Version: v1

KYC/AML Policy

Nexchange is committed to maintaining the highest standards of regulatory compliance and preventing financial crimes through comprehensive Know Your Customer (KYC) and Anti-Money Laundering (AML) procedures.

Overview

Our KYC/AML program is designed to:

Prevent Financial Crimes: Block money laundering, terrorist financing, and other illicit activities
Ensure Regulatory Compliance: Meet international AML/KYC standards and regulations
Protect Users: Safeguard legitimate users and their funds
Maintain Service Integrity: Preserve the security and reputation of our platform

API Integration and Compliance

No Direct KYC Required

No User Registration

The Nexchange API does not require user registration or direct KYC collection through the API. However, compliance measures are applied at the transaction level.

Transaction Monitoring

All transactions processed through the Nexchange API are subject to:

Real-time screening against international sanctions lists
Transaction pattern analysis for suspicious activity detection
Risk-based assessments based on transaction amounts and frequency
Blockchain analysis to identify high-risk sources and destinations

Risk-Based Approach

We apply a risk-based approach to transaction processing:

Low Risk Transactions

Standard processing times
Automated approval for most transactions
Minimal additional verification required

Medium Risk Transactions

Additional verification may be required
Longer processing times possible
Enhanced transaction monitoring

High Risk Transactions

Manual review process
Extended verification procedures
Potential transaction rejection

Prohibited Activities

The following activities are strictly prohibited when using Nexchange API:

Forbidden Use Cases

❌ Money Laundering: Using the service to obscure the origin of illicit funds

❌ Terrorist Financing: Providing financial support to terrorist organizations

❌ Sanctions Evasion: Circumventing international economic sanctions

❌ Fraud: Using stolen or fraudulently obtained funds

❌ Dark Web Activities: Processing funds from illegal marketplace transactions

❌ Ransomware: Laundering proceeds from ransomware attacks

Prohibited Jurisdictions

Transactions may be restricted or prohibited for users from:

Countries under international sanctions
High-risk jurisdictions identified by FATF
Regions with inadequate AML frameworks

Compliance Monitoring

All transactions are monitored for compliance violations. Suspicious activity will result in transaction holds, account freezes, and reporting to relevant authorities.

Developer Compliance Responsibilities

Integration Requirements

When integrating Nexchange API, developers must:

1. Implement Proper Controls

Pre-Transaction Validation:

Verify user jurisdiction compliance
Screen withdrawal addresses against blocklists
Implement transaction size limits
Apply velocity controls

Example of compliant order creation:

Response includes minimum/maximum limits for compliance:

Create order only after validating compliance requirements:

2. Maintain Audit Trails

Required Logging:

All transaction attempts (successful and failed)
User IP addresses and geolocation data
Risk assessment results for each transaction
Compliance decisions and their justifications
Any suspicious activity detected

Transaction Status Monitoring:

Response includes compliance status information:

3. Address Screening Requirements

Mandatory Checks:

Screen against OFAC SDN list
Check blockchain analysis providers
Verify address ownership when possible
Monitor for high-risk address indicators

Record Keeping Requirements

Maintain records of:

All transaction attempts (successful and failed)
User IP addresses and geolocation data
Risk assessment results for each transaction
Compliance decisions and their justifications
Any suspicious activity detected

Reporting Obligations

Suspicious Activity Reporting

When suspicious activity is detected, developers must:

Immediately halt the transaction
Document the suspicious activity with detailed records
Report to relevant authorities within required timeframes
Preserve all related records for investigation

API Response for Flagged Transactions:

If a transaction is flagged during compliance screening, the API may return:

Error response for flagged transaction:

Transaction Limits and Thresholds

Standard Limits

Daily Limit: $10,000 USD equivalent per user/IP
Monthly Limit: $50,000 USD equivalent per user/IP
Single Transaction: $5,000 USD equivalent maximum

Enhanced Due Diligence Triggers

Transactions triggering enhanced screening:

Large Transactions: Over $3,000 USD equivalent
Frequent Trading: Multiple transactions within short timeframes
High-Risk Pairs: Certain currency combinations
Geographic Risk: Users from high-risk jurisdictions

API Limit Responses

When limits are exceeded, the API returns specific error codes:

Daily Limit Exceeded:

Single Transaction Limit:

Data Protection and Privacy

Privacy Principles

Data Minimization: Collect only necessary information
Purpose Limitation: Use data only for compliance purposes
Retention Limits: Retain records only as required by law
Security Measures: Implement appropriate technical safeguards

Data Retention

We retain transaction and compliance records for:

Financial Records: 5 years minimum
Suspicious Activity Reports: 5 years minimum
Audit Logs: 7 years for regulatory compliance
User Data: As required by applicable law

Regulatory Compliance

International Standards

Our AML/KYC program complies with:

FATF Recommendations: Financial Action Task Force guidelines
EU AML Directives: European Union anti-money laundering laws
US Bank Secrecy Act: American AML requirements
Local Jurisdictions: Applicable local regulations

Ongoing Monitoring

We continuously monitor:

Regulatory Changes: Updates to AML/KYC requirements
Sanctions Lists: OFAC, UN, EU, and other sanctions databases
Risk Indicators: Emerging threats and typologies
Best Practices: Industry standards and recommendations

API Error Codes and Compliance

Error Code	Description	Action Required
`COMPLIANCE_REVIEW`	Transaction flagged for manual review	Wait for review completion
`RESTRICTED_JURISDICTION`	User from prohibited jurisdiction	Transaction not permitted
`BLOCKED_ADDRESS`	Withdrawal address on blocklist	Use different address
`DAILY_LIMIT_EXCEEDED`	Daily transaction limit reached	Wait until limit resets
`SUSPICIOUS_ACTIVITY`	Transaction pattern flagged	Contact compliance team

Handling Compliance Errors

Example Error Response:

Support and Compliance Assistance

For Developers

If you need assistance with compliance implementation:

Technical Support: Help with compliance-related integration issues
Documentation: Additional guidance on regulatory requirements
Best Practices: Recommendations for compliant integration patterns

Contact Information

For compliance-related inquiries:

Email: compliance@nexchange.io
Response Time: 24-48 hours for compliance matters
Escalation: Available for urgent compliance issues

Compliance Checklist

Before launching your integration:

Jurisdiction Check: Verify service availability in your jurisdiction
Transaction Limits: Implement and respect API transaction limits
Address Validation: Validate withdrawal addresses before order creation
Error Handling: Properly handle all compliance-related error codes
Audit Logging: Maintain comprehensive transaction logs
Suspicious Activity: Implement detection and reporting procedures
Record Keeping: Establish compliant record retention policies
Staff Training: Ensure team understands compliance requirements

API Integration Best Practices

Pre-Transaction Checks

Validate Currency Pairs: Ensure trading pair is active
Check Amount Limits: Verify amount is within allowed range
Screen Addresses: Validate withdrawal address format and compliance
Rate Verification: Confirm rates are current and valid

During Transaction

Monitor Status: Track transaction progress through API
Handle Delays: Account for compliance review delays
Log Everything: Maintain detailed audit trails
Error Recovery: Implement proper error handling for compliance issues

Post-Transaction

Confirmation Monitoring: Track final transaction status
Record Retention: Store transaction records per retention requirements
Reporting: Generate compliance reports as needed

Legal Disclaimer

This document provides general information about our compliance practices. It does not constitute legal advice. Consult with qualified legal counsel for specific compliance requirements in your jurisdiction.

Next Steps

FAQ - Common compliance questions answered

Questions about compliance? Contact our compliance team for guidance on implementing compliant integrations.

Overview​

API Integration and Compliance​

No Direct KYC Required​

Transaction Monitoring​

Risk-Based Approach​

Low Risk Transactions​

Medium Risk Transactions​

High Risk Transactions​

Prohibited Activities​

Forbidden Use Cases​

Prohibited Jurisdictions​

Developer Compliance Responsibilities​

Integration Requirements​

1. Implement Proper Controls​

2. Maintain Audit Trails​

3. Address Screening Requirements​

Record Keeping Requirements​

Reporting Obligations​

Suspicious Activity Reporting​

Transaction Limits and Thresholds​

Standard Limits​

Enhanced Due Diligence Triggers​

API Limit Responses​

Data Protection and Privacy​

Privacy Principles​

Data Retention​

Regulatory Compliance​

International Standards​

Ongoing Monitoring​

API Error Codes and Compliance​

Compliance-Related Error Codes​

Handling Compliance Errors​

Support and Compliance Assistance​

For Developers​

Contact Information​

Compliance Checklist​

API Integration Best Practices​

Pre-Transaction Checks​

During Transaction​

Post-Transaction​

Next Steps​