AML, CTF & Sanctions
Policy

This AML, CTF & Sanctions Policy explains the principles, controls, and procedures used by YEAR TECH, operating through Yera Connect, to help prevent money laundering, terrorist financing, sanctions evasion, fraud, bribery, corruption, and other financial crime.

The platform may connect merchants, platforms, payment providers, crypto-asset service providers, liquidity providers, compliance providers, and other third-party partners through technical infrastructure, APIs, dashboards, checkout tools, and transaction workflows.

The purpose of this Policy is to:

• Prevent Yera Connect from being used for money laundering, terrorist financing, sanctions evasion, fraud, corruption, or other illegal activity
• Set out the standards used for customer due diligence, business verification, sanctions screening, transaction monitoring, and risk assessment
• Explain when Yera Connect may refuse, restrict, suspend, or terminate access to its services
• Describe how suspicious activity is identified, escalated, reviewed, and, where required, reported to competent authorities or regulated partners
• Support compliance with applicable AML, CTF, sanctions, anti-fraud, anti-bribery, and crypto-asset regulations in the jurisdictions where YEAR TECH operates or provides services

This Policy applies to:

• YEAR TECH and Yera Connect
• Directors, officers, employees, contractors, consultants, and relevant representatives of YEAR TECH
• Merchants, platforms, business customers, and partners using Yera Connect
• End users where they interact with Yera Connect services, checkout flows, payment workflows, or supported transaction processes
• Third-party service providers involved in compliance, onboarding, payments, crypto conversion, settlement, fraud prevention, or technical infrastructure

YEAR TECH applies a risk-based approach to AML, CTF, sanctions, and fraud prevention — assessing the level of risk presented by each customer, partner, transaction, jurisdiction, product, payment method, crypto asset, wallet, and use case.

Risk factors may include

Yera Connect may conduct due diligence directly or through third-party providers and regulated partners. Before onboarding or enabling services, Yera Connect may collect and verify:

For individuals

• Full legal name, date of birth, nationality, residential address
• Email address and phone number
• Government-issued identification document
• Biometric, selfie, or liveness verification, where required
• Source of funds or source of wealth, where required
• Sanctions, PEP, and adverse-media screening results

For businesses

• Legal business name, trading name, registration number, date and country of incorporation
• Registered address, operating address, business website, and business description
• Industry, merchant category, ownership and control structure
• Details of directors, authorised representatives, and UBOs
• Corporate registry and constitutional documents
• Expected transaction volumes, countries of operation, and payment methods
• Source of funds, source of wealth, or source of business revenue, where required
• Sanctions, PEP, and adverse-media screening results

Yera Connect may review each merchant or platform before providing services. This review may include:

• Verifying the legal entity and identifying directors, controllers, and UBOs
• Reviewing business activity and website content
• Assessing the legality of products or services offered
• Reviewing licensing or registration requirements
• Checking whether the business operates in a restricted or prohibited sector
• Assessing expected payment flows and settlement arrangements
• Reviewing chargeback, fraud, refund, and complaint risk
• Checking whether the business model creates elevated AML, CTF, sanctions, or consumer-protection risk

Yera Connect may require updated KYB information periodically or when risk indicators change.

Yera Connect may apply enhanced due diligence where a customer, transaction, partner, or payment flow presents elevated risk.

EDD may be required where

• The customer is a PEP or linked to a PEP
• The customer is connected to a high-risk jurisdiction
• The ownership structure is complex, opaque, nominee-based, or difficult to verify
• The business model is cash-intensive, high-risk, or unusually complex
• Transaction activity is inconsistent with the customer's profile
• There is adverse media involving fraud, sanctions, corruption, or money laundering
• The customer uses high-risk wallets, exchanges, mixers, tumblers, bridges, or obfuscation methods
• Funds are received from unknown, unrelated, or high-risk third parties
• The customer refuses or delays providing required information
• There are doubts about the authenticity of documents or accuracy of information

EDD may include

• Additional identity or business verification
• Source-of-funds and source-of-wealth review
• Additional UBO verification
• Senior management approval
• Manual transaction review and additional blockchain analytics
• Review of counterparties and contractual restrictions
• Lower limits or enhanced monitoring
• Rejection or termination of the relationship

Yera Connect screens, or may require its partners to screen, customers, UBOs, directors, authorised representatives, counterparties, wallets, and transactions against applicable sanctions lists.

If a sanctions match is identified, Yera Connect may

• Pause onboarding or suspend services
• Block or reject a transaction
• Request additional information and escalate for compliance review
• Notify a regulated partner or report to competent authorities where required
• Freeze or restrict assets where legally required and technically possible

Yera Connect may refuse, restrict, suspend, or terminate customers, transactions, or business relationships involving the following prohibited or restricted activities:

Yera Connect may monitor transactions on a real-time, near-real-time, or periodic basis using automated systems, manual review, third-party tools, regulated partner controls, and blockchain analytics.

Monitoring may cover

• Transaction amount, frequency, velocity, and unusual patterns
• Country and jurisdiction, payment method, and customer profile
• Counterparty risk, wallet risk, and crypto-asset risk
• Structuring or splitting behaviour and rapid movement of funds
• Failed or repeated payment attempts
• Mismatch between customer profile and transaction behaviour
• Chargeback or refund abuse
• Suspicious IP, device, or geolocation indicators
• Links to high-risk exchanges, darknet markets, mixers, tumblers, bridges, or sanctioned wallets

Yera Connect may request additional information about a transaction, including purpose of payment, source of funds, relationship between parties, invoice, contract, proof of delivery, wallet ownership, or other supporting documents.

Because Yera Connect supports fiat-to-crypto payment orchestration, additional controls may apply to digital-asset activity.

• Wallet screening and blockchain analytics
• Source-of-funds and destination-of-funds analysis
• Exposure review for illicit finance indicators
• Monitoring for mixers, tumblers, darknet exposure, scam exposure, sanctioned wallet exposure, ransomware exposure, stolen funds, and high-risk counterparties
• Review of asset type, network, chain, bridge, and settlement route
• Restrictions on unsupported tokens, networks, wallets, or providers

Where applicable, Yera Connect may support, collect, transmit, or require information relating to the originator and beneficiary of certain funds transfers or crypto-asset transfers.

• Sender and recipient information
• Account or wallet information
• Transaction reference information
• Required compliance metadata
• Information requested by regulated payment or crypto-asset service partners

Yera Connect may reject or delay transfers where required information is missing, incomplete, inaccurate, suspicious, or inconsistent with applicable law or partner requirements.

Customer due diligence does not end after onboarding. Yera Connect may conduct ongoing monitoring throughout the customer relationship, including:

• Periodic KYC or KYB refresh
• Updated sanctions, PEP, and adverse-media screening
• Transaction monitoring and wallet screening
• Review of changed business activity, ownership, or control
• Review of unusual transaction patterns
• Review of complaints, chargebacks, fraud signals, and regulatory alerts
• Review of partner, bank, payment provider, or law-enforcement requests

Suspicious activity may include

• Inconsistent or false customer information and forged or altered documents
• Unusual payment flows or unexplained source of funds
• Transactions inconsistent with the customer's profile
• Multiple accounts used to avoid limits
• Use of third parties without a clear lawful purpose
• Links to sanctioned or high-risk wallets
• Links to fraud, scams, hacks, ransomware, darknet markets, or other criminal activity
• Reluctance to provide information or attempts to pressure staff
• Attempts to conceal ownership, control, or transaction purpose

Where required, suspicious activity may be reported to competent authorities, financial intelligence units, regulated partners, banks, payment providers, crypto-asset service providers, or law-enforcement agencies.

Yera Connect may refuse to onboard a customer or may restrict, suspend, or terminate access to services where:

• The customer fails KYC or KYB checks
• The customer refuses to provide required information
• Information provided is false, misleading, incomplete, or unverifiable
• The customer is subject to sanctions or linked to prohibited activity
• Transaction activity is suspicious or outside risk appetite
• Required partner, bank, payment provider, or regulatory approval is not obtained
• The customer operates in a prohibited sector or jurisdiction
• Continued service would create unacceptable legal, regulatory, financial, operational, reputational, fraud, AML, CTF, or sanctions risk

Yera Connect may also delay, reject, or reverse transactions where permitted or required by law, partner requirements, payment scheme rules, sanctions obligations, or internal risk controls.

Yera Connect will retain AML, KYC, KYB, sanctions, transaction, monitoring, and compliance records for as long as required by applicable law, contractual obligations, partner requirements, and legitimate business needs. Records may include:

• Customer identification information and business verification documents
• UBO information and screening results
• Risk assessments and transaction records
• Wallet-screening results and communications with customers
• Internal compliance notes and suspicious activity escalations
• Decisions to approve, reject, suspend, or terminate a relationship
• Reports or notices submitted to competent authorities or regulated partners

Yera Connect processes personal data in accordance with its Privacy Policy and applicable data-protection laws. Personal data collected for AML, CTF, sanctions, fraud prevention, and regulatory compliance purposes may be shared with:

• Identity-verification, KYB, sanctions-screening, and fraud-prevention providers
• Blockchain-analytics, payment service, and crypto-asset service providers
• Banking partners, liquidity providers, and compliance partners
• Regulators, financial intelligence units, and law-enforcement authorities
• Courts or other competent authorities, where legally required

Yera Connect only collects information that is reasonably necessary for onboarding, compliance, risk management, fraud prevention, transaction processing, legal obligations, and platform security.

Yera Connect may use third-party providers to perform or support compliance-related functions, including:

• KYC and KYB verification
• Sanctions, PEP, and adverse-media screening
• Fraud monitoring and blockchain analytics
• Payment processing and crypto conversion
• Compliance case management and transaction monitoring
• Settlement, data hosting, and infrastructure

Employees, contractors, and relevant representatives of YEAR TECH must comply with this Policy and any internal AML, CTF, sanctions, fraud-prevention, data-protection, and security procedures. Relevant personnel may receive training on:

• AML and CTF principles and sanctions screening
• Suspicious activity indicators and fraud typologies
• Crypto-asset risk indicators and customer due diligence
• Transaction monitoring and escalation procedures
• Confidentiality and tipping-off restrictions
• Data protection and secure handling of customer information

YEAR TECH maintains a compliance governance framework appropriate to the nature, size, risk, and complexity of Yera Connect, which may include:

• Senior management oversight and designated compliance responsibility
• Documented onboarding procedures and risk assessments
• Transaction-monitoring and sanctions controls
• Internal escalation procedures and periodic policy review
• Compliance training and partner due diligence
• Audit trails and record keeping

Yera Connect's compliance framework may be updated when required by changes in law, regulation, partner requirements, business model, supported jurisdictions, payment methods, crypto assets, or risk exposure.

Yera Connect may cooperate with banks, payment providers, crypto-asset service providers, regulators, financial intelligence units, law-enforcement agencies, courts, and other competent authorities where required or permitted by applicable law. This cooperation may include providing information, records, transaction data, customer details, risk assessments, or other documentation where legally required or necessary for fraud prevention, AML, CTF, sanctions compliance, dispute management, or platform security.

YEAR TECH may update this Policy from time to time to reflect changes in:

• Law, regulation, or regulatory guidance
• Sanctions requirements
• Yera Connect services or partner requirements
• Supported jurisdictions, payment methods, or crypto assets
• Financial-crime typologies
• Improvements to internal controls

The latest version of this Policy will be published on the Yera Connect website at yeraconnect.io.

For questions about this AML, CTF & Sanctions Policy, please contact the Compliance Team.