This regulation is aimed at reducing the risks of the btcworm.net online platform associated with the process of laundering financial assets. The user is presented with the legal provisions and conditions from the internal policy of the site. For any questions or unclear questions, the user can contact the support service to clarify specific points and details of interest.

Cryptocurrency exchange service BTCWorm

Effective Date: October 1, 2025

The document was developed taking into account the recommendations of the Financial Action Task Force on Money Laundering (FATF) and the regulatory requirements of the jurisdictions in which the platform operates.

1. Objectives and Basic Principles

BTCWorm"s operations are based on strict adherence to measures aimed at preventing the laundering of illegally obtained funds and eliminating any transactions related to terrorist financing. This document defines internal standards that comply with international FATF requirements and the laws of the countries where the platform operates.

The implementation of these measures pursues the following goals: preventing the use of the service infrastructure for illegal activities, fulfilling obligations to regulators, strengthening user trust, and protecting BTCWorm"s business reputation as a responsible participant in the crypto market.

2. System of internal obligations

As part of the implementation of AML/CTF requirements, the service provides:

• implementation of comprehensive procedures for customer identification (Know Your Customer, KYC) and analysis of transaction activity (Know Your Transaction, KYT);
• regular assessment of the risks inherent in both individual users and the transactions carried out;
• continuous monitoring of transfers to identify signs of suspicious behavior;
• prompt blocking of funds and suspension of operations upon detection of potential threats;
• transfer of information to authorized government agencies in cases expressly provided for by law;
• storing personal and operational data for a period of at least five years;
• systematic training of employees in current requirements in the field of combating financial fraud;
• guarantee the legitimacy of all crypto assets sent to users, regardless of the type of exchange or transfer method.

Every outgoing cryptocurrency transfer is pre-screened to ensure compliance with international regulatory standards, including FATF and OFAC. Only the following are used for sending funds:

• one-time cryptographic addresses;
• wallets with a confirmed low risk level according to reputable AML analytics platforms;
• addresses belonging to licensed crypto exchange platforms.

3. Identification of users

To access transactions beyond the basic limits, each client must undergo identity verification. The service partners with verified KYC providers who provide biometric and document verification technologies. The decision to access advanced features is made based on an analysis of the data provided.

Verification stages and transaction limits

In accordance with the legal requirements of the platform"s country of registration, full use of the service requires a two-level verification process:

Level 1 — email verification. After successful verification, the daily withdrawal limit is set at 10,000 USD (or the equivalent in cryptocurrency at the current exchange rate on the platform).

Level 2 – identity and residential address verification. Upon completion of this stage, the withdrawal limit increases to 100 BTC per day (or the equivalent in US dollars).

To pass verification, the user provides the following materials:

1) Identity card (valid, with photo, full name, date of birth and unique number):

• passport of a citizen of the country of residence;
• foreign passport;
• driver"s license.

Note: documents are accepted only if they contain data in Latin transliteration.

2) Confirmation of place of residence (valid for the last 90 days):

• a certified rental agreement or bank statement;
• payment documents for utilities or electricity;
• tax return;
• other official documents indicating the address of registration or actual residence.

Note: information must be presented in Latin letters.

3) A selfie photo of the user holding a piece of paper with the name "BTCWorm" and the current date clearly written on it.

The service performs a multi-stage verification of the authenticity of provided materials, including cross-checking with external sources and applying methods prescribed by law. If there are any doubts about the authenticity of the data, cooperation may be declined.

Re-verification may be initiated at any time, particularly if abnormal activity or transactions that raise reasonable suspicions are detected, even if the verification was previously completed successfully.

Access to the platform is prohibited to users from countries included in the sanctions lists of the FATF, OFAC, the European Union, the UN, as well as the territories listed in Appendix No. 1 to this document.

Estimated application processing times: 

• standard verification: from 60 minutes to 24 hours;
• Extended Date Discovery (EDD): 24 to 72 hours.

4. Monitoring operations and transaction analysis

To ensure transaction security, BTCWorm uses a hybrid control model that combines automated analysis systems and expert assessment by specialists. Risk assessment is conducted based on the following parameters:

• the presence of direct or indirect links between the addresses of the transaction participants and sanctions lists, darknet platforms, fraudulent schemes, or sources of stolen assets;
• use of tools to conceal the origin of funds (cryptomixers, tumblers, anonymizing protocols, including Tornado Cash);
• identification of abnormal behavior patterns:

1. a series of small transfers with the aim of bypassing limits (“smurfing”);
2. operations with volumes that differ sharply from the user"s normal activity;
3. transfers to newly generated wallets without transaction history;
4. transfers initiated from jurisdictions with relaxed financial controls.

Each transaction is assigned a risk rating on a three-level scale: Low, Medium, High.

Indicative rating scale (based on external analytical systems methods): 

• Low — the total risk does not exceed 62%;
• Medium — the risk is in the range of up to 70%;
• High — the risk exceeds 70%.

Important: The figures provided reflect expert assessments by third-party providers and do not always accurately determine the legitimacy of the funding source.

Transactions classified as high risk are automatically suspended and referred to the responsible anti-money laundering officer for manual review.

Preliminary AML verification of a cryptocurrency address is available at https://www.bestchange.ru/report/ .

5. Classification of clients by risk level

Depending on the assessment results, all users are divided into three risk categories:

• Low risk – standard identification procedure (Customer Due Diligence, CDD) is applied;
• Medium risk – enhanced monitoring and periodic re-verification are established once every two years;
• High risk – an enhanced due diligence (EDD) process is initiated, including:

1. request for documentary confirmation of the source of funds (Source of Funds, SoF);
2. detailed analysis of the history of transactions for previous periods;
3. annual update of verification data.

The following are automatically considered high risk:

• persons holding politically exposed positions (PEP), as well as members of their families and close relatives;
• residents of countries included in the list of jurisdictions with weakened AML controls according to the FATF;
• clients with a total annual turnover exceeding USD 100,000 equivalent.

6. Algorithm of actions upon detection of suspicious transactions

If signs indicating possible money laundering, terrorist financing, or other illegal activity are detected, the service will immediately:

• blocks the transaction;
• restricts access to the account until an internal investigation is completed;
• generates an internal report on a suspicious transaction (Suspicious Activity Report / Suspicious Transaction Report);
• if there are sufficient grounds, transfers information to the competent authorities (including Rosfinmonitoring, FinCEN, European financial intelligence units).

A client"s refusal to provide the requested information or failure to undergo verification is considered sufficient grounds for termination of service.

Conditions for refund of funds within the framework of AML investigations: 

If a transaction is blocked, a fee of up to 5% of the transaction amount, but no more than the equivalent of USD 100, will be charged. Refunds are not possible if the assets are officially recognized as linked to criminal activity or are subject to seizure by decision of authorized government agencies.

For clients who have verified the legitimacy of their funds through KYC and SoF procedures, no additional fees are charged—deductions are limited solely to the network fees of the relevant blockchain.

7. Requirements for partner organizations

BTCWorm sets strict criteria for selecting counterparties:

• refusal to cooperate with platforms registered in jurisdictions with insufficient financial regulation;
• conducting a comprehensive check of all potential partners (crypto exchanges, payment providers, API integrators);
• mandatory requirement for valid licenses and confirmed compliance with international AML standards.

8. Personnel training and internal control system

Coordination and oversight of compliance with the requirements of this Policy are assigned to a designated AML officer. Contact information: [email protected] .

All service employees undergo mandatory training on anti-money laundering and counter-terrorism financing at least once a year.

Internal audits are conducted quarterly; when necessary, external consultants are engaged to conduct an independent assessment of the effectiveness of the control system.

9. Protection and storage of information

The service ensures secure storage of users" personal and operational data by:

• application of modern encryption methods that comply with industry security standards;
• hosting information on secure server facilities in jurisdictions that comply with the General Data Protection Regulation (GDPR) and the Markets in Cryptoassets Regulation (MiCA);
• restricting access to data exclusively to authorized employees with delimited access rights;
• ensuring the storage of information for at least five years after the termination of the relationship with the client, unless otherwise provided by current legislation.

Detailed terms and conditions for processing personal data are set out in a separate document—the Privacy Policy, which applies to the BTCWorm website and mobile app.

10. Final Provisions

This document is an integral part of the BTCWorm User Agreement. The administration reserves the right to make changes to the Policy unilaterally, with mandatory notification to users via the platform"s official website.

The use of BTCWorm services is considered as full and unconditional acceptance of the terms of this AML/CTF policy.

Appendix No. 1

List of high-risk areas (service access is limited)

Afghanistan, Iran, the Democratic People"s Republic of Korea, the Syrian Arab Republic, Yemen, Libya, Somalia, Cuba, the Republic of Crimea, the Pridnestrovian Moldavian Republic, the Bolivarian Republic of Venezuela, Myanmar (Burma), as well as all territories included in the sanctions lists of FATF, OFAC, the European Union and the United Nations at the time of the transaction.