Policy

Anti-Money Laundering and Know Your Customer Policy

  • BitFlow
  • 31 Oct 2025
  • Important
  1. Introduction
    1. The BitflowStock AML Policy is designed to prevent money laundering, including the need to have adequate systems and controls in place to mitigate the risk of the firm being used to facilitate financial crime.
    2. The primary objectives of the Company’s AML framework are to:
      1. Prevent and detect the use of the Company’s services for money laundering or other illicit financial activities.
      2. Ensure compliance with all applicable AML legislation, regulations, and regulatory guidance.
      3. Protect the integrity and reputation of the Company by maintaining strong governance and ethical business practices.
    3. This AML Policy sets out the minimum standards which must be complied with and includes:
      1. The appointment of a Money Laundering Reporting Officer (MLRO) who has a sufficient level of seniority and independence and who has responsibility for submitting Suspicious Transaction Reports (STRs) and Suspicious Activity Reports (SARs) to the Financial Analytical Unit of the Czech Republic (FAU) in cases where there is knowledge, suspicion, or reasonable grounds to suspect that a transaction or activity is connected with money laundering or terrorist financing, and ensuring communication with the relevant competent authorities, including the FAU, in accordance with Act No. 253/2008 Coll., on Certain Measures Against the Legalization of Proceeds of Crime and Financing of Terrorism, as amended (hereinafter referred to as "Czech AML Act’);
      2. The appointment of a Compliance Officer (‘MLCO’) possessing adequate seniority, authority, and independence to establish, implement, and oversight the Company’s compliance with applicable anti-money laundering and counter-terrorist financing (‘AML/CFT’) legislation, regulations, rules, and relevant industry guidance and methodologies.
      3. Establishing the roles, functions, and obligations of the Money Laundering Compliance Officer (MLCO) and/or Money Laundering Reporting Officer (MLRO) and their respective team members.
      4. Execution of regular AML/CFT audits and periodic reviews;
      5. Having Board of Directors who have sufficient knowledge and experience to create compliance culture in the Company, as well as balancing it with the Company’s business interests;
      6. The maintenance of appropriate records for the minimum prescribed periods, as well as implementation of comprehensive record-keeping practices in compliance with the EU and local data protection requirements (including GDPR) and AML/CFT laws and regulations.
      7. Establishing and maintaining a Risk-Based Approach (RBA) towards assessing and managing the money laundering and terrorist financing risks to the company;
      8. Establishing and maintaining risk-based customer due diligence, identification, verification, and know your customer (KYC) procedures, including enhanced due diligence for those customers presenting higher risk, such as Politically Exposed Persons (PEPs);
      9. Establishment and maintenance of a system of internal rules and risk assessment, taking into account the FAÚ methodology;
      10. Establishing principles, processes, and procedures for the identification and verification of KYC/KYB/KYT.
      11. Establishing and maintaining risk-based systems and procedures to monitor ongoing customer activity;
      12. Prohibiting relationship with the certain types of customers taking into account their AML risks that are included in the sanctions list due to geography, customer type, his/her activities and other factors.
      13. Verification of local and international sanctions lists and databases, including Politically Exposed Persons (PEP) databases.
      14. Performing AML/KYC procedures on Users, i.e. natural and legal persons and their representatives;
      15. Performing an enterprise-wide risk assessment in order to determine the Company’s risk profile;
      16. Implementing internal procedures, policies, and controls aimed at mitigating risks of money laundering, terrorist financing and/or other financial crimes;
      17. Maintaining and updating User data, documents and other information;
      18. Establishing procedures for reporting suspicious activity internally and to the FAU;
      19. Ensuring awareness for all relevant employees, as well as provision of AML/CFT education and trainings to all staff.
      20. Monitoring of transactions and other operations conducted by Users and Partners.
      21. Engagement of third-party professional vendors for various monitoring procedures.
      22. Compliance with all additional obligations as stipulated by Internal AML/CFT Compliance Policies.
      23. Establishing internal controls under the four-eyes principle and regularly reviewing;
      24. Establishing whistleblowing channels and protection for all staff in accordance with the applicable Whistleblowing Protection rules and provisions.
      25. Taking all other necessary and developed steps and measures to detect and prevent any financial crime, including money laundering and terrorism financing, in accordance with AML/CFT Laws.
    4. To comply with both international and local laws, BitflowStock as an obliged person in accordance with the Article 2(1)(l) of the Czech Act No. 253/2008 on certain measures against the legalization of proceeds from crime and the financing of terrorism and other applicable AML/CFT laws and regulations (hereinafter referred to as "Czech AML Laws") establishes and maintains effective internal procedures and mechanisms to combat money laundering, terrorist financing, drug and human trafficking, the proliferation of weapons of mass destruction, corruption, bribery, and other financial crimes (altogether referred to hereinafter as "Criminal Offenses"). BitflowStock is also required to act upon any suspicious activities from its Users/Partners.
    5. For AML/CFT purposes, the legal basis for processing is the legal obligation under Article 6(1)(c) GDPR; consent is not required.
  2. The Importance of this Policy
    1. This Policy applies to all employees, contractors, agents or other persons, working on behalf of BitflowStock and covers all aspects of its Services and operations.
    2. This Policy sets forth the rules, principles and procedures that BitflowStock follows for detecting and preventing any financial crime, including money laundering and the funding of terrorism, in accordance with all relevant and mandatory applicable laws.
    3. This Policy is an integral part of the Company’s Terms of Services – i.e. the terms and conditions, which are at all times available on the Company’s Website. The Policy specifies the main and general principles and rules, applicable for the purposes of detecting and preventing any financial crime, including money laundering and the funding of terrorism, in accordance with all relevant and mandatory applicable laws.
    4. The Company is strongly committed to preventing the use of its Services for money laundering or any other activity which facilitates money laundering, the funding of terrorist and/or any other criminal activities, or any other illicit purposes.
    5. The Company has its own implemented internal procedures (hereinafter referred to as the “Procedures”), developed and implemented in accordance with the Act No. 253/2008 Coll. on protection against money laundering and terrorist financing and on the amendment to certain acts, as well as other by-laws adopted on the basis of this Act and other applicable, relevant and mandatory legal requirements (hereinafter altogether referred to as the “AML/CFT Laws”).
    6. The Procedures are administered by the Company’s Board of Directors, the Compliance Officer, MLRO, and compliance team, together referred to as the Compliance Department in strict accordance with the AML/CFT Laws. The Company’s Compliance Department is tasked with monitoring compliance with the relevant AML/KYC regulations and administrating the Procedures within the Company in strict accordance with applicable laws.
  3. Definitions and Interpretations:
    1. Terms and expressions used in these Policy shall be interpreted in accordance with the definitions provided below:
      • “AML” or “AML/CFT” means a set of applicable laws, regulations and procedures aimed at preventing money laundering, terrorist financing and any other criminal activity by using funds as legitimate income.
      • "Czech AML Act" means the Czech Act No. 253/2008 on certain measures against the legalization of proceeds from crime and the financing of terrorism and other applicable AML/CFT laws and regulations.
      • “Internal AML/CFT Policies” means AML/CFT System of internal rules and principles, as well as Risk Assessment procedures, developed by BitflowStock in accordance with Article 21 and 21a of the Czech AML Act.
      • “Risk-Based Approach” or “RBA” means is an approach which was developed and implemented on the basis of implementation of AML/CFT measures, specified in the mandatory and relevant AML/CFT laws, that enables an obliged person to allocate resources (human and financial) appropriately while effectively managing ML/TF risks. The effective RBA is based on a carefully conducted risk assessment (including their identification, evaluation and assessment). This enables the Company as an obliged person to implement effective and mitigative measures that are appropriate for the ML/TF risks elimination.
      • “Risk Factor” means:
        • the characteristic of the customer (User/Partner), to whom the Product and/or Services provided; and/or
        • the way the products and/or services are provided to the customer (User/Partner), and/or
        • geographic risk factors; and/or
        • other factors in accordance with the Czech АML Аct, which increases the risk that the services and products of the BitflowStock may be misused by the customer (User/Partner) for the purpose of legalizing proceeds of crime or for financing of terrorism.
      • “Fraud” means any act of dishonestly or unlawfully obtaining or attempting to obtain an advantage or financial gain through deceptive practices within the framework of BitflowStock’s Services and operations.
      • “Know Your Customer” or “KYC” means one of the key AML/CFT tools (instrument) which permits BitflowStock to know its customers in prior to execute any transactions for them.
      • “Know Your Business” or “KYB” is a process used by BitflowStock to verify the identity and legitimacy of a business, preventing fraud, money laundering, terrorism financing, and other financial crimes or illegal activities.
      • “Know Your Transaction” or “KYT” means is a process used by BitflowStock as an Obliged Person to verify, monitor, and/or analyse individual transactions to detect suspicious and/or unusual activity that may indicate Criminal Offenses, fraudulent behavior and/or other illicit financial activities.
      • “Business Relationship” means a business, professional and/or commercial relationship between the BitflowStock and a Customer, which:
        • arises out of the business of the relevant person, and
        • is expected by the relevant person, at the time when contact is established, to have an element of duration.
      • “User” means any person who uses Our Platform and/or Services and/or has agreed to the terms and conditions of BitflowStock’s Terms of Use.
      • "Partner" means any individual or legal entity that engages in a Business Relationship or collaboration with the BitflowStock.
      • “Obliged Person” means BitflowStock, i.e. the person who under applicable AML/CFT laws is obliged to prevent money laundering, terrorist financing and any other criminal activity by using funds as legitimate income.
      • “Identity card” means a document issued by a public authority listing the first name and surname, date of birth and facial image and any other data enabling identification of its bearer as its true holder.
      • “Services” means the services, specified in the Terms of Use
      • “Source of Funds” means the funds received from a one-time event (for example, inheritance, sale of real estate, winnings, sale of other assets, etc.) or continuous activity (funds from the customer's business, his/her employment, other legal activities, etc.).
      • “Suspicious transaction” means a transaction made under circumstances giving rise to suspicion of an attempt to the laundering of proceeds of crime or suspicion that the funds used in the transaction are intended for terrorist financing or that the transaction is otherwise related to or connected with terrorist financing, or any other fact that might indicate such suspicion.
      • “Compliance Officer” or “MLCO” means the person responsible for application and implementation of the AML/CFT rules, principles and procedures in accordance with Czech AML Act.
      • “MLRO” means the person responsible for the notification obligation in accordance with Article 18 of the Czech AML Act and ensure constant contact with the Office.
      • “Office” or “FAO” means the Financial Analytical Office (FAO) located at Washingtonova 1621/11, 11000 Praha 1, Czech Republic, website: https://fau.gov.cz/
      • “Politically Exposed Person” or “PEP” means:
        • A natural person, who performs or performed an important public function with regional, national and/or even higher importance;
        • A natural person, close to the above specified person(s);
        • A natural person from his/her "business surroundings";
        • Any other persons who are considered to be as a PEP in accordance with the Methodological Instruction No. 7 of 22.11.2022, intended for obliged entities pursuant to Article 2 of the Czech AML Act.
  4. Counter Financing of Terrorism (CFT)
    1. The Company takes a risk-based approach when adopting and implementing counter-financing of terrorism (CFT) measures and in conducting AML risk assessments. The company adopted internal CFT controls and makes undefended decisions regarding CFT matters supersede any business, strategic, or other operating tasks.
    2. The Company recognizes and understands that terrorism financing (TF), although distinct from money laundering, presents significant legal, regulatory, and reputational risks. Terrorism financing involves the collection or provision of funds, directly or indirectly, with the intention that they be used to support terrorist acts, organizations, or individuals, regardless of whether the funds originate from legitimate or illegitimate sources.
    3. While terrorism financing constitutes a separate criminal offense from money laundering, the Company’s Compliance and AML/CFT Program comprehensively covers the identification, assessment, mitigation, and reporting of terrorism financing risks.
    4. The Company applies the same rigorous standards, controls, and procedures used for Anti-Money Laundering (AML) to detect and prevent terrorism financing, including:
      1. Conducting risk-based Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) to identify and verify customers and beneficial owners.
      2. Screening all customers, beneficial owners, and transactions against relevant sanctions lists and terrorist financing databases, such as those issued by the United Nations, European Union, and other competent authorities.
      3. Monitoring transactions to detect unusual or suspicious activity that may be linked to terrorist organizations or individuals.
    5. All employees are required to promptly report any suspicious activity or transaction that may indicate potential terrorism financing to the Money Laundering Reporting Officer (MLRO) and Compliance Officer.
    6. The MLRO will assess such reports and, where necessary, file a Suspicious Transaction Report (STR) or Suspicious Activity Report (SAR) with the appropriate regulatory or law enforcement authority, in accordance with legal requirements.
    7. The Company fully cooperates with FAU and other competent authorities in the investigation and prevention of terrorism financing activities. Employees receive ongoing training to ensure they can recognize indicators of terrorism financing and understand their obligations under the Company’s AML/CFT policy and applicable laws.
  5. Compliance Officer (MLCO) and MLRO
    1. The Compliance Officer and MLRO are the persons duly authorized by BitflowStock who are responsible for ensuring that the AML/KYC Policy is effectively implemented and adhered to, as well as overseeing all aspects of AML/CFT activities, including but not limited to:
      • Establishing and updating internal policies and procedures for completing, reviewing, submitting and maintaining all reports and records required by applicable laws and regulations;
      • if it is a Suspicious Transaction; or
      • Monitoring transactions and investigating any significant deviations from normal activities;
      • Implementing of a records management system for the proper storage and retrieval of documents, files, forms and logs;
      • Regular updating of the risk assessment procedures;
      • Providing information to law enforcement agencies in accordance with applicable laws and regulations.
    2. The Compliance Officer (MLCO) and MLRO has the right to interact with law enforcement agencies that are involved in the prevention of money laundering, terrorist financing and other illegal activities.
    3. MLCO and MLRO regularly educate all employees on recognizing and preventing Fraud, Criminal Offenses and other illegal activities, as well as ensure that they are up to date with the latest AML/CFT, Fraud trends, legislative and/or practical changes, and prevention techniques.
    4. Employees who suspect or detect fraudulent activities must report them immediately to the MLCO and MLRO.
  6. Know Your Customer Procedures (KYC)
    1. Individuals can be identified by passport or other identification documents (Valid ID) and utility bills stating their current postal address and address of registration. Companies have to be identified by extracts from the Chamber of Commerce or by notary deed. Copies have to be made and archived in files securely.
    2. In order to process Verification (KYC) request and verify your account on https://bitflowstock.com/account/verification/advanced please provide and upload on your account the following information:
      1. 6.2.1. A passport, ID, national identity card, residence permit and/or driver's license to confirm your identity (hereinafter referred to as the “Valid ID”). The Valid ID means official document, which contains the following:
        1. Names and surname;
        2. Date of birth;
        3. Place of birth;
        4. Gender;
        5. The number of the identity document;
        6. The date and place of issue;
        7. The name of the authority which issued it;
        8. Period of validity;
        9. Photo.
      2. A photo, where you are holding your document and a piece of paper with the handwritten date and name of our platform and liveness check.
      3. A bank account statement, utility bill (electricity, water, internet, etc) with your name or any other document to confirm your address. You may submit a picture of a hard copy bill or a PDF of a paperless bill.
      4. Source of Funds. In accordance with the applicable AML/CFT Laws, as well as the Company’s internal compliance procedure rules, when making a transaction or a series of linked transactions and/or at any time requested by the Company, a User shall provide a Source of Funds, which shall mean any document that verified the lawful source of User’s funds, such as copies of accounting documents, tax statements, bank statements and so on.
      5. Purpose and nature of establishing Business Relationship and using the Company’s Services.
      6. All other data and documents specified in the Article 5 of the Czech AML Act, as well as other data taking into account the RBA.
    3. If the User is a natural person, BitflowStock will record and verify from the User's valid identity card (Valid ID):
      1. Identification data;
      2. Type and number of Identity card;
      3. The state, or the authority that issued it;
      4. Its validity period;
      5. User’s selfie ID for verifying that the User’s likeness matches the image on his/her Identity card;
    4. If the User is a legal entity, we will record and verify its identification data from the document on the existence of the legal entity and further identify the natural person who represents the legal entity in the given case. If the legal entity’s statutory body, member or controlling person is another legal entity, BitflowStock also checks and records its identification data, documents and information.
    5. As part of the identification, BitflowStock also determines and records whether the User is a politically exposed person or whether the User is a person against whom the Czech Republic applies international sanctions in accordance with the Act on the Implementation of International Sanctions.
    6. For other Services, BitflowStock verifies the identity of natural persons (acting on their own behalf or representing a legal entity).
    7. At the place of identification, BitflowStock may ask its Users/Partners to provide identification by a notary public or public administration contact point, or take over the identification carried out by a credit or financial institution in connection with the establishment of a Business Relationship.
    8. BitflowStock carries out User/Partner identification when establishing Business Relationship.
    9. BitflowStock always takes steps to confirm the authenticity of data, documents and/or information provided by the Users/Partners. User’s identification data, information and/or documents are collected, stored, shared and protected by BitflowStock strictly in accordance with its Privacy Policy and other applicable laws and regulations.
    10. All legal and effective methods for double-checking identification are used. BitflowStock reserves the right to investigate certain Users/Partners who have been determined to be risky and/or suspicious.
    11. BitflowStock reserves the right to verify User’s/Partner's identity in a regular and on-going basis, especially when:
      • their identification information has been changed, or
      • their activity seemed to be suspicious (unusual for the particular User/Partner).
    12. BitflowStock reserves the right to request up-to-date data, information and/or documents from the Users/Partners at any time, even though they have passed KYC/KYB/KYT identification and/or verification in the past.
    13. Once the User’s/Partner's identity has been verified, BitflowStock is able to remove itself from potential legal liability in a situation where its Website, Platform, Wallet and/or Services are used to conduct possible Criminal Offenses.
    14. IMPORTANT NOTE: Text information about you, that you fill in during passing verification here https://bitflowstock.com/account/verification/advanced, namely: First Name, Last Name, Middle Name (if you have), Country / State, City, Street, and Zip Code, etc., must necessarily match the information that is indicated in your documents. Only in this case, you will be successfully verified.
    15. The platform's security policy reserves the right to require KYC to protect funds in case of suspicious activity on the account and/or using our Services. Before passing KYC, all account activity and/or our Services may be suspended.
  7. The following categories are excluded and will not be serived by the Company:
    1. Persons from or residents of geoblocked jurisdictions, as defined in the Compliance Program (Blacklist) identical to BitflowStock’s primary platform.
      1. Persons listed on EU, UN, OFAC sanctions lists or identified as PEPs from high-risk jurisdictions.
      2. Anonymous users.
      3. Access to the platform is restricted for users from blacklisted jurisdictions as defined in the Bitflow Lab s.r.o.’s Compliance Program and other FATF high-risk countries. Verification for these countries is also not possible, so documents of users from these countries will not be accepted for verification.
    2. Our company is prohibited from transacting with individuals, companies and countries that are on prescribed sanctions lists.
  8. Sanctions and PEP lists screening.
    1. Bitflow screens applicants against recognised Sanctions and PEP lists and/or databases.
    2. Individuals and legal entities are screened against mentioned lists:
      • on the onboarding stage when the user is submitting the application;
      • on each anti-fraud and AML alerts manually by MLCO/MLRO.
    3. For the screening process performing Bitflow uses various official online search tool for manual confirmation.
  9. AML Control
    1. BitflowStock conducts KYC/KYB and due diligence:
      • If it is a suspicious transaction;
      • upon the establishment of a business relationship, before the transaction; and
      • regularly during the duration of the Business Relationship.
    2. The AML control includes:
      • obtaining information about the purpose and intended nature of the transaction or business relationship;
      • ascertaining the ownership and management structure of the client and its real owner, if the client is a legal entity, and taking measures to find out and verify the identity of the real owner;
      • ongoing monitoring of the business relationship, including review of trades made during the course of the relationship;
      • reviewing the sources of funds or other assets involved in the business or business relationship;
      • carrying out other measures and procedures where necessary and appropriate in accordance with the Czech AML/CFT Act and other applicable laws and regulations.
  10. Due diligence
    1. As part of the User’s Due Diligence, the Company’s Compliance Department:
      1. Identifies and verifies the User and/or its representative(s) and verifies provided data, documents and other information using reliable and independent sources, including but not limited to using the means of e-identification;
      2. Investigates Users, whose business, activities and/or documents have been identified as risky and/or suspicious;
      3. Requests additional, new and/or updated data, documents and other information from Users when deemed necessary by the Company at any time;
      4. Confirms the authenticity of data, documents and information provided by Users;
      5. Verifies Users’ transactions on an on-going basis even if User(s) have been identified in the past.
      6. Takes all other necessary and/or implemented steps and measures for the purposes of detecting and preventing any financial crime, including money laundering and the funding of terrorism, in strict accordance with relevant and mandatory applicable laws.
    2. The Company has the right to request additional, new and/or updated data, documents and/or information from any User at any time, even if such User has been identified before in accordance with applicable laws.
    3. The Company may stop and refuse providing Services to Users and/or report such Users to the authorized government bodies, if they do not provide the Company with requested data, documents and/or information in accordance with applicable laws.
    4. In the framework of Due diligence and at any time the Company may also send a User an AML/KYC Questionnaire, which shall mean a series of questions and/or a video-call with the Company’s Compliance Department in order to detect and identify the intent and the source of funds, that are subject to User’s business, transactions and activities, as well as to rule out any illicit purpose.
    5. During the duration of the Agreement or during further Services, BitflowStock checks the validity and completeness of your identification data, information and/or documents.
  11. Risk Assessment
    1. BitflowStock, in line with the international requirements, has adopted RBA to combating money laundering and terrorist financing.
    2. By adopting RBA, BitflowStock is able to ensure that measures to prevent or mitigate money laundering and terrorist financing are commensurate to the identified risks.
    3. Based on the risk assessment, BitflowStock can change the limits for carrying out identification and ongoing risk assessment and control (inspections) at any time, or introduce new limits for individual types of transactions and/or other operations.
    4. When carrying out risk assessment, as well as initial and/or ongoing Procedures, the Company takes into account the risk factors, including the User’s and the geographical risk characteristics.
    5. When carrying out risk assessment, the Company takes into account the untruthful, false and/or incomplete data, information, documents and facts, including but not limited to discrepancies in ID documents provided, fictitious person, stolen identity, previous financial crime record, terrorist record, wanted person and so on.
    6. When carrying out risk assessment, the Company also pays attention to the performance of suspicious, high-volume and unusual transactions and/or series of linked transactions by its User(s).
    7. When carrying out risk assessment, the Company, in accordance with its internal procedure rules, may apply simplified or enhanced AML/KYC measures in accordance with the AML/CFT Laws and based on the results (outcomes) of the risk assessment
    8. The Company has its own developed and implemented list of countries, with whom it does not work with. The list of countries is based on the list of countries identified by the EU as high risk, as well as the list of countries identified as being at risk by the Financial Action Task Force (FATF). The lists created by EU and FATF are essential for assessing the risk of Users, transactions and/or business relationships.
    9. The BitflowStock's strategy will allow resources to be allocated in the most efficient ways. The principle is that resources should be directed in accordance with priorities so that the greatest risks receive the highest attention.
  12. Monitoring Transactions
    1. The Users are known not only by verifying their identity (who they are) but, more importantly, by analyzing their transactional patterns (what they do).
    2. The Company carries out ongoing monitoring of activities to prevent money laundering, terrorism financing, and other illegal activities. As part of the monitoring activities, the Company:
      1. Checks transactions of its Users;
      2. when it is necessary, identifies and requests the User’s source of funds;
      3. Pays additional and special attention to suspicious, high-volume and unusual transaction(s) or series of linked transactions;
      4. Pays additional and special attention to transactions made by Users from countries with a risk of money laundering, terrorism financing and any other illegal activities, higher than usual.
      5. Applies other monitoring steps and requirements in strict accordance with the AML/CFT Laws.
    3. BitflowStock relies on its data analysis including risk-assessment and suspicion detection tools.
    4. BitflowStock performs a variety of compliance-related tasks, including capturing data, filtering, record-keeping, investigation management, and reporting.
    5. BitflowStock monitors all transactions and it reserves the right to:
      1. ensure that suspicious transactions are reported to the Compliance Officer and MLRO;
      2. request the User/Partner to provide any additional data, information and documents in case of suspicious transactions;
      3. suspend or terminate User’s Account and/or Services when BitflowStockhas reasonably suspicion that such User engaged in Criminal Offenses and/or any other illegal activity.
    6. The above list is not exhaustive and the Compliance Officer (MLCO) will monitor Users’ transactions on a day-to-day basis in order to define whether such transactions are to be reported and treated as suspicious or are to be treated as bona fide.
  13. Red Flags and other Risk Factors
    1. BitflowStock establishes a non-exhaustive list of red flags indicating the features of potential fraudulent and other illegal activities, as well as provide guidance on how to respond to these Risk factors, described below in this Section.
    2. BitflowStock always conducts KYC/KYB procedures to duly and properly identify and verify its Users’/Partners’ identities in accordance with the applicable laws, regulations and best practices. Users are required to promptly update their Personal Data (Personal Information) when changes occur.
    3. BitflowStock terminates the provision of its Services, transactions and other operations, if its User/Partner is involved in any type of financial manipulations, wash trading, or spoofing.
    4. BitflowStock also terminates the provision of its services, transactions and other operations, if its user provides false or misleading identity information until the identity verification of such a user is completed correctly.
    5. BitflowStock investigates any accounts, transactions and/or operations, engaged in suspicious or manipulative Users’/Partners’ activities.
    6. BitflowStock encourages its users to report all phishing attempts to our Support Team address for our immediate investigation.
    7. BitflowStock takes reports of Fraud and phishing attempts seriously and are committed to safeguarding our users from such activities. Such reports will help us maintain a secure and trustworthy trading environment.
    8. BitflowStock implements strong cybersecurity measures to protect customer data and assets, including encryption, regular security assessments and so on.
    9. Users who provide false or misleading identity information may have their accounts suspended until identity verification is completed correctly.
    10. Multiple accounts under the same identity information, as well as frequent and large deposits from unverified or high-risk sources will be flagged for review.
    11. The User should comply with the following clear instructions (steps) for reporting any suspicious activity, fraud and/or phishing attempts at: [email protected]
      1. In the subject line of the email, use a clear and descriptive phrase, such as "Fraud Report" or "Phishing Attempt"
      2. In the email body, the User should provide the following information:
        1. His/her full name and username on the platform (if applicable).
        2. A detailed description of the fraudulent or phishing activity the User encountered, including any relevant dates, times, and affected accounts.
        3. Any and all evidences and/or screenshots related to the incident (if available).
      3. The User should not include any sensitive personal or account information in the email, such as its password or account credentials. BitflowStock will never ask for such information via email.
      4. After composing the email, the User should click the "Send" button to submit report.
      5. The User will receive an email confirmation acknowledging receipt of his/her report. Bitflow’s Support Team will review the information provided and, if necessary, initiate an investigation or ask for more details.
    12. In case of any further questions or concerns, the User should reach out to our Support Team for assistance.
    13. In an event that the Company reasonably suspects suspicious transaction(s), it shall conduct additional questioning regarding the User’s activity by the means of the AML/KYC Questionnaire, and request any additional data, documents and/or information, that may be required for these purposes and in accordance with applicable AML/CFT Laws, as well as regulatory requirements and guidelines.
    14. In case the User has not provided any data, document, information and explanation about the suspicious transaction(s), a complete set of requested documents, and/or has presented suspicious or unusual data, documents and other information that the Company cannot verify, the Company will reasonably suspect that the User’s business, activities and transaction(s) may be connected to money laundering, terrorism financing or other illegal activity, business and transaction(s). In such cases the Company files a report on the website of authorized government body, reporting the suspicious activity, business and transaction(s) and reserves the right to suspend the User’s account, suspected of such activities, business and transaction(s) at its sole discretion.
  14. Obligations of the client and the consequences of their violation
    1. It is the User's/Partner's duty to provide BitflowStock with the data, documents and/or information necessary to carry out the identification, verification and control, including the submission of the relevant documents, and all cooperation necessary to fulfill the obligations arising from the Czech AML/CFT Act and other applicable laws and regulations.
    2. Failure to submit to identification, verification, control and/or inspection or failure to provide the necessary cooperation on your part will result in the refusal to carry out our Services or the termination of the Agreement.
    3. We are obliged to report suspicious transactions to the Office without undue delay, which will then decide on further measures.
    4. In the case of a suspicious transaction, the processing of your order may be delayed, or your property may be seized, in accordance with the decision of the Office.
  15. Whistleblowing Provisions
    1. In accordance with Act No. 171/2023 Sb., the Whistleblower Protection Act, which was adopted by the Parliament of the Czech Republic on June 2, 2023, published in Collection 86/2023, and has been effective from August 1, 2023 (hereinafter referred to as the “Act”), reports regarding violations should pertain to the following areas, as outlined in § 2(1)(d) of the Act:
      • Corruption, bribery, and abuse of power
      • Public procurement violations and unfair competition
      • Financial services, products, and markets, including securities and investment fraud
      • Anti-money laundering (AML) and countering the financing of terrorism (CFT)
      • Product safety, quality standards, and compliance with regulatory requirements
      • Transport safety, including road, air, and maritime regulations
      • Environmental protection, climate regulations, and sustainable development policies;
      • Radiological protection, nuclear safety, and hazardous materials management.
      • Food and feed safety, including production, distribution, and labeling compliance.
      • Animal health, welfare, and ethical treatment.
      • Public health, occupational safety, and healthcare system compliance;
      • Consumer protection, fair trade, and prevention of deceptive business practices;
      • Protection of privacy, personal data, and cybersecurity regulations
      • Security of networks, ICT systems, and critical infrastructure
      • Protection of financial interests of the Czech Republic, local government units, and the European Union
      • Regulations governing the internal market of the European Union, including competition law, state aid, and corporate taxation
      • Fundamental human rights and constitutional freedoms in interactions between individuals, businesses, and public authorities.
    2. The Company treats all reports of potential misconduct with the utmost seriousness, ensuring strict confidentiality and compliance with § 7 of the Act, which protects whistleblowers from retaliation. Reports that meet the legal criteria outlined in § 2(1) will be reviewed and investigated in accordance with the established internal procedures and legal obligations.
    3. The Company ensures that all employees and associated individuals are aware of the procedures for reporting information about infringements. These procedures are designed to protect the public interest and facilitate the prevention and detection of any actions that may harm the public good.
    4. Individuals may report information about infringements through internal whistleblowing channels or directly to the competent authority.
    5. Reports should be made in good faith and with a reasonable belief that the information is correct. The Company will not hold individuals liable for reporting unless it is proven that they had no reasonable grounds to believe the information was correct. Anonymous reports are also subject to protection measures if the identity of the person becomes known and protection against adverse actions is necessary.
    6. Direct reporting to the competent authority is appropriate in the following circumstances:
    7. The infringement is of essential importance to the public interest.
    8. Immediate action is required to prevent or stop the infringement due to the potential for serious harm.
    9. The heads of the institution or those with institutional ties are likely involved in the infringement.
    10. Previous reports through internal channels have not been addressed or the response has been inadequate.
    11. Reporting through internal channels may risk the whistleblower's anonymity or lead to attempts to conceal the infringement.
    12. The institution lacks a functioning internal whistleblowing channel or the individual is no longer affiliated with the institution and cannot access internal channels.
    13. A report to the competent authority should include specific factual circumstances of the infringement, the individuals involved, and any previous reports made regarding the infringement. Where possible, written or other available evidence should be attached to the report.
    14. No protection is given if the report is knowingly false.
  16. Whistleblowing Procedures
    1. This AML Policy is a binding, integral and mandatory part of the Bitflow's Terms of Use, and BitflowStock can unilaterally change, amend and/or supplement it at any time. This AML Policy is a part of the BitflowStock’s Additional Documents.
    2. By confirming Your consent to the BitflowStock's Terms of Use, You confirm that You have thoroughly read and accepted this AML Policy as well.
    3. If You have any questions about this AML Policy, procedures and/or any other AML/KYC-related matters, requests, or any complaints about BitflowStock’s Services, please contact us at: https://bitflowstock.com/support or via the following e-mail address: [email protected].