AML / KYC Policy
Last updated: April 20, 2026
ZootPay is committed to preventing money laundering, terrorist financing, sanctions evasion, and other financial crime. This document summarises our Anti-Money-Laundering (AML) and Know-Your-Customer (KYC) program. It supplements, and should be read together with, our Privacy Policy and Terms of Service.
1. Program governance
- The AML program is approved by ZootPay's founder and reviewed at least annually.
- A Compliance Officer is designated to oversee day-to-day AML matters, suspicious-activity reporting, and relationships with regulators. You can reach the Compliance Officer at compliance@zootpay.net.
- All customer-facing staff and technical operators complete AML awareness training at onboarding and at least once per year.
2. Tiered Customer Due Diligence
We apply a risk-based, tiered model. Each tier has a daily and a rolling 30-day ceiling. Transactions that would cause you to cross a tier threshold are held until you complete the next tier of verification.
| Tier | Daily limit | 30-day limit | Data we collect |
|---|---|---|---|
| 0 — Phone | $500 USD equivalent | $2,500 | Verified phone number (via SMS one-time password), MonCash phone used for payment, device fingerprint, IP-based country. |
| 1 — Basic KYC | $2,500 | $15,000 | Government-issued ID (passport or national ID), live selfie for biometric match, full legal name, date of birth. Processed by Sumsub. |
| 2 — Enhanced KYC | $25,000 | $100,000 | Everything above plus proof of residential address (utility bill or bank statement less than 3 months old) and a Source-of-Funds declaration with supporting evidence. Manually reviewed by the Compliance Officer. |
| 3 — Institutional | Case by case | Case by case | For businesses or high-net-worth individuals. We require incorporation documents, beneficial-ownership information, and a dedicated onboarding call. |
Limits are denominated in US dollars at the prevailing exchange rate at the time of the transaction. The thresholds may be tightened at any time without notice in response to regulatory guidance or risk events.
3. Sanctions & PEP screening
- Every new account is screened against the OFAC SDN list, the UN Security Council Consolidated List, the EU Consolidated List, and the HM Treasury Consolidated List at signup and re-screened periodically.
- Politically Exposed Persons (PEPs) and their immediate family members must complete Tier 2 verification regardless of transaction volume and are subject to enhanced monitoring.
- If a match is identified, the account is immediately frozen pending review and we will not disclose the reason to the customer where disclosure is prohibited by law ("tipping off").
4. Transaction monitoring
We monitor transactions continuously for patterns that may indicate money laundering, terrorist financing, fraud, or sanctions evasion. Examples include:
- Structuring (multiple small transactions designed to stay below a reporting threshold)
- Rapid pass-through activity with no apparent economic purpose
- Sends to or receipts from addresses previously associated with darknet markets, ransomware, or sanctioned entities (based on on-chain analytics)
- Unusual geographic patterns — e.g. a user who has only ever transacted from Haiti suddenly logging in from a high-risk jurisdiction
- Velocity anomalies — many transactions in a short period inconsistent with the customer's stated profile
Alerts are reviewed by the Compliance Officer. Where warranted, we will request additional information, freeze the account, and/or file a Suspicious Transaction Report (STR) with the Unité Centrale de Renseignements Financiers (UCREF) of Haiti or the equivalent authority in another applicable jurisdiction.
5. Record keeping
- We retain customer-identification data and transaction records for at least 5 years after the account is closed or after the transaction, whichever is later. This is required by Haitian AML law and mirrors international standards such as the FATF Recommendations.
- Records are stored in encrypted form on managed databases in the United States (Neon).
6. Reporting
- Suspicious Transaction Reports are filed confidentially with UCREF or the equivalent foreign FIU within the statutory deadline (currently 72 hours of the Compliance Officer's determination).
- Large cash-equivalent transactions, where applicable, are reported in accordance with local threshold rules.
- We cooperate with law-enforcement requests that are properly served (subpoena, court order, MLAT request).
7. Prohibited customers & activity
The following are prohibited:
- Residents of, or entities located in, countries subject to comprehensive sanctions (see our Terms of Service).
- Anyone on applicable sanctions or watch-lists.
- Transactions involving darknet markets, child-sexual-abuse material, ransomware, human trafficking, illegal arms, or terrorist financing.
- Mixers, tumblers, or chain-hopping services whose primary purpose is to obscure the origin of funds.
- Accounts operated on behalf of an undisclosed third party.
8. On-chain analytics
We may use independent on-chain analytics providers to screen deposit and withdrawal addresses for risk indicators. Addresses flagged as high-risk (for example, linked to sanctioned protocols, theft, or darknet activity) may be rejected. We do not share user identity with these providers; only the addresses involved are analysed.
9. Your rights in an AML action
- You have the right to ask why your account has been restricted, except where we are legally prohibited from telling you (for example to avoid tipping off a subject under investigation).
- You can appeal an AML decision by emailing compliance@zootpay.net. Provide any supporting documents; we will review and respond within 30 days.
- If an STR is filed, we are prohibited by law from disclosing that fact.
10. Program review
This AML program is reviewed at least annually and updated whenever laws change, when material risk events occur, or when new products or markets are added. The current version is always available at zootpay.net/legal/aml.
11. Contact
Compliance Officer
ZootPay, Port-au-Prince, Haiti
Email: compliance@zootpay.net