This Anti-Money Laundering (AML) Policy outlines ESHE Pay's commitment to preventing money laundering, terrorist financing, and other illicit financial activities in accordance with applicable laws, including the Bank Secrecy Act (BSA), USA PATRIOT Act, FATF recommendations, and global AML standards. This policy applies to all employees, contractors, partners, and third-party solution providers involved in providing: 

• Domestic and cross-border payments 

• Fiat-to-fiat currency transfers using providers like Blockwyre and Checkbook.io 

• Cryptocurrency on/off ramp transactions via Alchemy Pay 

• ACH (Automated Clearing House) payments through Checkbook.io 

• RTP (Real-Time Payments) and FedNow 

• Push-to-Debit transactions 

• Virtual card issuance and use

ESHE Pay adheres to applicable AML regulations including: 

• United States: Bank Secrecy Act (BSA), USA PATRIOT Act, FinCEN Guidelines 

• Global: FATF Recommendations, EU 6AMLD (as applicable), UN Sanctions 

• Payment Network Rules: Visa, Mastercard, NACHA, FedNow Operating Rules

• AML Compliance Officer: Responsible for designing, implementing, and updating the AML program. 

• Board Oversight: The Board of Directors (or Executive Team) is ultimately responsible for approving the AML policy and reviewing risk reports. 

• Third-Party Oversight: Vendors, processors, and crypto providers (e.g., Blockwyre, Checkbook.io, Alchemy Pay) are subject to due diligence and contractual AML obligations.

A comprehensive risk assessment is conducted regularly to assess the exposure of our services to money laundering and terrorist financing risks. Risk factors include: 

• Customer profile and occupation 

• Geography (e.g., high-risk countries, sanctions exposure) 

• Product/channel type (crypto, virtual cards, cross-border) 

• Transaction patterns and volumes Enhanced controls are implemented for high-risk customers and transactions.

5.1 Know Your Customer (KYC) 

• Identity Verification using government-issued ID, selfie/liveness check, and proof of address 

• Cross-checks against OFAC, PEP, and other global watchlists 

• Document and biometric verification through authorized KYC vendors such as Sumsub.com 

5.2 Enhanced Due Diligence (EDD) Required for: 

• Politically Exposed Persons (PEPs) 

• High-risk jurisdictions 

• Large or complex crypto transactions 

• Business customers with opaque ownership structures 

Sumsub.com is engaged as the primary third-party provider for KYC/KYB onboarding and AML screening. Sumsub performs: 

• Identity verification and liveness detection 

• Screening of customers against global watchlists and sanctions databases 

• Risk scoring and real-time transaction behavior analysis 

• Ongoing monitoring and alerting for high-risk or suspicious activities 

Sumsub's proprietary risk engine, compliance tools, and audit trails enable ESHE Pay to maintain a scalable, automated, and regulatory-compliant AML framework.

• All transactions are monitored using automated systems, including third-party vendor Sumsub.com and partner platforms. 

• Sumsub provides continuous AML risk analysis, behavior tracking, and red flag identification. 

• Transaction data is screened in real-time or near real-time for anomalous patterns. 

• Alerts are escalated to the AML Compliance Officer for review and disposition.

• SARs are filed with FinCEN (or applicable authority) within 30 calendar days of identifying suspicious activity. 

• All SAR filings are documented and retained securely. 

• Employees are prohibited from disclosing SAR filings (tipping off).

• Customers and transactions are screened against OFAC, EU, UN, and other relevant sanctions lists using solutions such as Sumsub.com. 

• Screening is conducted: 

• At onboarding 
• On an ongoing basis 
• Prior to executing high-risk transactions 

Sumsub’s watchlist management is updated daily and includes global enforcement and regulatory bodies.

• CDD and KYC records are retained for minimum 5 years. 

• SAR reports and associated documentation are retained for minimum 5 years. 

• Transaction logs and monitoring reports are retained as per applicable laws. 

Sumsub ensures compliant recordkeeping of KYC/AML verification and audit logs via secure, encrypted cloud storage accessible by authorized compliance personnel.

• Mandatory AML training for all employees upon hiring and annually thereafter. 

• Specialized training for compliance staff, product managers, and customer service teams.

• External or internal audits of the AML program are conducted at least annually. 

• Audit findings are reported to the Board and remediation is tracked. 

• Sumsub’s platform audit logs and compliance reports are used to support AML audits.

• This AML policy is reviewed at least annually and updated as required. 

• Revisions are approved by the AML Compliance Officer and Executive Management.

Include definitions of key terms (e.g., Money Laundering, CDD, SAR, PEP), examples of suspicious activity patterns, and escalation protocols. 

Contact for Questions: [email protected]