Anti-Money Laundering (AML) & Know Your Customer (KYC) Policy

Last Updated: January 12, 2026

This Anti-Money Laundering and Know Your Customer Policy (“Policy”) outlines the compliance frameworks, technological gating mechanisms, and regulatory protocols enforced by AurumShield (“we,” “us,” or “our”).

AurumShield operates an institutional-grade deterministic clearinghouse for physical commodities and fiat capital. As such, we are unequivocally committed to full compliance with all applicable global financial regulations, including the United States Bank Secrecy Act (BSA), the USA PATRIOT Act, directives enforced by the Financial Crimes Enforcement Network (FinCEN), the Office of Foreign Assets Control (OFAC), and the Financial Action Task Force (FATF) recommendations.

ARTICLE 1: ZERO-TOLERANCE PHILOSOPHY AND SCOPE

• 1.1. Absolute Prohibition: AurumShield maintains a strict, zero-tolerance policy against money laundering, terrorist financing, sanctions evasion, bribery, corruption, and all other forms of illicit financial activity.
• 1.2. Institutional Restriction: The Platform is strictly geofenced and restricted to verified, accredited institutional counterparties. At no time will AurumShield permit retail consumers, anonymous entities, or shell corporations lacking demonstrable physical operational headquarters to utilize the clearing ledger or DvP escrow.

ARTICLE 2: CUSTOMER IDENTIFICATION PROGRAM (CIP) & CORPORATE KYC

Before any Counterparty is permitted to access the Platform, execute a trade, or route fiat capital, they must satisfy our exhaustive Customer Identification Program.

• 2.1. Corporate Entity Verification: Counterparties must submit certified articles of incorporation, active Legal Entity Identifiers (LEI), certificates of good standing, operating agreements, and audited financials.
• 2.2. Ultimate Beneficial Owner (UBO) Disclosures: AurumShield mandates complete structural transparency. Counterparties must identify and provide comprehensive KYC documentation for any individual or entity holding an equity, voting, or controlling interest of 10% or greater in the Counterparty.
• 2.3. Authorized Signatories: Executive officers and authorized traders (“Makers” and “Checkers”) must be cryptographically bound to the corporate entity utilizing verified digital signatures and contract lifecycle management protocols (via our sub-processor, DocuSign CLM).

ARTICLE 3: FORENSIC AND BIOMETRIC VERIFICATION INFRASTRUCTURE

To mitigate the risks of synthetic identities and forged corporate documentation, AurumShield employs advanced, third-party forensic sub-processors during the onboarding and re-verification lifecycles:

• 3.1. Biometric Liveness: Utilizing our identity partner Veriff, authorized officers and UBOs are subjected to active biometric facial geometry mapping and liveness checks, checked against government-issued identity documents to definitively prove identity.
• 3.2. Document Forensics: Utilizing our cryptographic validation partner Diro, all uploaded bank statements, utility bills, and corporate filings are subjected to origin tracing and cryptographic forgery analysis to ensure data provenance directly from the issuing institution.

ARTICLE 4: THE COMPLIANCE GATING ARCHITECTURE

• 4.1. Deterministic State Machine: AurumShield operates a proprietary “Compliance Gate” natively integrated into the clearing ledger. Compliance is not merely a policy; it is a mathematical prerequisite for platform utilization.
• 4.2. Operational Locking: A transaction cannot be initiated, nor can the Delivery versus Payment (DvP) escrow be locked, unless both the Buyer and the Seller possess an uninterrupted “Verified and Active” compliance state. If a Counterparty's compliance state drops to “Pending,” “Suspended,” or “Flagged” at any millisecond prior to Atomic Settlement, the deterministic engine will automatically halt the transaction, freeze in-flight capital routing, and suspend logistics dispatch.

ARTICLE 5: CONTINUOUS MONITORING AND SANCTIONS SCREENING

KYC at AurumShield is not a one-time onboarding event; it is a continuous, automated lifecycle.

• 5.1. Real-Time Screening: Counterparties, UBOs, and associated banking nodes (routed via Column Bank) are continuously screened via automated API feeds against global watchlists, including but not limited to OFAC Specially Designated Nationals (SDN), UN Security Council resolutions, the EU Consolidated List, and UK HM Treasury lists.
• 5.2. Adverse Media and PEPs: We conduct ongoing screening for Politically Exposed Persons (PEPs) and negative/adverse media coverage indicating potential involvement in financial crime or regulatory censure. Matches trigger immediate account suspension pending manual review by AurumShield's Chief Compliance Officer.

ARTICLE 6: ASSET FREEZING AND SUSPICIOUS ACTIVITY REPORTING (SAR)

• 6.1. Regulatory Reporting: AurumShield monitors intraday trade velocity, capital deployment anomalies, and physical logistics routing for suspicious patterns. Where required by law, AurumShield will file Suspicious Activity Reports (SARs) or equivalent disclosures to FinCEN and relevant domestic or international law enforcement agencies.
• 6.2. No “Tipping Off”: By law, AurumShield is strictly prohibited from informing a Counterparty that they are the subject of a SAR, a regulatory subpoena, or an active law enforcement investigation.
• 6.3. Right to Freeze: Counterparty explicitly acknowledges that in the event of a severe compliance breach, suspected fraud, or legal mandate, AurumShield possesses the unilateral right to freeze fiat capital held in the banking adapter, halt the transfer of physical commodity titles within the DvP escrow, and reroute physical logistics shipments to a secure holding facility pending regulatory resolution.

ARTICLE 7: RECORD RETENTION

In strict accordance with the Bank Secrecy Act and international financial regulations, all KYC/AML documentation, biometric verification logs, continuous screening results, and transactional clearing ledgers are retained securely for a minimum of seven (7) years following the termination of the Counterparty relationship, irrespective of standard data deletion requests.