EBANX Compliance and Legal Hub

For Merchant

Other Documents
EBANX Values
Code of Conduct
Socio-environmental Responsibility Policy
Information Security Policy
Information Security for Third Parties
Responsible Security Vulnerability Disclosure Policy
Gifts, Presents and Hospitality for Third Parties
Sustainability Report 2022
Restricted and Prohibited Products and Services
EBANX Supply and Partnership Standard
Policy Anti-Bribery and Corruption
Anti-Money Laundering And Counter Financing Of Terrorism Policy
Business Continuity Management
Standard for Vendors and Partners
Corporate Governance Policy

Anti-Money Laundering And Counter Financing Of Terrorism Policy

December 5, 2024

1. Introduction and Objectives

This Policy is an extension of the EBANX Code of Conduct. Its purpose is to establish the expected conduct of Ebankers regarding the Prevention and Combating of Money Laundering and Terrorist Financing.

EBANX has zero tolerance for money laundering and is committed to mitigating money laundering risks by adhering to all applicable local and international regulations. EBANX will take necessary preventive measures, promptly investigate any suspicion of money laundering, and cooperate unreservedly with the competent authorities. The EBANX Senior Management supports, supervises, and is committed to the effectiveness and continuous improvement of the AML/CFT Program.

The Global Policy on the Prevention and Combating of Money Laundering and Terrorist Financing is reviewed at least annually to achieve best practices for EBANX. The review is carried out through:

  • Regular review of media reports relevant to the sector or the jurisdiction where EBANX operates;

  • Regular review of law enforcement alerts and reports;

  • Attention to changes in terrorism alerts and sanctions regimes as they occur;

  • Review of thematic publications and similar materials released by the competent authorities;

  • Review of national guidelines from the UK, EU, US, and intergovernmental organizations such as FATF/GAFI, which develop policies to combat AML/CFT. These guidelines are adjusted to meet the specific requirements of each jurisdiction where EBANX operates, in order to define effective rules, policies, and procedures against money laundering and terrorist financing. Where guidance is unavailable, Compliance will seek advice from internal/external counsel and formally validate the opinions provided before implementation.



2. Scope and Users

This document applies to all Ebankers, subsidiaries, affiliated entities, products, and companies of EBANX, in all locations where EBANX operates, both domestically and internationally, including:

  • Partners and shareholders

  • Directors

  • Employees

  • Temporary staff

  • Interns

  • Apprentices

Individuals and companies in business relationships with EBANX, including suppliers and business partners, are also required to comply with the rules established in this Policy.



3. Terms and Definitions


Money Laundering

Money laundering refers to the process of concealing the illicit origin of financial assets or goods obtained from criminal activities to integrate them into the formal economic system as if they were legitimate. Any assets derived from illegal activities can be subject to money laundering.

Examples of crimes frequently associated with money laundering include theft, fraud, corruption, bribery, insider trading, drug trafficking, smuggling, embezzlement, and tax evasion.

The three stages of money laundering are typically:

  • Placement: The first stage of money laundering. It involves introducing assets obtained from illegal activities into the formal economy.

  • Concealment: The second stage consists of further distancing the illicit assets from their origin by creating complex layers of financial transactions designed to obscure the traceability of the money and ensure anonymity.

  • Integration: The final stage involves giving apparent legitimacy to the assets derived from crimes. If the layering stage has been successful, integration schemes reintegrate the laundered money into the economy so that these assets remain in the financial system, appearing to have a regular and lawful origin.

EBANX employs specific controls to identify, disrupt, and report suspicious activities at each stage of money laundering, including technological monitoring tools and detailed transaction analysis.

Based on various laws, regulations, and guidelines from the Financial Action Task Force (FATF) and other applicable international best practices, EBANX ensures compliance with applicable international and local regulations, always adopting the strictest standards. Where local regulations are stricter than the standards of this Policy, the local regulations will prevail.

If the minimum standards established in this Policy cannot be applied in a given country due to conflicts with local laws or because they cannot be enforced for other legal reasons, EBANX will not initiate, continue, or conduct business relationships in that territory. If a business relationship exists in such a country, EBANX must ensure that it is terminated, regardless of other contractual or legal obligations.


Terrorist Financing

Terrorist financing is defined as any direct or indirect involvement with resources or properties that are known or likely to be used for terrorist purposes, regardless of the legality or regularity of their origin.

For the purposes of this Policy, terrorist financing is directly related to money laundering, including any activities involving financial or material support for terrorist acts or related groups.

EBANX follows the recommendations of the Financial Action Task Force (FATF) and applicable local and international regulations to identify, prevent, and mitigate risks related to terrorist financing, adopting a zero-tolerance approach.




4. Guidelines


4.1 Organizational Structure

The Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) program is developed and managed by the Global Risk & Compliance (GRC) department. Local Money Laundering Reporting Officers (MLROs) report to the Head of Compliance. The primary responsibility of the MLRO is to ensure that, when appropriate, information or other means leading to knowledge, suspicion, or reasons for knowledge or suspicion of money laundering are duly reported to the competent authorities.

The Compliance processes are centralized within the Global Risk & Compliance structure, headquartered in Brazil, which is responsible for defining general guidelines and implementing processes related to AML. EBANX's subsidiaries and affiliates must adhere to these guidelines, including creating specific regulatory documents tailored to their business models, if necessary. In this way, EBANX ensures compliance with global management while maintaining the independence of Compliance segments.

To comply with AML/CTF laws and global best practices, EBANX has a Regulatory structure, one of whose responsibilities is analyzing legislation and identifying potential gaps or areas for improvement.

To ensure that the required AML/CTF controls are effectively implemented, EBANX’s Internal Audit conducts annual evaluations of the AML/CTF Program, providing reports to the Global Risk & Compliance department on the effectiveness of AML/CTF processes. The EBANX Internal Controls team is responsible for analyzing these reports and developing action plans to establish effective controls to mitigate AML/CTF risks.

All Ebankers must be aware of this Policy and strive to prevent and detect actions, operations, or transactions that exhibit atypical characteristics, to combat Money Laundering and Terrorist Financing.

To comply with this Policy, Ebankers are instructed to:

  • Report any situations considered atypical or suspicious through the appropriate channels established by the company, including the EBANX Helpline (reporting channel), when applicable.

  • Act with diligence and integrity to support the AML/CTF process, ensuring the accuracy of the information provided and actively collaborating in internal investigations related to product, service, and operation requests.

  • Promote the culture of Anti-Money Laundering and Counter-Terrorist Financing.

  • Participate in training and refresher seminars on Anti-Money Laundering and CounterTerrorist Financing, ensuring the practical application of the knowledge acquired.


4.2 Risks

EBANX must adopt a risk-based approach to assess the most effective and proportionate way to prevent, manage, and mitigate the risks of money laundering and terrorist financing. The steps EBANX will take to achieve this objective include:

  • Identifying relevant money laundering risks.

  • Assessing risks associated with customers, products, services, transactions, delivery channels, partners, service providers, employees, and the geographic areas where EBANX operates.

  • Continuously monitoring using advanced technological tools, manual analyses, and periodic reviews, when applicable, to identify, assess, and mitigate emerging risks of money laundering and terrorist financing.


Identified risks must be categorized by levels of criticality (low, medium, high), with controls designed to mitigate them proportionately to the assessed risk level.

Risk assessment is used for EBANX activities such as:

  • Designing and implementing controls to prevent, manage, and mitigate assessed risks.

  • Monitoring and improving the effective operation of these controls.


EBANX's risk assessment relies on the following sources to determine the risks of a jurisdiction:

  • FATF (Financial Action Task Force)

  • BASEL (Basel Committee)

  • Transparency International

  • USDS (United States Digital Service)

  • The Money Laundering and Terrorist Financing Regulations (Amendment of High-Risk Countries) • Egmont Group • UNODC Reports (United Nations Office on Drugs and Crime)

  • HMT Sanctioned Countries/Regimes (Her Majesty's Treasury)*

  • OFAC Sanctioned Countries/Regimes (Office of Foreign Assets Control)*

  • Internal Country Risk Matrix

*Countries/regions subject to complex financial and commercial sanctions are blocked from conducting any business with EBANX.


EBANX will assess each customer's risk, considering, among other criteria, their Politically Exposed Person (PEP) or Prominent Influential Person (PIP) status, use of intermediaries, purpose of the relationship, asset levels, transaction volumes, regularity and/or duration of the business relationship.

The risk assessment will also consider customer, product, service, transaction, delivery channel, and geographic factors. These lists are not exhaustive:

Low-risk geographic factors:

  • Countries with effective Anti-Money Laundering systems.

  • Countries with low corruption and crime rates according to reliable sources.

  • Countries that, according to reliable sources, have AML/CTF requirements and effectively implement them.


High-risk geographic factors:

  • Countries lacking effective Anti-Money Laundering systems.

  • Countries with significant corruption and crime rates according to reliable sources.

  • Countries are subject to sanctions, embargos, or similar measures, such as those applied by the United Nations (UN).

  • Countries financing or supporting terrorist activities or hosting organizations are considered terrorist groups.


Low-risk customer factors:

  • Publicly listed companies are subject to disclosure rules (due to market or legal obligations) that impose transparency requirements for their ultimate beneficiaries.

  • Customers residing in low-risk geographic areas.


High-risk customer factors:

  • Business relationships conducted under unusual circumstances.

  • Customers residing in high-risk geographic areas.

  • Individuals who are PEPs (Politically Exposed Person) or PIPs (Prominent Influential Person), and companies with such individuals as shareholders and/or legal representatives.

  • Companies with ownership structures that appear unusual or overly complex given the nature of their business.

  • Non-governmental organizations (NGOs).

  • Businesses with high cash flow.


Low-risk product, service, transaction, or delivery channel factors:

  • Financial products or services defined and limited to certain types of customers to increase access for financial inclusion purposes.

  • Products where AML/CTF risks are mitigated by other factors, such as transparency in the corporate structure.


High-risk product, service, transaction, or delivery channel factors:

  • Products or transactions that may facilitate anonymity.

  • Business relationships or virtual transactions without safeguards, such as digital signatures.

  • Payments received from unknown or unrelated third parties.

  • New products and business practices, including new delivery mechanisms and technologies for existing or new products.


EBANX will assess the risk of its partners and service providers considering their business type, involvement with the public sector, the purpose of the relationship, remuneration value and regularity, and geographic areas of operation.

Low-risk partner and service provider factors:

  • Private and public companies listed on stock exchanges subject to disclosure rules (due to market or legal obligations) that impose transparency requirements for their ultimate beneficiaries.

  • Partners or service providers from low-risk geographic areas.

  • One-time purchases and short-term contracts.


High-risk partner and service provider factors:

  • Business relationships conducted under unusual circumstances.

  • Customers residing in high-risk geographic areas.

  • Public companies or those with ties to the public sector.

  • Services or products provided by individuals.

  • Individuals who are PEPs (Politically Exposed Person) or PIPs (Prominent Influential Person), and companies with such individuals as shareholders and/or legal representatives.

  • Companies with ownership structures that appear unusual or overly complex given the nature of their business.

  • Long-term contracts.


EBANX will assess employee risk considering involvement with the public sector, relationships with customers, partners, and senior management, job position, area of operation, and nationality.

High-risk employee factors:

  • Employees who are PEPs (Politically Exposed Person) or PIPs (Prominent Influential Person).

  • Employees residing in high-risk geographic areas.

  • Senior management positions.

  • Roles involving direct interaction with senior management.

  • Roles providing direct or indirect access to the company's, customers', and/or partners' financial resources.


Customers, partners, service providers, and employees will be categorized into risk levels—high, medium, or low. Those classified as "high risk" must undergo an Enhanced Due Diligence (EDD) process


4.3 Due Diligence

A customer is any individual or company (user or Merchant) to whom EBANX offers, intends to offer or has offered a product or service in the past. This definition also includes potential customers. Anonymous customers or transactions from anonymous individuals or companies will not be accepted.

A partner is any individual or company (supplier, provider, financial institution, agent, referral, freelancer) that provides products and/or services or maintains any type of commercial and/or strategic relationship with EBANX. An employee is any individual who has an employment relationship with EBANX.

Before onboarding any new Merchant, user, partner, or employee, EBANX must execute a Due Diligence process. For the purposes of this Policy, Merchants, users, and partners will be considered third parties. Some third parties may pose a higher risk than others. To determine the risk level posed by a third party, all must undergo a Simplified Due Diligence process, with their risk level defined through a Risk Assessment.

The Risk Scoring Matrix is based on criteria related to geographic, financial, and business risk factors of the third party, among others. These criteria will be classified as low, medium, or high risk, with different scores assigned to each risk level. The set of criteria allows EBANX to define the risk each third party represents.

Due diligence processes are carried out according to the risk-based approach of each business unit. Third parties assessed as “medium risk” will undergo a Standard Due Diligence process, while those assessed as “high risk” will go through Enhanced Customer Due Diligence.


4.3.1 Simplified Due Diligence

Simplified Due Diligence involves collecting information and documents to:

  • Identify the third party and verify their identity.

  • Establish the nature of the business relationship.

  • Conduct verification to determine if the third party is a Politically Exposed Person (PEP) and/or subject to sanctions.

  • Ensure that any individual acting on behalf of the third party is authorized to do so, in addition to identifying and verifying this individual.

  • Conduct adverse news and negative media checks for all risk categories.

  • These checks are repeated during periodic reviews, with review cycles determined based on the risk profile.

Once this process is completed, a Risk Assessment will be performed to determine the appropriate level of due diligence.


4.3.2 Standard Due Diligence

In addition to the checks conducted during the Simplified Due Diligence process, third parties classified as medium risk must undergo the Standard Due Diligence process, which includes:

  • Complete identification and verification of any beneficial owner holding 25% or more of the company (if the beneficial owner is another company, verification applies only to the shareholder company, not its directors).

  • Conducting adverse news and negative media checks for all risk categories. These checks are repeated during periodic reviews, with review cycles determined based on the risk profile.

All employees and candidates selected for roles at any hierarchical level must undergo the Standard Due Diligence process. Enhanced Due Diligence may be required if a risk factor is identified that increases their risk classification.


4.3.3 Enhanced Due Diligence

In addition to the checks performed in the Simplified and Standard Due Diligence processes, third parties classified as high risk must undergo the following verifications:

  • Complete identification and verification of all beneficial owners, including the verification of the company's directors.

  • Identification and full verification of companies established under the name of an employee.

  • Identification of the ultimate beneficial owner, when relevant, verifying their identity and understanding the company's control structure, when applicable.

  • Conducting adverse news and negative media checks for all risk categories. These checks are repeated during periodic reviews, with the review cycles determined based on the risk profile.


Enhanced Due Diligence measures also include:

  • • Increasing the review frequency to verify whether EBANX remains capable of managing the risks associated with the business relationship or the position held by the ebanker, and to help identify transactions requiring further review.

  • Increasing the review frequency of the business relationship to check if the third party's risk profile has changed and whether the risk remains manageable.

  • Obtaining approval from the Coordination and/or Management of the area to initiate or continue the business relationship, ensuring senior management is aware of the risks EBANX is exposed to, enabling informed decisions on the company's ability to manage these risks.

  • Cases where the exposure to risk is high and/or in cases where the area understands, after analysis, that the case is severe, may be escalated to the Risk Committee for a deliberation on whether to accept a customer/partner/supplier/employee through a formal Risk Acceptance process.

  • Conducting transaction monitoring more frequently or in greater depth to identify any unusual or unexpected transactions that may raise suspicions of money laundering or terrorist financing. This may include establishing the destination of the third party’s funds or defining the reason for certain transactions.


The Due Diligence process must also be carried out whenever EBANX suspects or has reason to suspect money laundering or when it is believed that any documents or information provided are expired or inaccurate. Any business relationship with a Merchant, user, partner, service provider, or employee will be subject to continuous monitoring, which may result in employees being requested at any time to perform Due Diligence or seek additional information about these individuals and companies. Business relationships, transactions, and other behaviors must be consistent with the knowledge EBANX has about the Merchant, user, partner, or employee, as well as their businesses, risk profiles, source of wealth, and source of funds (documents such as bank statements, tax returns, or shareholder agreements are reviewed to verify the source of wealth and the source of funds).

When the risk exceeds the business’s appetite, the third party or employee will not be integrated or hired by EBANX. If the requesting area believes the opportunity is significant enough and that alternative controls can reduce the identified risk, formal exceptions may be applied.


4.3.4 EBANX will not do business with:

  • Individuals or companies suspected of money laundering and/or terrorist financing; • Shell banks;

  • Individuals or companies for whom the necessary Due Diligence level HAS NOT been executed;

  • Users listed as unacceptable under EBANX's Policies;

  • Companies based in sanctioned countries;

  • Legal entities established by individuals with the specific purpose of managing assets for investment (personal asset-holding vehicles);

  • Companies with nominee shareholders or bearer shares.


In addition, EBANX will not do business with any third party involved in activities or behaviors that may represent a significant risk to the company's reputation or regulatory compliance.

Some business models are not accepted by EBANX. These restrictions are publicly available in our restricted and prohibited products and services list and can be accessed at the following address: https://business.ebanx.com/en/compliance/restricted-and-prohibited-products-and-services. The restrictions list is periodically reviewed and may be updated in accordance with new regulations, internal requirements, or risk analysis. Other businesses, products, or services may be added to this list at any time.


4.3.5 Sanctions

EBANX must block Merchants, users, and/or entities from countries that violate sanction programs to ensure that the company does not do business with sanctioned people and organizations, thus combating the financing and proliferation of weapons of mass destruction.

Some jurisdictions pose exceptional risk concerning money laundering and financial crimes. These jurisdictions are identified by FATF as having weak controls or requiring actions, or they are regimes sanctioned by the United States of America, the United Kingdom, and/or other nations. Additionally, any jurisdiction or region with deficient compliance policies or subject to trade embargoes will be considered high risk. Geographical risk will be monitored and updated daily.

The verification and monitoring of Merchants, users, and partners for sanctions is performed through a global database with access to hundreds of sanction lists sourced from various global information sources. This process is updated in real-time to ensure that any changes in sanction lists are immediately incorporated into the monitoring.


4.3.6 Compliance Review

Every Merchant registered in our databases undergoes periodic reviews of their Identification and Qualification information, as well as Integration data - such as website and/or application, among others.

This periodic review is carried out based on the Risk Level (Risk Score) indicated at the time of their Onboarding at EBANX, as follows:

  • 1 year for High Risk

  • 3 years for Medium Risk

  • 3 years for Medium Risk


Regardless of the review performed within the above-mentioned periods, any significant change regarding the legal entity of a Merchant should trigger a Compliance review of that Merchant. It is the Merchant's responsibility to notify EBANX whenever there are changes regarding:

  • Corporate structure and company control (directors and ultimate beneficial owners);

  • Company's controller;

  • Other individuals authorized to sign on behalf of the company;

  • Negative media, as soon as it is released or known to the Merchant, or any relevant information.


Additionally, any change requested by the Merchant related to their integration with EBANX – such as alteration or inclusion of URL, application, or any other relevant data for the operation – also triggers a review by Compliance. Furthermore, EBANX reserves the right to periodically review Merchant data, even without changes, in the event of significant modifications in the regulatory environment or in the Merchant’s risk profile.



4.4 Data Storage

EBANX must store all details obtained for the purpose of identifying Merchants, users, and partners, as well as their documents, in accordance with regulations. EBANX will store:


4.4.1 Individual Customer Information

  • All steps to identify the parties interested in establishing business relationships with EBANX or the reasons why these steps were taken;

  • Full name and date of birth of the individuals EBANX does business with;

  • Mother's name;

  • Identification document;

  • Proof of residence;

  • Payment proof;

  • Proof of ties;

  • Proof of citizenship;

  • Bank account details;

  • Email;

  • Phone number;

  • The form and source of funds and/or titles;

  • The form and destination of funds paid or delivered to the customer or another person on their behalf.


4.4.2 Legal Entity Customer Information

  • All steps to identify the parties interested in establishing business relationships with EBANX or the reasons why these steps were taken;

  • Legal name of the company;

  • Company incorporation number;

  • Shareholding chain information;

  • Proof of residence;

  • Payment proof;

  • Articles of incorporation or other documents establishing the company, containing shareholder and beneficial owner information;

  • Business operation licenses;

  • Bank account details;

  • Email;

  • Financial statements;

  • The form and destination of funds paid or delivered to the customer or another person on their behalf.


4.4.3 Registration Update

To keep information updated, EBANX may conduct a document review considering the following periodicity:

  • High Risk - Annually

  • Medium Risk - Every 3 years

  • Low Risk - Every 5 years


4.4.4 Transactional Information

  • Financial transactions conducted by EBANX with or for each customer;

  • Reports of suspicious activities, both internal and external, or reasons for not reporting. These documents must be kept for at least 10 (ten) years after the report is made, or as required by applicable local regulations, whichever is longer.


4.4.5 Training

  • Materials and tests used in training;

  • Results of tests and evaluations conducted;

  • Training dates;

  • Nature of training, including covered topics and learning objectives;

  • Personal identification of the training participants, including their role and position.


4.4.6 Decision-Making

All reports, including reports to Executive Level regarding actions and omissions, along with the reasons for them. The data and information may be stored in the following forms:

  1. Original documents;

  2. Copies of original documents;

  3. Scanned copies;

  4. Electronic formats;


When the 10 (ten) year period expires, EBANX must delete any personal data unless the company is required to retain data containing personal data for legal reasons, due to judicial process, or if the individual to whom the data belongs has given express consent for it to be retained.

Data protection: the countries in which EBANX operates have various requirements and obligations that are respected when we process personal data. We comply with personal data privacy laws such as the General Data Protection Regulation (GDPR) of 2017 and the General Data Protection Law (LGPD) of 2018, which regulate the use of personal data, essentially any information about identifiable individuals. EBANX has the Data Protection Committee, which is responsible for operational and strategic coordination, as well as the protection of data and the controls of the company's data privacy program. For more information, refer to the Information Security Policy.



4.5 Monitoring

EBANX must perform regular monitoring of clients and transactions in accordance with their Risk Assessment. Monitoring must also be conducted to ensure that Policies, standards, and procedures are being properly implemented.

Client behaviors or issues with client businesses that may indicate the need for a deeper investigation by EBANX will be considered “Red Flags.” Examples of red flags include, but are not limited to:

  • Client is reluctant or evasive in providing information;

  • The client’s lifestyle is inconsistent with their source of income;

  • The client’s business structure is unnecessarily complicated;

  • There is involvement of third parties without a valid reason;

  • Successive changes in bank accounts without a valid reason;

  • The client appears uninterested in prices, commissions, costs, etc.;

  • Transactions that differ from what is expected from the client;

  • Inexplicable fund transfers;

  • Transaction volume inconsistent with the business model;

  • Sales concentration in a particular region;

  • High volume of refund and/or chargeback requests.


If a red flag is identified in the Due Diligence or client monitoring processes, those responsible must immediately notify the Compliance Officer and/or MLRO.

EBANX uses transactional monitoring tools to identify any unusual or unexpected behaviors that may raise suspicion of money laundering or terrorist financing.

Based on EBANX’s knowledge of the client, monitoring will look for:

  • Unusual behavior: sudden or significant changes in transaction activities, such as value, volume, or nature, such as a change in beneficiary or destination of funds;

  • Connected relationships: common beneficiaries and senders in accounts and/or clients where there appears to be no relationship;

  • High-risk geographical countries, regions, and entities: significant increases in activity or constant high levels of activity with high-risk geographical countries, regions, or entities;

  • Other money laundering typical behaviors: transactions below reported limits, round numbers, structured, sequential, and/or extremely complex;

  • Ongoing relationships: EBANX will conduct retroactive reviews on clients to ensure that the ongoing business is consistent with what was agreed upon when the client was onboarded.


EBANX will conduct transaction monitoring, checking their values, volumes, and speed. More intensive alerts will be generated for those representing higher risk. Alerts will be triggered to ensure that transactions are monitored appropriately and that suspicious operations are reported.

All new products proposed by EBANX must undergo Compliance analysis. The analysis aims to identify processes that need to be examined so that the identified risks can be mitigated.



4.6 Termination of Relationship

EBANX may decide to terminate a business relationship after identifying suspicious activity. Even in the absence of suspicious activity, the Compliance Officer or the local MLRO may recommend the termination of relationships with Merchants, partners, or other third parties if the risk associated with these parties is considered excessive or incompatible with EBANX's risk appetite.



4.7 Training

EBANX will ensure that all ebankers are properly trained to understand their obligations regarding this Policy and the requirements for identifying third parties. Specific training will be offered to different areas, considering their responsibilities and exposure to the risks of Money Laundering and Terrorist Financing.

All ebankers must be aware that failure to comply with their responsibilities may result in internal disciplinary measures and, in more severe cases, criminal sanctions.


4.7.1 Global Risk & Compliance Program for Third Parties

Given the broad scope of the relationships EBANX maintains with clients, partners, and individuals, and considering the risks arising from these relationships, EBANX's Compliance Program is extended to third parties.

Through this initiative, EBANX:

  • Shares its guidelines and public regulatory documents;

  • Makes EBANX Helpline available as a communication channel for questions and reports;

  • Conducts training and awareness actions aimed at third parties.

This expansion aims to strengthen awareness and alignment with EBANX’s Compliance practices, promoting a culture of integrity and mitigating risks across all business relationships.



4.8 Internal and External Audits

EBANX's Anti-Money Laundering and Counter-Terrorist Financing program will be audited annually. The internal audit will report the status of controls and areas that need remediation to senior management. This process ensures the identification and mitigation of gaps in controls. Upon request, the resulting reports may be forwarded to regulatory authorities and relevant third parties, such as partners or clients. The Global Risk & Compliance department will be responsible for receiving and monitoring audit reports, ensuring the implementation of corrective measures and maintaining compliance with applicable legal and regulatory requirements.



4.9 Disciplinary Measures

Any ebanker who violates the guidelines of this Policy will be subject to disciplinary measures, which will be applied according to the severity of the violation. Violations will be thoroughly investigated according to the procedures of the Ethics Committee, ensuring anonymity for those involved and preserving confidentiality and the integrity of the parties. All ebankers are obligated to cooperate fully with ongoing investigations.



4.10 Reporting of Suspicious Activities

All customer transactions are subject to continuous monitoring and review. When the Compliance Officer or the local MLRO determines that a particular customer or transaction requires further investigation, ebankers must carry out the investigation, providing complete information and performing the necessary analyses.

Any director or employee who suspects money laundering must immediately report their suspicions to the Compliance Officer or the local MLRO in writing, including full details. All signs of suspected money laundering are reportable, even if they come to the ebanker's attention after the transaction has occurred, the record has been closed, or the transaction was conducted by someone else. By making the report, the director or employee will have fulfilled their legal obligations.

Revealing to a suspect or a third party that a report has been made to the Compliance Officer or local MLRO, or that an investigation is underway, is a violation of conduct as it may interfere with the investigation. Questioning a customer about a specific transaction to determine their identity or source of income does not constitute a violation. In the case of a suspicious activity report being made, care should be taken to ensure that the customer or individual mentioned is unaware of it.

If suspicious signs of money laundering are identified, the transaction must be blocked and must not proceed without the approval of the Compliance Officer or local MLRO. The Compliance Officer or local MLRO will receive reports related to any suspicion of money laundering or actual money laundering and will record, investigate, and report the suspicion to the relevant authorities if necessary. Reporting money laundering suspicions to authorities does not constitute a breach of confidentiality toward the customer and provides important safeguards to EBANX.

If reports are not made to the authorities, all details of the decision to not report must be documented. All notifications will be processed with the utmost confidentiality. However, there may be circumstances where EBANX will be required to disclose the identity of those involved in the suspicion, such as when compelled by law. In such a case, anonymity cannot be guaranteed.

Any ebanker who fails to report a transaction known to be suspicious of money laundering or actual money laundering will be subject to disciplinary and legal measures unless they demonstrate reasonable grounds for not reporting to the Compliance Officer or local MLRO. Ebankers are therefore informed that they must report such transactions to the Compliance Officer or local MLRO, no matter how superficial they may seem.

The ebanker may discuss the situation beforehand with their direct manager, who may take responsibility for making the report to the Compliance Officer or local MLRO.

Examples of transactions that may raise suspicion of money laundering are listed below, but by themselves, they may not necessarily generate enough suspicion for a report:

  • Settlement of payments of high or unusual amounts in cash;

  • Purchase and sale transactions without a clear purpose or in unusual circumstances;

  • Instructions to direct funds to a different bank account than previously agreed or in the name of a third party;

  • Any transaction where one of the parties is unknown or that has an unusual volume or frequency;

  • Transactions where the investor is a foreign person and both are based in countries with high levels of drug production or trafficking.


Ebankers are not expected to know or establish the exact nature of any crime or definitively identify funds or properties as being proceeds of crime or terrorist financing.




5. Normative References

ID 70 - Code of Conduct




6. Publication and Distribution of Policies

Any new policy or modification to an existing document must be made available to all relevant parties.

Policies are available for consultation by ebankers on OneTrust, in the "Policies" section.

Public documents can be found on EBANX's websites.