1.Definitions

"Beneficial Owner" means any natural person or persons who ultimately own or control the User (as defined below) and, or the natural person or persons on whose behalf a transaction or activity is being conducted, and

(a)in the case of a body corporate or a body of persons, the beneficial owner shall consist ofany natural person or persons who ultimately own or control that body corporate or body of persons through direct or indirect ownership of twenty-five per centum (25%) plus one (1) or more of the shares or more than twenty-five per centum (25%) of the voting rights or an ownership interest of more than twenty-five per centum (25%) in that body corporate or body of persons, including through bearer share holdings, or through control via other means, other than a company that is listed on a regulated market which is subject to disclosure requirements consistent with European Union law or equivalent international standards which ensure adequate transparency of ownership information:

Provided that a shareholding of twenty-five per centum (25%) plus one (1) share or more, or the holding of an ownership interest or voting rights of more than twenty-five per centum (25%) in the customer shall be an indication of direct ownership when held directly by a natural person, and of indirect ownership when held by one or more bodies corporate or body of persons or through a trust or a similar legal arrangement, or a combination thereof:

Provided further that if, after having exhausted all possible means and provided there are no grounds of suspicion, no beneficial owner in terms of this paragraph has been identified, subject persons shall consider the natural person or persons who hold the position of senior managing official or officials to be the beneficial owners, and shall keep a record of the actions taken to identify the beneficial owner in terms of this paragraph.


(b)inthe case of trusts the beneficial owner shall consist of:

1. 1. thesettlor;
   2. thetrustee or trustees
   3. theprotector, where applicable;
   4. thebeneficiaries or the class of beneficiaries as may be applicable; and
   5. anyother natural person exercising ultimate control over the trust by means of direct or indirect ownership or by other means;

(c)in the case of legal entities such as foundations and legal arrangements similar to trusts,the beneficial owner shall consist of the natural person or persons holding equivalent or similar positions to those referred to in paragraph (b).


"High Risk Jurisdiction" means the jurisdictions designated by CPay as a high risk jurisdiction in respect of any Sale or Service from time to time.

"Politically Exposed Person" means a natural person who is or has been entrusted with prominent public functions, other than middle ranking or more junior officials. For the purposes of this definition, the term "natural person who is or has been entrusted with prominent public functions" includes the following:

• Headsof State, Heads of Government, Ministers, Deputy or Assistant Ministers, and Parliamentary Secretaries;
• Membersof Parliament or similar legislative bodies;
• Membersof the governing bodies of political parties;
• Members of superior, supreme, and constitutional courts or of other highlevel judicialbodies whose decisions are not subject to further appeal, except in exceptional circumstances;
• Membersof courts of auditors or of the boards of central banks;
• Ambassadors,charges d'affaires, consuls and high ranking officers in the armed forces;
• Membersof the administrative, management or supervisory boards of Stateowned enterprises;
• Anyoneexercising a function equivalent to those set out in paragraphs (a) to (f) within an institution of the European Union or any other international body;

Furthermore, Politically Exposed Person includes also family members or persons known to be close associates of any individual identified in (a) – (h) above

The term "family members" includes:

• thespouse, or a person considered to be equivalent to a spouse;
• thechildren and their spouses, or persons considered to be equivalent to a spouse; and
• the parents

"Persons known to be close associates" means:

• a natural person known to have joint beneficial ownership of a body corporate or anyother form of legal arrangement, or any other close business relations, with that politically exposed person; or
• anatural person who has sole beneficial ownership of a body corporate or any other form of legal arrangement that is known to have been established for the benefit of that politically exposed person.

"Prohibited Jurisdiction" means the jurisdictions designated by CPay as a prohibited jurisdiction in respect of the Sale or Service from time to time.

"Sanctioned Jurisdiction" means any country or territory to the extent that such country or territory is the subject of any sanction issued by the United Nations, United States and/or the European Union.

"Sanctioned Person" means any individual or entity (a) identified on a sanctions list issued by the United Nations, United States and/or the European Union; (b) organized, domiciled or resident in a Sanctioned Jurisdiction; or (c) otherwise the subject or target of any sanctions, including by reason of ownership or control by one or more individuals or entities described in clauses (a) or (b).

"Service" means any other services provided by CPay to the Users from time to time, including, without limitation, its payment and cryptocurrency exchange services, wallet services, C-lever.com and Instachange.com services, and any other services or functionalities, past, present, or future.

"Transaction" means any transaction with any assets that is conducted by a user through any of the CPay 's websites, applications, client accounts, cryptocurrency wallets, Services, or functionalities, and the word "transact" shall be interpreted accordingly.

"User" means a person using CPay 's Services.

2.Company Policy

UAB Cpay Finance (Company) is completely committed to the deterrence of financial crime. The Company has employed a robust and efficient risk-based approach in the areas of Anti-Money Laundering (AML) and Anti-Terrorist Financing (ATF), Know Your customer (KYC), Simplified Due Diligence (SDD), Full Due Diligence (FDD), Enhanced Due Diligence (EDD) and On-going Transaction Monitoring.

The Company recognises that any AML breaches or any incidence of money laundering or the failure to establish adequate policies, procedures and practices to safeguard against money laundering may call into question the adequacy of internal systems and controls as well as the governance demonstrated by the Company and ultimately the success of the company.

This policy applies to all individuals working at all levels of the Company, including senior managers, officers, directors, employees, consultants, contractors, trainees, homeworkers, part-time and fixed-term workers, casual and agency staff, all of whom are collectively referred to as 'staff' in this document.

The Company is committed to AML and ATF European laws and regulations. All necessary precautions to prevent, detect and report to the appropriate government authorities in keeping with the applicable laws and regulations, known and suspected violations, AML and other crimes and suspicious transactions will be adhered to. Policies and procedures will be reviewed to ensure they address the specific risks associated with non-face-to-face business relationships or countries that do not apply the apply the Financial Action Task Force Recommendations (FATF).

This manual sets forth the policies to follow in order to be fully complaint with the appropriate AML legislation. The manual will be periodically updated by the Money Laundering Reporting Officer (MLRO) based on the general principles set up by the Senior Management in relation to the prevention of money laundering and terrorist financing and to ensure it complies with future requirements.

The amendments and/or changes of the manual shall be communicated to all employees of the Company who have responsibility for the application of the practices, measures, procedures and controls relating to the prevention of money laundering and terrorist financing. All staff shall sign a confirmation of having read and understood the manual and sign the acceptance document.

• Money Laundering

There are three broad groups of offences related to money laundering that firms need to avoid committing. These are:

• knowingly assisting (in a number of specified ways) in concealing, or entering into arrangements for the acquisition, use, and/or possession of, criminal property;
• failing to report knowledge, suspicion, or where there are reasonable grounds for knowing or suspecting, that another person is engaged in money laundering; and
• tipping off or prejudicing an investigation.

2.2 Terrorist Financing

There can be considerable similarities between the movement of terrorist property and the laundering of criminal property: some terrorist groups are known to have well established links with organised criminal activity. However, there are two major differences between terrorist property and criminal property. More generally:

• often only small amounts are required to commit individual terrorist acts, thus increasing the difficulty of tracking the terrorist property;
• terrorists can be funded from legitimately obtained income, including charitable donations, and it is extremely difficult to identify the stage at which legitimate funds become terrorist property.

3. Risk-Based Approach

Company will maintain a standardized risk rating model to conduct risk assessments related to the exposure to money laundering across all client relationships. The Company Board of Directors will approve this model on an annual basis.

The risk-based approach takes the most cost effective and proportionate way to manage and mitigate money laundering and terrorist financing risks.

Company will identify the money laundering and terrorist risks presented by:

• Customers;
• Product;
• Method;
• Interface;
• Geography;

Consequently, Company will:

• Design and implement controls to manage and mitigate those risks;
• Monitor and seek to improve the operation of these controls;
• Record what has been done.

The risk-based approach will recognise that the money laundering and terrorist financing risks vary according to customers, jurisdictions, products and method of delivery.

Customer

The varied nature of individual clients may pose a risk for the Company. Clients who want to use the Company may be natural persons or a legal entity. The Company could possibly deal with Politically Exposed Persons ("PEPs") or Sanctioned individuals after conducting KYC checks and collecting Enhanced Due Diligence ("EDD"). There are risks wherein the Company may be approached by potential clients associated with illicit activities (who fund their Bitcoin purchases with proceeds of crime), or clients targeted by national, trans-national or global sanctions.

Product

The pseudonymous nature of Bitcoin may attract bad actors or somewhat facilitate the task of laundering proceeds of crime, financing of terrorism or – more generally speaking – the purchase or transfer of money for illicit items or purposes. Furthermore, the general irreversibility of Bitcoin transactions may attract a higher degree of scammers and fraudsters usually associated with card fraud.

Method

Credit and debit card fraud is a reality faced by any online outlet which provides card processing options to their clients. As mentioned above, the general irreversibility of Bitcoin transactions may exacerbate this risk. Bank wires tend to be considered safer from this point of view – but present other challenges mainly related to client-to-transfer matching and generally slower processing times

Interface

The non-face-to-face client interface may pose a challenge in verifying certain customer information during the onboarding phase, or for general client communication purposes. Risks are also brought about through the speed of propagation of an online transaction – or indeed a chain of online transactions – typically measured in seconds.

Geography

The varied nature of individual clients may pose a risk for the Company. Clients who want to use CPay Finance may be natural persons or a legal entity. The Company could possibly deal with Politically Exposed Persons ("PEPs") or Sanctioned individuals after conducting KYC checks and collecting Enhanced Due Diligence ("EDD"). There are risks wherein the Company may be approached by potential clients associated with illicit activities (who fund their Bitcoin purchases with proceeds of crime), or clients targeted by national, trans-national or global sanctions.

4.Initialandongoing screening

1.CPay will (and will always reserve a right to) screen a User prior toenabling any Transaction with such User and will continue to screen such User on an ongoing basis, to ensure that such User is not a Sanctioned Person, from a Sanctioned Jurisdiction and/or a person from a Prohibited

2.CPay will screen a User prior to providing any Service to such User, andwill continue to screen such User on an ongoing basis, to ensure that such User is not a Sanctioned Person, from a Sanctioned Jurisdiction and/or a person from a Prohibited If a User is a Sanctioned Person, from a Sanctioned Jurisdiction and/or a person from a Prohibited Jurisdiction, CPay will refuse to provide Services to such User or discontinue the provision of Services.

In carrying out this screening CPay shall ensure to adopt software to enable comprehensive screening to be carried out and which captures all sanctions that CPay is bound to follow.

Ongoing monitoring of Users

CPay reserves the right to continuously monitor, on a risk sensitive basis, the business relationship with a User (as applicable) by:

1. reviewing from time to time documents, data and information that havebeen obtained by CPay to ensure that such documents, data and information are up to date;
2. conductingappropriate scrutiny of Transactions and activities carried out by Users to ensure that they are consistent with CPay 's knowledge of the User's business and risk profile, and to ensure that such Transactions and activities are in line with CPay 's knowledge of the User's or User's source of funds and source of wealth; and
3. identifying transactions that are unusually large in amount or of an unusual pattern and have no apparent economic or lawful

For the avoidance of doubt, CPay may undertake ongoing monitoring on Users in order to ensure that any Transactions equal to or in excess of €500 (or its equivalent in any other currency) shall be subject to enhanced due diligence in relation to the source of funds and source of wealth of the User.

To continuously monitor the business relationship with a User (as applicable), CPay may carry out a file review to ensure that information held about the User is up-to-date and that identification documents held are still valid. In addition, on a more frequent basis, CPay may also monitor transactional activity to identify any red-flags or 'out of the norm' activity.

As part of the second line of defense, the Money Laundering Reporting Officer will carry out checks to ensure that regular and effective on-going monitoring is being effected and ensure that irregular or suspicious activities are effectively escalated.

5. Due Diligence Policy

5.1 Customer Due Diligence Policy

CPay adopts a risk-based approach to combating money laundering and terrorist financing. By adopting a risk-based approach, CPay is able to ensure that measures to prevent or mitigate money laundering and terrorist financing are commensurate to the identified risks.

Prior to enabling or entering into a Transaction with or for or on behalf of a User or providing any Service to a User, CPay will, if so required by applicable law or if it is otherwise deemed necessary or expedient:

1.identifythe User and verify the User's identity on the basis of documents, data or other information based on a reliable and independent source;

2.ifthere is a Beneficial Owner in relation to the User, identify the beneficial owner and take reasonable measures to verify the beneficial owner's identity;

3.obtaininformation on the purpose and intended nature of the business relationship with the User, unless the purpose and intended nature are clearly stipulated in the relevant documentation between CPay and the As part of this process, CPay shall obtain, amongst other matters, information on the source of funds and source of wealth of the User; and

4.if a person purports to act on behalf of the User, (i) identify the person and takereasonable measures to verify the person's identity on the basis of documents, data or information based on a reliable and independent source; and (ii) verify the person's authority to act on behalf of the

To identify a User who is an individual, CPay will collect information from the User, including but not limited to, his full name, date of birth, place of birth, nationality, place of residence, email address, and the identity document type. CPay will verify the identity of the User with documents such as his national ID, passport and/or driver's license and utility bill.

To identify a User who is a legal entity, CPay will collect information from the User, including but not limited to, its full legal name, registration number, date of incorporation / registration, country of incorporation / registration and lists of directors (as applicable to the entity). CPay will verify the User with documents such as Memorandum and Articles of Association (or equivalent), additional beneficial ownership information and documents, and a detailed corporate chart (as applicable to the entity).

If the User is not physically present for identification purposes, CPay may adopt more stringent standards to verify the identity of the User.

We may also perform checks which may or may not require client interaction, such as:

— Requiring document certification supplied by a person carrying out relevant financial business as defined by the Lithuanian authorities

— Ensure that the first payment or transaction into the account is carried out through an account held by the client in his name with a credit institution authorised in the EU or otherwise authorised in another equivalent or reputable jurisdiction

— Requesting additional identification documents

— Cross-referencing IP address geo-location with the provided address

— Using open-source information to gather more information or to corroborate previously collected information

5.2 Sanctions And PEPs Screening

Company will make use of an internal screening software to screen applicants against recognised Sanctions Lists and Politically Exposed Persons (PEPs) lists. Individuals will be screened on a monthly basis as well as on initial sign up.

5.2.1 Sanctions Lists

Company will take all required steps to ensure that all customers with whom a business relationship is established are screened against relevant notices published by:

• the Office of Foreign Assets Control (OFAC)
• Her Majesty's Treasury Department – (HM Treasury)
• European Union sanctions (EU)
• United Nations sanctions (UN)
• Financial Crimes Investigation Service (FCIS)

Information leading to "fuzzy matches" will be investigated further, for example where the match was related to a name which can be deemed as popular, and this will be compared against the other information that is collected at point of registration. The full evaluation of the customer's data will provide a result.

Any confirmed matches to sanctions lists will be declined or closed, and the necessary reports will be made to the Financial Crimes Investigation Service (FCIS)/authorities.

5.2.2 PEPs Screening

In order to meet the regulatory obligations, a risk sensitive approach to identifying PEPs and then applying EDD measures shall be assigned to customers on a case by case basis.

Once a customer or beneficial owner of the customer has been identified as a PEP, or a family member or known close associate of a PEP, the level of risk associated with the customer will be assessed and the required amount of EDD will be carried out. Senior management will decide on a case by case basis whether to open PEP accounts based on the risk to the business. The assessment and the decision to apply EDD measures will be clearly documented. PEP accounts will not be declassified once their tenure in a public office has expired. The MLRO will include within the annual MLRO report to the board any customers identified as PEPs during the previous year.

Where a business continuity relationship with a PEP, family member or known close associate of a PEP is being considered:

• approval shall be sought from the MLRO for establishing or continuing the business relationship with that person.
• any cases identified as high risk of money laundering or terrorist financing shall be referred to the MLRO for approval before a business relationship is established.
• adequate measures to establish the customer's source of wealth and source of funds relevant to the proposed business relationship or transaction depending on the risks assessed.
• once a business relationship is entered into, conducting enhanced ongoing monitoring of the business relationship with that person. The nature and extent of this monitoring will depend on the risk assessment.

There is no global accepted definition of a PEP, however, according to the European Directive have embraced similar definitions of a PEP. In particular, the following are defined as PEPs:

Foreign PEPs: individuals who are or have been entrusted with prominent public functions by a foreign country, for example Heads of State or of government, senior politicians, senior government, judicial or military officials, senior executives of state owned corporations, important political party officials.

Domestic PEPs: individuals who are or have been entrusted domestically with prominent public functions, for example Heads of State or of government, senior politicians, senior government, judicial or military officials, senior executives of state owned corporations, important political party officials.

International organization PEPs: persons who are or have been entrusted with a prominent function by an international organization, refers to members of senior management or individuals who have been entrusted with equivalent functions, i.e. directors, deputy directors and members of the board or equivalent functions.

Family members are individuals who are related to a PEP either directly or through marriage or similar (civil) forms of partnership.

Close associates are individuals who are closely connected to a PEP, either socially or professionally.

5.3 Enhanced Due Diligence (EDD)

Enhanced due diligence is required in circumstances giving rise to an overall higher risk.

When assessing the ML/TF risks the following factors will be considered:

• types of customer (PEPs)
• countries or geographic areas (countries identified by credible sources as not having adequate AML/CTF approaches)
• transactions (discrepancies between submitted and detected information)
• delivery channels (businesses introduced by third parties)

Customers subject to EDD are required to provide a written confirmation regarding the legal origin of funds. Failure to provide such may result in a transaction being held. The following documents will be accepted by the Company as proof of the legal origin of customer's funds:

• Bank statement no more than 3 months old and certified by the bank;
• Employer paystubs for the last 3 months accompanied by a bank statement for the last month;
• HMRC documents if funds are coming from a pension which could support the bank statement; or
• Letters from a solicitor if funds are coming from a loan which could support the bank statement.

As a result, senior management will take a decision to continue or terminate business relations with the respective client as well as to continue or terminate business relations with other clients who have the same beneficiaries or who conduct transactions on behalf of the same third persons.

6. Sanctioned, Prohibited And High Risk Jurisdictions

CPay will establish and maintain the following lists of jurisdictions (i) Sanctioned Jurisdictions (ii) Prohibited Jurisdictions and (iii) High Risk Jurisdictions. In determining the list of Sanctioned Jurisdictions, Prohibited Jurisdictions and High Risk Jurisdictions, CPay shall take into account the lists issued by the Financial Action Task Force and by other organizations issuing guidelines and lists relating to the adequacy of legislative measures adopted by jurisdictions in relation to money laundering, funding of terrorism and transparency.

Users which are (i) resident or domiciled in, or (ii) have their source of wealth or source of funds linked to a Sanctioned Jurisdiction and/or a Prohibited Jurisdiction shall not be accepted as clients of CPay .

Users which are (i) resident or domiciled in, or (ii) have their source of wealth or source of funds linked to High Risk Jurisdictions shall be subject to additional checks and measures by CPay

.High risk situations

In certain circumstances, the risk may be higher and CPay will need to take additional checks. These include, for example, situations where the User is from a High Risk Jurisdiction, where the User is a Politically Exposed Person, or the User's or User's behavior and activities raise other red flags.

In a high risk situation, CPay will:

1. where a business relationship has not yet been established, obtain approval fromsenior management to establish the business relationship and take reasonable measures to verify the User's or beneficial owner's source of wealth and source of funds that will be involved in the business relationship; and
2. where a business relationship has been established, obtain approval from seniormanagement to continue the business relationship, take reasonable measures to verify the beneficial owner's identity, and take reasonable measures to verify the User's or beneficial owner's source of wealth and source of funds that will be involved in the business relationship.

7. MLRO Role And Responsibilities

Company senior management will allocate a senior individual to be the Money Laundering Reporting Officer (MLRO) as required by the Money Laundering Regulations (MLR). The MLRO will have overall responsibility for the establishment and maintenance of Company's AML/CTF systems and controls and will report to the Company Board.

Company has an appointed MLRO who reports directly to the Board of Directors. The MLRO, with the support of the Board, is responsible for ensuring that the Company meets the AML compliance requirements set by the FCA, in adherence to the MLRs. The MLRO oversees the AML systems and controls. The main activities of the MLRO comprise, but are not limited to, the following:

• oversight of all aspects of the company's AML and CTF activities;
• focal point for all activities within the company relating to AML and CTF;
• establishing the basis on which a risk-based approach to the prevention of money laundering and terrorist financing is put into practice;
• supporting and co-ordinating senior management focus on managing the money laundering/terrorist financing risk in individual business areas; and
• ensuring that the Company's wider responsibility for AML/CTF is addressed centrally through appropriate training activities.

The MLRO is also required to produce reports for Board meetings including, but not limited to, the following items:

• Confirmation that adequate customer due diligence information is being collected and that ongoing monitoring is taking place;
• Summary data relating to complex or unusual transactions;
• Number of internal consents / Suspicious Activity Reports (SARs) received from staff members;
• Number of SARs made to the authorities;
• Information on status of staff training within the company;
• Confirmation that all business records have been properly stored and are retained according to regulatory requirements;
• Changes in the law/operating environment which do or might impact the business;
• Changes in the risk matrix affecting the business; and
• Contacts with the regulator.

8.Reporting

Where CPay suspects that a User is involved in any money laundering, terrorist financing or other illegal activities, it will report any relevant knowledge or suspicion to governmental and regulatory authorities. CPay shall not notify any Users of any such suspicious transaction report. Rather, in the event that CPay and its employees notify such Users, they may be held liable for tipping off. This is a criminal offence punishable by a fine and/or imprisonment.

9.Record-keeping

CPay will keep (a) transaction records, for a period of ten (10) years beginning on the date on which a transaction is completed, or for such other minimal period as may be required by applicable law; and (b) other information collected by CPay for AML/KYC purposes, throughout the continuance of the business relationship with the User and for a period of ten (10) years beginning on the date on which the business relationship with the User ends, or for such other minimal period as may be required by applicable law.

C.Pay Anti-Money Laundering
Management Measures