Anti-Money Laundering & Counter-Terrorism Financing Policy

QOVA Exchange is firmly committed to preventing money laundering, terrorist financing, and all related financial crimes. As a regulated entity, we apply the highest standards of compliance consistent with FATF recommendations, El Salvador's AML/CTF legislation, and applicable international standards.

This policy applies to all employees, contractors, partners, and clients of QOVA Exchange. Non-compliance may result in immediate account suspension, reporting to authorities, and termination of services.

QOVA conducts thorough customer due diligence before onboarding any client. Our CDD process includes:

• ◈Verification of legal entity registration and corporate structure
• ◈Identification and verification of beneficial owners (UBO) holding 25%+
• ◈Screening against OFAC, UN, EU, and local sanctions lists
• ◈PEP (Politically Exposed Persons) screening and ongoing monitoring
• ◈Source of funds and source of wealth documentation
• ◈Business purpose and expected transaction volume assessment

Enhanced Due Diligence (EDD) is applied to high-risk clients, PEPs, clients from high-risk jurisdictions, and transactions above defined thresholds. QOVA reserves the right to request additional documentation at any time.

QOVA applies a risk-based approach to AML/CTF compliance. Clients and transactions are assessed across the following risk dimensions:

QOVA operates a real-time transaction monitoring system that flags:

• ◈Transactions involving sanctioned wallets or entities
• ◈Unusual transaction patterns inconsistent with stated business purpose
• ◈Structuring — multiple transactions designed to evade reporting thresholds
• ◈Rapid layering of funds across multiple accounts or jurisdictions
• ◈Transactions to/from high-risk blockchain addresses (as per on-chain analytics)
• ◈Volume spikes inconsistent with client profile

All blockchain transactions are screened using on-chain analytics tools. Wallet addresses associated with illicit activity are blocked at the protocol level.

QOVA is legally required to file Suspicious Activity Reports (SARs) with El Salvador's Financial Intelligence Unit (UFI) when we identify or reasonably suspect money laundering or terrorist financing activity.

SAR filing is confidential ("tipping off" the subject of an investigation is prohibited by law). QOVA employees and contractors are strictly prohibited from disclosing SAR filings to clients or unauthorized parties.

QOVA may freeze funds and suspend accounts immediately upon identifying suspicious activity, without prior notice, in accordance with applicable law.

QOVA maintains comprehensive records of all client due diligence, transaction histories, monitoring alerts, and compliance decisions for a minimum of 5 years. All records are stored in encrypted, access-controlled systems with full audit trails.

All blockchain transaction data is permanently recorded on-chain and constitutes an immutable compliance record. QOVA's internal records are supplementary to the public blockchain record.

All QOVA staff with client-facing or transaction-handling responsibilities receive mandatory AML/CTF training annually. The QOVA Compliance Officer is responsible for maintaining, reviewing, and enforcing this policy.

This policy is reviewed at minimum annually and updated to reflect changes in applicable law, FATF guidance, and regulatory developments. The Board of Directors has ultimate responsibility for QOVA's AML/CTF framework.

To report compliance concerns or for AML inquiries: