Anti-Money Laundering (AML) Policy

Last updated: February 2026

1. Introduction and Commitment

iBnk Vault LLC ("iBnk," "we," "us," or "our") is a crypto-to-fiat platform committed to the highest standards of anti-money laundering ("AML") and counter-terrorist financing ("CTF") compliance. We operate in strict accordance with applicable laws and regulations, including but not limited to the Bank Secrecy Act ("BSA"), the USA PATRIOT Act, and the regulations and guidance issued by the Financial Crimes Enforcement Network ("FinCEN") of the United States Department of the Treasury. Where applicable, we also adhere to the regulatory requirements of the Australian Transaction Reports and Analysis Centre ("AUSTRAC").

This AML Policy outlines the procedures, controls, and internal practices that iBnk maintains to detect, prevent, and report money laundering, terrorist financing, and other illicit financial activities. Our commitment extends to fostering a culture of compliance across all levels of the organization, ensuring that every employee, contractor, and agent understands their obligations under this policy.

We recognize that the cryptocurrency industry presents unique risks related to the pseudonymous nature of blockchain transactions, the speed of cross-border transfers, and the evolving regulatory landscape. To address these risks, iBnk has implemented a comprehensive compliance program that is regularly reviewed and updated to reflect changes in law, regulation, and industry best practices.

2. Know Your Customer (KYC) Procedures

iBnk maintains a robust Know Your Customer ("KYC") program designed to verify the identity of every customer before they are permitted to conduct transactions on our platform. Our KYC procedures are a critical component of our AML compliance framework and are designed to ensure that we understand who our customers are, the nature of their activities, and the risks they may present.

2.1 Customer Identification Program (CIP)

In accordance with Section 326 of the USA PATRIOT Act and FinCEN's implementing regulations, iBnk has established a Customer Identification Program ("CIP") that requires the collection and verification of identifying information from each customer at the time of account opening. At a minimum, we collect the following information from individual customers:

Full legal name
Date of birth
Residential address
Government-issued identification number (e.g., Social Security Number, passport number, or national ID number)
A copy of a valid, unexpired government-issued photo identification document

We verify the information provided by customers using reliable, independent sources, which may include documentary verification (e.g., reviewing government-issued identification documents) and non-documentary verification (e.g., cross-referencing information against third-party databases and public records).

2.2 Individual Verification via Bridge API

iBnk utilizes the Bridge API to facilitate and streamline the identity verification process for individual customers. Through this integration, customer-submitted identification documents and personal information are verified against authoritative data sources in real time. The Bridge API enables us to perform document authentication, facial recognition matching, and database cross-checks to confirm the identity of each customer with a high degree of confidence. Customers who cannot be adequately verified through the Bridge API may be subject to additional manual review or may be denied access to the platform.

2.3 Business Verification (KYB)

For business customers, iBnk conducts Know Your Business ("KYB") procedures that include, but are not limited to:

Verification of the legal existence and status of the business entity through official corporate registries and formation documents (e.g., articles of incorporation, certificates of formation, or equivalent documents)
Identification and verification of the beneficial owners who own or control 25% or more of the equity interests of the entity, as well as any individual who exercises significant managerial control
Collection and verification of the business's Employer Identification Number (EIN) or equivalent tax identification number
Understanding the nature and purpose of the business relationship, including the expected volume and types of transactions
Verification of the authority of the individual acting on behalf of the business entity

2.4 Enhanced Due Diligence (EDD)

iBnk applies Enhanced Due Diligence ("EDD") measures to customers and transactions that present a higher risk of money laundering or terrorist financing. EDD may be triggered by factors including, but not limited to:

Customers who are Politically Exposed Persons ("PEPs") or who have close associations with PEPs
Customers located in or conducting transactions involving jurisdictions identified as high-risk by FATF, OFAC, or other relevant authorities
Customers whose transaction patterns are unusual, inconsistent with their stated purpose, or otherwise raise suspicion
Business relationships that involve complex ownership structures or nominee arrangements
Customers who have been the subject of prior suspicious activity reports or law enforcement inquiries

EDD measures may include obtaining additional identification documents, conducting more frequent reviews of account activity, requiring senior management approval for the continuation of the business relationship, and gathering information about the source of funds and source of wealth.

3. Transaction Monitoring

iBnk employs a comprehensive transaction monitoring program designed to detect and investigate potentially suspicious activity in a timely manner. Our monitoring systems are calibrated to identify transactions and patterns of behavior that may indicate money laundering, terrorist financing, fraud, or other illicit activity.

3.1 Automated Monitoring

We utilize automated transaction monitoring systems that analyze customer transactions in real time and on a retrospective basis. These systems apply rule-based and behavior-based detection methodologies to flag transactions that meet predefined risk criteria. Monitoring parameters are regularly reviewed and updated to reflect emerging typologies, regulatory guidance, and changes in our customer base and product offerings.

3.2 Suspicious Activity Identification

Our monitoring systems are designed to identify, among other things, the following types of potentially suspicious activity:

Transactions that are unusually large or complex relative to the customer's profile or stated purpose
Rapid movement of funds through the platform with no apparent economic or lawful purpose
Structuring or splitting of transactions to avoid reporting thresholds or identification requirements
Transactions involving jurisdictions, entities, or individuals associated with heightened money laundering or terrorist financing risk
Patterns of activity that are inconsistent with the customer's known business or personal profile
Attempts to use the platform to convert cryptocurrency derived from known illicit sources, including darknet markets, ransomware, or sanctioned entities
Frequent changes to customer identification information or the use of multiple accounts

3.3 Transaction Limits

iBnk imposes transaction limits based on the customer's verification level, risk profile, and applicable regulatory requirements. These limits are designed to mitigate risk and ensure that higher-value transactions are subject to appropriate scrutiny. Customers seeking to increase their transaction limits may be required to undergo additional verification and due diligence procedures. All transactions at or above applicable Currency Transaction Report ("CTR") thresholds are reported to FinCEN as required by law.

4. Suspicious Activity Reporting

iBnk is committed to the timely identification and reporting of suspicious activity in accordance with the BSA and FinCEN regulations. When our monitoring systems or personnel identify activity that is known or suspected to involve funds derived from illegal activity, or that is designed to evade BSA reporting requirements, we take the following steps:

The flagged activity is escalated to the Compliance team for review and investigation. The Compliance team conducts a thorough analysis of the transaction(s), the customer's account history, and any other relevant information.
If, after investigation, the Compliance team determines that the activity is suspicious and meets the applicable reporting thresholds, a Suspicious Activity Report ("SAR") is prepared and filed with FinCEN through the BSA E-Filing System within 30 calendar days of the initial detection of the suspicious activity, or within 60 calendar days if no suspect is identified at the time of initial detection.
All SAR filings are reviewed and approved by the designated Compliance Officer or their delegate prior to submission.
iBnk maintains the strict confidentiality of SAR filings. No employee, officer, or agent of iBnk shall disclose the existence or contents of a SAR to the subject of the report or to any person other than as authorized by law or regulation.
Supporting documentation for each SAR filing is retained in accordance with our record-keeping obligations and is made available to law enforcement and regulatory authorities upon request.

In cases where the suspicious activity involves an imminent threat to national security or an ongoing violation of federal criminal law, iBnk will notify the appropriate law enforcement authorities immediately, in addition to filing a SAR.

5. Sanctions Screening

iBnk maintains a sanctions compliance program to ensure that we do not engage in transactions with, or provide services to, individuals, entities, or jurisdictions that are subject to economic sanctions administered by the U.S. Department of the Treasury's Office of Foreign Assets Control ("OFAC") or other applicable sanctions authorities.

Our sanctions screening procedures include the following measures:

All customers are screened against the OFAC Specially Designated Nationals and Blocked Persons List ("SDN List"), the Consolidated Sanctions List, and other relevant sanctions lists at the time of account opening and on an ongoing basis.
Transactions are screened in real time to identify any involvement of sanctioned individuals, entities, or jurisdictions.
We utilize automated screening tools that are regularly updated to reflect changes to applicable sanctions lists.
Any potential sanctions match is escalated to the Compliance team for review. If a true match is confirmed, the transaction is blocked, the account is frozen, and a report is filed with OFAC within 10 business days, as required.
iBnk prohibits transactions involving comprehensively sanctioned jurisdictions, including but not limited to Cuba, Iran, North Korea, Syria, and the Crimea, Donetsk, and Luhansk regions of Ukraine, as designated by OFAC.

Our sanctions compliance program is reviewed and updated regularly to reflect changes in OFAC guidance, executive orders, and applicable international sanctions regimes.

6. Record Keeping

iBnk maintains comprehensive records in accordance with the BSA and other applicable regulations. Our record-keeping practices are designed to ensure that all relevant information is preserved and readily accessible for regulatory examination, law enforcement inquiries, and internal audit purposes.

We retain the following records for a minimum period of five (5) years from the date of the transaction or the date the account is closed, whichever is later:

Customer identification and verification records, including copies of identification documents, CIP and KYB documentation, and the results of any due diligence or enhanced due diligence reviews
Transaction records, including the date, amount, currency, and parties involved in each transaction processed through the platform
Records of all SARs filed, including supporting documentation and the results of any related investigations
Records of all CTRs and other regulatory reports filed
Sanctions screening results and records of any blocked or rejected transactions
Correspondence with regulatory authorities and law enforcement agencies
AML training records, including the dates of training sessions, the content covered, and the names of attendees
Internal audit reports and compliance review findings

Records are stored securely using encryption and access controls to protect the confidentiality and integrity of customer information. Access to compliance records is restricted to authorized personnel on a need-to-know basis.

7. Risk Assessment

iBnk conducts periodic risk assessments to identify, evaluate, and mitigate the money laundering and terrorist financing risks associated with our products, services, customers, and geographic exposure. The risk assessment forms the foundation of our AML compliance program and informs the design and calibration of our controls.

7.1 Customer Risk Classification

Each customer is assigned a risk rating based on an evaluation of relevant risk factors, including but not limited to:

The customer's geographic location and the jurisdictions involved in their transactions
The nature and purpose of the customer's account and expected transaction activity
The customer's occupation, business type, or source of funds
Whether the customer is a PEP or has associations with PEPs
The customer's transaction history and any prior suspicious activity indicators
The results of sanctions screening and adverse media checks

Customers are classified into risk tiers (e.g., low, medium, high), and the level of ongoing monitoring and due diligence applied to each customer is commensurate with their assigned risk level. Risk ratings are reviewed and updated periodically and whenever there is a material change in the customer's activity or profile.

7.2 Geographic Risk

iBnk evaluates the geographic risk associated with the jurisdictions in which our customers are located and to which they direct transactions. We consider factors such as:

Whether the jurisdiction is identified by FATF as having strategic AML/CTF deficiencies
Whether the jurisdiction is subject to comprehensive or targeted sanctions by OFAC or other authorities
The jurisdiction's level of corruption, as assessed by Transparency International's Corruption Perceptions Index and similar indices
The jurisdiction's regulatory framework for virtual assets and virtual asset service providers
Whether the jurisdiction is known to be associated with heightened levels of drug trafficking, fraud, or other predicate offenses for money laundering

Transactions involving high-risk jurisdictions are subject to enhanced scrutiny, and iBnk reserves the right to restrict or prohibit transactions involving certain jurisdictions at its sole discretion.

8. Training and Compliance

iBnk is committed to ensuring that all employees, officers, and relevant contractors receive adequate training on AML and CTF obligations. Our training program is designed to equip personnel with the knowledge and skills necessary to identify and report suspicious activity and to comply with all applicable laws and regulations.

Our training and compliance program includes the following elements:

All new employees receive AML/CTF training as part of their onboarding process, covering the fundamentals of money laundering and terrorist financing, the requirements of the BSA and USA PATRIOT Act, and iBnk's internal policies and procedures.
All employees receive annual refresher training that addresses updates to laws and regulations, emerging money laundering typologies, and lessons learned from internal and external case studies.
Employees in compliance, customer-facing, and risk management roles receive specialized, role-specific training on topics such as SAR preparation, sanctions screening, and enhanced due diligence.
Training records are maintained for a minimum of five (5) years and are available for review by regulators and auditors.
iBnk has designated a qualified Compliance Officer who is responsible for the overall administration of the AML compliance program, including the development and implementation of policies and procedures, the oversight of transaction monitoring and SAR filing, and the coordination of regulatory examinations and audits.
The Compliance Officer reports directly to senior management and has the authority and resources necessary to carry out their responsibilities effectively.

iBnk also engages independent third-party auditors to conduct periodic reviews of our AML compliance program to assess its effectiveness and identify areas for improvement. The findings of these audits are reported to senior management and are used to enhance our policies, procedures, and controls.

9. Contact Us

If you have any questions about this Anti-Money Laundering Policy, or if you wish to report suspicious activity, please contact us using the information below:

iBnk Vault LLC
30 N Gould St Sheridan, 82801 United States
Email: contact@ibnk.xyz

We take all reports of suspicious activity seriously and will investigate any concerns raised in a timely and confidential manner.