Spondula is committed to preventing the use of its platform for money laundering, terrorist financing, sanctions evasion, and other financial crimes. This policy outlines the identity verification, screening, monitoring, and reporting procedures we apply to meet our regulatory obligations and those of the Operators we partner with in each corridor.

1. Why We Verify Identity

Know Your Customer (KYC), Know Your Business (KYB), and Anti-Money Laundering (AML) obligations require us and our Operators to identify users, understand their risk profile, screen them against sanctions lists, and monitor their transactions. Doing so:

• Prevents fraud, identity theft, and account takeover.
• Detects and reports suspicious transactions.
• Helps us comply with UK Money Laundering Regulations 2017 (as amended), EU AMLD, FATF recommendations, and UN / OFSI / OFAC sanctions regimes.
• Protects the Spondula community, Operators, and the integrity of the Spondula Chain.

2. Verification Tiers

Access to the Spondula wallet is tiered. Features and limits unlock as you complete higher levels of verification. Specific caps are published in-app and may vary by corridor, Operator availability, and risk score.

2.1 Anonymous (view-only)

• No KYC, just email and age-gate at onboarding.
• You can explore the app, view rates, and read educational content.
• Inbound and outbound transfers, exchange, and cash-in / cash-out are disabled.

2.2 Light KYC

• Name, date of birth, residential address, and selfie with liveness check.
• Sanctions-list screening.
• Unlocks small daily transfer, exchange, and spend limits suitable for everyday use.

2.3 Full KYC

• Government-issued photo ID (passport, driving licence, or national ID card).
• Proof of address (utility bill, bank statement, or government letter dated within the last 3 months).
• Live selfie matched against the ID photo.
• PEP and adverse-media screening.
• Unlocks substantially higher daily and monthly limits, card pay-ins, bank pay-outs, and full use of the S-Asset exchange.

2.4 Business KYC (KYB)

• Certificate of incorporation, memorandum and articles, and registered address.
• Beneficial-ownership structure for anyone holding 25% or more of the business.
• Director ID and address verification.
• Source of funds / source of wealth declarations where relevant.
• Required for merchant accounts using the Payment Gateway (invoices, POS, hosted checkout, plugins) and for payroll use cases.

2.5 Operator KYB (Regional and Local)

• Full KYB on the operating entity and enhanced due diligence on directors and beneficial owners.
• Proof of licence or registration in the Operator's jurisdiction where required.
• Source of funds for float, banking relationships, and AML programme attestation.
• Signed Operator Agreement and ongoing performance monitoring. Operators are not agents of Spondula; they are independently responsible for compliance with local law.

3. Verification Process

1. You submit your documents through the in-app KYC flow.
2. Documents are securely uploaded to encrypted Firebase Storage in europe-west2 (London), accessible only to admin personnel with a documented review need.
3. Automated checks run (face match, active liveness, sanctions screening). Where additional layers are in use (document-fraud detection, PEP / adverse-media screening), those checks run too.
4. A human reviewer on our compliance team confirms the result, using the side-by-side review tool in the admin panel.
5. You are notified of the outcome — approved, or rejected with a reason and the option to resubmit.

We aim to complete standard reviews within 24 hours. Enhanced due diligence, KYB, and Operator onboarding may take longer.

4. Automated KYC Layer

Our verification pipeline uses a hybrid of in-house and paid third-party tooling:

• Face matching between selfie and ID photo, based on face-embedding similarity.
• Active liveness detection using real-time face-landmark challenges (e.g. turn head, blink) during selfie capture.
• Sanctions screening against OFAC SDN, EU consolidated, UN Security Council, and UK OFSI lists, with fuzzy-name matching to catch near-miss spellings.
• Document OCR to extract name, DOB, expiry, and document number.
• Document-fraud detection via third-party providers covering template matching, photoshop detection, and security-feature checks across major document types.
• PEP and adverse-media screening via a specialist data provider.

Automated scores are advisory. A compliance officer makes the final decision on borderline cases.

5. Sanctions Screening

We screen users, beneficial owners, and payment counterparties against UK OFSI, EU, UN, and US OFAC sanctions lists at onboarding and on an ongoing basis. Users who match a designated name will be denied service. We do not provide services to residents of comprehensively sanctioned jurisdictions.

6. Politically Exposed Persons (PEPs)

Enhanced due diligence is applied to users identified as Politically Exposed Persons, their family members, and close associates, in accordance with UK and EU AML rules. EDD includes additional source-of-funds evidence, senior-management sign-off, and more frequent review.

7. Transaction Monitoring

We monitor on-chain and gateway activity for patterns that may indicate suspicious activity, including:

• Unusually large or frequent transactions relative to the user's profile.
• Rapid movement of funds through multiple wallets or Operators (layering).
• Structuring transactions just below reporting thresholds (smurfing).
• Inconsistent geographies between sign-in location, cash-in location, and declared residence.
• Transactions involving wallets or counterparties flagged in our internal risk register.

Suspicious activity is reported to the relevant Financial Intelligence Unit (in the UK, the National Crime Agency via a Suspicious Activity Report) in accordance with law. We are generally prohibited from notifying the user that a report has been made (“tipping-off”).

8. Travel Rule and Cross-Border Transfers

Where required by law or by a counterparty virtual-asset service provider, Spondula may exchange limited originator and beneficiary information (name, wallet address, verification status) under applicable Travel Rule regimes (FATF Recommendation 16 and its UK / EU implementations). We share only the minimum information required to satisfy the rule.

9. Document Handling and Retention

• KYC / KYB documents are stored in an encrypted, access-restricted Firebase Storage bucket in europe-west2 (London).
• Only compliance personnel involved in the review have access; access is audited.
• Documents, verification decisions, and supporting evidence are retained for at least five (5) years after your last transaction or account closure, as required by UK Money Laundering Regulations.
• Selfie images are used solely for identity matching and liveness assessment and are not shared with third parties except KYC automation providers performing that specific check.

10. Ongoing Monitoring and Re-verification

We may re-verify your identity periodically, when your risk score changes, when your documents expire, or when we detect activity inconsistent with your existing profile. Failure to complete re-verification within the requested timeframe may result in feature restriction or account suspension.

11. Your Obligations

• Provide accurate, genuine, and up-to-date documents for verification.
• Notify us if your name, nationality, residential address, or PEP status changes.
• Do not use another person's identity or documents.
• Do not fund your account from a third-party source whose name does not match your verified Spondula name.
• Do not attempt to circumvent verification requirements, tier caps, or transaction monitoring.

Providing false or fraudulent documents is a criminal offence and will result in immediate account termination, potential referral to law enforcement, and blocking of any associated wallet addresses from future Spondula services.

12. Contact

For questions about our KYC and AML procedures, or to submit additional documentation for a case in review, contact compliance@spondula.com.