EBANX Compliance and Legal Hub

For Merchant

Other Documents
EBANX Values
Code of Conduct
Socio-environmental Responsibility Policy
Information Security Policy
Information Security for Third Parties
Responsible Security Vulnerability Disclosure Policy
Gifts, Presents and Hospitality for Third Parties
Sustainability Report 2022
Prohibited Products and Services
EBANX Supply and Partnership Standard
Policy Anti-Bribery and Corruption
Anti-Money Laundering And Counter Financing Of Terrorism Policy
Business Continuity Management
Standard for Vendors and Partners
Corporate Governance Policy

Anti-Money Laundering And Counter Financing Of Terrorism Policy

February 26, 2026

1 - Introduction and Objectives


This Policy is an extension of the EBANX Code of Conduct. Its objective is to establish the expected conduct of ebankers regarding the Prevention of and Combating Money Laundering and Terrorism Financing.

EBANX has zero tolerance for money laundering and is committed to mitigating the risks of money laundering, following all applicable local and international regulations. EBANX will take the necessary preventative measures, promptly investigate any suspicion of money laundering, and cooperate unrestrictedly with the competent authorities. EBANX Senior Management supports, supervises, and is committed to the effectiveness and continuous improvement of the AML/CFT Program.

The Global Policy for the Prevention of and Combating Money Laundering and Terrorism Financing is reviewed at least annually, or whenever there are significant changes in laws, regulations, or the business risk profile, to achieve the best practices for EBANX. The review is carried out through:

  • Regular review of media reports relevant to the sector or jurisdiction in which EBANX operates;

  • Regular review of law enforcement alerts and reports;

  • Attention to changes in terror alerts and sanctions regimes as they occur;

  • Review of thematic and similar publications published by competent authorities;

  • Review of national, UK, EU, US, and intergovernmental organization guidelines, such as the FATF (Financial Action Task Force), which develop policies to combat AML/CFT. These guidelines are adjusted to meet the specific requirements of each jurisdiction where EBANX operates, in order to define effective rules, policies, and procedures against money laundering and terrorism financing. Where there is no guidance, Compliance will seek guidance from the lawyer (internal/external) and formally validate the opinions provided before implementation.


2 - Scope and Users

This document applies to all ebankers, subsidiaries, affiliated entities, products, and EBANX companies, in all locations where EBANX operates, both in the country where they are registered and abroad, including:

  • Partners and shareholders

  • Directors

  • Employees

  • Temporary staff

  • Interns

  • Apprentices

Individuals and companies in business relationships with EBANX, including suppliers and business partners, are also required to comply with the rules established in this Policy.


3 - Terms and Definitions


Money Laundering

Money laundering refers to the process of disguising the illicit origin of financial assets or goods, derived from criminal activities, in order to integrate them into the formal economic system as if they were legitimate. Any resource obtained through illicit activities can be subject to money laundering. 

Examples of crimes frequently associated with money laundering include: theft, fraud, corruption, bribery, insider trading, drug trafficking, smuggling, embezzlement, tax evasion, among others. 

The three stages of money laundering are typically:

  • Placement: This is the first phase of money laundering. It involves the insertion of the asset derived from illegal activity into the formal economy.

  • Layering: This second phase consists of further separating the illicit assets from their source by creating complex layers of financial transactions designed to disguise the traceability of the money and allow anonymity.

  • Integration: The final phase consists of giving apparent legitimacy to assets derived from crimes. If the layering phase was successful, integration schemes insert the laundered money back into the economy in a way that these assets remain in the financial system appearing to be funds whose origin is regular and lawful.

EBANX employs specific controls to identify, disrupt, and report suspicious activities at each stage of money laundering, including technological monitoring tools and detailed transaction analysis.

Based on various applicable laws, regulations, and regulatory guidelines from the FATF and other international best practices, EBANX ensures compliance with applicable international and local regulations, always adopting the most stringent standards among them. Where local regulations are stricter than the standards of this Policy, they shall prevail.

If the minimum standards established in this Policy cannot be applied in any country because their application would conflict with local legislation or because they could not be imposed for other legal reasons, EBANX will not initiate, continue, or conduct business relations in that territory. If a business relationship already exists in that country, EBANX must ensure that it is terminated, regardless of other contractual or legal obligations.


Terrorist Financing

Terrorism financing is defined as any and all involvement, direct or indirect, with resources or properties that certainly or probably will be used for terrorist purposes, regardless of the regularity or legality of their origin.

For the purpose of this Policy, terrorism financing is directly related to money laundering, including any activities that involve financial or material support for terrorist acts or related groups.

EBANX follows the FATF recommendations and local and international regulations to identify, prevent, and mitigate risks related to terrorism financing, adopting a zero-tolerance approach.


4 - Guidelines


4.1 Organizational Structure

The Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) program is developed and managed by the Global Risk & Compliance (GRC) department. Local Money Laundering Reporting Officers (MLROs) report to the Head of Compliance. The main responsibility of the MLRO is to ensure that, when appropriate, information or other means that lead to knowledge, suspicion, or reasons for knowledge or suspicion of money laundering are duly reported to the competent authorities.

Compliance processes are centralized in the Global Risk & Compliance structure, headquartered in Brazil, which is responsible for defining the general guidelines and implementing AML/CFT-related processes. EBANX subsidiaries and affiliates must respect these guidelines, including the creation of specific normative documents to adapt to the business model of each one, if necessary. This way, EBANX ensures respect for global management and the independence of the Compliance segments.

To comply with AML/CFT laws and global best practices, EBANX has a Regulatory structure, one of whose responsibilities is the analysis of legislation and the identification of eventual gaps or improvements.

To ensure that the necessary AML/CFT controls are effectively implemented, EBANX Internal Audit conducts annual assessments of the AML/CFT Program, providing reports to the Global Risk & Compliance area on the effectiveness of the AML/CFT processes. The EBANX Internal Controls team is responsible for analyzing these reports and developing action plans to create effective controls to mitigate AML/CFT risks

All ebankers must be attentive to this Policy and seek to prevent and detect actions, operations, or transactions that show atypical characteristics, in order to combat Money Laundering and Terrorism Financing. 

To comply with this Policy, ebankers are instructed to:

  • Report any and all situations considered atypical or suspicious through the appropriate channels established by the company, including the Whistleblower Channel (Helpline), when applicable.

  • Act with diligence and probity in supporting the AML/CFT process, ensuring the accuracy of the information provided and actively collaborating in internal investigations related to requests for products, services, and operations;

  • Disseminate the culture of Prevention of and Combating Money Laundering and Terrorism Financing;

  • Participate in training seminars and updates on Money Laundering Prevention and Combating Terrorism Financing, ensuring the practical application of the acquired knowledge.


4.2 Risks

EBANX must adopt a risk-based approach in order to assess the most effective and proportional way to identify, delineate, qualify, prevent, manage, and mitigate risks of money laundering and terrorism financing. The steps EBANX will take to achieve this objective are:

  • Identify the relevant money laundering risks;

  • Assess the risks present in clients, products, services, transactions, delivery channels, partners and service providers, employees, and geographic areas of EBANX operation;

  • Continuously monitor using advanced technological tools, manual analyses, and periodic reviews, when applicable, to identify, assess, and mitigate emerging risks of money laundering and terrorism financing.

The identified risks must be classified by criticality levels (low, medium, high), with controls designed to mitigate them proportionally to the assessed risk level. 

Risk assessment is used for EBANX activities such as:

  • Designing and implementing controls to prevent, manage, and mitigate assessed risks.

  • Monitoring and improving the effective operation of these controls.

EBANX risk assessment uses the following sources when determining the risks of a jurisdiction:

  • Basel Committee;

  • Embargoes and Other Special Controls imposed by the Office of Industry and Security of the United States Department of Commerce;

  • Office of International Narcotics and Law Enforcement Affairs of the United States Department of State;

  • Financial Action Task Force (FATF);

  • Egmont Group;

  • Non-cooperative jurisdictions for tax purposes and countries with pending commitments listed by the Council of the European Union;

  • Know Your Country;

  • Map of Prohibited Exports, Imports, and Sales disclosed by the Office of the Federal Register of the National Archives and Records Administration and the Office of the Government Publishing of the United States of America;

  • Sanctions Map of the Council of the European Union;

  • Sanctions Map of the United Nations Security Council;

  • Sanctioned Countries and Regimes OFAC (Office of Foreign Assets Control);

    • Regimes/areas to which complex financial and commercial sanctions have been imposed are blocked for any type of business with EBANX.

  • High-Risk Countries with Strategic Deficiencies listed by the European Union;

  • Countries of residence of entities subject to Export Administration Regulations disclosed by the Office of Industry and Security of the United States Department of Commerce;

  • Reports from UNODC (United Nations Office on Drugs and Crime);

  • Financial Sanctions imposed by the Monetary Authority of Singapore;

  • Financial Sanctions imposed by the Government of the United Kingdom;

  • United States Digital Service;

  • Transparency International.

EBANX will assess the risk of each client considering, among other criteria, the status of a Politically Exposed Person (PEP) or Prominent Influencer (PIP), the use of intermediaries, the purpose of their relationship, the level of assets, the volume of transactions to be executed, the regularity and/or duration of the business relationship, among other criteria.

The risk assessment will also consider factors related to the client, the products and services offered, the transactions, the delivery channels, and the geographic areas involved. Additionally, elements such as the country of registration and the time the company was opened, the presence of politically exposed or sanctioned individuals in its corporate structure, the intended countries for processing, and the total volume of payments, estimated or realized, will be assessed. These lists are not exhaustive:

Low-risk geographic factors:

  • Countries that have effective Money Laundering Prevention systems;

  • Countries that have a low index of corruption and other criminal activities, according to reliable sources;

  • Countries that, according to reliable sources, have requirements to combat money laundering and terrorism financing and effectively implement them.

High-risk geographic factors:

  • Countries that do not have effective Money Laundering Prevention systems;

  • Countries that have a significant index of corruption and other criminal activities, according to reliable sources;

  • Countries subject to sanctions, embargoes, or similar measures applied, for example, by the United Nations Organization (UN);

  • Countries that finance or support terrorist activities or that have organizations considered terrorist in their territory.

Low-risk customer factors:

  • Public companies listed on stock exchanges and subject to disclosure rules (either due to market rules or legal obligation) that impose requirements to ensure adequate transparency of their ultimate beneficial owners;

  • Clients residing in low-risk geographic areas.

High-risk customer factors:

  • Business relationship conducted in unusual circumstances;

  • Clients residing in high-risk geographic areas;

  • Individuals who are Politically Exposed Persons (PEP) or Prominent Influencers (PIP) and companies that have these individuals as shareholders and/or legal representatives;

  • Companies whose corporate structure appears to be unusual or excessively complex, given the nature of the company's business;

  • Non-governmental organizations (NGOs) and non-profit entities due to the risk of fund diversion for Terrorism Financing (TF);

  • Businesses that have a high flow of physical cash, due to the high risk of Money Laundering (ML).

Low-risk product, service, transaction, or delivery channel factors:

  • Financial products or services that offer defined and limited services to certain types of clients, in order to increase access for the purpose of financial inclusion;

  • Products in which the risk of money laundering and terrorism financing is mitigated by other factors, such as transparency in the corporate structure.

High-risk product, service, transaction, or delivery channel factors:

  • Products or transactions that may favor anonymity;

  • Business relationships or virtual transactions without safeguards, such as digital signatures;

  • Payments received by unknown or unassociated third parties;

  • New products and new business practices, including new delivery mechanisms and the use of new technologies for new and pre-existing products. 

The risk assessment of EBANX partners and service providers will consider the business modality, involvement with the public sector, the purpose of the relationship, the value of the remuneration and its regularity, and the geographic areas of operation.

Low-risk partner and service provider factors:

  • Private and public companies listed on stock exchanges and subject to disclosure rules (either due to market rules or legal obligation) that impose requirements to ensure adequate transparency of ultimate beneficial owners;

  • Partners or service providers from low-risk geographic areas;

  • One-time purchases and short-term contracts.

High-risk partner and service provider factors:

  • Business relationship conducted in unusual circumstances;

  • Clients residing in high-risk geographic areas;

  • Public companies or those with a relationship with the public sector;

  • Services or products provided by individuals;

  • Individuals who are Politically Exposed Persons (PEP) or Prominent Influencers (PIP) and companies that have these individuals as shareholders and/or legal representatives;

  • Companies whose corporate structure appears to be unusual or excessively complex, given the nature of the company's business;

  • Long-term contracts.

EBANX will assess the risk of its employees, taking into account involvement with the public sector, the relationship with clients, partners, and senior management members, the position, the area of operation, and the nationality.

High-risk employee factors:

  • Employees who are Politically Exposed Persons (PEP) or Prominent Influencers (PIP);

  • Employees residing in high-risk geographic areas;

  • Positions in the company's senior management;

  • Function performed in direct contact with management;

  • Function performed that enables direct or indirect access to the company's, clients', and/or partners' financial resources.

Clients, partners, service providers, and employees will be classified into risk categories – high, medium, or low. Those classified as "high risk" must undergo the Enhanced Due Diligence (EDD) process.


4.3 Due Diligence

A client is every individual or company (user or Merchant) to whom EBANX offers, intends to offer, or has offered a service and/or a product in the past. Thus, potential clients are also included in this concept. Anonymous clients or transactions from anonymous individuals or companies will not be accepted.

A partner is every individual or company (supplier, provider, financial institution, agent, referral, freelancer) that provides products and/or services or that has some type of commercial and/or strategic relationship with EBANX. An employee is every individual who has an employment relationship with EBANX.

An outsourced individual is every individual linked to a partner who provides service and has access to EBANX environments, either in person or digitally.

Before onboarding any new Merchant, user, partner, or employee, EBANX must execute the Due Diligence process, according to the criteria established in the respective normative documents. For the purposes of this Policy, Merchants, users, partners, outsourced individuals, and employees will be considered third parties. Some third parties will offer greater risk than others. For the risk level offered by a third party to be determined, all of them will go through a Due Diligence process and will have their risk defined by the Risk Assessment.

The Risk Matrix (Risk Scoring) is based on criteria related to geographic, financial, and third-party business risk factors, among others. These criteria will be classified as low, medium, and high risk, and a different score will be assigned to each risk level. The set of criteria will allow defining the risk that each third party represents to EBANX.

Due diligences are carried out according to the risk-based approach of each business unit. Third parties assessed as "medium risk" will undergo the Standard Due Diligence process. Those assessed as "high risk" will undergo Enhanced Customer Due Diligence.


4.3.1 Simplified Due Diligence

Simplified Due Diligence involves gathering information and documents that allow:

  • Identifying the third party and verifying their identity;

  • Establishing the nature of the business relationship;

  • Performing verification to identify whether the third party is a politically exposed person (PEP) and/or is subject to sanctions;

  • Ensuring that any person acting on behalf of the third party is authorized to do so, in addition to identifying and verifying that person.

  • Conducting adverse news and negative media checks for all risk categories. These checks are repeated during periodic reviews, with the review cycles determined based on the risk profile.

Once this process is concluded, the Risk Assessment will be executed, in order to determine the necessary level of due diligence.


4.3.2 Standard Due Diligence

In addition to the checks carried out in the Simplified Due Diligence process, third parties whose risk level is medium must undergo the Standard Due Diligence process, which involves:

  • Full identification and verification of any beneficial owner who holds 25% or more of the company. In certain jurisdictions, this percentage may vary according to local regulatory requirements; in these cases, EBANX will follow the threshold applicable to the specific legislation of the country. In the case of the ultimate beneficial owner being another company, the verification should be done only in relation to the shareholder company, and not its directors;

  • Conducting adverse news and negative media checks for all risk categories. These checks are repeated during periodic reviews, with the review cycles determined based on the risk profile. 

All employees and candidates selected for positions at any hierarchical level will undergo the Standard Due Diligence process, and Reinforced Diligence may be necessary if a risk factor is found that raises their risk classification.


4.3.3 Enhanced Due Diligence

In addition to the checks carried out in the Simplified and Standard Due Diligence processes, third parties classified as high risk must undergo the following checks:

  • Full identification and verification: of any beneficial owner who holds 25% or more of the company, except in certain jurisdictions where this percentage may vary according to local regulatory requirements; of the company's directors and the full understanding of the corporate structure until the individuals who exercise direct or indirect control are reached.

  • Full identification and verification of any companies incorporated in the name of an employee;

  • Conducting adverse news and negative media checks for all risk categories. These checks are repeated during periodic reviews, with the review cycles determined based on the risk profile.

Enhanced Due Diligence measures also include:

  • Increased review frequency, in order to verify whether EBANX remains able to manage the risk associated with the business relationship or the position held by the ebanker and to help identify any transactions that require further review;

  • Increased review frequency of the business relationship, in order to verify whether the third party's risk profile has changed and whether the risk remains manageable;

  • Obtaining approval from the Coordination and/or Management of the area to initiate or continue the business relationship, in order to ensure that senior management is aware of the risks to which EBANX is exposed and to allow them to make informed decisions about how able we are to manage those risks;

o Cases where Risk exposure is high and/or in cases where the area understands, after analysis, that the case has severity, they may be escalated to the Risk Committee for deliberation on the entry of a client/partner/supplier/collaborator, through a formal Risk Acceptance process.

  • Conducting transaction monitoring with greater frequency or depth, in order to identify any unusual or unexpected transactions that may raise suspicion of money laundering or terrorism financing. This may include establishing the third party's destination of funds or defining the reason for certain transactions.

The Due Diligence process must also be executed at any time when EBANX suspects or has reasons to suspect money laundering or when it is believed that any expired or inaccurate documents or information have been provided. Any business relationship with a Merchant, user, partner, service provider, or employee will be subject to constant monitoring, which may result in employees being asked, at any time, to perform Due Diligence or seek additional information about these individuals and companies. Business relationships, transactions, and other behaviors must be consistent with EBANX's knowledge of the Merchant, user, partner, employee, or outsourced individual, as well as their businesses, risk profiles, source of wealth, and source of funds (documents such as bank statements, tax declarations, or shareholder agreements are reviewed to verify the source of wealth and the source of funds).

When the risk exceeds the business appetite, the third party or employee will not be onboarded or hired by EBANX. If the requesting area believes that the opportunity is important enough and that alternative controls can reduce the identified risk, formal exceptions may be applied.


4.3.4 EBANX will not do business with:

  • Individuals or companies suspected of money laundering and/or terrorism financing;

  • Shell banks;

  • Individuals or companies for whom it has not been possible to complete the adequate level of Due Diligence, except in cases where alternative measures duly documented and approved by senior management have been adopted;

  • Users listed as unacceptable by EBANX Policies;

  • Companies based in sanctioned countries;

  • Legal entities established by individuals with the specific objective of managing assets for investments (personal asset-holding vehicles);

  • Companies that have nominee shareholders or bearer shares.

Furthermore, EBANX will not do business with any third party that involves activities or behaviors that may represent a significant risk to the company's reputation or regulatory compliance. Some business models are not accepted by EBANX. Such restrictions are publicly available in our list of restricted and prohibited products and services and can be accessed at the following electronic address: https://www.ebanx.com/en/legal/merchants/restricted-and-prohibited-products-and-services/. The list of restrictions is reviewed periodically and may be updated according to new regulations, internal requirements, or risk analysis. Other businesses, products, or services may be added to this list at any time.


4.3.5. Sanctions

EBANX must block Merchants, users, and/or entities originating from countries that disrespect sanctions programs, in order to ensure that the company does not do business with sanctioned individuals and organizations, thus combating the financing and proliferation of weapons of mass destruction.

Some jurisdictions represent exceptional risk in relation to money laundering and financial crimes. These jurisdictions are identified by the FATF as having weak controls or requiring action or are regimes sanctioned by the United States of America, the United Kingdom, and/or other nations. Furthermore, any jurisdiction or region that has deficient Compliance policies or is subject to commercial embargoes will be considered high risk. Geographic risk will be monitored and updated daily.

The verification and monitoring of Merchants, users, and partners regarding sanctions is carried out through a global database with access to various sanctions lists sought from various worldwide information sources. This process is updated in real-time to ensure that any change in the sanctions lists is immediately incorporated into the monitoring.


4.3.6 Compliance Review

Every active Merchant, partner, employee, or outsourced individual registered in our databases undergoes periodic reviews of their Identification and Qualification information, as well as Integration data - such as website and/or application, among others.

This periodic review is carried out taking into account the Risk Level (Risk Score) indicated at the time of their Onboarding at EBANX, being:

  • 1 year for High Risk

  • 3 years for Medium Risk

  • 5 years for Low Risk

Regardless of the review carried out within the aforementioned periods, any significant change regarding a Merchant's legal entity must trigger a Compliance review of that Merchant. It is the Merchant's responsibility to notify EBANX whenever there are changes regarding:

  • Corporate structure and control of the company (directors and beneficial owners);

  • Company controller;

  • Other persons authorized to sign for the company;

  • Negative media, at the time they are disclosed or known by the Merchant, or any relevant information.

Additionally, any change requested by the Merchant related to their integration with EBANX - alteration or inclusion of URL, Application, or any other data relevant to the operation - also results in a review of the same by Compliance. Furthermore, EBANX reserves the right to periodically review Merchant data, even if there are no changes, should there be significant modifications in the regulatory environment or the Merchant's risk profile.


4.4 Data Storage

EBANX must store the data of all details obtained for the purpose of identifying Merchants, users, partners, and outsourced individuals, as well as their documents, in accordance with regulations. EBANX will store:


4.4.1  Individual Customer Information

  • All steps to identify those interested in establishing business relationships with EBANX or the reasons why these steps were taken;

  • Full name and date of birth of the people with whom EBANX does business;

  • Mother's name;

  • Identification document;

  • Proof of residence;

  • Proof of payments;

  • Proof of connections;

  • Proof of citizenship;

  • Bank account details;

  • Email;

  • Telephone number;

  • The form and source of funds and/or titles;

  • The form and destination of funds paid or delivered to the client or another person on their behalf.


4.4.2 Legal Entity Customer Information

  • All steps to identify those interested in establishing business relationships with EBANX or the reasons why these steps were taken;

  • Legal name of the company;

  • Company incorporation number;

  • Corporate chain information;

  • Proof of residence;

  • Proof of payments;

  • Articles of association or other company incorporation document, which includes information on shareholders and beneficial owners;

  • Licenses for business operation;

  • Bank account details;

  • Email;

  • Financial statements;

  • The form and destination of funds paid or delivered to the client or another person on their behalf.


4.4.3 Registration Update

In order to keep information updated, EBANX may conduct a document review considering the following periodicity:

  • High Risk - Annually

  • Medium Risk - Every 3 years

  • Low Risk - Every 5 years


4.4.4 Transaction Information

  • Financial transactions executed by EBANX with or for each client;

  • Internal and external suspicious activity reports or reasons for not reporting. These documents must be kept for a minimum of 10 (ten) years after the report is made, or as required by applicable local regulations, whichever is longer.


4.4.5 Training

  • Materials and tests used in training;

  • Results of tests and assessments carried out;

  • Dates of training;

  • Nature of training, including topics covered and learning objectives;

  • Personal identification of who participated in the training, including function and position.


4.4.6 Decision-Making

All reports and statements to the Executive Level of actions and omissions, accompanied by the reasons for such. Data and information can be stored in the following forms:

  1. Original documents;

  2. Copies of original documents;

  3. Scanned copies;

  4. Electronic formats;

At the end of the 10 (ten) year period, EBANX must delete any personal data, unless the company is obligated to retain data containing personal data for legal reasons or due to a judicial process, or the individual to whom the data belongs has given express consent for them to be kept.

Data Protection: The countries in which EBANX operates have various requirements and obligations that are respected when we carry out personal data processing activities. We comply with personal data privacy protection legislation, such as the General Data Protection Regulation (GDPR) of 2017 and the General Data Protection Law (LGPD) of 2018, which regulate the use of personal data, essentially any information about identifiable individuals. EBANX has the Data Protection Committee, which is responsible for the operational and strategic coordination, as well as all data protection and controls of the company's data privacy program. For more information, consult the Information Security Policy.


4.5 Monitoring

EBANX must execute regular monitoring of clients and transactions according to their Risk Assessment. Monitoring must also be executed in order to ensure that Policies, norms, and procedures are being correctly implemented.

Client behaviors or problems with client businesses that may identify the need for a deeper investigation by EBANX will be considered “Red Flags”. Examples of red flags include, but are not limited to:

  • Client is reluctant or evasive in providing information;

  • The client's lifestyle is incompatible with their source of income;

  • The client's business structure is unnecessarily complicated;

  • There is involvement of third parties without a valid reason;

  • Successive bank account changes without a valid reason;

  • Client appears uninterested in prices, costs, etc.;

  • Transactions different from what is expected of the client;

  • Unexplained fund transfers;

  • Transaction volume incompatible with the business model;

  • Concentration of sales in a specific region;

  • High volume of refund and/or chargeback requests.

If a red flag is identified in the Due Diligence or client monitoring processes, those responsible must notify the Compliance Officer and/or MLRO immediately.

EBANX uses transaction monitoring tools to identify any unusual or unexpected behaviors that may provoke suspicion of money laundering or terrorism financing.

Based on EBANX's knowledge of the client, monitoring will seek:

  • Unusual behavior: abrupt or significant changes in transaction activities, regarding value, volume, or nature, such as changing the beneficiary or destination of the money;

  • Connected relationships: common beneficiaries and senders in accounts and/or clients where there is apparently no relationship;

  • High-risk geographic countries, regions, and entities: significant increases in activity or constant high levels of activity with high-risk geographic countries, regions, or entities;

  • Other typical money laundering behaviors: transactions below reported limits, in round numbers, structured, sequential, and/or extremely complex;

  • Ongoing relationships: EBANX will conduct retroactive reviews on clients to ensure that the ongoing business is consistent with what was agreed upon when the client was onboarded.

EBANX will conduct transaction monitoring, checking their values, volumes, and speed. More intensive alerts will be generated for those that represent greater risk. Alerts will be triggered to ensure that transactions are monitored adequately and that suspicious operations are reported.

All new products proposed by EBANX must undergo Compliance analysis. The analysis aims to identify processes that need to be analyzed so that the pointed risks are mitigated.


4.6 Termination of Relationship

EBANX may decide to terminate a business relationship after identifying suspicious activity. Even in the absence of suspicious activities, the Compliance Officer or local MLRO may recommend the termination of relationships with Merchants, partners, or other third parties, if the risk associated with these parties is considered excessive or incompatible with EBANX's risk appetite.


4.7 Training

EBANX will ensure that all ebankers are duly trained to understand their obligations regarding this Policy and the requirements for third-party identification. Specific training will be offered to different areas, taking into account their responsibilities and levels of exposure to the risk of Money Laundering and Terrorism Financing.

All ebankers must be aware that the non-compliance with their responsibilities may result in internal disciplinary measures and, in more serious cases, in criminal sanctions.


4.7.1 Global Risk & Compliance Program for Third Parties

Given the breadth of relationships maintained by EBANX with clients, partners, and individuals, and considering the risks arising from these relationships, the EBANX Compliance Program is expanded to third parties.

Through this initiative, EBANX:

  • Shares its public guidelines and normative documents;

  • Provides the EBANX Helpline as a communication channel for questions and reports;

  • Carries out training and awareness actions directed at third parties.

This expansion seeks to reinforce awareness and alignment with EBANX Compliance practices, promoting a culture of integrity and mitigating risks in all business relationships.


4.8 Internal and External Audits

The EBANX Program for the Prevention of Money Laundering and Combating Terrorism Financing will be audited annually. The internal audit will report to senior management the status of controls and the areas that need to be remediated. This process ensures the identification and mitigation of gaps in controls. If requested, the resulting reports may be forwarded to regulatory authorities and third parties, such as relevant partners or clients. The Global Risk & Compliance area will be responsible for receiving and monitoring audit reports, ensuring the implementation of corrective measures and maintaining compliance with applicable legal and regulatory requirements.


4.9 Disciplinary Measures

Any ebanker who violates the guidelines of this Policy will be subject to disciplinary measures, which will be applied according to the severity of the violation. Violations will be duly investigated according to the procedures of the Ethics Committee, ensuring anonymity to those involved, preserving the confidentiality and integrity of the parties. All ebankers have an obligation to cooperate fully with ongoing investigations.


4.10 Reporting of Suspicious Activities

All client transactions are subject to constant monitoring and review. When the Compliance Officer or local MLRO determines that a particular client or transaction requires additional investigation, ebankers must execute it, providing complete information and performing the necessary analyses.

Any director or employee who suspects money laundering must immediately report their suspicions to the Compliance Officer or local MLRO in writing, including complete details. All signs of suspicion of money laundering are reportable, even if they come to the ebanker's knowledge after the transaction has occurred, the record has been closed, or the transaction has been conducted by another person. By making the report, the director or employee will have complied with their legal obligations.

Revealing to a suspect or a third party that a report has been made to the Compliance Officer or local MLRO or to the authorities, or that an investigation is underway is a serious violation of conduct and, depending on the jurisdiction, may constitute a legally punishable crime of obstruction of justice (tip-off), as it may prejudice the investigations. Questioning a client about a specific transaction, in order to know their identity or define their source of income does not constitute a violation. In the case of a suspicious activity report having been made, great caution must be taken so that the client or the individual cited is not aware of it.

If suspicious signs of money laundering are identified, the transaction must be blocked and must not continue without the authorization of the Compliance Officer or local MLRO. The Compliance Officer or local MLRO will receive reports related to any suspicion of money laundering or effective money laundering and will register, investigate, and report the suspicion to the competent authorities, if necessary. The reporting of suspicion of money laundering to the authorities does not constitute a breach of the obligation of confidentiality towards the client and provides important safeguards to EBANX.

In case the reports are not forwarded to the authorities, all details of the decision-making must be recorded. All notifications made will be processed with extreme confidentiality. However, there may be circumstances in which EBANX will be obliged to reveal the identity of those involved in the suspicion, such as, for example, when compelled by law. In this specific case, anonymity cannot be guaranteed.

Any ebanker who fails to report a transaction known to be suspected of money laundering or as effective money laundering will be subject to disciplinary and legal measures, unless they demonstrate reasonable grounds for not reporting to the Compliance Officer or local MLRO. Thus, ebankers are informed that they must report these transactions to the Compliance Officer or local MLRO, regardless of how superficial they may seem.

The ebanker may previously discuss the situation with their direct manager, who may accept the responsibility of making the report to the Compliance Officer or local MLRO.

Examples of transactions that may provoke suspicion of money laundering are listed below, but, by themselves, do not necessarily generate sufficient suspicion to make a report:

  • Settlement of high or unusual value payments in cash;

  • Buy and sell transactions without a clear purpose or in unusual circumstances;

  • Instructions to direct values to a bank account different from the one previously agreed upon or in the name of a third party;

  • Any transaction where one of the parties is unknown or that has unusual volume or frequency;

  • Transactions where the investor is a foreign person and both are based in countries with high rates of drug production or trafficking.

Ebankers are not expected to know or establish the exact nature of any crime or that specific funds or properties are definitely the fruit of a crime or terrorism financing.


5 - Normative References

ID 70 - Code of Conduct


6 - Publication and Distribution of Policies

Any new policy or modification of an existing document must be made available to all interested parties.

Policies are available for consultation by ebankers on OneTrust, in the "Policies" section.

Public documents can be found on EBANX websites.