AML & KYC Policy

1. Scope and legal context

This Policy is informed by the UK Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (as amended), the Proceeds of Crime Act 2002, the Terrorism Act 2000, and applicable sanctions law administered by the Office of Financial Sanctions Implementation (OFSI), the European Union, the United States Office of Foreign Assets Control (OFAC), and the United Nations Security Council. Although Satmart is not currently a regulated cryptoasset business and does not operate exchange services for the public, the size and nature of cryptoasset payments makes a robust AML programme appropriate.

Where this Policy uses the terms "customer", "user" or "you", it refers to any person who has registered an Account or attempted to use the Services. Defined terms not separately defined here have the meaning given in the Terms of Service.

2. Governance

Overall accountability for the AML/KYC programme rests with the Board of Specialist Electronics Ltd. Day-to-day operation is delegated to a designated Money Laundering Reporting Officer ("MLRO") who is responsible for: maintaining this Policy and the supporting procedures; receiving and triaging internal escalations; making decisions on the filing of Suspicious Activity Reports ("SARs"); liaising with regulators and law-enforcement; and reporting periodically to the Board on AML risk and control effectiveness.

The MLRO can be contacted at [email protected]. Where the MLRO is not available, escalations are received by a deputy MLRO appointed by the Board.

3. Risk-based approach

We assess risk before onboarding a customer and throughout the customer relationship. The risk score for an Order or an Account is informed by, among other factors: the order value (with thresholds for low / standard / enhanced review); the type of product (high-value or easily-resold electronics carry higher risk); the customer's geography (jurisdiction of residence, IP geolocation, shipping address); the patterns and timing of payment (for example, repeated payments just below a threshold); the Cryptocurrency and network used, and any indicators returned by blockchain analytics; and any information available from sanctions, politically-exposed-person ("PEP") and adverse-media lists. Higher risk triggers additional controls — typically Enhanced Due Diligence ("EDD") under clause 5 and Transaction Monitoring under clause 7.

4. Customer Due Diligence (CDD / KYC)

5. Enhanced Due Diligence

Enhanced Due Diligence ("EDD") applies where: (a) the customer or a connected party is a PEP, a close associate of a PEP, or appears on an adverse-media or watch-list; (b) the customer is established in or transacting from a jurisdiction identified as high-risk by the Financial Action Task Force ("FATF") or by the UK Government as a high-risk third country; (c) the Order value or pattern is unusual relative to the customer's profile; (d) the source of funds is opaque, including unhosted-wallet payments funded from a mixing service or a high-risk exchange; or (e) the MLRO otherwise determines that the standard CDD is insufficient.

• Independent verification of the customer's name and address against more than one reliable, independent source.
• Source of funds and source of wealth documentation, including supporting bank statements, payslips or contracts.
• Senior management approval (from the MLRO or deputy MLRO) before proceeding with the Order.
• Closer ongoing monitoring of subsequent activity.

6. Sanctions screening

We screen new and existing customers, and counterparties whose details we hold (for example, the named recipient at a shipping address), against the consolidated lists maintained by OFSI, the EU, OFAC and the UN, at the points of: account creation, identity verification, order placement, payout request, and any material change to customer details. We do not transact with persons or entities on those lists, or with users located in jurisdictions subject to comprehensive sanctions; see the Sanctions & Restricted Countries page for the current list of restricted jurisdictions. Hits and partial matches are escalated to the MLRO for human review.

7. Transaction monitoring

We monitor on-chain payments and Account activity for indicators that may suggest money laundering, structuring (also called "smurfing"), layering, sanctions evasion, fraud, or other financial crime. The monitoring set includes — but is not limited to — repeated payments just below review thresholds; payments from wallets associated with darknet markets, mixers, ransomware addresses or sanctioned entities; rapid changes of shipping address; payouts to wallets not previously seen on the Account; mismatches between the geolocation of the customer at sign-in and at order; and bursts of activity from new Accounts.

When monitoring raises a hit, the case is risk-rated and triaged. Outcomes range from "no action" through "request further information from the customer" to "block, escalate to the MLRO and consider SAR filing".

8. Reporting

Where the MLRO has knowledge or reasonable suspicion that property handled through the Services may represent the proceeds of crime, or that an Account or Order is linked to terrorist financing, a Suspicious Activity Report is filed with the UK National Crime Agency in accordance with the Proceeds of Crime Act 2002 and the Terrorism Act 2000. UK law prohibits us from "tipping off" the subject of a report; we may therefore decline to give detailed reasons for delays or refusals beyond a generic statement that further verification is required.

9. Recordkeeping

We retain CDD/EDD records, transaction records, and copies of supporting documents for a minimum of five years from the end of our business relationship with the customer or from the date of the relevant transaction, as required by the Money Laundering Regulations 2017. SARs and the supporting case files are retained for the period required by the National Crime Agency. Identity documents are stored in encrypted object storage with restricted access.

10. Training and culture

All staff who handle customer Accounts, Orders, payouts or support cases receive AML/KYC training on joining and at least annually thereafter. Training covers the typologies of money laundering and terrorist financing seen in cryptoasset and e-commerce settings, how to recognise red flags, how to escalate, the tipping-off prohibition, and our internal procedures. Records of attendance are kept by the MLRO.

11. Independent review

The AML/KYC programme is reviewed at least annually for design and operating effectiveness. The review is documented and any recommendations are tracked to remediation. Where appropriate, an external specialist may be engaged.

12. Customer obligations

You agree to co-operate with reasonable requests for information or documents made for the purpose of meeting our AML/KYC obligations. You will not knowingly submit false, misleading, altered or stolen documents; will not use the Services to pay for goods or services for a third party without our prior agreement; will not attempt to circumvent the controls described in this Policy; and will notify us of any change to the details previously verified.

13. Co-operation with authorities

We co-operate with lawful requests from competent authorities — including production orders, court orders, and information notices — and may freeze, cancel or rescind Orders, suspend Accounts, and disclose data, where we are required to do so or where doing so is necessary to comply with our legal obligations.

14. Changes

This Policy is reviewed at least annually and may be updated at any time to reflect changes in law, regulator guidance, or our risk assessment. The current version is identified by the "Last updated" date below the title.

15. Contact

Questions about this Policy can be sent to [email protected]. Concerns about misconduct (including suspected money laundering by a member of our team) can be raised through our Whistleblower channel.