AML / KYC Compliance Statement

1. Purpose of ASTERIA KYC

ASTERIA KYC is designed to help Customers perform and manage identity verification and compliance-support workflows, including:

• user identity verification
• document verification
• liveness detection
• biometric comparison where enabled
• fraud signal detection
• customer due diligence support
• risk scoring
• AML screening workflow support
• sanctions and watchlist screening support where configured
• politically exposed person screening support where configured
• adverse media screening support where configured
• case management
• manual review support
• audit trail generation
• compliance reporting support

2. Customer Responsibility

Customers remain responsible for their own compliance obligations, including:

• determining whether KYC, KYB, AML, sanctions, or other checks are required
• designing and approving compliance policies
• setting risk appetite
• selecting verification levels
• configuring workflows
• reviewing results
• making final onboarding and account decisions
• performing enhanced due diligence where required
• filing reports where required by law
• retaining records
• training compliance staff
• responding to regulators and competent authorities

3. Customer Due Diligence Support

ASTERIA KYC may support customer due diligence by collecting and processing information such as:

• identity document data
• facial image or selfie data
• liveness signals
• proof of address information
• customer profile information
• device or session metadata
• risk indicators
• screening results
• review notes and case outcomes

The scope of due diligence depends on Customer configuration, legal requirements, risk level, and service plan.

4. Enhanced Due Diligence Support

For higher-risk users or cases, ASTERIA KYC may support enhanced due diligence workflows by enabling additional review, document collection, risk flagging, case notes, escalation, and audit trail preservation.

High-risk triggers may include possible sanctions exposure, PEP status, adverse media, unusual document signals, biometric mismatch, suspicious behavior, high-risk geography, high-risk industry, inconsistent data, or Customer-defined rules.

ASTERIA KYC does not determine whether enhanced due diligence is legally sufficient for a Customer. Customers must apply their own legal and compliance judgment.

5. AML Screening Support

Where enabled, ASTERIA KYC may support AML-related screening by helping Customers compare user information against selected data sources or screening categories.

Screening may include sanctions, PEP, adverse media, watchlist, or other risk indicators depending on configuration and service availability.

Screening outputs may include possible matches, match strength, data-source references, risk flags, and review statuses.

6. Limitations of Screening

Screening results may be incomplete, delayed, incorrect, outdated, or affected by:

• name variations
• transliteration
• aliases
• missing date of birth
• common names
• regional naming conventions
• data-source limitations
• update frequency
• third-party errors
• false positives
• false negatives

Customers must review potential matches and determine whether escalation, rejection, enhanced due diligence, or reporting is required.

7. Sanctions Compliance

Customers are responsible for complying with sanctions laws applicable to their business, users, transactions, jurisdictions, and counterparties.

ASTERIA KYC may provide sanctions screening support where configured, but it does not guarantee that all sanctioned persons, entities, vessels, addresses, wallets, affiliates, or related parties will be detected.

Customers should maintain sanctions controls appropriate to their risk exposure.

8. Politically Exposed Persons

Where PEP screening is enabled, ASTERIA KYC may help identify possible politically exposed persons or related risk indicators.

A PEP match does not automatically mean that a person is prohibited. It may require Customer review, risk assessment, senior approval, enhanced due diligence, or ongoing monitoring depending on applicable law and Customer policy.

9. Fraud Prevention

ASTERIA KYC may help Customers detect fraud indicators such as document tampering, presentation attacks, identity mismatch, duplicate identity patterns, suspicious device behavior, inconsistent profile data, or repeated failed attempts.

Fraud prevention requires a layered approach. Customers should combine ASTERIA KYC outputs with their own transaction monitoring, behavioral analytics, account controls, support workflows, and investigation procedures.

10. Manual Review and Escalation

ASTERIA KYC supports manual review by allowing Customers to review verification data, results, flags, notes, images, documents, and case statuses.

Customers should define clear escalation procedures for high-risk, ambiguous, failed, or adverse outcomes.

Material adverse decisions should not be made solely on automated outputs where human review is legally required or operationally appropriate.

11. Audit Trails and Recordkeeping

ASTERIA KYC may support audit trails by recording workflow events, timestamps, statuses, review actions, case notes, and result histories.

Customers remain responsible for determining recordkeeping periods, legal retention requirements, regulatory reporting needs, and audit documentation standards applicable to their operations.

12. Ongoing Monitoring

Depending on configuration, ASTERIA KYC may support ongoing monitoring or periodic re-screening workflows.

Customers are responsible for deciding whether ongoing monitoring is required, how frequently screening should occur, and how alerts should be reviewed.

13. Risk-Based Approach

ASTERIA KYC supports a risk-based approach by enabling configurable workflows, risk scoring, escalation rules, and review processes.

Customers should align ASTERIA KYC configuration with their business model, jurisdictional exposure, product risk, customer risk, geographic risk, transaction risk, and regulatory obligations.

14. No Outsourced Compliance Officer Role

ASTERIA KYC does not act as a Customer’s compliance officer, money laundering reporting officer, legal adviser, regulated auditor, outsourced AML department, or final compliance approver unless expressly agreed in a separate written agreement and legally permissible.

15. No Guarantee of Regulatory Acceptance

Use of ASTERIA KYC does not guarantee acceptance by any regulator, bank, payment provider, auditor, partner, investigator, or licensing authority.

Customers are responsible for presenting their own compliance program, policies, controls, evidence, and audit materials to relevant parties.

16. Customer Configuration and Testing

Customers should test workflows before launch, validate integration behavior, confirm data mapping, review user experience, calibrate risk thresholds, and train staff before using ASTERIA KYC in production.

17. Cooperation and Information Requests

ASTERIA KYC may request information from Customers to assess risk, support onboarding, investigate misuse, verify lawful use, respond to incidents, or comply with legal obligations.

Failure to provide requested information may result in service restrictions, suspension, or termination.

18. Updates to This Statement

This AML / KYC Compliance Statement may be updated to reflect changes in technology, regulation, risk environment, or service capabilities.