KYC & Anti-Money Laundering Policy

TrustBridge Escrow Inc. ("TrustBridge") is committed to the highest standards of regulatory compliance in the prevention and detection of money laundering, terrorist financing, and other financial crimes. This Know Your Customer ("KYC") and Anti-Money Laundering ("AML") Policy ("Policy") establishes the framework, procedures, and controls that TrustBridge employs to identify, assess, and mitigate the risks of financial crime associated with its escrow facilitation services. This Policy is designed to ensure full compliance with the Bank Secrecy Act ("BSA"), the USA PATRIOT Act, and all regulations promulgated by the Financial Crimes Enforcement Network ("FinCEN").

As a registered Money Services Business (MSB) with FinCEN, TrustBridge is subject to comprehensive regulatory obligations including customer identification, recordkeeping, reporting of suspicious activities, and cooperation with law enforcement authorities. TrustBridge has appointed a designated Chief Compliance Officer ("CCO") who is responsible for the development, implementation, and oversight of this Policy and the broader compliance program. The CCO reports directly to the Board of Directors and has the authority and resources necessary to ensure effective compliance across all business operations.

This Policy applies to all Users of the TrustBridge platform, including individual account holders, business entities, and their authorized representatives. All employees, contractors, and agents of TrustBridge who are involved in customer-facing operations, transaction processing, or compliance functions are required to be familiar with and adhere to this Policy. TrustBridge conducts regular training programs to ensure that all relevant personnel are knowledgeable about their obligations under applicable AML/KYC laws and regulations, and maintains comprehensive records of all training activities. Failure to comply with this Policy may result in disciplinary action, up to and including termination of employment or engagement.

Individual Verification. All individual Users are required to complete identity verification before accessing transactional features of the platform. The standard individual verification process requires the submission of: (a) a valid government-issued photo identification document (passport, driver's license, or national identity card); (b) a live selfie photograph for biometric comparison against the submitted identification document; and (c) proof of residential address in the form of a utility bill, bank statement, or government-issued correspondence dated within the previous three (3) months. TrustBridge employs advanced facial recognition and document authentication technology to verify the authenticity of submitted documents and the identity of the submitting individual.

Business Verification. Users registering on behalf of a business entity are required to provide additional documentation to verify the existence, legitimacy, and ownership structure of the entity. Required documentation for business verification includes: (a) Articles of Incorporation, Certificate of Formation, or equivalent organizational documents filed with the applicable governmental authority; (b) Employer Identification Number (EIN) or Tax Identification Number issued by the Internal Revenue Service (IRS) or equivalent foreign tax authority; (c) a Beneficial Ownership Declaration identifying all individuals who, directly or indirectly, own twenty-five percent (25%) or more of the equity interests of the entity, or who exercise significant management control; and (d) personal identification verification for each identified beneficial owner and the authorized representative, in accordance with the individual verification requirements set forth above.

Enhanced Due Diligence. TrustBridge applies Enhanced Due Diligence ("EDD") procedures to Users and transactions that present a higher risk of money laundering or terrorist financing. Categories that may trigger EDD include, but are not limited to: Politically Exposed Persons (PEPs) and their close associates; Users located in or conducting transactions with parties in high-risk jurisdictions as identified by the Financial Action Task Force (FATF) or TrustBridge's internal risk assessment; Users engaging in transaction patterns that are inconsistent with their stated business purpose or expected activity profile; and transactions involving unusually large amounts or complex structures without an apparent lawful purpose. EDD measures may include the collection of additional documentation, enhanced transaction monitoring, senior management approval, and periodic review of the customer relationship.

TrustBridge employs a multi-layered verification process that combines artificial intelligence-driven automated checks with human expert review to ensure the accuracy, reliability, and integrity of customer identity verification. Upon submission of the required documents and biometric data, TrustBridge's automated verification system initiates a series of checks including: document authenticity assessment using optical character recognition (OCR), machine learning-based fraud detection, and comparison against known document templates; biometric comparison between the submitted selfie and the photograph on the identification document using facial recognition technology; and cross-referencing of submitted information against authoritative data sources, sanctions lists, and adverse media databases.

The automated verification system assigns a confidence score to each submission based on the aggregate results of all automated checks. Submissions that receive a confidence score above the established threshold are approved automatically, while those below the threshold are escalated to a trained compliance analyst for manual review. The manual review process involves a detailed examination of the submitted documents, including verification of security features, consistency of information across multiple documents, and assessment of any risk indicators identified during the automated screening. The compliance analyst may contact the User to request additional documentation or clarification as needed.

TrustBridge maintains rigorous quality assurance procedures to ensure the accuracy and consistency of its verification process. A random sample of automatically approved verifications is periodically reviewed by senior compliance personnel to validate the performance of the automated system. All verification decisions, including the supporting documentation, analyst notes, and the rationale for approval or rejection, are recorded and retained in accordance with applicable recordkeeping requirements. TrustBridge continuously evaluates and updates its verification technology and procedures to address emerging fraud techniques, evolving regulatory requirements, and industry best practices.

To complete the identity verification process, Users must submit the following documents in clear, legible digital format (JPEG, PNG, or PDF). All documents must be current, unexpired (where applicable), and must display the User's full legal name as registered on the TrustBridge platform. TrustBridge reserves the right to reject documents that are blurry, partially obscured, expired, or otherwise insufficient for verification purposes.

• Government-Issued Photo ID: A valid, unexpired passport, driver's license, or national identity card issued by a recognized governmental authority. The document must include a clear photograph of the holder, the holder's full legal name, date of birth, and document expiration date.
• Proof of Address: A utility bill (electricity, gas, water, internet), bank statement, or government-issued correspondence (tax notice, voter registration) dated within the previous three (3) months. The document must display the User's full name and current residential address.
• Live Selfie Verification: A real-time selfie photograph captured through the TrustBridge platform's integrated camera feature. The selfie is used for biometric comparison against the submitted government-issued photo ID. Users may be required to perform liveness detection actions (such as blinking or turning the head) to prevent the use of static images or deepfakes.
• Proof of Income (Conditional): For Users seeking to engage in high-value escrow transactions exceeding $25,000, TrustBridge may require proof of income or source of funds documentation, such as recent pay stubs, tax returns, or bank statements demonstrating sufficient financial capacity.

All submitted documents are processed securely using end-to-end encryption and are stored in compliance with TrustBridge's data security standards and applicable data protection regulations. Documents submitted for verification purposes are used solely for the purpose of identity verification and regulatory compliance and will not be shared with third parties except as required by applicable law or regulatory authority. Users may request information about the status of their submitted documents at any time through the platform or by contacting compliance@trustbridge.com.

TrustBridge is committed to processing identity verification requests as efficiently as possible while maintaining the highest standards of accuracy and regulatory compliance. The following table outlines the expected timeline for each stage of the verification process. Actual processing times may vary depending on factors including the quality of submitted documents, the complexity of the verification, the volume of pending verifications, and whether manual review or Enhanced Due Diligence is required.

Users will receive real-time status updates regarding their verification progress through the platform's notification system and via email. Upon completion of the verification process, the User will be notified of the outcome (approved, rejected, or additional information required) along with a summary of the decision rationale. Approved Users will be granted immediate access to transactional features of the platform corresponding to their verified tier. Users whose verification is pending or in progress will have limited access to platform features and will not be able to initiate or participate in escrow transactions until their verification is completed and approved.

TrustBridge endeavors to complete the majority of individual verifications within four (4) hours through its automated review system. Business verifications and verifications requiring Enhanced Due Diligence may take longer due to the additional documentation requirements and the complexity of the verification process. In the event that the verification process exceeds the expected timeline, TrustBridge will proactively communicate with the User regarding the status and expected completion date. TrustBridge is not liable for any losses, damages, or opportunity costs arising from delays in the verification process.

Verification approval is granted when all of the following criteria are satisfied: (a) the submitted identification documents are determined to be authentic, unaltered, and unexpired through TrustBridge's document authentication technology and, where applicable, manual review; (b) the biometric selfie achieves a sufficient match score against the photograph on the submitted identification document; (c) the personal information provided during registration (name, date of birth, address) is consistent across all submitted documents and with the information provided during the registration process; and (d) the User does not appear on any applicable sanctions, watchlist, or restricted party list.

In addition to the foregoing criteria, TrustBridge assigns an overall risk assessment score to each verification based on a combination of factors including the User's jurisdiction, the type and quality of submitted documents, the consistency of information, adverse media screening results, and any historical data associated with the User or their contact information. Users who are assessed as presenting a standard or low risk level are approved through the standard verification process. Users assessed as presenting an elevated or high risk level may be subject to Enhanced Due Diligence procedures, including the requirement for additional documentation, senior management review, and ongoing enhanced monitoring.

TrustBridge reserves the right to decline verification approval at its sole discretion if, in the course of the verification process, information is obtained that raises concerns regarding the legitimacy of the User's identity, the intended use of the platform, or the compliance of the User's activities with applicable law. Verification decisions are made on a case-by-case basis, and TrustBridge is not obligated to disclose the specific reasons for a rejection beyond what is required by applicable law, particularly where disclosure could compromise the integrity of TrustBridge's security or compliance procedures, or prejudice any ongoing investigation.

In the event that a User's verification submission is rejected, TrustBridge will provide the User with a notification indicating the general category of the reason for rejection, such as document quality issues, information inconsistency, or document authentication failure. Users are permitted to resubmit their verification documents up to a maximum of three (3) times. Each resubmission must address the deficiencies identified in the prior rejection notification. TrustBridge recommends that Users carefully review their documents for clarity, completeness, and accuracy before resubmission to avoid unnecessary delays.

If a User's verification is rejected for a third time, a mandatory cooldown period of thirty (30) calendar days shall be imposed before the User is eligible to submit a new verification request. During the cooldown period, the User's account will remain in a restricted state with no access to transactional features. The cooldown period is designed to allow the User time to obtain proper documentation and to prevent abuse of the verification system through repeated submissions of inadequate or fraudulent documents. In exceptional circumstances, TrustBridge may waive or reduce the cooldown period at its discretion, such as where the rejections were caused by technical issues beyond the User's control.

Users who believe their verification was rejected in error may submit an appeal by contacting the compliance team at compliance@trustbridge.com with a detailed explanation and any supporting evidence. Appeals are reviewed by a senior compliance analyst who was not involved in the original verification decision. TrustBridge endeavors to complete the appeal review process within five (5) business days. The decision on the appeal is final and not subject to further internal review. TrustBridge reserves the right to permanently decline verification and close the account of any User who is determined to have submitted fraudulent, altered, or stolen identification documents, and to report such activity to the appropriate law enforcement authorities.

TrustBridge recognizes the sensitive nature of the personal information and documentation collected during the KYC verification process and is committed to protecting this data with the highest standards of security and privacy. All KYC data, including identification documents, biometric data, and personal information, is encrypted at rest using AES-256 encryption and in transit using TLS 1.3 or higher. Access to KYC data is restricted to authorized compliance personnel on a strict need-to-know basis, and all access is logged and audited. TrustBridge employs role-based access controls (RBAC) to ensure that only personnel with appropriate authorization levels can view, process, or manage KYC data.

KYC data is retained for the minimum period required by applicable regulatory obligations. Under the Bank Secrecy Act and FinCEN regulations, TrustBridge is required to retain customer identification records for a minimum of five (5) years following the closure of the customer's account. Upon the expiration of the applicable retention period, KYC data is securely destroyed using industry-standard data destruction methods, including cryptographic erasure and certified media sanitization. TrustBridge conducts periodic reviews of retained data to identify and dispose of records that have exceeded their required retention period.

TrustBridge adheres to the principle of data minimization, collecting only the personal information and documentation that is necessary to fulfill its regulatory obligations and to verify the identity of its Users. KYC data will not be shared with, sold to, or disclosed to any third party except: (a) as required by applicable law, regulation, or valid legal process (such as a subpoena, court order, or regulatory demand); (b) to third-party identity verification service providers who are contractually bound to protect the confidentiality and security of the data and to use it solely for the purpose of performing verification services on behalf of TrustBridge; or (c) to law enforcement or regulatory authorities in connection with the investigation of suspected financial crime. For further information regarding the handling of personal data, please refer to our Privacy Policy.

TrustBridge maintains a comprehensive Anti-Money Laundering (AML) compliance program in accordance with the requirements of the Bank Secrecy Act (BSA), the USA PATRIOT Act, and all applicable FinCEN regulations. The AML compliance program consists of five core pillars: (a) the designation of a qualified Chief Compliance Officer responsible for day-to-day administration of the program; (b) written internal policies, procedures, and controls reasonably designed to prevent the use of the platform for money laundering or terrorist financing; (c) an ongoing employee and contractor training program; (d) independent testing of the program conducted by qualified internal or external auditors at least annually; and (e) risk-based customer due diligence procedures, including ongoing monitoring of customer transactions and relationships.

TrustBridge is obligated to file Suspicious Activity Reports (SARs) with FinCEN when it knows, suspects, or has reason to suspect that a transaction: (a) involves funds derived from illegal activity or is intended to disguise funds derived from illegal activity; (b) is designed to evade reporting requirements under the BSA; (c) lacks a lawful purpose or is not the type of transaction that the customer would normally be expected to engage in; or (d) involves the use of the platform to facilitate criminal activity. TrustBridge files SARs within thirty (30) days of the initial detection of the suspicious activity and retains copies of all filed SARs and supporting documentation for a minimum of five (5) years. The existence and content of SARs are confidential and may not be disclosed to the subject of the report or to any unauthorized person.

TrustBridge is further required to file Currency Transaction Reports (CTRs) with FinCEN for each transaction (or series of related transactions) in currency exceeding $10,000 conducted by, or on behalf of, a single customer in a single business day. TrustBridge maintains automated systems to aggregate and monitor transactions for CTR reporting purposes, including the detection of structured transactions designed to evade the $10,000 reporting threshold. Structuring—the deliberate breaking up of transactions to avoid CTR reporting—is a federal criminal offense, and TrustBridge actively monitors for and reports suspected structuring activity. All CTRs are filed within fifteen (15) days of the reportable transaction and are retained for a minimum of five (5) years.

TrustBridge conducts comprehensive sanctions screening of all Users, transaction participants, and beneficial owners against applicable sanctions lists and restricted party databases at the time of account registration, prior to the initiation of each escrow transaction, and on an ongoing periodic basis. Sanctions screening is performed against the following lists, among others: the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) Specially Designated Nationals and Blocked Persons (SDN) List; the OFAC Consolidated Sanctions List (including the Sectoral Sanctions Identifications List and the Foreign Sanctions Evaders List); the United Nations Security Council Consolidated List; the European Union Consolidated Financial Sanctions List; and the United Kingdom's Office of Financial Sanctions Implementation (OFSI) Consolidated List.

In addition to sanctions list screening, TrustBridge screens all Users and beneficial owners for Politically Exposed Person (PEP) status. PEPs include current or former senior foreign political figures, their immediate family members, and their close associates, as well as domestic PEPs in positions of significant public authority. Users identified as PEPs are subject to Enhanced Due Diligence procedures, including enhanced transaction monitoring, senior management approval for the establishment and continuation of the business relationship, and reasonable measures to establish the source of wealth and source of funds involved in the business relationship or transaction.

TrustBridge utilizes real-time sanctions screening technology that is integrated into the account registration and transaction initiation workflows to ensure that no User can access transactional features or initiate an escrow transaction without first passing sanctions screening. Sanctions screening databases are updated daily to incorporate the latest additions, modifications, and removals published by the applicable sanctioning authorities. In the event that a potential match is identified, TrustBridge's compliance team will conduct a manual review to determine whether the match is a true positive. True positive matches result in immediate account blocking, transaction freezing, and reporting to the appropriate authorities in accordance with applicable law. TrustBridge prohibits any attempt by Users to circumvent sanctions screening through the use of aliases, intermediaries, or other evasive techniques.

TrustBridge conducts ongoing, risk-based monitoring of all customer transactions and account activity to detect and report suspicious activity in accordance with its BSA/AML obligations. The transaction monitoring program employs a combination of automated rule-based systems, machine learning algorithms, and behavioral analytics to identify transactions and patterns that may be indicative of money laundering, terrorist financing, fraud, or other financial crimes. Monitoring rules and models are calibrated to the specific risk profile of TrustBridge's customer base and service offerings and are regularly reviewed and updated to address emerging risks and typologies.

Key monitoring parameters include, but are not limited to: transaction velocity (the number and frequency of transactions within defined time periods); transaction value thresholds and deviations from expected activity; geographic risk indicators, such as transactions involving high-risk jurisdictions; counterparty risk analysis, including the assessment of transaction participants who are not yet verified or who present elevated risk indicators; and behavioral anomalies, such as sudden changes in transaction patterns, unusual login activity, or the use of multiple devices or IP addresses from disparate geographic locations. Alerts generated by the monitoring system are reviewed and investigated by trained compliance analysts who assess the activity and determine whether a SAR filing or other action is warranted.

In addition to transaction-level monitoring, TrustBridge conducts periodic reviews of existing customer relationships to ensure that customer risk profiles remain current and accurate. These reviews may include re-verification of customer identity, updated due diligence assessments, and confirmation of the customer's ongoing compliance with the platform's terms and policies. The frequency of periodic reviews is determined by the customer's risk classification: standard-risk customers are reviewed at least annually, while elevated-risk and high-risk customers are reviewed on a semi-annual or quarterly basis, respectively. For questions about TrustBridge's monitoring practices or to report suspicious activity, please contact compliance@trustbridge.com.