Login
Login

NFTake Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) Policy

1. Introduction and Purpose

NFTake SIA (“NFTake”) is a leading digital marketplace for Non-Fungible Tokens (NFTs), offering users the ability to mint, buy, sell, and trade unique digital assets securely recorded on blockchain ledgers. NFTs represent ownership or proof of authenticity of digital or physical assets and are characterized by their indivisibility and uniqueness. The market for NFTs has expanded rapidly, driven by innovation in blockchain technology, digital art, gaming, collectibles, and virtual real estate.

However, this burgeoning space presents novel and significant money laundering (ML) and terrorist financing (TF) risks. The pseudonymous nature of blockchain transactions, the absence of standard KYC procedures in many NFT marketplaces, the potential for artificial inflation of NFT prices via wash trading, rapid cross-wallet transfers designed to obscure transaction origins, and the use of privacy-enhancing tools all create opportunities for misuse. Illicit actors may exploit these factors to legitimize criminal proceeds, finance terrorism, or evade sanctions, threatening the integrity of financial systems and NFT ecosystems.

This AML/CTF Policy outlines NFTake’s commitment to combating financial crime through the implementation of comprehensive, risk-based controls tailored to the specific challenges and characteristics of NFTs. It establishes our framework for the prevention, detection, and reporting of ML/TF risks consistent with European Union Regulation 2024/1624, AML Directive VI (2024/1640), Latvian AML laws, Financial Action Task Force (FATF) guidance, and applicable international sanctions. The Policy is designed to:

  • Mitigate NFT-specific ML/TF risks, balancing compliance with user experience;
  • Ensure rigorous customer due diligence (CDD) beginning at a €3,000 transaction threshold, consistent with EU and Latvian requirements;
  • Maintain continuous transaction monitoring to identify and address suspicious activity;
  • Foster a culture of transparency, accountability, and ethical conduct among NFTake staff and users;
  • Protect NFTake’s reputation and ensure confidence in our platform’s compliance with global AML/CTF standards.

This Policy applies universally to all NFTake employees, contractors, partners, and platform users and must be understood as a binding framework guiding all AML/CTF-related processes and behaviors.

2. Legal and Regulatory Framework

NFTake operates within a complex, multi-layered regulatory landscape designed to combat ML/TF and related financial crimes effectively. Our compliance framework is grounded in the following key legal instruments and regulatory guidelines:

  • AML Regulation (EU) 2024/1624: This binding regulation harmonizes AML obligations across EU member states, including explicit requirements for Virtual Asset Service Providers (VASPs) such as NFT marketplaces. It mandates customer due diligence (CDD) for occasional transactions of €3,000 or more and enhanced due diligence (EDD) for transactions exceeding €10,000. This regulation also incorporates measures addressing the evolving challenges of virtual asset transfers, including obligations under the Travel Rule for cross-border transfers exceeding €1,000.
  • AML Directive VI (EU) 2024/1640: Complementing the AML Regulation, AMLD VI elaborates detailed procedural and supervisory requirements, emphasizing risk-based approaches, enhanced controls for high-risk scenarios, and specific guidelines on customer identification and ongoing monitoring tailored for virtual assets and CASPs.
  • Latvian Law on the Prevention of Money Laundering and Terrorist Financing: Enforces EU AML directives nationally, outlining licensing, registration, and operational requirements for VASPs. Latvian regulators—the Financial and Capital Market Commission (FKTK) and Latvijas Banka—exercise supervisory authority over NFTake to ensure compliance with AML obligations, including sanctions enforcement and suspicious transaction reporting.
  • Financial Action Task Force (FATF) Recommendations: Global standards and guidance, particularly the 2023 updated guidance on virtual assets and art/antiquities markets, provide essential best practices and typology insights. FATF highlights risks specific to NFTs, such as layering techniques via rapid transfers, valuation manipulation, and anonymity challenges. NFTake integrates FATF recommendations into internal controls and risk management.
  • International Sanctions Regimes: NFTake complies strictly with United Nations Security Council sanctions, European Union restrictive measures, US Office of Foreign Assets Control (OFAC) regulations, and other relevant sanctions authorities. This includes comprehensive sanctions screening and immediate freezing of assets related to designated persons or entities.

NFTake actively monitors changes in AML/CTF legislation, regulatory guidance, and best practices at EU, national, and international levels. Policies and operational procedures are reviewed and updated accordingly to maintain continuous compliance and adaptability in the fast-evolving digital asset ecosystem.

Regulatory Scope for NFTs

NFTake recognizes that Non-Fungible Tokens (NFTs), as digital assets representing unique ownership or authenticity on blockchain technology, are subject to evolving regulatory frameworks aimed at preventing money laundering and terrorist financing. NFTake complies with all applicable laws and regulations governing NFTs, including but not limited to:

  • The European Union’s Anti-Money Laundering Directives (AMLD 5, AMLD 6) and AML Regulation (EU) 2024/1624, which extend AML obligations to virtual asset service providers (VASPs) and platforms facilitating NFT transactions.
  • Latvian national AML legislation, including licensing, registration, customer due diligence, and reporting requirements for providers of virtual asset services.
  • Guidance and recommendations issued by the Financial Action Task Force (FATF) regarding virtual assets and virtual asset service providers.
  • Receive a copy of your personal data in a portable format.
  • Applicable sanctions regimes and other relevant international legal frameworks.

NFTake commits to continuously monitoring legislative developments and adapting its AML/CTF policies and procedures to remain compliant with all current and future regulatory requirements applicable to NFTs and digital goods.

3. Key Definitions

Precise definitions ensure clarity and consistency throughout NFTake’s AML/CTF processes:

  • NFT (Non-Fungible Token): A cryptographically unique digital asset recorded on blockchain technology, representing exclusive ownership or authenticity of a digital or tangible item. NFTs differ fundamentally from fungible cryptocurrencies by their indivisibility and uniqueness.
  • Customer/User: Any natural or legal person accessing or transacting on NFTake’s platform, including minting, purchasing, selling, or transferring NFTs. Customers may range from retail users to professional traders and institutions.
  • Beneficial Owner: The natural person(s) exercising ultimate control or ownership over a Customer, directly or indirectly. This includes individuals holding more than 25% of shares or voting rights, senior management in cases of opaque ownership, and persons exercising decisive influence through legal or factual arrangements.
  • Occasional Transaction: Any NFT transaction conducted outside a formalized, ongoing business relationship, typically one-off sales or purchases.
  • Politically Exposed Person (PEP): Individuals holding or having held prominent public roles, such as heads of state, senior politicians, judges, senior military officers, or close family members and associates thereof. PEPs pose heightened ML/TF risks due to their exposure to corruption.
  • Threshold: A financial value (€3,000) triggering mandatory CDD and enhanced AML controls. For NFTake, this applies to single or aggregated transactions.
  • Enhanced Due Diligence (EDD): Additional, rigorous customer verification and transaction scrutiny measures applied for high-value or high-risk customers or transactions.
  • Suspicious Transaction: Any transaction or activity reasonably suspected to be related to ML/TF, including those inconsistent with customer profiles, unusually complex, or involving sanctioned parties.

NFTake SIA
Email: [email protected]

4. Organizational Structure and Responsibilities

To uphold effective AML/CTF controls, NFTake has established a clear governance and operational structure:

  • Management Board: Holds ultimate responsibility for ensuring that NFTake complies fully with AML/CTF regulations. The Board approves the AML/CTF Policy, allocates sufficient resources, oversees implementation, and receives comprehensive AML risk and compliance reports at least annually. The Board ensures that NFTake’s overall strategy incorporates AML risk awareness and mitigation consistent with the scale and complexity of our NFT business model.
  • Responsible Person: A designated Board member appointed to coordinate and supervise AML/CTF activities at the highest management level, ensuring the Board remains fully informed of risks and compliance status. This person facilitates communications between the AML team and senior leadership.
  • AML Compliance Officer (AMLRO): Appointed at senior management level, the AMLRO is entrusted with independent authority to implement and enforce the AML/CTF framework. Key responsibilities include:
    • Developing and regularly updating AML policies and procedures;
    • Conducting enterprise-wide ML/TF risk assessments;
    • Overseeing customer identification and verification processes;
    • Monitoring transactions and investigating unusual or suspicious activity;
    • Filing SARs with Latvian FIU and liaising with regulators;
    • Delivering mandatory AML/CTF training to all relevant personnel;
    • Coordinating internal and external AML audits.
  • Deputy AMLRO: Supports the AMLRO and acts with full authority during the AMLRO’s absence, ensuring continuity of AML functions.
  • Employees and Contractors: All personnel involved in customer onboarding, transaction processing, or compliance functions are required to understand AML risks, adhere to this Policy, participate in training, and promptly report suspicious activities through established internal channels. NFTake fosters a compliance culture where AML responsibilities are integral to every role.

NFTake maintains the AMLRO and compliance functions independent from operational and sales divisions to avoid conflicts of interest and ensure objective decision-making.

5 Risk Management

5.1 Risk Summary

Overview

NFTake operates in the rapidly evolving and technologically complex NFT market, which presents unique financial crime risks. The decentralized, pseudonymous nature of blockchain transactions combined with the innovative attributes of NFTs—such as uniqueness, ease of transfer, and potential valuation volatility—requires a sophisticated, dynamic, and risk-based AML/CTF approach.

Our Risk Summary outlines the identification, assessment, and mitigation of ML/TF risks related to customers, transactions, products, services, and delivery channels, reflecting the expectations of European Union AML Regulation (EU) 2024/1624, AML Directive VI, Latvian AML legislation, and FATF guidelines.

Customer Risk

NFTake evaluates customer risk based on multiple criteria:

  • Customer Type and Profile:
    • Natural persons with straightforward backgrounds generally pose lower risk, provided their identities are verified.
    • Legal persons and entities, particularly those with complex or opaque ownership structures, present increased risk due to potential for concealment of beneficial ownership or involvement in illicit activity.
    • Politically Exposed Persons (PEPs), their relatives, and close associates represent heightened risk due to potential corruption exposure.
  • Geographical Risk:
    • Customers originating from or transacting with jurisdictions identified as high-risk or subject to sanctions (per FATF, EU, Latvian regulators) warrant enhanced scrutiny.
    • Countries with weak AML regimes, pervasive corruption, or known terrorist financing concerns increase customer risk.
  • Behavioral and Reputation Risk:
    • Customers linked to adverse media, criminal investigations, or flagged by international databases are high-risk.
    • Use of privacy-enhancing technologies or attempts to evade standard identification protocols elevate risk profiles.

Transaction Risk

Transaction risk assessment focuses on the nature and pattern of NFT-related activities:

  • Transaction Value and Frequency:
    • Large, one-off transactions exceeding the €3,000 threshold, especially those above €10,000, are inherently higher risk.
    • Frequent, high-volume trading inconsistent with customer profiles may indicate layering or integration of illicit proceeds.
  • Complexity and Structure:
    • Transactions involving multiple wallets, rapid asset transfers, or mixing services obscure fund origins and complicate traceability.
    • Cross-border transactions increase jurisdictional complexity and regulatory challenges.
  • Transaction Patterns Indicative of ML/TF:
    • Wash trading—simultaneous buy-sell transactions artificially inflating NFT values.
    • Overpaying to legitimize illicit funds.
    • Use of newly created or dormant wallets suddenly engaging in high-value transfers.
  • Involvement of Sanctioned Entities:
    • Any transactions linked to sanctioned individuals, entities, or countries trigger maximum risk classification and immediate action.

Product and Service Risk

NFTake’s products and services carry distinct risks that inform our AML controls:

  • NFT Characteristics:
    • NFTs’ uniqueness and non-fungibility can mask illicit value transfers.
    • Rapid transferability facilitates quick movement of assets across jurisdictions.
    • Lack of standardized pricing models increases susceptibility to valuation manipulation.
  • Platform Features:
    • Decentralized features or integration with DeFi may introduce additional anonymity and risk.
    • Smart contract capabilities can be exploited to layer transactions or conceal ownership.
  • Service Offering:
    • Marketplace functions such as minting, auctions, and secondary sales create diverse transaction types requiring tailored monitoring.

Delivery Channel Risk

NFTake’s products and services carry distinct risks that inform our AML controls:

  • Remote Onboarding:
    • The predominance of remote, online onboarding increases risks related to identity fraud, impersonation, and insufficient verification.
  • Decentralized Exchanges and Wallets:
    • Integration with decentralized wallets and third-party platforms may reduce traceability and increase risk of illicit activity.
  • Use of Privacy Technologies:
    • Adoption of privacy coins, mixers, and anonymizers in user transactions compounds AML challenges.

Risk Mitigation Measures

NFTake applies a robust suite of controls to manage identified risks effectively:

  • Risk-Based Customer Segmentation: Customers and transactions are classified by risk level to apply proportional CDD, EDD, and monitoring.
  • Comprehensive KYC/CDD Procedures: Mandatory identification and verification from €3,000 threshold upwards, supplemented by remote KYC technologies.
  • Transaction Monitoring: Real-time automated and manual surveillance to detect suspicious activity patterns.
  • Sanctions Screening: Continuous and comprehensive sanctions list checks on all users and transactions.
  • Enhanced Controls for High-Risk Profiles: Tailored EDD procedures, senior management reviews, and frequent profile updates.
  • Staff Training and Awareness: Continuous education ensures all employees understand evolving risks and compliance obligations.
  • Collaboration with Regulators: Prompt reporting of suspicious activity and cooperation with authorities support broader AML/CTF efforts.

Conclusion

NFTake’s risk assessment and management framework are designed to be adaptive and responsive to the unique characteristics and emerging risks of the NFT market.

By integrating regulatory standards with innovative technology and rigorous operational processes, NFTake strives to safeguard its platform against ML/TF threats while fostering a transparent, secure, and trustworthy environment for users globally.

5.2 Risk Assessment Framework

NFTake employs a comprehensive, quantitative risk assessment framework critical to identifying, evaluating, and mitigating ML/TF risks inherent in the NFT ecosystem. This structured approach allows us to allocate resources efficiently and apply AML/CTF measures proportionate to risk levels.

Risk Factors and Scoring

NFTake assigns weighted scores across the following key categories:

  • Customer Risk (weight: 40%)
    • Customer Type (individual, corporate, trust)
    • Beneficial Ownership Transparency
    • PEP Status
    • Jurisdiction of Residence and Operation (FATF high-risk countries, sanction lists)
    • Use of anonymity or privacy-enhancing technologies
  • Transaction Risk (weight: 30%)
    • Transaction Size (single and aggregated)
    • Transaction Frequency and Velocity
    • Complexity (multiple wallet chains, mixing)
    • Cross-jurisdictional nature
    • Involvement of sanctioned entities
  • Product and Service Risk (weight: 20%)
    • NFT type and valuation volatility
    • Marketplace functions used (minting, auctions, secondary sales)
    • Use of smart contracts or DeFi integration
  • Delivery Channel Risk (weight: 10%)
    • Remote onboarding vs. in-person
    • Decentralized wallets or third-party platforms
    • Use of privacy coins, mixers, or tumblers

Risk Scoring and Categories

Each factor is scored on a scale from 1 (low risk) to 5 (high risk). Weighted scores are aggregated to produce an overall risk score:

  • Low Risk: 1.0 – 1.9
  • Standard Risk: 2.0 – 2.9
  • High Risk: 3.0 – 3.9
  • Unacceptable Risk: 4.0 – 5.0

Risk category determines the level of due diligence, transaction monitoring, and senior management oversight applied.

Periodic Review and Updates

  • Risk assessments are reviewed and updated at minimum annually or upon significant regulatory, operational, or threat environment changes.
  • Customers and transactions undergo dynamic risk re-assessment based on new data or suspicious activity.
  • Updated risk profiles and mitigation plans are reported to the Management Board for oversight.

Documentation

NFTake documents all risk assessments, methodologies, scoring results, and decisions related to risk acceptance, mitigation, or rejection. This documentation supports audit readiness and regulatory compliance.

Brief of the framework

NFTake employs a comprehensive, dynamic risk assessment framework integral to the effective management of AML/CTF risks inherent to NFT markets. Recognizing that ML/TF risks evolve rapidly with technological advancements and market trends, this framework ensures continual identification, evaluation, and mitigation of threats associated with customers, transactions, products, services, and jurisdictions.

Customer Risk

NFTake evaluates customers based on various criteria, including but not limited to:

  • Customer Type: Differentiating between individuals, corporations, trusts, and other entities, with legal persons and complex ownership structures presenting higher inherent risk due to opacity.
  • Geographical Risk: Customers from high-risk jurisdictions identified by FATF, EU, or Latvian authorities are subject to additional scrutiny, considering the regulatory environment, corruption indices, and ML/TF typologies prevalent in those regions.
  • PEP Status: Customers identified as PEPs or associated with PEPs undergo enhanced monitoring due to their potential exposure to corruption and illicit activities.
  • Reputation and Activity: Screening for adverse media, criminal records, or connections to high-risk industries.
  • Use of Privacy-Enhancing Technologies: Customers employing anonymizing tools, mixers, or privacy coins warrant elevated attention.

Transaction Risk

Transactions are assessed for risk factors including:

  • Value: Transactions equal to or exceeding €3,000 trigger mandatory CDD, with values above €10,000 subject to enhanced due diligence.
  • Frequency and Volume: High-frequency or high-volume transactions inconsistent with the customer’s profile may indicate layering or integration phases of ML.
  • Complexity and Patterns: Use of multiple wallets, rapid transfers between unrelated accounts, or activity suggesting wash trading or artificial price inflation raise red flags.
  • Cross-Jurisdictional Elements: Transactions involving sanctioned or high-risk jurisdictions are inherently risky and subject to stricter controls.

Product and Service Risk

NFTs’ uniqueness, their valuation volatility, and the relative novelty of the market increase susceptibility to ML/TF risks. Key product risks include:

  • Valuation Manipulation: Artificially inflating NFT prices to legitimize illicit funds.
  • Ease of Transfer: NFTs can be transferred quickly and anonymously across wallets and platforms, complicating traceability.
  • Use of Smart Contracts: Complex smart contract features may be exploited to obscure transaction trails.

Delivery Channel Risk

The predominance of remote onboarding and use of decentralized marketplaces pose elevated risks, necessitating robust remote KYC procedures and transaction monitoring.

Risk Categorization and Management

NFTake assigns weighted scores to these factors, categorizing customers and transactions into low, standard, high, or unacceptable risk levels. High-risk profiles trigger enhanced controls, additional verification, and senior management oversight, while unacceptable risk leads to refusal or termination of service. Risk assessments are reviewed at minimum annually or when triggered by significant regulatory updates or operational changes.

5.3 Detection and Prevention of Wash Trading and Price Manipulation

NFTake recognizes that wash trading, price manipulation, and self-dealing represent significant risks in the NFT marketplace, potentially facilitating money laundering, market distortion, and fraudulent activity. As such, the platform employs specific measures to detect, prevent, and respond to these illicit practices.

5.3.1 Wash Trading and Self-Dealing

NFTake recognizes that wash trading, price manipulation, and self-dealing represent significant risks in the NFT marketplace, potentially facilitating money laundering, market distortion, and fraudulent activity. As such, the platform employs specific measures to detect, prevent, and respond to these illicit practices.

  • Definition: Wash trading involves the same user or colluding parties repeatedly buying and selling the same NFT to artificially inflate its price or trading volume, creating a false market impression. Self-dealing occurs when users transact with themselves through multiple wallets to launder funds or manipulate values.
  • Risk Factors: These activities can distort market prices, legitimize illicit funds, and obscure true ownership, undermining trust in the platform and exposing NFTake to regulatory and reputational risk.

5.3.2 Monitoring and Detection Tools

  • NFTake employs advanced blockchain analytics and machine learning algorithms to identify patterns consistent with wash trading and price manipulation. These include:
    • Rapid buy-sell cycles of the same NFT across multiple wallets.
    • Unusual spikes in trading volume uncorrelated with market demand.
    • Transactions involving wallets with shared ownership or suspicious linkages.
    • Sales at prices significantly above market valuation without economic justification.
  • Alerts generated by monitoring tools are subject to manual compliance review and investigation.

5.3.3 Preventive Controls

  • Transaction Limits: NFTake enforces thresholds and transaction limits that reduce opportunities for artificial inflation, especially for newly minted or low-liquidity NFTs.
  • User Behavior Profiling: Behavioral analytics identify users exhibiting suspicious trading patterns indicative of wash trading or self-dealing.
  • Wallet Linkage Analysis: Continuous assessment of wallet connections to identify users controlling multiple wallets involved in suspicious activity.

5.3.4 Response and Enforcement

  • Confirmed cases of wash trading or price manipulation lead to:
    • Suspension or termination of involved user accounts.
    • Reversal or freezing of suspicious transactions or assets.
    • Filing of Suspicious Activity Reports (SARs) with Latvian Financial Intelligence Unit (FIU) or other relevant authorities.
  • NFTake reserves the right to refuse services or take legal action against parties involved in fraudulent market manipulation.

6. Customer Due Diligence (CDD) and Know Your Customer (KYC)

NFTake’s Customer Due Diligence (CDD) program ensures that all customers are accurately identified and verified prior to engaging in NFT transactions above the €3,000 threshold. This process protects the platform from misuse by illicit actors and complies fully with EU AML Regulation and Latvian law.

6.1 Customer Identification and Verification Requirements

  • Natural Persons:
    • Government-issued photo ID (passport, national identity card, or driver’s license).
    • Proof of residential address dated within the last three months (utility bill, bank statement, government correspondence).
    • Selfie or video verification for biometric confirmation using facial recognition and liveness detection technology.
  • Legal Entities:
    • Certificate of incorporation or equivalent registration document.
    • Documentation of the registered office address.
    • List of directors and shareholders holding more than 25% ownership or voting rights.
    • Verification of beneficial owners through official registries, corporate filings, or reliable third-party databases.

6.2 Verification Methods

  • Document Verification: All identity and corporate documents are verified for authenticity using trusted third-party providers that perform OCR, forgery detection, and validation against government databases where available.
  • Remote Verification: Given the online nature of NFTake’s platform, remote verification methods include:
    • Live video identification calls with trained agents.
    • Automated facial recognition matching the ID document photo to live selfie images.
    • Liveness detection to prevent spoofing or impersonation.
  • Sanctions and PEP Screening: Customers are screened against up-to-date sanctions lists (UN, EU, OFAC) and PEP databases at onboarding and on a regular schedule thereafter. Alerts trigger enhanced review or refusal of service.

6.3 Beneficial Ownership Verification

  • NFTake identifies and verifies beneficial owners of all corporate customers to prevent abuse of legal entities for ML/TF purposes.
  • When beneficial ownership information is unclear or unavailable, NFTake conducts additional investigations or may refuse onboarding.
  • Complex ownership structures undergo heightened scrutiny with involvement from senior compliance personnel.

6.4 Ongoing Customer Information Updates

  • Customer data is reviewed and updated periodically, at least annually or when triggered by significant transaction activity or risk changes.
  • Failure to provide updated information when requested may result in account restrictions or suspension.

6.5 Periodic Customer Information Updates and Risk Re-assessment

NFTake is committed to maintaining up-to-date customer information and regularly reassessing risk to ensure ongoing compliance with AML/CTF requirements and to promptly detect changes that may indicate increased risk.

Regular Updating of Customer Information

  • Scheduled Reviews:
    • Customer identification data and risk profiles are reviewed at least once every 12 months for standard-risk customers.
    • High-risk customers, including PEPs and those subject to enhanced due diligence, are reviewed more frequently, typically every 6 months or as required by risk changes.
  • Trigger-Based Updates:
    • Reviews are also conducted upon trigger events such as significant changes in transaction behavior, ownership structure, or when new information arises from public sources or adverse media.
    • Requests for updated identification, proof of address, or beneficial ownership information are made proactively.

Risk Re-assessment

  • Dynamic Risk Profiling: Customer risk scores are recalculated following each information update or upon detection of unusual activity.
    • Significant risk increases may result in the customer being moved to a higher risk category, triggering enhanced monitoring and due diligence.
  • Failure to Update Information:
    • Customers who do not respond to requests for updated documentation or information within specified timeframes may face temporary account restrictions, suspension, or termination of services.
    • Continued non-compliance leads to escalation and possible reporting to authorities.

Documentation and Audit

  • All updates and risk re-assessments are documented, including the rationale for changes in risk classification and actions taken.
  • Records are maintained securely to support regulatory audits and internal compliance reviews.

7. Enhanced Due Diligence (EDD)

Enhanced Due Diligence (EDD) represents a critical layer of scrutiny applied to customers and transactions deemed high-risk due to value, profile, or behavioral indicators. NFTake implements EDD to mitigate elevated money laundering and terrorist financing risks, ensuring compliance with EU AML Regulation and Latvian law.

7.1 Triggers for EDD Application

NFTake applies EDD measures in the following cases:

  • High-Value Transactions: Any single or aggregated NFT transaction equal to or exceeding €10,000.
  • Politically Exposed Persons (PEPs): Customers identified as PEPs, their family members, or close associates, given their heightened risk of corruption exposure.
  • High-Risk Jurisdictions: Customers located in or transacting with countries identified by FATF or relevant authorities as high-risk or having strategic AML deficiencies.
  • Complex or Opaque Ownership Structures: Legal entities with layered or unclear ownership requiring additional investigation to identify beneficial owners.
  • Use of Privacy Technologies: Customers using privacy coins, mixers, tumblers, or decentralized finance (DeFi) instruments that obscure asset origin.
  • Suspicious Behavioral Patterns: Unusual transaction patterns inconsistent with known customer profiles or economic activity, suggesting possible layering or concealment of illicit funds.

7.2 EDD Procedures

When EDD is triggered, NFTake conducts the following:

  • Enhanced Identification: Collection of additional identification documents beyond standard CDD requirements, such as multiple government-issued IDs, recent financial statements, tax returns, or corporate filings.
  • Verification of Source of Funds and Wealth: Detailed documentation and analysis of the customer’s legitimate source of funds and overall wealth, including bank statements, salary slips, inheritance documents, or business income records.
  • Purpose and Nature of Transactions: In-depth inquiry and documentation of the reasons for high-value or complex NFT transactions to ensure they align with the customer’s profile and declared economic activity.
  • 44444444Senior Management Approval: All EDD cases require documented approval from senior compliance management or the AML Compliance Officer before proceeding with onboarding or transaction completion.444444
  • Enhanced Monitoring: EDD customers are subject to more frequent and detailed transaction monitoring, with regular updates to their risk profiles.
  • Detailed Record-Keeping: NFTake maintains comprehensive records of all additional documentation, verification steps, approvals, and decisions made under EDD to support regulatory audits and investigations.

7.3 Refusal and Termination

  • NFTake reserves the right to refuse onboarding or terminate the relationship with any customer who fails to provide satisfactory EDD information or who presents unacceptable risk despite EDD efforts.
  • Suspicious cases identified during EDD are escalated for suspicious activity reporting (SAR) to the Latvian Financial Intelligence Unit.

8. Ongoing Monitoring and Transaction Surveillance

Continuous, proactive monitoring of customer behavior and transaction activity is essential to NFTake’s AML/CTF framework. This allows early detection of suspicious transactions or unusual patterns that may indicate money laundering, terrorist financing, fraud, or other illicit activities.

8.1 Monitoring Framework

NFTake uses a layered, risk-based monitoring system combining advanced technology with expert manual review:

  • Automated Blockchain Analytics: Specialized forensic tools analyze NFT transactions across blockchains in real-time. These tools identify patterns consistent with ML/TF typologies such as wash trading (where an NFT is sold to oneself or colluding parties to inflate value), rapid asset transfers designed to obscure origin, layering, and attempts to circumvent AML controls. Wallet clustering and fund flow tracing help detect suspicious connections between addresses.
  • Transaction Threshold Alerts: Transactions exceeding predefined thresholds (€3,000 for triggering CDD, €10,000 for EDD) or unusual frequency or volume generate system alerts for further investigation. Alerts also consider deviations from the customer’s typical transaction profile.
  • Sanctions and PEP Screening: All transactions undergo real-time screening against updated sanctions and politically exposed persons (PEP) lists. Hits prompt immediate review and potential blocking.
  • Manual Compliance Review: Compliance officers investigate flagged transactions and patterns. Investigations include customer profile review, transaction history analysis, and requests for additional information from customers where appropriate.
  • Dynamic Risk Profile Updates: Customer risk profiles are updated continuously based on transactional behavior, new external intelligence, and emerging threats. Higher-risk customers receive more frequent and detailed monitoring.

8.2 Suspicious Activity Indicators

NFTake recognizes various red flags, including but not limited to:

  • Transactions significantly exceeding normal market value, possibly to legitimize illicit funds.
  • Rapid transfers between multiple unrelated wallets or across several NFT platforms to hide transaction origins.
  • Use of new or dormant wallets suddenly engaging in high-value trades.
  • Complex transaction chains with multiple intermediate wallets or mixing services.
  • Sudden, unexplained changes in trading behavior or volume inconsistent with customer profile.
  • Transactions involving sanctioned individuals, entities, or high-risk jurisdictions.

8.3 Escalation and Reporting

Suspicious transactions identified during monitoring are escalated promptly to the AML Compliance Officer for assessment and, if warranted, reporting to the Latvian Financial Intelligence Unit (FIU). The escalation process ensures timely investigation, documentation, and adherence to regulatory deadlines.

9. Suspicious Activity Reporting (SAR) and Record-Keeping

NFTake has established rigorous procedures to ensure timely, accurate, and confidential reporting of suspicious activity to the relevant authorities, alongside secure maintenance of all AML-related records.

9.1 Suspicious Activity Reporting (SAR)

  • Internal Reporting: All NFTake employees and contractors are required to promptly report any suspicious transaction or activity to the AML Compliance Officer (AMLRO) via designated internal channels. Suspicious activity includes, but is not limited to, transactions that are inconsistent with a customer’s profile, unusually complex, lacking apparent economic or lawful purpose, or potentially related to sanctions violations.
  • Assessment and Investigation: Upon receiving a report, the AMLRO conducts a detailed review of the transaction and associated customer data. This includes verifying the accuracy of information, requesting additional documents or explanations from customers if necessary, and analyzing whether the transaction meets regulatory thresholds for reporting.
  • Filing SARs: Confirmed suspicious activities are reported to the Latvian Financial Intelligence Unit (FIU), known as the General Financial Intelligence Unit (GIIF), within the legally prescribed timeframe, typically no later than two working days after suspicion arises. Reports contain comprehensive information, including the customer’s identity, transaction details, and reasons for suspicion, supported by all relevant evidence.
  • Confidentiality and Legal Protection: All SARs and related investigations are treated with strict confidentiality. Disclosure of the fact that a SAR has been filed is prohibited, except to authorized regulatory or law enforcement bodies. Employees reporting suspicious activity are protected by legal frameworks that shield whistleblowers from retaliation.
  • Cooperation with Authorities: NFTake cooperates fully with the FIU and other competent authorities during investigations, providing additional information or documents promptly upon request.

9.2 Record-Keeping

  • Data Retention: NFTake securely retains all AML-related records—including customer identification data, transaction histories, risk assessments, SARs, and correspondence—for a minimum of five (5) years from the end of the business relationship or last transaction date, whichever is later. Retention periods may be extended where required by law or ongoing investigations.
  • Security and Access Control: Records are stored using encrypted, access-controlled systems to maintain confidentiality and data integrity. Only authorized personnel involved in AML compliance and regulatory oversight may access these records.
  • Audit and Regulatory Access: Records must be readily retrievable and presented to regulatory authorities or auditors upon lawful request to facilitate inspections, investigations, and compliance reviews.
  • Data Integrity: NFTake implements procedures to prevent unauthorized alteration, deletion, or destruction of AML records, including regular backups and audit trails.

10. Sanctions Compliance and Prohibited Transactions

NFTake is committed to full compliance with all applicable international sanctions regimes to prevent facilitating illicit activities and to uphold global security and financial integrity.

10.1 Sanctions Screening

  • Comprehensive Screening Program: All NFTake users and transactions undergo thorough screening against updated sanctions lists maintained by the United Nations Security Council, European Union, United States Office of Foreign Assets Control (OFAC), and other relevant national and international bodies.
  • Automated and Manual Controls: Initial sanctions screening is automated through integrated compliance software that cross-references users’ identities, wallet addresses, and transaction counterparties against sanctions databases. Any matches or potential hits are flagged for manual review to ensure accuracy and prevent false positives.
  • Continuous Monitoring: Sanctions screening is not a one-time check. NFTake performs ongoing screening throughout the lifecycle of customer relationships and transactions to detect new sanctions designations or changes in risk status.
  • Enhanced Screening for High-Risk Customers and Transactions: Higher-risk categories—such as PEPs, customers from sanctioned or high-risk jurisdictions, and large transactions—are subject to more frequent and detailed screening and monitoring.

10.2 Enforcement and Prohibition

  • Blocking and Freezing: NFTake immediately blocks and freezes any accounts, assets, or transactions associated with sanctioned persons, entities, or jurisdictions upon detection. Frozen assets remain inaccessible until legally authorized for release.
  • Service Denial: The platform refuses service to individuals, entities, or jurisdictions subject to sanctions or otherwise implicated in illicit activities. This includes preventing onboarding and terminating existing relationships where sanctions exposure is identified.
  • Reporting Obligations: All sanctions-related hits and enforcement actions are promptly reported to the appropriate regulatory authorities in Latvia and internationally as required by law.
  • Compliance Culture: NFTake maintains strict internal policies and employee training programs to ensure all staff understand sanctions risks, legal obligations, and reporting procedures to prevent inadvertent breaches.
  • Record Keeping: Detailed records of all sanctions screenings, investigations, decisions, and enforcement actions are maintained to provide full audit trails for regulators and internal compliance.

11. Employee Training and Awareness

NFTake recognizes that a knowledgeable and vigilant workforce is fundamental to the success of its AML/CTF program. Comprehensive training ensures all employees understand their responsibilities and are equipped to identify and respond to potential financial crimes.

11.1 Training Program

  • Initial Induction Training: All new employees in relevant roles, including compliance officers, customer onboarding staff, and operational personnel, receive thorough AML/CTF training during onboarding. This training covers applicable laws, internal policies, specific risks related to NFTs and virtual assets, and practical procedures for identifying and reporting suspicious activity.
  • Annual Refresher Courses: Employees participate in mandatory annual refresher courses that update them on changes in AML legislation, emerging money laundering and terrorist financing typologies, new regulatory expectations, and any updates to internal policies or systems.
  • Role-Specific Training Modules: Specialized training is provided for staff in high-risk or sensitive functions, such as compliance, legal, customer support, and senior management, focusing on deeper aspects of AML controls, enhanced due diligence, and sanctions compliance.
  • Practical Exercises and Case Studies: Training incorporates scenario-based exercises and real-world case studies to enhance understanding of suspicious activity indicators, transaction monitoring techniques, and the SAR reporting process.
  • Training Records: NFTake maintains detailed records of all training activities, including participant lists, training materials, attendance, and assessment results, to demonstrate compliance with regulatory requirements and for internal audit purposes.

11.2 Awareness and Communication

  • Regular Updates and Alerts: Compliance bulletins, newsletters, and AML alerts are distributed regularly to keep employees informed about emerging threats, regulatory changes, and internal procedural updates.
  • Promoting a Compliance Culture: NFTake fosters an environment where compliance is valued and encouraged. Management actively supports ethical behavior, open communication, and prompt reporting of suspicious activities.
  • Feedback Mechanisms: Employees are encouraged to provide feedback on training effectiveness and suggest improvements to AML processes, ensuring continuous enhancement of the program.

12. Internal Controls and Audit

Robust internal controls and independent audits are essential components of NFTake’s AML/CTF framework, ensuring the effectiveness, compliance, and continual improvement of our financial crime prevention measures.

12.1 Internal Controls

  • Policies and Procedures: NFTake maintains clearly documented AML/CTF policies and procedures that are regularly reviewed and updated to reflect regulatory changes and operational needs. These policies provide detailed guidance to employees on their roles and responsibilities in AML compliance.
  • Segregation of Duties: To minimize risk of fraud or conflicts of interest, NFTake implements strict segregation of duties between compliance, operations, finance, and IT functions. Critical AML controls such as customer verification, transaction monitoring, and suspicious activity reporting are handled independently from business development or sales teams.
  • Transaction Reviews: Routine and ad hoc transaction reviews are conducted to identify potentially suspicious activity beyond automated monitoring. This includes periodic sampling of transactions, with escalation protocols for findings requiring further investigation.
  • Exception Management: Defined processes exist to handle exceptions, including documentation of decisions to proceed with or reject transactions that fall outside normal parameters, with appropriate approvals and audit trails.
  • Record-Keeping and Documentation: All AML activities, including risk assessments, customer verification, transaction monitoring, SAR filing, and training, are fully documented and securely maintained to support accountability and regulatory compliance.

12.2 Audit and Compliance Reviews

  • Internal Audits: NFTake conducts periodic internal audits of its AML program to assess compliance with policies, regulatory obligations, and effectiveness of controls. Audit results are reported to senior management and the Board, with identified weaknesses promptly addressed through remediation plans.
  • External Audits: Independent third-party audits are commissioned periodically to provide objective evaluations of NFTake’s AML controls and adherence to applicable laws. These audits support continuous improvement and provide assurance to regulators and stakeholders.
  • Continuous Improvement: Findings from audits, regulatory feedback, and operational experience are used to update policies, enhance systems, and improve staff training, ensuring NFTake’s AML program evolves with emerging risks and best practices.

13. Confidentiality and Data Protection

NFTake is committed to safeguarding the confidentiality and privacy of all AML-related data and complying fully with applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and Latvian national legislation.

13.1 Data Security and Access Control

  • Secure Storage: All AML-related information—including customer identification documents, transaction data, risk assessments, and suspicious activity reports—is stored using advanced encryption technologies and secure databases with access restricted to authorized compliance personnel only.
  • Access Management: Access to sensitive AML data is controlled via strict role-based permissions. Employees and contractors are granted access only to the extent necessary for their job functions, with regular reviews to ensure appropriate access levels.
  • Data Minimization: NFTake collects and retains only the minimum amount of personal and transactional data necessary to fulfill AML obligations and regulatory requirements, avoiding unnecessary processing.

13.2 Confidentiality of Suspicious Activity Reports (SARs)

  • Protected Information: Details of SARs and any related internal investigations are strictly confidential and may not be disclosed to customers, third parties, or any persons not authorized under law or regulation.
  • Legal Safeguards: Disclosure of SARs or the fact that a SAR has been filed is prohibited except to competent authorities or where legally required. This protection preserves the integrity of investigations and prevents tipping off.

13.3 Data Retention and Disposal

  • Retention Period: AML data is retained for a minimum of five (5) years following the end of the business relationship or the date of the last transaction, in accordance with regulatory requirements.
  • Secure Disposal: After the retention period, data is securely deleted or anonymized using approved data destruction techniques to prevent unauthorized recovery or use.

13.4 Breach Response and Reporting

  • Incident Management: NFTake maintains documented procedures for promptly detecting, responding to, and mitigating any data breaches involving AML information.
  • Notification: Where a data breach poses a risk to individuals’ rights or regulatory obligations, NFTake will notify supervisory authorities and affected data subjects as required by GDPR and applicable law.

14. Whistleblowing Procedure

NFTake fosters a culture of transparency, integrity, and accountability by providing secure, confidential channels for employees and other stakeholders to report concerns related to AML/CTF compliance without fear of retaliation.

14.1 Reporting Channels

  • Anonymous and Confidential Reporting: NFTake offers multiple secure avenues—including dedicated hotlines, email addresses, and online portals—that allow employees, contractors, and third parties to report suspicious behavior, policy violations, or unethical conduct anonymously or confidentially.
  • Accessibility: Reporting mechanisms are clearly communicated to all personnel and are accessible at all times, ensuring ease of use and encouraging proactive reporting of concerns.

14.2 Protection Against Retaliation

  • Non-Retaliation Policy: NFTake strictly prohibits retaliation, harassment, or any adverse action against whistleblowers who report concerns in good faith. This policy applies equally to all employees, contractors, and third parties.
  • Confidentiality: The identity of whistleblowers is protected to the fullest extent possible, consistent with legal requirements and investigation needs.

14.3 Investigation and Follow-Upn

  • Prompt and Thorough Investigations: All whistleblowing reports related to AML/CTF issues are promptly investigated by independent compliance or audit teams with appropriate expertise.
  • Documentation: Investigations and outcomes are fully documented and communicated to senior management, with corrective or disciplinary actions taken when necessary.
  • Feedback to Whistleblowers: Where possible and appropriate, whistleblowers receive feedback on the status or outcomes of their reports, reinforcing trust and accountability.

14.4 Training and Awareness

  • Regular training ensures employees understand the importance of whistleblowing, how to report concerns, and their protections under this policy.

15. Policy Review and Amendments

To ensure that NFTake’s AML/CTF Policy remains effective, compliant, and aligned with evolving risks and regulatory requirements, a formal policy review and amendment process is established.

15.1 Regular Review

  • Annual Review: The AML/CTF Policy is reviewed at least once every 12 months. This review assesses the adequacy of controls, compliance with current laws and regulations, and alignment with industry best practices.
  • Risk and Operational Changes: Reviews also occur promptly in response to significant changes in the risk environment, including emerging money laundering or terrorist financing threats, changes in the NFT market landscape, technological developments, or regulatory updates.

15.2 Roles and Responsibilities

  • Compliance Team: The AML Compliance Officer (AMLRO) is responsible for coordinating the review process, incorporating feedback from audits, regulatory findings, and internal risk assessments.
  • Management Board: The Board reviews and approves all major policy amendments, ensuring strategic oversight and resource allocation to AML/CTF compliance.

15.3 Communication of Changes

  • Internal Communication: Employees and contractors are promptly informed of any material changes to the policy via official communication channels and updated training programs.
  • User Notification: Significant amendments affecting users’ rights or obligations are communicated through the platform, via email, or other appropriate means, ensuring transparency.

15.4 Acceptance and Implementation

  • Continued use of NFTake’s services following policy updates constitutes acceptance of the amended terms and conditions.
  • The compliance team ensures updated policies are effectively implemented across all operational areas and integrated into staff training and system controls.