This document explains how Ronin EM Ltd ("Ronin", "we", "us", "our") applies Anti-Money Laundering (AML) and Know Your Customer (KYC) regulatory requirements when you use our services.

As a Crypto-Asset Service Provider (CASP) regulated by the Cyprus Securities and Exchange Commission ("CySEC") under the EU Markets in Crypto-Assets Regulation ("MICAR"), we are obligated to prevent our platform from being used for illegal activities, including money laundering and terrorist financing.

This Policy outlines our commitment to complying with all applicable AML/KYC laws and regulations in the Republic of Cyprus and the European Union.

We collect and verify personal information as part of our Client Due Diligence ("CDD") process to confirm your identity and the legality of your funds. This is a mandatory requirement that serves to:

• Prevent identity theft, fraud, and financial crime.
• Identify and manage potential risks associated with our clients and their activities.
• Comply with local and international anti-money laundering and counter-terrorist financing (AML/CTF) laws.
• Protect the integrity of our platform and the wider financial system.

For individual clients, the information we typically collect includes:

• **Identification Data:** Full legal name, date of birth, nationality, and gender.
• **Contact Data:** Residential address, email address, and telephone number.
• **Documentary Proof:** Copies of government-issued identification (e.g., passport, ID card) and proof of address (e.g., utility bill, bank statement).
• **Risk Profile Data:** Information on your occupation, financial standing, and expected transaction activity.

For legal entities, we conduct CDD on the company itself, its directors, and its ultimate beneficial owners ("UBOs"). This typically includes:

• **Corporate Documents:** Certificate of incorporation, memorandum and articles of association, director and shareholder registers.
• **UBO Identification:** Full KYC/CDD on all individuals who own or control 25% or more of the company.
• **Operational Information:** Information on the nature of the business and the source of its funds.

We may ask you to provide information and documentation regarding your **Source of Funds** (where the money used for a specific transaction comes from, e.g., bank transfer, salary) and/or your **Source of Wealth** (how your overall net worth was generated, e.g., business profits, inheritance).

This information is crucial for us to establish a robust risk profile and is requested when a transaction or overall activity exceeds certain thresholds, or if it presents an elevated risk.

We use a combination of automated technology and human review to verify the authenticity of the documents you provide and to ensure that you are who you claim to be. This process may involve:

• Cross-referencing your details against reputable public databases and governmental records.
• Using liveness detection and facial recognition technology during the onboarding process.
• Confirming the validity of address documents against a reliable third-party data source.

We are required to ensure that the information we hold about you is accurate and up-to-date. We may ask you to re-confirm or provide updated documentation on a periodic basis or if there is a material change in your circumstances (e.g., change of address or key corporate officer).

We continuously monitor transactions and account activity for unusual patterns or activity that is inconsistent with your established profile. This involves the use of advanced surveillance software to detect and flag suspicious activities for further manual investigation by our Compliance team.

In accordance with the EU Funds Transfer Regulation and the extension of the "Travel Rule" to crypto-asset transfers, we are required to collect and retain specific information for both incoming and outgoing crypto-asset transfers above a certain threshold (currently EUR 1,000, subject to change).

For each transfer, this information may include:

• **Originator (Sender) Information:** Name, account number/wallet address, and address.
• **Beneficiary (Receiver) Information:** Name, account number/wallet address.

We use secure data transmission methods to send this information to other CASPs when required by the Regulation.

In situations that present a higher risk of money laundering or terrorist financing, we are required to perform **Enhanced Due Diligence (EDD)**.

Circumstances that may trigger EDD include:

• Transactions involving countries with known deficiencies in AML/CTF regimes.
• Clients who are or are related to Politically Exposed Persons (PEPs).
• Complex, unusually large, or unusual patterns of transactions.
• Where there is any doubt regarding the identity of the client or the UBO.

EDD measures involve collecting more detailed information, such as extensive Source of Wealth/ Source of Funds documentation, conducting in-person verification (where feasible), and more frequent, detailed monitoring of transactions.

We screen all clients and relevant parties (such as UBOs) against official international and EU sanctions lists before onboarding and on an ongoing basis. If a match is found, we are legally obligated to freeze the account and report the finding to the relevant authorities.

We also conduct screening for Politically Exposed Persons (PEPs) and adverse media (negative news or public information) to assess associated risks and, where necessary, apply EDD.

Compliance with our AML/KYC requirements is mandatory. If you fail or refuse to provide the requested information or documentation, or if the information provided cannot be satisfactorily verified, we may be unable to establish or maintain a business relationship with you.

This means we may be legally required to suspend your account, refuse to process transactions, or terminate the business relationship.

Your privacy is important to us. Any personal data we collect for AML/KYC purposes is processed in accordance with applicable data protection laws, in particular the EU General Data Protection Regulation (GDPR).

In practice, this means that:

• We collect only the information we must collect for legal, regulatory and risk management purposes.
• We store your data securely and limit access to authorised personnel only.
• We may share your data with competent authorities (such as CySEC or the Financial Intelligence Unit) and other regulated institutions only where required or permitted by law.
• We retain your data only for as long as required by law.

For more information on how we handle your personal data and your rights, please refer to our Privacy Policy, which is available on our website.

By using our services, you agree to:

• Provide true, accurate and complete information and documents when requested.
• Inform us promptly if your details change (for example, if you move to a new country or change your name).
• Use our services only for lawful purposes.
• Cooperate with us if we need further details to understand a transaction or your account activity.

If you have any questions about this Policy, or if you are unsure why we are asking for specific documents or details, you can contact us at any time via the contact details below or the contact form on our website em.ron.in.