Anti-Money Laundering (AML) & Counter-Terrorist Financing (CTF) Policy

PontisGlobe maintains an uncompromising commitment to combating money laundering, terrorist financing, and all forms of financial crime. This AML/CTF Policy establishes the framework, standards, and procedures through which PontisGlobe fulfils its obligations under applicable AML/CTF legislation, regulatory guidance, and international standards set by the Financial Action Task Force (FATF).

Money laundering is the process by which illegally obtained funds are made to appear as legitimate income. Terrorist financing involves the collection or movement of funds — regardless of whether they are from legitimate or illegal sources — with the intention of using them for terrorist acts or terrorist organisations. Both represent serious threats to the global financial system, and PontisGlobe is committed to ensuring its platform is never used to facilitate either.

Our AML/CTF programme is designed to comply with, and where possible exceed, the following regulatory frameworks:

• Financial Action Task Force (FATF) 40 Recommendations and associated guidance
• EU 6th Anti-Money Laundering Directive (6AMLD)
• US Bank Secrecy Act (BSA) and related FinCEN guidance
• US GENIUS Act stablecoin compliance provisions (effective 2025)
• UK Proceeds of Crime Act 2002 and Terrorism Act 2000
• UAE Federal AML/CTF Law and CBUAE/VARA guidance
• Applicable local AML/CTF legislation in all jurisdictions

PontisGlobe conducts a comprehensive Business-Wide Risk Assessment (BWRA) at least annually, and whenever material changes occur in our business, product offering, customer base, or the external regulatory environment. The BWRA evaluates:

• Customer risk: risk profiles of our customer segments
• Geographic risk: risk associated with countries and corridors we serve
• Product and service risk: inherent AML/CTF risk of each product
• Delivery channel risk: web, mobile, API, and partner-delivered services
• Stablecoin-specific risk: blockchain-native risks including mixer use, cross-chain transfers, and pseudonymous wallet risk

Risk assessment findings are used to calibrate our controls, including KYC requirements, transaction monitoring rules, and reporting thresholds.

PontisGlobe operates a real-time, automated transaction monitoring system that screens all transactions against a comprehensive rule set and machine learning models designed to identify potential money laundering or terrorist financing activity.

Where a PontisGlobe employee or the automated monitoring system identifies a transaction or customer behaviour that gives rise to knowledge, suspicion, or reasonable grounds to suspect money laundering or terrorist financing, the following process applies:

1. The identifying employee submits an internal SAR to the MLRO via our secure reporting channel
2. The MLRO/PO reviews the internal SAR and conducts further investigation as required
3. If the MLRO/PO determines that a report is required, an external SAR is filed with the relevant financial intelligence unit (FIU) within the timeframe prescribed by applicable law
4. The MLRO/PO monitors the account and transaction pending any directions from the FIU
5. Tipping-off prohibition: PontisGlobe staff are strictly prohibited from disclosing to any customer or third party that a SAR has been filed or is under consideration

All internal SAR submissions and MLRO/PO decisions are documented and retained for a minimum of 5 years.

In compliance with the FATF Travel Rule and applicable implementation in our operating jurisdictions, PontisGlobe collects and transmits originator and beneficiary information for all stablecoin transfers above the applicable threshold. This includes:

• Originator name, account number, and address
• Beneficiary name and wallet address or account number
• Transaction amount and date

We utilise Travel Rule-compliant messaging protocols for stablecoin transfers, working with our Virtual Asset Service Provider (VASP) counterparties to ensure compliant information exchange.

Given our stablecoin-native infrastructure, PontisGlobe applies blockchain-specific AML controls beyond those applicable to traditional fiat payments:

• All USDT and USDC wallet addresses are screened against blockchain analytics risk databases prior to transaction processing
• Funds originating from wallets associated with darknet markets, mixing services, ransomware, sanctions evasion, or other high-risk activities are rejected
• On-chain transaction monitoring tracks the provenance of funds across multiple hops
• PontisGlobe does not accept transfers from, or send transfers to, known privacy coins or mixing/tumbling services
• Cross-chain bridge transaction risks are specifically monitored
• Wallet risk scores are reviewed dynamically at transaction initiation

All PontisGlobe employees — and relevant contractors — with access to customer data or the ability to process transactions are required to complete:

• AML/CTF induction training upon joining
• Annual AML/CTF refresher training
• Role-specific training for compliance, operations, and customer-facing teams
• Training on the specific risks posed by stablecoin and blockchain-based transactions

Training records are maintained by the MLRO and are available for inspection by regulators.

PontisGlobe retains the following records in accordance with applicable law:

• All KYC/CDD documentation: minimum 5 years from account closure or last transaction
• All transaction records: minimum 5 years from transaction date
• All internal SAR submissions and MLRO/PO decisions: minimum 5 years
• All external SAR filings: retained in accordance with applicable FIU guidance
• Staff training records: minimum 5 years

Records are stored securely with restricted access and are available to regulators and law enforcement upon lawful request.

PontisGlobe does not provide services to customers located in, or for transactions involving, jurisdictions subject to comprehensive sanctions or identified as High Risk by FATF. This includes, but is not limited to, jurisdictions currently listed on OFAC's comprehensive sanctions programmes, EU restrictive measures, and FATF's “black list” and “grey list”. This list is reviewed and updated regularly.

A current list of restricted jurisdictions is maintained internally and is available to regulators upon request. For jurisdiction-specific queries, contact contact@pontisglobe.com.

This AML/CTF Policy is reviewed at least annually by the MLRO/PO and Compliance Team, with any material updates approved by the Board. Ad hoc reviews are conducted whenever material regulatory changes, significant business changes, or identified control weaknesses require it.