Anti-Money Laundering (AML) Policy

VFT Chain LLC Effective Date: October 29, 2025 Version: 1.0 Last Updated: October 29, 2025

IMPORTANT NOTICE

This Anti-Money Laundering (AML) Policy outlines VFT Chain LLC's commitment to preventing money laundering, terrorist financing, and other financial crimes on the VFTChain platform. Contact: Thomas@vftchain.com

1. Policy Overview

1.1 AML Commitment

VFT Chain LLC is committed to:

Preventing money laundering and terrorist financing

Complying with all applicable AML laws and regulations

Implementing risk-based controls appropriate for our non-custodial architecture

Cooperating fully with law enforcement and regulatory authorities

Maintaining platform integrity and user trust

1.2 Regulatory Status

Non-Custodial Platform:

VFTChain is a non-custodial decentralized compute platform

VFT Chain LLC does NOT custody, hold, or control user funds

Users maintain control of their own cryptographic private keys

Platform facilitates peer-to-peer transactions only

Money Services Business (MSB) Status:

Based on non-custodial architecture, VFT Chain LLC is NOT an MSB under FinCEN regulations

NOT required to register as Money Transmitter at federal level

State-level analysis completed (non-custodial exemption applicable)

IMPORTANT: While not legally required to implement full AML/KYC programs, we voluntarily implement risk-based controls to prevent illicit activity and comply with OFAC sanctions.

1.3 Scope

This policy applies to:

All VFTChain platform users (compute providers and customers)

VFTC token holders and participants

All platform transactions and activities

Third-party integrations and partners

2. Regulatory Framework

2.1 Applicable Laws

VFT Chain LLC complies with: United States Federal:

Bank Secrecy Act (BSA)

USA PATRIOT Act

FinCEN regulations (non-custodial exemptions)

OFAC sanctions programs (SDN, FSE lists)

Anti-Money Laundering Act of 2020

International:

FATF (Financial Action Task Force) recommendations

EU 5th Anti-Money Laundering Directive (5AMLD)

UK Money Laundering Regulations 2017 (as amended)

Jurisdiction-specific AML laws where users are located

2.2 Non-Custodial Exemptions

Limited AML Obligations: Due to non-custodial architecture, VFT Chain LLC is exempt from:

Full Know Your Customer (KYC) verification requirements

Currency Transaction Reports (CTRs)

Suspicious Activity Report (SAR) filing in most cases

FinCEN MSB registration

Retained Obligations: We ARE still required to:

Comply with OFAC sanctions screening (MANDATORY)

Implement risk-based controls to prevent illicit activity

Report criminal activity when discovered

Cooperate with law enforcement investigations

Maintain reasonable security and fraud prevention measures

3. Risk Assessment

3.1 Platform Risk Assessment

VFTChain conducts ongoing risk assessments considering: User Risks:

Geographic location (high-risk jurisdictions)

Transaction patterns and volumes

Anonymity level (pseudonymous blockchain addresses)

New vs. established users

Product Risks:

Non-custodial architecture reduces custody risk

Peer-to-peer transactions increase counterparty risk

Cryptocurrency inherent AML risks (irreversible, pseudonymous)

Compute services could be used for illicit purposes

Geographic Risks:

OFAC sanctioned countries (complete prohibition)

High-risk jurisdictions per FATF

Countries with weak AML enforcement

Jurisdictions with high rates of cybercrime or fraud

Delivery Channel Risks:

Internet-only platform (no in-person verification)

Automated onboarding (limited initial verification)

Open access model (permissionless participation)

Global reach across multiple jurisdictions

3.2 Risk-Based Approach

Based on risk assessment, we implement: Low-Risk Activities:

Small compute job submissions

Minimal token transactions

Established users with clean history

Controls: Automated monitoring only

Medium-Risk Activities:

Large compute jobs or token volumes

First-time users from medium-risk countries

Unusual transaction patterns

Controls: Enhanced automated monitoring + possible identity verification

High-Risk Activities:

Users from high-risk jurisdictions

Sanctioned wallet interactions

Suspicious patterns matching known illicit activity

Controls: Account suspension + mandatory identity verification + potential SAR filing

4. OFAC Sanctions Compliance

4.1 Mandatory Sanctions Screening

ZERO TOLERANCE for sanctions violations. We implement:

Automated wallet screening against OFAC SDN (Specially Designated Nationals) list

Real-time transaction monitoring for sanctioned addresses

Geolocation blocking for prohibited jurisdictions

Daily SDN list updates from OFAC website

VPN/proxy detection to prevent geographic circumvention

###4.2 Prohibited Jurisdictions Complete platform prohibition for:

Cuba

Iran

North Korea

Syria

Crimea, Donetsk, and Luhansk regions of Ukraine

Any other OFAC-sanctioned territories

Users from these jurisdictions:

Cannot create accounts or access platform

Will have existing accounts immediately terminated

Will forfeit all tokens and rewards

May be reported to OFAC

4.3 Sanctioned Entities and Individuals

We screen against:

OFAC SDN List (Specially Designated Nationals)

OFAC Consolidated Sanctions List

Foreign Sanctions Evaders (FSE) List

Sectoral Sanctions Identifications (SSI) List

Known terrorist wallet addresses (public blockchain intelligence)

4.4 50% Rule

Per OFAC guidance:

Entities owned 50% or more by sanctioned persons are also sanctioned

We apply automated ownership analysis where technically feasible

Users must not transact with 50% owned entities

4.5 Sanctions Violations

If sanctions violation detected:

Immediate account suspension

Asset freeze (no token withdrawals or trades)

Investigation by compliance team

Report to OFAC within 10 days (if required)

Cooperation with authorities

Permanent account termination

No exceptions, appeals, or refunds for sanctions violations.

5. Know Your Customer (KYC)

5.1 Voluntary Risk-Based KYC

Default: No KYC Required

Non-custodial architecture = no legal requirement for universal KYC

Most users can participate pseudonymously

Blockchain addresses serve as identifiers

KYC Required for High-Risk Scenarios:

Users from medium/high-risk jurisdictions

Large transaction volumes or compute job values

Suspicious activity patterns detected

Third-party reports or law enforcement requests

Violation of Terms of Service

5.2 KYC Information Collection

When KYC is required, we collect: Individual Users:

Full legal name

Date of birth

Residential address

Government-issued ID (passport, driver's license, national ID)

Proof of address (utility bill, bank statement < 90 days old)

Selfie with ID for liveness verification

Business Users:

Legal entity name and registration number

Jurisdiction of incorporation

Business address and proof

Beneficial ownership information (UBOs owning > 25%)

Articles of incorporation or equivalent

Authorized representative information and ID

5.3 Identity Verification

KYC verification process:

User submits documents via secure platform interface

Automated document verification (OCR + fraud detection)

Liveness check (selfie + ID matching)

Manual review by compliance team if automated checks fail

Verification decision within 5 business days

Account restrictions lifted upon successful verification

Third-Party KYC Providers:

We may use third-party KYC/ID verification services

User data processed in accordance with Privacy Policy

GDPR and CCPA compliant handling

5.4 Ongoing Monitoring

For verified users:

Periodic re-verification (every 2 years or when risk factors change)

Ongoing transaction monitoring

Adverse media screening

PEP (Politically Exposed Person) screening

Sanctions list screening (continuous)

6. Transaction Monitoring

6.1 Automated Monitoring

All platform transactions monitored for: Red Flags:

Transactions to/from sanctioned addresses

High-volume or high-value transactions

Rapid movement of tokens (possible layering)

Structured transactions to avoid detection

Transactions with known darknet markets or mixers

Geographic red flags (high-risk countries)

Monitoring Tools:

Blockchain analytics software (Chainalysis, Elliptic, or similar)

Real-time transaction pattern analysis

Machine learning anomaly detection

Manual review queue for flagged transactions

6.2 Suspicious Activity Indicators

We investigate transactions exhibiting: Behavioral Red Flags:

User refuses to provide information when requested

User provides false or inconsistent information

User uses multiple identities or accounts

User accesses platform via TOR, VPN, or proxy despite restrictions

User exhibits knowledge of AML procedures (possible structuring)

Transaction Red Flags:

Transactions with no apparent economic purpose

Unusual patterns compared to peer group

Transactions inconsistent with user profile

Involvement of jurisdictions unrelated to user's stated location

Frequent small transactions just below reporting thresholds

Blockchain Red Flags:

Interactions with known illicit wallet addresses

Use of mixing/tumbling services

Routing through privacy coins

Connections to ransomware payment addresses

Links to darknet marketplace addresses

6.3 Enhanced Monitoring

High-risk users subject to:

Real-time transaction alerts

Lower thresholds for investigation

Mandatory explanations for unusual activity

Periodic manual compliance reviews

7. Suspicious Activity Reporting (SAR)

7.1 SAR Reporting Obligation

While VFT Chain LLC is not legally required to file SARs (non-MSB status), we voluntarily report suspicious activity to FinCEN when:

Activity involves $5,000 or more in aggregate

Activity has no business or lawful purpose

Activity is designed to evade BSA/AML requirements

We have reason to suspect criminal activity

7.2 SAR Decision Process

Investigation Triggers:

Automated monitoring system flags transaction

Manual review by compliance team

Escalation to senior management if suspicious

Legal review (if complex or novel)

SAR filing decision within 30 days of initial detection

SAR Filing Procedure:

File via FinCEN BSA E-Filing System

Include all required information (FinCEN Form 111)

Maintain supporting documentation for 5 years

Do NOT notify user (SAR confidentiality rules)

7.3 SAR Confidentiality

Strict confidentiality requirements:

Users are NEVER informed that a SAR was filed

SAR filings kept confidential within compliance team

Employees prohibited from disclosing SAR existence

Violation of SAR confidentiality is a federal crime

7.4 Voluntary Information Sharing

We may share SAR information with:

Law enforcement (upon request or subpoena)

Other financial institutions (314(b) sharing)

Regulators (in examinations or investigations)

8. Record Keeping

8.1 Retention Requirements

We retain for 5 years minimum: Transaction Records:

All blockchain transaction hashes and details

Compute job submissions and completions

VFTC token transfers and rewards

Timestamp, wallet addresses, amounts, transaction type

Identity Records (when collected):

KYC documentation and verification results

Identification documents submitted

Proof of address documents

Verification date and method

Compliance Records:

Risk assessments and compliance audits

Sanctions screening results (including negative results)

SAR filings and supporting documentation

Employee AML training records

Internal investigations and outcomes

8.2 Record Access

Records accessible to:

Internal compliance and legal teams

External auditors (under NDA)

Law enforcement (with appropriate legal process)

Regulators (in examinations or investigations)

Users (their own data only, per GDPR/CCPA rights)

8.3 Data Security

All records protected via:

Encryption at rest and in transit (AES-256)

Access controls (role-based, least privilege)

Audit logging (all access logged and monitored)

Secure backup systems (encrypted, off-site)

Annual security audits

9. Employee Training

9.1 AML Training Program

All employees receive:

Initial AML training within 30 days of hire

Annual refresher training

Role-specific training (compliance team gets enhanced training)

Updates when policies or regulations change

Training Topics:

AML laws and regulations (BSA, PATRIOT Act, OFAC)

Red flags and suspicious activity indicators

Internal reporting procedures

SAR confidentiality requirements

Sanctions screening procedures

Consequences of AML violations

9.2 Training Records

We maintain records of:

Training completion dates for each employee

Training materials and curriculum

Test results (if applicable)

Acknowledgment of understanding signed by employees

10. Compliance Officer

10.1 Designated Compliance Officer

Thomas@vftchain.com serves as:

AML Compliance Officer

OFAC Compliance Officer

Primary contact for AML matters

Responsibilities:

Oversee AML program implementation

Conduct risk assessments

Review suspicious activity and make SAR decisions

Maintain relationships with law enforcement and regulators

Ensure employee training completion

Report to senior management on compliance matters

10.2 Compliance Resources

Compliance Officer has:

Direct access to CEO and Board of Directors

Authority to suspend accounts or transactions

Budget for compliance tools and services

Independence from business pressure

Legal support when needed

11. Independent Testing

11.1 Annual Audit

We conduct annual independent AML audits:

Performed by external qualified auditor

Tests effectiveness of controls

Reviews samples of transactions and investigations

Identifies deficiencies and recommends improvements

Results reported to senior management and Board

11.2 Audit Scope

Audit reviews:

Risk assessment methodology and results

Sanctions screening effectiveness (sample testing)

Transaction monitoring system performance

SAR decision-making process and quality

KYC procedures and documentation

Record keeping and retention

Employee training compliance

Previous audit remediation status

11.3 Remediation

Audit findings result in:

Action plan with assigned owners and deadlines

Quarterly progress reporting to management

Follow-up testing in next audit

Escalation if remediation not completed timely

12. Law Enforcement Cooperation

12.1 Full Cooperation Policy

VFT Chain LLC fully cooperates with law enforcement, including:

Responding to subpoenas, warrants, and court orders

Providing requested transaction records and user information

Preserving evidence per legal hold requests

Testifying in court proceedings if needed

Voluntary information sharing when appropriate

12.2 Information Requests

Law enforcement requests handled via:

Email: Thomas@vftchain.com (subject: "Law Enforcement Request")

Legal process must be valid and properly served

Compliance team reviews for legal sufficiency

Response within timeframes required by law (typically 14-30 days)

User notification (if not prohibited by court order or 18 USC § 2705)

12.3 Emergency Requests

For time-sensitive matters (imminent threat, ongoing crime):

Expedited review and response (within 24-48 hours if possible)

Phone contact: Documented via email confirmation

Follow-up legal process required within reasonable timeframe

13. Third-Party Risk Management

13.1 Third-Party Due Diligence

We conduct AML due diligence on:

Payment processors or exchanges integrated with platform

Blockchain analytics vendors

KYC/identity verification providers

Cloud infrastructure providers (AWS, etc.)

Due Diligence Includes:

Company background and reputation research

AML/compliance program review

References and regulatory history check

Contractual AML obligations

Ongoing monitoring of third-party compliance

13.2 Prohibited Third Parties

We will NOT partner with:

Entities on OFAC sanctions lists

Entities in prohibited jurisdictions

Entities with history of AML violations or sanctions failures

Entities lacking adequate AML controls

Entities facilitating anonymous or untraceable transactions

14. User Obligations

14.1 User Representations

By using VFTChain, users represent that they will NOT:

Use platform for money laundering or terrorist financing

Conduct transactions on behalf of sanctioned persons or entities

Provide false identity or misleading information

Structure transactions to evade detection or reporting

Use platform for any illegal purpose

Circumvent geographic or sanctions restrictions

14.2 User Cooperation

Users must:

Respond truthfully to information requests

Provide KYC documentation when requested (within 14 days)

Report suspicious activity or policy violations observed on platform

Update account information when circumstances change

Maintain accurate contact information

14.3 Consequences of Violations

AML violations result in:

Immediate account suspension or termination

Forfeiture of tokens and rewards

Report to law enforcement (if criminal activity suspected)

Potential civil or criminal prosecution

Permanent ban from platform

No refunds or compensation

15. Privacy and Data Protection

15.1 AML Data Collection

We collect only necessary data for:

Sanctions screening (wallet addresses, geolocation)

KYC verification (identity documents, when required)

Transaction monitoring (blockchain data, transaction details)

Regulatory reporting (SAR information, when filed)

15.2 Data Use Limitations

AML data used ONLY for:

Compliance with AML laws and regulations

Platform security and fraud prevention

Law enforcement cooperation

Regulatory examinations

Internal audits and testing

NOT used for:

Marketing or advertising

Selling to third parties

Unrelated business purposes

15.3 Data Subject Rights

Subject to regulatory exceptions:

Users can request access to their AML records (GDPR Article 15)

Users can request correction of inaccurate information

EXCEPTION: SAR information CANNOT be disclosed (legal prohibition)

EXCEPTION: Active investigation data may be temporarily withheld

See Privacy Policy for complete data protection information.

16. Penalties and Enforcement

16.1 Regulatory Penalties

AML violations can result in:

Civil penalties up to $250,000 per violation (FinCEN)

Criminal penalties up to $500,000 and 20 years imprisonment (willful violations)

OFAC penalties up to $20 million or 2x transaction value per violation

Platform shutdown or operating restrictions

Personal liability for executives and compliance officers

16.2 Internal Enforcement

Employee AML violations result in:

Disciplinary action up to termination

Referral to law enforcement (if criminal)

Recovery of bonuses or compensation

Prohibition from compliance roles

16.3 User Enforcement

See section 14.3 above for user violation consequences.

17. Policy Updates

17.1 Right to Update

We may update this AML Policy to:

Reflect changes in applicable laws or regulations

Incorporate regulatory guidance or best practices

Address new risks or threats

Improve effectiveness of controls

17.2 Notice

Material changes communicated via:

Website notice (30 days minimum)

Email notification (if email provided)

Update to "Last Updated" date

17.3 Questions

For questions about this AML Policy: Email: Thomas@vftchain.com Subject: "AML Policy Inquiry"

18. Disclaimer

This AML Policy describes our voluntary compliance efforts. Nothing herein:

Constitutes legal or compliance advice

Guarantees detection of all illicit activity

Waives any legal defenses or privileges

Creates third-party rights or obligations

Supersedes applicable laws or regulations

In case of conflict between this policy and law, law prevails.

Last Updated: October 29, 2025 Version: 1.0 Document ID: VFTC-AML-POLICY-2025-v1.0