Anti-Money Laundering Policy

Zerone.io services are provided by FINPULSE CY LIMITED, a company registered in Cyprus, Tax Identification Number (TIN) 60167317W.

Applies to: All employees, officers, contractors, agents, and business Clients of Zerone (hereinafter, the "Service Provider").

1. General Provisions

1.1. This Anti-Money Laundering and Security Policy (hereinafter, the "Policy") has been adopted by Zerone in order to establish a clear and effective framework for the detection, prevention, deterrence, and reporting of money laundering, terrorist financing, the financing of proliferation of weapons of mass destruction, and other illicit financial activities, as well as for the implementation of reasonable, proportionate, and effective information security safeguards.

1.2. This Policy outlines the internal rules, procedures, and control mechanisms adopted by Zerone to ensure full compliance with applicable legal, regulatory, and technical requirements, including but not limited to:

1.3. The provisions of this Policy are binding upon all employees, managers, officers, agents, contractors, and any individuals or entities performing services for or on behalf of Zerone.

1.4. This Policy is to be read in conjunction with Zerone's Terms of Use, Privacy Policy, and any other internal or public-facing policies.

1.5. The Management Board of Zerone has adopted this Policy and retains overall responsibility for its implementation. The Compliance Officer (CO) is designated as responsible for operational management and enforcement.

2. Definitions

Money Laundering refers to the conversion or transfer of property derived from criminal activity for the purpose of concealing or disguising its illicit origin.

Terrorist Financing means the provision or collection of funds with the intention that they be used for terrorist acts.

Client means any natural person or legal entity who enters into a business relationship with Zerone or uses its services.

Beneficial Owner refers to any natural person(s) who ultimately owns or controls the Client, in accordance with Article 3(6) of Directive (EU) 2015/849.

Politically Exposed Person (PEP) means a natural person who is or has been entrusted with prominent public functions, including family members or close associates.

3. Description of Activities

3.1. Zerone is a technology-based platform that provides business Clients (merchants, developers, platforms, aggregators) with access to software solutions that facilitate integration with payment service providers (PSPs), acquiring banks, and financial networks.

3.2. Zerone operates in a business-to-business (B2B) model. Its Clients are verified legal entities subject to financial, regulatory, or licensing oversight.

3.3. Core services include API-based integration of merchant platforms with payment processing infrastructure, technical support, analytics, and fraud prevention modules.

3.4. Zerone implements strict internal controls, monitoring procedures, and audit trails to detect and report any misuse of its platform for purposes contrary to applicable AML, CTF, or sanctions obligations.

4. Client Due Diligence (CDD)

4.1. Zerone shall establish robust CDD procedures in line with a risk-based approach. CDD measures shall be proportionate to the nature, size, complexity, and risk profile of the Client.

4.2. CDD shall be applied when establishing a business relationship, when carrying out occasional transactions of EUR 15,000 or more, when there is suspicion of money laundering or terrorist financing, or when there are doubts about previously obtained data.

4.3. CDD shall comprise: identification and verification of the Client; identification of beneficial owners; information on the purpose and intended nature of the business relationship; and ongoing monitoring.

4.4. Enhanced due diligence (EDD) shall be applied for higher-risk situations, including PEPs, high-risk jurisdictions, complex ownership structures, or unusually large or complex transactions.

4.5. Zerone shall not establish or maintain a business relationship where it is unable to comply with CDD requirements.

5. Identification Requirements

5.1. For natural persons: full legal name, date of birth, nationality, residential address, valid identification document (passport, national ID), and purpose of the business relationship.

5.2. For legal persons: full legal name, legal form, registration number, registered office, ownership structure, identification of UBOs, and directors or representatives.

5.3. All identification and verification must be completed before establishing a business relationship, except in strictly limited circumstances permitted by law.

6. Record-Keeping

6.1. Zerone shall retain all CDD documentation, transactional records, risk assessments, and compliance-related data for at least five (5) years following the termination of the business relationship.

6.2. Data shall be stored securely with encryption, access controls, and audit logging. Records shall be made available to competent authorities upon lawful request.

7. Suspicious Activity Reporting

7.1. All Representatives must promptly report any circumstances that may give rise to suspicion to the Compliance Officer.

7.2. Suspicious Activity Reports (SARs) shall be submitted to the competent Financial Intelligence Unit (FIU) in accordance with applicable AML legislation.

7.3. It is strictly prohibited to disclose to the Client or any third party that a SAR has been submitted ("tipping-off").

7.4. No transaction may be executed once suspicion arises, unless there is a compelling reason permitted by law.

8. International Sanctions

8.1. Zerone shall ensure full compliance with international sanctions regimes (EU, UN, OFAC, OFSI).

8.2. Sanctions screening shall be conducted during onboarding, periodically throughout the relationship, and prior to transaction execution.

8.3. In the event of a positive match or suspicion of sanctions exposure, the transaction shall be suspended, the matter escalated, and a report filed with competent authorities as required.

9. Training

9.1. All Representatives shall receive mandatory training on AML, CTF, sanctions compliance, and information security upon commencement of employment and at least annually thereafter.

9.2. Training shall cover regulatory frameworks, identification of suspicious activity, PEPs, beneficial ownership, data protection, and internal reporting procedures.

10. Internal Audit and Policy Updates

10.1. Zerone shall conduct periodic internal audits of its AML/CTF framework at least annually.

10.2. This Policy shall be reviewed and updated as necessary to reflect changes in laws, regulations, business practices, or identified risks.

10.3. All Representatives shall be notified of material amendments to the Policy.

11. Liability and Legal Protection

11.1. Zerone and its Representatives shall not be held liable for damages resulting from the good faith execution of duties under this Policy, including refusal to carry out a transaction, termination of a relationship, or reporting to authorities.

11.2. Representatives acting in good faith when reporting suspicious activity shall receive full support and legal protection.

11.3. Clients are responsible for the accuracy and completeness of information provided. Misrepresentation or failure to comply with verification requests may result in refusal of service and reporting to authorities.

12. Final Provisions

12.1. This Policy shall be read in conjunction with applicable EU laws, including Directive (EU) 2015/849, Directive (EU) 2018/843, and Regulation (EU) 2016/679 (GDPR).

12.2. In case of inconsistency with applicable legislation, the latter shall prevail.

12.3. This Policy is issued in English. In case of translation discrepancies, the English version shall prevail.

Contact

Questions or concerns regarding this Policy or its application shall be directed to the Compliance Officer.

Zerone.io — FINPULSE CY LIMITED
Cyprus, TIN 60167317W

Telegram: @zerone_io