PREVENTION MANUAL FOR ANTI LAUNDRY MONEY DISRUPTIVE EXCHANGE S. DE R.L. BY C.V.

This manual is designed to provide Disruptive Exchange S. de R.L. of C.V. (Disruptive Exchange), a leading company in the commercial commission for the purchase and sale of Cryptoactives, a clear and concise guide for the prevention and identification of operations with resources of illicit origin.

I. Background

In the world of Cryptoassets, transparency and integrity are essential. As such, Disruptive Exchange has a responsibility to prevent illegal activities such as money laundering and terrorist financing, while ensuring the integrity of its business operations.

II. Objective of the Manual

This manual seeks to provide Disruptive Exchange with the necessary tools to identify and prevent operations with resources of illicit origin.

On the other hand, this manual will seek to help comply with the legal obligations that we as a company have in Anti-Money Laundering prevention.

Manual Structure

The manual is structured into several chapters, each one dedicated to a specific area of prevention. Each chapter provides an overview of the topic, followed by detailed guidelines on how to implement effective preventative measures and regulatory compliance.

This manual is an extension of our compliance manual and seeks to be a valuable tool for Disruptive Exchange in its fight against money laundering and terrorist financing in the commercial sector in which we operate.

Prevention begins with awareness.

Definiciones

Archive

Set of data and documents that are preserved or stored in printed format or in electronic, optical or any other technology, which will remain complete and unaltered from the moment it was generated for the first time and is accessible for subsequent consultation, with the purpose of integrating, preserving and demonstrating the Operations of Disruptive Exchange.

Beneficiary

The person designated by the Disruptive Exchange Client, so that, in the event of the death of said Client, such person can exercise the rights derived from the account, contract or Order before Disruptive Exchange.

Customer

The natural or legal person who, directly or indirectly, contracts or places any Order with Disruptive Exchange.

Board of directors

The Disruptive Exchange body, in charge of supervision and decision making, composed of independent directors and/or executives, whose role is to provide strategic guidance and supervise the management of the company.

Control

The ability to impose, directly or indirectly, decisions in general meetings of shareholders, partners or equivalent bodies, or to appoint or dismiss the majority of the directors, administrators or their equivalents of a legal entity; or maintaining ownership of rights that allow, directly or indirectly, the exercise of voting with respect to more than fifty percent of the company's share capital, or directing, directly or indirectly, the administration, strategy or main policies of the company. society. Likewise, Control will be understood to be exercised by any natural person who, directly or indirectly, acquires 25% or more of the shareholding composition or share capital of a legal entity.

Criptoactivos

The representation of value recorded electronically and used among the public as a means of payment for all types of legal acts, the transfer of which can only be carried out through electronic means. In no case will Crypto Assets be understood as legal tender in the national territory of Disruptive Exchange, nor foreign currencies. These are a mechanism for the storage and exchange of information, which does not represent the possession of any underlying asset at par and which is univocally identifiable, even fractionally, stored electronically; Therefore, they are not legal tender or foreign currencies; that they do not have the power to release payment obligations nor are they regulated by the Mexican financial authorities; nor are they shares, shares, debentures, bonds, warrants, certificates, promissory notes, bills of exchange and other titles of credit, nominated or unnamed, that are issued serially or en masse and represent the share capital of a legal entity or a part of this, an aliquot part of an asset or the participation in a collective credit or any individual credit right, under the terms of the applicable national or foreign laws; nor securities, contracts or any other legal act whose valuation refers to one or more underlying assets, securities, rates or indices. By virtue of this, since Disruptive Exchange only offers the commission service for the purchase and sale of Cryptoactives, it is not considered by national laws as a financial institution or technological financial institution.

Exchange or Provider

Digital platforms for the exchange of Cryptoassets, outside of Disruptive Exchange, which are suppliers of Disruptive Exchange and operate from abroad.

Corporate governance

It is the set of principles, standards and practices that regulate the management and direction of Disruptive Exchange. Its main objective is to establish an internal and external control framework that promotes transparency, responsibility, ethics and efficiency in decision making within the organization.

Platform

Set of Disruptive Exchange web pages, visible through the electronic address https:/ disruptivex.mx/, its subdomains, mobile application services, clients, APIs or any electronic form of communication developed and authorized by Disruptive Exchange.

Identification and prevention of money laundering in commercial transactions with Cryptoactives

What is money laundering?

Money laundering is an illegal process used to make large amounts of money generated by criminal activities, such as drug trafficking or terrorist financing, appear to have come from a legitimate source. Money from criminal activity is considered “dirty,” and the process “launders” the money to make it appear “clean”.

This process generally follows three stages:

Placement: Injects “dirty money” into the legitimate financial system surreptitiously.

Layer: Hides the origin of money through a series of transactions and accounting tricks.

Integration: In this final step, the money already laundered is removed from the legitimate account to be used for whatever purposes the criminals have in mind.

It is important to highlight that companies like Disruptive Exchange must implement anti money laundering (AML) policies to detect and prevent this activity and thus cooperate with the authorities.

How do we detect possible acts of money laundering?

Detecting money laundering can be challenging due to the sophistication of the techniques used by criminals. However, there are several red flags that may indicate the possibility of money laundering:

Unusual activity: If a customer makes transactions that are inconsistent with their usual patterns, this may be a red flag.

Large cash deposits: Large and frequent cash deposits can be indicative of money laundering, especially if the customer cannot justify where the funds are coming from.

Evasion or defensiveness: If a customer is evasive or defensive when asked about details of their transactions, this may be suspicious.

Discrepancies in the information provided: If the information provided by a client is inconsistent or inaccurate, this can be a red flag.

Large investments by third parties: If third parties are investing large sums of money without a clear explanation, this may be suspicious.

Suspicious recurring transactions: If sums of money move in and out of a customer's account at a rapid pace, this may be indicative of “smurfing,” a money laundering technique that involves dispersing illegal funds. Additionally, we must implement know-your-customer (KYC) and “blacklist” verification techniques, as will be specified in this manual, to assist in the effort to prevent these activities.

It is important to remember that these are only red flags and not definitive evidence of money laundering. Any suspicious activity must be reported to the competent authorities for investigation.

Financial Intelligence Unit

The Financial Intelligence Unit, also known by its acronym UIF or FIU, is a national entity that, as a supervisory authority, centrally receives reports on suspicious operations of money laundering and financing of terrorism provided by institutions. financial companies or any other entity such as Disruptive Exchange that participates in activities considered vulnerable by Law.

The FIU processes, analyzes and converts this information into intelligence, in order to transmit it to the competent authorities in order to combat and prevent illegal activities.

In the specific case of Mexico, the Financial Intelligence Unit (UIF) is an Administrative Unit of the Ministry of Finance and Public Credit in charge of receiving, analyzing and disseminating information related to the prevention, detection and combating crimes of operations with resources of illicit origin (commonly known as money laundering) and financing of terrorism.

Regulatory framework

The Federal Law for the Prevention and Identification of Operations with Resources of Illicit Origin, also known as the Money Laundering Law, was enacted in Mexico with the objective of protecting the financial system and the national economy. This law establishes measures and procedures to prevent and detect acts or operations that involve resources of illicit origin.

The law is applicable throughout Mexican territory and is of public order and interest. Its objective is to collect useful elements to investigate and prosecute the crimes of operations with resources of illicit origin, crimes related to the latter, the financial structures of criminal organizations and prevent the use of resources for their financing.

The law defines “Vulnerable Activities” as the activities carried out by Financial Entities in terms of article 14 and to which article 17 of this law refers. It also establishes the “Notices”, which are those that must be presented in terms of article 17 of said Law.

In addition, the law introduces the concept of “Controlling Beneficiary”, which refers to the person or group of people who obtain the benefit derived from the acts and is the one who, ultimately, exercises the rights of use, enjoyment, exploitation. or provision of a good or service.

In short, this law is a crucial legal instrument in the fight against money laundering and other financial crimes in Mexico. It provides a framework for the identification and prevention of suspicious operations, helping to protect the integrity of the Mexican financial system.

Sanctions for failing to comply with the regulatory framework

At Disruptive Exchange we comply with the Law, not by avoiding sanctions, but by the conviction of legality as one of our fundamental principles; However, it is necessary to have a general overview of the legal risks involved in failing to comply with this legislative mandate.

The penalties for violating the Federal Law for the Prevention and Identification of Operations with Resources of Illicit Origin can be severe. Here we mention some of the possible sanctions:

• Failure to Identify clients or users adequately in accordance with the Law and General Provisions.
• Failure to submit notices in a timely manner.
• Notice submitted with incorrect or incomplete data.
• Notice presented out of time.
• Not keeping the Administrative file of the Client and/or User (client and/or user documentation).
• Failure to attend verification visits and for not meeting the authority's requirements.
• Stop enforcing restrictions on the use of cash and precious metals.

The authority may impose for each of these infractions, a penalty consisting of a minimum fine of two hundred days of the current minimum wage and a maximum of sixty-five thousand days of the current minimum wage (an amount ranging from $16,898.00 to $5,491,850.00 M.N.), per each breach and/or notice not presented to the authority in a timely manner, or, said information is incomplete or incorrect.

It is important to highlight that failure to comply with obligations could lead to the imposition of various fines by the authority, in addition to revoking, ceasing or canceling permits, patents and/or authorizations, which could at some point become a unsustainable burden for obligated subjects. Therefore, it is necessary to have a correct application of the Legislation on the Prevention of Money Laundering.

What are we obligated to do according to our business model?

The corporate purpose of Disruptive Exchange is the habitual and professional performance, as a commission agent, intermediary, importer and/or exporter in the purchase and sale of Cryptoactives with national and/or foreign suppliers; as well as provide related services; develop, implement, publish and maintain an electronic platform and mobile application to provide our commercial service; and the purchase, sale and maintenance of technological products, software and/or technologies based on blockchain.

Based on this and, in accordance with the Anti-Laundering Law, we have detected that our main activity is substantially considered a vulnerable activity:

This, because the Article 17 of the Federal Law for the Prevention and Identification of Operations with Resources of Illicit Origin of Mexico establishes the activities that are considered vulnerable and, therefore, subject to identification.

In terms of virtual assets (section XVI), the people who carry out the Vulnerable Activity as providers of services related to virtual assets and different from financial entities, such as Disruptive Exchange; We are obliged to inform the Ministry of Finance and Public Credit, when the amount of the purchase or sale operation carried out by each client on a semiannual basis is for an amount equal to or greater than the equivalent of 645 Measurement and Update Units.

The amount of the Unit of Measurement and Update varies every year andIt is published in the Official Gazette of the Federation on February 1.

The current amount of the Unit of Measurement and Update is $103.74, so We are required to report each time the same client exceeds semiannual operations above the threshold of $66,912.30.

This notice must be sent to the authority no later than the 17th day of the month immediately following the month in which the operation that gave rise to it and that is the subject of the Notice was carried out.

It should be noted that when the Bank of Mexico recognizes virtual assets, the people who provide virtual assets must obtain the corresponding authorizations within the deadlines indicated by said Bank of Mexico in the respective provisions.

In this regard, Circular 4/2019 of the Bank of Mexico (Banxico) refers to the general provisions applicable to Credit Institutions and Financial Technology Institutions in the operations they carry out with virtual assets; However, our company is not subject to this regulation because it is not a financial or financial technology institution.

The above is so becauseDisruptive Exchange is limited to offering the commercial commission service for the purchase and/or sale of Cryptoactives on behalf and on behalf of our clients; therefore Disruptive Exchange is in no way a facilitator of any type of business, nor is it a financial or fintech institution; Disruptive Exchange is NOT a portfolio provider, stock exchange, broker, distributor, investment advisor, investment company or company, bank, exchange house, credit institution, creditor, savings institution or company, chamber, confederation, insurer , surety company, fund administrator of any kind, remittance sending company, stock exchange institution, credit auxiliary, savings bank, financial or savings cooperative, financial group, electronic payment fund institution or collective financing institution.

Disruptive Exchange, plays no role in the facilitation, conduct, execution or consummation of any transaction in securities, commodity futures, securities, fiat currencies or foreign currencies.

In no case can our Platform be used to market securities, shares, corporate shares, obligations, bonds, warrants, certificates, promissory notes, bills of exchange and other credit titles, nominated or unnamed, registered or not in the Public Registry, capable of circulating in the securities markets that are issued serially or en masse and represent the share capital of a legal entity, an aliquot part of an asset or participation in a collective credit or any individual credit right, in the terms of applicable national or foreign laws; nor securities, commodities, commodity futures, securities, fiat currencies or foreign currencies.

Nor can our Platform be used to maintain the legal tender currencies or foreign currencies of our clients, nor to exchange them.

Additionally, customers may not use our Services to pay and/or obtain payments for products or services from third parties, collect and/or send money or securities; obtain and/or promote insurance, make investments, obtain and/or grant credit, or send and/ or receive remittances.

Disruptive Exchange, prior to starting its operations, has informed the following authorities what its corporate purpose will be and has requested reports from the Ministry of Finance and Public Credit, the National Banking and Securities Commission, the Bank of Mexico and the National Commission for the Protection and Defense of Users of Financial Services to find out if you are obliged to obtain regulation; In the reports issued by the transparency units of these agencies that Disruptive Exchange has in its possession, none of them have established that the company requires a special license or regulation.

Furthermore, publicly the Bank of Mexico has said that:

“It is important to highlight that, although ITFs or ICs are not authorized to offer operations with virtual assets to the general public, this does not imply that companies other than these cannot offer services related to virtual assets. Such is the case of virtual asset exchange houses that offer the service of buying and selling virtual assets to the public, which, as long as they do not carry out fundraising activities or guard resources in national currency or foreign currencies of their clients, could continue offering its services.”

Which is visible on the official website: https:/www.banxico.org.mx/sistemas-de-pago/6--acciones-regulatorias-po.html

Therefore, by not capturing or custody resources in national currency or foreign currencies of our clients, nor being a credit institution or technological financial institution; We do not have any legal impediment to operate in our business model.

Registered as vulnerable activity

Before Disruptive Exchange begins any operation with its clients in accordance with its corporate purpose as a commission agent in the purchase and sale of Cryptoassets, it must register as a vulnerable activity on the Anti-Money Laundering Site, in accordance with the following steps:

• Physically deliver to the Tax Administration Service the following documentation:
  • Certified copy of the Disruptive Exchange articles of incorporation.
  • Original proof of address.
  • List with information on the natural and legal partners, including:
    • Full name or company name.
    • Nationality.
    • Home.
    • CURP, if you are required to have it.
    • RFC, if you are required to have it.
  • Commercial name and electronic pages through which the Vulnerable Activity is carried out.
  • Identification data of the legal representative:
    • Full name without abbreviations.
    • CURP.
    • RFC.
    • Telephone number, consisting of 10 digits and, if applicable, extension.
    • Email.
    • Attach a simple copy of the documents that prove said information.
• The SAT will inform Disruptive Exchange in writing that it has received the information in its entirety, so that it can proceed with its registration and registration.
• The information must be updated within six business days, by physical delivery, when it is modified.
• Enter the Anti-Money Laundering Portal, in order to send, under oath, the information for registration and registration as a Vulnerable Activity, signing with the Disruptive Exchange eSignature:
  • Company Identity Data:
    • Denomination or social reason;
    • Constitution date;
    • Country of nationality;
    • OC contact information:
      • Telephone numbers where you can be reached, including your long distance code and, if applicable, extension;
      • Paternal surname, maternal surname and first name(s), without abbreviations,
      • Email designated to receive reports, requests, communications or alerts,
      • Mobile phone numbers.
  • Data related to the Vulnerable Activity, consisting of:
    • The Vulnerable Activity you intend to carry out.
    • The date on which it is intended to carry out any Vulnerable Activity for the first time;
    • Data from the registration, authorization, patent, certificate or any other type of document issued by a competent authority.
  • Address details in national territory, where the Vulnerable Activity is carried out:
    • Name of the street, avenue or road in question, duly specified; exterior and, where applicable, interior number; colony or urbanization; corresponding territorial demarcation, municipality or similar political demarcation, if applicable; city or town, federal entity, state, province, department or similar political demarcation that corresponds, if applicable, and postal code;
  • OC data:
    • APaternal surname, maternal surname and first name(s), without abbreviations, or full name and surname(s);
    • Birthdate;
    • Key to the Federal Taxpayer Registry;
    • Only population registry key ;
    • Country of nationality;
    • Date from which you accept the designation;
    • Contact information:
      • Telephone numbers where you can be reached, including your long distance code;
      • Designated email to receive reports, communications or alerts.
    • Others that are required by the format.

Once the information and documentation has been sent, the SAT will issue the electronic acknowledgment of registration and respective registration with a digital seal and will grant access to the electronic media within the Anti-Money Laundering Portal, through which we will send the corresponding Notices and receive the notifications, reports. or communications.

Identification of our clients (KYC)

In terms of article 18 of the Anti-Laundering Law, we are obliged to identify our clients and users (KYC) and verify their identity based on credentials or official documentation, as well as obtain a copy of their documentation.

When establishing business with our customers, we must request information about the customer's activity or occupation. This information will be based in part on the notices that the client has submitted to the SAT for the Federal Taxpayer Registry, when applicable.

On the other hand, we must ask the client for information about whether they are aware of the existence of the beneficial owner and, if applicable, request official documentation that allows them to be identified, if this is in their possession; Otherwise, it will declare that it does not have it.

Also, we are obliged to guard, protect, safeguard and prevent the destruction or concealment (for five years physically or electronically) of the information and documentation that supports the activity, as well as that which identifies our clients.

In addition, we must provide the necessary facilities to the authorities to carry out verification visits.

We are obliged not to provide service to clients who refuse to identify themselves and this in no way can generate any liability against us, by mandate of Law.

Customer identification policy

Disruptive Exchange will integrate and maintain an electronic identification file for each of its Clients, before they can place an order to purchase and/or sell Cryptoactives, so we will implement a form on the Platform, in order to collect the data and identification documents necessary to provide our services, in accordance with the PROCEDURE TO AVOID MISUSE OF THE PLATFORM.

We must classify our Clients into the following types:

• Mexican Physical Person, temporary resident or permanent resident;
• Mexican Legal Persons;
• Foreign Natural Person;
• Foreign Moral Person;
• Real Owners;
• Beneficiaries;

Under no circumstances will we register or establish commercial relationships with public legal entities, embassies, consulates, international organizations, financial institutions, financial technological institutions, or trusts; incorporated in Mexico. In the case of institutions abroad, they will be submitted to the Compliance Officer to examine whether there are any regulatory restrictions in this regard in their country of origin.

When you start filling out a KYC form, you will be registered in our database:

• A unique internal identification number for each Customer.
• Date and time when the KYC is completed.
• Geolocation of the Client who fills out the KYC.
• Statement UNDER PROTEST OF TELLING THE TRUTH by the Client that the information and documents they will provide are reliable.
• The Client must specify if they are aware of a Beneficial Owner; That is, who exercises the rights of use, enjoyment, exploitation or provision of our service.
• The client must specify if it is:
  • Mexican Physical Person, temporary resident or permanent resident;
  • Mexican Moral Persons;
  • Foreign Natural Person;
  • Foreign Moral Person;

Once the Client specifies the type of person they are, we will proceed to collect the following data and documents:

Mexican Physical Person, temporary resident or permanent resident:

• Data:
  • Paternal surname, maternal surname and first name(s), without abbreviations or, in the case of a foreigner, the corresponding full surname(s) and first name(s);
  • Birthdate;
  • Country of birth;
  • Country of nationality;
  • Activity, occupation, profession, activity or line of business to which the Client or User is dedicated;
  • Address in the place of residence, composed of the following data: name of the street, avenue or road in question, duly specified; exterior and, where applicable, interior number; colony or urbanization; corresponding territorial demarcation, municipality or similar political demarcation, if applicable; city or town, federal entity, state, province, department or similar political demarcation that corresponds, if applicable; zip code and country;
  • Telephone number(s) where you can be reached, including the long distance code and, where applicable, extension, when they have it;
  • Email;
  • Unique Population Registry Key and the Federal Taxpayer Registry key, when available, and
  • Identification data with which you identified yourself, consisting of: name of the identification, authority that issues it, and its number.
• In the case of people who have their place of residence abroad and at the same time have a domicile in national territory where they can receive correspondence addressed to them, the data relating to said domicile must be entered in the file, (with the same elements as those contemplated. in paragraph vi).
• Documents:
  • Identification, which must be, in any case, an official original document issued by a competent authority, valid or whose expiration date, at the time of its presentation, is not more than two years, containing the photograph, signature and, in its case, address of the Client or User himself.

  Valid identification documents will be considered to be the voting credential issued by the National Electoral Institute, as well as any valid identification or one whose expiration date, at the time of its presentation, is not more than two years with a photograph and signature, issued by authorities. federal, state or municipal Mexican authorities.

  Regarding natural persons of foreign nationality, valid identification documents will be considered, in addition to those previously referred to in this paragraph, the passport or the documentation issued by the National Migration Institute that certifies their condition of stay in the country;

  • Proof of the Unique Population Registration Code, issued by the Ministry of the Interior or Tax Identification Card issued by the SAT, when the Client or User has them;
  • Proof that proves the address, when the address stated by the Client or User of the person carrying out the Vulnerable Activity does not match that of the identification or it does not contain it.

  In this case, it will be necessary for whoever carries out the Vulnerable Activity to collect and integrate into the respective file a copy of a document that proves the address of the Client or User, which may be a payment receipt for direct-debit services or bank account statements, all of them with not older than three months from its date of issue, or the lease contract in force on the date of presentation by the Client or User and registered with the competent tax authority, the Proof of registration in the Federal Taxpayer Registry

• In the event that the natural person states that they are aware of the existence of the Beneficial Owner, we will collect the same data and documents from the Beneficial Owner in the event that the Client or User has such information, and Power of Attorney or certified copy of the document issued. by notary public, as appropriate, in the case in which the natural person acts as an attorney-in-fact for another person.

Mexican moral people

• Data:
  • Denomination or social reason;
  • Constitution date;
  • Country of nationality;
  • Activity, business line, activity or corporate purpose;
  • Address, composed of the following elements: name of the street, avenue or road in question, duly specified; exterior and, where applicable, interior number; colony or urbanization; corresponding territorial demarcation, municipality or similar political demarcation, if applicable; city or town, federal entity, state, province, department or similar political demarcation that corresponds, if applicable; zip code and country;
  • Telephone number(s) of said address, including the long distance code and, where applicable, extension, when they have that;
  • Email;
  • Key to the Federal Taxpayer Registry, when you have it,
  • Name(s) and paternal and maternal surnames or, in the case of being a foreigner, the corresponding full surnames and first name(s), without abbreviations, as well as date of birth, Federal Taxpayer Registry code or Unique Population Registry Code of the representative, legal representatives or persons who carry out the act or operation on behalf of the legal entity in question. Likewise, they must collect identification data, consisting of: identification name; authority that issues it, and its number;
• Documents:
  • Testimony or certified copy of the public instrument that certifies its constitution and registration in the corresponding public registry, in accordance with the nature of the legal entity.
  • In the event that the legal entity is recently established and, as such, is not yet registered in the corresponding public registry according to its nature, obtain a document signed by a legal representative, which states the obligation to carry carry out the respective registration and provide, in due course, the corresponding data;
  • Tax Identification Card issued by the SAT, if you have one;
  • Proof that proves the address, which may be a payment receipt for direct-debit services or bank account statements, all of them no older than three months from their date of issue, or the lease contract in force on the date of presentation by the Client or User and registered with the competent tax authority, the Proof of registration in the Federal Taxpayer Registry;
  • Testimony or certified copy of the instrument containing the powers of the legal representative or attorneys, issued by a public notary.
• Identification of the Beneficial Owner, we will collect the same data and documents from the Beneficial Owner in the event that the Client or User has such information.

Foreign Natural Person

• Data:
  • Full surname(s) and first name(s), without abbreviations
  • Birthdate;
  • Country of birth;
  • Country of nationality;
  • Activity, occupation, profession, activity or line of business to which the Client is dedicated.
  • Address of your place of residence, composed of the following elements: name of the street, avenue or road in question, duly specified; exterior and, where applicable, interior number; colony or urbanization; corresponding territorial demarcation, municipality or similar political demarcation, if applicable; city or town, federal entity, state, province, department or similar political demarcation that corresponds, if applicable; zip code and country,
  • Data from the document with which you identified yourself, consisting of: name of the accreditation; authority that issues it, and its number.

  Additionally, in the case of people who have their place of residence abroad and at the same time have a domicile in national territory where they can receive correspondence addressed to them, the data related to said domicile must be entered in the file, with the same elements above. referrals.

• Documents:
  • Passport or original official document issued by the competent authority of the country of origin, valid or whose expiration date, at the time of its presentation, is not more than two years old, containing the photograph, signature and, where applicable, address of the referred person. Client or User, who proves their nationality;
  • Official document issued by the National Immigration Institute, which certifies your admission or legal stay in the country, when you have this;
  • In the event that the natural person states that they are aware of the existence of the Beneficial Owner, we must identify them as a natural person.
  • Power of attorney or certified copy of the document issued by a notary public, as appropriate, in the event that the natural person acts as an attorney-in-fact for another person.

Foreign Moral Person

• Data:
  • Denomination or social reason;
  • Constitution date;
  • Country of nationality;
  • Activity, business line, or corporate purpose;
  • Code of the Federal Taxpayer Registry or, where applicable, tax identification number of your country of nationality, when available;
  • DAddress, composed of the following elements: name of the street, avenue or road in question, duly specified; exterior and, where applicable, interior number; colony or urbanization; corresponding territorial demarcation, municipality or similar political demarcation, if applicable; city or town, federal entity, state, province, department or similar political demarcation that corresponds, if applicable; zip code and country;
  • Telephone number(s) of said address, including the long distance code and, where applicable, extension, when they have that;
  • Email;
  • NName(s) and paternal and maternal surnames or, in the case of being a foreigner, the corresponding full surnames and first name(s), without abbreviations, as well as date of birth, Federal Taxpayer Registry code or Unique Population Registry Code of the representative, legal representatives or persons who carry out the act or operation on behalf of the legal entity in question. Likewise, they must collect identification data consisting of: identification name; authority that issues it, and its number. When applicable.
• Documents:
  • Document that proves its constitution;
  • Proof that proves the address, which may be a payment receipt for direct-debit services or bank account statements, all of them no older than three months from their date of issue, or the lease contract in force on the date of presentation by the Client or User and registered with the competent tax authority, the Proof of registration in the Federal Taxpayer Registry;
  • Testimony or certified copy of the instrument containing the powers of the legal representative or attorneys, issued by a notary public, when they are not contained in the document that proves the constitution of the legal entity in question, as well as the identification of said representatives, attorneys. legal entities or persons who carry out the act or operation with said legal entity, which contains the photograph, signature and, where applicable, address of the aforementioned person.

  For the purposes of the provisions of this section, valid identification documents will be considered to be the voting credential issued by the National Electoral Institute, as well as any identification that is in force or whose expiration date, at the time of its presentation, is not older than two years with a photograph and signature, issued by Mexican federal, state and municipal authorities.

  Likewise, with respect to natural persons of foreign nationality, the passport or documentation issued by the National Migration Institute that certifies their condition of stay in the country will be considered valid identification documents, in addition to those previously referred to in this paragraph.

  In the case of those representatives or legal representatives of foreign nationality who do not have a passport, the identification must be, in any case, an official original document issued by the competent authority of the country of origin, valid or with the expiration date, at the time of its presentation, is not older than two years from the date of its presentation, containing the photograph, signature and, where applicable, address of the aforementioned representative. For the purposes of the above, valid identification documents will be considered to be the driver's license and credentials issued by federal authorities of the country in question.

  • Tax Identification Card issued by the SAT or, failing that, proof of assignment of the tax identification number, issued by the competent authority of their country of nationality, when they have any of these.

Once the information has been sent, the SAT will issue the electronic acknowledgment of registration and respective registration with a digital seal and will grant access to the electronic media within the Internet Portal, through which those of us who will send the corresponding Notices and receive the notifications, reports or communications by the SAT, the FIU or the Secretariat, as appropriate.

Every year we must verify, at least once a year, that the Client identification files have all the data and documents and are kept up to date.

If we have indications that any of our Clients request our services on behalf of a third party, we must request the data and documents of representation or beneficiary provided for in this document.

Under no circumstances can we allow our clients to use our services using pseudonyms, aliases or fictitious names.

Client risk level classification

Classifying clients' risk level is a fundamental part of the money laundering prevention process. To do this effectively, you can establish a mechanism that takes into account the consultation of sanction blacklists, the client's profile and their transactional activity. Here is a general approach to creating this mechanism:

Politically Exposed Persons (PPE)

Compliance officer

By Law, we must have a compliance officer designated, in charge of complying with the obligations of the Anti-Laundering Law; Thus, the Board of Directors of the company has made the decision that the Compliance Officer (CO), in this matter, is the one who has the powers of legal representative.

The compliance officer will have the following duties:

• Verify that the provisions of this Manual and the Anti-Laundering Law and administrative regulations that emanate from it are strictly complied with.
• Verify that prior to starting operations that you have complied with the delivery of physical documentation and registration in the Anti-Money Laundering portal referred to in AGREEMENT 02/2013 by which the General Rules referred to in the Federal Law for Prevention are issued. and Identification of Operations with Resources of Illicit Origin.
• Enter the Anti-Money Laundering Portal, once you are designated as OC, using your Federal Taxpayer Registry key and your current eSignature certificate, in order to accept the designation.
• Send notices and, where appropriate, modifications, in the terms of the Law, its regulatory provisions and this manual.
• Safeguard the acknowledgments of sending notices to the Anti-Money Laundering Portal.
• Attend verification visits by the Financial Intelligence Unit.
• Access the electronic files of registered users and vulnerable operations.
• Update the KYC information of Clients and shareholders, in accordance with the Law.
• Check the Anti-Money Laundering portal at least on the fifteenth and last day of each month or the next business day if any of these are non-business days to see if there is any notification.
• Follow up on daily regulatory publications.
• Inform the Board of Directors of any irregularity in the application of this manual.
• Cancel the vulnerable activity when, where appropriate, the service that caused the registration is no longer provided.

To fulfill its obligations, the OC will rely on Disruptive Exchange's external legal and accounting service providers.

Presentation of notices

We are obliged to monitor the operations of each of our clients and account for the total amount of their operations for each semester so that once the thresholds specified in this manual are exceeded, the notices required by the Anti-Money Laundering Law are presented.

The sending of the notices will be done through the Anti-Money Laundering Platform and will be signed electronically with the SAT Disruptive Exchange eSignature.

If we do not carry out vulnerable activities, we must inform you so. When we have indications that the resources used in the services we provide are used or will be used for the commission of Crimes of Operations with Resources of Illicit Origin or those related to these, we must present the Notice to the FIU, through the SAT, within the the following 24 hours counted from when we know said information.

The Notices that we are obliged to present will contain:

• General data of Disruptive Exchange.
• General data of the client, users or the Controlling Beneficiary, and information about their activity or occupation in accordance.
• General description of the Activity about which Notice is given.

Verification visits

Verification visits are an important tool to ensure compliance with tax and anti-money laundering obligations. During these visits, inspectors may review accounting books, financial records, and other documents to verify compliance with legal obligations.

Procedure:

Identification of the inspector: The inspector must properly identify himself before beginning the visit. It is important to verify your identification and make sure you are authorized to visit.

Notification of the visit: The company must be notified of the visit in advance. It is important that the company has an established protocol to receive and respond to these notifications.

Reception of the inspector: The inspector must be received by a representative of the company and must be provided with a suitable place to work.

Accompaniment of the inspector: During the visit, the inspector must be accompanied by a company representative at all times. It is important that the representative is familiar with company procedures and can provide the requested information.

Documentation: The company must have all the necessary documentation available to the inspector to verify compliance with legal obligations. It is important that documentation is organized and easily accessible.

Collaboration with the inspector: The company must collaborate with the inspector at all times and provide the requested information in a clear and precise manner. They are only authorized to request information from us regarding vulnerable activity, the documentation that supports it and the identification files of our clients; Likewise, you can request to consult this manual.

Verification report: At the end of the visit, a verification report must be prepared containing the results of the visit and the inspector's observations. It is important that the company carefully review the minutes and make the necessary observations.

Data reservation

We are obliged to protect the personal data of our clients as provided in our privacy notice. Likewise, to guarantee that the data we store on our server is as least vulnerable as possible, we will apply the following encryption method:

• Key generation: two keys are generated:one public and one private, for each client when they register on our platform.
• KYC process: The client provides his private information.
• Data Encryption: The client's private information is encrypted using the client's specific public key and the administrator's public key and is stored in the database.
• Information Request: When the client wants to see his private information, he must provide his private key.
• Data Decryption: using the private key provided by the client, the stored private information is decrypted.
• Information Viewing: the client can view their decrypted private information.
• The administrator may also review the client's information using his or her private key, to comply with the obligations of the Anti-Laundering Law.

Encryption and data protection flow:

Note: The public and private key of the client and the administrator are not saved in the system but are stored locally on the electronic device of the client and the administrator.

Only the OC will have the administrator profile.

We will never be able to notify or alert our clients of:

• The notices that we make regarding them.
• Information requirements by the supervisory authority.
• The assurance orders that we are obliged to execute.

Complying with our legal obligations does not mean complying with contracts or privacy provisions.