AML / KYC / SoF POLICY OF CASHALOT.ONE SERVICE

1. General Provisions
1.1. This AML/KYC/SoF Policy (hereinafter referred to as the “Policy”) establishes the principles and procedures for combating money laundering and terrorist financing, as well as the procedure for verifying clients and transactions on the website cashalot.one (hereinafter referred to as the “Service”, “CASHALOT”).
1.2. The Policy is an integral part of the Service’s user documentation. The User expresses active consent to the Policy by means of a mandatory checkbox when creating an Order.
1.3. The Service applies a risk-based approach and has the right to suspend the execution of Orders and request supporting materials for AML/KYC/SoF purposes and transaction security.
1.4. The Service does not perform cryptocurrency mining, does not organize mining pools and is not an operator of mining infrastructure.

2. Terms and Definitions
2.1. AML check – analysis of address/TxID/transaction/transaction chain in order to assess risks.
2.2. AML analyzer – software product/service used for AML checks and formation of a risk score (Risk-Score).
2.3. Risk-Score – risk assessment (in the form of a score/percentage/category), including classification Low / Medium / High (or equivalent scale of the analyzer).
2.4. AML-Hold – temporary suspension of Order execution until completion of verification and/or submission of documents.
2.5. KYC – verification of the User’s identity.
2.6. SoF – confirmation of the source of funds.

3. AML Control Tools
3.1. For AML checks, the Service uses AML analyzers determined by the Service Administrator, including Chainalysis OFAC Sanctions, CoinKYT, GetBlock, Match Systems, Shard, WamlApp, BitOK AML bot (@BitOK_AML_bot), as well as other valid blockchain transaction analysis tools. The current list of valid analyzers is determined by the Service, taking into account the list published on BestChange. In certain cases, external AML reporting services recognized as valid by the Service may be used for the purposes of preliminary user verification.
3.2. The results of AML analyzers are used for:
3.2.1. making a decision to execute/suspend/refuse an Order;
3.2.2. determining the necessity of KYC/SoF procedures;
3.2.3. controlling the quality of assets provided to the User within the framework of Order execution (incoming/outgoing transactions).
3.3. Prior to creating an Order, the User may be given the opportunity to independently undergo a preliminary AML check of a digital currency address using an analyzer recognized as valid by the Service, including Chainalysis OFAC Sanctions. The presence or absence of such a preliminary check is indicated by the User when creating the Order. The result of the preliminary check may be additionally taken into account by the Service but does not replace the internal AML control procedures.

4. Risk-Score Model and Threshold Values
4.1. The Service applies a risk assessment model in which each transaction/address is assigned a risk level Low/Medium/High and/or a numerical score.
4.2. AML-Hold threshold.
AML-Hold is applied if any of the following conditions are met:
a) risk level High; or
b) risk level Medium with critical tags (sanctions/terrorism/ransom/mixer/darknet/scam/stolen etc.); or
c) Risk-Score ≥ 70 (according to the analyzer scale) or another threshold established by the Administrator and published in the current version of the Policy.
4.3. The Service has the right to apply additional AML-Hold triggers when detecting abnormal patterns, inconsistencies in payment details, signs of social engineering/fraud, as well as matches with official lists.
4.4. The circumstances under which an exchange may be suspended include, but are not limited to:
a) detection of a high-risk level or critical AML flags;
b) indications of connections to sanctioned, fraudulent, stolen, mixer, darknet, or other high-risk sources;
c) inconsistencies in the User’s data, payment details, digital currency address, or Order parameters;
d) signs of transaction splitting, abnormal behavior, social engineering, or other suspicious scenarios;
e) refusal by the User to provide the requested materials.

5. KYC/SoF Procedures
5.1. Depending on the risk level, the Service may request one or more of the following materials:
5.1.1. identity document (passport/ID), selfie with the document;
5.1.2. proof of address;
5.1.3. confirmation of the source of funds (SoF): statement/certificate/transaction history/explanation of the origin of funds/other confirmations;
5.1.4. confirmation of ownership of payment details (card/account/instant payment system): photos, screenshots, other confirmations, and in case of significant risks — a photograph of the bank card on the background of the Service page and/or other materials confirming the ownership of payment details by the User;
5.1.5. confirmation of payment/crediting: TxID, PDF receipt, statement, screenshots, video recording of transaction history or current account balance — if necessary (including to eliminate disputes regarding the crediting).

5.2. The Service has the right to refuse service in case of:
5.2.1. refusal to provide requested materials;
5.2.2. provision of knowingly false information;
5.2.3. provision of materials with signs of forgery/editing.

5.3. KYC/SoF verification stages 5.3.1. Identification of grounds for additional verification (AML Hold, high risk, critical flags, mismatched details, abnormal transaction patterns, or other risk factors).
5.3.2. Requesting documents and/or explanations from the User necessary to verify identity, payment details, and source of funds.
5.3.3. Initial verification of completeness and readability of the submitted materials.
5.3.4. Cross-checking the provided data against the Order details, payment information, transaction data, and AML analysis results.
5.3.5. If necessary — requesting additional information or clarification regarding the source of funds (SoF).
5.3.6. Making a decision to proceed with the exchange, change payment details, issue a refund, or refuse service.
5.3.7. Notifying the User of the verification results.
5.4. The User has the right to refuse to undergo KYC/SoF verification. In such a case, the Service has the right to refuse to execute the Order and initiate a refund in accordance with this Policy, provided that a refund is technically possible and the User provides correct refund details/address.

6. Verification Stages and Estimated Timeframes
6.1. A preliminary AML check is carried out before issuing payment details for an Order and/or at other stages of transaction processing, including verification of the User’s cryptocurrency address, TxID and other data relevant for risk assessment.
6.2. In case of AML-Hold, the Service requests KYC/SoF materials and/or confirmation of the transaction.
6.3. Estimated timeframes:
6.3.1. standard verification: up to 24 hours;
6.3.2. extended verification: up to 7 calendar days;
6.3.3. timeframes may be extended in case of delays in providing materials by the User or if additional verification of data is required.
6.4. Until the requested materials are provided, the execution of the Order may be suspended without recognition of violation of processing deadlines.
6.5. The User’s funds are not held indefinitely. If the User refuses to undergo KYC/SoF or fails to provide the requested materials within a reasonable period, the Service makes a decision to refuse service and carries out a refund within the timeframes and under the conditions предусмотренные in Section 8 of this Policy.

7. Decisions Based on Verification Results
7.1. Based on AML/KYC/SoF results, the Service makes one of the following decisions:
a) execute the Order;
b) propose that the User replace the cryptocurrency address and/or other payment details if the risk is related to a specific address, wallet, transaction or payment method used;
c) refuse execution and initiate a refund according to Section 8 (if a refund is applicable within the settlement model and confirmed refund details are available).
d) refuse to provide service and initiate a refund in case the User refuses to undergo KYC/SoF or fails to provide the requested materials within the установленный срок.
7.2. The Service has the right to request additional materials if the initially provided information is insufficient.

8. Refund Conditions in AML Cases. Fees
8.1. Refunds are carried out only to payment details/address whose ownership has been confirmed by the User and which have passed verification by the Service from the perspective of AML/security.
8.2. The refund fee/deduction cannot exceed the actual costs of processing the refund and is additionally limited to: up to 5% of the refund amount, but not more than the equivalent of 100 USD at the time of refund, plus the actual network fee.
8.3. For bona fide Users whose funds have not been linked to illegal sources based on KYC/SoF results, deductions are limited exclusively to the actual network fee (without additional percentages).
8.4. The estimated refund period after the decision is made and correct payment details/address are received: up to 3 business days, unless otherwise determined by the operation of the bank/payment system/blockchain network or the need for additional verification of refund details.

9. “Cleanliness” of Incoming and Outgoing Transactions and Address Policy
9.1. The Service takes reasonable measures to ensure the quality and legitimacy of assets transferred to Users and performs AML checks of incoming and outgoing transactions, as well as applies an internal address policy regarding operational wallets, receiving addresses, consolidation addresses and payout sources.
9.2. The Service does not allow sending assets to the User from high-risk sources and has the right to replace the source/payment route to reduce risks.
9.3. To prevent issuing high-risk assets to Users, the Service uses one or more of the following approaches:
(a) receiving cryptocurrency to operational addresses, including dynamic and/or unique addresses used for specific Orders;
(b) subsequent consolidation of received assets within the Service’s internal infrastructure;
(c) use of exchange infrastructure of trusted platforms as the source of outgoing transactions to Users;
(d) in certain cases — use of transit addresses pre-funded from exchange infrastructure, provided internal control of asset origin and absence of critical AML tags;
(e) maintaining internal records and control of addresses used in operational activities without mandatory public disclosure of the full address infrastructure.

9.4. Upon request of monitoring platforms, partners or within the framework of verification, the Service may provide supporting materials regarding the applied address model and sources of transaction execution, including AML analyzer reports, TxID, description of fund flow architecture and other information that does not disclose personal data of Users or create unjustified security risks.
9.5. The Service reserves the right not to publish or disclose the full structure of its operational addresses publicly if such disclosure may create increased security risks, infrastructure blocking, counterparty restrictions or other significant operational risks, provided compliance with asset quality requirements and readiness to provide necessary confirmation within verification procedures.

10. Preliminary AML check of the User’s address
10.1. Prior to creating an Order, the User may be given the opportunity to independently undergo a preliminary AML check of a digital currency address using an AML analyzer recognized as valid by the Service, including Chainalysis OFAC Sanctions, CoinKYT, GetBlock, Match Systems, Shard, WamlApp, BitOK AML bot (@BitOK_AML_bot), as well as other valid blockchain transaction analysis tools in accordance with Section 3 of this Policy.
10.2. On the Order creation page, the Service provides a link to undergo the check along with brief instructions.
10.3. When creating an Order, the User indicates whether they have completed a preliminary AML check of the address or have not undergone it.
10.4. The User confirms that they are informed about the possibility of undergoing a preliminary AML check of the address and about the risks of creating an Order without such a check, including AML Hold, KYC/SoF requests, and possible refusal of service.
10.5. The absence of a preliminary address check in itself does not automatically result in refusal to create an Order but does not exclude subsequent AML control by the Service.

11. Data Processing and Recording of Consents
11.1. KYC/SoF materials are used solely for AML control, security and execution of the Order, are processed in accordance with the Privacy Policy and stored within the Service’s protected infrastructure with restricted access, action logging and internal information security measures.
11.2. The User’s consent to the Policy is recorded in the Service logs.