Bistrapay will analyze the information we obtain to determine if it is sufficient to form a reasonable belief that we know the true identity of the customer (e.g., whether the information is logical or contains inconsistencies).

We will verify customer identity through documentary means, non-documentary means, or both.

We will use documents to verify customer identity when appropriate documents are available.

Given the increased instances of identity fraud, we will supplement the use of documentary evidence by using non-documentary means whenever necessary.

We may also use non-documentary means if we are still uncertain about whether we know the true identity of the customer.

In verifying the information, we will consider the customer's name, street address, zip code, telephone number (if provided), date of birth, and Social Security number(where applicable) to determine if we have a reasonable belief that we know the true identity of the customer (e.g., whether the information is logical or contains inconsistencies)."

If we cannot form a reasonable belief that we know the true identity of a customer, we will do the following:

• Not verify a customer's account or close an existing customer account
• Impose terms under which a customer may conduct transactions while we attempt to verify their identity
• Close an account after attempts to verify a customer's identity fail
• Determine whether it is necessary to file a complaint in accordance with applicable laws and regulations
• We may conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, maintain and update customer information, including information regarding the beneficial ownership of legal entity customers. We will use the customer risk profile as a baseline against which customer activity is assessed for suspicious transaction reporting.

We will document our verification process, including all identifying information provided by a customer, the methods used and results of verification, and the resolution of any discrepancies identified.

We will keep records containing a description of any document that we relied on to verify a customer's identity, noting the type of document, any identification number contained in the document, the place of issuance, and if applicable, the date of issuance and expiration date.

For non-documentary verification, we will retain documents that describe the methods and results of any measures taken to verify the customer's identity.

We will retain records of all identifying information for five years after the account has been closed, and records made about verification of the customer's identity for five years after the record is made.

We will also keep records containing a description of the resolution of each substantive discrepancy discovered when verifying the identifying information obtained. We will retain records of all identification information for five years after the account has been closed, and records made about verification of the customer's identity for five years after the record is made.

We will monitor account activity for unusual size, volume, pattern, or type of transactions, taking into account risk factors and red flags that are appropriate for our business.

Monitoring will be conducted through automated systems.

The Bistrapay AML Compliance officer or their designee will be responsible for this monitoring. We will review any activity that our monitoring system detects, determine if any additional steps are required, document when and how this monitoring is carried out, and report suspicious activities to the appropriate authorities.