logo

Anti-money laundering and counter-terrorist financing policy

1. INTRODUCTION

Burvix sp. z o.o., company incorporated under number 0001131882, having its registered address at ul. Żurawia 43, lok. 8a, 00-680 Warszawa, Republic of Poland (hereinafter – “Company”, “We”, “Our”, “Us”), is committed to conducting its business in full compliance with applicable anti-money laundering (hereinafter – “AML”) and counter-terrorist financing (hereinafter – “CTF”) regulations, including the Polish AML legislation, EU legislation, and international standards set by the Financial Action Task Force (hereinafter – “FATF”). 

For onboarding and service activation with venue/liquidity partners, We may, where permitted by law, rely on other obliged entities’ Client Due Diligence (hereinafter – “CDD”)/Know Your Client (hereinafter – “KYC”)/Know Your Business (hereinafter – “KYB”) and exchange CDD information under a reliance framework (controller-to-controller), in line with EU AML rules and the Polish Act of 1 March 2018 on Counteracting Money Laundering and Terrorist Financing (hereinafter – “AML Act”). The operational safeguards and data-protection measures are aligned with Our Privacy Policy.

2. SCOPE AND PURPOSE

This Anti-Money Laundering and Counter-Terrorist Financing Policy (hereinafter – “Policy”) applies specifically to the services offered to Our clients (hereinafter – “Clients”) through Our official Telegram bot @burvix_bot  (hereinafter – “Bot”). It defines the general AML/CTF principles governing the use of Our services. The full scope of AML/CTF procedures, including KYC/KYB, is implemented and accessible directly via the Bot.

The purpose of this Policy is to ensure that the Company, as the operator of the Bot:

  • complies with Polish and EU AML/CFT legislation;
  • protects the integrity, security, and stability of the financial system;
  • prevents the misuse of the Bot for money laundering (hereinafter – “ML”), terrorist financing (hereinafter – “TF”), fraud, or other illicit activities;
  • promotes a culture of transparency, accountability, and regulatory compliance;
  • assures Clients that all services offered via the Bot meet the highest compliance and security standards.

Although the text of this Policy is available on Our website https://burvix.exchange/, this is done in the interests of transparency in providing information to Our Clients. The website serves as a marketing and information platform only. No onboarding, transaction execution, or other operational activities are performed via the website.

3. WHY VERIFICATION IS REQUIRED 

Verification obligations arise, inter alia, under the Polish AML Act, which classifies the Company as an obliged institution, and under supervisory guidance issued by the General Inspector of Financial Information (hereinafter – “GIFI”), the competent state authority in AML/CTF matters.

4. ACCESS TO SERVICES AND KYC/KYB OBLIGATIONS 

To access and use the services of the Bot, all Clients must successfully complete KYC/KYB verification. This requirement applies to every Client without exception and is a condition for accessing Our services.

As a regulated service provider, the Company is legally obliged under Polish AML legislation and EU AML Directives to:

  • identify and verify each Client’s identity; 
  • collect, process and store relevant information.

All KYC/KYB checks are performed through certified external verification providers approved by the Company. Remote onboarding procedures follow the same assurance standards as in-person verification.

Failure to complete verification, or to provide accurate and complete information, will result in denial of access to the Bot’s services.

Where sub-accounts are used (under a reliance framework), service activation occurs only after the Client’s CDD/KYC/KYB reaches PASS (or equivalent) at the partner’s venue. CDD exchanges with partner venues occur over authenticated, encrypted channels.

5. CLIENT DUE DILIGENCE

CDD is the process We use to identify and verify Clients, understand their activity, and assess the risks related to the use of Our services. This ensures that transactions are legitimate, secure, and not misused for ML/TF or other illicit purposes.

We do not permit anonymous accounts or occasional transactions. All Clients are required to undergo full onboarding procedures prior to any transactional activity. 

As part of CDD, We conduct identification and verification of Clients and seek to understand expected activity and risk. 

For natural persons, We may request: 

  • full legal name, nationality, date of birth, and residential address;
  • valid government-issued identification document (passport, national ID card, or driver’s license);
  • proof of residence (e.g., utility bill, bank statement, or official correspondence not older than 3 months);
  • confirmation of the source of funds and source of wealth for the amount of the expected transactions;
  • completion of verification checks (e.g., liveness, email, and phone verification);
  • questionnaire with the following information:
    • purpose of establishing business relations;
    • expected number of transactions;
    • expected turnover.

For legal persons, We may request: 

  • legal name, registration number, and registered office address;
  • Certificate of Incorporation, Articles of Association, or equivalent legal documentation, which would confirm the existence of a legal entity, and disclose members of the board and shareholders;
  • confirmation of the source of funds and source of wealth for the amount of the expected transactions;
  • disclosure of ownership structure;
  • questionnaire with the following information:
    • purpose of establishing business relations;
    • expected number of transactions;
    • expected turnover;
    • indication of your business partners;
    • indication of jurisdictions with which you cooperate.
  • proof of legal representation (e.g., corporate resolution, power of attorney);
  • identification and verification of representatives acting on behalf of the entity, including submission of a valid identification document, proof of address documents, and a liveness check;
  • identification and verification of the chief executive officer, including submission of a valid identification document, proof of address documents, and a liveness check;
  • identification and verification of all shareholders holding 25% or more ownership or control, including submission of a valid identification document, proof of address documents, and a liveness check.

CDD does not end after the onboarding process. We continuously monitor Client activity to ensure that transactions remain consistent with the Client’s profile and risk level, updating information when needed and applying enhanced due diligence where higher risks are identified.

6. TRANSACTION MONITORING AND TRAVEL RULE

The Company maintains a robust transaction monitoring framework. All incoming and outgoing virtual asset transfers are subject to internal controls, risk-based screening, and regulatory data reporting. Poland implements the FATF Travel Rule through EU law, requiring virtual asset service providers to collect and transmit originator and beneficiary information for every transaction. To satisfy these obligations, the Company uses blockchain analytics and Client-supplied data to verify sources of funds and identities for each transfer.

For each Client transaction, the Company generates a unique, single-use deposit address. This temporary address is used only for preliminary AML/CTF analysis and is closed after the screening. The Company does not hold Client assets in custody. The temporary address does not constitute ongoing safekeeping, and no unspent Client funds remain under the Company’s control.

Upon deposit into the temporary wallet, the Company conducts due diligence on the transaction history. Industry-standard blockchain analytics tools are used to trace the origin of the funds and detect any links to illicit or sanctioned activity. The Client must declare the source of funds for example, transfers originating from known exchanges like Binance or Kraken.

The Company requires complete originator and beneficiary information for all virtual asset transactions. The Client (as the transaction originator) must furnish full identity details (name, address, transaction ID, etc.) for the sending party. The Company collects and records this information and transmits it as required. If any required Travel Rule information is missing or incomplete, the Company will not process the transaction and will return the funds to the Client. In effect, adherence to the Travel Rule is a Client obligation: transactions without proper originator/beneficiary data are rejected or reversed in line with regulatory mandates.
If the compliance review reveals any anomalies (for example, funds linked to illicit behavior, sanctions flags, or unverifiable sources), the Company immediately halts the transaction. The assets are returned to the Client’s address. 

7. THIRD-PARTY PROVIDERS

To ensure compliance with AML and CTF obligations, We integrate trusted third-party providers for identity verification and transaction monitoring. 

  • AMLBot (Safelement Limited, Hong Kong) – used for blockchain transaction monitoring, wallet risk scoring, and sanctions screening. This system enables Us to detect potential links to ML/TF, and other illicit activity across multiple crypto-assets.
  • Allpass.ai (elKYC OÜ, Estonia) – used for identity verification and ongoing CDD, including sanctions and PEP screening, adverse media checks, and continuous re-screening.

Both providers operate under formal service agreements, which govern the scope of services and ensure data confidentiality, protection, and reliability. The use of these systems ensures that all Bot Clients are screened, verified, and monitored in accordance with applicable AML/CFT laws and regulations.

At the Company’s discretion, the list of providers may be supplemented or replaced by functionally equivalent providers.

8. RESTRICTED CLIENTS

The Company applies strict limitations on who may access the Bot. Certain categories of Clients will not be accepted, including (but not limited to) those who:

  • fail or refuse to provide the required information and documents for identity verification;
  • are identified as residing in restricted jurisdictions under international sanctions or Our internal policies;
  • are located in countries where the Company does not hold the necessary license to operate;
  • present elevated risks, suspicious activity, or potential threats to Our compliance framework or business integrity.

The following jurisdictions and territories are expressly restricted from using the Bot: Abkhazia, Afghanistan, Azerbaijan, Bangladesh, Belarus, Bolivia, Burundi, Cambodia, Central African Republic, China, Crimea (region of Ukraine), Cuba, Democratic Republic of the Congo, Eritrea, Equatorial Guinea, Federal Republic of Ambazonia, Gabon, Guatemala, Guinea, Guinea-Bissau, Haiti, Honduras, Iran, Iraq, Kosovo, Kyrgyzstan, Lebanon, Libya, Madagascar, Mali, Myanmar (Burma), Non-government controlled areas of region of Donetsk (region of Ukraine), Non-government controlled areas of region of Kherson (region of Ukraine), Non-government controlled areas of region of Luhansk (region of Ukraine), Non-government controlled areas of region of Zaporizhzhia (region of Ukraine), Nicaragua, Niger, North Korea (DPRK), Pakistan, Palestine, Paraguay, Republic of Artsakh, Russia, Somalia, South Ossetia, South Sudan, Sudan, Syria, Tajikistan, Transnistria, Tunisia, Turkmenistan, Venezuela, Yemen, Zimbabwe and other countries where providing these services is prohibited by law.

Additionally, We do not accept Clients from jurisdictions requiring special service licenses (including Australia, Canada, Japan, New Zealand, the United Kingdom, and the United States) unless We hold the necessary licenses/authorizations.

The Bot employs certified KYC/KYB software providers that automatically screen Clients against both individual and jurisdictional sanctions lists to ensure compliance with applicable legal and regulatory requirements.

9. DATA RETENTION AND RECORD KEEPING

We maintain all records collected during the onboarding, verification, and monitoring in strict compliance with applicable AML/CFT requirements. This includes, but is not limited to, Client identification data, verification evidence, and records of any unusual or suspicious activities.

Such records are securely retained for a minimum period of five (5) years from the termination of the business relationship. Where required by law or supervisory authority, this retention period may be extended.

The Company applies technical and organizational measures to ensure that all retained data remains protected against unauthorized access, alteration, or disclosure.

Records arising from exchanges with other obliged entities (e.g., reliance-related CDD, requests for information, and submitted copies) are retained in line with statutory AML retention periods and audit requirements.

10. OBLIGATIONS

We respect the confidentiality of Client information and ensure that data is only shared when it is legally justified. We may disclose personal data and transaction-related information exclusively to:

  • GIFI or other competent and regulatory authority;
  • law enforcement agencies;
  • other authorized bodies as provided under applicable AML/CFT legislation. 

Such disclosures are carried out strictly within the scope of Our legal obligations and always in accordance with data protection principles.

We do not share Client information with third parties for commercial purposes. Any sharing of data is limited to fulfilling Our compliance duties and safeguarding the integrity of the financial system.

Where a lawful AML reliance arrangement is in place, We may exchange CDD/KYC/KYB information with other obliged entities as independent controllers for their own AML purposes, including providing copies of supporting documents upon request and receiving equivalent information from them, under written terms and secure channels.

11. ENFORCEMENT AND RIGHT TO DECLINE/TERMINATE

The Company may decline or terminate relationships or transactions that contravene this Policy, Our internal standards, or legal requirements, or where required information is not provided or is unreliable.

12. AMENDMENTS TO THIS POLICY

We are committed to keeping Our AML/CFT standards strong and effective. To achieve this, the Policy is regularly reviewed and, where necessary, adjusted to reflect updates in legislation, regulatory requirements, and industry best practices.

As the regulatory environment for crypto-assets continues to evolve, We may revise or supplement this Policy from time to time. Such updates can be introduced without prior notice, and it is the responsibility of Clients to stay informed about the current version.

The latest and valid version of this Policy is always accessible through Our official channels. By using the Bot, Clients confirm their acceptance of the Policy in its most recent form.

13. CONTACT INFORMATION

If you have any questions, concerns or requests regarding this Policy, please contact Us through Our official support channel: support@burvix.io or via the Bot. 

We are committed to transparency and will respond to inquiries in a timely and professional manner.