory inspection.

Zyrix has appointed a dedicated Compliance Officer responsible for:

• Overseeing the AML/CTF compliance program

• Filing STRs/SARs with relevant FIUs

• Liaising with regulatory authorities (MASAK, SAMA, CBUAE, and others)

• Conducting internal audits and risk assessments

• Ensuring staff training and policy updates

Contact our Compliance team: compliance@zyrix.co

This AML/CTF Policy is reviewed at least annually or following any significant regulatory change, major incident, or business model change. Updates are approved by senior management and communicated to all relevant staff and merchants.

To report suspicious activity or for compliance inquiries:

Compliance Team: compliance@zyrix.co

Zyrix Global Teknoloji A.Ş.

EGS Business Park, 12/79, Yeşilköy

34149 Bakırköy / İstanbul, Türkiye

If you are a law enforcement agency or regulatory authority requesting information, please contact: legal@zyrix.co