1. Policy Statement and Scope

Proxy.forex Ltd. ("Proxy.forex", "we", "us", or "our") is fully committed to the prevention of money laundering (ML), terrorist financing (TF), and proliferation financing (PF) in connection with the forex and CFD trading services we provide to our clients. Proxy.forex Ltd. is registered in Malta (Company Registration No. C 98210) and is authorised by the Malta Financial Services Authority (MFSA) as an investment firm under the Investment Services Act (Chapter 376 of the Laws of Malta). We are a "subject person" under the Prevention of Money Laundering Act (Chapter 373, "PMLA") and its implementing regulations, and are supervised by the Financial Intelligence Analysis Unit (FIAU) for AML/CTF compliance. This Anti-Money Laundering and Counter-Terrorist Financing Policy ("AML Policy") sets out the principles, procedures, and controls that Proxy.forex maintains to detect, prevent, and report money laundering, terrorist financing, and other financial crimes. This policy applies to all Proxy.forex employees, officers, directors, contractors, and agents, as well as to all client relationships and transactions processed through our platform. Our AML framework is designed to comply with: - The 4th Anti-Money Laundering Directive (Directive 2015/849) and the 5th Anti-Money Laundering Directive (Directive 2018/843) - Malta's Prevention of Money Laundering Act (Chapter 373) and Prevention of Money Laundering and Funding of Terrorism Regulations (S.L. 373.01) - FIAU Implementing Procedures (Parts I and II) - The Financial Action Task Force (FATF) Recommendations - Regulation (EU) 2015/847 on information accompanying transfers of funds (the "Wire Transfer Regulation") - All applicable EU and national sanctions regulations

2. Risk-Based Approach

Proxy.forex adopts a risk-based approach (RBA) to AML/CTF compliance, as mandated by the FATF Recommendations and the 4th AML Directive. This means that we allocate our compliance resources proportionately to the level of ML/TF risk identified, applying enhanced measures where risks are higher and simplified measures where risks are demonstrably lower. Business-Wide Risk Assessment (BWRA): Proxy.forex conducts a comprehensive business-wide risk assessment at least annually, and whenever there is a material change in our business model, product offering, customer base, or the external risk environment. The BWRA evaluates ML/TF risks across the following dimensions: - Customer risk: The types of clients we serve, their identity, geographic locations, trading patterns, and source of funds. - Product and service risk: The inherent ML/TF risks associated with different financial instruments, payment methods, currencies, transaction types, and processing volumes. - Geographic risk: The jurisdictions in which our clients are located, with reference to FATF grey/black lists, Transparency International Corruption Perceptions Index, and EU high-risk third-country lists. - Delivery channel risk: The risks associated with non-face-to-face business relationships and digital payment channels. - Transaction risk: Unusual transaction patterns, rapid movement of funds, inconsistencies between trading activity and deposit/withdrawal behaviour. Individual Risk Scoring: Each client and transaction is assigned a risk score based on multiple factors. Risk scores determine the level of due diligence applied and the intensity of ongoing monitoring.

3. Customer Due Diligence (CDD)

Proxy.forex applies rigorous customer due diligence measures before establishing a business relationship with any client and on an ongoing basis throughout the relationship. Standard Due Diligence (SDD) for Client Onboarding: All clients must provide the following documentation: - Government-issued photo identification (passport, national ID card, or driving licence) - Proof of address dated within the last three months (utility bill, bank statement, or official government correspondence) - Source of funds questionnaire detailing the origin of funds intended for trading (employment income, savings, investments, inheritance, etc.) - Tax identification number and country of tax residence - Self-declaration of trading experience and knowledge of forex/CFD products, in accordance with MiFID II appropriateness requirements Enhanced Due Diligence (EDD): EDD is applied where higher ML/TF risk is identified, including: - Clients resident in jurisdictions on the FATF grey or black list or the EU list of high-risk third countries - Clients identified as a Politically Exposed Person (PEP), a family member of a PEP, or a known close associate of a PEP - Clients with unusually high deposit volumes relative to their stated income or occupation - Clients whose source of funds cannot be readily verified - Clients operating from jurisdictions with known deficiencies in AML/CTF supervision EDD measures may include: senior management approval for the business relationship, more frequent KYC document refresh cycles, enhanced source of funds documentation (such as bank statements, payslips, or tax returns), and enhanced ongoing transaction monitoring. Ongoing Due Diligence: CDD is not a one-time exercise. Proxy.forex conducts ongoing due diligence including: - Annual KYC refresh for all clients, with more frequent reviews for high-risk clients - Continuous screening of clients against PEP, sanctions, and adverse media databases using automated screening tools - Monitoring for material changes in client circumstances, trading behaviour, or risk profile - Regular review of transaction patterns against the client's expected activity profile

4. Source of Funds and Source of Wealth

Given the elevated ML/TF risks inherent in the forex and CFD industry, Proxy.forex places particular emphasis on source of funds (SOF) and source of wealth (SOW) verification. Client Level: All clients must demonstrate that the funds used for trading originate from legitimate sources. This includes: - Providing supporting documentation such as bank statements, payslips, tax returns, or proof of investment proceeds - Declaring the origin of trading capital (employment income, savings, business revenue, inheritance, investment returns, etc.) - Confirming the expected deposit and withdrawal volumes in relation to their stated financial position Transaction Level: Proxy.forex monitors client deposit and withdrawal patterns for indicators of illicit source of funds, including: - Structured deposits: Multiple deposits just below reporting or verification thresholds, designed to avoid triggering AML controls ("smurfing") - Rapid deposit-withdrawal cycles: Clients who deposit significant sums and request withdrawal shortly thereafter with minimal or no trading activity (potential "layering" through the trading platform) - Third-party funding: Deposits made from payment methods not belonging to the registered trading account holder - Inconsistent funding patterns: Deposit amounts or frequencies that are inconsistent with the client's stated occupation, income level, or trading experience - High-risk payment method combinations: Use of multiple anonymous or semi-anonymous payment methods (prepaid cards, certain e-wallets, cryptocurrency) to fund a single trading account - Geographic inconsistencies: Deposits originating from jurisdictions that do not match the client's registered location Where source of funds concerns are identified, our compliance team may request additional documentation from the client or directly flag the transaction for review before processing.

5. Transaction Monitoring

Proxy.forex operates a comprehensive, multi-layered transaction monitoring system designed to detect suspicious activity patterns specific to forex and CFD trading: Automated Real-Time Monitoring: Our AI-powered monitoring system analyses every transaction in real-time against a comprehensive set of rules and behavioural models, including: - Velocity rules: Monitoring deposit frequency, amounts, and payment method switching patterns that may indicate structuring or layering - Pattern detection: Identifying circular flows (deposit-trade-withdraw cycles with minimal market exposure), round-trip transactions, and pass-through activity - Anomaly detection: Machine learning models that identify deviations from established client behaviour baselines, including sudden changes in deposit amounts, frequency, or payment methods - Multi-account analysis: Identifying clients operating multiple accounts with patterns suggestive of abuse or layering - Geographic risk monitoring: Flagging transactions originating from high-risk jurisdictions, sanctioned countries, or jurisdictions inconsistent with the client's profile - PEP and sanctions screening: Real-time screening of transaction parties against global PEP databases, consolidated sanctions lists (EU, OFAC, UN, HMT, DFAT), and adverse media sources Forex-Specific Monitoring Rules: Given the unique characteristics of the forex/CFD industry, our monitoring system includes rules specifically designed for trading platform payment flows: - Deposit-to-withdrawal ratio analysis: Identifying accounts with abnormally high withdrawal-to-deposit ratios or accounts that withdraw the vast majority of deposited funds with minimal trading activity - Trading pattern correlation: Analysing whether deposit and withdrawal patterns correlate with legitimate trading activity or suggest that the trading account is being used as a vehicle for fund transfers - Bonus abuse detection: Identifying patterns consistent with deposit bonus abuse schemes that may be used to launder funds - Hedging scheme detection: Flagging potential coordinated accounts that open opposing positions to guarantee a "win" on one account while creating a legitimate-appearing loss on another Manual Review and Investigation: Alerts generated by our automated systems are reviewed by our dedicated AML Compliance team, who conduct further investigation including: - Analysis of the full transaction history and client profile - Review of KYC documentation and source of funds information on file - Communication with the client to obtain additional context where appropriate - Escalation to the MLRO where suspicious activity is confirmed or suspected

6. Suspicious Activity Reporting

Proxy.forex maintains robust procedures for identifying and reporting suspicious activity in accordance with Maltese law and applicable international standards. Money Laundering Reporting Officer (MLRO): Proxy.forex has appointed a Money Laundering Reporting Officer (MLRO) who is registered with the FIAU and has overall responsibility for: - Receiving internal suspicious activity reports (SARs) from employees and compliance analysts - Evaluating reports and determining whether there are reasonable grounds to suspect ML/TF - Filing Suspicious Transaction Reports (STRs) and Suspicious Activity Reports (SARs) with the FIAU - Maintaining comprehensive records of all internal reports and regulatory filings - Liaising with the FIAU and other competent authorities as required Internal Reporting: All Proxy.forex employees are required to report any knowledge or suspicion of ML/TF to the MLRO immediately. Internal reporting channels include a secure, confidential internal reporting system. Reports can be made without fear of reprisal -- Proxy.forex has a strict whistleblower protection policy in accordance with Directive (EU) 2019/1937 (the Whistleblower Protection Directive). Tipping-Off Prohibition: Proxy.forex strictly prohibits tipping off. No employee, officer, or agent may disclose to any client or third party that: (a) an internal suspicious activity report has been made; (b) a SAR/STR has been or will be filed with the FIAU; or (c) an ML/TF investigation is underway. Violation of the tipping-off prohibition is a criminal offence under Maltese law. Transaction Suspension: Where Proxy.forex suspects that a transaction is connected to ML/TF, we reserve the right to: - Delay processing of the transaction pending investigation - Suspend the client's account pending review - Block further deposits or withdrawals on the flagged client account - Freeze funds as required by the FIAU or other competent authority - Report the activity to the FIAU before processing, as required under the PMLA Reporting Timelines: STRs are filed with the FIAU promptly upon the MLRO's determination that there are reasonable grounds for suspicion, and in all cases within the timeframes mandated by the FIAU. Proxy.forex does not wait for the completion of its own internal investigation before filing where the circumstances warrant immediate reporting.

7. Sanctions Compliance

Proxy.forex maintains a comprehensive sanctions compliance programme to ensure that we do not process payments in violation of applicable sanctions regimes: Sanctions Lists Screened: We screen all clients and transaction parties against the following sanctions lists, updated in real-time: - European Union Consolidated Sanctions List - United Nations Security Council Consolidated List - US OFAC Specially Designated Nationals and Blocked Persons List (SDN) - US OFAC Consolidated Sanctions List - UK HM Treasury Consolidated List of Financial Sanctions Targets - Australian DFAT Consolidated List - Canadian Consolidated Autonomous Sanctions List - All other sanctions lists applicable in jurisdictions where Proxy.forex operates Country and Territory Restrictions: Proxy.forex does not process payments to, from, or through countries or territories subject to comprehensive sanctions, including (but not limited to) North Korea, Iran, Syria, Cuba, Crimea, Donetsk, and Luhansk regions of Ukraine, and Myanmar (where applicable). This list is reviewed and updated regularly in response to changes in sanctions regimes. Screening Process: - Onboarding screening: All clients are screened against all applicable sanctions lists during onboarding and before account activation - Ongoing screening: Continuous monitoring against updated sanctions lists, with daily batch screening and real-time event-driven screening upon list updates - Transaction screening: Real-time screening of payment beneficiary information, originator information, and correspondent bank details against sanctions lists - False positive management: A documented process for investigating and dispositioning potential sanctions matches, with clear escalation procedures for confirmed matches Sanctions Match Procedures: In the event of a confirmed sanctions match: - The transaction and/or business relationship is immediately frozen - The MLRO is notified immediately - A report is filed with the relevant competent authority (FIAU, MFSA, and/or OFAC as applicable) - No further transactions are processed until the matter is resolved - Legal counsel is engaged where required

8. Record Keeping

Proxy.forex maintains comprehensive records of all CDD, transaction monitoring, and suspicious activity reporting activities in accordance with the PMLA and FIAU Implementing Procedures: CDD Records: All customer identification and verification documents, corporate due diligence records, risk assessments, and EDD documentation are retained for a minimum of 5 years from the end of the business relationship with the client. Transaction Records: Records of all transactions processed through the Proxy.forex platform, including transaction amount, currency, payment method, originator and beneficiary information, timestamps, and processing status, are retained for a minimum of 7 years from the date of the transaction. Monitoring and Investigation Records: Records of all transaction monitoring alerts, investigations, analysis, and outcomes are retained for a minimum of 5 years from the date of the alert or the completion of the investigation, whichever is later. SAR/STR Records: Records of all suspicious activity reports, both internal and external (filed with the FIAU), are retained for a minimum of 5 years from the date of filing, in accordance with FIAU requirements. These records are maintained in a confidential, access-restricted system separate from general business records. Training Records: Records of AML/CTF training completed by all employees are retained for the duration of employment plus 5 years. Regulatory Correspondence: All correspondence with the FIAU, MFSA, and other competent authorities relating to AML/CTF matters is retained indefinitely. All records are stored securely with appropriate access controls, encryption, and audit trails. Records are available for inspection by the FIAU, MFSA, and other competent authorities upon request.

9. Employee Training and Awareness

Proxy.forex maintains a comprehensive AML/CTF training programme for all employees, officers, and contractors: Induction Training: All new employees receive AML/CTF training during their induction, covering: - Overview of ML/TF risks in the forex and CFD trading industry - Proxy.forex's AML Policy and procedures - How to identify suspicious activity and red flags specific to forex transactions - Internal reporting obligations and procedures - Tipping-off prohibition and its consequences - Sanctions compliance and screening procedures - Data protection obligations in the context of AML compliance Annual Refresher Training: All employees receive annual refresher training covering updates to AML legislation and regulations, emerging ML/TF typologies relevant to forex and CFD trading, changes to Proxy.forex policies and procedures, lessons learned from internal reviews and regulatory feedback, and case studies of relevant enforcement actions. Role-Specific Training: Employees in compliance, operations, and customer-facing roles receive enhanced training specific to their responsibilities, including: - Compliance team: Advanced CDD techniques, investigation methodology, SAR drafting, regulatory engagement, and sanctions screening procedures - Operations team: Red flag identification during transaction processing, escalation procedures, and payment method-specific risks - Senior management: Strategic AML/CTF risk management, regulatory landscape, and governance responsibilities Training Records and Assessment: All training is documented, and employees are required to pass assessments demonstrating their understanding. Training completion rates and assessment results are reported to the Board of Directors quarterly.

10. Governance and Oversight

Proxy.forex's AML/CTF framework is subject to robust governance and oversight: Board of Directors: The Board has ultimate responsibility for ensuring that Proxy.forex maintains an effective AML/CTF framework. The Board approves this AML Policy, receives regular reports from the MLRO and Compliance function, and ensures that adequate resources are allocated to AML/CTF compliance. Money Laundering Reporting Officer (MLRO): The MLRO has day-to-day responsibility for AML/CTF compliance and reports directly to the Board. The MLRO has the authority and independence to carry out their functions effectively, including direct access to all relevant systems, data, and personnel. Compliance Function: The dedicated AML Compliance team operates independently of business lines and is responsible for CDD, transaction monitoring, investigation, and reporting functions. The team reports to the MLRO and is adequately staffed and resourced. Internal Audit: An independent internal audit function reviews the effectiveness of the AML/CTF framework at least annually, including testing of controls, policies, and procedures. Audit findings and remediation actions are reported to the Board. External Audit and Regulatory Review: Proxy.forex engages qualified external auditors to conduct independent assessments of the AML/CTF framework as required by the FIAU. We cooperate fully with all FIAU inspections, supervisory reviews, and information requests. Policy Review: This AML Policy is reviewed and updated at least annually by the MLRO and approved by the Board. Ad hoc reviews are conducted in response to significant changes in legislation, regulatory guidance, business model, or risk environment. For questions about this AML Policy or to report suspicious activity, contact the MLRO at [email protected] or write to Proxy.forex Ltd., Attn: MLRO, Level 3, Quantum House, 75 Abate Rigord Street, Ta' Xbiex XBX 1120, Malta.