Compliance

AML/KYC policy

1. Introduction

This AML/KYC Policy explains how FortisX approaches anti-money laundering (“AML”) and counter-terrorist financing (“CTF”) obligations, and in which situations we may need to identify our users or request additional information. We follow a risk-based approach that focuses enhanced checks on institutional clients, larger flows, and higher-risk activity.

This Policy supplements our Terms of Use, User Agreement, and Privacy Policy. By using the Services, you acknowledge that you have read and understood this Policy.

2. Scope and definitions

This Policy applies to your use of FortisX staking, analytics, allocation, and related services (“Services”). It covers:

  • institutional and professional clients (such as funds, companies, and other organizations);

  • high-volume users and higher-risk flows as determined by our internal risk criteria;

  • other users where required by applicable AML/CTF or sanctions regulations.

“KYC” (know your customer) in this Policy refers to identification and verification measures that may be required under applicable law or our risk-based controls.

3. Risk-based approach

FortisX applies a risk-based framework. This means we:

  • focus enhanced due diligence on institutional clients, complex structures, and larger or higher-risk transactions;

  • apply simplified or limited checks for lower-risk, smaller-volume usage where permitted by law;

  • regularly review our risk assessments and controls as products, regulations, and market conditions evolve.

We aim to balance regulatory expectations, platform integrity, and a smooth experience for legitimate users.

4. When we may perform KYC

Depending on your profile, jurisdiction, and how you use the Services, we may request KYC information in situations such as:

  • onboarding institutional or professional clients, including funds, companies, and other legal entities;

  • configuring larger or recurring allocation and rebalancing programs;

  • connecting certain third-party custodians, banking rails, or payment providers;

  • transactions or patterns that meet internally defined risk thresholds or trigger alerts;

  • where required by applicable AML/CTF, sanctions, or other financial regulations.

For smaller, lower-risk usage, we will typically limit any identification measures to what is proportionate and required by law.

5. Types of information we may request

The specific information requested will depend on whether you are an individual or a legal entity and on your risk profile. It may include:

  • basic identification details (such as name, contact details, country of residence);

  • for institutions: legal name, registration details, ownership and control structure, and key controllers;

  • proof of identity and, where relevant, proof of address for key individuals or ultimate beneficial owners;

  • information about the nature and purpose of the relationship with FortisX;

  • additional documentation in higher-risk cases, where required by law or our internal policies.

We seek to keep requested information limited to what is reasonably necessary for compliance.

6. Monitoring and controls

FortisX may monitor activity on the platform to help detect patterns that could indicate money laundering, terrorist financing, sanctions evasion, or other prohibited conduct. This may include:

  • reviewing allocation and rebalancing patterns at an aggregated level;

  • assessing unusual or inconsistent flows relative to a user’s profile;

  • screening counterparties, where relevant, against public sanctions or watchlists.

Where activity appears inconsistent with applicable laws or our risk appetite, we may request clarification, ask for additional information, limit certain features, or suspend access.

7. Sanctions and prohibited activity

FortisX does not knowingly provide Services to or for the benefit of:

  • individuals or entities that are subject to applicable sanctions or asset freezes;

  • users located in jurisdictions where we are legally prohibited from operating;

  • activity that we reasonably believe relates to money laundering, terrorist financing, fraud, or other serious crime.

We may screen users and counterparties against relevant sanctions lists as required by law.

8. Use of information and privacy

Any personal data collected for AML/KYC purposes is used strictly to:

  • comply with AML/CTF, sanctions, and related regulatory obligations;

  • manage risk and protect the integrity of the Services;

  • cooperate with competent authorities where legally required.

We handle personal data in accordance with our Privacy Policy, which describes how we store, protect, and retain information and the rights you may have under applicable data protection law.

9. Cooperation with authorities

Where required by law, FortisX may:

  • report suspicious activity or transactions to competent authorities;

  • respond to lawful requests, court orders, or regulatory inquiries;

  • share relevant records to the extent necessary to comply with legal obligations.

We review such requests carefully and disclose only what is required under applicable law.

10. Your responsibilities

By using the Services, you agree to:

  • provide accurate and complete information when requested for AML/KYC purposes;

  • promptly update information that becomes outdated or materially incorrect;

  • not use the Services for any unlawful purpose or in violation of sanctions or AML/CTF laws;

  • cooperate with reasonable requests for clarification or additional documentation.

Failure to comply with these responsibilities may result in restrictions or termination of access to certain features or to the Services.

11. Changes to this Policy

We may update this AML/KYC Policy from time to time to reflect changes in regulation, guidance, or our risk-management practices. When we make material changes, we will update the “Last updated” date below and may provide additional notice where appropriate.

12. Contact

If you have questions about this AML/KYC Policy or how FortisX manages compliance, please contact us at [email protected].

Last updated: 14 Nov 2025

Legal & compliance contact

Legal and compliance enquiries

For information regarding the FortisX group corporate structure or access to additional legal documentation, please contact the legal and compliance team.

We use cookies to operate the site, analyze traffic, and remember your preferences. You can change settings at any time.
Learn More