1. Purpose and Scope
This Anti-Money Laundering and Counter-Terrorist Financing Policy (the “Policy”) establishes the framework adopted by BME Technologies OÜ (the “Company”) to prevent, detect, and report money laundering, terrorist financing, and other forms of financial crime. The purpose of this Policy is to ensure that the Company conducts its activities in compliance with applicable AML/CFT laws and international standards, and that appropriate controls are in place to identify and mitigate financial crime risks. This Policy applies to all employees, contractors, and external service providers involved in the Company’s operations.
2. Definitions
For the purposes of this Policy:
“Client” means any corporate customer engaging the Company for transaction coordination services. “Counterparty” means any regulated entity involved in transaction execution or settlement, including financial institutions and virtual asset service providers (VASPs). “Transaction” means any crypto-to-fiat or related operation coordinated by the Company. “Suspicious Activity” means any activity that may indicate money laundering, terrorist financing, or other financial crime.
3. Regulatory Framework
The Company operates in accordance with applicable AML/CFT laws and international standards, including:
- European Union AML Directives and relevant Estonian legislation
- FATF Recommendations
- Applicable sanctions regimes (EU, UN, OFAC) The Company also aligns its compliance practices with the regulatory frameworks applicable to its counterparties and the jurisdictions in which they operate.
4. Business Model
BME Technologies OÜ operates as a non-custodial transaction coordination provider in the context of digital asset–related transactions. The Company does not receive, hold, or control client funds or digital assets at any stage. The Company does not operate wallets, does not have access to private keys, and does not execute or settle transactions. The Company facilitates and coordinates transactions between corporate clients and regulated counterparties, including licensed financial institutions, virtual asset service providers, and liquidity providers. All execution, conversion, and settlement activities are performed by such regulated counterparties. The Company does not act as a principal, counterparty, broker, or exchange.
5. Risk-based Approach
The Company applies a risk-based approach to AML/CFT compliance, taking into account:
- client risk
- jurisdictional risk
- transaction risk
- counterparty risk Each client relationship is assessed prior to onboarding and is subject to ongoing review.
6. Customer Due Diligence (CDD)
The Company conducts Customer Due Diligence prior to entering into any business relationship. This includes identification and verification of:
- corporate clients
- ultimate beneficial owners (UBOs)
- directors and authorized representatives The Company also performs:
- sanctions screening
- PEP screening
- assessment of business activity and transaction purpose Enhanced Due Diligence is applied where higher risk is identified.
7. Counterparty Due Diligence
The Company engages only with regulated and reputable counterparties. Due diligence includes:
- verification of licensing and regulatory status
- assessment of compliance frameworks
- reputational checks The Company relies on counterparties to perform execution and settlement in accordance with applicable regulations.
8. Flow of Funds
BME Technologies OÜ does not receive or process client funds through its own accounts. Transaction flows are executed directly through regulated counterparties, including licensed financial institutions and virtual asset service providers. Clients transfer funds directly to such counterparties, and settlement to final beneficiaries is performed by those entities. The Company does not hold, control, or have access to client funds at any stage.
9. Transaction Oversight
The Company applies a transaction oversight framework rather than traditional transaction monitoring. This includes reviewing transactions based on available information to ensure:
- consistency with the client’s profile
- alignment with declared business purpose
- involvement of legitimate counterparties Where necessary, additional information or documentation may be requested.
10. Sanctions and Screening
The Company conducts screening against:
- international sanctions lists
- politically exposed persons (PEPs)
- adverse media Transactions involving sanctioned parties are not supported.
11. Identification and Reporting of Suspicious Activity
The Company maintains procedures for identifying and assessing suspicious activity. Where suspicious activity is identified:
- the matter is escalated internally
- additional due diligence is performed
- reporting obligations are fulfilled where required
12. Governance and Compliance Function
The Company maintains a compliance framework overseen by the MLRO. The MLRO is responsible for:
- AML/CFT oversight
- internal controls
- reporting obligations The Company may engage external compliance specialists to support implementation and monitoring of AML procedures.
13. Record Keeping
The Company maintains records of:
- client due diligence
- transaction documentation
- compliance assessments Records are retained in accordance with applicable legal requirements.
14. Staff Obligations and Training
All personnel are required to:
- comply with this Policy
- report suspicious activity
- participate in AML/CFT training
15. Audit and Independent Review
The Company may conduct periodic internal or external reviews of its AML/CFT framework to ensure effectiveness and compliance.
16. Limitations of Control
Due to its non-custodial model, the Company does not have full visibility into all transaction flows and does not control the execution or settlement of transactions. Monitoring is therefore limited to information available within the Company’s coordination role.
ANNEX 1 – RISK MATRIX / BME TECHNOLOGIES OÜ
The Company applies a risk-based approach to assessing financial crime risks associated with its activities. The following matrix outlines the key risk categories, their characteristics, and mitigation measures.
1. Client Risk
Risk Factor Description Risk Level Mitigation Measures Corporate structure complexity Multi-layered ownership or unclear UBOs Medium / High Enhanced Due Diligence (EDD), UBO verification Industry exposure Clients operating in high-risk sectors Medium / High Industry screening, transaction purpose validation New clients Recently onboarded clients with no history Medium Increased scrutiny during initial transactions
2. Jurisdiction Risk
Risk Factor Description Risk Level Mitigation Measures High-risk jurisdictions FATF high-risk or sanctioned countries High Restriction or rejection of transactions Offshore structures Clients or flows involving offshore jurisdictions Medium Additional documentation and justification Mismatch jurisdictions Client location inconsistent with transaction Medium Clarification and supporting evidence
3. Transaction Risk
Risk Factor Description Risk Level Mitigation Measures Large transaction size High-value transactions relative to client profile Medium / High Source of funds verification Complex structuring Multi-step or unclear transaction flows High Transaction breakdown and documentation Economic rationale Lack of clear purpose High Request supporting documentation
4. Counterparty Risk
Risk Factor Description Risk Level Mitigation Measures Unregulated counterparties Lack of licensing or unclear status High Work only with regulated entities Weak compliance controls Poor AML framework of counterparty Medium / High Counterparty due diligence Unknown counterparties Insufficient transparency High Reject or require full disclosure
5. Product / Service Risk
Risk Factor Description Risk Level Mitigation Measures Crypto-to-fiat conversion Exposure to digital asset risks Medium Use regulated providers only Real estate settlements High-value transactions Medium / High Documentation and transaction purpose verification Cross-border flows Multi-jurisdictional complexity Medium Jurisdiction and counterparty checks
ANNEX 2 – RED FLAGS INDICATORS
The following non-exhaustive list outlines indicators of potentially suspicious activity relevant to the Company’s non-custodial transaction coordination model.
CLIENT-RELATED RED FLAGS
- Client is unable or unwilling to provide clear information about business activity
- Complex or opaque ownership structure without reasonable explanation
- Frequent changes in ownership, management, or transaction instructions
- Client requests to structure transactions in an unusual or non-standard manner
TRANSACTION-RELATED RED FLAGS
- Transaction lacks clear economic or business rationale
- Transaction size is inconsistent with client profile
- Unnecessarily complex transaction structure
- Urgent transaction requests without sufficient explanation
- Repeated adjustments to transaction details
JURISDICTIONAL RED FLAGS
- Involvement of high-risk or sanctioned jurisdictions
- Transaction flows involving multiple unrelated jurisdictions
- Mismatch between client location and transaction geography
COUNTERPARTY RED FLAGS
- Counterparty is not regulated or cannot confirm licensing status
- Counterparty unwilling to provide compliance information
- Use of multiple counterparties without clear justification
BEHAVIORAL RED FLAGS
- Client demonstrates reluctance to provide documentation
- Inconsistent explanations regarding transaction purpose
- Attempts to bypass standard compliance procedures
ANNEX 3 – TRANSACTION REVIEW WORKFLOW
BME TECHNOLOGIES OÜ
1. Overview
BME Technologies OÜ applies a structured transaction review process to ensure that all transactions coordinated by the Company are consistent with its AML/CFT obligations and internal risk appetite. Given the Company’s non-custodial model, this process is based on transaction oversight rather than direct monitoring or control of funds.
2. Transaction Review Process
Step 1 – Client Verification
- Prior to any transaction, the Company confirms that:
- the client has successfully completed onboarding and KYC/KYB procedures
- the client profile, including business activity and ownership structure, is verified
- no sanctions or adverse findings are present
- No transaction is coordinated without completed onboarding.
Step 2 – Transaction Initiation and Information Collection The Company obtains key transaction details, including:
- transaction purpose
- transaction size and structure
- involved counterparties
- jurisdictions involved
- intended beneficiary The Company ensures that sufficient information is available to understand the nature and rationale of the transaction.
Step 3 – Risk Assessment The transaction is assessed against the Company’s risk framework, including:
- consistency with the client profile
- jurisdictional exposure
- counterparty risk
- complexity of transaction structure Where necessary, the transaction is classified as low, medium, or high risk.
Step 4 – Enhanced Review (if applicable) Where elevated risk is identified, the Company performs enhanced review, which may include:
- requesting additional documentation
- obtaining clarification on transaction purpose
- verifying counterparties in greater detail
- confirming source of funds
Step 5 – Decision-Making Based on the review, the Company determines whether to:
- proceed with coordination of the transaction
- proceed subject to additional controls
- decline involvement in the transaction All decisions are made in accordance with the Company’s risk appetite and compliance requirements.
Step 6 – Escalation If concerns arise, the transaction is escalated to the MLRO and/or compliance function. The Company may suspend or decline involvement until concerns are resolved.
Step 7 – Documentation and Record Keeping All relevant transaction information, risk assessments, and decisions are documented and retained in accordance with the Company’s record-keeping obligations.
3. Role of the Company
The Company’s role within this process is limited to:
- coordinating transaction parameters
- assessing transaction risk based on available information
- facilitating interaction with regulated counterparties The Company does not execute transactions, does not act as a counterparty, and does not hold or control funds.
4. Limitations
Due to its non-custodial model, the Company does not have full visibility into all transaction flows and relies in part on information provided by clients and counterparties.
Approved by: Grigoriy Rybalchenko Director / MLRO
Date: