Legal Document

AML / CTF / KYC Policy

Bitria LLC · Last updated: November 17, 2025

1. Introduction

This Anti-Money Laundering (AML), Counter-Terrorist Financing (CTF), and Know Your Customer (KYC) Policy ("the Policy") establishes the principles, standards, and internal controls implemented by Bitria LLC ("the Company") to prevent its platform and services from being used for money laundering, terrorist financing, sanctions evasion, fraud, or other forms of illicit activity.

This Policy applies to:

  • All Bitria LLC employees
  • Directors and beneficial owners
  • Contractors and third parties acting on behalf of the Company
  • All customers, partners, and intermediaries

2. Regulatory Framework

Bitria LLC complies with:

2.1. Georgian AML/CTF Legislation, including requirements set by:

  • Financial Monitoring Service of Georgia (FMS)
  • National Bank of Georgia (as applicable to VASP entities)
  • Ministry of Finance of Georgia

2.2. International AML/CTF Standards, including:

  • FATF Recommendations
  • EU AML Directives (AMLD5/AMLD6)
  • UN Sanctions Framework
  • OFAC Guidelines

2.3. Partner Requirements, including:

  • KuCoin Broker Program AML requirements
  • Partner exchanges, banking providers, and payment institutions

When stricter standards apply, Bitria uses the stricter requirement.

3. AML Governance Structure

3.1 Management Responsibility

The Director of Bitria LLC has ultimate responsibility for AML/CTF compliance.

3.2 AML Compliance Officer (MLRO)

The Company designates an AML/CTF Compliance Officer responsible for:

  • Overseeing implementation of the AML/CTF program
  • Approving KYC/CDD/EDD procedures
  • Reviewing alerts and suspicious transactions
  • Filing reports to Georgian Financial Monitoring Service
  • Liaising with regulators and partners

3.3 Employee Accountability

All employees are required to:

  • Understand AML obligations
  • Follow internal procedures
  • Report suspicious behavior
  • Complete mandatory training

4. Risk-Based Approach (RBA)

Bitria LLC applies a risk-based approach in line with FATF requirements:

  • Customers are profiled into Low / Medium / High risk levels
  • Products, transactions, and jurisdictions are also risk-ranked
  • Enhanced Due Diligence (EDD) is required for elevated-risk scenarios
  • Ongoing monitoring intensity increases with risk level

Risk indicators include:

  • High-risk jurisdictions
  • Unusual transaction patterns
  • Rapid movement of funds
  • Large volume trading inconsistent with profile
  • PEP or sanctions exposure

5. Customer Due Diligence (CDD) / KYC

5.1 Identification Requirements

For all customers, Bitria collects:

  • Government-issued photo identification
  • Full legal name, nationality, date of birth
  • Selfie / facial verification
  • Proof of address (if required)
  • Purpose of account and intended product use

5.2 Verification

Verification is performed through:

  • Independent document verification
  • Sanctions and PEP database screening
  • Behavior and device fingerprinting

5.3 Corporate Clients

For corporate accounts, Bitria verifies:

  • Certificate of Incorporation
  • Tax identification number
  • Registered address
  • Directors and ultimate beneficial owners (UBOs)
  • Ownership structure
  • Board resolutions (if applicable)

5.4 UBO Verification

All UBOs with ≥25% ownership must undergo complete KYC.

6. Enhanced Due Diligence (EDD)

EDD applies to:

  • High-risk jurisdictions
  • Politically Exposed Persons (PEPs)
  • Large or unusual transactions
  • Customers with unclear Source of Funds (SOF)
  • Entities with complex or opaque ownership structures

EDD measures include:

  • Source of Funds & Source of Wealth documentation
  • Additional identity verification
  • Senior management approval
  • More frequent reviews

7. Sanctions & PEP Screening

Bitria screens customers and transactions against:

  • OFAC
  • United Nations Sanctions Lists
  • European Union Sanctions Lists
  • UK/HMT Sanctions List
  • Georgian FIU lists
  • Global PEP databases

Screening is performed:

  • At onboarding
  • On each material profile update
  • On a continuous/periodic basis
  • On all transactions flagged by the monitoring engine

Positive matches undergo manual review.

8. Transaction Monitoring

The Company conducts continuous monitoring to detect:

  • Structuring or layering patterns
  • High-volume or rapid trades inconsistent with profile
  • Transfers from/to high-risk jurisdictions
  • Abnormal API activity patterns
  • Attempts to bypass controls

Monitoring combines:

  • Automated risk scoring
  • Rule-based alerts
  • Manual investigation

Red flags result in:

  • Account freeze
  • EDD
  • SAR filing

9. Suspicious Activity Reporting (SAR/STR)

If Bitria suspects that a customer or transaction may involve money laundering, terrorist financing, sanctions evasion, or fraud, the Compliance Officer will file a Suspicious Transaction Report (STR) to the Financial Monitoring Service of Georgia.

SAR/STR records are:

  • Documented
  • Confidential
  • Not disclosed to the customer

10. Record Keeping & Data Retention

Bitria maintains:

  • KYC information
  • CDD/EDD records
  • Transaction history
  • SAR/STR documentation
  • Communications relevant to investigations

Retention period: At least 5 years, or longer if required. All data is stored securely with access control and encryption.

11. Employee Training

Training includes:

  • AML/CTF legal requirements
  • Red flag detection
  • KYC/CDD/EDD procedures
  • Sanctions awareness
  • How to escalate suspicious behavior
  • Internal system use

Training is performed:

  • At onboarding
  • Annually
  • Whenever AML rules change

Attendance logs are maintained.

12. Independent Review

Bitria performs:

  • Annual internal AML/CTF review
  • Supplemental external reviews when required

Findings are documented and corrective actions are implemented.

13. Confidentiality & Data Protection

The Company protects customer data in compliance with:

  • Georgian Data Protection Laws
  • GDPR-equivalent standards (since EU data interaction is possible)

Access is restricted to authorized personnel.

14. Use of Third Parties & Outsourcing

If Bitria outsources KYC or monitoring tools (e.g., ID verification service), Bitria retains full responsibility for AML compliance. All third parties undergo vendor due diligence.

15. Prohibited Activities

Bitria does not do business with:

  • Anonymous accounts
  • Shell banks
  • Sanctioned individuals or entities
  • High-risk jurisdictions prohibited by FATF
  • Customers refusing to provide KYC information
  • Entities suspected of illegal activity

16. Approval & Updates

This Policy is reviewed at least annually. Any changes in regulatory requirements or business operations will require immediate update.

Approved by

Inyong Lee

Director / AML Compliance Officer

Bitria LLC

November 17, 2025