API DocsIntegration GuideMerchant LoginCompliance
LoginApply Now

AML Policy

Last updated: June 12, 2026

1. Purpose and commitment

AssetPay, an AssetRails company, is committed to preventing its services from being used for money laundering (ML), terrorist financing (TF), fraud, or sanctions evasion. This policy summarises the controls we apply across our card and cryptocurrency payment services. It applies to all employees, contractors, and merchants, and is supported by detailed internal procedures.

2. Regulatory framework

Our programme is designed around applicable anti-money-laundering and counter-terrorist-financing legislation in the jurisdictions where we operate, the recommendations of the Financial Action Task Force (FATF), card scheme rules, and the requirements of our banking and acquiring partners. Where rules differ between jurisdictions, we apply the stricter standard.

3. Governance

  • A designated Money Laundering Reporting Officer (MLRO) owns this policy, with direct access to senior management.
  • The compliance function operates independently of sales and is empowered to decline or exit any relationship.
  • This policy is reviewed at least annually and after material regulatory or product changes.

4. Customer due diligence (KYB)

Every merchant completes Know-Your-Business verification before activation. As a minimum we:

  • Verify the legal entity — name, registration number, registered address, and corporate documents.
  • Identify and verify directors and ultimate beneficial owners (generally those holding 25% or more).
  • Screen the entity and all connected persons against sanctions lists, PEP lists, and adverse media.
  • Understand the nature of the business: products sold, target markets, licensing, expected volumes, and payment patterns.
  • Review the merchant's website for consistency with the declared business model.

Accounts are not activated until verification is complete. We re-verify on a risk-based cycle and whenever ownership or business model changes.

5. Risk-based approach and enhanced due diligence

Each merchant receives a risk rating based on vertical, geography, ownership structure, volumes, and payment mix. Enhanced due diligence (EDD) applies to higher-risk relationships — including regulated verticals such as gambling, forex/CFD, and tobacco, complex ownership structures, and exposure to higher-risk jurisdictions. EDD may include licence verification, source-of-funds and source-of-wealth checks, site visits, senior management approval, and tighter monitoring thresholds. We do not onboard merchants from comprehensively sanctioned jurisdictions or those on our prohibited list (see our Terms of Service).

6. Transaction monitoring

  • Automated monitoring of transaction patterns: velocity, ticket size, geographic spread, refund and chargeback ratios, and deviations from the declared business profile.
  • Alerts are investigated by the compliance team; outcomes are documented and may lead to information requests, settlement holds, reserves, or termination.
  • Refunds may only be returned to the original payer — never to third parties — to prevent the refund mechanism being abused for laundering.

7. Crypto-specific controls

  • We accept only whitelisted token contracts — official USDT and USDC — on supported networks (TRON, Base, Polygon). Transfers from any other contract are rejected automatically.
  • Deposit addresses are unique per payment, enabling precise attribution of every incoming transfer.
  • Incoming and outgoing wallet exposure may be screened with blockchain analytics for links to sanctioned addresses, mixers, darknet markets, stolen funds, and other illicit sources; flagged funds can be frozen pending review.
  • Where applicable, we comply with the FATF "travel rule" through our partners for qualifying transfers.

8. Sanctions compliance

We screen merchants, connected persons, and — where applicable — transactions against relevant sanctions regimes (including UN, EU, UK OFSI, and US OFAC lists) at onboarding and on an ongoing basis as lists are updated. Confirmed matches are blocked, funds are frozen where required, and reports are made to the competent authorities.

9. Reporting suspicious activity

Employees must escalate suspicions to the MLRO immediately. Where grounds exist, the MLRO files a suspicious activity report with the relevant financial intelligence unit. It is a criminal offence to "tip off" a customer that a report has been or may be made; we never disclose the existence of an investigation or report.

10. Record keeping

KYB files, screening results, transaction records, monitoring alerts, and investigation notes are retained for at least five years after the end of the business relationship (or longer where required by law), and are available to regulators and partners on lawful request.

11. Training

All staff receive AML/CTF training at onboarding and at least annually, with role-specific training for compliance, support, and engineering teams that handle payment flows or sanctions controls.

12. Audit and review

The programme is subject to periodic independent review. Findings are tracked to remediation and reported to senior management.

13. Merchant obligations

Merchants must cooperate with information requests, keep their KYB information current, use the services only for the disclosed business, and must not split, disguise, or process transactions on behalf of third parties. Failure to cooperate is grounds for suspension or termination under our Terms of Service.

14. Contact

Questions about this policy, or to reach our compliance team: compliance@assetpay.io.