AML/CFT Policy

ON3X is committed to preventing money laundering, terrorist financing, and other forms of financial crime. This Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT) Policy outlines the measures we take to protect our platform, our users, and the broader financial system from abuse.

This policy applies to all services offered through the ON3X platform, including custodial wallets, cryptocurrency swaps, peer-to-peer transfers, fiat deposits and withdrawals (including PIX), virtual and physical card services, reward vaults, and the referral program. All users are subject to this policy regardless of their jurisdiction of residence.

ON3X adopts a tiered compliance model in which obligations increase proportionally to the level of interaction with regulated financial services. Crypto-only operations are governed by EU regulations for Virtual Asset Service Providers (VASPs), while fiat operations activate additional local compliance requirements. This approach ensures that user privacy is preserved to the maximum extent permitted by law while meeting all applicable regulatory obligations.

ON3X operates under a comprehensive regulatory framework that spans multiple jurisdictions. In the European Union, we comply with the Anti-Money Laundering Directives (AMLD4, AMLD5, and AMLD6), the Markets in Crypto-Assets Regulation (MiCA), and the Transfer of Funds Regulation (the Travel Rule). As a registered entity in Poland, we are also subject to the Polish AML Act and reporting obligations to the Polish Financial Intelligence Unit (GIIF).

For Brazilian operations involving the Brazilian Real (BRL) through PIX, ON3X GLOBAL PAYMENTS LTDA complies with Brazilian AML legislation (Law 9,613/1998), the Legal Framework for Crypto-Assets (Law 14,478/2023), Central Bank of Brazil (BCB) regulations governing PIX operations, and federal reporting requirements for crypto-asset operations.

Our program is also aligned with international standards set by the Financial Action Task Force (FATF), including its recommendations on virtual assets and the Travel Rule.

ON3X uses a progressive verification model. At Tier 0 (Onboarding), you provide an email address and confirm it via a one-time code. This allows you to explore the platform and view market data, but no transactions are permitted. At Tier 1 (Crypto Basic), you add your phone number and full name, enabling access to custodial wallets, cryptocurrency swaps, P2P transfers, cards, and the reward vault, subject to daily transaction limits.

At Tier 2 (Crypto Enhanced), you submit a government-issued ID and complete biometric verification through our identity verification partner. This unlocks higher transaction limits and larger cryptocurrency withdrawals. At Tier 3 (Fiat Access), additional local documentation is required, for Brazil, this includes your CPF or CNPJ and may include proof of address and a background check. Tier 3 enables PIX deposits and withdrawals and other local fiat services.

You may advance to a higher tier at any time by completing the required verification. ON3X may also require you to upgrade your verification tier if your transaction volume or risk profile warrants it. Failure to complete requested verification within a reasonable period may result in temporary restriction of certain services.

Standard due diligence is performed for all users at onboarding and on an ongoing basis. This includes verifying your identity, assessing the purpose and nature of your relationship with the platform based on the services you use, and continuously monitoring your transactions for unusual patterns.

Enhanced Due Diligence (EDD) is applied in higher-risk situations, such as when a user is identified as a Politically Exposed Person (PEP), resides in a high-risk jurisdiction, or when transaction patterns deviate significantly from the user's established profile. EDD may require you to provide additional documentation about the source of your funds or wealth.

Due diligence is not a one-time event. Your profile is reviewed periodically based on your risk classification, and any material changes in your transaction behavior or new information may trigger an updated review. You may be asked to update your information to keep your records current.

ON3X operates automated transaction monitoring systems that analyze all transactions to detect patterns and behaviors that may indicate money laundering, terrorist financing, fraud, or sanctions evasion. Our monitoring covers both real-time and periodic batch analysis across all transaction types.

Examples of activity that may trigger a review include: multiple transactions structured to stay below reporting thresholds; transaction volumes inconsistent with your declared profile or historical behavior; sudden activation of a dormant account followed by significant transactions; immediate withdrawal of recently deposited funds; and transactions with no apparent economic purpose.

When our monitoring systems identify potentially suspicious activity, the matter is investigated by our compliance team. Depending on the outcome, your account or specific transactions may be temporarily restricted while the review is completed. We are committed to resolving reviews as promptly as possible.

ON3X uses industry-leading blockchain analytics to screen all cryptocurrency deposits and withdrawals. Every incoming crypto deposit is analyzed to determine whether the originating address has exposure to illicit activity, including darknet markets, ransomware, stolen funds, sanctioned entities, mixing services, scam operations, or terrorism financing.

All incoming crypto deposits are placed in a compliance hold pending review before funds are released to your available balance. A compliance review considers the risk assessment of the originating address and any additional context. Once reviewed, deposits are either released to your balance or, in rare cases involving confirmed illicit activity, permanently held with appropriate notification to you.

For outbound cryptocurrency withdrawals, the destination address is screened before the transaction is processed. Withdrawals to addresses associated with severe illicit activity are automatically blocked. In accordance with the EU Travel Rule, ON3X collects and transmits originator and beneficiary information for crypto-asset transfers exceeding applicable thresholds.

ON3X classifies PIX operations into three categories with distinct compliance controls. PIX Deposits may be received from the account holder (same CPF/CNPJ) under standard limits, or from third parties under reduced limits with enhanced monitoring. Third-party deposits are permitted because they serve legitimate purposes, such as receiving funds from your own business entity or a family member. Prohibiting them entirely would force unnecessary multi-institution transfer chains that are harder to trace. The platform monitors the number of distinct third-party payers per period, and deposits above review thresholds require compliance approval.

PIX Withdrawals (the transfer of funds from ON3X to your own bank account) are permitted exclusively to PIX keys registered under the same CPF/CNPJ as your account. Third-party withdrawals are not permitted, ensuring that fiat off-ramp operations remain within your own accounts. PIX Payments, by contrast, are a separate category that allows you to pay for goods and services directly from your ON3X balance. Supported payment methods include QR Code (physical point of sale), Copy and Paste (online orders and bills), and PIX Key payments to merchants or service providers. Payments to third parties are subject to daily and monthly limits that are lower than withdrawal limits, with dedicated transaction monitoring.

In the event of a fraud notification through the Special Return Mechanism (MED), ON3X blocks not only the available fiat balance but also any crypto-assets acquired with the disputed funds, traceable through the platform's fund source tracking system. Since ON3X maintains custody of private keys, any asset held on the platform can be frozen regardless of type. If the user has already withdrawn crypto-assets to an external wallet, ON3X uses blockchain analytics to trace on-chain movements, reporting transaction hashes, destination addresses, and subsequent transfers to the competent authorities, while maintaining continuous monitoring of the involved addresses to assist in value recovery.

ON3X complies with all applicable Central Bank of Brazil regulations for PIX, including transaction limits for non-registered devices, mandatory device registration and authentication, anti-fraud monitoring, periodic consultation of the PIX key directory (DICT) for fraud markings, and Brazilian reporting requirements for crypto-asset operations exceeding applicable monthly thresholds.

ON3X screens all users against major international sanctions lists, including the EU Consolidated Sanctions List, the OFAC Specially Designated Nationals (SDN) List, the UN Consolidated Sanctions List, and the Brazilian COAF list. Screening is performed at onboarding, periodically across the entire user base, and whenever trigger events occur such as name changes or new adverse information.

If a confirmed sanctions match is identified, the account is immediately frozen and a report is filed with the appropriate authorities. Politically Exposed Persons (PEPs), their family members, and known close associates are subject to enhanced scrutiny, including mandatory Enhanced Due Diligence, senior management approval to maintain the relationship, and ongoing enhanced monitoring.

For users accessing fiat services in Brazil, ON3X also performs judicial background screening to identify relevant legal proceedings, criminal records, and other risk indicators. Findings from this screening may result in additional compliance measures or, in severe cases, account restrictions.

ON3X is legally obligated to report suspicious transactions to the relevant Financial Intelligence Units (FIUs). In the EU, reports are filed with the Polish General Inspector of Financial Information (GIIF). In Brazil, reports are filed with the Council for Financial Activities Control (COAF). These reports are filed when there are reasonable grounds to suspect that a transaction or activity is related to money laundering, terrorist financing, or other financial crime.

By law, ON3X is prohibited from disclosing to you or any third party that a suspicious activity report has been filed or is being considered (the "tipping-off prohibition"). This means we may not be able to provide specific reasons if your account or transactions are restricted as a result of a compliance investigation.

If you notice any suspicious activity on your account or on the platform, we encourage you to report it to us at support@on3x.com. Your cooperation helps us maintain the integrity and security of the platform for all users.

ON3X maintains a comprehensive fund tracking system that records the origin of every unit of value entering the platform. This includes blockchain deposits (recording the transaction hash, originating address, amount, and risk assessment), PIX deposits (recording the payment identifier, payer details, amount, and exchange rate), and internal transfers (recording the sender and original fund source chain).

When you withdraw, swap, or transfer funds, the system traces which deposited funds are being consumed, enabling complete traceability from deposit to withdrawal. Individual fund sources may be frozen by the compliance team if required by a fraud investigation, judicial order, or compliance alert. Frozen funds remain visible in your balance but cannot be used until the matter is resolved.

ON3X retains all compliance-relevant records for the periods required by applicable law, a minimum of five years for customer identification data, transaction records, and screening results, and up to ten years for compliance hold records and fund source tracking data. Records are stored securely with appropriate access controls and encryption.

As a user of ON3X, you agree to provide accurate and up-to-date personal information for identity verification purposes and to promptly update your information if it changes. You agree to cooperate fully with any requests for additional documentation or information related to compliance reviews, including providing evidence of the legitimate source of your funds when requested.

You shall not use the platform for any activity that violates applicable anti-money laundering laws, sanctions regulations, or any other applicable law. This includes, but is not limited to, structuring transactions to avoid reporting thresholds, using the platform to transfer value related to illegal activities, or attempting to disguise the origin or destination of funds.

Failure to cooperate with compliance requests or to provide requested documentation within a reasonable timeframe may result in restriction or suspension of your account and, where required by law, reporting to the appropriate authorities.

This AML/CFT Policy is reviewed at least annually and updated as necessary to reflect changes in applicable regulations, the introduction of new products or services, audit findings, or emerging financial crime typologies. Material changes will be communicated to users through the platform, email, or push notification.

As ON3X expands into new jurisdictions with fiat services, jurisdiction-specific compliance modules will be added to this policy. Our core compliance infrastructure, including blockchain analytics, fund source tracking, sanctions screening, and risk classification, is designed to scale across jurisdictions while local compliance requirements are addressed through dedicated modules.

If you have questions about this AML/CFT Policy or our compliance practices, please contact us at support@on3x.com.