Anti-Money Laundering (AML) and Know Your Customer (KYC) Policy

IRONBIT Spółka z ograniczoną odpowiedzialnością (IRONBIT Sp. z o.o.)
Last updated: 12 November 2025

1. Policy Statement

IRONBIT Spółka z ograniczoną odpowiedzialnością ("IRONBIT", "we", "our", or "us") is committed to preventing the use of its services for money laundering, terrorist financing, or any other illegal financial activity.

This AML/KYC Policy establishes the principles and procedures designed to ensure compliance with applicable Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) regulations in Poland and the European Union.

IRONBIT actively monitors transactions, verifies customer identities, and maintains transparency to protect the integrity of the financial system and our platform.

2. Purpose of the Policy

The purpose of this Policy is to:

Prevent and detect money laundering and terrorism financing activities;
Ensure that IRONBIT's services are not used to conceal or transfer proceeds of crime;
Comply with applicable AML/CTF obligations and industry best practices;
Promote a risk-based approach to customer identification and monitoring.

3. Responsibilities

3.1 Management Responsibilities

The management of IRONBIT bears the ultimate responsibility for the establishment and maintenance of an effective AML/CTF framework.

3.2 Compliance Officer (MLRO)

A designated Money Laundering Reporting Officer (MLRO) is responsible for:

Implementing and updating this Policy;
Ensuring staff training and awareness;
Overseeing customer due diligence (CDD) processes;
Reviewing and reporting suspicious transactions to competent authorities;
Maintaining all AML-related records and communications.

The MLRO reports directly to the company's management board.

4. Risk-Based Approach

IRONBIT applies a risk-based approach (RBA) to prevent money laundering and terrorist financing. This means that the level of KYC and monitoring applied to each customer depends on the level of risk posed by that customer, based on factors such as:

Country of residence or incorporation;
Type of transaction or service used;
Source of funds and wealth;
Customer behavior and transaction patterns.

Customers classified as high-risk are subject to enhanced due diligence procedures (EDD).

5. Customer Identification and Verification (KYC)

5.1 Individual Customers

Each customer must provide:

Full name
Date of birth
Residential address
Valid government-issued ID (passport, national ID card, or equivalent)
PESEL
Proof of address (utility bill or bank statement not older than 3 months)

5.2 Corporate Customers

Corporate clients must provide:

Certificate of incorporation and company details (KRS, NIP, REGON if Polish entity)
Memorandum and Articles of Association
Proof of registered office address
List of directors and shareholders
Identification of Ultimate Beneficial Owners (UBOs) holding 25% or more of the company's shares or voting rights
Identity documents of UBOs and authorized signatories

5.3 Verification Methods

IRONBIT may use third-party verification providers, public registries, and internal verification systems to confirm the authenticity of documents and information submitted.

6. Ongoing Monitoring

IRONBIT continuously monitors all transactions and customer behavior to identify unusual or suspicious activities.

Monitoring includes:

Automated screening against sanction and PEP (Politically Exposed Person) lists;
Transaction pattern analysis;
Regular review of customer data and documentation.

If suspicious activity is detected, the MLRO will evaluate and report it to competent authorities, in accordance with applicable law.

7. Enhanced Due Diligence (EDD)

IRONBIT applies enhanced due diligence to:

High-risk jurisdictions;
Customers involved in complex or large transactions;
Transactions with unclear economic purpose;
Customers or entities listed on sanctions or PEP lists.

EDD measures may include requesting additional documents, proof of source of funds, and managerial approval before proceeding with transactions.

8. Record Keeping

All identification documents, transaction data, and internal reports related to AML/KYC are securely stored for a period of five (5) years after the end of the customer relationship or the completion of the transaction, in accordance with applicable law.

Records are stored in digital form with restricted access and may be shared with competent authorities upon lawful request.

9. Reporting Suspicious Activities

If IRONBIT suspects that a transaction may be linked to criminal activity, terrorism financing, or any other unlawful purpose, the MLRO must immediately prepare and submit a Suspicious Activity Report (SAR) to the relevant authority, as required by Polish law.

All employees are required to promptly report any suspicious behavior or transaction to the MLRO.

10. Employee Training and Awareness

IRONBIT ensures that all relevant employees receive AML/CTF training upon hiring and regularly thereafter.

Training includes:

Recognizing suspicious transactions;
Understanding AML/CTF laws and obligations;
Reporting procedures and confidentiality obligations.

Employees are required to sign a confirmation of training completion.

11. Data Protection and Confidentiality

All personal and transaction data collected under this Policy is processed in accordance with IRONBIT's Privacy Policy and applicable data protection laws (GDPR).

Confidentiality is maintained at all times, except when disclosures are made to competent authorities as required by law.

12. Policy Review and Updates

This Policy is reviewed at least annually or whenever there are significant changes to AML/CTF laws or IRONBIT's business model.

The MLRO ensures that updates are implemented promptly and communicated to all relevant employees.

13. Contact Information

For questions regarding this AML/KYC Policy, please contact:

IRONBIT Sp. z o.o.
ul. Żurawia 6, lok. 12, 00-503 Warszawa, Poland
Email: info@ironbit.net