AML / CTF Policy Summary

1. Introduction and Purpose

NovoBill Ltd. ("NovoBill" or "the Company") is committed to deterring and combating money laundering, terrorist financing, sanctions violations, and related financial crime in its operations and in the wider financial system. NovoBill maintains a comprehensive Anti-Money Laundering and Counter-Terrorist Financing program (the "AML/CTF Program") aligned with applicable Canadian law, FATF recommendations, and partner-bank and EMI/PSP requirements.

This page is a public-facing summary. It is not the full policy document. The complete policy suite, risk assessment, and supporting procedures are confidential and available only to regulators, audit partners, and counterparties under appropriate confidentiality arrangements.

2. Regulatory Framework

NovoBill operates under the following primary regulatory framework:

• Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) — Canada's principal AML/CTF legislation, and the regulations enacted under it.
• Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) — Canada's financial intelligence unit and AML/CTF regulator. NovoBill is registered with FINTRAC as a Money Services Business (MSB), registration number C10001558.
• Retail Payment Activities Act (RPAA) — NovoBill is a Bank of Canada-registered Payment Service Provider, Entity ID RPS0014803, subject to operational risk, safeguarding, and incident reporting obligations.
• Sanctions legislation — including the United Nations Act, the Special Economic Measures Act (Canada), the Justice for Victims of Corrupt Foreign Officials Act, and equivalent regimes administered by OSFI and Global Affairs Canada. NovoBill also screens against OFAC, UN Security Council, and EU sanctions lists.
• Provincial legislation — where applicable to NovoBill's activities and operations.

NovoBill also references and adopts where applicable the recommendations of the Financial Action Task Force (FATF), including Recommendation 16 (the "Travel Rule") for transmission of originator and beneficiary information across financial institutions.

3. Definitions

Money laundering is the process of disguising the proceeds of illegal activity as legitimate funds, typically through three stages: placement (introducing illegal proceeds into the financial system), layering (moving funds through complex transactions to obscure origin), and integration (reintroducing "cleaned" funds into the economy).

Terrorist financing is the provision of financial support or resources to terrorist organizations or individuals, irrespective of source, to facilitate or carry out acts of terrorism.

Both are serious criminal offences under Canadian and international law.

4. Compliance Program

NovoBill's compliance program is established and maintained in accordance with PCMLTFA section requirements for reporting entities. It comprises:

• An appointed Compliance Officer (acting as Money Laundering Reporting Officer or MLRO) responsible for implementing, overseeing, and continually improving the AML/CTF Program.
• Written compliance policies and procedures, approved by the Company's senior officer and kept up to date.
• A documented business-wide risk assessment that identifies, assesses, and mitigates money laundering and terrorist financing risk.
• An ongoing compliance training program for all staff, agents, mandataries, and other authorized persons.
• A documented training plan with delivery, attestation, and assessment.
• An independent review of the compliance program every two years (at minimum) to test its effectiveness, with documented findings and remediation.

5. Designated Compliance Officer

NovoBill has appointed a designated Compliance Officer who oversees day-to-day AML/CTF activities, reports to the executive team independently of operational and commercial functions, and is the registered point of contact with FINTRAC. The Compliance Officer is supported by external regulatory advisors who provide ongoing program review and design support.

Responsibilities of the Compliance Officer include:

• Implementing and maintaining the AML/CTF Program and associated policies.
• Overseeing customer due diligence, ongoing monitoring, and enhanced due diligence where required.
• Conducting and updating the business-wide risk assessment.
• Filing required reports with FINTRAC (suspicious transaction, large cash, large virtual currency, terrorist property, and electronic funds transfer reports as applicable).
• Coordinating periodic independent reviews of the program.
• Responding to lawful requests from regulators, law enforcement, and partner financial institutions.
• Delivering and documenting AML/CTF training to all staff.

6. Risk-Based Approach

NovoBill applies a documented risk-based approach to its AML/CTF Program. The intensity of customer due diligence, ongoing monitoring, and controls applied to a particular relationship or transaction reflects the level of money laundering and terrorist financing risk presented.

Risk is assessed across the following categories:

• Client and industry risk — the nature of the customer's business, sector, ownership, and reputation.
• Jurisdiction risk — the countries in which the customer is established, operates, and transacts.
• Transaction risk — the size, frequency, complexity, and pattern of transactions.
• Payment instrument risk — the rails and methods used (bank, EMI/PSP, virtual currency, etc.).
• Operational risk — delivery channel, onboarding flow, and product configuration.

Customers are assigned a risk rating reviewed periodically. Higher-risk relationships are subject to enhanced due diligence and more frequent review. Where risk cannot be sufficiently mitigated, NovoBill may decline or terminate the relationship.

7. Customer Due Diligence (KYB / KYC)

NovoBill conducts customer due diligence ("CDD") on all clients before establishing a business relationship and on an ongoing basis throughout the relationship. CDD includes, as applicable:

• Identity verification of the legal entity (KYB) and its directors, officers, and beneficial owners (KYC), using government-issued identification and authoritative registry data.
• Beneficial ownership identification — establishing natural persons who ultimately own or control 25% or more of the entity (or lower thresholds where required).
• Verification of business purpose, nature, and intended activity, including expected transaction profile, corridors, and counterparties.
• Source of funds and source of wealth documentation where required by risk profile.
• Sanctions and politically-exposed-person (PEP) screening at onboarding and on an ongoing basis.
• Adverse-media screening for relevant individuals and entities.
• Enhanced due diligence (EDD) for higher-risk customers, jurisdictions, or activities.

Where required information cannot be obtained, NovoBill will not onboard or will terminate the relationship in accordance with regulatory and partner-bank requirements.

8. Ongoing Monitoring

NovoBill conducts ongoing monitoring of customer activity and transactions to detect unusual or suspicious patterns. Monitoring includes both automated rules and human review. Triggers and thresholds are confidential and are calibrated to risk.

Customer files are subject to periodic review based on the assigned risk rating, with higher-risk customers reviewed more frequently. Material changes in customer profile, ownership, or activity prompt re-assessment outside the standard review cycle.

9. Sanctions Screening

NovoBill screens all clients, beneficial owners, related parties, and counterparties against applicable sanctions lists at onboarding and on an ongoing basis. The Company will not establish or maintain a relationship, and will not execute a transaction, where to do so would violate applicable sanctions law. Sanctions matches and possible matches are escalated to the Compliance Officer for review and, where appropriate, reporting and freezing of property in accordance with applicable law.

10. Travel Rule

NovoBill complies with applicable Travel Rule requirements (FINTRAC and equivalents in other jurisdictions). Originator and beneficiary information is collected, transmitted, and retained for qualifying transactions in accordance with regulation. NovoBill applies the Travel Rule to applicable virtual currency transfers in coordination with its registered crypto on/off-ramp partners.

11. Reporting to FINTRAC

NovoBill files the following reports with FINTRAC where the applicable thresholds and conditions are met:

• Suspicious Transaction Reports (STR) — when there are reasonable grounds to suspect a transaction or attempted transaction is related to the commission or attempted commission of a money laundering or terrorist financing offence.
• Large Cash Transaction Reports (LCTR) — where applicable to NovoBill's activities.
• Large Virtual Currency Transaction Reports (LVCTR) — for qualifying virtual currency transactions.
• Electronic Funds Transfer Reports (EFTR) — for qualifying international electronic funds transfers.
• Terrorist Property Reports (TPR) — when property is suspected of being owned or controlled by a listed terrorist person or entity.

Reporting obligations are mandatory and cannot be waived by agreement. Tipping-off — disclosing that a report has been or will be made — is a criminal offence and is strictly prohibited.

12. Record Keeping

NovoBill maintains records as required by the PCMLTFA and its regulations, including but not limited to:

• Customer identification and verification records.
• Beneficial ownership documentation.
• Transaction records, including originator and beneficiary details.
• Risk assessments and risk rating histories.
• Compliance monitoring outputs, escalations, and case dispositions.
• Records of reports filed with FINTRAC and supporting materials.
• Training records and attestations.

Records are retained for the periods required by applicable law (typically a minimum of five years from the relevant date) and are stored with appropriate access controls and protection.

13. Country and Industry Acceptance

NovoBill maintains a documented Country Acceptance Policy and an industry/sector acceptance framework that govern which jurisdictions, customer types, and activities the Company will service. The framework reflects sanctions, FATF high-risk and other monitored jurisdictions, the risk appetite of NovoBill and its partner banks and EMI/PSPs, and applicable regulatory restrictions.

NovoBill does not provide services in connection with prohibited or sanctioned jurisdictions, prohibited industries, or any activity that would be unlawful under applicable law. Higher-risk verticals are accepted only on a case-by-case basis with documented enhanced due diligence and ongoing controls.

14. Training

NovoBill maintains an ongoing AML/CTF training program covering all staff, agents, mandataries, and other authorized persons. Initial training is provided promptly after hiring, with refresher training delivered at least annually and additional ad-hoc materials as the risk environment evolves. Training content includes the Company's AML/CTF policies, applicable legal obligations, typologies of money laundering and terrorist financing, sanctions, and the Company's reporting and escalation procedures. Training completion is documented and attested.

15. Independent Review

NovoBill subjects its AML/CTF Program to an independent effectiveness review at least every two years, in accordance with PCMLTFA requirements. The review assesses internal controls, transaction processing systems, policies, procedures, training, and outcomes. Findings are documented, remediation is tracked to closure, and review reports are retained as required by law.

16. Cooperation with Authorities

NovoBill cooperates with FINTRAC, the Bank of Canada, OSFI, law enforcement, and other competent authorities in accordance with applicable law. The Company responds to lawful production orders, search warrants, and similar legal process, and supports examinations and audits by its regulators.

17. Whistleblowing and Reporting Concerns

NovoBill supports and protects, to the extent permitted by law, individuals who report suspected money laundering, terrorist financing, sanctions violations, fraud, or other compliance concerns in good faith. Concerns may be reported to the Compliance Officer at the contact below.

18. Updates to This Policy

This summary may be updated to reflect changes in applicable law, regulatory guidance, or NovoBill's program. The latest version is always available on this page. The full internal policy is reviewed and updated at least annually and following any material change to the Company's risk profile, products, geographies, or regulatory environment.

19. Contact

For AML/CTF questions, regulatory due diligence requests, or to report a compliance concern, please contact the NovoBill Compliance Officer:

Novobill Ltd — Compliance Officer
807 – 130 Spadina Avenue
Toronto, Ontario, Canada, M5V 2L4
Email: legal@novobill.net

For partner banks, EMI/PSP underwriters, or enterprise customers conducting due diligence, the full AML/CTF policy suite (including the AML/CTF Risk Assessment, Client Due Diligence Manual, Country Acceptance Policy, Document Retention Policy, Anti-Bribery Policy, Anti-Fraud Policy, Sanctions Policy, and RPAA Compliance Manual) is available under appropriate confidentiality arrangements. Email legal@novobill.net with a description of your due-diligence requirements.