AML and KYC Policy

Last revised on 19 February 2025

KRATOS STUDIOS LIMITED

FINANCING OF TERRORISM, ANTI MONEY LAUNDERING, KNOW YOUR CUSTOMER POLICIES AND PROCEDURES

Introduction

Kratos Studios Limited (the “Company”) is a BVI Business Company incorporated in the British Virgin Islands (the “Company”) (references to “we” and “our” in these Policies and Procedures refers to the Company). We are committed to the prevention of the use of our business for illegal activities and the promotion of a safe and secure environment for our users in compliance with the British Virgin Islands regulatory framework.

These policies and procedures in relation to the combatting of money laundering and terrorist financing (the “Policies and Procedures”) are adopted and applied to our business. In these Policies and Procedures, “AML/CFT” or “ML/TF” is a reference to anti-money laundering, countering terrorist financing and proliferation financing systems and programmes.

The objective of these Policies and Procedures is to establish and maintain a written and effective system of internal controls that provides appropriate policies, processes and procedures for forestalling and preventing money laundering and terrorist financing and for reporting suspicious transactions.

Regulatory Framework

We must conduct our business in accordance with the laws, regulations, and guidance in the British Virgin Islands as they may apply to the operations of our business in the British Virgin Islands. Such AML/CTF Rules that may from time to time apply to us in connection with AML/CFT consists of the following British Virgin Islands legislation and guidance (the “AML/CTF Rules”):

1. The Proceeds of Criminal Conduct Act, 1997, as amended (“PoCCA”);

2. The Anti-Money Laundering Regulations, 2008, as amended (“AMLR”), issued by the Financial Services Commission pursuant to section 41 of the Financial Services Commission Act, 2001, as amended (the “FSCA”); and

3. The Anti-Money Laundering and Terrorist Financing Code of Practice, 2022, as amended (“AML/CFT Code”), issued by the Financial Services Commission pursuant to section 27(1) PoCCA.

The British Virgin Islands AML/CFTs legislative framework also includes the following:

1. Financial Investigation Agency Act, as amended;

2. Non-Profit Organization Act, 2012, as amended;

3. Proliferation Financing (Prohibition) Act, as amended;

4. Anti-Terrorism (Financial and Other Measures) (Overseas Territories) Order, 2002;

5. The Terrorism (United Nations Measures) (Overseas Territories) Order, 2001;

6. Drug Trafficking Offences Act (2020 Revision), as amended; and

7. Counter-Terrorism Act, 2021, as amended.

The competent British Virgin Islands regulators are:

1. The Financial Services Commission (“FSC”), which is empowered to monitor compliance with the AML/CFT Rules; and

2. The Financial Investigation Agency (“FIA”), to which suspicious activity reports concerning money laundering and terrorist financing should be made.

The important contact details of the FSC and FIA are as follows:

FSC	FIA
2nd Floor, Ritter House Building, PO Box 4090 Road Town, Tortola VG1110 British Virgin Islands	Pasea Estate, PO Box 418 Road Town, Tortola VG1110 British Virgin Islands
T: +1 (284) 494-1335	T: +1 (284) 494-1324 or +1 (284) 494 4190
F: +1 (284) 494-1435	F: +1 (284) 494-5016
E: info@fiabvi.vg	E: commissioner@bvifsc.vg

Having considered the obligations under this framework in respect our business, the following Policies and Procedures taken by us in respect of this framework are set out below.

Risk Assessment

The following risk assessment Polices and Procedures will be reviewed and revised annually or more frequently as needed, for example, in response to a change in applicable law and/or the material nature of our business.

We conduct a comprehensive risk assessment to identify potential risks and vulnerabilities of our business to money laundering, terrorism financing, and sanctions evasion activities in accordance with applicable guidance of the British Virgin Islands as they may apply to our business. This risk assessment includes the following factors:

Nature, size, and complexity of our business:

We consider the scope of our operations, the types of virtual assets we support, and the complexity of our user base when assessing our AML/CFT compliance obligations and sanctions risk.

The type of cryptocurrencies supported:

We evaluate the potential risks associated with each protocol we support, including the degree of anonymity, the potential for rapid transfers of funds, and the difficulty in tracing and monitoring transactions.

Geographical location of our users:

We take into account the geographical location of our users to assess the level of risk associated with doing business with such user. Users from high-risk jurisdictions, for example, will be automatically blocked from using our products, while suspicious users from other jurisdictions will be subject to enhanced due diligence. In addition, we understand that the British Virgin Islands implement the international sanctions obligations of the United Kingdom, which are extended to the British Virgin Islands by Overseas Territories Orders. The majority of the sanctions in effect in the United Kingdom stem from the United Nations Security Council Resolutions. Sanctions programmes administered by the United States Department of Treasury’s Office of Foreign Assets Control (“OFAC”) do not apply directly to us but may have extra-territorial impact. Therefore, we take the view that the screening of users for OFAC sanctions is important. We do not accept user’s subject to OFAC sanctions programmes or from jurisdictions subject to OFAC sanctions programmes. We have procedures in place to ensure these sanctions programmes are continuously monitored, and adopt technology where necessary to ensure this Policy and Procedure is adhered to.

Anonymity of transactions and users:

We assess the risk associated with anonymous transactions and users. We take measures to mitigate these risks internally and engage third party service provider(s) or utilise software, to review our databases and users’ analytics to monitor for malicious and sanctioned addresses. We block or freeze users who are flagged by our systems and may implement identity verification procedures systems where a user wishes to continue using our products, and such continued use after obtaining CDD or EDD in accordance with these Policies and Procedures, will not breach any other terms herein. We monitor for situations where identification verifications are needed.

Presence of high-risk factors such as politically exposed persons (PEPs) and sanctioned entities:

We define a politically exposed person (PEP) as an individual who holds a prominent public position or role in a foreign country, including:

1. Heads of state or government

2. Senior politicians or officials

3. Senior executives of state-owned corporations

4. Judges or senior officials of courts or tribunals

5. High-ranking military officers

6. Senior officials of political parties

Additionally, the definition of PEPs also includes immediate family members and close associates of the above-listed individuals. Immediate family members include spouses, children, and parents of the PEP, while close associates refer to individuals who are known to have a close personal or professional relationship with the PEP.

Should a PEP be flagged by our systems implemented at part D above, such PEP will automatically be blocked from using our products. We may thereafter conduct enhanced due diligence or report suspicious transactions to the relevant authorities. A PEP which is subject to a sanction listed at Clause C above may not be a user.

Potential for cross-border transactions:

We assess the potential risks associated with cross-border transactions, including the potential for sanctions violations and the complexity of regulatory compliance in different jurisdictions.

Customer Due Diligence (CDD)

Due to the nature of our operations, we are not required by the laws of the British Virgin Islands to conduct CDD on all users. In circumstances where we need to obtain CDD on a user for any reason set out herein, we will apply a risk-based approach to customer due diligence procedures, including:

Obtaining and verifying the identity of users, including individuals and entities, in accordance with the guidance of the British Virgin Islands Financial Services Commission:

Information about the user's identity, including their name, address, date of birth, and government-issued identification documents will be collected and verified using reliable and independent sources.

Collecting information about the purpose and nature of the business relationship with the user:

Information about the user's business relationship with us, including the nature of the virtual asset transactions they intend to undertake and the expected frequency and volume of transactions will be collected.

Conducting enhanced due diligence for high-risk users and transactions:

Enhanced due diligence will be conducted on users or transactions that present a high risk of money laundering, terrorism financing, or sanctions violations (should such user not already be blocked form our products). This may include obtaining additional information about the user or transaction, conducting additional identity verification procedures, and obtaining independent verification of the user's source of funds.

Keeping records of user identification and transaction data for a minimum of five years:

Where required by applicable law, we maintain accurate and up-to-date records of any user and transaction data obtained, including a user's name, address, date of birth, and government-issued identification documents, as well as the date, time, and amount of each transaction.

Enhanced Due Diligence (EDD)

In addition to CDD, we conduct EDD in certain circumstances, including:

Transactions involving PEPs or their immediate family members:

We conduct enhanced due diligence on users flagged as PEPs or their immediate family members to mitigate the risk of corruption or bribery.

Transactions involving high-risk jurisdictions:

In relation to users from countries that are not from a Recognised Jurisdiction (as categorised by the FSC from time to time) and we are required by these Policies and Procedures to obtain user identification, CDD or EDD (as applicable) will be performed. Similarly, where dealing with higher risk scenarios/individuals, EDD will be required. Extra caution should be taken in relation to the acceptance of certified documentation from individuals or entities in high risk countries or territories and appropriate verification checks should be undertaken on such individuals and entities to ensure their legitimacy and reliability.

Unusual transactions:

We conduct enhanced due diligence on transactions that are flagged by our systems as unusual in nature to ensure that they are not part of an illicit activity.

Suspicious transactions:

We conduct enhanced due diligence on transactions that are flagged to be linked to money laundering, terrorism financing, or sanctions violations, and report these transactions to the relevant authorities.

Reporting and Record Keeping

We report suspicious transactions and maintain accurate records of user identification and transaction data, including:

Reporting suspicious transactions to the Financial Reporting Authority (FRA):

We report suspicious transactions to the FRA in accordance with the guidance of the FSC.

Maintaining records of user identification and transaction data for a minimum of five years:

We maintain records of any user identification and transaction data we gather as a result of the terms of these Policies and Procedures.

Internal reporting

All employees must report any activity that they see in the course of their duties and that they think may be suspicious to the compliance department. We shall provide all necessary training and guidance to ensure that the employees are aware of:

1. Their obligations in this area;

2. Possible offences and penalties for not disclosing or reporting any suspicious activity;

3. Any internal disciplinary sanctions that may apply for not reporting;

4. Procedures to be followed;

5. Description of all the red flag indicators;

6. Documentation to be used to make reports; and

7. Where to receive further advice and guidance.

Sanctions Risks

We report suspected sanctions violations to the relevant authorities in accordance with the guidance of the FSC.

Training and Awareness

We provide regular training and awareness programs to our employees to ensure that they are knowledgeable about AML/CFT and sanctions risks and comply with the relevant laws and regulations as they may apply to our business operations from time to time.

Conclusion

We are committed to maintaining a safe and secure environment for our users and preventing the use of our business for illegal activities, including money laundering, terrorism financing, and sanctions violations. We will continue to monitor and review these Policies and Procedures to ensure that they remain effective and compliant with the regulatory framework in the British Virgin Islands.