Anti-Money Laundering (AML) Policy
Effective date: March 10, 2026
1. Purpose and Commitment
Claak Inc. ("Claak") is committed to preventing the use of its platform for money laundering, terrorist financing, proliferation financing, and sanctions evasion. This Anti-Money Laundering (AML) Policy establishes the framework, controls, and procedures that Claak implements to comply with:
- The Bank Secrecy Act (BSA) and its implementing regulations
- The USA PATRIOT Act
- Office of Foreign Assets Control (OFAC) sanctions programs
- FinCEN guidance on virtual currency and money services businesses
- All other applicable federal and state anti-money laundering regulations
This policy applies to all transactions processed through the Claak platform, all users (companies, employees, contractors), and all Claak employees and officers.
2. BSA Compliance Officer
Claak has designated a BSA Compliance Officer with full responsibility and authority over the AML compliance program. The Compliance Officer is responsible for:
- Overseeing the implementation and day-to-day operation of this AML program
- Reviewing and deciding on flagged transactions and compliance alerts
- Filing Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs) with FinCEN
- Ensuring employee AML training is conducted and documented
- Coordinating with law enforcement and regulatory agencies
- Updating this policy in response to regulatory changes, audit findings, or emerging risks
- Maintaining all required compliance records
The Compliance Officer reports directly to senior management and has the authority to halt any transaction or suspend any account that presents a compliance risk.
Contact: compliance@claak.io
3. Risk Assessment
Claak conducts and documents a risk assessment that identifies the money laundering and terrorist financing risks specific to its business model. Key risk factors include:
Product Risk
- Cross-chain cryptocurrency payments
- Zero-knowledge privacy features
- Multiple supported tokens and networks
Customer Risk
- Companies in various jurisdictions
- Contractor payments (potentially cross-border)
- Varying transaction volumes and patterns
Geographic Risk
- Global user base with exposure to high-risk jurisdictions
- Cross-border payment flows
- Sanctions program complexity
Channel Risk
- Online-only platform (no face-to-face verification)
- Blockchain pseudonymity
- Bridge protocols connecting multiple networks
The risk assessment is reviewed at least annually and updated when significant changes occur in products, customer base, or regulatory requirements.
4. Customer Due Diligence (CDD)
4.1 Company Onboarding (KYB)
Before a company can process payments through Claak, the following due diligence is performed:
| Check | Description | When |
|---|---|---|
| Entity Verification | Verify legal entity name, registration, and jurisdiction | Onboarding |
| Beneficial Ownership | Identify all individuals with 25% or greater ownership | Onboarding |
| Sanctions Screening | Screen entity name and beneficial owners against OFAC SDN list | Onboarding + ongoing |
| Wallet Screening | Screen company funding wallet for sanctions exposure and taint | Onboarding + each funding |
| Business Purpose | Understand the nature of business and expected transaction activity | Onboarding |
4.2 Individual Wallet Screening
Every wallet address that receives payments through Claak is subject to automated screening before each transaction. This applies to employees, contractors, and any other payment recipients.
4.3 Enhanced Due Diligence (EDD)
Enhanced due diligence is applied to higher-risk customers, including:
- Companies with beneficial owners in high-risk jurisdictions
- Accounts with transactions flagged by compliance screening
- Accounts with unusual transaction patterns or rapid volume increases
- Companies operating in industries with elevated ML/TF risk
5. Transaction Screening and Monitoring
5.1 OFAC SDN Screening
All recipient wallet addresses are automatically screened against the US Treasury Office of Foreign Assets Control (OFAC) Specially Designated Nationals and Blocked Persons (SDN) list before each transaction.
- The SDN list is fetched directly from the US Treasury and refreshed every 24 hours
- Ethereum addresses are extracted and matched against recipient addresses
- Exact-match screening is performed on all transactions
- Stale-cache fallback ensures screening continues even if the refresh fails
- If no cache exists and refresh fails, all transactions are blocked (fail-closed)
5.2 On-Chain Taint Analysis
Claak operates a proprietary on-chain taint analysis system that provides deeper insight into wallet risk beyond simple sanctions list matching:
- Breadth-first graph traversal from all known OFAC SDN Ethereum addresses
- Proportional taint propagation based on actual transaction values
- 3-5 hop depth analysis across Ethereum, Arbitrum, Polygon, and Base
- Exchange/DEX whitelist prevents false propagation through aggregation points
- Taint scores stored with dual persistence (Redis + PostgreSQL) for reliability
- Nightly re-crawl to capture new sanctions designations and graph changes
5.3 Screening Decision Matrix
| Result | Taint Threshold | Action Taken |
|---|---|---|
| CLEAR | < 1% | Transaction proceeds normally |
| REVIEW REQUIRED | 1% — 10% | Transaction queued for Compliance Officer review |
| FLAGGED | 10% — 50% | Transaction blocked; Compliance Officer review; potential SAR filing |
| BLOCKED | ≥ 50% | Transaction permanently blocked; SAR filed if applicable; account may be suspended |
5.4 Fail-Closed Architecture
If the compliance screening system encounters an error, becomes unavailable, or returns an unexpected response, all affected transactions are blocked by default. The system never permits a transaction when the screening outcome is uncertain. This ensures that compliance failures result in false positives (blocked legitimate transactions) rather than false negatives (permitted illicit transactions).
5.5 Transaction Threshold Monitoring
Claak monitors transaction volumes for reporting thresholds:
- Transactions over $3,000: full recordkeeping (identity, amount, date, nature)
- Aggregate transactions exceeding $10,000 in a day from a single company: Currency Transaction Report (CTR) filed with FinCEN
- Unusual patterns: rapid volume changes, structuring attempts, round-number transactions designed to evade thresholds
6. Suspicious Activity Reporting (SAR)
When Claak identifies activity that is suspicious, unusual, or potentially indicative of money laundering or terrorist financing, the following procedure is followed:
Detection
Suspicious activity is identified through automated screening, transaction monitoring, employee observation, or external information.
Investigation
The Compliance Officer reviews the flagged activity, gathers supporting information, and documents the investigation.
Decision
The Compliance Officer determines whether the activity meets the SAR filing threshold based on FinCEN guidance.
Filing
If a SAR is warranted, it is filed with FinCEN via BSA E-Filing within 30 calendar days of the initial detection.
Recordkeeping
The SAR and all supporting documentation are retained for 5 years. The SAR filing itself is confidential.
No Tipping Off
Claak does not notify the subject of a SAR that a report has been or will be filed. Unauthorized disclosure of SAR filings is a federal criminal offense (31 U.S.C. § 5318(g)(2)).
7. Prohibited Jurisdictions
Claak does not knowingly process payments to, from, or involving individuals or entities located in jurisdictions subject to comprehensive US sanctions programs:
This list is updated as OFAC sanctions programs change. Users are responsible for ensuring their use of the Platform complies with all applicable sanctions laws.
8. Recordkeeping
| Record Type | Retention | Regulatory Basis |
|---|---|---|
| Transaction records (≥ $3,000) | 5 years | 31 CFR 1010.410 |
| Customer identification records | 5 years after account closure | 31 CFR 1010.312 |
| SAR filings and supporting documentation | 5 years | 31 CFR 1010.320 |
| CTR filings | 5 years | 31 CFR 1010.306 |
| Compliance screening results | 5 years | BSA audit trail |
| AML training records | 5 years | BSA program requirements |
All records are stored in encrypted databases with access controls and comprehensive audit logging.
9. Employee Training
All Claak employees receive AML compliance training as follows:
- New hire training: within 30 days of start date, covering BSA/AML fundamentals, SAR recognition and filing, sanctions compliance, and employee responsibilities
- Annual refresher: updated training covering regulatory changes, new typologies, case studies from the prior year, and any audit findings
- Role-specific training: additional training for the Compliance Officer, engineering staff handling compliance systems, and any employees with SAR filing responsibilities
Training completion is documented with date, attendee name, topics covered, and trainer information. Records are retained for 5 years.
10. Independent Testing
Claak engages an independent, qualified party to conduct an annual review and testing of its AML compliance program. The review covers:
- Adequacy of AML policies and procedures relative to the risk assessment
- Effectiveness of transaction monitoring and screening systems
- Completeness and timeliness of SAR/CTR filings
- Compliance with recordkeeping requirements
- Adequacy of training program
- Sample testing of transactions for compliance adherence
Findings and recommendations from the independent review are reported to the Compliance Officer and senior management. Remediation plans are developed and tracked to completion.
11. Policy Review and Updates
This AML policy is reviewed and updated at least annually, or more frequently in response to:
- Changes in applicable laws, regulations, or regulatory guidance
- Findings from the independent review or internal audit
- Significant changes in products, services, or customer base
- New or emerging money laundering typologies relevant to cryptocurrency
- Enforcement actions or guidance from FinCEN, OFAC, or other regulators
12. Contact
To report suspicious activity or ask questions about this AML policy: