Effective as of 1st Day of July, Month, 2025
This AML/CFT Policy outlines the measures adopted by BitZup to prevent its services from being used for money laundering (ML), terrorist financing (TF), and proliferation financing (PF). It applies to all staff, officers, clients, and operations of the company in compliance with the Proceeds of Crime Act, Anti-Terrorism Act, and regulatory directives. By virtue of the Policy, the Company intends to establish a robust and strong KYC/AML/CFT framework that will be adhered to while interacting with the relevant stakeholders.
The objective of this Know Your Customer (KYC) and Anti-Money Laundering/CounterTerrorism Financing (AML/CFT) Policy is to establish a robust and comprehensive framework that effectively prevents the use of the BitZup platform for illicit financial activities, including but not limited to money laundering, terrorism financing, proliferation financing, and any other criminal conduct as defined under the laws of Trinidad and Tobago, such as the Proceeds of Crime Act, Anti-Terrorism Act, and relevant directives from the relevant authorities. This policy is designed to ensure that the company implements rigorous procedures for the identification, verification, monitoring, and reporting of users and transactions. It further aims to raise awareness among all employees, officers, and management of BitZup regarding their individual and collective responsibilities in combating financial crimes. This includes providing clear guidance on recognizing suspicious activities, adhering to customer due diligence (CDD) protocols, maintaining adequate records, and monitoring and submitting suspicious transactions to the authorities in a timely and compliant manner. The policy ensures that the Bitzup platform operates with the highest standards of transparency, integrity, and regulatory compliance, safeguarding the platform from being misused for illegal purposes while fostering trust within the virtual digital asset ecosystem.
“Applicable Law” shall mean any applicable statute, law, regulation, ordinance, rule, judgement, order, decree, by-law, approval from the concerned authority, government resolution, order, directive, guideline, policy, requirement, or other governmental restriction applicable in Trinidad and Tobago.
“Customer“/”User” shall mean any Person using/accessing the Platform or website or interacting with it in any manner for buying, selling, depositing or withdrawing virtual digital assets;
Customer Due Diligence” (CDD) means identifying the Customer and verifying their identity by using a reliable, third party or independent source of documents, data, or information, and checking if there are any sanctions or adverse media matches against them.
Enhanced Due Diligence (EDD) means additional, stricter measures applied to high-risk customers to mitigate the risks of money laundering, terrorism financing, and other financial crimes. It involves verifying the source of funds, source of wealth, obtaining senior management approval, and conducting enhanced ongoing monitoring. EDD is mandatory under the laws of Trinidad and Tobago, including the Proceeds of Crime Act, Anti-Terrorism Act, local regulations, when dealing with customers classified as high-risk.
“Person” means an individual who is above eighteen (18) years of age.
“Politically Exposed Persons” (PEPs) are individuals who are or have been entrusted with prominent public functions, including the Heads of States/Governments, senior politicians, senior government or judicial or military officers, senior executives of state-owned corporations and important political party officials. A User could also qualify as a PEP if the User is a family member or a close relative of such an individual.
"Third party" is an external entity that assists with verifying customer identities and conducting due diligence on behalf of a company as verification service provider, payment processors, or specialised service providers. Although third parties help fulfil these compliance tasks, the company remains ultimately responsible for meeting all regulatory requirements.
BitZup will implement a comprehensive, risk-based approach to Know Your Customer (KYC) and Customer Due Diligence (CDD) procedures, either directly or through qualified third-party service providers. This process is designed to effectively assess and mitigate the risks of money laundering, terrorism financing, and other financial crimes in compliance with the laws of Trinidad and Tobago. As part of the KYC/CDD process, we will conduct thorough identity verification for each customer, which includes collecting and verifying key identification details such as full name, date of birth, residential address, and valid government-issued identification, including a national ID or passport. Additionally, we will assess and verify the source of funds and the intended purpose of the transaction to ensure that the customer’s financial activities are legitimate and consistent with their profile. For customers identified as presenting a higher risk—such as Politically Exposed Persons (PEPs), individuals transacting with offshore wallets, or those involved in large or unusual cryptocurrency transactions—we will apply Enhanced Due Diligence (EDD) measures. This includes deeper scrutiny of their financial background, source of wealth, and transaction behaviour. Furthermore, we will establish systems for the ongoing monitoring of all customer transactions to detect any unusual, inconsistent, or suspicious activities over the course of the customer relationship. This continuous monitoring ensures that the company remains vigilant and proactive in identifying and addressing financial crime risks as they arise.
As part of our ongoing commitment to maintaining strong Anti-Money Laundering (AML) and Counter-Terrorist Financing (CFT) controls, our company implements a structured process for conducting periodic Know Your Customer (KYC) reviews, also referred to as Re-KYC. These reviews are designed to ensure that the customer information we hold remains accurate, complete, and up to date throughout the duration of the business relationship. The frequency and depth of these Re-KYC assessments are directly determined by the customer’s assigned risk category, which is established during the initial onboarding process and continuously evaluated through ongoing monitoring. Customers are classified into risk levels such as low, medium, or high risk based on factors including their geographic location, nature of business, transaction patterns, involvement in high-risk sectors, status as a Politically Exposed Person (PEP), and other risk indicators. For higher-risk customers, Re-KYC is conducted more frequently and involves more detailed scrutiny, while for lower-risk customers, the reviews occur at longer intervals with proportionate due diligence measures. This risk based Re-KYC framework ensures compliance with the laws of Trinidad and Tobago, including the requirements set by the local authorities, and supports our broader objective of proactively detecting and mitigating risks associated with money laundering, terrorism financing, and other financial crimes.
BitZup shall:
In accordance with guidelines, our company shall comply with the "Travel Rule" by ensuring that specific identifying information about the originator and beneficiary is transmitted with every transfer of virtual assets or funds. This includes details such as the name, account number, and address or identification number of the parties involved. This information will accompany the transaction throughout the payment chain to ensure traceability and transparency. All intermediaries involved in the transfer must maintain and share this information as required, facilitating effective oversight and compliance with anti-money laundering and counterterrorist financing regulations.
The company is committed to maintaining comprehensive and accurate records in full compliance with the regulatory requirements of Trinidad and Tobago and international standards, including the Financial Action Task Force (FATF) recommendations. All records pertaining to Customer Due Diligence (CDD) and Know Your Customer (KYC) processes—including identity verification documents, risk assessments, and onboarding records—will be securely stored. Additionally, detailed records of all transactions, including those subject to the FATF Travel Rule, will be maintained. This includes information on the originators and beneficiaries involved in digital asset transfers to ensure traceability and transparency in cross-border and domestic crypto transactions.
Furthermore, complete logs of submitted suspicious transactions, internal investigations, and compliance reviews will be securely retained. Comprehensive user information—including account history, communication records, and compliancerelated documentation—will also be preserved. These records will be stored for a minimum period of six (6) years following the completion of the transaction or the termination of the business relationship, whichever is later, in accordance with the requirements of the Proceeds of Crime Act, the Anti-Terrorism Act, and directives from the authorities of Trinidad and Tobago. This robust record-keeping framework ensures that the company is prepared to respond to regulatory inquiries, audits, and investigations while contributing to the prevention and detection of money laundering, terrorism financing, and other financial crimes.
The company will implement a comprehensive transaction monitoring system that includes both real-time surveillance and post-facto (retrospective) monitoring to effectively identify unusual, suspicious, or potentially high-risk patterns of behaviour or transactions. Real-time monitoring allows the company to flag and review transactions as they occur, providing an immediate response to any activity that deviates from the customer’s expected profile or presents indicators of money laundering, terrorism financing, or other financial crimes. Post-facto monitoring complements this by enabling detailed reviews of historical transactions to detect patterns or anomalies that may not have been immediately apparent.
Upon identifying a suspicious transaction, the company will adhere strictly to its legal obligation to prepare and submit suspicious transactions to the authorities of Trinidad and Tobago, ensuring that this reporting process is conducted confidentially. Under no circumstances will the client be informed, directly or indirectly, that a report has been or will be filed, as doing so would constitute tipping off, which is prohibited under the Proceeds of Crime Act and the Anti-Terrorism Act.
Additionally, the company will maintain a secure and detailed submitting log of all suspicious transactions, internal escalations, investigations, and compliance reviews.
The company will establish and maintain comprehensive internal policies, procedures, and controls designed to ensure continuous compliance with Anti-Money Laundering (AML) and Counter-Terrorist Financing (CFT) obligations, in accordance with the regulatory framework of Trinidad and Tobago. These policies will cover all critical aspects of compliance, including customer due diligence (CDD), ongoing transaction monitoring, sanctions screening, risk assessment, reporting of suspicious activities, and record-keeping requirements. To ensure the integrity and effectiveness of the AML/CFT framework, the company will conduct thorough, independent audits on an annual basis. These audits will assess the adequacy of the compliance program, identify gaps or weaknesses, and recommend corrective measures where needed. Furthermore, the company will implement a robust compliance and audit framework that facilitates continuous review, testing, and enhancement of its systems and controls. This process includes regularly evaluating the performance of AML/CFT procedures, KYC processes, and transaction monitoring tools to ensure they remain effective against evolving financial crime risks. Any updates in regulations, advisories, or changes in international best practices will be promptly incorporated into the company’s compliance framework to maintain alignment with current legal requirements and to strengthen risk mitigation measures. In line with these obligations, the company is committed to fostering a culture of compliance, operational integrity, and proactive risk management.
A dedicated Compliance Officer will be formally appointed to oversee the company's Anti-Money Laundering (AML) and Counter-Terrorist Financing (CFT) framework in accordance with the legal and regulatory requirements of Trinidad and Tobago. The Compliance Officer will be responsible for ensuring that the company’s AML/CFT policies, procedures, and controls are effectively implemented, regularly reviewed, and continuously improved to address evolving risks. Their core duties include providing comprehensive oversight of all AML/CFT programs, ensuring that the company operates in full compliance with the applicable laws, including the Proceeds of Crime Act, Anti-Terrorism Act, and directives issued by the authorities of Trinidad and Tobago. Additionally, the Compliance Officer will be responsible for developing, implementing, and facilitating ongoing AML/CFT training programs for all relevant employees, ensuring staff are fully aware of their responsibilities and the red flags associated with money laundering and terrorism financing. Another critical responsibility involves the timely identification, investigation, and submitting of Suspicious Transaction or suspicious Activity to the relevant authorities. Furthermore, the Compliance Officer will serve as the primary liaison between the company and regulatory bodies, maintaining open and effective communication with the local authorities, law enforcement agencies, and any other competent authorities regarding AML/CFT compliance matters, audits, inquiries, and reporting obligations.
Ongoing training programs are conducted for employees involved in AML/KYC processes, including the onboarding team responsible for collecting and verifying customer information and documents. Additionally, comprehensive training is provided to frontline staff such as those in Sales, Marketing, and Operations to ensure they are equipped to address issues, including those stemming from customers’ lack of understanding regarding compliance requirements. The training for the Sales and Marketing teams specifically focuses on educating them on how to manage customer queries related to onboarding and regulatory expectations. The Audit team oversees and monitors the entire process — from training to onboarding — to ensure that the company remains fully compliant with all applicable regulations. Training sessions are conducted on an annual basis, with additional ad-hoc training provided whenever there are regulatory updates or guidance from the authorities. Furthermore, all new employees associated with relevant functions undergo mandatory training as part of their induction process to ensure alignment with the company's AML/CFT compliance standards. Hence,
We will screen all customers and transactions against:
All customer data and compliance records will be collected, stored, processed, and managed in full compliance with the provisions of the Data Protection Act of Trinidad and Tobago. This ensures that all personal and sensitive information obtained from customers, including identification documents, transactional data, and compliance-related records, are handled with the highest standards of confidentiality, integrity, and security. Appropriate technical, organizational, and administrative safeguards will be implemented to protect against unauthorized access, loss, misuse, alteration, or disclosure of personal data. The company is committed to ensuring that customer information is accessed only by authorized personnel on a strict need-to-know basis, solely for the purpose of fulfilling regulatory obligations, customer service, or operational requirements. Furthermore, data retention practices will adhere to legal and regulatory standards, ensuring that records are maintained securely for the required retention periods and are safely disposed of when no longer necessary. Customers’ rights under the Data Protection Act, including access, correction, and protection of personal information, will be fully respected and upheld.
The company will implement a robust and comprehensive transaction monitoring system designed specifically from a KYC/AML compliance perspective. This system will continuously monitor all customer transactions and trading activities on the platform to detect patterns that may indicate suspicious behaviour, money laundering, terrorism financing, or other illicit activities. The monitoring framework will include automated rules-based alerts, threshold triggers, and behavioural analysis designed to proactively flag unusual or high-risk transactions in real time. These alerts will enable the compliance team to promptly investigate, review, and take appropriate action, including submitting of suspicious transactions to the authorities of Trinidad and Tobago, where necessary. In addition, the transaction monitoring process will be regularly updated to align with evolving regulatory requirements, emerging typologies of financial crime, and the company’s internal risk assessments. This ensures that the company maintains a strong, effective defence against financial crime while safeguarding the integrity of its operations.
This AML/CFT policy will be reviewed annually or upon significant regulatory or operational changes.
Copyright © 2025 BitZup. All rights reserved.