1. General provisions

Rollify Limitada adheres strictly to the applicable Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT) legislation, including the Anti-Money Laundering Act (AMLA) and international best practices. Our operations expressly prohibit any form of illicit activity, including money laundering, terrorist financing, or the circumvention of trade sanctions.

To maintain a robust and effective compliance posture, our internal policies, procedures, and security measures are regularly reviewed and updated to reflect changes in the legal landscape and operational requirements.

Our compliance team actively monitors developments issued by relevant authorities, including the Financial Action Task Force (FATF) and other national regulators, to ensure high standards of regulatory alignment.

Our key practices include:

• Developing and maintaining comprehensive AML/CFT internal controls to prevent and detect illicit activity;
• Ensuring all employees understand and comply with AMLA requirements and related guidelines;
• Keeping staff up to date with legislative amendments and regulatory changes;
• Making internal AML/CFT rules and procedures readily available to all relevant employees.

2. Definitions

Money Laundering: The process of converting funds acquired through illegal activity into legitimate assets, typically in three stages:

• Placement : Injecting illicit funds into the financial system, such as by depositing cash or purchasing financial instruments.
• Layering : Conducting a series of complex financial transactions—such as converting currencies, transferring between accounts, or using offshore banks—to obscure the source of funds.
• Integration : Reintroducing the cleaned funds into the economy, often through the purchase of property, luxury assets, or business investments.

Terrorist Financing: The act of raising, allocating, or channeling funds with the knowledge, intent, or purpose of supporting terrorist acts, terrorist organizations, or affiliated operations.

Suspicious Activity: Any transaction or user behavior that suggests fraud, money laundering, terrorist financing, or other criminal behavior, including activities that are inconsistent with a customer’s known profile.

Sanctions: Legal and regulatory restrictions imposed by international entities such as the European Union or the United Nations to prevent financial transactions with certain countries, individuals, or organizations involved in criminal, terrorist, or political activity.

High-Risk Country: A country or jurisdiction identified by credible international sources—including the Financial Action Task Force (FATF)—as having strategic deficiencies in AML/CFT measures, high levels of corruption or sanctions, or known associations with terrorist groups. The latest FATF list is available at: FATF High-Risk Jurisdictions

Politically Exposed Person (PEP): Individuals who hold—or previously held—prominent public functions, as well as their close associates and immediate family members.

Transaction Monitoring: The continuous process of examining customer transactions to detect patterns or activities that may indicate suspicious or illegal behavior. This includes both real-time and retrospective analysis.

AMLA (Anjouan Money Laundering Act): The Anti-Money Laundering Act 008 of 2005 in Anjouan establishes strict financial compliance obligations. It requires companies to retain transaction records for at least six years, monitor high-value or unusual transactions, and report suspicious activity to a Supervisory Authority, which has authority to investigate and issue enforcement actions.

Chief Compliance Officer: The designated individual responsible for managing the Company’s AML/CFT framework, ensuring regulatory adherence, overseeing investigations, and implementing training, control measures, and audit reviews.

3. Client Due Diligence (CDD)

Rollify Limitada applies a comprehensive risk-based approach to client due diligence across all digital onboarding channels. All users must be identified and verified before accessing platform services, regardless of whether the user is a regular or occasional customer.

Verification is required in the following cases:

• Before establishing a customer relationship;
• When suspicious behavior is detected;
• When updates or checks raise concerns about data accuracy or document authenticity.

Identity Verification for Individuals

Private users are asked to provide:

• Full name;
• Date/place of birth and residency address (if no national ID number exists);
• Valid government-issued ID (passport, ID card, or driver's license);
• Proof of address (issued within the past 90 days);
• A recent photograph.

If the user is acting on behalf of someone else, legal documentation proving the right of representation must also be verified.

The Compliance Team checks the ID’s validity, matches photo to the person, confirms the customer is of legal age, and, in case of doubt, requests additional documentation or denies registration.

4. Simplified and Enhanced Due Diligence (EDD)

Rollify Limitada tailors its due diligence approach based on risk levels associated with each client, service, or transaction.

Simplified Due Diligence (SDD)

SDD may apply to low-risk customers, such as:

• Publicly listed companies;
• Authorized government entities;
• Regulated institutions in Anjouan.

Risk is deemed low if:

• The client is identifiable via public records;
• Ownership structures are transparent;
• The organization is subject to strict regulatory oversight.

Enhanced Due Diligence (EDD)

EDD is performed in higher-risk situations, including:

• Unclear or suspicious documentation;
• Politically Exposed Persons (PEPs);
• Clients from high-risk or sanctioned countries;
• Complex or opaque company structures.

EDD may also be triggered when:

• Products/services support anonymity;
• Funds come from unrelated third parties;
• Physical KYC is avoided without qualifying digital ID;
• The relationship involves new technologies or untested business models.

EDD Measures May Include:

• Verifying additional documents from credible independent sources;
• Investigating the purpose and nature of the business relationship;
• Tracing the flow of funds for unusual transactions;
• Documenting the source of funds and wealth.

5. Data Collection and Record-Keeping

Rollify Limitada maintains detailed records of all customer information and activity in accordance with AML/CFT regulations.

• All collected data is securely stored and kept for a minimum of 10 years after the business relationship ends.
• The Compliance Officer is responsible for organizing and storing all relevant data.
• If a customer refuses to provide required documents or submits suspicious information, services will be denied and the case reported to Compliance immediately.

6. Risk-Based Approach

Rollify applies a risk-based approach (RBA) to assess and manage the AML/CFT risks posed by each customer.

Risk assessment includes:

• Verifying customer identity through independent and reliable sources.
• Requesting additional documentation when necessary.
• Reviewing wallet origin and transaction behavior.
• Paying special attention to red flags such as PEP status, adverse media, sanctions exposure, and unexplainable account activity.

If high-risk attributes are discovered, enhanced due diligence is triggered before allowing account access. All users are subject to regular monitoring, regardless of their risk profile.

7. Customer Interaction

Rollify may contact customers to:

• Request additional identity details if clarity is needed.
• Investigate unusual or suspicious activity.

Customers are only asked for relevant information tied to a specific risk. Staff must avoid indicating that the activity may be reported, especially in high-risk situations.

8. Transaction and Behavior Monitoring

Rollify monitors user transactions based on behavioral triggers and manual reviews.

Monitoring includes:

• Customer account history and activity patterns.
• Source and origin of cryptocurrency used for deposits.
• Proxy usage and unusual login attempts.
• Irregular payment methods or behavior inconsistent with the user’s profile.

Staff may not handle a case if the customer is a personal acquaintance or presents a conflict of interest. All findings must be documented and reviewed for escalation.

9. Customer Risk Profiles and Technology Risks

We monitor customer behavior over time to understand and adapt their risk profile using the following factors:

• Source of funds (employment status, income, industry).
• Age and location of the customer.
• Transaction history and behavioral changes.
• Use of masking tools like VPNs or anonymizing browsers.
• Number of accounts, devices used, and wallet records.

We also document:

• Device fingerprinting data.
• Proxy detection results.
• Wallet address clusters.

These tools help detect multi-accounting, identity cloaking, or fraudulent behavior.

10. Decision-Making and Escalation

All case assessments must be evidence-based. The final decision is either to report the user to the Compliance Officer or close the case.

Staff should:

• Complete a full review of customer data and behavior.
• Identify suspicious elements using available tools.
• Compare contradictions and weigh the risk of the scenario.

11. Politically Exposed Persons (PEPs) and Sanctions Screening

Rollify restricts account access for those flagged as high-risk or under sanctions. PEPs may only be onboarded with management approval.

We deny or block access if:

• The person is from a high-risk or sanctioned country.
• They appear on an international watchlist.
• They are known or suspected of criminal activity.

Sanctions checks are completed at onboarding and ongoing. Users are never informed if they’ve been screened or flagged under this process.

12. Suspicious Transaction Reporting (STR)

If a staff member suspects a customer is involved in suspicious or unlawful activity, they must report the case immediately to the Compliance Officer.

Possible indicators include:

• Large transactions from unrelated third parties.
• Sudden changes in behavior or transaction type.
• Customer indicates others will access or withdraw funds.

Transactions possibly tied to terrorist financing must be escalated immediately.

13. Compliance Officer Responsibilities

Rollify’s Compliance Officer oversees the company’s AML/CFT controls and handles incoming reports of suspicious activity.

Key responsibilities include:

• Reviewing and escalating STRs to authorities.
• Coordinating with regulators and responding to inquiries.
• Providing compliance training to employees.
• Monitoring internal adherence to AML rules and policies.

14. Reporting Obligations to Authorities

When a reportable suspicion is confirmed:

• The Compliance Officer notifies the Money Laundering Reporting Office (MROS).
• Reports are submitted in writing or electronically, with all supporting documents.
• The customer is never informed that a report has been filed.

Any future activity by that customer may be subject to enhanced monitoring.

15. Internal Controls and Quality Review

To maintain quality and integrity in our compliance program:

• The Compliance Officer conducts quarterly reviews of employee work.
• Staff performance is assessed based on compliance, documentation, and risk analysis quality.
• Repeated compliance failures may result in disciplinary action.

16. Employee Training

All relevant employees receive AML training upon joining and at least once annually thereafter.

Training covers:

• AML laws, internal policies, and regulatory developments.
• Risk assessment and transaction monitoring tools.
• STR procedures and reporting thresholds.

The Compliance Officer is responsible for organizing and updating the training program and ensuring all participants sign off on their attendance.