Version: v2

KYC/AML Policy

Nexchange is committed to maintaining the highest standards of regulatory compliance and preventing financial crimes through comprehensive Know Your Customer (KYC) and Anti-Money Laundering (AML) procedures.

Overview

Our KYC/AML program is designed to:

Prevent Financial Crimes: Block money laundering, terrorist financing, and other illicit activities
Ensure Regulatory Compliance: Meet international AML/KYC standards and regulations
Protect Users: Safeguard legitimate users and their funds
Maintain Service Integrity: Preserve the security and reputation of our platform

API Integration and Compliance

No Direct KYC Required

No User Registration

The Nexchange API does not require user registration or direct KYC collection through the API. However, compliance measures are applied at the transaction level.

Transaction Monitoring

All transactions processed through the Nexchange API are subject to:

Real-time screening against international sanctions lists
Transaction pattern analysis for suspicious activity detection
Risk-based assessments based on transaction amounts and frequency
Blockchain analysis to identify high-risk sources and destinations

Risk-Based Approach

We apply a risk-based approach to transaction processing:

Low Risk Transactions

Standard processing times
Automated approval for most transactions
Minimal additional verification required

Medium Risk Transactions

Additional verification may be required
Longer processing times possible
Enhanced transaction monitoring

High Risk Transactions

Manual review process
Extended verification procedures
Potential transaction rejection

Prohibited Activities

The following activities are strictly prohibited when using Nexchange API:

Forbidden Use Cases

❌ Money Laundering: Using the service to obscure the origin of illicit funds

❌ Terrorist Financing: Providing financial support to terrorist organizations

❌ Sanctions Evasion: Circumventing international economic sanctions

❌ Fraud: Using stolen or fraudulently obtained funds

❌ Dark Web Activities: Processing funds from illegal marketplace transactions

❌ Ransomware: Laundering proceeds from ransomware attacks

Prohibited Jurisdictions

Transactions may be restricted or prohibited for users from:

Countries under international sanctions
High-risk jurisdictions identified by FATF
Regions with inadequate AML frameworks

Compliance Monitoring

All transactions are monitored for compliance violations. Suspicious activity will result in transaction holds, account freezes, and reporting to relevant authorities.

Developer Compliance Responsibilities

Integration Requirements

When integrating Nexchange API, developers must:

1. Implement Proper Controls

2. Maintain Audit Trails

3. Implement Address Screening

Record Keeping Requirements

Maintain records of:

All transaction attempts (successful and failed)
User IP addresses and geolocation data
Risk assessment results for each transaction
Compliance decisions and their justifications
Any suspicious activity detected

Reporting Obligations

Suspicious Activity Reporting

When suspicious activity is detected, developers must:

Immediately halt the transaction
Document the suspicious activity with detailed records
Report to relevant authorities within required timeframes
Preserve all related records for investigation

Transaction Limits and Thresholds

Standard Limits

Daily Limit: $10,000 USD equivalent per user/IP
Monthly Limit: $50,000 USD equivalent per user/IP
Single Transaction: $5,000 USD equivalent maximum

Enhanced Due Diligence Triggers

Transactions triggering enhanced screening:

Large Transactions: Over $3,000 USD equivalent
Frequent Trading: Multiple transactions within short timeframes
High-Risk Pairs: Certain currency combinations
Geographic Risk: Users from high-risk jurisdictions

Velocity Controls

Data Protection and Privacy

Privacy Principles

Data Minimization: Collect only necessary information
Purpose Limitation: Use data only for compliance purposes
Retention Limits: Retain records only as required by law
Security Measures: Implement appropriate technical safeguards

Data Retention

We retain transaction and compliance records for:

Financial Records: 5 years minimum
Suspicious Activity Reports: 5 years minimum
Audit Logs: 7 years for regulatory compliance
User Data: As required by applicable law

Regulatory Compliance

International Standards

Our AML/KYC program complies with:

FATF Recommendations: Financial Action Task Force guidelines
EU AML Directives: European Union anti-money laundering laws
US Bank Secrecy Act: American AML requirements
Local Jurisdictions: Applicable local regulations

Ongoing Monitoring

We continuously monitor:

Regulatory Changes: Updates to AML/KYC requirements
Sanctions Lists: OFAC, UN, EU, and other sanctions databases
Risk Indicators: Emerging threats and typologies
Best Practices: Industry standards and recommendations

Support and Compliance Assistance

For Developers

If you need assistance with compliance implementation:

Technical Support: Help with compliance-related integration issues
Documentation: Additional guidance on regulatory requirements
Best Practices: Recommendations for compliant integration patterns

Contact Information

For compliance-related inquiries:

Email: compliance@nexchange.io
Response Time: 24-48 hours for compliance matters
Escalation: Available for urgent compliance issues

Compliance Checklist

Before launching your integration:

Jurisdiction Check: Verify service availability in your jurisdiction
Risk Assessment: Implement transaction risk scoring
Address Screening: Screen all withdrawal addresses
Velocity Controls: Implement transaction frequency limits
Audit Logging: Maintain comprehensive transaction logs
Suspicious Activity: Implement detection and reporting procedures
Record Keeping: Establish compliant record retention
Staff Training: Ensure team understands compliance requirements

Legal Disclaimer

This document provides general information about our compliance practices. It does not constitute legal advice. Consult with qualified legal counsel for specific compliance requirements in your jurisdiction.

Next Steps

FAQ - Common compliance questions answered

Questions about compliance? Contact our compliance team for guidance on implementing compliant integrations.

Overview​

API Integration and Compliance​

No Direct KYC Required​

Transaction Monitoring​

Risk-Based Approach​

Low Risk Transactions​

Medium Risk Transactions​

High Risk Transactions​

Prohibited Activities​

Forbidden Use Cases​

Prohibited Jurisdictions​

Developer Compliance Responsibilities​

Integration Requirements​

1. Implement Proper Controls​

2. Maintain Audit Trails​

3. Implement Address Screening​

Record Keeping Requirements​

Reporting Obligations​

Suspicious Activity Reporting​

Transaction Limits and Thresholds​

Standard Limits​

Enhanced Due Diligence Triggers​

Velocity Controls​

Data Protection and Privacy​

Privacy Principles​

Data Retention​

Regulatory Compliance​

International Standards​

Ongoing Monitoring​

Support and Compliance Assistance​

For Developers​

Contact Information​

Compliance Checklist​

Next Steps​