Bidali KYC & AML Policy

Bidali Inc. ("Bidali", "we", "us", "our", and Company) has developed an Anti-Money Laundering and Anti-Terrorist Financing Policy ("AML Policy") in an effort to maintain the highest possible compliance with applicable laws and regulations relating to anti-money laundering and terrorist financing. Our policies and procedures meet or exceed legislative requirements in Canada and reflect how we manage money laundering and terrorist financing risks posed to Bidali in order to provide a robust, compliant platform.

The Proceeds of Crime and Terrorist Financing Act

In accordance with the prescribed legislative requirements set forth in the Proceeds of Crime (Money Laundering) and Terrorist Financing Act ("PCMLTFA"), our Company is required to fulfill certain record keeping, identification, and reporting requirements. Our Company has chosen to implement and maintain a compliance regime which includes, but is not limited to:

• Establishing robust internal policies, procedures and controls that strive to combat any attempted use of Bidali's products or services for illegal or illicit purposes.
• Appointing a Chief Compliance Officer (“CCO”), responsible for the development, implementation, and oversight of Bidali's AML program.
• Executing Know Your Customer (“KYC”) procedures on all customers* to identify them as required by the PCMLFTA;
• Assessing of our risks as it relates to money laundering and terrorist financing;
• Following all applicable record retention requirements as required by the PCMLFTA;
• Monitoring transactions for potentially suspicious and attempted suspicious activities for the purposes of filing Suspicious Transaction Reports ("STR") or Attempted Suspicious Transaction Reports ("ASTR");
• Maintaining and providing written, ongoing compliance training for our employees to ensure their understanding of their responsibilities under the PCMLFTA and Regulations in Canada; and,
• Regular reviews of our compliance regime to test its effectiveness related to money laundering and terrorist financing every two years.

*A customer is presently defined as a person or entity that uses Bidali's payment products and services.

Policies and Procedures

Bidali has adopted a risk based regime approved by its board of directors. Bidali personnel and our board of directors recognize the importance of implementing and maintaining a sound AML Policy that meets or exceeds the requirements of all applicable laws and regulations. As such, our Company has implemented internal policies and procedures to achieve these requirements. The AML Policy is reviewed on a regular basis and, if necessary, revised in an effort to comply with regulatory changes.

Our Chief Compliance Officer

Under the PCMLTFA, Bidali has designated a Chief Compliance Officer ("CCO") who is responsible for the implementation and oversight of our compliance regime. Our CCO has the authority and the resources to ensure the ongoing compliance of our Company as it relates to the identification and prevention of money laundering and terrorist financing in the jurisdictions that Bidali operates in. Our CCO and their compliance team can be reached directly at compliance@bidali.com.

Ongoing Monitoring of Business Relationships

As per FINTRAC guidance, business relationships are established once a client has an account with your organization. At Bidali an active account, and therefore a business relationship, is defined as when a customer conducts two or more commercial transactions, with the exclusion of closed loop gift card purchases, within a 12 month period. Therefore for business relationships Bidali must:

• Determine the identity of the individual; or
• Confirm the existence of a corporation or other entity.

In addition to the above, Bidali adheres to the following regulatory requirements:

• Risk-rating all business relationships and amending their risk-rating if the need arises;
• Conducting ongoing monitoring of the business relationship as determined by the risk-rating (high/low) assigned to the customer; and,
• Keeping a record of the measures that we have taken to monitor the relationship and the information we obtained as a result.

If necessary, we may require our customers to provide additional documentation or information to confirm source of funds for the purpose of the transaction.

Our system employs a combination of automated and manual monitoring procedures with an appropriate escalation process based on risk. Bidali's compliance staff will review any transactions that trigger a system alert and determine if the activities are within the customers’ stated activity and/or normal usage behavior before being completed. In some cases, Bidali will require additional information from the customer such as source of income, proof of employment, proof of corporate registration, nature of the client's business, as well as review of customer’s transaction history.

Know Your Customer Processes

Prior to a customer being able to perform a transaction using Bidali's products or services, Bidali must identify the customer, known as Know Your Customer ("KYC"), in accordance with applicable regulations. Bidali has a policy which requires all customers to be "verified" in the following circumstances:

• prior to the customer being able to issue closed loop prepaid stored value products (ie. gift cards) for their business;
• when a business customer accepts more than $1,000 in cumulative payment processing payments volume using the Bidali Services;
• when a customer purchases or attempt to purchase a total monetary sum of gift cards equal to or greater than $9,500 per 24 hours;
• when a customer sends equal to or greater than $1,000 in a single transaction or $9,500 per 24 hours in Bidali Cash to another Bidali customer; and
• when a customer has a Bidali Account balance equal or greater than $10,000;

All transaction and account limits are denoted in local fiat currency value. Bidali Accounts are presently only made available to residents in certain countries in order to minimize the risk of money laundering and terrorist financing activities. Please see our Restricted Use Policy for more details.

Information that we may collect in order verify and authenticate a customer or beneficial owner:

• Email address;
• Mobile phone number;
• Full legal name;
• Home Address (not a mailing address or P.O. Box);
• Date of birth ("DOB");
• IP Address
• Unique device information
• Proof of identity (as outlined below);
• Additional information or documentation at the discretion of our compliance team.

Individual customers may be verified by way of:

Single Process Identity Verification Method

Using this method we determine the identity of a customer by referring to a credit file or financial institution account that has been established with a third party credit file provider or financial institution. To be verified, the details provided by the third party must match the name, date of birth and address provided by an individual customer, or match two trade lines within the credit file. If any of the information does not match, the individual will need to use another method to prove their identity.

Dual Process Identity Verification Method

This method involves referring to information from reliable and independent sources which can be submitted by the individual in original paper form or an un-altered electronic form. As part of the account sign up process, customers are asked to upload to our site the original electronic or paper documents they received or downloaded. All documents must be valid and unaltered in order to be acceptable. If any information has been redacted, it is not acceptable. Such documents typically include, but are not limited to:

• Government issued photo identification
• Bank or credit card statement
• Utility bill

All files are submitted over encrypted channels and stored encrypted in our data centres or with third party data processors. Review to our Security Policy and our Privacy Policy for more information on the procedures we employ to keep your data safe.

Identifying Corporations and Other Entities

Since some of our customers may be corporate entities, non-profits, or charities, we are required to confirm the existence of the entity, and the entity's beneficial ownership.

Corporations

We confirm the existence of a corporation as well as the corporation's name and address by collecting and verifying the following information:

• Corporate Email address;
• Corporate phone number;
• Full Corporate legal name;
• Operating name;
• Government registration number;
• Business Address (not a mailing address or P.O. Box);
• Proof of existence (as outlined below);
• Confirmed identity of all beneficial owners (as outlined below);
• Additional information or documentation at the discretion of our Compliance team.

We use one or more of the following documents to verify the business information collected:

• Proof of existence:
  • Certificate of Corporate Status​ (if incorporated within the previous 12 months); or
  • Notice of registration (either provincial/state or federal); or
  • A letter or a notice of assessment from a municipal, provincial, state, territorial or federal; or
  • Corporation’s published annual report signed by an independent audit firm​; or
  • Trade name registration (if applicable)
• Proof of corporate address (utility bill, bank statement or any government record)
• Completed business account information (including the nature of business and estimated transaction volumes)
• Completed beneficial ownership information and identity verification for all beneficial owners of the organization (i.e. any actual person who owns or controls, directly or indirectly, 25% or more of the corporation’s shares).

Partnerships, Cooperatives, Sole Proprietorships

We confirm the existence of an entity other than a corporation in the same way we do corporations however, supporting documentation that is deemed acceptable is different. Acceptable supporting documentation may include, but is not limited to:

• a partnership agreement; or
• articles of association; or
• sole proprietorship registration; or
• any other similar record that confirms the entity's existence.

In confirming an entity’s existence, we must be able to refer to a paper or electronic record and retain a copy of it. Verbal confirmation is not sufficient. Electronic records must be from a public source and we must record the type and source and corporation’s registration number. In addition, we also require complete beneficial ownership information and identity verification for all beneficial owners of the organization (i.e. any actual person who owns or controls, directly or indirectly, 25% or more of the entity's shares).

Not-for-profits and Charities

We confirm the existence of an entity other than a corporation in the same way we do corporations however, supporting documentation that is deemed acceptable for non-profits may differ. Acceptable supporting documentation may also include, but is not limited to:

• proof of charity or non-profit registration; or
• articles of association; or
• any other similar record that confirms the entity's existence.

If the entity is a not-for-profit organization, we also must:

• Determine whether or not the entity is a registered charity for income tax purposes
• If that entity is not a registered charity, determine whether or not it solicits charitable financial donations from the public
• Obtain completed beneficial ownership information and identity verification for all beneficial owners of the organization (i.e. any actual person who owns or controls, directly or indirectly, 25% or more of the entity's shares or is a director of the non-profit).

Beneficial Ownership Records

In addition to confirming the existence of a corporation or other entity, we also must also determine and confirm the accuracy of the entity's beneficial ownership through the following:

If the entity is a corporation:

• The name and occupation of all directors and officers of the corporation; and
• The name, address and occupation of all individuals who directly or indirectly own or control 25% or more of the shares of the corporation.

If the entity is other than a corporation:

• The name, address and occupation of all individuals who directly or indirectly own or control 25% or more of the entity.

Keeping Client Identification Information Updated

Bidali customers who present an elevated risk are required to have their identification information updated at least every two years, or sooner depending on our risk evaluation. Customers who present an elevated risk include (but are not limited to) Politically Exposed Persons ("PEPs") or individuals from certain countries we operate in. This is done by reviewing original identity or entity documents and recording the updated identification or information details for our files as appropriate.

Reporting Requirements

Bidali complies with all the reporting requirements as per the PCMLTFA and regulations as enforced by FINTRAC. There are multiple situations where we are obligated to submit reports.

Suspicious Transaction Reports

In order to operate legally our Company must report any transactions or attempted transactions where there are reasonable grounds to suspect such transactions relate to money laundering or terrorist activity. There is no monetary threshold for submitting a Suspicious Transaction Report ("STR") or Attempted Suspicious Transaction Report ("ASTR").

Our CCO has the authority to file STRs and ASTRs with FINTRAC and is required to maintain a log of all reports filed in accordance with Bidali's record keeping procedures.

Terrorist Property Reporting and Sanctions Requirements

There are two situations where we must send a terrorist property report to FINTRAC immediately:

• Knowing that a property is owned or controlled by or on behalf of a terrorist or terrorist group; or,
• Believing that a property is owned or controlled by or on behalf of a listed person.

Where there are economic sanctions, Bidali is required to prohibit or restrict activities in accordance with the legal requirements. In some cases, Bidali may be required to freeze property, in addition to making reports to various government and law agencies.

Ongoing Monitoring of Business Relationships

If in the course of reviewing and monitoring, we identify unexplainable or unusual patterns or activity, we will work to obtain further information so that questions surrounding the suspicious activity are satisfactorily answered. Bidali may also report the activity internally to our CCO who is required to maintain a record/log of all internally reported and perform a review to determine if an STR is to be filed with FINTRAC.

If Bidali cannot reach a clear understanding of the customer's identity, or the sources and movement of funds, it may result in their account being permanently closed. This will be followed by terminating the business relationship and blacklisting the account owner to prevent them from re-opening a new account.

Policy Audits

Internally our CCO is responsible for performing an audit of our AML Policy at least annually and presenting the results to the CEO and the Bidali Board of Directors for review. Our AML Policy is updated on a regular basis as we develop new products and technologies and legislation evolves.

Independent review will occur a minimum of once every two years. The independent review of our AML/CTF compliance regime will be performed by a qualified AML/CTF regime auditor as per FINTRAC’s guidelines. The process will assess Bidali's internal controls, transactional systems and procedures. The findings from such examination are sent directly to the CEO and Board of Directors for review.

Training

All Bidali employees and officers receive ongoing broad-based AML training, as well as position-specific training. They must repeat this training at least once every twelve (12) months to ensure they are knowledgeable and in compliance with all pertinent laws and regulations. New employees receive training within thirty (30) days of their start date. All documentation related to compliance training including: materials, tests, results, attendance and date of completion are maintained. In addition, our compliance training program is updated as necessary to reflect current laws and regulations.

---

If you have any questions or concerns feel free to contact compliance@bidali.com.