Effective Date: January 15, 2025

Risk Disclosure

1. Overview

1.1 Purpose and Objectives

BaltEX (operated by GGWP Limited) provides a crypto-asset swap service, receiving digital assets at BaltEX-controlled addresses and delivering exchanged assets to a user-specified wallet. This policy aims to prevent, detect, and report money laundering and terrorist financing, in accordance with:

  • Financial Action Task Force (FATF) recommendations
  • Costa Rican regulatory requirements (the jurisdiction of GGWP Limited)
  • Other relevant international AML/CFT standards (e.g., OFAC, UN, EU)

1.2 Key Definitions

  • Money Laundering (ML): Concealing the illicit origin of funds by disguising them as legitimate assets.
  • Terrorist Financing (TF): Providing or collecting funds to support terrorist acts or organizations.
  • High-Risk Country: Jurisdictions identified as having heightened vulnerability to ML/TF.
  • Politically Exposed Person (PEP): Individuals holding or having held prominent public positions, along with their close associates.
  • Short-Term Custody: Temporary holding of user funds in BaltEX-controlled wallets during swaps, with potential freezing if suspicious activity is detected.

2. Service Model and Scope

2.1 Swap-Like Exchange

Users initiate a swap by selecting input and output assets. The input asset is sent to a BaltEX-controlled address, and upon confirmation, BaltEX sends the output asset to the user’s designated wallet.

2.2 Custody Implications

BaltEX does not maintain ongoing user balances but temporarily holds funds. This necessitates robust AML/CFT measures, including the ability to freeze suspicious transactions.

3. Customer Interaction and Identification

3.1 Minimal Registration

Users provide only wallet addresses and transaction details; no traditional account creation is required.

3.2 When Additional Information Is Required

If transactions exceed risk thresholds or trigger red flags (see Section 4.1), BaltEX may request verification documents (e.g., ID, proof of address) or clarification of fund sources. Suspicious transactions may be declined or frozen for further review.

3.3 Sanctions Screening

BaltEX screens IP data, wallet addresses, and other user inputs for links to sanctioned entities or regions.

4. Risk-Based Approach

4.1 Triggers for Additional Due Diligence

Transactions are monitored for red flags such as:

  • High-value amounts disproportionate to typical usage
  • Structured transactions suggesting detection evasion
  • Wallets linked to illicit activities (e.g., darknet markets)
  • Transactions from high-risk countries

4.2 Enhanced Due Diligence (EDD)

If red flags arise, BaltEX may:

  • Delay or hold transactions
  • Request additional user identification
  • Conduct manual compliance reviews

4.3 High-Risk Countries

Transactions linked to sanctioned nations (e.g., North Korea, Iran, Syria) may be blocked.

5. Transaction Monitoring

5.1 Automated Systems

BaltEX uses blockchain analytics to verify wallet addresses against illicit activity databases.

5.2 Manual Review

Compliance officers analyze flagged transactions and may approve, freeze, or request more details.

6. Holding and Freezing Funds

6.1 Authority to Freeze

BaltEX may freeze funds if:

  • Transactions link to sanctioned or illicit sources
  • A legal request mandates asset retention
  • Further investigation is necessary due to suspicious activity

6.2 Outcome of Investigations

If suspicion remains unresolved, BaltEX may file a Suspicious Transaction Report (STR) and follow regulatory instructions for handling funds.

7. Reporting Suspicious Activities

7.1 Suspicious Transaction Report (STR)

BaltEX submits STRs to the appropriate Financial Intelligence Unit (FIU). Staff are prohibited from alerting users about investigations.

7.2 Indicators Warranting STR

  • Transactions deviating significantly from expected patterns
  • Repeated large transfers to or from flagged addresses
  • Confirmed links to sanctioned individuals or entities

8. Record-Keeping and Data Retention

8.1 Transaction Records

BaltEX retains:

  • Origin and destination wallet addresses
  • Transaction amounts, timestamps, and blockchain hashes
  • Relevant user identification and communication logs

8.2 Retention Duration

Records are kept for at least five (5) years, with potential extensions for legal or investigative purposes.

9. Prohibited and Restricted Jurisdictions

9.1 Prohibited Jurisdictions

BaltEX does not process transactions from jurisdictions under comprehensive sanctions (e.g., North Korea, Iran, Syria).

9.2 Restricted Jurisdictions

Users from regulated countries (e.g., U.S., U.K., certain EU states) may face restrictions until compliance measures are met.

10. Compliance with Regulatory Requests

10.1 Cooperation

BaltEX complies with legitimate regulatory and law enforcement requests.

10.2 Data Protection

User data is managed in accordance with relevant privacy regulations.

11. Accountability and Oversight

11.1 AML Compliance Officer (AMLCO)

An AMLCO oversees policy enforcement, transaction monitoring, staff training, and regulatory communications.

11.2 Audits and Reviews

Periodic internal audits assess the effectiveness of AML/CFT measures, with external reviews if required.

12. Staff Training

BaltEX personnel receive regular training on ML/TF risks, blockchain analytics, and compliance procedures.

13. Policy Updates

This policy is reviewed periodically to align with regulatory, technological, and industry changes.

Effective Date: This policy is effective upon approval by BaltEX senior management and remains valid until replaced.

BaltEX is committed to preventing illicit financial activities and ensuring compliance with AML/CFT regulations.