AML POLICY

OasisOrbit s.r.o. (referred to as "Tunnelpayment and Tunnelcheckout Webpages” or "the Company") has zero tolerance for money laundering, the financing of terrorism, or any other form of illicit activity. The Company is committed to implementing policies, procedures, and controls that are shaped by the best industry practices and the most effective anti-money laundering standards applied in the Czech Republic, also known as Czechia, and worldwide. These rules apply without exception to all employees of the Company, including its Board members, officers, contractors, and consultants.

This document provides a high-level overview of the Company’s AML/CTF compliance regime elements and procedures for its partners, clients, vendors, contractors, employees, regulators, law enforcement, and other concerned stakeholders. It should not be read as an entire set of all policies, procedures, and controls implemented by the Company to prevent money laundering, financing of terrorism, and other forms of illicit activity.

This document and all underlying policies, processes, and procedures are prepared in line with provisions, requirements, and recommendations of:

• Money Laundering and Terrorist Financing Prevention Act of the Czech Republic, also known as Czechia, as amended from time to time (the “Act “).
• International Sanctions Act of Czech Republic, also known as Czechia, as amended from time to time; and
• FATF Guidance for a Risk-Based Approach to Virtual Assets and Virtual Assets Service Providers.

The Company operates from and under the laws of the Czech Republic, also known as Czechia. In 2017, the Czech Republic was among the first countries in the world to introduce Anti-money laundering (“AML”) and countering the financing of terrorism (“CTF”) requirements for businesses engaged in exchanging virtual currency for fiat currency and virtual currency custody. As a result, each entity rendering named services from or within the territory of the Czech Republic, also known as Czechia, must apply for authorization to the country's Financial Intelligence Unit.

OasisOrbit s.r.o.,(Tunnelpayment.com/Tunnelcheckout.com) is a limited liability company registered under File number C 406982/MSPH, headquartered at Děčínská 552/1, 180 00 Prague – Střížkov, Czech Republic, with Company ID 21825882 Tunnelpayment, Tunnelcheckout, is authorized to provide services of exchanging virtual currency against fiat currency and virtual currency wallet service.

As a regulated business, Tunnelpayment and Tunnelcheckout Webpages is required to comply with the Money Laundering and Terrorist Financing Prevention Act and International Sanctions Act, which require Tunnelpayment and Tunnelcheckout Webpages to identify and verify its clients’ identities, conduct ongoing monitoring of their activity, including transaction monitoring, maintain records of clients’ activity and related documents for at least five years and report certain transactions to authorities.

DEFINITION OF MONEY LAUNDERING

• The conversion or transfer of property, knowing that such property is derived from criminal activity or an act of participation in such activity, to conceal or disguise the illicit origin of the property or of assisting any person who is involved in the commission of such an activity to evade the legal consequences of that person’s action.
• The concealment or disguise of the true nature, source, location, disposition, movement, rights concerning, or ownership of, property, knowing that such property is derived from criminal activity or an act of participation in such an activity.
• The acquisition, possession, or use of property, knowing, at the time of receipt, that such property was derived from criminal activity or an act of participation in such an activity.
• Participation in, association to commit, attempts to execute and to aid, to abet, to facilitate, and to counsel the commission of any of the actions referred to in points (a), (b), and (c).

TERRORIST FINANCING

Terrorist financing provides funds for terrorist activity. From a legal standpoint, it means the provision or collection of funds by any means, directly or indirectly, with the intention that they are used or in the knowledge that they are to be used, in whole or in part, to carry out any of the offenses within the meaning of Articles no 253/2008 Sb, on the selected measures against legitimization of proceeds of crime and financing terrorism (AML/CFT Act) and act number 300/2016 Sb, on the central register of bank accounts, as well as other acts in Czech law. Terrorist activity has as its primary objective to intimidate a population or compel a government to do something. This is done by intentionally killing, seriously harming, or endangering a person, causing substantial property damage that is likely to harm people seriously, or by seriously interfering with or disrupting essential services, facilities, or systems.

RISK-BASED APPROACH AND RISK ASSESSMENT

Tunnelpayment and Tunnelcheckout Webpages will perform risk-based due diligence and collect information and documentation on each prospective client to assess the risk profile associated with them. The Company’s employees will exercise care, due diligence, and sound judgment in determining all clients' overall character and nature. Tunnelpayment and Tunnelcheckout Webpages conduct their business in accordance with the highest ethical standards and will not enter business relationships with individuals or entities that may adversely affect the Company’s reputation and compromise the virtual currency industry.

To identify, assess, and analyze the risks of money laundering and terrorist financing related to its activities, the Company prepares a risk assessment, taking into account the following categories:

• Customer risk.
• Geographical risk.
• Product risk; and
• Delivery channel risk.

After the risk is assessed and attributed to a particular customer, depending on the degree of risk, it should be periodically revised based on knowledge of the customer and its activity.

COMPLIANCE OFFICER

The company's management board shall appoint a Compliance Officer, who acts as the FAU's contact person and performs the company's AML/CTF duties and obligations. The compliance Officer reports directly to the management board and has the competence, means, and access to relevant information across all the company's structural units.

Only a person with the education, professional suitability, abilities, personal qualities, experience, and impeccable reputation required to perform the duties listed below may be appointed as a Compliance Officer. The appointment of a Compliance Officer is coordinated with the FAU.

The duties of a Compliance Officer include, inter alia:

• The organization of the collection and analysis of information referring to unusual transactions or circumstances suspected of money laundering or terrorist financing, which have become evident in the activities of the Company.
• Report to the FAU if there is suspicion of money laundering or terrorist financing.
• Periodic submission of written statements on compliance with the requirements arising from the Act to the management board of the Company.
• Performance of other duties and obligations related to compliance with the requirements of the Act.

RULES OF PROCEDURE AND INTERNAL CONTROL RULES

The Company has developed and implemented rules of procedure that allow for effective mitigation and management of risks related to money laundering and terrorist financing. These risks are identified in the risk assessment performed in accordance with the Company’s risk-based approach described above.

Each employee of the Company should strictly adhere to the rules of procedure set forth herein. The rules of procedure consist of the following:

• A procedure for applying due diligence measures regarding a customer, including a method for applying simplified and enhanced due diligence measures.
• A model for identifying and managing risks relating to a customer and its activities and determining the customer’s risk profile.
• the methodology and instructions where the Company has a suspicion of money laundering and terrorist financing or an unusual transaction or circumstance is involved, as well as instructions for performing the reporting obligation;
• the procedure for data retention and making data available.
• Instructions for effectively identifying whether a person is a politically exposed person or a local politically exposed person subject to international sanctions.

DUE DILIGENCE MEASURES

• Identification of a customer and verification of the submitted information based on information obtained from a reliable and independent source, including electronic identification and trust services for electronic transactions.
• Identification of the beneficial owner and verification of their identity, taking measures to ensure that the Company knows who the beneficial owner is and understands the customer's ownership and control structure.
• Understanding of business relationships and, where relevant, gathering information thereon.
• Gathering information on whether a person is a politically exposed person, their family member, or a person known to be a close associate.
• Monitoring of a business relationship.

SIMPLIFIED DUE DILIGENCE

The Company may apply simplified due diligence (“SDD”) measures where a risk assessment prepared based on these rules of procedure identifies that the risk of money laundering or terrorist financing is lower than usual in an economic or professional activity, field, or circumstance. Before applying SDD measures to a customer, an employee of the Company establishes that the business relationship, transaction, or act is of lower risk, and the Company attributes a lower degree of risk to the transaction, act, or customer. The application of SDD measures is permitted to the extent that the Company ensures sufficient monitoring of transactions, acts, and business relationships so that it would be possible to identify unusual transactions and allow for notification of suspicious transactions following these rules of procedure.

ENHANCED DUE DILIGENCE

The Company applies enhanced due diligence (“EDD “) measures to adequately manage and mitigate a higher-than-usual risk of money laundering and terrorist financing.

• Upon identification of a person or verification of submitted information, there are doubts about the truthfulness of the submitted data, authenticity of the documents, or identification of the beneficial owner.
• The customer is a politically exposed person, except for a local politically exposed person, their family member, or a close associate.
• The customer is from a high-risk third country, residence, or seat in a high-risk third country.
• The customer is from a country or territory that, according to credible sources such as mutual evaluations, reports, or published follow-up reports, has not established effective AML/CTF systems under the Financial Action Task Force's recommendations or is considered a low-tax-rate territory.

The Company also applies EDD measures where a risk assessment prepared based on these rules identifies that the risk of money laundering or terrorist financing is higher than usual in the case of an economic or professional activity, field, or factor.

PEP DEFINITION AND SCREENING

Politically Exposed Persons (“PEP “) (as well as their families and persons known to be close associates, as described below) are required to be subject to enhanced scrutiny by reporting entities. This is because international standards issued by the Financial Action Task Force recognize that a PEP may be able to abuse its public office for private gain, and a PEP may use the financial system to launder the proceeds of this abuse of office.

PEP means a natural person who is or who has been entrusted with prominent public functions, including:

• Head of State.
• Head of government.
• Minister and deputy or assistant minister.
• A member of parliament or a similar legislative body.
• A member of a governing body of a political party.
• A member of a supreme court.
• A member of a court of auditors or the board of a central bank.
• An ambassador, a chargé d’affaires, and a high-ranking officer in the armed forces.
• A member of a State-owned enterprise's administrative, management, or supervisory body.
• a director, deputy director, and member of the board or equivalent function of an international organization,

PEPs do not include middle-ranking or more junior officials. A family member of a PEP means the spouse, or a person considered to be equivalent to a spouse, of a PEP or local PEP; a child and their spouse, or a person deemed to be equivalent to a spouse of a PEP or local PEP; or a parent of a PEP or local PEP. A person known to be a close associate of a PEP means a natural person who is known to be the beneficial owner or to have joint beneficial ownership of a legal person or legal arrangement, or any other close business relations, with a PEP or a local PEP; and a natural person who has sole beneficial ownership of a legal entity or legal arrangement that is known to have been set up for the de facto benefit of a PEP or local PEP.

SANCTIONS SCREENING

Dealing with persons against whom international sanctions have been imposed poses a great risk to the Company, its directors, officers, and owners. Therefore, the company will screen its customers for sanctions using the same matching rules as PEP screening.

The Company will perform screening, at minimum, against the following sanctions lists:

• UN Sanctions.
• EU Sanctions.
• Sanctions administered by the Office of Financial Sanctions Implementation (“OFSI-UK”)
• Sanctions administered by the Office of Foreign Assets Control (“OFAC-US “);
• Sanctions imposed under the International Sanction Act.

All matches (accurate hits) will be escalated to a Compliance Officer for further action and processing.

SUSPICIOUS ACTIVITY MONITORING AND REPORTING

Where the Company identifies an activity or facts whose characteristics refer to the use of criminal proceeds, terrorist financing, or other criminal offenses or an attempt thereof or concerning which the Company suspects or knows that it constitutes money laundering, terrorist financing, or the commission of another criminal offense, a Compliance Officer of the Company must report it to the FIUE immediately, but not later than within two working days after identifying the activity or facts or after gaining suspicion.

The Company and all its employees, officers, and directors are prohibited from informing a person, its beneficial owner, representative, or third party about a report submitted on them to the FIUE, an intention to submit such a report, or the commencement of criminal proceedings.

DATA RETENTION

The Company must retain the documents and information used to identify and verify clients for at least five years after the termination of the business relationship. The Company implements the necessary rules for protecting personal data when the requirements arising from its obligations hereunder are applied. The Company is allowed to process personal data gathered upon implementing these rules only to prevent money laundering and terrorist financing. The data must not be processed in a manner that does not meet this purpose, such as for marketing purposes.

TRAINING

The Compliance Officer shall ensure that the Company’s employees are fully aware of their legal obligations under the AML/CTF regime. The timing and content of the training provided are determined according to the company's needs. The frequency of the training can vary depending on changes in legal and/or regulatory requirements, employees’ duties, and any other changes in the business model. The training program aims to educate the Company’s employees on the latest developments in the prevention of money laundering and terrorist financing, including the practical methods and trends used for this purpose.

COOPERATION AND EXCHANGE OF INFORMATION

The Company cooperates with supervisory and law enforcement authorities to prevent money laundering and terrorist financing. It communicates information available to the Company and replies to queries within a reasonable time, following the duties, obligations, and restrictions arising from legislation. For any relevant requests, please contact us at [email protected]. Please note that if you represent a law enforcement agency outside the European Union, procedures under the Mutual Legal Assistance Treaty (MLAT) may apply.