CryptumPay AML Policy

Last updated: May 31, 2026

This Anti-Money Laundering Policy (“AML Policy”) explains the principles and controls used by CryptumPay to prevent, detect and respond to money laundering, terrorist financing, sanctions evasion, fraud and other prohibited activity.

This AML Policy applies to the CryptumPay website, merchant console, payment pages, payment widgets, APIs, webhooks, mobile application where available, and related services.

This AML Policy should be read together with the CryptumPay Terms of Use available at https://cryptumpay.com/terms and the CryptumPay Privacy Policy available at https://cryptumpay.com/privacy-policy.

By using CryptumPay, you agree to comply with this AML Policy.

1. Purpose of This AML Policy

CryptumPay provides crypto payment processing services for merchants.

Because crypto payments may be exposed to money laundering, terrorist financing, sanctions evasion, fraud, scams, stolen funds, darknet activity and other illicit activity, CryptumPay applies risk-based controls to help prevent misuse of the Service.

The purposes of this AML Policy are to:

• explain CryptumPay’s AML, sanctions and compliance principles;
• describe the types of checks CryptumPay may perform;
• set expectations for Merchants, Payers and other Users;
• describe prohibited activity;
• explain when CryptumPay may delay, reject, return, hold, restrict or refuse transactions;
• protect CryptumPay, Merchants, Payers and the integrity of the Service.

This AML Policy is a public-facing policy. It does not describe all internal procedures, risk models, thresholds, provider rules, investigation steps or operational controls used by CryptumPay.

2. Definitions

For the purposes of this AML Policy:

“AML” means anti-money laundering.

“CFT” means countering the financing of terrorism.

“KYC” means know-your-customer checks for individuals.

“KYB” means know-your-business checks for legal entities, businesses and merchant organisations.

“Merchant” means a person or business that creates or uses a CryptumPay account to accept crypto payments.

“Payer” means a customer, user or other person who makes or attempts to make a crypto payment through CryptumPay.

“User” means any visitor, Merchant, Payer or other person using any part of CryptumPay.

“Service” means the CryptumPay website, console, payment pages, widgets, APIs, webhooks, mobile application where available, and related crypto payment processing services.

“Transaction” means any crypto payment, refund, withdrawal, conversion, balance adjustment or other activity processed through CryptumPay.

“Restricted Person” means any person or entity that is subject to sanctions, located in a restricted jurisdiction, incorporated in a restricted jurisdiction, owned or controlled by sanctioned persons, or otherwise prohibited from using CryptumPay.

“Prohibited Activity” means any activity described as prohibited in this AML Policy, the Terms of Use or applicable law.

3. Language

The English version of this AML Policy is the controlling version.

Any translation is provided for convenience only.

In case of any inconsistency between the English version and any translation, the English version prevails.

4. Status of CryptumPay

CryptumPay is a crypto payment processing service.

CryptumPay is not a bank, electronic money institution, fiat payment institution, card acquirer, broker, investment adviser, investment platform or fiat money remittance service.

Unless expressly stated by CryptumPay in writing, CryptumPay does not represent that it is licensed, authorised, registered or supervised as a bank, payment institution, electronic money institution, investment firm, crypto-asset service provider or other regulated financial institution in any jurisdiction.

CryptumPay may refuse, restrict or terminate access to the Service in any jurisdiction where provision or use of the Service would require authorisation, registration, licensing, reporting or regulatory approval that CryptumPay has not obtained.

5. Risk-Based Approach

CryptumPay applies a risk-based approach to AML, CFT, sanctions and fraud prevention.

This means that CryptumPay may assess risk based on factors including:

• Merchant identity;
• Merchant ownership and control structure;
• Merchant business model;
• Merchant website or domain;
• products or services offered by the Merchant;
• jurisdictions connected to the Merchant;
• expected and actual transaction volume;
• transaction size;
• transaction frequency;
• transaction patterns;
• blockchain network;
• crypto asset;
• wallet address risk;
• source of funds indicators;
• sanctions exposure;
• darknet exposure;
• mixer or tumbler exposure;
• fraud or scam exposure;
• suspicious behaviour;
• inconsistent or incomplete information;
• refusal to provide requested information;
• any other factor CryptumPay considers relevant.

CryptumPay may apply different levels of review, checks, restrictions, limits or monitoring depending on the risk profile of a Merchant, Payer, transaction, wallet, jurisdiction or activity.

Merchant approval is not a one-time decision. CryptumPay may conduct ongoing monitoring, periodic re-review or event-based re-review of Merchants, transactions, business models, ownership, activity and risk profile.

6. AML Checks Are Not Guarantees

AML, sanctions, fraud-prevention and risk checks are risk-management tools.

They do not guarantee that any transaction, wallet, Merchant, Payer, counterparty, business model, source of funds or activity is lawful, safe, verified, risk-free or free from illicit exposure.

A completed check, approved transaction, approved withdrawal, approved refund or approved Merchant account does not mean that CryptumPay guarantees:

• the legality of the transaction;
• the legality of the Merchant’s goods or services;
• the source of funds;
• the identity or reliability of any Payer;
• the safety of any wallet address;
• the absence of sanctions, AML, fraud or compliance risk;
• the availability of refunds;
• the absence of future restrictions, holds or reviews.

Merchants remain responsible for their own legal, regulatory, AML, sanctions, tax, licensing and compliance obligations.

7. KYC and KYB

CryptumPay may require KYC and KYB checks before enabling access to certain features, including live payment processing, balance crediting, withdrawals or higher limits.

For Merchants, CryptumPay may request information and documents including:

• company name;
• registration number;
• country of registration;
• legal address;
• directors;
• beneficial owners;
• authorised representatives;
• company documents;
• website or domain;
• proof of domain ownership or authorised use;
• business description;
• expected transaction volume;
• source of funds;
• licences, permits or registrations where applicable;
• additional information reasonably required for KYC, KYB, AML, sanctions, fraud-prevention, compliance or risk review.

For individuals, CryptumPay may request information and documents including:

• full name;
• date of birth;
• country;
• identity document data;
• identity document image or scan;
• selfie or liveness verification data;
• verification result;
• verification status;
• any additional information reasonably required for compliance or risk review.

KYC and KYB checks may be performed through third-party verification providers.

CryptumPay may refuse onboarding, restrict access, suspend activity, delay processing, reject transactions or terminate an account if requested information is not provided, cannot be verified, is inconsistent, appears false or creates unacceptable risk.

Providing false, incomplete, outdated or misleading information is grounds for refusal, hold, suspension, restriction or termination.

8. Beneficial Ownership and Control

Where a Merchant is a legal entity, CryptumPay may request information about ownership, control and beneficial owners.

CryptumPay may request information about:

• direct owners;
• indirect owners;
• beneficial owners;
• directors;
• authorised representatives;
• persons controlling the Merchant;
• persons acting on behalf of the Merchant;
• corporate structure;
• source of funds;
• source of wealth where relevant.

CryptumPay may refuse or restrict a Merchant if ownership, control or beneficial ownership cannot be reasonably verified.

9. Sanctions and Restricted Persons

CryptumPay must not be used by or for the benefit of Restricted Persons.

You must not use CryptumPay if you are:

• a US Person, as defined in the Terms of Use;
• located in, incorporated in, resident in or operating from a sanctioned, embargoed or restricted jurisdiction;
• acting on behalf of a person located in a sanctioned, embargoed or restricted jurisdiction;
• subject to sanctions;
• owned or controlled by a sanctioned person;
• using CryptumPay for the benefit of a sanctioned person;
• otherwise prohibited from using CryptumPay under applicable law, the Terms of Use or this AML Policy.

CryptumPay may screen Users, Merchants, transactions, wallet addresses and activity for sanctions risk.

CryptumPay may block, reject, delay, return, restrict, suspend or terminate any account, transaction, withdrawal, refund or activity if sanctions risk is identified or suspected.

CryptumPay may refuse to disclose specific details of sanctions screening, risk scoring, investigation results or internal decision-making.

10. Prohibited Activity

You must not use CryptumPay for any illegal, fraudulent, abusive, deceptive, harmful, sanctioned or prohibited activity.

Prohibited activity includes, without limitation:

• money laundering;
• terrorist financing;
• sanctions evasion;
• fraud;
• scams;
• phishing;
• social engineering;
• stolen funds;
• stolen goods;
• counterfeit goods;
• darknet markets;
• mixers, tumblers or services intended to conceal the source of funds;
• ransomware;
• malware;
• botnets;
• hacking tools;
• unauthorised access services;
• child sexual abuse material or any illegal sexual content;
• human trafficking;
• exploitation;
• forced labour;
• narcotics;
• controlled substances;
• cannabis;
• CBD products;
• drug paraphernalia;
• weapons;
• ammunition;
• explosives;
• sanctions-controlled goods or services;
• Ponzi schemes;
• pyramid schemes;
• deceptive investment schemes;
• unlicensed financial services;
• unlicensed money transmission;
• unlicensed gambling;
• terrorist activity;
• infringement of intellectual property rights;
• sale of personal data without lawful basis;
• any activity that misleads customers;
• any activity that creates unacceptable legal, regulatory, AML, sanctions, security or reputational risk.

CryptumPay may also classify a Merchant, transaction or activity as prohibited or unacceptable based on risk, even if the activity is not specifically listed above.

11. High-Risk Business Categories

Certain business categories may require enhanced review and may be approved, restricted or rejected at CryptumPay’s sole discretion.

High-risk categories may include:

• iGaming;
• betting;
• casinos;
• forex;
• CFD products;
• trading-related services;
• adult content;
• nutraceuticals;
• dietary supplements;
• donations;
• political fundraising;
• charity;
• marketplaces;
• VPN services;
• other regulated or higher-risk business models.

Approval of a Merchant does not mean that CryptumPay approves all future activity of that Merchant.

CryptumPay may re-review, restrict, suspend or terminate a Merchant if its business model, products, services, jurisdictions, transaction activity, risk profile or ownership structure changes.

12. Transaction Monitoring

CryptumPay may monitor transactions and activity for AML, sanctions, fraud-prevention, security, compliance and risk-management purposes.

Monitoring may include review of:

• incoming crypto payments;
• transaction hashes;
• payment amounts;
• selected assets;
• selected blockchain networks;
• payment statuses;
• refund activity;
• withdrawal activity;
• wallet address risk indicators;
• transaction patterns;
• abnormal or inconsistent activity;
• high-risk blockchain exposure;
• suspicious customer behaviour;
• Merchant activity;
• support requests related to payments;
• other activity relevant to risk assessment.

CryptumPay may use internal systems and third-party AML, blockchain analytics, KYC, KYB, sanctions, security or fraud-prevention providers.

CryptumPay does not guarantee AML screening of every outgoing address or every withdrawal destination.

Withdrawal review may include security, sanctions, fraud-prevention and risk checks, but routine AML screening may not be performed for every withdrawal destination.

13. Source of Funds and Source of Wealth

CryptumPay may request information about the source of funds or source of wealth connected with a Merchant, Payer, transaction, wallet address, refund, withdrawal or other activity.

CryptumPay may request:

• explanation of the purpose of a transaction;
• documents supporting the source of funds;
• information about the Merchant’s business activity;
• invoices, contracts or order information;
• proof of ownership or control of a wallet;
• information about counterparties;
• information about expected transaction volume;
• other information reasonably required for AML, sanctions, fraud-prevention, compliance or risk review.

CryptumPay may delay, reject, return, restrict or hold a transaction, withdrawal or refund if source-of-funds information is not provided, is incomplete, is inconsistent or does not satisfy CryptumPay’s risk controls.

14. Transfer Information

Where required by applicable law, regulation, compliance obligations, risk controls or internal policy, CryptumPay may collect, retain, transmit, request or verify information related to crypto transfers.

This may include:

• originator information;
• beneficiary information;
• wallet information;
• transaction information;
• counterparty information;
• ownership or control information;
• source-of-funds information;
• purpose-of-transaction information;
• other information reasonably required for AML, sanctions, fraud-prevention, compliance or risk review.

CryptumPay may delay, restrict, refuse or return a transaction, refund or withdrawal if required transfer information is missing, incomplete, inconsistent, suspicious or cannot be verified.

Nothing in this section means that CryptumPay guarantees support for any specific regulatory transfer-information standard, travel rule protocol, jurisdictional requirement or counterparty system.

15. Holds, Delays and Refusals

CryptumPay may place a transaction, refund, withdrawal, account or Merchant Balance on hold if we identify or suspect:

• AML risk;
• sanctions risk;
• terrorist financing risk;
• fraud risk;
• stolen funds;
• suspicious activity;
• prohibited activity;
• incomplete KYC or KYB;
• inconsistent information;
• high-risk wallet exposure;
• high-risk jurisdiction exposure;
• regulatory risk;
• security risk;
• technical risk;
• violation of the Terms of Use or this AML Policy.

During a hold, CryptumPay may:

• request additional information;
• perform additional checks;
• restrict withdrawals;
• restrict refunds;
• restrict account access;
• delay payment processing;
• reject a transaction;
• return funds where possible;
• refuse to return funds where prohibited or unsafe;
• terminate the account;
• retain records;
• report activity where required or appropriate;
• take any other action required or permitted by law, internal policy or risk controls.

CryptumPay does not guarantee a specific timeframe for resolving AML, sanctions, fraud or compliance reviews.

16. Refunds and AML Review

Refunds may be subject to AML, sanctions, fraud-prevention, security and compliance review.

CryptumPay may delay, restrict or refuse a refund if:

• the transaction is suspicious;
• the refund address is suspicious;
• the refund may involve a Restricted Person;
• the transaction is connected with Prohibited Activity;
• the transaction is affected by AML risk;
• the transaction is affected by sanctions risk;
• the refund amount is insufficient to cover applicable network fees;
• required information is missing;
• the payment cannot be identified;
• the refund is technically impossible;
• applicable law or internal compliance rules restrict the refund.

A refund does not mean that CryptumPay approves the original transaction, Merchant, Payer or activity.

17. Withdrawals and AML Review

Withdrawals may be subject to AML, sanctions, fraud-prevention, security and compliance review.

CryptumPay may delay, restrict or refuse a withdrawal if:

• KYC or KYB has not been completed;
• two-factor authentication is not enabled;
• AML checks are pending;
• sanctions checks are pending;
• security checks are pending;
• the destination address is suspicious;
• the account is restricted;
• the withdrawal exceeds applicable limits;
• required documents or information are missing;
• the withdrawal may involve Prohibited Activity;
• the withdrawal may violate the Terms of Use, this AML Policy or applicable law.

The Merchant is responsible for providing a correct withdrawal address, asset and network.

Withdrawal review may include security, sanctions, fraud-prevention and risk checks. CryptumPay does not guarantee AML screening of every outgoing address or every withdrawal destination.

18. Reporting and Cooperation with Authorities

CryptumPay may report suspicious activity, prohibited activity, sanctions-related activity or other relevant information to authorities, regulators, law enforcement, courts, compliance providers or other parties where required or appropriate.

CryptumPay may cooperate with lawful requests, investigations, subpoenas, court orders, regulatory requests, law enforcement requests or other legally relevant requests.

CryptumPay may retain and disclose records where required or appropriate for legal, regulatory, AML, sanctions, fraud-prevention, security, audit, accounting, dispute-resolution or compliance purposes.

To the extent permitted by law, CryptumPay may refuse to inform a User about specific reports, alerts, investigations or internal decisions.

19. No Tipping-Off and Restricted Disclosure

CryptumPay may be legally, operationally or commercially restricted from informing a User that a report, alert, investigation, hold, review, restriction or internal decision has been made or is ongoing.

CryptumPay may refuse to disclose information where disclosure may:

• constitute tipping-off;
• compromise security;
• assist evasion of AML, sanctions, fraud-prevention or risk controls;
• violate law;
• interfere with an investigation;
• reveal confidential methods;
• reveal provider rules or thresholds;
• expose internal monitoring logic;
• create additional risk;
• harm CryptumPay, Users, Merchants, Payers, authorities, providers or third parties.

20. Recordkeeping

CryptumPay may retain KYC, KYB, AML, sanctions, transaction, account, support, risk and compliance records for as long as necessary for legal, regulatory, AML, sanctions, fraud-prevention, security, audit, accounting, dispute-resolution and operational purposes.

Records may include:

• account data;
• Merchant verification data;
• individual verification data;
• beneficial ownership data;
• business model information;
• transaction history;
• payment statuses;
• transaction hashes;
• refund records;
• withdrawal records;
• AML screening results;
• sanctions screening results;
• risk assessments;
• support communications;
• internal compliance notes;
• investigation records.

CryptumPay may be unable to delete certain records if retention is required or necessary for legal, compliance, AML, sanctions, fraud-prevention, security, audit, accounting or dispute-resolution purposes.

21. Confidentiality of AML Controls

CryptumPay does not disclose detailed AML rules, sanctions rules, fraud-prevention rules, risk thresholds, scoring models, provider configurations, monitoring logic, investigation methods or internal compliance procedures.

CryptumPay may refuse to provide detailed explanations for decisions related to AML, sanctions, fraud prevention, account restrictions, transaction holds, refunds, withdrawals or termination where disclosure may:

• compromise security;
• assist evasion of controls;
• violate law;
• interfere with an investigation;
• expose confidential methods;
• create additional risk;
• harm CryptumPay, Users, Merchants, Payers or third parties.

22. Merchant Obligations

Merchants must:

• provide accurate, complete and current information;
• promptly update changed information;
• provide requested KYC, KYB, AML, sanctions and compliance information;
• use CryptumPay only for lawful activity;
• ensure that their goods and services are lawful;
• maintain required licences, permits and registrations;
• comply with sanctions and applicable law;
• cooperate with CryptumPay reviews and investigations;
• avoid misleading customers about CryptumPay’s role;
• avoid structuring or splitting transactions to bypass limits or checks;
• avoid using multiple accounts to bypass controls;
• prevent use of CryptumPay for Prohibited Activity;
• notify CryptumPay of suspicious activity related to their account or customers.

Merchants are responsible for their customers, websites, goods, services, refund policies, regulatory obligations, tax obligations, licences and compliance with laws applicable to their business.

23. Payer Responsibilities

Payers must use CryptumPay only for lawful purposes.

Payers must not use CryptumPay to:

• pay for Prohibited Activity;
• send funds from illicit sources;
• send funds on behalf of Restricted Persons;
• evade sanctions;
• conceal the source of funds;
• abuse refunds;
• attempt to bypass payment or AML controls;
• provide false or misleading information.

CryptumPay may request information from a Payer where necessary for AML, sanctions, fraud-prevention, security, refund, support or compliance purposes.

24. No Circumvention

Users must not attempt to bypass CryptumPay’s AML, KYC, KYB, sanctions, fraud-prevention, security, technical or risk controls.

Prohibited circumvention includes:

• creating multiple accounts to avoid checks;
• splitting transactions to avoid review;
• using false identities;
• using nominees or straw persons;
• using VPNs, proxies or other tools to hide restricted location where this is intended to bypass restrictions;
• providing false documents;
• providing misleading business information;
• changing business activity after approval without disclosure;
• using third-party wallets or intermediaries to obscure source of funds;
• attempting to test risk thresholds or monitoring rules.

CryptumPay may suspend or terminate access if circumvention is suspected.

25. Third-Party Providers

CryptumPay may use third-party providers for:

• KYC;
• KYB;
• AML screening;
• blockchain analytics;
• sanctions screening;
• fraud prevention;
• identity verification;
• risk analysis;
• compliance workflows;
• security;
• hosting, logging and monitoring.

CryptumPay may change providers from time to time and does not have to disclose provider names publicly.

Use of third-party providers does not limit CryptumPay’s rights under this AML Policy or the Terms of Use.

26. Data Protection

CryptumPay processes personal data for AML, KYC, KYB, sanctions, fraud-prevention and compliance purposes in accordance with the CryptumPay Privacy Policy available at https://cryptumpay.com/privacy-policy.

AML, KYC, KYB, sanctions, transaction and compliance records may be retained even after account closure where retention is required or necessary for legal, compliance, AML, sanctions, fraud-prevention, security, audit, accounting or dispute-resolution purposes.

27. Updates to This AML Policy

CryptumPay may update this AML Policy from time to time.

Changes may be posted on the website, in the console or otherwise communicated by reasonable means.

The updated AML Policy becomes effective when posted or on the date stated in the updated AML Policy.

Continued use of CryptumPay after the updated AML Policy becomes effective means acceptance of the updated AML Policy.

28. Contact

For questions about this AML Policy, contact:

info@cryptumpay.com