AML, CTF & KYC Policy

MBI.COM Sp. z o.o.

Effective Date: February 2026

1. Introduction and Regulatory Framework

This Anti-Money Laundering (AML), Counter-Terrorist Financing (CTF), and Know Your Customer (KYC) Policy (the "Policy") outlines the compliance framework implemented by the Bitprime platform (bitprime.io) to prevent the misuse of its services for financial crime.

The platform is operated by MBI.COM Spółka z ograniczoną odpowiedzialnością, a company incorporated under the laws of the Republic of Poland and registered in the National Court Register (KRS) under number 0001117984 (NIP: 6783218579, REGON: 529217342).

Bitprime operates as a Virtual Asset Service Provider (VASP) and applies risk-based controls in accordance with applicable regulatory frameworks, including but not limited to:

  • The Polish Act of 1 March 2018 on Counteracting Money Laundering and Terrorist Financing
  • The European Union Fifth and Sixth Anti-Money Laundering Directives (AMLD5 and AMLD6)
  • The EU Transfer of Funds Regulation (TFR)
  • The Markets in Crypto-Assets Regulation (MiCA), where applicable
  • Guidance issued by the Polish Financial Supervision Authority (KNF) and the General Inspector of Financial Information (GIIF)

Bitprime applies a risk-based AML/CFT program designed to detect, prevent, and report suspicious activities.

2. Business Model & Operational Framework

To properly contextualize our AML/CTF controls, it is important to describe our operational structure. Bitprime operates under a transaction execution (transit) model providing services strictly limited to fiat-to-crypto transactions.

The Company does not support:

  • crypto-to-crypto transactions
  • crypto-to-fiat transactions

Account & Balance Policy The Company does not maintain user accounts with stored balances and does not provide wallet infrastructure for asset storage. Because the Company does not maintain client balances, traditional safeguarding and segregation mechanisms are not applicable.

Custody & Asset Handling The Company does not provide custodial services and does not maintain ongoing control or storage of client assets. Handling of digital assets is:

  • temporary
  • limited solely to transaction execution
  • terminated immediately upon completion of the transaction

Digital assets are transferred directly to the user's designated external wallet. The Company does not retain funds beyond execution.

Liquidity and Counterparties

Bitprime relies on third-party liquidity providers for order execution and does not act as a principal trading counterparty.

Flow of Funds

Transactions follow a strictly linear structure:

  1. The user initiates a fiat payment
  2. A fiat-to-crypto order is created
  3. A third-party liquidity provider executes the order
  4. Digital assets pass temporarily through execution infrastructure
  5. Digital assets are transferred directly to the user's external wallet

3. Prohibition of Anonymous Transactions

Bitprime strictly prohibits anonymous transactions.

All users must undergo Customer Due Diligence (CDD) before initiating transactions on the platform.

Identity verification is required regardless of transaction size or frequency. Transactions that fail verification requirements will not be executed.

4. AML Program and Customer Due Diligence (CDD)

Bitprime operates a hybrid AML compliance framework combining automated systems and internal compliance oversight.

Customer onboarding is conducted through a remote verification process.

Verification Workflow

Automated Screening

Initial KYC/KYB verification, document validation, liveness checks, and risk scoring are conducted through third-party compliance providers (e.g., Sumsub).

Manual Compliance Review

Cases flagged during automated screening are escalated to the internal compliance team.

Transaction Monitoring

Transactions are continuously assessed by a designated Transaction Monitoring (TM) specialist.

Compliance Escalation

Final compliance decisions are made by the Money Laundering Reporting Officer (MLRO).

Bitprime may request additional information or documentation where required by risk-based procedures.

5. Closed-Loop Payment Verification

Bitprime applies a strict closed-loop payment policy.

All fiat payments must originate from payment instruments belonging to the verified user.

The name associated with the payment instrument must match the verified identity of the user.

Third-party payments are not accepted and may be rejected or refunded.

Bitprime facilitates fiat-to-crypto transactions exclusively in EUR.

Accepted payment rails may include:

  • SEPA bank transfers
  • approved electronic payment methods

The platform does not accept:

  • cash payments
  • checks
  • unsupported currencies

6. Prohibited Assets and Anonymity-Enhancing Technologies

Bitprime does not support assets or services designed to conceal transaction transparency.

Examples include:

  • privacy-focused cryptocurrencies designed to obscure transaction tracing
  • cryptocurrency mixers or tumbling services
  • anonymity-enhancing transaction tools
  • services intended to conceal the origin of funds

Transactions involving such services may be restricted, rejected, or reported where appropriate.

7. Risk-Based Monitoring and Enhanced Due Diligence (EDD)

Bitprime applies a risk-based monitoring framework.

Enhanced Due Diligence may be required where elevated risk is identified, including:

  • unusually large transactions
  • abnormal transaction behaviour
  • politically exposed persons (PEPs)
  • high-risk jurisdictions
  • adverse media or sanctions exposure

Additional information may include:

  • Source of Funds (SOF)
  • Source of Wealth (SOW)

8. Politically Exposed Persons (PEPs)

Transactions involving politically exposed persons, their family members, or close associates are subject to Enhanced Due Diligence.

Execution of transactions involving such users may require approval from senior compliance personnel or the MLRO.

9. Sanctions Screening and Geographic Restrictions

Bitprime performs sanctions screening of users and blockchain addresses against international sanctions databases, including:

  • European Union sanctions lists
  • United Nations sanctions lists
  • U.S. OFAC sanctions lists
  • Polish national sanctions lists

The Company may restrict or deny services in jurisdictions considered high risk or subject to international sanctions.

10. Blockchain Analytics and Transaction Monitoring

Bitprime utilizes blockchain analytics tools to identify suspicious or high-risk activity.

Monitoring systems may detect:

  • sanctioned blockchain addresses
  • illicit activity indicators
  • high-risk counterparties
  • links to financial crime

Transactions identified as high risk may be delayed, rejected, or escalated for further review.

11. Suspicious Transaction Reporting (STR)

Where suspicious activity is identified, the MLRO may submit a Suspicious Transaction Report (STR) to the General Inspector of Financial Information (GIIF).

Bitprime may temporarily restrict or suspend transactions while investigations are conducted.

In accordance with anti-tipping-off obligations, users will not be notified of the submission of such reports.

12. Internal Governance and Compliance Controls

Bitprime maintains internal AML governance procedures designed to ensure compliance with regulatory obligations.

These include:

  • internal compliance policies
  • designated MLRO oversight
  • risk assessment procedures
  • internal reporting mechanisms

Employees involved in compliance functions receive periodic AML/CFT training appropriate to their responsibilities.

13. Record Keeping and Data Retention

Customer due diligence documentation and transaction records are retained in accordance with applicable AML legislation.

Such records are generally retained for at least five (5) years following the completion of a transaction or termination of the business relationship, unless longer retention is required by law.

14. Policy Updates

Bitprime reserves the right to update or modify this Policy to reflect regulatory developments, operational requirements, or evolving risk management practices.

Updated versions become effective upon publication on the Bitprime website.

AML, CTF & KYC Policy - BitPrime