NUBIO AML/CTF and Sanctions Compliance Policy
1. General Provisions
NUBIO Payments Inc. (hereinafter – the "Company") is a Canadian-registered Money Services Business (MSB) supervised by the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC). The Company complies with the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA), related regulations, and recommendations of the Financial Action Task Force (FATF).
The Company has developed and implemented an Internal Control System (ICS), which includes policies, procedures, IT tools, and risk management mechanisms to ensure compliance with AML/CTF and sanctions obligations in Canada and internationally. The ICS is structured based on the results of Entity-Wide Risk Assessment (EWRA), which is reviewed at least annually or when the business model or risk profile changes. This Policy is reviewed at least annually or upon significant changes in the business model, risk profile, or legal requirements. All amendments must be approved by the Board of Directors.
The current version of the AML/ CFT and Sanctions Complience Policy is always available on the website
2. Services and Customer Base
NUBIO provides services exclusively to legal entities (corporate Customers). We do not serve individuals. All Customers undergo strict due diligence before onboarding.
NUBIO is applying KYC (Know Your Customer) principles in the work with its Customers, cooperating only with those Customers who are identified, verified and are not working for the benefit of third parties, and there are no suspicions that ML/TF or Sanctions breach or circumvention is being, is planned or was committed by these Customers.
NUBIO performs risk assessment (scoring) on all Customers to understand potential risks that particular Customer could use NUBIO services in order to perform ML, TF, Sanctions circumventions or breach or commit other crimes. Based on the results of the performed risk assessment, Customers are applied with appropriate risk levels and risk mitigation measures to control risks and timely determine possible suspicious or unusual activities.
All Customers are identified and verified distantly, using various automated and manual tools taking into account legally obliged requirements. Used automated tools are acquired from trusted and well-known providers and are integrated into the workflow and core system of NUBIO with appropriate to NUBIO information flow and Customer specific configurations.
All Customers, with no exceptions, undergo due diligence processes where depth of performed due diligence is determined based on Customer risk level and additional unique risk factors, characteristics and situations.
The Company does not establish business relationships with Customers engaged in illegal or excessively high-risk industries. NUBIO refuses to work with entities involved in the following activities:
3. Customer Due Diligence (CDD) and Onboarding
Before establishing a business relationship, each prospective Customer must undergo a full identity and background verification. The following information and documents are required:
Minimum onboarding requirements include:
Periodic Reassessment
Customers are subject to regular risk reassessments. Based on trigger events or predefined intervals (determined by risk level), NUBIO re-validates Customer data and may request updated documents. The Customer’s profile is reviewed and may result in continuation, enhanced monitoring, or termination of the relationship.
4. Enhanced Due Diligence (EDD)
Customers categorized as high risk, including PEPs or entities from high-risk countries, are subject to Enhanced Due Diligence. EDD includes:
Customers are assigned a numerical risk score based on multiple factors. Risk categories include low, medium, high, and unacceptable. Customers in the "unacceptable" category are rejected or offboarded. Risk levels affect the depth of checks, monitoring frequency, and controls applied.
6. Ongoing Transaction Monitoring
NUBIO uses real-time and retrospective transaction monitoring systems. Scenarios and thresholds are tailored to each Customer profile. Alerts are reviewed by compliance staff, and suspicious activity is escalated to MLRO.
Alert categories include:
Unusual frequency or volume of payments
Activity inconsistent with known Customer business
Known risk triggers (e.g., cash-heavy industries, crypto-fiat transfers)
The MLRO and Compliance Team regularly review flagged transactions. False positives are documented. Confirmed suspicious activity leads to SAR/STR filings.
7. Sanctions Screening
NUBIO complies with Canadian, OFAC, UN, and EU sanctions. Screening occurs at onboarding, during transactions, and in regular batch reviews. The Company maintains an internal list of prohibited jurisdictions. Business is immediately declined or suspended if a Customer or transaction is flagged against any sanctions list.
Screening is conducted:
Customers connected to PEPs are automatically considered high-risk. PEPs include senior government officials, their families, and close associates. PEP status persists for 12 months after the official leaves office. Customers must declare PEP status, and NUBIO conducts independent verification. PEP status is maintained for at least 12 months after the official leaves office, and may be extended if the individual is still deemed influential or presents a corruption-related risk.
9. Reporting Suspicious Activity
Any employee who detects suspicious activity must report it to the MLRO. The MLRO evaluates such reports and, if warranted, submits a Suspicious Transaction Report (STR) to FINTRAC. Customers are not informed of such reports (tip-off prohibition). The MLRO may submit STRs without Board approval.
10. Recordkeeping
All AML-related records are stored securely in electronic systems with audit trail capability. Customer documents and transaction records are retained for at least 5 years after the business relationship ends, or up to 10 years in certain legal cases.
11. Third Parties and Partners
NUBIO conducts due diligence on all third-party partners, especially financial institutions. This includes license verification, reputation checks, sanctions screening, and AML capabilities. The Company rejects or offboards partners who fail to meet compliance standards.
The Company has appointed a dedicated Money Laundering Reporting Officer (MLRO), who is also a Director of the Company. The MLRO is responsible for implementing this Policy and managing the AML/CTF and sanctions program. Responsibilities include:
The Company’s ICS includes risk models, IT systems, escalation procedures, and controls. Internal audits are conducted annually, and external audits occur at least every two years. ICS findings are reported to the Board. Any weaknesses trigger a remediation plan, which is monitored and documented. Internal audits of the ICS are conducted annually. External audits are performed at least once every two years to assess compliance and effectiveness.
14. Whistleblowing
Employees are encouraged to report violations of laws, policies, or ethical standards. Reports may be submitted openly or anonymously. Retaliation is strictly prohibited. Whistleblowing can be directed to the MLRO, another senior manager, or directly to FINTRAC.
NUBIO maintains multiple communication channels, including secure emails and anonymous forms. All reports are investigated promptly, and corrective measures are taken where necessary.
Definitions
AML/CTF – Anti-money laundering and counter terrorist financing;
Board – Management board of NUBIO;
CDD – Customer due diligence;
Crypto – Virtual currency or cryptocurrency, is a digital currency, which is an alternative form of payment created using encryption algorithms;
Customer – referred to as existing or potential customers legal persons or natural persons of NUBIO to whom services are or will be provided;
Director – Managing director of NUBIO;
NUBIO – Nubio Payments Inc.;
EDD – Enhanced due diligence;
EU – European Union
FINTRAC – Financial Transaction and Reports Analysis Centre of Canada, is Canada’s financial intelligence unit and regulatory body where money service businesses like NUBIO must register its activity and receive approval before initiating business activities;
ICS – Internal control system that represents the whole processes, documentation, policy and procedures of NUBIO to combat money laundering, terrorist financing and International Sanctions breaches in order to comply with applicable Canada AML/CTF and Sanctions regulations and FATF standards and recommendations;
International Sanctions (Sanctions) – political and economic decisions that are part of diplomatic efforts by (as in NUBIO ICS) Canada, European Union, United States of America OFAC, United Nations against states, organizations or persons either to protect national security interests, or to protect international law, and defend against threats to international peace and security;
KYC – Know Your Customer;
ML/TF and Sanctions risks – Money laundering, terrorist financing and Sanction breaches risks;
MLRO – Money laundering reporting officer, is a Compliance Officer who is responsible for implementing of ICS;
OFAC – Office of Foreign Asset Control, a governmental organization of USA that is responsible for imposing and regulating Sanctions;
Partner – Any partner company of NUBIO that provides NUBIO with services or cooperates in any other way related to transaction processing, customer acquisition, technology provision, etc. (for example banks, payment institutions, other type of financial institutions, agents, IT service providers);
PEP (Politically Exposed Person) – an individual who is entrusted with Prominent public functions, other that as middle-ranking or more junior official; a family member of a direct PEP such as spouse or civil partner, children and the spouses or civil partners of the PEPs children, parents and siblings; known close associate of a PEP such as individual known to have joint beneficial ownership of a legal entity or legal arrangement or any other close business relations with a PEP, or an individual who has sole beneficial ownership of a legal entity or a legal arrangement which is known to have been set up for the benefit of a PEP. For the purpose of NUBIO ICS, PEP is referred to as Customer that is applied with a PEP status itself or due to having beneficial owner or other owner (natural person) with a PEP status;
Policy – AML/CTF and Sanctions Policy of NUBIO;
Risks – In Policy always referred to as ML/TF and Sanction risks;
UN – United Nations.
1. General Provisions
NUBIO Payments Inc. (hereinafter – the "Company") is a Canadian-registered Money Services Business (MSB) supervised by the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC). The Company complies with the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA), related regulations, and recommendations of the Financial Action Task Force (FATF).
The Company has developed and implemented an Internal Control System (ICS), which includes policies, procedures, IT tools, and risk management mechanisms to ensure compliance with AML/CTF and sanctions obligations in Canada and internationally. The ICS is structured based on the results of Entity-Wide Risk Assessment (EWRA), which is reviewed at least annually or when the business model or risk profile changes. This Policy is reviewed at least annually or upon significant changes in the business model, risk profile, or legal requirements. All amendments must be approved by the Board of Directors.
The current version of the AML/ CFT and Sanctions Complience Policy is always available on the website
2. Services and Customer Base
NUBIO provides services exclusively to legal entities (corporate Customers). We do not serve individuals. All Customers undergo strict due diligence before onboarding.
NUBIO is applying KYC (Know Your Customer) principles in the work with its Customers, cooperating only with those Customers who are identified, verified and are not working for the benefit of third parties, and there are no suspicions that ML/TF or Sanctions breach or circumvention is being, is planned or was committed by these Customers.
NUBIO performs risk assessment (scoring) on all Customers to understand potential risks that particular Customer could use NUBIO services in order to perform ML, TF, Sanctions circumventions or breach or commit other crimes. Based on the results of the performed risk assessment, Customers are applied with appropriate risk levels and risk mitigation measures to control risks and timely determine possible suspicious or unusual activities.
All Customers are identified and verified distantly, using various automated and manual tools taking into account legally obliged requirements. Used automated tools are acquired from trusted and well-known providers and are integrated into the workflow and core system of NUBIO with appropriate to NUBIO information flow and Customer specific configurations.
All Customers, with no exceptions, undergo due diligence processes where depth of performed due diligence is determined based on Customer risk level and additional unique risk factors, characteristics and situations.
The Company does not establish business relationships with Customers engaged in illegal or excessively high-risk industries. NUBIO refuses to work with entities involved in the following activities:
- Weapons, arms, military technologies;
- Prostitution or escort services;
- Pornography (including child pornography), human trafficking, organ trade;
- Professional money laundering networks;
- Charities and donation foundations;
- Telemarketing and similar remote schemes;
- Drugs, precursors, drug paraphernalia;
- Hacking, cybercrime, related services;
- Illegal file-sharing platforms;
- Promotion of violence, terrorism, or political conflicts;
- Unauthorized pharmaceuticals or narcotics;
- Alcohol production/sales outside regulatory scope;
- Debt collection without oversight;
- Payday lending without license;
- Tobacco, vaping, nicotine products;
- Jewelry, precious metals or stones without provenance checks;
- Religious organizations (churches, temples);
- Hacking of chips or software (e.g., modchips);
- Counterfeit goods or IP violations;
- Financial services without license;
- Counterfeit documents or government forms;
- Spyware/electronic surveillance equipment;
- Firearms, ammunition, fireworks;
- Trade in historical/artistic/cultural artifacts with unclear origin;
- Gambling/lotteries without license;
- Activity on darknet marketplaces;
- Crypto mixing/tumbling or similar anonymizing tools;
- Launch of new unregulated altcoins;
- Any other activity that is illegal, unethical, or considered unacceptably high-risk.
- Are known or suspected to be involved in money laundering, terrorist financing, sanctions evasion, or serious crimes;
- Are on any official sanctions list or directly affiliated with sanctioned persons or entities;
- Are based in or operate from countries/jurisdictions deemed prohibited by internal risk assessments (based on OFAC, SEMA, UN, EU sanctions and internal country risk mapping);
- Refuse to disclose beneficial ownership;
- Score "unacceptable" in the Company’s internal risk scoring system;
- Are involved in systematic tax evasion.
3. Customer Due Diligence (CDD) and Onboarding
Before establishing a business relationship, each prospective Customer must undergo a full identity and background verification. The following information and documents are required:
- Legal incorporation and corporate registration documents;
- Details of directors, beneficial owners, and authorized representatives;
- Evidence of actual business operations and explanation of business model;
- Screening of the company, its owners, and management against sanctions and PEP databases.
Minimum onboarding requirements include:
- Full disclosure of ownership structure and documentation;
- Legal registration documents (e.g., Certificate of Incorporation);
- Beneficial ownership details and ID documents of directors/controllers;
- Registered and operational business address, markets of activity;
- List of websites (if relevant to the business model);
- Information on crypto wallets (if applicable);
- Any additional documents requested by NUBIO.
Periodic Reassessment
Customers are subject to regular risk reassessments. Based on trigger events or predefined intervals (determined by risk level), NUBIO re-validates Customer data and may request updated documents. The Customer’s profile is reviewed and may result in continuation, enhanced monitoring, or termination of the relationship.
4. Enhanced Due Diligence (EDD)
Customers categorized as high risk, including PEPs or entities from high-risk countries, are subject to Enhanced Due Diligence. EDD includes:
- Verification of source of funds;
- Adverse media screening;
- Manual review and approval by MLRO prior to onboarding.
Customers are assigned a numerical risk score based on multiple factors. Risk categories include low, medium, high, and unacceptable. Customers in the "unacceptable" category are rejected or offboarded. Risk levels affect the depth of checks, monitoring frequency, and controls applied.
6. Ongoing Transaction Monitoring
NUBIO uses real-time and retrospective transaction monitoring systems. Scenarios and thresholds are tailored to each Customer profile. Alerts are reviewed by compliance staff, and suspicious activity is escalated to MLRO.
Alert categories include:
Unusual frequency or volume of payments
Activity inconsistent with known Customer business
Known risk triggers (e.g., cash-heavy industries, crypto-fiat transfers)
The MLRO and Compliance Team regularly review flagged transactions. False positives are documented. Confirmed suspicious activity leads to SAR/STR filings.
7. Sanctions Screening
NUBIO complies with Canadian, OFAC, UN, and EU sanctions. Screening occurs at onboarding, during transactions, and in regular batch reviews. The Company maintains an internal list of prohibited jurisdictions. Business is immediately declined or suspended if a Customer or transaction is flagged against any sanctions list.
Screening is conducted:
- At onboarding
- On every transaction
- During periodic reviews
Customers connected to PEPs are automatically considered high-risk. PEPs include senior government officials, their families, and close associates. PEP status persists for 12 months after the official leaves office. Customers must declare PEP status, and NUBIO conducts independent verification. PEP status is maintained for at least 12 months after the official leaves office, and may be extended if the individual is still deemed influential or presents a corruption-related risk.
9. Reporting Suspicious Activity
Any employee who detects suspicious activity must report it to the MLRO. The MLRO evaluates such reports and, if warranted, submits a Suspicious Transaction Report (STR) to FINTRAC. Customers are not informed of such reports (tip-off prohibition). The MLRO may submit STRs without Board approval.
10. Recordkeeping
All AML-related records are stored securely in electronic systems with audit trail capability. Customer documents and transaction records are retained for at least 5 years after the business relationship ends, or up to 10 years in certain legal cases.
11. Third Parties and Partners
NUBIO conducts due diligence on all third-party partners, especially financial institutions. This includes license verification, reputation checks, sanctions screening, and AML capabilities. The Company rejects or offboards partners who fail to meet compliance standards.
- Regarding its own staff, the NUBIO shall carefully review all candidates for employment and determine whether the activities of a new employee fall in the category that is susceptible to money laundering activities. In addition, the NUBIO has prepared and implements a number of personnel training programs on customer identification procedures and prevention of money laundering activities.
The Company has appointed a dedicated Money Laundering Reporting Officer (MLRO), who is also a Director of the Company. The MLRO is responsible for implementing this Policy and managing the AML/CTF and sanctions program. Responsibilities include:
- Overseeing all CDD/EDD and monitoring processes;
- Reviewing and approving high-risk Customers;
- Filing mandatory reports to FINTRAC;
- Conducting staff training;
- Liaising with regulators and leading internal investigations;
- Independent decision-making in AML/sanctions matters.
The Company’s ICS includes risk models, IT systems, escalation procedures, and controls. Internal audits are conducted annually, and external audits occur at least every two years. ICS findings are reported to the Board. Any weaknesses trigger a remediation plan, which is monitored and documented. Internal audits of the ICS are conducted annually. External audits are performed at least once every two years to assess compliance and effectiveness.
14. Whistleblowing
Employees are encouraged to report violations of laws, policies, or ethical standards. Reports may be submitted openly or anonymously. Retaliation is strictly prohibited. Whistleblowing can be directed to the MLRO, another senior manager, or directly to FINTRAC.
NUBIO maintains multiple communication channels, including secure emails and anonymous forms. All reports are investigated promptly, and corrective measures are taken where necessary.
Definitions
AML/CTF – Anti-money laundering and counter terrorist financing;
Board – Management board of NUBIO;
CDD – Customer due diligence;
Crypto – Virtual currency or cryptocurrency, is a digital currency, which is an alternative form of payment created using encryption algorithms;
Customer – referred to as existing or potential customers legal persons or natural persons of NUBIO to whom services are or will be provided;
Director – Managing director of NUBIO;
NUBIO – Nubio Payments Inc.;
EDD – Enhanced due diligence;
EU – European Union
FINTRAC – Financial Transaction and Reports Analysis Centre of Canada, is Canada’s financial intelligence unit and regulatory body where money service businesses like NUBIO must register its activity and receive approval before initiating business activities;
ICS – Internal control system that represents the whole processes, documentation, policy and procedures of NUBIO to combat money laundering, terrorist financing and International Sanctions breaches in order to comply with applicable Canada AML/CTF and Sanctions regulations and FATF standards and recommendations;
International Sanctions (Sanctions) – political and economic decisions that are part of diplomatic efforts by (as in NUBIO ICS) Canada, European Union, United States of America OFAC, United Nations against states, organizations or persons either to protect national security interests, or to protect international law, and defend against threats to international peace and security;
KYC – Know Your Customer;
ML/TF and Sanctions risks – Money laundering, terrorist financing and Sanction breaches risks;
MLRO – Money laundering reporting officer, is a Compliance Officer who is responsible for implementing of ICS;
OFAC – Office of Foreign Asset Control, a governmental organization of USA that is responsible for imposing and regulating Sanctions;
Partner – Any partner company of NUBIO that provides NUBIO with services or cooperates in any other way related to transaction processing, customer acquisition, technology provision, etc. (for example banks, payment institutions, other type of financial institutions, agents, IT service providers);
PEP (Politically Exposed Person) – an individual who is entrusted with Prominent public functions, other that as middle-ranking or more junior official; a family member of a direct PEP such as spouse or civil partner, children and the spouses or civil partners of the PEPs children, parents and siblings; known close associate of a PEP such as individual known to have joint beneficial ownership of a legal entity or legal arrangement or any other close business relations with a PEP, or an individual who has sole beneficial ownership of a legal entity or a legal arrangement which is known to have been set up for the benefit of a PEP. For the purpose of NUBIO ICS, PEP is referred to as Customer that is applied with a PEP status itself or due to having beneficial owner or other owner (natural person) with a PEP status;
Policy – AML/CTF and Sanctions Policy of NUBIO;
Risks – In Policy always referred to as ML/TF and Sanction risks;
UN – United Nations.