Політика AML/KYC
Website / Service: crystal-trade.org (the “Service”)
Version: 1.0 (Draft)
Effective date: 06.03.2026
This Anti-Money Laundering and Know Your Customer Policy (the “AML/KYC Policy”) describes the compliance principles, procedures and controls applied by the Service to prevent and mitigate the risk of money laundering, terrorist financing, sanctions evasion, fraud, and other unlawful activity. The Service applies a risk-based approach consistent with internationally recognised AML/CFT standards (including FATF recommendations) and applicable sanctions compliance requirements.
This AML/KYC Policy is published for transparency and shall be read together with the Service’s terms and any other policies published on the Service. The Company may refuse to process any order where risks cannot be mitigated to the Company’s satisfaction.
1. OPERATOR DETAILS AND COMPLIANCE CONTACT
1.1. The operator of the Service (the “Company”) is:
1.1.1. Legal name: CrystalTrade
1.1.2. Country of registration: Costa-Rica
1.1.3. Registration number: __________
1.1.4. Registered address: __________
1.2. For AML/KYC and compliance enquiries, Users may contact: info@crystal-trade.org.
1.3. This AML/KYC Policy applies to all users of the Service (each a “User”) and to all transactions, orders and related activities performed via the Service.
1.4. In this AML/KYC Policy, unless the context otherwise requires:
1.4.1. “AML Case” means any instance where an order, deposit, transaction or User activity is subject to enhanced compliance review, including the application of a Hold and/or requests for additional information or documents.
1.4.2. “AML Tools” means blockchain analytics and screening solutions used by the Company, including BitOK, Chainalysis and Crystal Blockchain, and any replacement or additional tools the Company may adopt.
1.4.3. “Business Day” means a day other than a Saturday, Sunday or public holiday applicable to the Company’s operational schedule.
1.4.4. “CDD” means customer due diligence.
1.4.5. “EDD” means enhanced due diligence (including, where appropriate, Source of Funds / Source of Wealth verification).
1.4.6. “Fiat Payout” means any fiat currency payout arranged by the Service in connection with a crypto-to-fiat order (fiat is used as a payout method only, not as an inbound deposit method).
1.4.7. “Hold” means a temporary suspension of processing, withdrawal, payout, refund or other action in respect of an order or funds, pending completion of screening, review, and/or satisfaction of AML/KYC requirements.
1.4.8. “KYC” means know your customer / identity verification procedures applied to identify and verify Users.
1.4.9. “Order” means a request submitted by a User via the Service to perform a crypto-to-crypto exchange and/or crypto-to-fiat exchange.
1.4.10. “Order Deposit Address” means the unique (one-time) deposit address generated and displayed by the Service for a specific Order.
1.4.11. “Red Flag” means any indicator or typology that the Company reasonably considers to present elevated AML/CFT or sanctions risk, including those described in Section 6.
1.4.12. “Risk Score” means the Company’s risk assessment applied to a User and/or an Order based on automated screening results and, where required, manual compliance review. Risk Score may be expressed as a percentage and/or categorised (Low/Medium/High/Critical).
1.4.13. “SoF/SoW” means source of funds and/or source of wealth information and supporting documentation.
1.4.14. “User” means any person who accesses or uses the Service.
2. SERVICE OVERVIEW
2.1. The Service is an online platform that enables Users to submit and process orders for:
2.1.1. crypto-to-crypto exchanges; and
2.1.2. crypto-to-fiat exchanges, where fiat is used solely as a payout method (the “Fiat Payout”).
2.2. The Service is provided on an order-by-order basis. Each order is processed subject to:
2.2.1. technical feasibility;
2.2.2. blockchain network confirmation requirements;
2.2.3. the Service’s AML/KYC procedures and risk controls (including Risk Score thresholds); and
2.2.4. any banking/payment rail constraints relevant to Fiat Payouts.
2.3. For the avoidance of doubt, the Service does not provide investment advice, portfolio management, brokerage services, or recommendations. Any information displayed by the Service is provided for operational and informational purposes only.
2.4. In a crypto-to-fiat Order, the User funds the Order by transferring cryptoassets to the Order Deposit Address provided for that order, and the Service arranges the Fiat Payout to the payout method selected/entered by the User in the Order flow (as available in the Service interface).
2.5. Fiat Payouts may be subject to additional checks (including KYC) and may be affected by payment networks, banks, and other third parties involved in the payout chain.
2.6. The Service does not maintain a stored-value account, payment account, or “wallet balance” for Users for trading or custody purposes. The Service may maintain internal accounting records only for referral accruals and partner accruals (where applicable). Such internal records are not intended to function as a deposit, custody, or payment account.
2.7. The Service may support interaction with User-controlled wallets and/or third-party wallet solutions (for example, by allowing Users to provide wallet addresses, connect via supported integrations, or otherwise interface with external wallets).
2.8. Unless explicitly stated otherwise in the Service interface for a specific feature, the Service does not request or store Users’ private keys. Users remain solely responsible for maintaining security and control of their external wallets, credentials, devices and access methods.
2.9. For each Order that requires crypto funding, the Service provides a unique (one-time) Order Deposit Address per deposit/order. The User must transfer the required cryptoasset only to the Order Deposit Address displayed for that specific Order and strictly in accordance with the specified asset and network.
2.10. The User acknowledges and agrees that sending:
2.10.1. an unsupported asset;
2.10.2. an asset on an incorrect network; or
2.10.3. funds to an incorrect address,
may result in delay, loss and/or irrecoverability of funds. The Company does not guarantee recovery in such cases and may require additional information and fees where recovery is technically possible.
2.11. The Service may require a minimum number of blockchain confirmations before an order is considered funded and eligible for processing.
2.12. The Service supports multiple cryptoassets and networks, which may inсlude, without limitation: BTC, BCH, ETC, LTC, XRP, DOGE, DASH, ETH, TRX, ATOM, SOL, TON, and selected stablecoins (including USDT on TRC20/Polygon/TON/SOL/ERC20/Arbitrum; USDC on Polygon/SOL/ERC20; and TUSD on TRC20/ERC20), as made available in the interface.
2.13. Fiat payout methods may inсlude, without limitation: bank card payouts and bank transfers (including SEPA where available), and other payout rails such as Revolut, Wise, PayPal, Payoneer, Alipay and WeChat, as made available in the interface.
2.14. The list of supported assets, networks, fiat currencies and payout methods is operational and may change from time to time. The Company is not liable for any inability to process an order resulting from the unavailability, suspension, or limitation of a particular asset/network/payout rail.
2.15. The Service may rely on third-party infrastructure providers, banking/payment rails, and compliance vendors to:
2.15.1. screen transactions and addresses;
2.15.2. facilitate Fiat Payouts; and/or
2.15.3. ensure operational continuity.
2.16. Where third parties are involved, the User acknowledges that:
2.16.1. such parties may impose independent compliance rules and thresholds;
2.16.2. additional information and/or KYC documents may be required; and
2.16.3. processing times, limits, reversals and returns may be affected by such third-party rules and operational timelines. The Company shall request such information as is reasonably necessary to comply with these requirements.
2.17. The User is responsible for ensuring the accuracy and completeness of all Order details, including destination wallet addresses (if applicable), Fiat Payout details, selected networks, and any other required parameters.
2.18. The User represents and warrants that they act lawfully and that all funds used in connection with the Service are derived from legitimate sources.
3. CUSTOMER DUE DILIGENCE (CDD) AND KYC
3.1. The Company applies CDD and KYC procedures in accordance with a risk-based approach.
3.2. The Company may require the User to provide reliable and independent source documents, data or information to verify identity and/or source of funds, and reserves the right to request such information before, during or after processing an Order.
3.3. The Company may verify a User’s identity on an ongoing basis, especially when activity appears suspicious or unusual for that User. The Company may request updated or additional documents even if the User has previously passed verification.
3.4. If a User fails to provide requested documents and/or information in the required form within the timeframe specified in the request (typically up to 10 calendar days, unless otherwise stated), the Company may refuse to process an Order, apply a Hold, suspend processing, and/or proceed in accordance with Sections 10–12.
4. AML/CFT AND SANCTIONS COMPLIANCE
4.1. The Company enforces a strict AML/CFT policy with zero tolerance for money laundering, terrorist financing, sanctions evasion, and related illegal activity.
4.2. The Company may delay, suspend, reject, stop, restrict or reverse any Order where there is reason to believe that completing such Order may breach applicable law, sanctions requirements, or reasonable compliance standards, or where risk cannot be mitigated to an acceptable level.
4.3. The Company takes reasonable steps to verify identity and legitimacy of the User and the funds.
4.4. The Company may share User information with:
4.4.1. competent authorities, law enforcement, courts and authorised officers;
4.4.2. vendors and partners assisting the Company, including KYC/AML solution providers and infrastructure/payment partners; and
4.4.3. other parties where required by law or reasonably necessary to protect the Company, Users or third parties from illegal activity.
5. RISK-BASED APPROACH, RISK SCORE MODEL AND AML TOOLS
5.1. The Company uses blockchain analytics and AML screening tools (SaaS solutions), including:
5.1.1. BitOK
5.1.2. Chainalysis
5.1.3. Crystal Blockchain
5.2. Depending on the Order and risk level, the Company applies one or more of the following functions/modules:
5.2.1. sanctions screening;
5.2.2. wallet screening;
5.2.3. transaction monitoring (including chain analysis).
5.2.4. A dedicated PEP/adverse media screening may be conducted on a risk-based basis, including manual checks and/or available screening tools where appropriate.
5.3. The Company assigns a “Risk Score” to Users and/or Orders using a combination of automated screening results and (where required) manual compliance review. The Company applies risk-based and proportionate compliance measures to each User and/or Order, having regard to: (a) the Risk Score; (b) the presence of any Red Flags; (c) the nature, size, frequency and pattern of activity; and (d) any applicable requirements imposed by banking/payment rails or other third parties involved in execution. The thresholds below are baseline bands used to determine the minimum controls typically applied. The Company may apply measures from a higher band where warranted.
5.4. Risk Score and/or risk category may take into account:
5.4.1. sanctions and restrictions indicators and matches;
5.4.2. source of crypto funds and exposure to high-risk categories identified via chain analysis;
5.4.3. transaction patterns (structuring/splitting, unusual frequency/amounts, inconsistency with User profile);
5.4.4. counterparty/address risk indicators and typology flags;
5.4.5. fraud and illicit activity signals (scam/stolen funds indicators, ransomware exposure, etc.);
5.4.6. use of high-risk services (mixers/tumblers, darknet markets);
5.4.7. geographical risk (where relevant).
5.5. The Service applies proportional measures depending on Risk Score and “red flags”. A baseline model is:
5.5.1. Low Risk (0–24%): The Company may process the Order under standard controls, which may inсlude:
5.5.1.1. automated sanctions/wallet screening and transaction monitoring;
5.5.1.2. basic consistency checks on Order parameters; and
5.5.1.3. routine fraud and velocity controls.
5.5.1.4. Additional KYC/SoF shall not ordinarily be required unless other triggers apply.
5.5.2. Medium Risk (25–49%): The Company may apply enhanced standard controls, which may inсlude:
5.5.2.1. additional screening and/or re-screening (including enhanced wallet screening);
5.5.2.2. additional information requests (e.g., clarification of ownership/control of the sending wallet, purpose of transaction);
5.5.2.3. Standard KYC requests where reasonably necessary; and/or
5.5.2.4. temporary processing delays to complete screening and review.
5.5.3. High Risk (50–74%): KYC documents and SoF shall be required. A transaction or User assessed as High Risk may be treated as an elevated AML Case candidate. The Company may, without limitation:
5.5.3.1. place the order and/or funds on hold pending review;
5.5.3.2. require Standard KYC and, where appropriate, Enhanced Due Diligence;
5.5.3.3. request SoF/SoW information and supporting documents (Section 7.4);
5.5.3.4. conduct manual compliance review and expanded chain analysis;
5.5.3.5. impose transaction limitations (including partial processing restrictions, where technically feasible); and/or
5.5.3.6. refuse to proceed unless the risk is mitigated to the Company’s satisfaction.
5.5.4. Critical Risk (75–100%): A transaction or User assessed as Critical Risk shall be treated as requiring enhanced controls and may be regarded as presenting an unacceptable risk unless mitigated. The Service may, without limitation:
5.5.4.1. apply a Hold;
5.5.4.2. require EDD, including extensive SoF/SoW documentation and explanations;
5.5.4.3. refuse, reject or terminate processing of the Order;
5.5.4.4. initiate a return/refund in accordance with Section 12 (where permitted and technically feasible);
5.5.4.5. restrict or suspend the User’s access to the Service; and/or
5.5.4.6. take any other action reasonably required to comply with sanctions obligations, applicable law, or internal risk controls (including freezing/reporting where required).
5.6. Where one or more material Red Flags are detected, the Service may:
5.6.1. treat the Order/User as High Risk or Critical Risk, irrespective of the numeric Risk Score; and/or
5.6.2. open an AML Case and apply enhanced measures, including Hold and KYC/SoF requests.
5.7. Risk assessment is dynamic. The Service may recalculate the Risk Score and reassess the applicable band:
5.7.1. upon receipt of additional transaction data;
5.7.2. following provision of KYC/SoF information;
5.7.3. where the User’s activity profile changes; and/or
5.7.4. where updated typologies, sanctions lists, or risk intelligence become available.
5.8. The Company shall seek to apply the least intrusive measure that is reasonably sufficient to address identified risk, provided the Company can satisfy itself as to the legitimacy of the activity and no stricter requirement applies.
5.9. Where an Order involves Fiat Payouts or third-party infrastructure, independent compliance requirements may apply irrespective of Risk Score. The Company may request additional information and may delay, suspend or refuse processing to the extent necessary to satisfy such requirements.
5.10. The Company may retain internal records of the Risk Score band applied, measures taken and the outcome of an AML Case for compliance management, audit and dispute handling purposes.
6. RED FLAGS
6.1. The following may indicate elevated AML/CFT risk:
6.1.1. refusal to provide requested KYC/SoF information;
6.1.2. false, misleading or inconsistent identity or transaction information;
6.1.3. inability/unwillingness to explain source of funds when requested;
6.1.4. exposure to mixers/tumblers, darknet markets, ransomware, scams, stolen funds, or sanctioned entities identified via AML tools;
6.1.5. structuring/splitting activity designed to evade controls;
6.1.6. third-party source deposits without credible explanation;
6.1.7. activity materially inconsistent with the User’s profile or typical behaviour.
6.2. The list of Red Flags above is only for illustrative purposes. Such list shall not be considered an exhaustive list of Red Flags.
7. KYC AND SOURCE OF FUNDS (SoF/SoW): REQUESTS
7.1. The Company may require KYC and/or SoF/SoW checks in a form and substance satisfactory to the Company, proportionate to risk and third-party requirements. KYC/SoF requests may be triggered by Risk Score thresholds, Red Flags, operational requirements, or banking/payment rail requirements relevant to Fiat Payouts.
7.2. Depending on the case, the Company may request from Individual Users:
7.2.1. full name;
7.2.2. date of birth;
7.2.3. nationality / residency (where relevant);
7.2.4. contact details;
7.2.5. valid ID document (passport or national ID);
7.2.6. selfie / liveness check (if required);
7.2.7. proof of address (utility bill/bank statement/official letter, typically issued within the last 3 months); and
7.2.8. any other information reasonably required for compliance.
7.3. Depending on the case, the Company may request from Corporate Users:
7.3.1. incorporation/registration documents;
7.3.2. ownership and control structure (including UBO information);
7.3.3. authorised representative identification and proof of authority;
7.3.4. proof of address; and
7.3.5. any other information reasonably required for compliance.
7.4. Where EDD is required, the Company may request documents and explanations confirming legitimate source of funds/wealth, including:
7.4.1. bank statements;
7.4.2. payslips / income certificates;
7.4.3. tax returns;
7.4.4. sale/purchase agreements (e.g., property/asset sale);
7.4.5. exchange statements / trading history / wallet history;
7.4.6. transaction screenshots/exports; and/or
7.4.7. written explanation of the economic purpose of the transaction and funding source.
8. ADDRESS MANAGEMENT, THIRD-PARTY SOURCES
8.1. For each Order requiring crypto funding, the Company shall generate and display an Order Deposit Address.
8.2. The User shall transfer cryptoassets only to the relevant Order Deposit Address and only in the asset and network specified. Transfers using an incorrect asset/network/address may result in delay, loss and/or irrecoverability. The Company does not warrant recovery.
8.3. The Company may require a minimum number of confirmations before a deposit is recognised as received and before an Order proceeds to execution.
8.4. The User represents and warrants that all cryptoassets used to fund an Order are:
8.4.1. lawfully obtained;
8.4.2. not derived from, and not connected to, any illegal activity; and
8.5. The Company strongly recommends that Users fund Orders only from controlled and verifiable sources, including (without limitation):
8.5.1. the User’s own self-custody wallet; and/or
8.5.2. the User’s own account at a reputable VASP (e.g., a regulated exchange).
8.6. The Company may request evidence of ownership/control of the sending address/account (including screenshots, account statements, signed messages, exchange confirmations, or other reasonable proofs) where required by the risk controls or third-party requirements.
8.7. Deposits from addresses that are not controlled by the User (including deposits funded by third parties) are prohibited. The User acknowledges and agrees that third-party funding materially increases the AML/CFT risk and the likelihood of an AML Case.
8.8. Where a deposit is funded by a third party, the Company may, without limitation:
8.8.1. apply Hold;
8.8.2. request additional KYC and/or SoF/SoW documentation;
8.8.3. request documentary evidence explaining the relationship between the User and the third party and the legitimate purpose of the funding;
8.8.4. refuse to execute the order if the risk cannot be mitigated to the Service’s satisfaction; and/or
8.8.5. initiate a return in accordance with Section 12 (where permitted and technically feasible).
8.9. The Company may require sufficient evidence to demonstrate that the arrangement is not intended to circumvent compliance controls.
8.10. The Company applies AML Tools to assess the risk profile of the sending address and related transaction history, including exposure to high-risk typologies.
8.11. The User shall not use the Service to process funds connected to, or reasonably suspected to be connected to, including without limitation:
8.11.1. sanctioned persons, entities or jurisdictions, sanction evasion;
8.11.2. mixers/tumblers or obfuscation services used to conceal the origin of funds;
8.11.3. darknet markets and illicit commerce;
8.11.4. ransomware payments, extortion proceeds, or stolen funds;
8.11.5. scam/fraud typologies flagged by reputable analytics providers;
8.11.6. terrorism financing or any other prohibited activity.
8.12. Where chain analysis indicates material exposure to the above (or similar) high-risk typologies, the Company may treat the Order as High Risk or Critical Risk irrespective of numeric score and apply enhanced measures.
8.13. If the Company reasonably suspects breach of this Section 8 and/or attempted circumvention, the Company may delay, suspend or refuse processing, open an AML Case, apply a Hold, request additional documentation, restrict access, and/or initiate a return pursuant to Section 12, where permissible and technically feasible.
9. PRELIMINARY AML CHECK
9.1. The Company may provide a preliminary AML check option for a counterparty address/source prior to sending funds (free or paid, depending on the implementation).
9.2. Alternatively, the Company may allow the User to provide third-party screening results (where accepted) for consideration.
9.3. Where a pre-check is offered and the User declines it, the User may be required to confirm (e.g., via checkbox) that they understand the increased risk of: Hold, KYC/SoF requests, extended timeframes, and potential refusal/return.
10. AML CASE HANDLING WORKFLOW AND INDICATIVE TIMEFRAMES
10.1. An AML Case may be opened whenever Risk Score and/or Red Flags indicate elevated risk.
10.2. The typical workflow is:
10.2.1. Stage 1 — Automated screening
10.2.1.1. Screening using AML tools (sanctions/wallet/transaction monitoring).
10.2.1.2. Indicative timeframe: from minutes up to 24 hours (depending on network/volume/case complexity).
10.2.2. Stage 2 — Compliance triage and Hold
10.2.2.1. Initial assessment; an Order and/or funds may be placed on Hold.
10.2.2.2. Indicative timeframe: up to 1 Business Day from the trigger being identified.
10.2.3. Stage 3 — KYC/SoF request
10.2.3.1. The Service requests documents/explanations.
10.2.3.2. User submission timeframe: up to 10 calendar days (unless otherwise specified).
10.2.4. Stage 4 — Enhanced review / investigation
10.2.4.1. Manual review; expanded chain analysis; consistency checks.
10.2.4.2. Indicative timeframe: typically up to 7 Business Days.
10.2.4.3. Complex/exceptional cases: up to 30 Business Days.
10.2.5. Stage 5 — Decision and execution
10.2.5.1. Decision outcomes inсlude approval, refusal, return, freeze/report (where required).
10.2.5.2. Execution occurs within a reasonable timeframe, subject to network/banking/partner processing.
11. CASE OUTCOMES AND COMPLETION OF REVIEW
11.1. An AML Case is completed when one of the following outcomes is reached:
11.2. Approved: risk is deemed acceptable; required KYC/SoF (if any) is satisfied.
11.2.1. Refused: risk is unacceptable; documents are not provided or are insufficient; or prohibited indicators are detected.
11.2.2. Inconclusive: the Company cannot reach sufficient comfort due to missing/contradictory information.
11.2.3. Freeze/Report: where required by sanctions restrictions, legal obligations, or competent authority instructions.
11.3. The Company may suspend or restrict access where risk remains unresolved.
12. RETURNS DUE TO AML CASES
12.1. Where a return is required, funds are returned, where technically feasible, only to the original source address and/or (where applicable) the originating payment method (the same wallet/address/account or the same payment method from which funds were received or through which they were received).
12.2. Returns to third parties or to unrelated addresses are generally prohibited, except where the Company approves such exception based on documentary evidence and compliance assessment.
12.3. To reduce disputes and abuse, the Company follows a proportionality principle:
12.3.1. If the User passes verification and/or there are insufficient grounds to treat the transaction as suspicious, deductions shall be limited to actual network / payment systеm fees only.
12.3.2. If the User fails to provide requested information, refuses verification, or verification fails due to compliance risk, the Company may deduct only actual and documented costs, which may inсlude:
12.3.2.1. blockchain network fees;
12.3.2.2. bank/payment partner fees for return (where applicable);
12.3.2.3. documented AML screening costs (where applicable).
Provided that the total amount of such costs shall not exceed 5% of the transaction amount or USD 100, whichever is lower.
12.4. Following a return decision, the Company will initiate the return within a reasonable time, typically up to 7 calendar days, subject to network/banking/partner constraints and completion of the AML Case review. The AML Case review period typically does not exceed 7 Business Days, and in exceptional cases may extend up to 30 Business Days.
13. STORAGE OF IDENTITY INFORMATION AND RECORDS
13.1. The Service ensures proper storage of Users’ identity information and transaction records and properly keeps documents and data such as User identity information and transaction records so as to facilitate money laundering investigation and supervision and regulation, and prevent the loss, damage and disclosure of such information.
13.2. User identity information and transaction data saved by the Service includes the User identity information as provided, various data and records reflecting the User’s identity identification carried out by the Service, as well as the data and information of each transaction and other data reflecting the actual circumstances of the transactions.
13.3. The Service keeps User identity information and transaction records for specific terms depending on the following circumstances:
13.3.1. User’s identity information shall be kept for at least five years, starting from the date when the business relationship between the User and the Service is terminated.
13.3.2. transaction records shall be kept for at least five years, starting from the date when the transaction is made.
13.3.3. if the User’s identity information and transaction records involve any suspicious activity that is being investigated for money laundering, and the investigation into money laundering is not completed at the expiration of the minimum storage term as specified in the preceding paragraph, the Service will keep them until the end of the money laundering investigation.
13.3.4. If a judicial body, law enforcement body or other competent authority of any country or region submits a request to the Service for assistance in connection with any investigation, the Service is obliged to cooperate with such investigation and provide relevant information and materials as requested by such body or authority, as the case may be.
14. AMENDMENTS
14.1. The Service may amend this AML/KYC Policy from time to time. The current version is published on crystal-trade.org and becomes effective upon publication unless stated otherwise.