logo
Sign InSign Up
logo-shortFollow Us
Privacy PolicyKYC DisclaimerUser AgreementRisk DisclosureAML PolicyRules for Futures Trading Deduction VoucherLegal Statement
  • Privacy Policy
  • KYC Disclaimer
  • User Agreement
  • Risk Disclosure
  • AML Policy
  • Rules for Futures Trading Deduction Voucher
  • Legal Statement

AML Policy

2026-06-06 17:20:29

Hello, Dear Global Users of 4M:

Please read carefully 4M''s AML (Anti-Money Laundering) and KYC (Know Your Customer) policy.

4M''s AML/KYC Policies and Procedures

This policy relates to 4M''s Anti-Money Laundering and Countering the Financing of Terrorism (AML/KYC) policies and procedures. This policy is intended solely to provide general information and has no legally binding force on 4M and/or any other person (natural person or otherwise).


A. Principles and Methods of 4M AML/KYC Operations

4M is committed to supporting AML/KYC operations. In principle, we are committed to:

Conducting due diligence when dealing with our customers and natural persons appointed to act on behalf of our customers;

Developing business in accordance with high ethical standards and preventing, to the maximum extent possible, the establishment of any business relationship related to or potentially contributing to money laundering or terrorist financing;

Assisting and cooperating with relevant legal authorities to the greatest extent possible to prevent the threats of money laundering and terrorist financing.


B. 4M''s Risk Assessment and Risk Mitigation Methods

Risk Assessment

We expect most of our customers to be retail customers, and as of the date of publication of this policy, we will primarily operate in the Republic of Seychelles. In this regard, we will:

a. Record and/or collect documentation regarding the following:

The identity of our customers;

The country or jurisdiction from or in which our customers are located; and

b. Conduct assessment and screening: Based on our knowledge, skills, and capabilities, ensure that our customers, connected persons of the customers, natural persons appointed to act on behalf of the customers, and beneficial owners of the customers are assessed and screened with the assistance of designated lists of individuals and entities, which include (but are not limited to) the following categories:

Democratic People''s Republic of Korea;

Democratic Republic of the Congo;

Iran;

Libya;

Somalia;

South Sudan;

Sudan;

Yemen;

UN1267/1989 Al-Qaida Sanctions List;

UN1988 Taliban Sanctions List;

Persons identified in Schedule 1 of the Terrorism (Suppression of Financing) Act (Chapter 325).

Risk Mitigation

If discovered, we will not deal with anyone on the designated lists of individuals and entities.


C. Our Approach to New Products, Practices, and Technologies

We shall provide appropriate recommendations regarding the identification and assessment of money laundering and terrorist financing risks that may arise from:

The development of new products and new business practices, including new delivery mechanisms;

The use of new or developing technologies for both new and existing products.

We will pay special attention to any new products and new business practices, including new delivery mechanisms, as well as new or developing technologies that favor anonymity, such as: digital tokens that favor anonymity (whether security, payment, and/or utility tokens).


D. Our Customer Due Diligence Method (CDD)

We will not open, maintain, or accept anonymous accounts or pseudonymous accounts.

If we have any reasonable grounds to suspect that a customer''s assets or funds are the proceeds of drug trafficking or criminal conduct, we will not establish a business relationship or conduct transactions for the customer. We will submit a Suspicious Transaction Report for such transactions and provide a copy to the relevant financial intelligence agency.

We will perform customer due diligence in the following circumstances:

When we establish a business relationship with any customer;

When we conduct transactions for any customer who has not established a business relationship with us;

When we receive cryptocurrency via transfer for a customer with whom no business relationship has been established;

When we suspect money laundering or terrorist financing;

When we doubt the authenticity or adequacy of any information.

When we suspect that 2 or more transactions are or may be related, linked, or deliberately restructured from what would otherwise be a single transaction into smaller transactions to evade AML/CFT measures, we shall treat the transactions as a single transaction and aggregate their value to comply with AML/CFT principles.


Verification of Our Customers

We will verify each of our customers. In order to verify our customers, we must know at least:

Their full name, including aliases;

Their unique identification number (for example: identity card number, birth certificate number, or passport number, or in the case where the customer is not a natural person, their business registration number);

Either their registered address or their registered place of business (if applicable), and if the registered address and place of business are different, their principal place of business;

As well as their date of birth, incorporation, or registration;

And their nationality or place of registration.


If the customer is a legal person, in addition to obtaining the relevant information mentioned above, we shall also determine its legal form, constitution, and the powers that regulate and bind the legal person; we will also identify its connected parties (for example: directors, partners, and/or persons with executive authority) by obtaining at least the following information for each connected party:

Full name, including aliases;

And a unique identification number, such as: the connected party''s identity card number, birth certificate number, or passport number.


Verifying the Identity of Customers

We will use reliable, independent source data, documents, or information to verify the identity of our customers. If our customer is a legal person or a legal arrangement, we will use reliable, independent source data, documents, or information to verify the legal form, proof of existence, constitution, and the powers that regulate and bind the customer.

Identifying and Verifying the Identity of Natural Persons Appointed to Act (Customer Representatives)


If a customer appoints one or more natural persons to act on his behalf in establishing a business relationship with us, or if the customer is not a natural person, we will:

a. Identify each natural person acting on behalf of the customer or appointed to act on behalf of the customer by obtaining the following information: their full name, their unique identification number, residential address, date of birth, nationality;

b. Verify the identity of the aforementioned natural persons using reliable, independent source data and documents. We shall also verify the appropriate authority of each natural person appointed to act on behalf of our customer by obtaining the following information:

Appropriate written evidence authorizing our customer to appoint such natural persons;

A specimen signature of each natural person.

If the customer is a government entity, we will only obtain such information as may be required to confirm that the customer is the claimed government entity.


Identifying and Verifying Beneficial Owners

We will inquire whether there are beneficial owners related to the customer. If the customer has 1 or more beneficial owners, we will identify the beneficial owners and take reasonable measures to verify the identity of the beneficial owners using relevant information or data obtained from reliable, independent sources. We should:

If the customer is a legal person:

Determine the natural person(s) who ultimately own the legal person (whether acting alone or jointly);

If there is doubt as to whether the natural person who ultimately owns the legal person is the beneficial owner, or if no natural person ultimately owns the legal person, determine the ultimate effective control over the legal person by the natural person who ultimately controls or owns the legal person (as applicable); and

If no natural person is identified, determine the natural person who holds executive authority in such legal person;

If the customer is a legal arrangement:

In the case of a trust, identify the settlor, the trustee(s), the protector (if applicable), the beneficiaries, and any natural person exercising ultimate ownership, ultimate control, or ultimate effective control over the trust; and

For other types of legal arrangements, identify persons in equivalent positions.

If our customer is not a natural person, we will determine the nature of the customer''s business, and its ownership and control structure. We will be required to confirm the identity of the customer''s beneficial owner if any of the following exist:

An entity listed on a stock exchange;

An entity listed on a stock exchange that is subject to regulatory disclosure requirements and adequate transparency requirements relating to its beneficial owners;

A financial institution;

A financial institution that complies with and is supervised for compliance with AML/CFT requirements consistent with standards set by the FATF; or

An investment vehicle whose manager is a financial institution, or which is subject to AML/CFT requirements consistent with the standards established by the FATF;

(Unless we suspect the authenticity of the CDD information, or suspect that our customer, the business relationship with the customer, or the transactions conducted for the customer may be related to money laundering or terrorist financing. We will block such business and record the basis of our determination.)

Information on the Purpose and Intended Nature of a Business Relationship and Transactions Conducted Without an Account

When processing applications to establish a business relationship or undisclosed transactions, we shall understand and, as appropriate, obtain information from the customer regarding the purpose and intended nature of the business relationship or transaction.


Reviewing Transactions Conducted Without Opening an Account

If we conduct one or more transactions for a customer without opening an account (current transaction), we shall review previous transactions conducted by that customer to ensure that the current transaction is consistent with our knowledge of the customer, their business and risk profile, and the source of funds.

When a customer establishes a business relationship with us, as a payment service provider, all transactions should be reviewed prior to establishing the business relationship to ensure that the business relationship is consistent with our knowledge of the customer, their business and risk profile, and the source of funds.

We will pay special attention to all complex, unusually large, or unusual patterns of transactions that do not have an open account and have no apparent economic purpose. We will investigate the background and purpose of the aforementioned transactions to the extent possible and record the findings so that this information can be provided to the relevant authorities when required.

In order to review transactions conducted without opening an account, we will establish and implement appropriate systems and processes commensurate with the size and complexity of the payment service provider, so as to:

Monitor transactions conducted by customers without opening an account; and

Detect and report suspicious, complex, unusually large, or unusual transaction patterns conducted in the absence of an account.

If there are reasonable grounds to suspect that a transaction conducted by a customer without opening an account is related to money laundering or terrorist financing, and we deem it appropriate to carry out the transaction, the payment service provider shall substantiate and record the reasons for carrying out the transaction.


Ongoing Monitoring

We will monitor our business relationships with customers on an ongoing basis. In the course of our business relationship with a customer, we will observe the operation of the customer''s account and review transactions throughout the business relationship to ensure that the transactions are consistent with our knowledge of the customer, their business and risk profile, and, where appropriate, the source of funds.

If a transaction involves transferring cryptocurrency to or receiving cryptocurrency from the following entities, we will execute our risk mitigation measures: financial institutions, or financial institutions that comply with FATF-compliant AML/CFT requirements and are subject to supervision.

We will pay special attention to all complex, unusually large, or unusual transaction patterns carried out throughout the business relationship that have no apparent economic or lawful purpose. We will investigate the background and purpose of the aforementioned transactions to the extent possible and record the findings so that this information can be provided to the relevant authorities when required.

For the purpose of ongoing monitoring, we will establish and implement appropriate systems and processes commensurate with the size and complexity of the payment service provider, so as to:

Monitor its business relationships with customers; and

Detect and report suspicious, complex, unusually large, or unusual transaction patterns carried out throughout the business relationship.

We will ensure that the CDD data, documents, and information obtained regarding customers, natural persons appointed to act on behalf of customers, connected parties of customers, and beneficial owners of customers remain relevant and are kept up to date by reviewing existing CDD data, documents, and information, particularly for higher-risk categories of customers.

If there are any reasonable grounds to suspect that an existing business relationship with a customer is related to money laundering or terrorist financing, and we deem it appropriate to retain the customer:

We will substantiate and record the reasons for retaining the customer; and

Corresponding risk mitigation measures, including enhanced ongoing monitoring, shall be applied to the customer''s business relationship with us.

When we assess that a customer or a business relationship with a customer carries a higher risk, the payment service provider shall adopt enhanced CDD measures, which include obtaining approval from our senior management to retain the customer.


CDD Measures for Non-Face-to-Face Business Relationships or Non-Face-to-Face Transactions

We will develop policies and procedures to address any specific risks associated with non-face-to-face business relationships with customers or non-face-to-face transactions conducted without opening an account for a customer (non-face-to-face business contact).

We will execute policies and procedures when establishing business relationships with customers and conducting ongoing due diligence. In the absence of face-to-face contact, payment service providers shall execute CDD measures that are at least as stringent as those required when face-to-face contact is present.

When a payment service provider establishes initial non-face-to-face business contact, the payment service provider shall, at its own expense, engage an external auditor or an independent qualified consultant to assess the effectiveness of the policies and procedures, including the effectiveness of any technological solutions used to manage impersonation risks.

We will appoint an external auditor or an independent qualified consultant to assess the new policies and procedures and submit the assessment report to the Authority within one year after the implementation of the changes to the policies and procedures.

Reliance on Measures Already Executed upon Acquisition of a Payment Service Provider

When we (the acquiring payment service provider) acquire the business of another payment service provider in whole or in part, we will execute measures on customers acquired through that business at the time of acquisition, unless the acquiring payment service provider:

Simultaneously obtains all corresponding customer records (including CDD information) and has no doubts or concerns regarding the accuracy or adequacy of the obtained information; and

Conducts due diligence, raises no questions regarding the adequacy of the AML/CFT measures executed by the acquired payment service provider with respect to the business or part of the business now being acquired, and records such a process.

Measures for Non-Account Holders

If we conduct a transaction for any customer who has no other business relationship with us, we will:

Execute CDD measures as if the customer had applied to establish a business relationship with the payment service provider; and

Record sufficient details of the relevant transaction to enable the reconstruction of the transaction, including the nature and date of the transaction, the type and amount of currency involved, the value date, and the details of the payee or beneficiary.


Timing of Verification

We will complete the verification of the identity of the customer, the natural person appointed to act on behalf of the customer, and the beneficial owner of the customer before the occurrence of the following circumstances:

The payment service provider establishes a business relationship with the customer;

The payment service provider conducts any transaction for the customer in the event that the customer has not established a business relationship with the payment service provider;

Or the payment service provider carries out or receives a digital payment token for the customer through a value transfer, where the customer has not yet established a business relationship with the payment service provider.

Our provider may establish a business relationship with a customer before completing the verification of the identity of the customer, the natural person appointed to act on behalf of the customer, and the beneficial owner of the customer under the following circumstances:

Deferring the completion of verification is essential so as not to interrupt the normal conduct of business operations; and

The risks of money laundering and terrorist financing can be effectively managed through the payment services.

If we establish a business relationship with a customer before verifying the identity of the customer, the natural person appointed to act on behalf of the customer, and the beneficial owner of the customer, we shall take the following measures:

Formulate and implement internal risk management policies and procedures that specify the conditions under which such a business relationship may be established prior to identity verification.

Complete identity verification as soon as reasonably practicable.

If Measures Are Not Completed

If we are unable to complete the measures as required, we will not establish or continue a business relationship with any customer, or execute any transaction for any customer.

If we are unable to complete these measures, the payment service provider shall consider whether the circumstances are suspicious and whether it is necessary to submit a Suspicious Transaction Report.

Completion of measures means that the payment service provider has obtained, screened, and verified (including deferred verification) all necessary customer identification information, and the payment service provider has received satisfactory responses to all inquiries related to such necessary customer identification information.

Joint Accounts

For joint accounts, we will treat each and every one of the joint account holders as an individual customer of the payment service provider and apply customer due diligence measures to them.


Screening

We shall screen customers, natural persons appointed to act on behalf of customers, connected parties of customers, and beneficial owners of customers against information sources regarding money laundering and terrorist financing, as well as lists and information provided by regulatory authorities to determine whether the customer poses any risk of money laundering or terrorist financing.

We will conduct screening for the following situations and the following persons:

When we establish a business relationship with a customer (or as soon as reasonably practicable after the business relationship is established).

Before we execute any transaction for a customer who has not established a business relationship with the payment service provider.

Before we facilitate or receive digital assets through a value transfer for a customer who has not established any other business relationship with us.

Periodically after we establish a business relationship with a customer; and

When there are any changes or updates to the following:

Lists and information provided by regulatory authorities to the payment service provider; or

Natural persons appointed to act on behalf of the customer, their connected parties, or beneficial owners.

We will screen all value transfer originators and value transfer beneficiaries against lists and information provided by regulatory authorities to determine whether there is a risk of money laundering or terrorist financing, and record the results of all screenings.

E. Our Approach to Enhanced Customer Due Diligence

Politically Exposed Persons (PEPs)

We shall use all reasonable means to determine whether a customer, any natural person appointed to act on behalf of the customer, any connected party of the customer, or any beneficial owner of the customer, or their family members or close associates, is a Politically Exposed Person (PEP).

If a customer, or any beneficial owner of the customer, or their family members or close associates, is determined by us to be a Politically Exposed Person, we shall execute at least the following enhanced due diligence measures in addition to regular customer due diligence measures:

Obtain approval from senior management regarding establishing and continuing the business relationship with the customer.

Establish the source of wealth and source of funds of the customer and any of their beneficial owners through reasonable means.

Enhance the supervision of our business relationship with the customer during its duration. For any transactions that appear unusual, we will raise the monitoring level and upgrade the positioning of the monitoring nature.


High-Risk Categories

We recognize that circumstances where customers pose or may pose a higher risk of money laundering or terrorist financing include, but are not limited to, the following situations:

If a customer or any beneficial owner of the customer is from or located in a country or jurisdiction for which the Financial Action Task Force (FATF) requires measures to counter money laundering and terrorist financing, the payment service provider shall treat any business relationship or transaction with any such customer as posing a higher risk of money laundering or terrorist financing.

If a customer or any beneficial owner of the customer is from or located in a country or jurisdiction identified by the payment service provider itself, or notified to the payment service provider by regulatory authorities or other foreign regulatory authorities, as having inadequate measures to counter money laundering and terrorist financing, the payment service provider shall assess whether any such customer poses a higher risk of money laundering or terrorism.

We shall adopt enhanced customer due diligence measures for customers who pose a higher risk of money laundering or terrorist financing, or for any customer notified to us by regulatory authorities as posing a higher risk of money laundering and terrorist financing.

F. Treatment of Bearer Negotiable Instruments and Cash Payment Restrictions

We will not make any payments in the form of bearer negotiable instruments.

We will not pay any amount of cash in the conduct of our business.

G. Value Transfer Approach (To be implemented when required)

If we are the originating institution, we shall, prior to executing a value transfer:

Identify the originator and take reasonable measures to verify their identity (if this measure has not been previously taken).

Fully record the details of the value transfer, including but not limited to the date of the value transfer, the type and value of the digital assets transferred, and the value date.

Include in the memorandum or payment instructions attached to or associated with the value transfer: the originator''s name, the originator''s account number (or a unique transaction reference number, if applicable), the beneficiary''s name, and the beneficiary''s account number (or a unique transaction reference number, if applicable).

Value Transfers Exceeding Specific Thresholds

If we are the originating institution, for value transfers exceeding specific thresholds, we shall identify and verify the identity of the originator, including the memorandum or payment instructions attached to or associated with the value transfer, along with the following:

The originator''s residential address; or the originator''s registered address or place of business (if the address is different, the principal place of business shall also be indicated).

The originator''s unique identification number; or the originator''s date and place of birth, and the registration or record of the value transfer.

We shall immediately submit all information of the value transfer originator and value transfer beneficiary to the beneficiary institution in a secure manner and record all such information. If we, as the originating institution, cannot satisfy the requirements, we will not execute the value transfer.

As the beneficiary institution: We shall take reasonable measures to identify value transfers that lack the necessary information of the value transfer originator or value transfer beneficiary institution. If we, as the beneficiary institution, pay the value of the transferred digital assets to the value transfer beneficiary in cash or cash equivalents, we shall identify and verify the identity of the value transfer beneficiary (if their identity has not been previously verified). Prior to executing a value transfer, we shall always review circumstances where information on the value transfer originator or value transfer beneficiary is missing and record our follow-up measures.

As an intermediary institution: We will retain all information related to value transfers. If we, as an intermediary institution, execute a value transfer to another intermediary institution or beneficiary institution, we shall immediately provide the information attached to the value transfer to that other intermediary institution or beneficiary institution in a secure manner. If we are the intermediary institution receiving the value transfer, we shall preserve all information received from the originating institution or another intermediary institution for at least five years. We shall take reasonable measures to identify value transfers during straight-through processing that lack necessary originator or beneficiary information.

H. Record Keeping

We will retain appropriate records for at least 5 years as required.

I. Personal Data

We will protect customers'' personal data in the prescribed manner.

J. Suspicious Transaction Report (STR)

We will notify the relevant authorities and submit suspicious transaction reports in accordance with the law. We will also preserve all records and transactions related to all such transactions and suspicious transaction reports.

K. Our Compliance, Audit, and Training Policies

Among other measures, we will appoint an AML/CFT compliance officer within management, maintain an independent audit capability, and take active steps to regularly train staff in AML/CFT.

Conducting Enterprise-Wide Money Laundering/Terrorist Financing Risk Assessments

We will conduct enterprise-wide money laundering/terrorist financing risk assessments in three phases:

Phase 1: Inherent Risk Assessment We will assess the following relevant inherent risks:

Customers or entities: We shall assess the customers and/or entities we deal with.

Products or services: We shall note the parties to whom cryptocurrency over-the-counter (OTC) trading services are provided.

Regional scale: We must not deal with customers on designated lists of individuals and entities.

Phase 2: Assessment of Risk Control Measures We will assess risk control measures related to the aforementioned circumstances. We will monitor and conduct enhanced due diligence on any and/or all customers we deem suspicious.

Phase 3: Residual Risk Assessment We will assess residual risks after assessing risk c