LEGAL & POLICIES

AML and KYC Policy

Effective Date: [Date]

Last Updated: [Date]

This Anti-Money Laundering (AML) and Know Your Customer (KYC) Policy ("Policy") outlines Spinhub Limited's ("Spinhub," "we," "us") commitment to preventing money laundering, terrorist financing, and other financial crimes. This Policy applies to all aspects of our marketplace operations.

Table of Contents

1. Introduction and Scope 2. Regulatory Framework 3. Risk Assessment 4. Know Your Customer (KYC) Requirements 5. Customer Due Diligence (CDD) 6. Enhanced Due Diligence (EDD) 7. Transaction Monitoring 8. Suspicious Activity Reporting 9. Record Keeping 10. Training and Awareness 11. Governance and Compliance 12. Third-Party Providers 13. Data Protection 14. Policy Review and Updates 15. Contact Information

1. Introduction and Scope

The simple version: We follow strict financial crime prevention rules. This applies to all users and transactions on our marketplace.

1.1 Purpose

This Policy establishes Spinhub's framework for:

  • Preventing money laundering and terrorist financing
  • Ensuring compliance with applicable AML/KYC regulations
  • Protecting our marketplace from financial crime
  • Maintaining the integrity of our payment systems
  • Fulfilling our obligations as a marketplace operator and trading agent

1.2 Scope

This Policy applies to:

  • All Spinhub employees and contractors
  • All marketplace transactions
  • All creators (sellers) on the platform
  • All supporters (buyers) on the platform
  • All payment flows through our systems

1.3 Marketplace Context

As a marketplace operator and trading agent, Spinhub:

  • Acts on behalf of creators in transactions
  • Takes ultimate responsibility for KYC/AML compliance
  • Monitors all marketplace transactions
  • Reports suspicious activities to authorities

2. Regulatory Framework

The simple version: We follow EU and Irish financial crime laws, including the latest anti-money laundering directives.

2.1 Applicable Regulations

Spinhub complies with:

  • EU Fifth Anti-Money Laundering Directive (5AMLD)
  • EU Sixth Anti-Money Laundering Directive (6AMLD)
  • Irish Criminal Justice (Money Laundering and Terrorist Financing) Acts
  • Payment Services Directive 2 (PSD2)
  • Relevant Danish marketplace regulations (as required by Clearhaus)

2.2 Regulatory Objectives

Our AML/KYC program aims to:

  • Identify and verify customer identities
  • Understand the nature of customer relationships
  • Monitor transactions for suspicious patterns
  • Report suspicious activities to authorities
  • Maintain comprehensive records
  • Train staff on AML/KYC obligations

2.3 Penalties for Non-Compliance

Failure to comply may result in:

  • Regulatory fines and sanctions
  • Criminal prosecution
  • Loss of payment processing capabilities
  • Reputational damage
  • Platform closure

3. Risk Assessment

The simple version: We assess financial crime risk based on factors like location, transaction patterns, and account behavior.

3.1 Risk-Based Approach

Spinhub employs a risk-based approach considering:

  • Customer type (creator vs. supporter)
  • Geographic location
  • Transaction patterns
  • Content type
  • Payment methods
  • Account behavior

3.2 Risk Categories

Low Risk:

  • EU/EEA residents
  • Verified payment methods
  • Consistent transaction patterns
  • Established account history
  • Standard content types

Medium Risk:

  • Non-EU residents in low-risk countries
  • New accounts with high volume
  • Cryptocurrency requests
  • Rapid growth patterns
  • Adult content creators

High Risk:

  • High-risk jurisdiction residents
  • Politically exposed persons (PEPs)
  • Complex ownership structures
  • Unusual transaction patterns
  • Previous compliance issues

3.3 Risk Mitigation

Risk Level Measures Applied
Low Standard CDD, automated monitoring
Medium Enhanced verification, increased monitoring
High Enhanced CDD, manual review, restrictions

4. Know Your Customer (KYC) Requirements

The simple version: Creators need full identity verification through Stripe. Supporters need basic verification with enhanced checks for large transactions.

4.1 Creator (Seller) KYC

Required Information:

  • Full legal name
  • Date of birth
  • Residential address
  • Tax identification number
  • Government-issued ID
  • Proof of address
  • Bank account verification
  • Business registration (if applicable)

Verification Process:

  1. Initial application submission
  2. Stripe Connect identity verification
  3. Document authentication
  4. Database checks
  5. Approval or additional requirements

4.2 Supporter (Buyer) KYC

Standard Requirements:

  • Name (as on payment method)
  • Email address
  • Age verification (21+)
  • Payment method verification
  • IP address logging

Enhanced Requirements (triggered by thresholds):

  • Government ID verification
  • Address verification
  • Source of funds documentation
  • Enhanced screening

4.3 KYC Thresholds

Supporter Verification Triggers:

  • Single transaction: €1,000
  • Monthly transactions: €2,500
  • Annual transactions: €10,000
  • Any suspicious activity

5. Customer Due Diligence (CDD)

The simple version: We verify customer identities, understand their business purpose, and keep information updated.

5.1 Standard CDD Procedures

For All Customers:

  1. Identity verification
  2. Address confirmation
  3. Purpose of relationship
  4. Expected activity level
  5. Source of funds (when required)

5.2 Simplified CDD

Available for:

  • Low-risk EU residents
  • Small transaction amounts
  • Verified payment methods
  • Established relationships

5.3 Ongoing CDD

  • Regular review cycles
  • Update requests for outdated information
  • Monitoring for changes in risk profile
  • Periodic re-verification
  • Relationship refresh requirements

5.4 CDD Documentation

Required documents must be:

  • Current (less than 3 months old)
  • Clear and legible
  • Complete and unaltered
  • From acceptable sources
  • Independently verifiable

6. Enhanced Due Diligence (EDD)

The simple version: High-risk customers need extra verification and ongoing monitoring.

6.1 EDD Triggers

Enhanced due diligence required for:

  • High-risk customers
  • PEPs and associates
  • High-value transactions
  • Complex ownership structures
  • Adverse media findings
  • Suspicious activity patterns

6.2 EDD Measures

Additional Requirements:

  • Senior management approval
  • Source of wealth verification
  • Enhanced identity verification
  • Regular review (minimum annually)
  • Transaction pre-approval for large amounts
  • Restricted platform features

6.3 Politically Exposed Persons (PEPs)

PEP Identification:

  • Automated screening against PEP databases
  • Self-declaration requirements
  • Media monitoring
  • Regular list updates

PEP Treatment:

  • Automatic high-risk classification
  • Senior approval required
  • Source of wealth documentation
  • Enhanced ongoing monitoring

7. Transaction Monitoring

The simple version: We monitor all transactions automatically for suspicious patterns and investigate alerts.

7.1 Automated Monitoring

System Capabilities:

  • Real-time transaction screening
  • Pattern recognition algorithms
  • Threshold breach alerts
  • Behavioral analysis
  • Cross-account monitoring

7.2 Monitoring Rules

Red Flag Indicators:

  • Rapid deposit and withdrawal patterns
  • Multiple accounts to single bank
  • Round-amount transactions
  • Structuring patterns
  • Geographic inconsistencies
  • Unusual content purchase patterns

7.3 Alert Management

Alert Process:

  1. System generates alert
  2. First-level review (24 hours)
  3. Escalation if suspicious
  4. Investigation (48 hours)
  5. Decision and documentation
  6. Reporting if required

7.4 Transaction Limits

Automatic Reviews Triggered:

  • Single transaction: €5,000
  • Daily volume: €10,000
  • Monthly volume: €25,000
  • Unusual patterns: Any amount

8. Suspicious Activity Reporting

The simple version: We identify and report suspicious activities to authorities while protecting customer confidentiality.

8.1 Identifying Suspicious Activity

Common Indicators:

  • Inconsistent information provided
  • Reluctance to provide information
  • Unusual transaction patterns
  • Third-party funding
  • Rapid movement of funds
  • No clear business purpose

8.2 Internal Reporting

Process:

  1. Employee identifies concern
  2. Immediate escalation to MLRO
  3. No customer notification (tipping off)
  4. Investigation initiated
  5. Decision documented

8.3 External Reporting

Suspicious Transaction Reports (STRs):

  • Filed with Financial Intelligence Unit Ireland
  • Within required timeframes
  • Comprehensive documentation
  • Follow-up as requested
  • Annual reporting statistics

8.4 Protection and Confidentiality

  • No tipping off customers
  • Legal protection for good faith reports
  • Confidential handling
  • Restricted access to reports
  • Audit trail maintained

9. Record Keeping

The simple version: We keep detailed records for 7 years in secure, encrypted storage with proper access controls.

9.1 Record Requirements

Minimum Retention Periods:

  • Identity verification records: 7 years
  • Transaction records: 7 years
  • Risk assessments: 7 years
  • STRs and investigations: 7 years
  • Training records: 7 years
  • Policy versions: Indefinite

9.2 Record Format

Standards:

  • Electronic storage preferred
  • Encrypted and secure
  • Readily retrievable
  • Complete audit trail
  • Regular backups
  • Access controls

9.3 Record Types

Customer Records:

  • KYC documentation
  • Risk assessments
  • Account opening records
  • Communication logs
  • Update history

Transaction Records:

  • Payment details
  • Parties involved
  • Amounts and currencies
  • Dates and times
  • Associated metadata

9.4 Data Retention Policy

  • Clear retention schedules
  • Secure disposal procedures
  • Legal hold processes
  • Regular purge cycles
  • Compliance verification

10. Training and Awareness

The simple version: All staff receive regular AML/KYC training with attendance tracking and certification.

10.1 Training Program

Required Training:

  • Initial AML/KYC training for all staff
  • Annual refresher training
  • Role-specific training
  • Updates on regulatory changes
  • Case study reviews

10.2 Training Content

Core Topics:

  • Money laundering basics
  • Terrorist financing risks
  • KYC procedures
  • Red flag identification
  • Reporting obligations
  • Legal protections

10.3 Training Records

  • Attendance tracking
  • Comprehension testing
  • Certification process
  • Performance monitoring
  • Remedial training

10.4 Awareness Initiatives

  • Regular communications
  • Policy reminders
  • Industry updates
  • Best practice sharing
  • Incident lessons learned

11. Governance and Compliance

The simple version: We have a Money Laundering Reporting Officer (MLRO) and compliance team with clear governance structure.

11.1 Governance Structure

Money Laundering Reporting Officer (MLRO):

  • Overall AML/KYC responsibility
  • STR decision authority
  • Regulatory liaison
  • Board reporting
  • Policy ownership

Compliance Team:

  • Day-to-day operations
  • Investigation support
  • Training delivery
  • Audit coordination
  • Record maintenance

11.2 Three Lines of Defense

First Line - Operations:

  • KYC collection
  • Transaction processing
  • Initial monitoring
  • Alert generation

Second Line - Compliance:

  • Policy development
  • Risk assessment
  • Quality assurance
  • Regulatory updates

Third Line - Audit:

  • Independent testing
  • Effectiveness review
  • Recommendations
  • Board reporting

11.3 Management Information

Regular Reporting:

  • Monthly metrics dashboard
  • Quarterly board reports
  • Annual program review
  • Regulatory submissions
  • Incident summaries

12. Third-Party Providers

The simple version: Our payment providers (like Stripe) help with compliance, but we maintain overall responsibility.

12.1 Payment Processor Requirements

Stripe Responsibilities:

  • Payment screening
  • Sanctions checking
  • Identity verification
  • Transaction monitoring
  • Regulatory reporting

12.2 Vendor Management

Due Diligence:

  • AML capability assessment
  • Contractual obligations
  • Performance monitoring
  • Audit rights
  • Contingency planning

12.3 Information Sharing

  • Data sharing agreements
  • Privacy protections
  • Incident coordination
  • Joint investigations
  • Regulatory cooperation

13. Data Protection

The simple version: We balance AML obligations with GDPR privacy rights and ensure proper data protection.

13.1 Privacy Considerations

Balancing Requirements:

  • AML obligations vs. privacy rights
  • Data minimization principles
  • Purpose limitation
  • Retention requirements
  • Access controls

13.2 GDPR Compliance

Lawful Basis:

  • Legal obligation (AML laws)
  • Legitimate interests
  • Consent where required
  • Transparency obligations
  • Data subject rights

13.3 Cross-Border Transfers

  • Adequate protections
  • Standard contractual clauses
  • Regulatory permissions
  • Risk assessments
  • Transfer monitoring

14. Policy Review and Updates

The simple version: We review this policy annually and update it when regulations change.

14.1 Review Schedule

  • Annual policy review
  • Regulatory change triggers
  • Incident-driven updates
  • Industry best practices
  • Technology changes

14.2 Update Process

  1. Identify need for change
  2. Draft proposed updates
  3. Stakeholder consultation
  4. Legal/compliance review
  5. Board approval
  6. Communication and training

14.3 Version Control

  • Clear versioning system
  • Change tracking
  • Approval records
  • Distribution lists
  • Implementation dates

15. Contact Information

15.1 Internal Contacts

Money Laundering Reporting Officer (MLRO)

Name: [To be appointed]

Email: [email protected]

Phone: [Number]

Compliance Team

Email: [email protected]

Internal Extension: [Number]

15.2 External Contacts

Financial Intelligence Unit Ireland (FIU)

Website: www.fiu.ie

STR Submission: via goAML system

Central Bank of Ireland

Website: www.centralbank.ie

Phone: +353 1 224 5800

Clearhaus Compliance

Contact: [Relationship Manager]

Email: [Contact details]

15.3 Resources

Internal Resources:

  • AML/KYC procedures manual
  • Quick reference guides
  • Training materials
  • Escalation flowcharts

External Resources:

  • FATF recommendations
  • EU AML directives
  • Industry guidance
  • Regulatory updates

Policy Approval

Approved by: [Board of Directors / CEO Name]

Date: [Date]

Next Review: [Date]

Version History:

  • Version 1.0 - Initial policy - [Date]
This policy is confidential and proprietary to Spinhub Limited. Unauthorized distribution is prohibited.

Contact Information

Support

General support: [email protected]

Creator support: [email protected]

Policy questions: [email protected]

Payment issues: [email protected]

Business Development

Partnerships: [email protected]

Premium creator program, brand collaborations, integration opportunities

Legal & Compliance

Legal matters: [email protected]

Privacy concerns: [email protected]

Data Protection Officer: [email protected]

General

General inquiries: [email protected]

Press & Media: [email protected]

Party invites: @spinhub.com