1. Purpose & Scope

This Anti-Money Laundering and Know Your Customer Policy (the "AML/KYC Policy") is issued by Bravex LLC ("Bravex," "we," "us," or "our") and applies to all access to or use of the Bravex website, mobile applications, software, and related products and services (collectively, the "Services").

Bravex's role is limited to:

• Providing software infrastructure that connects Users to Partners
• Screening Users against sanctions lists before granting access to the Bravex interface
• Monitoring for suspicious activity within the Bravex-controlled interface (not on-chain or Partner systems)
• Reporting suspicious activity related to Bravex's own systems to relevant authorities

Regulatory Basis for Bravex (as non-custodial technology provider):

• Bravex is not a money transmitter under FinCEN guidance (FIN-2019-G001, FIN-2013-G001)
• Bravex relies on Partners to perform BSA/AML obligations for financial services
• Bravex maintains its own AML program for access control and sanctions screening

Regulatory Basis for Partners:

Each Partner (e.g., Owlting) is independently responsible for its own BSA/AML compliance, including:

• Customer Identification Program (CIP)
• Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD)
• Suspicious Activity Reporting (SAR)
• OFAC sanctions screening for financial transactions
• Recordkeeping under 31 CFR § 1010.410

This Policy governs access to the Bravex interface and software. Users must also comply with Partner AML/KYC requirements.

2. Bravex's Limited AML Role (Non-Custodial)

Because Bravex does not custody funds or perform financial services, its AML/KYC obligations are limited to:

What Bravex does NOT do (by design):

• Does not screen individual blockchain transactions (Partners or blockchain analytics providers may do this)
• Does not hold or monitor user funds
• Does not perform CIP for financial transactions (Partners do this)
• Does not file SAR on Partner transactions (Partners file their own)

3. Partner AML/KYC Obligations (Owlting and Others)

Users acknowledge and agree that when using Partner services (e.g., wallet creation, bank transfers, card deposits via Owlting), they are subject to Partner Terms, including Partner AML/KYC requirements.

Current Partners and Their AML Roles (illustrative, not exhaustive):

Bravex may add, remove, or replace Partners at any time. Users must review each Partner's AML/KYC policies separately.

Data Sharing Consent: Under Section 6.6 of the Bravex Terms of Service, Users authorize Bravex to share with Partners the information reasonably necessary to provision or complete a transaction (e.g., wallet addresses, order parameters, routing selections, limited identity/device signals). Personal data handled by Partners is subject to the Partner's privacy notice and AML policies.

4. Bravex's Customer Identification Program (CIP) – For Access Control

Bravex maintains a limited CIP solely to verify the identity of Users accessing the Bravex interface.

4.1 Required Information – Individuals (for Bravex access):

• Full legal name
• Email address
• Phone number
• Date of birth (to verify age ≥18)
• Government-issued ID (for high-risk access or certain features)
• Selfie/liveness verification (for high-risk access or certain features)

4.2 Required Information – Legal Entities (for Bravex access):

• Legal entity name and jurisdiction
• Authorized signatory (individual, with individual KYC)
• Entity documentation (articles, trust instrument, DAO charter)

4.3 Verification Procedures for Bravex Access:

Bravex uses third-party identity verification providers (e.g., Persona, Sumsub) to verify government-issued ID authenticity, perform liveness detection, and screen against watchlists.

4.4 What Bravex CIP does NOT cover:

Bravex does NOT perform the full CIP required for financial transactions. That is the responsibility of Partners like Owlting. Users must complete Partner CIP separately.

4.5 Record Retention (Bravex): Bravex retains its own CIP records for five (5) years after account closure, as required by 31 CFR § 1010.410(e).

5. Customer Due Diligence (CDD) & Enhanced Due Diligence (EDD)

EDD Triggers for Bravex Access (Independent of Partners):

Bravex may require EDD (additional documentation, source of funds, source of wealth) for Users who:

• Attempt to access from high-risk jurisdictions (see Section 8)
• Trigger sanctions alerts
• Engage in prohibited conduct under Section 8 of Terms of Service
• Are referred by law enforcement or regulatory inquiry

EDD does NOT apply to financial transactions (Partner responsibility). Bravex EDD is limited to access control.

6. Sanctions & Watchlist Screening (Bravex's Role)

6.1 Bravex Screens:

• All Users at onboarding (against OFAC SDN, SSI, Non-SDN, UN, EU, UK HMT, FinCEN 311)
• All Users at each login (real-time)
• All referral program participants (Referrers and Referred Users)
• All email addresses and IP addresses associated with accounts

6.2 Bravex Does NOT Screen (Partners screen these):

• Individual blockchain transactions (Partners or blockchain analytics providers may screen)
• Counterparty wallet addresses (User responsibility under Section 4 of Terms)
• On-chain smart contract interactions (User responsibility)

6.3 Prohibited Jurisdictions (Bravex Access):

Users located in, resident of, or nationals of the following jurisdictions are prohibited from accessing Bravex Services:

• Cuba
• Iran
• North Korea
• Syria
• Russia (Crimea, Donetsk, Luhansk regions — and subject to escalating OFAC restrictions)
• Any other jurisdiction subject to comprehensive U.S. sanctions

7. Transaction Monitoring – Bravex vs. Partners

Bravex monitors (within its own systems):

• Login attempts and patterns
• Account information changes
• Referral program abuse
• Prohibited conduct under Section 8 of Terms of Service
• Attempts to circumvent geographic restrictions

Bravex does NOT monitor:

• On-chain transactions (blockchain is public; Users are responsible)
• Partner transactions (Partners monitor their own systems)
• Aave Protocol interactions (DeFi; User assumes all risk)

Partners (e.g., Owlting) monitor their own financial transactions for AML purposes, including:

• Structuring
• Rapid turnover
• High-risk counterparties
• Suspicious fiat/crypto flows

8. Suspicious Activity Reporting (SAR) – Bravex's Limited Role

Bravex may file a SAR with FinCEN if Bravex detects suspicious activity within its own systems, including:

• Known or attempted use of Bravex by a sanctioned person
• Attempts to circumvent Bravex's access controls or geographic restrictions
• Fraudulent referral program activity
• Identity theft or account takeover attempts on Bravex's systems

Bravex does NOT file SAR on:

• Partner financial transactions (Partners file their own SARs)
• On-chain activity (Bravex cannot control or reverse blockchain transactions)
• DeFi protocol interactions (no central party to file SAR)

SAR Confidentiality: Bravex complies with 31 CFR § 1010.540 — no User or third party shall be notified that a SAR has been filed.

9. Prohibited Conduct (AML-Specific) – Bravex Access

In addition to Section 8 of the Bravex Terms of Service, the following is strictly prohibited when accessing or using the Bravex interface:

• Providing false identity information to Bravex
• Sharing Bravex account credentials
• Using VPN/proxy to circumvent geographic restrictions
• Using Bravex to access Partners while evading Partner AML/KYC
• Any transaction (even on-chain) that is incentivized or routed through Bravex for illegal purposes

10. Geographic Restrictions & VPN Enforcement

Bravex enforces geographic restrictions at the interface level using:

• IP geolocation (MaxMind or equivalent)
• Device fingerprinting
• Behavioral analytics
• Manual review by Compliance

If Bravex detects VPN/proxy/Tor usage: Access is blocked. Repeated attempts result in permanent ban and may be reported to Partners.

11. Recordkeeping (Bravex vs. Partners)

12. Reporting to Law Enforcement & Regulators

Bravex cooperates with lawful requests from FinCEN, OFAC, FBI, HSI, IRS CI, and state regulators for matters related to Bravex's systems (access control, sanctions screening, interface abuse).

Partners cooperate with regulators for matters related to their financial services.

User Notice: Bravex may provide User information to law enforcement without advance notice in response to subpoenas, warrants, national security letters, or FinCEN 314(a) requests.

13. AML Compliance Officer & Program Governance

Bravex appoints a Chief AML Compliance Officer (AMLCO) responsible for:

• Overseeing Bravex's limited AML program (access control, sanctions screening, interface monitoring)
• Filing SAR related to Bravex's systems
• Coordinating with Partners on shared User data (as permitted under Section 6.6 of Terms)
• Ensuring Bravex does not inadvertently act as a money transmitter
• Maintaining Bravex's independent AML policies

The AMLCO does NOT oversee Partner AML programs. Partners are independently responsible for their own compliance.

14. Training Program (Bravex Personnel)

All Bravex employees, contractors, and agents receive training on:

• Bravex's non-custodial, technology-only business model
• The distinction between Bravex's AML role and Partner AML roles
• Sanctions screening requirements
• Prohibited conduct detection
• SAR confidentiality

Training records retained for five (5) years.

15. Independent Testing

Every 12–18 months, Bravex engages an independent third party to audit Bravex's limited AML program, including:

• Access control effectiveness
• Sanctions screening accuracy
• Geographic restriction enforcement
• Prohibited conduct detection
• Recordkeeping compliance

Partner AML programs are not audited by Bravex. Users must rely on Partner audits.

16. Non-U.S. User Considerations

Bravex applies U.S. AML/CFT standards to access control. However:

• Bravex does not provide legal opinions on whether Users may use Bravex from their jurisdiction
• Users are solely responsible for compliance with local laws (Section 7.4 of Terms)
• Partners may have their own jurisdictional restrictions

17. Consequences of Non-Compliance

If Bravex determines a User has violated this AML/KYC Policy:

• Immediate suspension of Bravex access
• Investigation by Bravex Compliance (72 hours)
• Permanent termination of Bravex account
• SAR filing (if related to Bravex's systems)
• Referral to law enforcement (where criminal conduct suspected)
• Notification to Partners (where permitted)

Bravex is not liable for losses resulting from suspension or termination.

18. Contact & Reporting

19. Amendment to This Policy

Bravex may amend this AML/KYC Policy at any time. Material changes will be notified 30 days in advance via email or in-app notice. Continued use of Bravex Services after the effective date constitutes acceptance.

20. Relationship to Partner AML Policies

This AML/KYC Policy governs access to the Bravex interface only.

Users must also comply with each Partner's independent AML/KYC policies. Bravex is not responsible for Partner compliance or Partner decisions to approve/deny services.

If there is a conflict between this Policy and a Partner AML policy: The Partner's policy governs Partner services. This Policy governs Bravex access.