⚠️Beware of fraudulent websites mimicking Bytex. Always check your address bar for bytex.io and report fake links to [email protected].
ByteX Logo
Login

AML/CTF Policy

1.0 Approval and Version Control

The Compliance Officer is responsible for the maintenance, review, and accuracy of this policy. The Compliance Officer ensures that all updates reflect current regulatory requirements, operational practices, and risk management standards. This policy is reviewed at least annually, or sooner if there are material changes in applicable laws, regulatory guidance, or ByteX Financial Ltd.'s business model.

VersionAuthorApprovalDate ApprovedDescription
1.0Ryan MuellerSayan RoyMarch 15th, 2022Initial creation of document
1.1Ben BencebiSayan RoyApril 24, 2022Minor updates
1.2Ryan MuellerSayan RoyJuly 27, 2022Expansion on PEP, Doc retention, and tools
1.3Tigran RostomyanSayan RoyAugust 15, 2022Compliance Officer Update
2.0Ryan MuellerSayan RoyFebruary 27, 2023Compliance Officer Update, tools updates
2.1Phantom ComplianceSayan RoyAugust 27, 2023Minor formatting
3.0Amanda Haverluck CAMSSayan RoyNovember 1, 2025New Compliance Officer appointment, program enhancements following FINTRAC's examination findings including revisions to record-keeping, suspicious reporting, and sanctions compliance requirements.

2.0 Document Details

2.1 Document Objective

The objective of this document is to establish and communicate ByteX Financial Ltd.'s Anti-Money Laundering and Counter-Terrorist Financing (AML/CTF) framework in accordance with the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its associated regulations in Canada, and the Bank Secrecy Act (BSA) and FinCEN regulations in the United States.

This policy defines the standards, controls, and responsibilities required to detect, prevent, and report money laundering, terrorist financing, sanctions evasion, and related financial crimes. It outlines the company's approach to:

  • Assessing and documenting inherent and residual ML/TF risks associated with its products, services, clients, delivery channels, and geographic exposure.
  • Implementing mitigation measures to reduce those risks to an acceptable level.
  • Maintaining policies, procedures, and internal controls to ensure full compliance with Canadian and U.S. regulatory expectations.
  • Ensuring that new technologies, business models, and delivery channels are evaluated for ML/TF risks before deployment.
  • Providing clear accountability for senior management oversight, compliance officer responsibilities, and periodic review of the AML/CTF program.

The goal is to maintain an effective, risk-based compliance program that protects ByteX Financial Ltd. from being used for illicit activity and ensures that all regulatory obligations under FINTRAC and FinCEN regulations are met.

2.2 Scope & Applicability

This AML/CTF Policy applies to ByteX Financial Ltd. and all its business units, employees, contractors, and agents engaged in activities that may expose the organization to money laundering, terrorist financing, or sanctions-evasion risks.

The policy covers operations conducted under ByteX Financial Ltd's registrations and licences as:

  • A Money Services Business (MSB) registered with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA); and
  • A Money Services Business registered with the Financial Crimes Enforcement Network (FinCEN) under the Bank Secrecy Act (BSA) and related U.S. regulations.

2.3 Governance & Compliance Oversight

ByteX Financial Ltd. maintains a formal governance framework to ensure effective oversight of its Anti-Money Laundering and Counter-Terrorist Financing (AML/CTF) program. Senior management and the appointed Compliance Officer share responsibility for establishing, maintaining, and monitoring a robust compliance regime that meets regulatory expectations in both Canada and the United States.

2.3.1 The Board of Directors/Senior Management and Oversight

The Board of Directors and Senior management provide strategic direction and oversight to ensure that the AML/CTF program remains effective, adequately resourced, and integrated across all business lines. Their responsibilities include:

  • Approving the AML/CTF policy, risk assessment, and related procedures prior to implementation and upon each significant revision;
  • Ensuring sufficient human, technological, and financial resources are dedicated to AML/CTF compliance;
  • Reviewing regular compliance reports outlining monitoring results, reporting statistics, and remediation activities;
  • Overseeing the prompt correction of deficiencies identified through audits, internal reviews, or regulatory examinations; and
  • Promoting a strong compliance culture that emphasizes integrity, accountability, and regulatory adherence at all levels of the organization.

2.3.2 Compliance Officer Responsibilities

The Compliance Officer, formally appointed by senior management, has full responsibility for administering and maintaining the AML/CTF program. Specific duties include:

  • Designing and updating the AML/CTF policies, procedures, and internal controls in accordance with the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA), its Regulations, and the Bank Secrecy Act (BSA);
  • Overseeing the effectiveness of client due diligence, record-keeping, and reporting processes, while delegating operational tasks to qualified compliance and operations personnel;
  • Ensuring that appropriate systems, controls, and staffing are in place to identify, assess, and mitigate ML/TF and sanctions risks across all business lines;
  • Reviewing and approving the company's enterprise-wide risk assessment, as well as any subsequent updates due to product, service, or technology changes;
  • Acting as the primary liaison with FINTRAC, FinCEN, and law enforcement or regulatory agencies;
  • Overseeing the development and delivery of AML/CTF training programs for staff, management, and contractors;
  • Receiving and reviewing reports of material compliance breaches, internal audit findings, or regulatory communications, and ensuring timely remediation; and
  • Providing regular compliance reports and updates to senior management and the Board summarizing risk exposure, regulatory changes, and program performance.

2.3.3 Compliance Staff

The Compliance Team supports the Compliance Officer in implementing and maintaining ByteX Financial Ltd.'s AML/CTF program. Compliance team members perform day-to-day operational tasks under the direction of the Compliance Officer, ensuring that the company's obligations under Canadian and U.S. law are met consistently and effectively.

2.3.4 All Staff

All ByteX Financial Ltd. employees, agents, contractors, and third-party representatives share responsibility for supporting the company's Anti-Money Laundering and Counter-Terrorist Financing (AML/CTF) program. Each employee, regardless of position or function, must understand the regulatory obligations relevant to their role and act in accordance with the company's compliance policies and procedures.

2.4 Definitions

For the purpose of this policy, comprehensive definitions apply to key AML/CTF terminology including but not limited to: Anti-Money Laundering (AML), Beneficial Ownership, Business Relationship, Counter-Terrorist Financing (CTF), Client Due Diligence (CDD), Enhanced Due Diligence (EDD), FINTRAC, FinCEN, Money Laundering, Money Services Business (MSB), Residual Risk, Sanctions Evasion, Terrorist Financing, and Virtual Asset (VA). All definitions are applied consistently throughout this policy and related procedures.

3.0 Business Model

3.1 Business Model Brief

This section provides an overview of ByteX Financial Ltd.'s, doing business as ByteX, business model, products, and operational structure to establish the foundation for its risk assessment and compliance framework. Understanding the company's services, delivery channels, and client base is essential to identifying and managing inherent and residual risks associated with money laundering, terrorist financing, and sanctions evasion.

3.1.1 Services

ByteX operates as a non-custodial digital money services provider offering virtual currency exchange, remittance, and foreign exchange (FX) services to both individuals and entities. The company facilitates the conversion and transfer of value between fiat and virtual currencies through a secure, technology-driven platform that emphasizes regulatory compliance, transparency, and client protection.

ByteX does not hold or store client assets. Its operations are conducted primarily online, supported by regulated partners and service providers as required to deliver compliant and efficient financial services across multiple jurisdictions. ByteX's operations are domiciled in Canada and the United States, serving clients who are residents or legal entities within these jurisdictions. All services are delivered in compliance with applicable federal and provincial/state regulations, including FINTRAC and FinCEN registration and oversight requirements.

ByteX does not:

  • Provide wallet, custody, or deposit services for any client virtual assets;
  • Support, exchange, or transmit privacy-enhanced or anonymizing virtual currencies such as Monero (XMR), Zcash (ZEC), or similar assets designed to conceal transaction details;
  • Issue or redeem money orders, prepaid cards, or stored-value instruments;
  • Facilitate securities, derivatives, investment, or portfolio management services; or
  • Engage in unlicensed third-party payment processing or activities outside the scope of regulated money services business functions.

3.1.2 Registrations and Licensing

ByteX operates as a regulated Money Services Business (MSB) in both Canada and the United States and maintains all required registrations, approvals, and licenses to conduct its activities in compliance with applicable laws. ByteX ensures that all regulatory registrations and licenses remain current, accurate, and valid. Any changes to the company's business model, ownership, or operational scope that may impact licensing or registration status are promptly disclosed to the relevant authorities.

  • In Canada: ByteX is registered with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and associated Regulations. The registration authorizes ByteX to provide money services activities, including Virtual Currency; Money Transmission; and Foreign Exchange under registration number M21765500.
  • In the United States: ByteX is registered as a Money Services Business (MSB) with the Financial Crimes Enforcement Network (FinCEN) under the Bank Secrecy Act (BSA) and related regulations under registration number 31000313641399 for Money Transmission and Convertible-Virtual-Currency (CVC) services.

Where required, ByteX also maintains or obtains state-level money transmission licenses or exemptions, consistent with the jurisdictions in which it conducts business.

ByteX ensures that all registrations, licenses, and renewals are completed in accordance with applicable regulatory timelines and requirements. Renewal submissions are initiated no later than 60 days before the expiry date of any existing registration or license, or earlier if prescribed by the issuing authority.

The Compliance Officer is responsible for maintaining accurate registration information, coordinating renewal processes, and ensuring all filings reflect ByteX's current legal name, ownership, and business activities. The Compliance Officer monitors all regulatory portals and correspondence to identify renewal notices, updates, or changes in requirements and promptly reports any material developments to senior management. Any change in ownership, control, business activities, or other registration details must be reported to the appropriate regulatory authority and internal stakeholders within 30 days of the change being identified.

3.2 Commitment

ByteX is committed to maintaining the highest standards of integrity and regulatory compliance in all aspects of its operations. ByteX recognizes that strong Anti-Money Laundering and Counter-Terrorist Financing (AML/CTF) controls are essential to protecting the integrity of the financial system and maintaining the trust of clients, partners, and regulators.

ByteX will comply with all applicable laws, regulations, and guidance issued by the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) and the Financial Crimes Enforcement Network (FinCEN). In particular, ByteX's AML/CTF program is developed and maintained in accordance with:

  • The Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its associated Regulations;
  • The Criminal Code of Canada, as it relates to money laundering and terrorist financing offences;
  • Canadian sanctions legislation, including the United Nations Act, the Special Economic Measures Act (SEMA), and the Justice for Victims of Corrupt Foreign Officials Act (JVCFOA);
  • The Bank Secrecy Act (BSA), USA PATRIOT Act, and other applicable U.S. federal and state laws governing Money Services Businesses (MSBs); and
  • Related regulations, guidance, and enforcement expectations issued by FinCEN, the U.S. Department of the Treasury, and the Office of Foreign Assets Control (OFAC).

All employees, officers, and contractors are expected to uphold this commitment by adhering to the company's AML/CTF policies and procedures, reporting any suspicious or non-compliant activity, and participating in regular training designed to maintain awareness of regulatory obligations and emerging risks.

3.3 Non-Compliance

ByteX maintains a zero-tolerance approach to non-compliance with Anti-Money Laundering and Counter-Terrorist Financing (AML/CTF) obligations. Compliance with all applicable laws, regulations, and internal policies is mandatory for all directors, officers, employees, contractors, and agents.

Failure to comply with this policy, related procedures, or any regulatory requirement under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA), the Bank Secrecy Act (BSA), or associated legislation may expose ByteX and its personnel to significant legal, regulatory, and reputational consequences. Non-compliance may result in:

  • Internal disciplinary action, up to and including termination of employment or contract;
  • Mandatory reporting of the breach to regulatory authorities, where required; and
  • Civil or criminal penalties imposed under applicable Canadian or U.S. law, including potential fines, Administrative Monetary Penalties (AMPs) under the PCMLTFA, or prosecution.

ByteX acknowledges that FINTRAC may impose Administrative Monetary Penalties for non-compliance which classifies violations as minor, serious, or very serious, and considers both severity and recurrence in determining the appropriate penalty.

All employees are required to promptly report suspected or actual breaches of this policy or related procedures to the Compliance Officer. Reports will be handled confidentially to the extent permitted by law and investigated in accordance with internal escalation and corrective-action procedures.

4.0 Risk Assessment Framework

ByteX maintains a comprehensive risk assessment framework designed to identify, assess, and mitigate the risks of money laundering, terrorist financing, and sanctions evasion associated with its products, services, clients, delivery channels, and geographic exposure.

5.0 Written Policies and Procedures

ByteX maintains comprehensive written policies and procedures that outline the measures, controls, and processes established to detect, prevent, and deter money laundering, terrorist financing, and sanctions evasion within its operations.

5.1 Client Due Diligence (CDD)

ByteX applies a risk-based client Due Diligence (CDD) process to identify and verify all clients, understand the purpose and intended nature of their business relationships, and monitor activity for consistency with established risk profiles.

5.1.1 Identification and Verification

ByteX verifies the identity of all clients before establishing a business relationship or conducting a transaction that triggers a verification requirement. Identification and verification are completed using reliable, independent sources and documented in accordance with applicable record-keeping standards.

5.1.2 Beneficial Ownership

ByteX identifies and verifies the beneficial ownership of all entity clients to ensure transparency regarding the natural persons who ultimately own or control the client. A beneficial owner is any natural person who, directly or indirectly, owns or controls 25% or more of the corporation, partnership, or other legal entity.

5.1.3 Third-Party Determination

ByteX determines whether any client is acting on behalf of a third party when a transaction is conducted or a business relationship is established. This requirement ensures transparency regarding the true origin and purpose of funds entering or moving through ByteX's services.

5.1.4 Ongoing Monitoring

ByteX conducts ongoing monitoring of all business relationships to ensure client information remains current and that activity is consistent with the client's known profile and risk rating. Ongoing monitoring includes scheduled reviews, trigger-based reviews, and event-driven monitoring.

5.2 Reporting Obligations

ByteX fulfills all regulatory reporting obligations in accordance with Canadian and U.S. Anti-Money Laundering and Counter-Terrorist Financing laws and associated regulations.

5.2.1 FINTRAC Reporting

ByteX files the following reports with FINTRAC as applicable:

  • Large Virtual Currency Transaction Reports (LVCTR) when receiving virtual currency equivalent to CAD 10,000 or more
  • Electronic Funds Transfer Reports (EFTR) for international electronic funds transfers of CAD 10,000 or more
  • Suspicious Transaction Reports (STRs) when reasonable grounds to suspect money laundering or terrorist financing exist
  • Listed Person or Entity Property Reports (LPEPR) when property is owned or controlled by a listed person or entity

5.2.2 FinCEN Reporting

ByteX fulfills all reporting obligations required under the Bank Secrecy Act (BSA) and associated FinCEN regulations, including Suspicious Activity Reports (SARs) and OFAC-related reporting.

5.3 Sanctions Compliance

ByteX maintains a comprehensive Sanctions Compliance framework designed to identify, prevent, and report dealings with sanctioned individuals, entities, jurisdictions, or activities. ByteX screens all clients, beneficial owners, counterparties, and transactions against applicable sanctions lists at onboarding and on an ongoing basis.

Active Ministerial Directives apply to:

  1. The Islamic Republic of Iran
  2. The Democratic People's Republic of Korea (North Korea)
  3. Russia

ByteX does not engage in any transactions, business relationships, or financial activity involving jurisdictions, institutions, or persons subject to a Ministerial Directive.

5.4 Record Keeping

ByteX maintains comprehensive records to demonstrate compliance with all applicable AML, CTF, and sanctions obligations. All AML/CTF and sanctions-related records are retained for a minimum of five (5) years from the date they are created or from the date an account is closed, whichever is later, unless a longer period is required by applicable law.

6.0 AML Training Program

ByteX maintains a structured and ongoing training program to ensure that all employees, contractors, and agents understand their responsibilities under applicable AML, CTF, and sanctions laws. The training program is designed to promote a culture of compliance, enhance risk awareness, and ensure that all staff can identify and escalate potential suspicious or prohibited activity.

7.0 Independent Review and Effectiveness Testing

ByteX conducts independent reviews of its AML/CTF compliance program to assess its effectiveness and ensure ongoing alignment with regulatory requirements, internal policies, and industry best practices. An independent review is conducted at least every two (2) years, or more frequently if required by regulatory changes, material business growth, or identified compliance concerns.

8.0 Law Enforcement and Regulatory Requests

ByteX cooperates fully with all lawful requests for information or documentation made by regulatory authorities, law enforcement agencies, or other competent bodies in accordance with applicable legislation.

The Compliance Officer is responsible for managing all law enforcement and regulatory requests on behalf of ByteX. All requests are logged in a Regulatory and Law Enforcement Request Register, which records the date received, requesting authority, type of request, scope of information provided, and the date of response.

9.0 Continuous Improvement and Program Updates

ByteX is committed to maintaining a dynamic and responsive AML/CTF program that evolves in line with regulatory developments, business growth, emerging risks, and industry best practices. The AML/CTF program is reviewed and updated regularly to ensure its continued effectiveness, accuracy, and alignment with applicable laws and regulatory expectations in both Canada and the United States.

All AML/CTF policies, procedures, and supporting documentation are reviewed at least annually, or more frequently when material changes occur to business operations, regulations, or identified risks. Updates are coordinated by the Compliance Officer and approved by Senior Management before implementation.

ByteX promotes a culture of continuous learning and compliance awareness. Lessons learned from regulatory findings, emerging typologies, and internal case reviews are integrated into future training, monitoring, and risk assessment activities.

Inquiries

For questions, inquiries, or further information regarding this AML/CTF Policy, please contact the Compliance Officer at [email protected]

This policy is confidential and for internal use by ByteX Financial Ltd., its employees, contractors, and authorized representatives only. Unauthorized reproduction, distribution, or disclosure is strictly prohibited.