SECTION 1

TERMS AND DEFINITIONS

1. Beneficial owner

means a natural person who ultimately owns or controls the Client or a natural person on whose behalf a Transaction is being conducted or the monetary operations is being executed. The Beneficial owner is, a) as regards corporate entities, a natural person who ultimately owns or controls a legal entity through direct or indirect ownership or control over a sufficient percentage of the shares or voting rights in thatlegal entity, including through bearer share holdings (a percentage of 25% plus one share shall be deemed sufficient to meet this criterion), save a company listed on a regulated market that is subject to disclosure requirements consistent with the legislation of the European Union or subject to equivalent international standards, or a natural person who otherwise exercises control over the management of a corporate entity, 2) as regards legal entity which administers and distributes funds: a natural person who is the beneficial owner of 25% or more of the property of a legal entity (where the future beneficial owners have already been determined); where the individuals that benefit from this legal entity have not yet been determined, the class of persons in whose main interest the legal entity is set up or operates; a natural person who exercises control over 25% or more of the property of the legal entity

2. Business relationship

means a business, professional or commercial relationship of the Company with a Client that is expected, at the time when entering in such relationship, to have an element of duration.

3. Client

means a person that uses services provided by the Company.

4. Close associate

means a natural person who: participates in the same legal entity or maintains other business relationships with a person who performs or previously performed the prominent public functions; is the sole owner of the legal entity set up or operating de facto with the aim of acquiring property or another personal benefit for a person who performs or previously performed the prominent public functions.

5. Close family member

means spouse, person in registered partnership (cohabitant), parent, brother, sister, child and child's spouse or child's cohabitant.

6. Company

means REZO FIVE Spółka z ograniczoną odpowiedzialnością. The term “Company” when used in these Procedures also refers to the management bodies of the Company and the members of such bodies as well as the employees of the Company.

7. Employee of the Company or Employee

means any natural person who is employed by the Company on the basis of employment agreement or other agreement. The term “Employee” when used in these Procedures also refers to the management bodies of the Company and the members of such bodies, unless the context requires otherwise.

8. European Union Member State or EU Member State

means a state which is a Member State of the European Union (“EU”) or a state of the European Economic Area (“EEA”)

9. Financial institution

means the credit institutions and financial undertakings as defined in the Law of the Republic of Poland on Financial Institutions, payment institutions as defined in the Law of the Republic of Poland on Payment Institutions, electronic money institutions as defined in the Law of the Republic of Poland on Electronic Money and Electronic Money Institutions, operators of currency exchange offices as defined in the Law of theRepublic of Poland on Currency Exchange Operators, operators of crowdfunding platforms as defined in the Law of the Republic of Poland on Crowdfunding, operators of peer-to-peer lending platforms as defined in the Law of the Republic of Poland on Consumer Credit and the Law of the Republic of Poland on Credit Relating to Immovable Property, insurance undertakings engaged in life insurance activities and insurance brokerage firms engaged in insurance mediation activities relating to life insurance as defined in the Law of the Republic of Poland on Insurance as well as investment companies with variable capital and collective investment undertakings intended for informed investors and management companies managing only those undertakings; branches of these foreign financial institutions set up in the Republic of Poland as well as electronic money institutions and payment institutions whose registered office is in another European Union Member State providing services in the Republic of Poland through agents, natural or legal persons.

10. Financial intelligence unit or FIU

means the Financial Crime Investigation Service under the Ministry of the Interior of the Republic of Poland.

11. Money laundering or ML

means the doing of any act which constitutes an offence of money laundering under the Criminal Code of the Republic of Poland and is defined in the Law on the Prevention of Money Laundering and Terrorist Financing of the Republic of Poland. The criminal acts cover all procedures that seek to change the identity of illegally obtained funds, arising from drug dealing, terrorist activities or any other crime in order to give impression that such money originated from legitimate or legal sources. Money laundering is the participation in any transaction that seeks to conceal or disguise the nature or origin of funds derived from illegal activities such as, for example, fraud, corruption, organized crime, or terrorism etc. Predicate offences for money laundering are defined by the Criminal Code of the Republic of Poland.

12. Monetary operation

means any payment, transfer or receipt of funds executed by the Company under the instructions of a client, save the payments to state and municipal institutions, other budgetary institutions, the Bank of Poland, state or municipal funds, diplomatic missions or consular posts of foreign countries or settlement with these institutions.

13. Money laundering reporting officer or Officer

means an employee of the Company who is appointed by the managing director of the Company as the officer responsible for the ML and TF prevention in the Company.

14. Other than FATF country

means (i) a country that is not a member of the Financial Action Task Force (“FATF”) on Money Laundering or of an international organization with an observer status at FATF that takes part in the efforts to combat money laundering and terrorist financing and (ii) considered to be High-risk and non-cooperative jurisdiction. The list of the countries other than FATF countries is provided under the following Link: http://www.fatf-gafi.org/countries/#high-risk.

15. Politically exposed natural person or PEP

means a natural person who is or has been entrusted with prominent public functions and immediate family members or persons known to be close associates of such person. A person is a PEP for a period of 1 year after ceasing to be entrusted with the Prominent public functions.

16. Procedures

means these procedures on the prevention of money laundering and terrorist financing and all its annexes as may be further amended from time to time.

16. Prominent public functions

means functions within Poland, European Union, international or foreign public authorities: the head of the State, the head of the government, a minister, a vice-minister or a deputy minister, a secretary of the State, a chancellor of the parliament, government or a ministry; a member of the parliament; a member of the Supreme Court, the Constitutional Court or any other supreme judicial authorities whose decisions are not subject to appeal; a mayor of the municipality, a head of the municipal administration; a member of the management body of the supreme institution of state audit or control, or a chair, deputy chair or a member of the board of the central bank; an ambassador, a charge d'affaires ad interim, a special envoy and aminister plenipotentiary or a high-ranking military officer; a member of the management or supervisory body of a public undertaking, a public limited company or a private limited company, whose shares or part of shares, carrying more than 1/2 of the total votes at the general meeting of shareholders of such companies, are owned by the State; a member of the management or supervisory body of a municipal undertaking, a public limited company or a private limited company whose shares or part of shares, carrying more than 1/2 of the total votes at the general meeting of shareholders of such companies, are owned by the State, and which are considered as large enterprises in terms of the Law of the Republic of Poland on Financial Statements of Entities; a director, a deputy director or a member of the management or supervisory body of an international intergovernmental organization; a leader, a deputy leader or a member of the management body of a political party.

17. Register

means all and any electronic register which the Company keeps:

1	Log of Submitted SARs	8 years after ending business relationship
2	Log of virtual currency exchange and transactions equal or greater than EUR 15,000 or currency/virtual currency equivalent
3	Log of all customer transactions
4	Log of business relationships ended due to ML/TF reasons
5	Copies of ID documents, identification information and KYC information
6	Digital currency wallet address together with owner's identity information
7	Correspondence with customer	5 years after ending business relationship
8	Supporting documents obtained from customer	8 years after completing transaction
9	Internal investigation records of suspicious transactions	5 years
10	Evidence of the training programs on money laundering/terrorism financing prevention whether in-house or external or required under the AML law of Poland as well as other legal acts related to the prevention of money laundering/terrorism financing.	8 years

18. Suspicious Monetary operation or Transaction

means a Monetary operation or Transaction which relates to either the funds derived from the illegal activities or the funds obtained in the course of the illegal activities or the terrorist financing and which meets at least one of the criteria established by the Order of the Director of the Financial Crime Investigation Service under the Ministry of the Interior of the Republic of Poland No V-240 of 5 December 2014 as described in details in Section 7 below.

19. Target territory

” means a foreign state or zone as specified in the Law on Corporate Income Tax of the Republic of Poland. The list of the target territories is attached to these Procedures as Annex Four.

20. Terrorist financing or TF

” means the provision of funds, directly or indirectly, with the intention that they should be used or in knowledge that they are to be used in order to carry out any of the offences within the meaning of Article 147 and 148 of the AML Act of the Republic of Poland.

21. Third party

means a financial institution or another entity as defined in the Law on the Prevention of Money Laundering and Terrorist Financing of the Republic of Poland as well as a financial institution or another entity registered in another EEA Member State or a state which is not a EEA Member State (third country), who meets the following requirements: they are subject to mandatory professional registration, recognised by law; they are registered in a EU Member State or in a third country which applies requirements that are equivalent to the EU identification requirements and record keeping requirements in respect of Clients and Beneficial owners, and which is monitored by the competent authorities in terms of the compliance with the said requirements.

22. Transaction

means a contractual arrangement between the Company and the Client on the provision of the virtual currency services.

SECTION2

ROLES AND RESPONSIBILITIES

1. The Board

d has a critical oversight role - as the senior-most management of the company, they should approve and oversee policies for risk, risk management and compliance. The Board also should have a clear understanding of the ML risks, including timely, complete, and accurate information related to the risk assessment to make informed decisions. Along with the General manager, the Board should appoint a qualified AML Officer with overall responsibility for the AML function and provide this senior-level officer with sufficient authority that when issues are raised, they get the proper attention from the Board, the General manager and the business lines. The Board manages the overall AML/CTF compliance policy of the Company and ensuring adequate resources are provided for the proper training of staff and the implementing of risk systems. The Board will receive and consider quarterly compliance reports presented by the AML Officer.

2. The General Manager

will receive and consider the monthly compliance reports sent by the AML Officer and authorize changes based on the recommendations if needed. General Manager will also receive reports on particularly significant changes that may present risk to the organization. Aid may be given to the AML Officer in the preparation of the AML program.

3. The Compliance Officer (AML Officer)

handles managing compliance risks, developing company's policies and procedures, and monitoring compliance issues. The AML Officer handles reporting significant changes that may present high ML/TF risks to the Company. The AML Officer prepares monthly and quarterly reports for consideration to the General Manager and the Board and conducts risk assessments of compliance systems, develops regular random analysis. The AML Officer sets up and implements the risk scoring matrix following regulatory guidance and for review and approval by the General Manager.

4. The MLR Officer (MLRO)

handles Transaction monitoring, receiving internal disclosures and making reports to the Financial Crime Investigation Service (FCIS). First point of contact for all compliance issues from staff. MLRO undertakes regular random analysis of transactions including assessment of documentary evidence provided by Clients and prepares any necessary amendments to the Policy in line with risk assessment. MLRO ensures everyone is periodically informed of any changes in anti-money laundering and anti-terrorist financing legislation, policies and procedures, as well as current developments and changes in money laundering or terrorist activity financing schemes particular to their jobs, constructing AML/CTF-related content for staff training programs. Independently from front office staff, MLRO reviews Client identification information to ensure that all the necessary information has been obtained.

5. Other staff members

are responsible familiarize with this Policy, other internal procedures related to their job role and understanding responsibilities. Ensure AML/CTF procedures are adhered to. Ensure that all suspicious activity is reported to the AML Officer.

SECTION 3

PROCEDURES TO FOLLOW

While complying with the legal procedures and implementing the ML/TF prevention measures, Employees depending on their position and functions within the Company must comply with the following procedures described in details further in these Procedures:

• Procedure of AML trainings;
• Procedure of reporting;
• Procedure of identification of customers;
• Procedure of monitoring;
• Procedure of business wide risk assessment;
• Procedure of implementation of international sanctions;

SECTION 4

KYC PROCEDURES (CLIENT DUE DILIGENCE)

1. Client Due Diligence

CDD process must comply with procedures as detailed herein. These include the identification of the Client, ML/TF risk assessment, assessment of the financial position of the Client, validity of identity and the source of funds.

2.The following procedures which are the ML/TF prevention measures shall be conducted to perform customer due diligence at inception of a Business relationship with a Client:

• identification of persons who apply to the Company as the potential Clients;
• verification if the potential Clients acts as a principal; if the potential Clients is represented by other person (agent), the identification and verification of the representative (agent) applies as well;
• identification and verification of the identity of the Beneficial owner, if applicable;
• identification of the identity of the Client's director (Full name, date of birth or personal code, nationality), if applicable;
• obtaining information on the Client's management structure and the nature of its activity, if applicable;
• obtaining information on purpose and intended nature of the relationship with the Company;

3. The above steps are essential prior to initiation of a business relationship with the potential Client and after the Client is engaged in the Business relationship, the following ML/TF prevention measure must be taken ongoing monitoring of the Business relationship with the Client and the Monetary operations and Transactions of the Client.

4. The Client can be turned away before a business relationship is formed, during the due diligence process or the stages following acceptance of a business relationship.

SECTION 5

IDENTIFICATION OF THE CLIENTS, THE BENEFICIAL OWNERS, AND THE REPRESENTATIVES OF THE CLIENTS (WHERE APPLICABLE)

1. The Company requires a good working knowledge of the Client's activities in order to provide an effective service, including evidence of their identity. The Company needs to identify the Clients, their Beneficial owners (where applicable) and the representatives (where applicable) prior to establishing business relationship. The creation of a deposit wallet of virtual currencies is not a business relationship if no more than one transaction, operation, deposit, or withdrawal has taken place in that wallet within six months and the amount is less than €1,000 or currency/virtual currency equivalent.

2. The Company shall identify the Clients and their beneficial owners before executing occasional virtual currency exchange transactions or operations in virtual currency with funds equal to or above €1,000 or currency/virtual currency equivalent - occasional depositing or withdrawing of virtual currency amounting to or above €1,000 or currency/virtual currency equivalent; transaction is carried out in one or more interrelated transactions (the value of the virtual currency being determined at the time of the monetary transaction or operation) unless the customer and beneficial owner have already been identified or when there are doubts about the veracity or adequacy of previously obtained identification data of the Client and/or the Beneficial owner and/or the representative of the Client (where applicable), or in any other case when there are suspicions that the act of ML or TF is, was or will be performed.

3. The identification evidence must be obtained before the provision of any services to a prospective Client or an established Client - if sufficient evidence cannot be obtained the Company must not proceed with the business. The more detailed identification requirements are provided in Annex Two to these procedures.

SECTION 6

IDENTIFICATION METHODS

1. Clients may be identified by face-to-face contact or using non-face-to-face identification methods. This also applies to those cases where the Client, either natural or legal person, is represented by another person.

2. When identifying Clients by face-to-face contact, the Client must provide an original personal identification document - for natural persons; or the registration and/or other corporate documents - for legal persons. More detailed requirements on face-to-face identification are provided in Annex Two.

3. The non-face-to-face identification can be executed when information about Client's identity is certified by his qualified electronic signature which complies with the requirements of Regulation (EU) No 910/2014, or when information about Client's identity is confirmed by electronic identification means issued in the European Union and functioning under electronic identification schemes with high or substantial assurance level under Regulation (EU) No 910/2014, or using electronic means, allowing direct view transmission, in one of the following ways:

• document issued by the government body is captured using video-streaming and identity is confirmed using at least an advanced electronic signature, meeting the requirements referred to in Article 26 of Regulation (EU) No 910/2014;

4. Client's facial image and original identity document issued by the government body are captured using video-streaming, using a third-party information on the Client or the Beneficial owner;

5. Before commencing the use of the services of the Company, a payment order is made to the payment account of the above institution from the account held on behalf of the Client in the credit institution which is registered in the EU Member State or in a third country which applies the requirements equivalent to those specified in the Law on the Prevention of Money Laundering and Terrorist Financing of the Republic of Poland and which is monitored by competent authorities as to the compliance with such requirements, and a paper copy of the identification document, which is approved in the manner prescribed by legal acts of the Republic of Poland, is submitted. The more detailed information and technical requirements for non-face-to-face identification methods are provided in Annex Three.

SECTION 7

RISK ASSESSMENT

1. An important aspect of the due diligence process is the assessment of the risks involved and the acceptability of a prospective Client. Before agreeing to supply a service to a prospective Client, an assessment of the risks involved should be completed. This involves assessing the acceptability as a client and the risk associated with the particular services requested by the Client. This on-going evaluation is necessary to consider relevant issues before deciding as to whether the required services should be provided.

2. When entering into the Business relationship with the Client, the ML/TF risk is assessed on the basis of the documentation and information obtained from a prospective Client. Special attention must be given to the behavior of and the verbal communication with a prospective Client as well as the criteria of the High-Risk Clients and Low Risk Clients as listed in Sections 9 and 10 below. When assessing the ML/TF risk the aim is to set up and assess the following circumstances - type of the Client, i.e. whether a prospective Client meets the profile of the typical client of the Company; if not, the additional clarification and/or documentation must be requested from the Client seeking to establish if there is a high ML/TF risk.

3. Special attention is given to the following circumstances which may increase the ML/TF risk - 1) if the Client is a PEP, 2) where the prospective Client is a non-profit institution (“NPI”), 3) behavior of a prospective Client reveals that the aims and duration of the relationship expected by a prospective Client may considerably differ from what is inherent to the profile of the typical Client of the Company. If so, added clarification and/or documentation must be requested from the Client looking to establish if there is a high ML/TF risk. Client must prove if the Client acts as a principal or is represented by the third person (agent);

4. Company must assess if the virtual currency exchange and wallet services in which a prospective Client is interested correspond the nature of the business and the Transaction profile of such prospective Client; if not, the additional clarification and/or documentation must be requested from the Client seeking to establish ifthere is a high ML/TF risk; attention should be drawn where the Client or the potential Client is to transact in new or developing technologies which may give rise to a threat of ML/TF or the use of Monetary operations or Transactions that might favor anonymity;

5. Company must assess where the main place of interests of a prospective Client is situated, e.g. where the Client is living/incorporated or where the place of the main business activity of the Client is situated or where the main part of the customers of the Client comes from; it is important to establish if such main place of interests of the Client is situated in the country other than FATF country or in the Target territory; in such event the Client has to be considered as a high risk client.

6. The following circumstances shall show a high-risk and accordingly trigger high risk due diligence level:

• a prospective Client expresses his interest in the topics related to ML/TF;
• a prospective Client is reluctant to perform the actions necessary for identification and to supply information related to the Client and its financial activity
• a prospective Client refuses to supply documents or information requested by the Employee or non-face- to-face identification measures for the identification purposes, especially information/documentation showing the financial activity of the Client;
• Company doubts the correctness or authenticity of the documents or information provided by a prospective Client arises;
• a prospective Client is not able to answer the questions provided by the Employee or by non-face- to-face identification measures and related to the financial activity of the potential Client, the nature and the aims of such activity;
• a prospective Client is unusually stressed and nervous during the verbal communication with the Employee, especially when asked the questions related to the financial activity of a prospectiveClient.

7. The Officer must assess the above circumstances, showed in Point 7.2 and 7.3 above, and decide whether to refuse accepting the Business relationship with such potential Client or, if decided to further continue with the due diligence procedure, the enhanced due diligence has to be applied.

8. After the risk assessment is performed, the Client is assigned to one of three categories according to his/her/itsrisk profile:

• Average Risk Clients who do not qualify as the High-Risk Clients or Low Risk Clients - the standard due diligence and ML/TF prevention measures apply;
• High Risk Clients who are defined in Section 9 below - the enhanced due diligence and ML/TF prevention measures apply;
• Low Risk Clients who are defined in Section 10 below - the simplified due diligence and ML/TF prevention measures may apply.
• The profile of the Client is reviewed periodically (at least once a year) reflecting the changes in the Business relationship and behavior of the Client as well as based on the results of the ongoing monitoring of the Client. Thus, the risk profile and, so, the ML/TF prevention measures applied with respect of the Client may change from time to time.

9. The Company must ensure that all risk assessment documentation as well as the results of the risk assessment and all changes to the risk profile of the Client are available in the Company's records (i.e., data base) and may be made available for the future needs or if required by the relevant authorities.

SECTION 8

ADDITIONAL SOURCES

1. In addition to the information and documentation provided by or on behalf of the Client and obtained from the Third parties (where relevant), the Company has to check the below sources if the provided information is correct or to establish the missing information regarding the Client:

• SDN list (List of specially designated nationals and blocked persons): SDN list is a publication of OFAC which lists individuals and organizations whom United State citizens and permanent residents are prohibited from doing business with.
• EU sanctions list. Consolidated list, having the names and identification details of all persons, groups and entities targeted by financial restrictions

2. The sources which the Company applies regarding the particular Clients may differ depending on the circumstances of each particular case. The Company must ensure that all results of such searches are available in the Company's records and may be made available for the future needs or if required by the relevant authorities.

3. The requirement to double check the provided information by the Client may not be followed when theClient is a financial institution.

SECTION 9

ENHANCED DUE DILIGENCE PROCEDURES

1. The Company applies the enhanced due diligence procedures in the following instances: High-Risk Clients

2. All High-Risk Clients must be subject to the application of enhanced due diligence measures. For instance, PEPs and the Clients from the high-risk territories are considered to pose a higher risk of ML/TF and automatically require the application of enhanced due diligence and ongoingmonitoring.

3. High-Risk Clients are also those Clients who are assigned to this category after the risk assessment or due to the results of the ongoing monitoring, e.g. the High Risk Clients are as follows:

• those who do not correspond to the profile of the typical Client of the Company significantly and after carrying an added investigation the Employee decided that the Client or its activity raises high ML/TF risk;
• those whose behavior during the due diligence procedure was suspicious and, therefore, reported to the Officer (Section 7 above) who after carrying an added investigationdecided to go ahead further with the enhanced due diligence procedure;
• whose commercial relationship or behaviour during the due diligence procedure were unusual and after carrying an added investigation it is decided that the Client or its activity raises high ML/TF risk;
• the Client performs non-cash transfer operations on the request of persons not related to the main activity of the Client;
• the Client is from a high-risk third country found by the European Commission, the permanent place of residence of the Client - natural person (where applicable) is a territory other than FATF country;
• the Client - legal person or another organization is registered in a Target territory;
• the main place of the interests of the Client is situated in the country other than FATFcountry or in the Target territory;
• the checks in the added sources as listed in Section 8above reveals that the data of the Client, its representative (where applicable) or the Beneficial owner conform to the data of the persons associated with the ML/TF as specified in the respective lists of the Republic of Poland, EU, FATF or the United Nations;
• the checks in the added sources as listed in Section 7 above reveals that the data of theClient, its representative or the Beneficial owner (where applicable) conform to the data of the persons under the financial sanctions by the Law on Implementation of Economic and other International Sanctions of the Republic of Poland;
• the unusual behaviour of the Client is established that does not correspond to the ordinary course of activities of the Client (e.g. increasing amounts of payments, especially to the payees or for the goods or services that do not correspond the declared activity of the Client);
• those who were assigned to the category of the High Risk Client due to other reasons that raises high ML/TF risk of the Client.

4. Politically Exposed Persons: The identification and risk assessment process (Annex Two to these Procedures) or the ongoing monitoring (Section 13 of these Procedures) may reveal the Client or the Beneficial owner (where applicable) to be a PEP as defined in Section 1 of these Procedure. If it is established that theClient or the beneficial owner is a PEP then, such fact must be notified to the Officer who verifies the information and documentation obtained as well as the added sources (if needed) and decides whether to refuse (terminate) the Business relationship with such Client or to apply to the authorized senior management of the Company for the approval to set up (continue) a Business relationship with such Client. Proper measures must be taken to set up the source of wealth and funds related to the Business relationship, Monetary operation or Transaction. Enhanced ongoing monitoring of the Business relationship with the PEP must apply to ensure that the source of wealth and funds that are involved in the PEP's personal/business Monetary operations and Transactions are legitimate. An individual is considered as PEP for a period of one (1) year after ceasing to be entrusted with the Prominent public functions.

5. Enhanced Due Diligence Measures: In all the above instances and apart from normal due diligence procedures, at least one of the following additional measures must be taken - the added data, documents or information have to be used to establish the Client's identity, the supplementary measures have to be undertaken to verify or certify the submitted documents or the confirmatory certification issued by other financial institution has to be required, ensuring that the first payment is carried out through an account held by the Client in his name with a credit institution authorized in the EEA Member State or the third country which imposes equivalent requirements to those laid down in the laws of the Republic of Poland.

SECTION 10

SIMPLIFIED DUE DILIGENCE

1. The simplified due diligence is allowed when the Client being a low ML/TF risk and in the following cases:

• the Client is a company whose securities are admitted trading on a regulated market in one or more EEA Member States, and other companies from third countries whose securities are traded in regulatedmarkets and which are subject to disclosure requirements consistent with EU legislation;
• where the Client is a financial institution covered by the Law on the Prevention of Money Launderingand Terrorist Financing of the Republic of Poland, or a financial institution registered in another EEA Member State or in the third country which imposes equivalent requirements to those laid down in the laws of the Republic of Poland;

2. Simplified due diligence cannot apply if there exist circumstances when the conduction of the enhancedClient identification is needed. Simplified due diligence also cannot apply, if a separate decision of the European Commission hasbeen adopted on thisissue. Where it is set up that the simplified due diligence can be used, the Company has to apply measures listed in Annex One. This despite, the Company must ensure that supporting documentation is available in the Company's records and may be made available if required by the relevant authorities. On-boarding procedure describes steps taken at the company to on-board customer by Law on the Prevention of Money Laundering and Terrorist Financing. This procedure applies directly to all staff collaborating with customer on-boarding.

3. Ongoing due diligence (“ODD”) procedure has been performed during the establishment of business relationship and it considered complete when information is reviewed and approved by compliance team. The ODD procedure is appointed to guide employee through ODD process.

SECTION 11

SUSPICIOUS MONETARY OPERATIONS AND TRANSACTIONS

1. A transaction which appears unusual is not necessarily suspicious. Therefore, the unusual is, in the first instance, only a basis for further inquiry. This would then require judgement as to whether it is suspicion. Below is the list of criteria of ML and TF which also serve as the examples of the ML/TF activities.

2. Suspicious transactions are decided by the Employees of the Company when applying the ML/TF prevention measures set up under this Procedure and paying attention to the Monetary operations and Transactions which according to the documentation and information obtained and the criteria listed below could be related to ML/TF. Considering the activity of the Company and the nature of financial services provided by the Company, Monetary operation or Transaction could be regarded as suspicious, if it meets at least one of the following criteria

• the monetary operations or transactions of the Client do not correspond to the types of activitiesspecified in the founding documents of the Client or usual cooperation with the Company;
• the character of the monetary operations or transactions performed by the Client raises suspicion that it is looked to avoid the inclusion of the monetary operations and transactions in the Register of Monetary Operations Performed by the Client and of Suspicious and Unusual Monetary Operations and Transactions kept by the Company;
• the Client performs monetary operations or concludes transactions where it is difficult or impossible to find the beneficial owner;
• the Client regularly performs monetary operations or concludes transactions with legal persons or other organizations registered in the target territories defined in the laws of the Republic of Poland where there are no clear economic grounds for such activities;
• the Client performs monetary operations or concludes transactions without clear economic grounds;
• the Client, the representative of the Client (where the monetary operation or transaction is performed through a representative), beneficial owner or person to whose benefit the monetary operation or transaction is performed is subject to financial sanctions by the Law of the Republic of Poland on the Implementation of Economic and other International Sanctions;
• the frequency of small money transfers from different accounts to the account of the Clientincreases without clear grounds;
• the age, job, financial condition of the Client who is a natural person (the income of the Client is too small compared to the scope of his financial activities) objectively fail to correspond to the financial activities carried out by the customer;
• the Client's account is transit: funds deposited into the account are soon transferred to another account, while other transactions are almost non-existent;
• international payments are made to PEP related natural person, close associate or family memberwithout clear economic grounds.

3. Suspicious monetary operations or transactions shall be also identified in accordance with the criteria for the identification of suspicious monetary transactions or transactions approved by Resolution No. V-240 of December 5th of 2014 of the Director of Financial Crime Investigation Service under the Ministry ofInternal Affairs of the Republic of Poland "On the Approval of the List of Criteria for Money Laundering and Suspicious or Unusual Monetary Operations or Transactions Identification".

4. Proper attention should be given to other circumstances which are not explicitly listed above, but may raise suspicions on ML or TF. Also, special attention must be given to the complex or unusually large transactions and all unusual patterns of transactions which have no apparent economic or visible lawful purpose, and Business relationship or Monetary operations with the End customers from the countries outside the EU and the third countries with the equivalent regime.

5. If any suspicious activity listed above or other types of suspicious activity are noticed, such activity should be at once reported to the Officer. If necessary, an investigation of the matter may include gathering more information internally or from Third parties or other sources as well as suspending the Monetary operation or Transaction and filing a Suspicious Transaction Report with the FIU.

6. Transaction monitoring ('TM') procedures enable the company to detect and assess whether customers' transaction pose suspicion when considered against their respective backgrounds and profiles. It also facilitates the holistic reviews of customer transactions over periods of time, in order to monitor for any unusual or suspicious trends, patterns or activities that may take place. TM procedure describes the steps taken by the company to recognize, investigate and report suspicious activity of customers. Please refer to Transaction Monitoring Procedure REZO FIVE.pdf for more details.

SECTION 12

ONGOING MONITORING

1. After the proper due diligence procedure is undertaken and based on the results of the latter the Client is accepted, the further monitoring of the Client, its Business relationship (where applicable), Monetary operations and Transactions must apply. Ongoing monitoring is carried out to ensure that the Clients meet the requirements stipulated in these Procedures and the Company's services are not used for anyML/TF purposes as well as to enable us to establish the possible ML/TF actions and undertake the respective preventative measures.

2. To check all the Monetary operations and Transactions undertaken by the Client and be able to assesstheir consistency with the knowledge, business and risk profile of the Client. During this procedure it must be assessed whether the risk profile, business or financial position of the Client changed throughout the year.

3. Records should be amended to reflect these changes. Earlier records should still be kept in file.

4. The Client Due Diligence measures should be also taken every time where the following circumstances reveal:

• when there are doubts about the veracity or adequacy of previously obtained identification data of the Client and/or the Beneficial owner and/or the representative of the Client (where applicable);
• in any other case when there are suspicions that the act of ML or TF is, was or will be performed.

5. The Company must ensure that supporting documentation of the ongoing monitoring of the Clientsis available in the Company's records and may be made available if required by the relevant authorities.

SECTION 13

IN CASE OF SUSPECT

1. Internal Report. If it is found, what is believed to be a suspicious transaction, it must at once be reported to the AML Officer. This report should be made in writing and before executing the client's instructions to affect a transaction.

2. Tipping off. No member of staff or personnel may show to the Client concerned or to a third party, the fact that an investigation is being conducted, or that information has been transmitted to the FIU, since such disclosure might prejudice any investigation being conducted. Furthermore, at no stage may any member of staff or personnel, tip off or warn the Client specifically about the Company's reporting obligations or that it has filed a report as this would be tantamount to alerting a suspected criminal that the Company has uncovered his illegal activity. Furthermore, such tipping off to the Client is likely to prejudice the effectiveness of any investigation or actions regarding a suspicious Transaction.

3. If the Client is inadvertently alerted to ongoing investigations, the Company is to at once seek guidance from the FIU as to how the Company should act.

4. External report. When suspicious monetary operation or transaction is detected, a documented investigation must be completed, that operation or transaction must be suspended, and a report made to the FIU withinthree business hours. There is no minimal threshold or limit for such a report. Once suspicious monetary operation or transaction is reported to the FIU then they must respond within ten working days. If the FIU requests further information, then a response to that request must be supplied at once.

5. The Company may be also instructed by the FIU to suspend the particular Monetary operation or Transaction which the FIU alleges to be a ML/TF mean. In the latter event the Company must suspend such Monetary operation or Transaction for up to 10 (ten) business days.

6. The FIU must verify the reported Monetary operation or Transaction within 10 (ten) business days as of the receipt of the respective report or as of the submission of the respective instructions to the Company. If within 10 (ten) business days as of the suspension of the Suspicious Monetary operation or Transaction the Company does not have to perform temporary restriction of ownership rights according to the procedure set up by the Code of Criminal Procedure of the Republic of Poland, the Monetary operation or Transaction must be resumed.

7. The FIU may request the Company to supply all necessary information which is needed for the FIU to conduct the verification of the Suspicious Monetary operation or Transaction. In the latter event the Company must supply the requested information within 1 (one) business day after the receipt of the respective requestof the FIU.

8. The FIU must be urgently reported (no suspension is needed) by the Company, if the Company obtains the information that the Client intends or will try to perform a Suspicious monetary operation orTransaction.

9. The Company shall notify the FIU of the Client's identity data and information on the executed virtual currency exchange transactions (virtual currency purchase or sale in decree currency) or virtual currency transactions (virtual currency asset settlements) the value of a monetary operation or transaction is equal to or greater than EUR 15 000 or currency/virtual currency equivalent, whether the transaction is carried out in the context of one or more related monetary operations. The value of the virtual currency is decided at the time of the monetary operation or transaction.

10. The Company has to ensure that any information requested by the FIU is provided to the FIU within 14 (fourteen) business days, unless the shorter periods are established in this Procedure or by the law.

11. The Company, including its Employees acting in good faith, are not responsible to the Client for the non-fulfilment of any contractual obligations and for the damage caused due to the reporting and suspensionof the Suspicious Monetary operations and Transactions as well as for the provision of the information upon the request of the FIU

12. All reports to the FIU must be given in the FIU electronic system by filling the respective electronic form of report. If due to any reasons the submission of the report to the FIU via the FIU electronic system is not available, respective report must be given via the e-mail or fax without any delay.

13. The FIU may ask for the other information in writing or via e-mail. In the latter event the requested information must be provided in writing or via e-mail or fax.

14. All correspondence with the FIU is to be kept, and that written records of all telephone conversations are made. Copies of all relative documentation are to be kept in the file bearing the name “Prevention of Money Laundering and Terrorist Funding,”

15. The Officer is to request guidance from the FIU on all relevant matters.

SECTION 14

RECORD KEEPING

The Company must keep the following records:

1. Client Identification Records:

• all records of steps taken to obtain identification records, as well as copies of evidence of the identity of the Clients and beneficial owners (the documents to be obtained and retained for the Client identification purposes are established in Annex Two to these Procedures);
• all risk assessment records as well as the Client risk profile;
• a standard application form must be completed for every new Client as well as for the existing Client where the identification of the Client is needed under these Procedures; the filled application form must be signed off by all the Clients and prospective Clients;
• all records related to the ongoing monitoring of the Clients.

2. Record of Transactions:

• a record having details of all transactions undertaken in the course of an established Business relationship; this is to include a record of all work performed for or the services provided to the Clients;
• Transaction records are to be kept in a form which will allow a satisfactory audit trail to be completed where necessary, and which may set up a financial profile of any suspect Client;
• records on internal and external Suspicious Monetary operations and Transactions reporting.

3. Other Records:

• evidence of the training programmes on ML/TF prevention whether in-house or external;
• evidence of the proper acknowledgment of the Employees with these Procedures andtheir amendments as may be needed form time to time;
• other records if required under these Procedures or the Law on the Prevention of Money Laundering and Terrorist Financing of the Republic of Poland as well as other legal acts related to the prevention of ML/TF

4. Registers. The Company keeps the electronic Registers as defined in Section 1 above. Entries in the Registers must be executed in chronological without any delay, but not later than within 3 (three) business days as of the respective transaction is executed or the respective circumstances occurred. The Registers are managed and the respective entries in the Registers are made by the Officer, unless other person(s) is(are) appointed by the managing director of the Company.

5. The following data must be filled in the Registers:

• name, legal form, registration address, code (if available) for legal person or its representative (where relevant): name, surname, date of birth, personal number (or another unique combination of characters assigned to the person for identification purposes, if the personal number is not available);
• data on the Monetary operation or Transaction: date, description of the assets used (e.g.,monetary funds, real estate etc.) and its value, amount, currency;
• data on the payee: name, surname, date of birth, personal number (or another unique combination of characters assigned to the person for identification purposes, if the personal number is not available) for natural person and company name, legal form, registration address, code (if available) for legal person;
• data on the Beneficial owner (where applicable) for the Register of the Suspicious Monetary operations and Transactions as well as the Register of the Clients with whom Transactions or Business relationship has been terminated due to the circumstances related to the ML/TF or the infringement of these Procedures only: name, surname, date of birth, personal number (or another unique combination of characters assigned to the person for identification purposes, if the personal number is not available);
• criterion under which the Monetary operation or Transaction is considered as Suspicious Monetary operation or Transaction by the order of the Director of the FIU No V-240 of 5 December 2014 for the Register of the Suspicious Monetary operations and Transactions only;
• reasons for the termination of the Transactions or Business relationship for the Register of the Clients with whom Transactions or Business relationship has been ended due to the circumstances related to the ML/TF or the infringement of these Procedures only.

6. The Registers are managed in digital format. The Registers are stored on the servers of the Company and are accessible via the internal network of the Company only. The Registers are managed in the Microsoft Office Excel format. There is possibility to print out the content of the Registers on paper and this possibility remains after the data is copied in other durable medium. The IT system will have back up function which will allow reversing the Registers. Registers' data will be also stored on another server to duplicate all transactions aswell as actions within the Company. The IT system allows duplicating information in less than 24 hours.

7. All Client information and documentation have to be kept for the period of 8 (eight) years as of the end of the Transactions or Business relationship with the Client, except the correspondence with the Client regarding the business relationship, which has to be kept for the period of 5 (five) years as of end of the Transaction or Business relationship with the Client.

8. The data of the Registers have to be kept for the period of 8 (eight) years as of the end of the Transaction or Business relationship with the Client.

9. Records may be kept both in hard copies and in soft copies, save the Registers which are kept in digital format only.

10. Backups of soft copies of all Monetary operations and Transactions undertaken are to be taken on a regular basis at least once a month. Certain original documents or certified copies of documents obtained are to be kept in hard copies and these should never be held exclusively in electronic format.

SECTION 15

IMPLEMENTATION OF ML/TF PREVENTION MEASURES

1. Implementation of ML/TF Prevention Measures. The Company's preventative ML/TF measures are adopted considering the latest supra-national and national risk assessment documents, including the documents shown below which shall be reviewed and updated from time to time:

• the results of the European Commission and national money laundering and terrorist financing risk assessment, unless it is decided during the national money laundering and terrorist financing risk assessment not to follow certain recommendations of the European Commission;
• instructions, as much as they apply to virtual currency exchange operators, approved by the Bank of Poland, FCIS;
• documentation of the European Supervisory Authorities about the risks that should be considered and the measures that need to be taken in cases when simplified Client identification is permitted;
• guidelines of the European Supervisory Authorities about the risks that should be considered and the measures that need to be taken in cases when it is appropriate to apply enhanced Client identification measures.

2. The managing director of the Company handles the proper compliance of the Company with the requirements established by the Law on the Prevention of Money Laundering and Terrorist Financing of the Republic of Poland as well as other legal acts related to the prevention of ML/TF. Therefore, the managing director must arrange the following:

• the preparation and approval of these Procedures as well as proper revision of these Procedures as may be needed from time to time;
• the appointment of the Officer and replacement of the Officer as may be needed from time to time as well as arrangement of the respective notification on the latter to the FIU;
• ensure the proper acknowledgment of the existing and new Employees with these Procedures as well as the amendments thereto as may be needed from time to time;
• ensure the proper trainings of the existing and new Employees on the ML/TF prevention measures prior to their commencement of the duties related to the ML/TF prevention as well as further periodical trainings, including the trainings in case of new ML/TF prevention regulation is issued and/or these Procedures are amended as may be needed from time to time;
• ensure the proper implementation of these Procedures in the Company, including but not limited to: due diligence of the Clients; ML/TF risk assessment and management; ongoing monitoring of the Clients; establishment, suspension and reporting of the Suspicious Monetary operations and Transactions; recording and keeping the ML/TF prevention-related information and documentation, including the proper maintenance and keeling of the Registers;
• other duties set up under the Law on the Prevention of Money Laundering and Terrorist Financing of the Republic of Poland and other legal acts.

3. When performing the above duties, the managing director of the Company may appoint other persons to be responsible for the particular duties on the ML/TF prevention in the Company. In such event, the managing director of the Company stays liable under the Law on the Prevention of Money Laundering andTerrorist Financing of the Republic of Poland and the related legal acts for the proper fulfilment of the above duties.

4. The Officer is to be appointed by the managing director of the Company. The managing director of the Company may appoint an alternate the Officer during periods when the Officer is going to be unavailable for a period of time so as to ensure continuity in the Company's obligations related to the ML/TF prevention. Upon appointment or replacement (whether temporary or permanent) of the Officer the FIU is to be notified on the latter within 7 (seven) calendar days.

5. The Officer is responsible for the oversight of all aspects of the Company's ML/TF prevention activities and is the focal point for all such activity of the Company, including the Client Due Diligence and furtherongoing monitoring of the Clients as well as the suspension and reporting to the FIU of the Suspicious Monetary operations and Transactions and all communication with the FIU. If during the Due Diligence stage or later during the ongoing monitoring of the Client the Employee has any doubts about the Client or its financial activity, the Employee must apply to the Officer. The Officer has to undertake the needed internal investigation actions and decide if the circumstances reported by the Employee raise high risk of ML/TF. The Officer decides if the Client who raised the doubts can be accepted, which risk category such Client has to be assigned and if the enhanced due diligence and ongoing monitoring have to be undertaken with respect of such Client. All decisions of the Officer as well as reasons for such decisions should always be documented and kept by the Officer on file.

6. Employees should always file a report to the Officer upon knowledge or suspicion of ML/FT, and it is the Officer who would then consider if a Monetary operation or Transaction has to be suspended and reported to the FIU. If the Officer decides that the Monetary operation or Transaction reported to Officer by theEmployee is not a Suspicious Monetary operation or Transaction and there is no need to suspend it and report to the FIU, the reasons of such a decision should always be documented and kept by the Officer on file. Once an internal report on the Suspicious Monetary operation or Transaction is lodged with the Officer, the latter should then consider the report in the light of all other relevant information in the Company'spossession. The Officer is to determine whether the transaction gives rise to knowledge or suspicion that a Client is or could be engaged in ML or TF. The Officer is not expected to investigate the transaction other than internally or to decide whether the funds are the proceeds of criminal activity. If the Officer is in doubt as to the possibility of ML/TF involvement, he may seek guidance from the FIU. If the report on the suspicious Monetary operation or Transaction is not filed with the FIU, the Officer should document the reasons for such decision.

SECTION 16

TRAINING OF EMPLOYEES

1. All staff and kept personnel, whose duties include the handling of Clients' business, are to be adequately trained with respect to the procedures and the provisions of the Prevention of Money Laundering Act, the relevant Regulations and the relevant provisions in the Criminal Code of the Republic of Poland.

2. The level of training provided to individuals is to be proper to their role and seniority within the Company. In any case all Employees must have the proper training on ML/TF prevention prior to the commencement of their duties at the Company which involve the ML/TF risk.

3. The managing director of theCompany handles the proper performance of the duties related to the training of the Employees. The managing director of the Company may appoint other persons who will undertake all necessary measures for the proper training of the Employees.

ANNEX 1

1. Using the simplified identification procedure, the Company collects only the below showed information about the Client's identity.

2. Following information has to be collected from the personal identification document or the registration document used for the due diligence purposes:

• as regards citizens of the Republic of Poland
  • name(s);
  • surname(s);
  • personal number;
• as regards foreign citizens;
  • name(s);
  • surname(s);
  • date of birth (if available - personal number or another unique combination of characters assigned to the person for identification purposes);
• as regards legal persons (both local and foreign):
  • corporate name;
  • legal form, main office (registered office and/or the headquarter in the place of themain interests);
  • code (registration number etc., if any);
  • the data of the Beneficial owner;
  • the activities of a legal person, the purposes and the object of a business relationship, as well as the type of economic activities;
  • the governance structure and the nature of activity of a legal person.

3. When applying the simplified due diligence, the Company obtains information indicated in point 1.2 of Annex One and also ensures that the first payment of the Client is performed from the account held in acredit institution, where the credit institution is registered in the European Union Member State or in a third country which has set the requirements equivalent to those laid down in the laws of the Republic of Poland and is monitored by competent authorities for compliance with these requirements, except in cases indicated in Section 10.1 (7) of the Procedures.

4. In cases indicated in Section 10.1 (7) of the Procedures, the Company can deviate from the measures indicated in Sections 1.1-1.3 of Annex One, however has to perform ongoing monitoring of the Client's Business relationship, including scrutiny of transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are consistent with the Company's knowledge of the Client, the business and risk profile, and the source of funds and to ensure detection of complex or unusually large transactions and unusual patterns of transactions (the Company must analyse the grounds of performance and purpose of such operations or transactions, and execute the results of suchanalysis in writing). Information can be collected either through the face-to-face contact or using electronic means.

5. If the thresholds showed in Section 1.2 are exceeded, the Company must apply the full identification procedure through the face-to-face contact or using non-face-to-face identification measures.

ANNEX 2

Face-to-face contact identification procedure

1. Identity of the Clients will be verified through the face-to-face contact by the below set up rules. The Client must supply personal identification document (for natural persons) or the registration and/or other corporate documents (for legal persons).

2. This Section also applies to those cases where the Client is represented by another person. Usually, such representation is documented by the power of attorney. Where the Client is represented by another person, the Employee must find and verify both the Client and the representative. In addition, the respective representation document (usually this will be the power of attorney) must be verified (it is expected that you will check if the person who issued the respective document had such capacity; the validity period of the representation document and the representation powers granted by such document). The representative shall supply personal document (ID or passport) to find its personality. Should you have any doubts about the representation document gave for the identification purposes, you have to apply to the Officer who will assess the representation document submitted and will decide if the submitted document is acceptable for the identification purposes.

3. Where the legal person is represented by the managing director of such legal person or by other person who holds the right to be the legal person under the respective corporate documentation, such situations is considered as the physical presence of the Client and no enhanced due diligence applies. However, the identification of the representative has to be carried out.

4. The documents obtained for the identification of the Client must be sufficient to properly determine and collect the below data and information about the Client and the representative (where applicable).

5. Following information must be collected from the personal identification document or the registration document used for the due diligence purposes:

• as regards citizens of the Republic of Poland:
  • name(s);
  • surname(s);
  • personal number;
  • photograph;
  • signature;
  • nationality.
• as regards foreign citizens;
  • name(s);
  • surname(s);
  • date of birth (if available - personal number or another unique combination of characters assigned to the person for identification purposes);
  • the number and the expiry date of a permit for permanent residence in a foreign state as well as the place and date of its issue (applies to foreigners permanently living in a foreign country);
  • photograph;
  • signature;
  • nationality.
• as regards legal persons (both local and foreign):
  • corporate name;
  • legal form, main office (registered office and/or the headquarter in the place of the main interests);
  • code (registration number etc., if any);
  • registration extract and date of its issue;
  • the data of the Beneficial owner;
  • the activities of a legal person, the purposes, and the object of a business relationship, as well as the type of economic activities;
  • the governance structure and the nature of activity of a legal person.

7. Such documents gave by the Client must be certified in the Client's file or application by the signature and the stamp of the Client, if holding a stamp is mandatory to the Client under theapplicable laws. Documents may also be certified on the non-face-to-face basis using a qualified electronic signature. In addition, the Employee has to use the reliable and independent sources (e.g. Section 8 of the Procedure) for verification of the documents and information regarding the Beneficial owner submitted by the Client.

8. The Employee also must ask the Client to specify the public sources where the data and documents regarding the Beneficial owner can be verified. The following data of the Beneficial owner must be stored by the Company and available to be submitted to the FIU if required by the latter:

• the identity data (name, surname, personal number, or another unique combination, if the personal number does not exist);
• evidence on verification of the data and documents submitted by the Client in the reliable and independent sources;
• data on the management structure of the Client - legal person;
• records on the flows of the Client's funds.

9. To ascertain whether the Client is acting on his own behalf or is controlled, the Employee has to:

• verify whether the right to perform a Monetary operation on behalf of the Client has been granted to a person who is in clear business, professional or commercial relations with the Client; to verify if there are elements that do not correspond to the typical Monetary operations and commercial activity of the Client (e.g. more frequent payments in cash, increasing sums involved in Monetary operations, Payment for products or services that are not related to the Client's main activity);
• to see if the Client supplies requested information in good faith and does not avoid answering the questions.

10. Identification of the PEP. The PEP is set up by verifying the information and documentation provided by the Client. The Employee must ask the Client to indicate and provide relevant information to determine if the Client or the Beneficial owner is a PEP. The Employee also has to use additional sources (Section 8 of the Procedures) to establish and/or check the information provided by the Client with regard to the PEPs. Such searches (results thereof) must be documented and stored similarly to the copies of the personal identification documents or other due diligence documents.

11. Identification of the Client registered in the Target territories: In addition to the above data, where the Client is a legal person or other organization registered in the Target territory, the Client, and its representative (if applicable) must provide in writing the following information:

• current place of residence;
• postal address;
• contact information (valid telephone numbers, email addresses)

12. Information and documentation used for the identification purposes: The documents gave for the due diligence purposes must be either:

• the original documents; or
• the copies certified by the public notary.

13. The Employee must make and keep the copies of the identification documents and other documents submitted by the Client for the Client identification purposes when applying face-to-face identification procedure. In case the hard copies are kept, such copies must be:

• signed by the Employee, showing the position, name and surname of the Employee and the date;
• marked by the Employee as authentic by making an entry “true copy”;
• certified by the stamp of the Company, if holding a stamp is mandatory to the Company underthe applicable laws.

14. More information obtained from the Third parties or added sources (Section 8 of the Procedures) must be documented and stored similarly to the copies of the personal identification documents or other due diligence documents as discussed above. Where the checks are made in the data basis or similar sources, the Employee must document the results of such searches/checks, sign and certify such documents in the same manner as the copies of the personal identification documents and store similarly to the copies of the personal identification documents or other due diligence documents.

ANNEX 3

Non-face-to-face identification measures

1. Identity of the Clients will be verified through by the Procedures, including nonface-to-face identification measures set up in Section 6.3 of the Procedures, and the below set up rules applicable to physical and legal persons.

2. Identification of a physical person

Requirements	Measures
Level 1: Simplified Due Diligence / Exemptions	Used when simplified due diligence is applied as described in Annex One. The Client fills in the KYC questionnaire; The Company collects and verifies information as described in Annex One; The Company checks in the consolidated lists of persons, groups and entities subject to the Poland, EU or United Nations financial sanctions:www.urm.lt; http://eeas.europa.eu/cfsp/sanctions/consol-list/index_en.htm; https://www.un.org/sc/suborg/en/sanctions/un-sc- consolidated-list. In case Section 10.1 (1)-(6) of the Procedures is used: The Company additionally needs the Client that the first payment to the electronic money account is done from the Client's bank account.
Level 2: Unlimited	The Company uses the following options: Option 1: The Client verifies his identity using qualified electronic signature. Option 2: The Client's facial image and original identity document is streamed live and compared. The machine-readable data is recognized and compared with the entered data by the client; More information is collected in the open databasesto verify the existence of such person (for instance, name is matched to the date of birth). Option 3: The Client's identity document is streamed live, machine readable data is recognized and compared with the data from an advanced electronic signature; More information is collected in the open databasesto verify the existence of such person (for instance, name is matched to the date of birth).

3. Identification of a legal person

Requirements/Amount of €

Measures

One Level

After the Company finds the Client's authorized representative by identification requirements applicable to physical persons, Client supplies the following information in an electronic account opening form: Name of legal entity (including name in original language); Legal form; Registered business address; Registration number; Date of registration; E-mail, business phone number, web address; Purpose of account and expected transaction types; Estimated incoming transfers; Estimated outgoing transfers; Origin of funds; Beneficial owner declaration Client uploads the following documents: For Clients recorded in the commercial register: An extract from the Commercial An extract from the Commercial Register issued by the Registrar; or, A written extract (got by the Company) from a database managed by the registration authority; A written extract (got by the Company) from a reliable, privately managed directory or database. For Clients not recorded in the Commercial Register or an equivalent Register: The by-laws, founding acts or agreements, auditor's certification, official authorization to exercise the activity or equivalent documents; or A written extract (got by the Company) from a reliable, privately managed directory or database. Authorities must be found by a proper by- law/resolution or other equivalent documents or sources. The extract from the Commercial Register, the certification by the auditor and the directory or database extract must be no more than one year old at the time of identification and must correspond to the current circumstances. Client uploads identification documents of beneficial owner - electronic copy of passport/ ID card. The Company's system verifies through the third-party database that the provided information of legal entity and beneficial owner is real, it matches the name, and that the person has no criminal history or is compromised. The information is manually reviewed by the Company's Compliance team and only after this point the Client is allowed to use the account.

ANNEX 4

The following countries, territories and zones are considered as the Target territories under the Procedures:

• Andorra
• Anguilla
• Antiga and Barbuda
• Macau
• Aruba
• Azores
• Bahamas
• Bahrain
• Barbados
• Belize
• Bermuda
• Brunei
• Dominica
• Jersey
• Djibouti
• Ecuador
• Guernsey, Sark, Alderney
• Gibraltar
• Grenada
• Guatemala
• Hong Kong
• Jamaica
• United Arab Emirates
• Cayman Islands
• Kenya
• Costa Rica
• Cook Islands
• Kuwait
• Lebanon
• Liberia
• Liechtenstein
• Madeira
• Maldives
• Marshall Islands
• Mauritius
• Isle of Man
• British Virgin Islands
• U.S. Virgin Islands
• Monaco
• Montserrat
• New Caledonia
• Nauru
• Niue
• Netherlands Antilles
• Panama
• Samoa
• San Marino
• Seychelles
• Saint Pierre and Miquelon
• Saint Kitts and Nevis
• Saint Vincent and the Grenadines
• Island of Saint Helena