Anti-Money Laundering & Counter-Terrorist Financing Policy

1. Our Commitment

Quantifin Ltd, operating under the trade name GLPay, is committed to the highest standards of anti-money laundering (AML) and counter-terrorist financing (CTF) compliance. As a FINTRAC-registered Money Services Business (MSB) in Canada, we take our obligations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its associated Regulations seriously.

We maintain a comprehensive compliance program designed to detect, prevent, and report money laundering, terrorist financing, and other financial crimes. Our program is approved by senior management and overseen by a designated Compliance Officer who reports directly to the executive team.

GLPay is committed to fostering a culture of compliance and ethical conduct across all aspects of our operations, from onboarding to transaction processing and ongoing client relationships.

2. Regulatory Framework

Our AML/CTF program is built on the following regulatory foundations:

• PCMLTFA — Canada's Proceeds of Crime (Money Laundering) and Terrorist Financing Act and its associated Regulations, which set out our core obligations for reporting, record keeping, client identification, and compliance program requirements.
• FINTRAC — The Financial Transactions and Reports Analysis Centre of Canada provides regulatory oversight of MSBs in Canada. GLPay is registered with FINTRAC and subject to its supervisory framework, including compliance examinations.
• FATF Recommendations — We align our practices with the Financial Action Task Force (FATF) international standards for combating money laundering and terrorist financing, including the Travel Rule and risk-based approach recommendations.
• Canadian Sanctions Legislation — We comply with the Special Economic Measures Act (SEMA), the United Nations Act, the Justice for Victims of Corrupt Foreign Officials Act (Sergei Magnitsky Law), and all Ministerial Directives issued by the Minister of Finance.

GLPay employs a risk-based approach to AML/CTF compliance, meaning the intensity of our due diligence and monitoring measures is proportionate to the level of risk identified. We regularly conduct comprehensive risk assessments covering client risk, jurisdictional risk, transaction risk, payment instrument risk, and operational risk.

3. Know Your Customer (KYC)

Before establishing a business relationship, GLPay conducts thorough customer due diligence to verify the identity of each client and assess the risk they may pose. Our KYC program includes:

Identity Verification

• Government-issued photo identification (passport, driver’s license, national ID)
• Proof of address (utility bill, bank statement, government correspondence)
• Verification through reliable, independent sources and third-party identity verification providers

Risk Assessment

• Each client is assessed and assigned a risk rating (low, medium, or high) based on factors including location, type of services, nature of business, and transaction patterns
• Source of funds and source of wealth documentation may be required
• Purpose and intended nature of the business relationship is established

Ongoing Monitoring

• Client information is kept current and reviewed on a risk-based schedule
• Periodic reviews are conducted at intervals determined by the client’s risk level
• Changes in client activity or profile that affect risk are promptly identified and addressed

Enhanced Due Diligence (EDD)

For clients assessed as high-risk, GLPay applies enhanced due diligence measures. These may include more detailed verification of identity, additional documentation requirements, closer scrutiny of source of funds, senior management approval for onboarding, and more frequent ongoing reviews.

4. Know Your Business (KYB)

For business and corporate clients, GLPay conducts additional due diligence to understand the nature and structure of the entity:

• Corporate Documentation — Certificate of incorporation, articles of association, corporate registry filings, and other relevant formation documents
• Beneficial Ownership — Identification and verification of all individuals who own or control 25% or more of the entity, including their full name, country of residence, and supporting documentation
• Authorized Representatives — Verification of individuals authorized to act on behalf of the entity, including mandataries or agents
• Business Activity — Understanding the nature, purpose, and expected transaction activity of the business, including its end customers and counterparties
• Entity Existence — Confirmation of the entity’s legal existence through relevant government registries or certified documentation

Where beneficial ownership cannot be determined or the ownership structure is complex or opaque, GLPay applies additional risk-mitigation measures, including enhanced ongoing monitoring and escalation for senior review.

5. Transaction Monitoring

GLPay maintains a continuous transaction monitoring program to detect potentially suspicious activity. Our monitoring framework includes:

• Automated Screening — All transactions are screened on a daily basis against established parameters and rules designed to identify unusual or suspicious patterns
• Behavioral Analysis — Client transaction activity is monitored for deviations from expected behavior, including changes in volume, frequency, geography, and counterparty profiles
• Velocity Controls — Thresholds and limits are applied to detect structuring, rapid movement of funds, and other potentially suspicious activity
• Manual Review — Alerts generated by automated systems are reviewed by trained compliance staff, who assess the activity and determine appropriate follow-up actions

GLPay continuously works to optimize its monitoring rules to reduce false positives while maximizing the effectiveness of suspicious activity detection. Our monitoring capabilities are regularly reviewed and updated to address evolving typologies and risks.

6. Sanctions & PEP Screening

GLPay screens all clients and transactions against applicable sanctions lists and politically exposed persons (PEP) databases. Our screening program covers:

Sanctions Lists

• Canadian sanctions under the Special Economic Measures Act (SEMA) and United Nations Act
• United Nations Security Council consolidated sanctions list
• U.S. Office of Foreign Assets Control (OFAC) sanctions lists
• European Union consolidated sanctions list
• Justice for Victims of Corrupt Foreign Officials Act (Sergei Magnitsky Law) designations
• Terrorist group designations under the Criminal Code of Canada

PEP & Adverse Media Screening

• Domestic PEPs — Individuals who hold or have held prominent public functions in Canada
• Foreign PEPs — Individuals who hold or have held prominent public functions in a foreign country
• Heads of International Organizations (HIOs) — Individuals holding senior positions in international organizations
• Family Members & Close Associates of PEPs and HIOs
• Adverse Media — Screening against media sources for negative or concerning information

Positive matches are escalated to the Compliance team for review and may result in enhanced due diligence, regulatory reporting, or denial of service.

7. Prohibited Activities

GLPay services must not be used for any unlawful purpose. The following activities are strictly prohibited:

• Money laundering or the processing of proceeds derived from criminal activity
• Terrorist financing or providing financial support to terrorist organizations or individuals
• Fraud, identity theft, or misrepresentation in any form
• Evasion of applicable sanctions or dealing with sanctioned persons, entities, or jurisdictions
• Illegal gambling or unlicensed gaming operations
• Tax evasion or facilitation of tax evasion
• Structuring transactions to avoid reporting thresholds
• Bribery, corruption, or facilitation of corruption
• Dealing in narcotics, weapons, or other prohibited goods
• Any activity that contravenes the PCMLTFA, Canadian sanctions legislation, or other applicable laws

GLPay reserves the right to refuse service, freeze funds, terminate accounts, and report activity to the relevant authorities where prohibited activity is suspected.

8. Country Restrictions

GLPay maintains a Country Acceptance Policy that categorizes jurisdictions based on the level of risk they pose from an AML/CTF perspective. Our risk assessment considers factors including FATF compliance, sanctions status, corruption levels, political stability, and the effectiveness of local AML/CTF frameworks.

Banned Countries

GLPay will not provide services to clients who reside in, are incorporated in, or engage in business with the following sanctioned jurisdictions. This list is based on Canada's comprehensive sanctions and is actively monitored:

Belarus, Iran, Myanmar (Burma), North Korea (DPRK), Russia, Syria, and occupied regions of Ukraine (Crimea, Donetsk, and Luhansk).

Prohibited Countries

Clients who reside or have their primary business location in certain additional countries do not qualify for GLPay services, and we will not process transfers to or from these jurisdictions. The list of prohibited countries is maintained internally and updated in response to evolving sanctions and risk assessments.

High-Risk Jurisdictions

Clients with connections to jurisdictions identified as high-risk are subject to enhanced due diligence (EDD) measures prior to onboarding and on an ongoing basis. The designation of high-risk jurisdictions is reviewed regularly in line with guidance from FATF, FINTRAC, and other relevant authorities.

GLPay complies with all Ministerial Directives issued by the Minister of Finance, including those requiring countermeasures for transactions involving designated foreign jurisdictions.

9. Reporting Obligations

GLPay complies with all reporting requirements mandated by FINTRAC under the PCMLTFA. Our reporting obligations include:

• Suspicious Transaction Reports (STRs) — Filed when there are reasonable grounds to suspect a transaction is related to money laundering or terrorist financing. STRs are filed as soon as practicable.
• Attempted Suspicious Transaction Reports (ASTRs) — Filed when a suspicious transaction is attempted but does not proceed to completion.
• Electronic Funds Transfer Reports (EFTRs) — Filed for qualifying international electronic funds transfers as required by FINTRAC.
• Large Cash Transaction Reports (LCTRs) — Filed for qualifying cash transactions as required by FINTRAC (note: GLPay does not currently deal in physical cash).
• Large Virtual Currency Transaction Reports (LVCTRs) — Filed for qualifying virtual currency transactions as required by FINTRAC.
• Listed Person or Entity Property Reports — Filed immediately when property owned or controlled by a listed person, entity, or terrorist group is identified.

All reports are submitted to FINTRAC in accordance with prescribed timelines and procedures. GLPay also notifies the RCMP and CSIS when required by law.

10. Record Keeping

GLPay maintains comprehensive records in accordance with FINTRAC requirements. Our record-keeping practices include:

• All transaction records, including full lifecycle details (origin, destination, amount, date, routing, and status)
• Client identification and due diligence documentation
• Copies of all reports submitted to FINTRAC
• Service agreements and account records
• Internal memorandums relating to compliance matters
• Foreign currency exchange transaction records

All records are retained for a minimum of five (5) years after the end of the business relationship or from the date the record was created, whichever is later. Records are stored securely in electronic format and can be produced within 30 days of a request by FINTRAC or other authorized parties.

11. Employee Training

GLPay maintains an ongoing AML/CTF training program to ensure all staff are knowledgeable about their obligations under the PCMLTFA and this policy:

• All employees complete mandatory AML/CTF training within their first two weeks of employment
• Team-wide refresher training is conducted at least annually
• Training content is tailored to the specific ML/TF risks facing our business and includes an assessment component
• Compliance staff maintain professional certifications and continuing education requirements
• Additional training and awareness materials are provided on an ad hoc basis by the Compliance Officer as needed

GLPay also facilitates regular independent reviews of its AML/CTF program by qualified auditors, conducted at least every two years, to assess the effectiveness of our compliance regime.

12. Compliance Officer

In accordance with the PCMLTFA, GLPay has appointed a designated Compliance Officer who is responsible for the implementation, administration, and ongoing effectiveness of our AML/CTF compliance program.

The Compliance Officer’s responsibilities include, but are not limited to:

• Overseeing the day-to-day compliance and anti-money laundering activities of the business
• Administering and implementing risk management policies
• Supervising client due diligence and transaction monitoring
• Conducting and updating risk assessments
• Ensuring the policy suite is current and commensurate with regulatory requirements
• Facilitating AML/CTF training for all staff
• Coordinating independent reviews of the compliance program
• Responding to requests from FINTRAC, law enforcement, and other regulatory bodies
• Reporting to senior management on compliance activities and the overall status of the program

The Compliance Officer operates independently from other business functions and reports directly to the executive team.

13. Your Obligations

As a client of GLPay, you are required to:

• Cooperate with KYC procedures — Provide accurate, complete, and up-to-date identification and documentation as requested during onboarding and throughout the business relationship
• Provide truthful information — Ensure all information submitted to GLPay, including personal details, business information, and transaction details, is accurate and not misleading
• Notify us of changes — Promptly inform GLPay of any changes to your personal information, business structure, beneficial ownership, or the nature of your activities
• Use services lawfully — Only use GLPay services for legitimate, lawful purposes in compliance with all applicable laws and regulations
• Report concerns — If you become aware of or suspect any fraudulent, suspicious, or illegal activity in connection with your account or GLPay services, notify us immediately

Failure to comply with these obligations may result in the suspension or termination of your account, enhanced monitoring, and reporting to the relevant authorities.

14. Contact Us

If you have any questions about this AML/CTF Policy, our compliance procedures, or wish to report a concern, please contact us: