AML / CFT & Sanctions Compliance Statement

Transcore is committed to preventing its services, infrastructure, payment flows, settlement arrangements and related systems from being used for:

• money laundering;
• terrorist financing;
• sanctions evasion;
• proliferation-financing risk;
• fraud-related laundering or criminal proceeds processing; or
• any other activity that is unlawful, deceptive or inconsistent with our legal, contractual or compliance obligations.

We apply a risk-based approach designed to identify, assess, control and, where necessary, escalate financial-crime risk throughout the lifecycle of a relationship.

Transcore operates on a business-to-business basis. Our direct counterparties may include merchants, payment providers, settlement counterparties, technology intermediaries and other business partners involved in payment acceptance, routing, processing, settlement, treasury, refunds or related operational flows.

Transcore does not onboard retail consumers as its direct customers. However, depending on the structure of a relationship, the sectors involved, the jurisdictions concerned or the settlement model used, we may require sufficient information about underlying end-user activity, traffic sources, customer onboarding controls, restricted-market controls, fraud controls and payment behaviour to determine whether a relationship can be accepted and monitored safely.

Our public-facing compliance documents are therefore focused on the verification and control of business counterparties, together with the ownership, control, payment-flow and settlement information needed to understand how a relationship actually operates.

Transcore maintains compliance controls designed with regard to applicable laws, sanctions requirements, contractual obligations and financial-crime risk standards relevant to its business model.

Where relevant, our framework may be informed by:

• Hong Kong anti-money laundering and counter-terrorist financing expectations;
• suspicious transaction reporting obligations and guidance;
• sanctions laws, asset-freezing requirements and official sanctions notices;
• corporate transparency and beneficial ownership standards;
• recordkeeping and audit-trail requirements; and
• risk factors arising from cross-border activity, regulated sectors, payment providers, outsourcing and digital-asset settlement.

Where a product, sector, jurisdiction or settlement structure presents elevated legal or compliance uncertainty, Transcore may adopt a more conservative standard than the minimum position a counterparty believes might apply.

We do not apply the same level of review to every relationship. Instead, we assess the overall risk presented by the counterparty, the transaction model and the proposed settlement structure.

When determining the level of due diligence, restrictions, monitoring intensity or approval required, we may consider factors such as:

• sector and product risk;
• jurisdiction risk and sanctions-sensitive exposure;
• transparency of ownership and control;
• complexity of the payment chain or settlement design;
• use of local payment providers, sub-providers, agents or intermediaries;
• quality of licensing or legal-right-to-operate evidence;
• expected transaction profile, volumes and velocity;
• use of wallets, digital assets or alternative settlement methods;
• adverse media, litigation, enforcement or reputational concerns;
• quality of transaction-level data, audit rights and information-sharing commitments; and
• the counterparty's willingness and ability to provide complete, credible and timely information.

Where the overall risk falls outside our risk appetite, the relationship may be declined, restricted, held pending clarification or terminated.

Depending on the nature of the relationship, we may request information and supporting documentation sufficient to understand:

• the legal identity of the counterparty;
• its place of incorporation or establishment;
• its ownership and control structure;
• its directors, authorised signatories and other relevant decision-makers;
• the products or services it offers;
• the markets in which it operates or from which it accepts business;
• the legal or regulatory basis for operating in those markets where relevant;
• how funds move through the arrangement;
• which entities collect fiat or process payments;
• which providers, agents or nested arrangements are involved;
• which wallets, accounts or other destinations are used for settlement, treasury or refunds; and
• whether the level of transparency, cooperation and auditability is sufficient for Transcore to support the relationship.

The absence of a formal request for a particular document at one stage does not prevent Transcore from requesting that document or related evidence later.

We seek to identify the natural persons who ultimately own or control a business counterparty, together with the persons authorised to act on its behalf.

As a general rule, we may treat as relevant any person who directly or indirectly:

• owns or controls a material ownership stake;
• controls voting rights;
• has the right to appoint or remove a majority of the board;
• exercises significant influence or control through contractual, shareholder, trust, nominee or other arrangements; or
• otherwise acts as the effective controlling mind of the business relationship.

Where a structure is layered, offshore, nominee-based, trust-based or otherwise opaque, we may require deeper tracing through each layer, further documentary support, legal explanations or senior compliance review.

If beneficial ownership or effective control cannot be understood to a satisfactory standard, the relationship may not proceed.

Some relationships require enhanced due diligence from the outset. Others may be moved into enhanced review at any point if new information, operational developments or adverse events increase the risk profile.

Enhanced due diligence may be applied in situations involving, for example:

• online gaming, betting, casino or similar merchant activity;
• forex, CFD, leveraged trading or similar higher-risk financial products;
• cross-border activity involving higher-risk jurisdictions;
• complex payment-provider or local collection chains;
• non-standard or opaque treasury and settlement models;
• digital-asset or wallet-based settlement;
• politically exposed persons or heightened sanctions exposure;
• adverse media, enforcement history or serious reputational concerns; or
• unexplained source-of-funds, source-of-wealth or wallet-provenance issues.

Enhanced due diligence may include one or more of the following:

• more detailed ownership and control tracing;
• additional corporate, regulatory or legal-right-to-operate evidence;
• deeper review of market restrictions, geo-blocking and customer-acceptance rules;
• source-of-funds or source-of-wealth review;
• review of the counterparty's own AML, fraud, KYC or responsible-gaming controls;
• more detailed explanation of payment flows, refund logic and settlement design;
• tighter contractual rights, restrictions, caps, pilot limits or reporting obligations;
• more frequent refresh cycles and more intensive monitoring; and
• senior management or other elevated approval.

As part of onboarding and ongoing monitoring, Transcore may screen counterparties and, where appropriate:

• beneficial owners;
• directors and controllers;
• authorised signatories and other relevant persons;
• connected entities;
• payment providers and key intermediaries; and
• relevant wallets or settlement destinations.

Screening may be conducted against applicable sanctions lists, internal watchlists, politically exposed person databases, adverse-media sources and other risk-relevant data sources.

Screening is not a one-time event. It may be repeated:

• before activation;
• before a wallet is approved or amended;
• after a material change in ownership, control or business model;
• when new jurisdictions, products or providers are introduced;
• when significant volume or pattern changes occur; and
• on a periodic basis during the relationship.

A potential sanctions match, asset-freezing issue or other serious watchlist concern may result in an immediate hold, escalation, refusal to onboard, suspension of settlement or other protective action until the matter is resolved.

PEP status does not necessarily result in automatic rejection. It does, however, require enhanced assessment, greater scrutiny and, where appropriate, additional source-of-funds or source-of-wealth review.

Where settlement, treasury or refund activity involves wallets, digital assets or related blockchain infrastructure, additional controls may apply.

Depending on the structure of the relationship, Transcore may require:

• prior disclosure of all settlement and refund wallets;
• evidence that a wallet is controlled by the counterparty or an expressly approved settlement agent;
• blockchain analytics review before a wallet is approved;
• repeat screening after material changes or at periodic intervals;
• formal re-approval for every wallet amendment;
• further review where a wallet has exposure to high-risk services, typologies or counterparties; and
• additional contractual protections where third-party or omnibus arrangements are proposed.

Transcore may refuse to whitelist, use or settle to a wallet or destination that does not meet our control standards.

Because our operating model may involve local payment providers and other critical intermediaries, we do not treat such parties as routine vendors where they materially influence payment acceptance, fiat collection, conversion, settlement, refunds, wallet routing or access to transaction data.

Before supporting or continuing a relationship involving a payment provider or similar intermediary, we may review:

• the provider's ownership and management;
• the provider's reputation and legal status;
• its jurisdictions of operation;
• the accounts or arrangements through which fiat is collected;
• how conversion, treasury and settlement are performed;
• whether it uses agents, sub-providers or nested arrangements;
• whether it can provide adequate transaction-level data and investigation support; and
• whether its own control environment is credible for the risk presented.

Where the structure is too opaque, too fragmented or too weakly controlled, Transcore may decline or restrict the arrangement.

Transcore conducts ongoing monitoring proportionate to the risk of the relationship. Monitoring may cover both the relationship as a whole and the activity that flows through our systems or settlement arrangements.

We may review whether activity remains consistent with the counterparty's:

• stated business model;
• approved products and markets;
• known payment methods and providers;
• expected transaction profile;
• expected settlement behaviour;
• disclosed wallet usage; and
• prior due-diligence record.

Examples of matters that may trigger enhanced review, refresh or escalation include:

• sudden spikes in volume, velocity or settlement frequency;
• new countries, new products or new traffic sources;
• unexplained changes in payment behaviour;
• unexpected concentration through particular providers or channels;
• circular flows, split settlements or unusual routing behaviour;
• new wallets or repeated wallet substitutions;
• deterioration in fraud, dispute or complaints metrics;
• enforcement action or serious adverse media; or
• evidence that a merchant's own user-level controls are ineffective, bypassed or misrepresented.

Where required by applicable law, contractual commitments or Transcore's risk controls, we may:

• request additional information or documents;
• place a relationship on hold;
• reject onboarding or a proposed change;
• restrict products, jurisdictions, providers or settlement routes;
• suspend settlement or wallet use;
• terminate a relationship; or
• report suspicious activity or cooperate with competent authorities.

Transcore is not required to permit onboarding, activation, settlement or continued use of its services while serious compliance concerns remain unresolved.

Without limiting our discretion to decline or restrict other cases, Transcore may refuse to establish or continue a relationship where, for example:

• a counterparty or relevant person appears to be subject to applicable sanctions or asset-freezing measures;
• ownership or control cannot be adequately established;
• the business cannot demonstrate a lawful or supportable basis to operate where relevant;
• the counterparty refuses to explain key payment flows, providers, jurisdictions or wallets;
• a proposed settlement destination cannot be shown to be controlled by the counterparty or otherwise specifically approved;
• the arrangement involves prohibited jurisdictions, prohibited sectors or unacceptable typologies;
• wallet exposure suggests serious illicit-finance risk beyond our tolerance;
• required audit rights, investigation support or data access cannot be obtained; or
• the overall relationship falls outside our risk appetite.

Transcore retains compliance-related records in accordance with applicable law, contractual requirements and internal retention standards.

This may include records relating to:

• due diligence and verification;
• ownership and control information;
• screening results;
• wallet checks and approvals;
• transaction and settlement records;
• investigations and escalation decisions;
• contractual documents; and
• communications relevant to financial-crime risk management.

Where relevant, such records may be retained for not less than five years after the end of the relationship or the relevant transaction, unless a longer period is required or appropriate.

Access to compliance information is restricted to personnel, service providers or authorities with a legitimate need or lawful basis for access. Personal data collected through website forms, onboarding processes or relationship management is handled in accordance with the applicable privacy documentation and collection notices.

Transcore maintains internal governance arrangements for financial-crime risk management and may appoint responsible compliance personnel, review higher-risk cases through enhanced approval processes and conduct periodic review of the effectiveness of its controls.

We may also use specialist vendors or tools for:

• sanctions screening;
• politically exposed person checks;
• adverse-media review;
• corporate registry retrieval;
• blockchain analytics;
• case management; or
• operational support.

Where third-party tools or service providers are used, Transcore remains responsible for the overall control framework and may require appropriate confidentiality, access, audit and support commitments.

Relevant personnel may also receive role-appropriate training on financial-crime risk, sanctions, suspicious-activity escalation, wallet controls and sector-specific risk indicators.

We may amend this Statement from time to time to reflect changes in law, regulatory expectations, our operating model, our services or our internal compliance framework. The latest version published on this website will supersede earlier public versions.

For compliance-related questions, verification support, document requests or lawful inquiry routing, please contact: hello@tcpay.io