سیاست AML/KYC

Anti-Money Laundering (AML) & Know Your Customer (KYC) Policy – ace90review.com 🔒

Last updated: 25 October 2025

This page sets out the official Anti-Money Laundering (AML) and Know Your Customer (KYC) framework for
ace90review.com. The policy protects users and partners, deters illicit finance, and aligns our
operations with internationally recognized standards. It is written to meet EEAT (Experience, Expertise,
Authoritativeness, Trustworthiness) and YMYL (Your Money or Your Life) expectations by providing clear definitions,
robust controls, and verifiable procedures. ✅

Note: ace90review.com is an educational and informational platform. However, for any present or
future payment-related interactions (e.g., premium features, partner payouts, or affiliate commissions), the
following AML/KYC principles and controls will apply.

📌 Scope, Purpose, and Applicability

This policy applies to all products, pages, communications, and payment-related processes of
ace90review.com, including (where applicable):

  • Account creation, profile management, and login security
  • Deposits, withdrawals, refunds, or payouts (if offered)
  • User-to-user transfers, rewards, or loyalty programs
  • Promotional credits, bonuses, and affiliate or partner payments
  • Dispute resolution, chargeback handling, and recovery actions

This policy also applies to all personnel, contractors, payment partners, and service providers who support or
process activity related to ace90review.com.

🧭 Regulatory Alignment & Best-Practice References

Our AML/KYC framework is designed with reference to:

  • FATF Recommendations (risk-based AML/CFT approach, CDD/EDD, ongoing monitoring, reporting, record retention)
  • Directive (EU) 2015/849 and Directive (EU) 2018/843 (AMLD4/AMLD5) regarding AML/CFT obligations
  • Regulation (EU) 2015/847 on information accompanying transfers of funds
  • Applicable national laws, sanctions regimes, and supervisory guidance relevant to our users and partners
  • Data protection principles consistent with GDPR for privacy, security, and data minimization

🧾 Definitions

  • Money Laundering (ML):
    Converting, transferring, concealing, or disguising the origin of property known (or reasonably suspected) to be
    derived from criminal activity, or assisting persons involved in such activity to evade legal consequences.
  • Customer Due Diligence (CDD / KYC):
    Identifying and verifying customers, understanding the nature and purpose of the relationship, and applying
    ongoing monitoring.
  • Enhanced Due Diligence (EDD):
    Additional checks for high-risk customers, jurisdictions, products, or behaviors.
  • Source of Funds (SoF) / Source of Wealth (SoW):
    Evidence that explains the origin and legitimacy of deposited funds and the customer’s overall wealth.
  • Suspicious Transaction/Activity Report (STR/SAR):
    A formal report submitted to a Financial Intelligence Unit (FIU) when ML/TF is suspected.

🏛️ Governance & Accountability

  • Senior Management:
    Sets tone-from-the-top, approves this policy, allocates resources, and oversees overall effectiveness.
  • AML Compliance Officer (AMLCO):
    Designs controls, supervises monitoring, investigates alerts, escalates cases, and liaises with competent
    authorities and payment partners.
  • First Line (Operations & Support):
    Executes CDD/EDD steps, enforces payment rules, and flags anomalies or suspicious behavior.
  • Internal Audit / Independent Review:
    Performs periodic reviews and testing of AML/KYC controls, issuing findings and recommendations.

🛠️ Policy Maintenance & Change Control

  • Material updates undergo a documented risk impact assessment and approval by Senior Management and the AMLCO.
  • Prior versions are archived to ensure full auditability and traceability.
  • Changes may be triggered by regulatory developments, supervisory expectations, internal risk assessments, or
    technology evolution.

🧩 Risk-Based Approach (RBA) & Enterprise-Wide Risk Assessment (EWRA)

ace90review.com applies a risk-based approachls where risks are higher.
We conduct an Enterprise-Wide Risk Assessment (EWRA) at least annually, evaluating:

  • Products and services
  • Delivery channels (web, mobile, API, partners)
  • User types and profiles
  • Geographic and sanctions exposure
  • Transactional patterns, volumes, and emerging typologies

EWRA outcomes define thresholds, rules, EDD triggers, and monitoring frequencies.

🪪 Tiered Customer Verification (KYC)

Account verification follows a tiered structure. Certain actions may be paused until the required tier is
completed.

Tier 1 – Basic Profile (required before any withdrawal/payout)

Collected information typically includes:

  • Full name
  • Date of birth
  • Gender (where permitted by law)
  • Nationality
  • Country of usual residence
  • Full residential address

Automated database checks are performed. If unavailable or mismatched, a proof of address may be requested (e.g.,
recent utility bill or bank statement).

Tier 2 – Advanced ID Verification

Triggered when cumulative deposits, withdrawals, or payouts reach
2,000 (USD/EUR or equivalent).

  • Valid government ID photographed next to a random 6-digit code written by the user
  • A live selfie for match verification
  • Where e-verification fails, a recent proof of address (utility bill, bank statement, or official letter issued
    within the last 3 months) showing full name and address, with all corners visible and text readable

Tier 3 – Source of Funds / Source of Wealth (SoF/SoW)

Triggered when:

  • Cumulative deposits/withdrawals/payouts reach 5,000, or
  • Peer-to-peer transfers (if available) reach 3,000.

Acceptable SoF/SoW examples include:

  • Employment income (recent payslips, HR letter, tax statements)
  • Business ownership (audited accounts, corporate registry extracts)
  • Investments (brokerage statements, dividend records, proof of asset liquidation)
  • Inheritance or gifts (probate documents, notarized deeds, bank confirmations)

🌍 Geographic Risk Categorization

  • Low Risk: Tiers and thresholds as described above (Tier 2 at 2,000; Tier 3 at 5,000).
  • Medium Risk: Lower thresholds (Tier 2 at 1,000 and Tier 3 at 2,500). Crypto-to-fiat conversions
    (where supported via partners) may be treated as medium risk.
  • High Risk: Service may be restricted or prohibited; jurisdiction lists are reviewed against
    sanctions and regulatory advisories.

💳 Payment Method Controls

  • The same method used for deposit should be used for withdrawal/payout at least
    up to the deposited amount, where applicable.
  • Third-party cards or accounts are prohibited. The account name must match the verified user
    name.
  • Structuring deposits/withdrawals to evade thresholds (smurfing) triggers EDD and may result in restrictions or
    account closure.

🔎 Ongoing Monitoring & Three Lines of Control

  1. First Line – Payment Partners (PSPs):
    ace90review.com partners with reputable PSPs that operate effective AML/KYC controls at onboarding and at
    transaction time.
  2. Second Line – AMLCO & Monitoring Systems:
    Rules-based and machine-assisted monitoring overseen by the AMLCO. Red flags include:
    • Rapid deposit-withdrawal cycles without genuine activity
    • Behavior inconsistent with the user’s profile
    • Abnormal device/location changes or login patterns
    • Counterparties in high-risk or sanctioned locations
  3. Third Line – Manual Case Review & STR/SAR:
    Manual investigations of suspicious/high-risk users and STR/SAR filings to the competent FIU where required by
    law.

📈 Control Thresholds at a Glance

Control LayerTriggerRequired Actions
CDD Tier 1Account creation / before first withdrawal or payoutProfile data + automated checks; proof of address if needed
CDD Tier 2Deposit / withdrawal / payout ≥ 2,000Government ID + handwritten 6-digit code + selfie; proof of address if e-checks fail
EDD Tier 3Deposit/withdrawal ≥ 5,000 or P2P ≥ 3,000SoF/SoW evidence; enhanced screening; manual review
MonitoringAll customersRules-based monitoring; ML models; sanctions checks; case management & STR/SAR where applicable

🧩 Acceptable SoF/SoW Examples

  • Employment income (recent payslips, employer/HR letter, tax filings)
  • Business income (audited accounts, invoices, corporate registry documents)
  • Investments (brokerage statements, fund statements, evidence of asset sales)
  • Inheritance or gifts (probate records, gift deeds, bank confirmations)

🚨 Detection, Escalation, and STR/SAR

  • Staff must promptly escalate atypical, suspicious, or potentially fraudulent activity to the AML team via secure
    channels.
  • The AML team evaluates alerts, documents rationale, and files STR/SAR with the relevant FIU where legally
    required.
  • “Tipping-off” is prohibited; customers are not notified about STR/SAR submissions where law prohibits such
    disclosure.

🧰 Procedures & Playbooks

Operational playbooks translate this policy into detailed procedures, including:

  • Minimum CDD standards per user segment
  • Sanctions and watchlist screening processes
  • EDD triggers and handling workflows
  • Case escalation paths and closure conditions
  • Account restrictions, temporary holds, and termination rules
  • Communication templates for documentation requests and decisions

To deter circular flows, first withdrawals or payoutssactional activity of at
least 70% of deposited funds, where applicable and permitted by law.

🧾 Record-Keeping

  • KYC records are retained for at least 10 years after the business relationship ends.
  • Transaction records are retained for at least 10 years after execution or termination.
  • Records are stored securely with encryption at rest and in transit, and protected by strict access controls and
    logging.

🧑‍🏫 Training & Awareness

  • Mandatory AML/KYC induction for new hires in relevant roles.
  • Periodic refresher training for finance, risk, operations, product, and support staff.
  • Case-based learning on typologies such as:
    • Smurfing and structuring
    • Mule accounts
    • Synthetic identities
    • Crypto on/off-ramp risks
  • Training effectiveness monitored via KPIs, QA checks, and audit findings.

🧪 Internal Audit & Continuous Improvement

  • Internal Audit or an independent function conducts regular reviews of AML controls, data quality, and case
    handling timeliness.
  • Metrics such as false-positive ratios, case turnaround time, and post-investigation actions inform improvement
    plans.

🧱 Data Protection & Privacy 🔐

  • We collect the minimum data necessary for lawful AML/KYC and service provision; data are not sold.
  • Information may be shared only when required by law, with regulated partners under proper safeguards, or for the
    prevention/detection of financial crime.
  • We respect data subject rights under applicable privacy laws, including access, rectification, restriction, and
    objection, subject to AML/legal obligations.

🚫 Zero-Tolerance for Violations

  • Accounts linked to forged documents, stolen payment instruments, account-takeover, or unjustified flows may be
    restricted, frozen, or terminated.
  • Confirmed ML/TF or fraud is reported to competent authorities without prior notice, as permitted by law.

📫 Contact

If you have questions about this AML/KYC Policy, wish to exercise privacy rights, or need to report suspicious
activity, please reach out via the “Contact Us”0review.com or email:
[email protected].

⚠️ Compliance Notice

Use of ace90review.com constitutes acceptance of this AML/KYC Policy. Failure to provide requested
documentation or to pass verification may result in delayed withdrawals, rejected transactions, or account
restrictions. We reserve the right to update this document to reflect evolving regulations, supervisory
expectations, and best practices.

📱 دانلود اپلیکیشن 📝 ثبت‌نام سریع