AML/CFT & KYC

Comprehensive AML/CFT & KYC Framework for Cryptocurrency Exchanges

1. Introduction & Core Principles

This document outlines the robust Anti-Money Laundering (AML), Counter-Financing of Terrorism (CFT), and Know Your Customer (KYC) framework for Diamond Exchange. Our exchange is committed to the highest standards of compliance with global regulations to prevent its services from being used for financial crimes, including money laundering, terrorist financing, fraud, and sanctions evasion.

Core Principles

Zero Tolerance for Illicit Finance: We maintain a strict policy against processing transactions linked to illegal activities.
Regulatory Adherence: We comply with all applicable laws and regulations in the jurisdictions we operate, including the Financial Action Task Force (FATF) Recommendations.
Risk-Based Approach (RBA): All our controls are scaled according to the assessed risk level of customers, transactions, and geographic locations.
Proactive Detection: We employ advanced monitoring systems to proactively identify and investigate suspicious activity rather than merely reacting to incidents.

2. Risk-Based Approach Framework

A Risk-Based Approach (RBA) is the cornerstone of our program. We categorize risk based on three primary factors:

2.1. Customer Risk

Low Risk: Verified, long-standing individual customers with transparent transaction histories.
Medium Risk: Corporate entities, trusts, or Politically Exposed Persons (PEPs) with a lower risk profile.
High Risk: PEPs, customers from high-risk jurisdictions, shell companies, cash-intensive businesses, and those dealing in high-risk assets like privacy coins.

2.2. Geographic Risk

High-Risk Jurisdictions: Countries identified by the FATF as having strategic AML/CFT deficiencies (e.g., Iran, North Korea), or countries subject to comprehensive international sanctions. Transactions involving platforms from these jurisdictions, as noted in your policy (e.g., Garantex, any Iranian platforms), are automatically flagged.
Prohibited Jurisdictions: We maintain a clear list of jurisdictions we do not service.

2.3. Product/Transaction Risk

High-Risk Services: Fiat-to-crypto off-ramping, large wire transfers, peer-to-peer (P2P) trading, and services involving privacy coins or mixers/tumblers (e.g., Tornado Cash, Wasabi Wallet) are inherently higher risk.

Table: Risk Categorization Matrix

Risk Factor	Low Risk	Medium Risk	High Risk
Customer Type	Salaried individual, local SME	Trust, Private Company	PEP, Shell Company, Casino
Geography	FATF-compliant nations (e.g., USA, UK)	Countries under monitoring	FATF black/grey lists, sanctioned countries
Transaction Type	Low-value crypto swaps	Medium-value exchanges	High-value fiat off-ramps, P2P trades

3. Customer Due Diligence (CDD) Procedures

3.1. Standard KYC Verification (Tier 1)

All customers must undergo initial identity verification to use our services beyond basic browsing.

Required Information: Full name, date of birth, residential address.
Documentation: Government-issued photo ID (Passport, National ID, Driver’s License) and a recent proof of address (utility bill, bank statement).
Verification Method: Automated document validation, liveness checks, and facial recognition technology.

3.2. Enhanced Due Diligence (EDD) – Tier 2

EDD is mandatory for all customers classified as High Risk.

Additional Requirements:

Source of Funds (SoF) & Source of Wealth (SoW): Documentation required to verify the legitimacy of the customer’s assets (e.g., bank statements, tax returns, business incorporation documents, proof of inheritance).
PEP Declaration and Screening: Mandatory screening against PEP databases.
Senior Management Approval: Any onboarding of a high-risk customer requires approval from the Chief Compliance Officer.
Triggering Events: A standard risk customer can be moved to EDD if their transaction patterns change dramatically or they initiate a high-value transaction.

3.3. Know Your Transaction (KYT) & Ongoing Monitoring

CDD is not a one-time event. We conduct continuous monitoring.

Transaction Monitoring: Real-time analysis of deposit and withdrawal patterns for anomalies.
Re-KYC: Periodic reverification of customer identities and updated information, especially for high-risk categories.
Wallet Screening: All cryptocurrency deposits are screened against databases of known illicit addresses (e.g., stolen funds, ransomware, darknet markets, mixers).

4. Transaction Monitoring & Know Your Transaction (KYT)

We utilize a combination of automated blockchain analytics tools and manual review to monitor transactions 24/7.

Key Monitoring Scenarios

Structuring: Breaking down large transactions into smaller ones to avoid reporting thresholds.
Transactions with High-Risk Entities: Deposits from or withdrawals to sanctioned addresses, known scam addresses, mixers, gambling sites, or darknet markets.
Geographic Mismatches: Transactions originating from IP addresses in a jurisdiction different from the customer’s stated residence.
Peer-to-Peer (P2P) Monitoring: Enhanced scrutiny on P2P trades to prevent fraud and scam attempts.

The KYT Process

Alert Generation: The automated systеm flags a transaction based on pre-defined risk rules.
Triage: The AML team investigates the alert to determine if it is false or genuine.
Investigation: If genuine, the analyst investigates the customer’s history, the transaction’s origin/destination, and any linked addresses.
Action: The team decides on an action: close (false positive), request more info from customer (SoF/SoF), suspend the account, or file a Suspicious Activity Report (SAR).

5. Sanctions & Prohibited Entities Screening

Automated Screening: All customers (name, DOB) and transaction addresses are screened in real-time against updated global sanctions lists (e.g., OFAC, UN, EU lists).
Internal Blacklist: We maintain and constantly updаte an internal blacklist of prohibited entities, including but not limited to:
Garantex, Tornado Cash, Hydra, Blender.io, Lazarus Group, ChipMixer, Shinbad.io, Commex, Capitalist, Genesis Market, and any platform operating from a comprehensively sanctioned jurisdiction.
Zero-Tolerance Policy: Any attempt to transact with a blacklisted address will result in immediate transaction rejection, account suspension, and mandatory filing of a SAR.

6. Organizational Structure, Training & Audit

Dedicated Compliance Officer: Appointment of a qualified Chief Compliance Officer with the authority to enforce this policy.
Independent AML Team: A team of analysts independent from the commercial/sales department to handle investigations.
Annual Training: Mandatory annual training for all employees on AML/CFT procedures, red flags, and their reporting obligations.
Independent Audit: A comprehensive, independent audit of the entire AML/CFT program is conducted at least annually to ensure its effectiveness and recommend improvements.

7. Incident Response, Reporting & Recordkeeping

Suspicious Activity Reports (SARs): We have a clear, confidential process for filing SARs with the relevant Financial Intelligence Unit (FIU) without tipping off the customer.
Law Enforcement Requests: A defined process for handling and responding to legitimate information requests from law enforcement agencies.
Recordkeeping: We retain all KYC records, transaction data, and investigation notes for a minimum of five (5) years after the account is closed, as required by law.
Refund Policy (Following Seizure/Suspension): Consistent with industry practice, if funds are stopped due to AML risks and the user fails KYC/EDD checks, a refund may be issued minus a processing fee (e.g., 5%) to cover the significant labor and administrative costs of the investigation, as outlined in your provided policy.

8. Conclusion & User Agreement

By registering an account and using the diamondexchange.cc service, the user explicitly agrees to all terms outlined in this AML/CFT & KYC Policy.