Policies

Anti-Money Laundering and Know-Your-Customer Policy

Last updated: 13 May 2026.

This Policy describes how Next Solutions Corp. ("Next Solutions Corp", "we", "us", "our") complies with its obligations under the Canadian Proceeds of Crime (Money Laundering) and Terrorist Financing Act ("PCMLTFA"), the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations ("PCMLTFR"), guidance issued by the Financial Transactions and Reports Analysis Centre of Canada ("FINTRAC"), Canadian sanctions law, and the Canadian implementation of the OECD Crypto-Asset Reporting Framework ("CARF").

We summarise the public-facing aspects of our anti-money laundering and counter-terrorist financing programme (the "AML Programme") here. The full programme — including internal procedures, training materials, transaction-monitoring scenarios and risk assessment — is maintained on our internal systems and is available to FINTRAC, the Canada Revenue Agency and other competent authorities on request.

1. Our regulatory status

Next Solutions Corp is registered with FINTRAC as a Money Services Business with the virtual-currency dealing permission. Registration can be verified on the FINTRAC public MSB registry at fintrac-canafe.canada.ca/msb-esm/public-search/search-page. Our business activity falls within the definition of "dealing in virtual currency" under the PCMLTFR — specifically, the exchange of virtual currency for fiat currency and vice versa.

Our designated Compliance Officer is responsible for the AML Programme, reports directly to senior management, and is the point of contact for FINTRAC and for law-enforcement agencies. The Compliance Officer can be reached at compliance@nextsolutionscorp.com.

2. What we do to prevent money laundering and terrorist financing

Our AML Programme is built around six pillars required by the PCMLTFA and FINTRAC guidance:
1. Appointment of a Compliance Officer with sufficient authority, resources and access to senior management.
2. A documented and risk-based Compliance Programme, reviewed by senior management and tested by independent effectiveness review at least every two years.
3. Customer due diligence at onboarding and on an ongoing basis, calibrated to the customer's risk profile.
4. Transaction monitoring and reporting, including mandatory reports to FINTRAC.
5. Record-keeping for the period required by law.
6. Training for all staff who interact with customers or with transaction data.

The sections that follow describe each of these in a level of detail appropriate for a public-facing policy.

3. Customer due diligence (KYC)

We verify the identity of every customer before providing the Exchange Services. We do not operate a simplified or unverified flow.

3.1 Information we collect
At a minimum we collect: full legal name, date of birth, residential address, nationality, and contact details. We require a government-issued photo identification document (passport, driver's licence or national identity card) and a live image of the customer for biometric comparison with the document photo. Where the document does not evidence current address, we ask for a recent proof of address (for example, a utility bill or bank statement).

The methods we use to verify identity are those prescribed by section 105 of the PCMLTFR: the government-issued photo identification method, the credit-file method, or the dual-process method, as appropriate to the case.

In line with the Canadian implementation of CARF (effective 1 January 2026), we also collect the customer's country (or countries) of tax residence and tax-identification numbers. This information may be reported to the Canada Revenue Agency and, through it, exchanged with foreign tax authorities under applicable international agreements.

3.2 Risk-based approach
We assess and document the risk profile of every customer at onboarding. Factors we consider include country of residence, occupation, the source and intended volume of funds, payment methods, and any matches against sanctions, politically-exposed-person ("PEP") or adverse-media lists.

Higher-risk customers — including politically exposed persons, heads of international organisations, their family members and close associates, and customers connected to higher-risk jurisdictions or activities — undergo enhanced due diligence. This includes obtaining senior-management approval before the relationship begins, taking reasonable measures to establish source of funds and source of wealth, and applying more intensive ongoing monitoring.

3.3 Ongoing monitoring and updates
We monitor customer activity for the duration of the relationship. We periodically refresh customer information, and we re-screen customers against sanctions and PEP lists at a frequency calibrated to risk. Where information appears to be out of date, where a material change in customer activity is detected, or where new adverse information comes to light, we may pause activity and ask for updated documentation.

3.4 Beneficial ownership
We accept only natural persons as customers on the Platform. We do not currently onboard legal entities. If this changes, the AML Programme requires identification and verification of beneficial owners to the ultimate natural person, in line with PCMLTFR requirements.

4. Sanctions screening

We screen customers, counterparties, payment instruments and blockchain addresses against sanctions lists maintained or implemented in Canada, including those under the:
- United Nations Act;
- Special Economic Measures Act;
- Justice for Victims of Corrupt Foreign Officials Act (the Sergei Magnitsky Law); and
- the consolidated lists published by Global Affairs Canada and the Office of the Superintendent of Financial Institutions.

We also reference international lists (US OFAC, EU consolidated list, UK OFSI) to inform our risk assessment, and we follow the FATF public statements on high-risk jurisdictions subject to a call for action.

A confirmed sanctions match results in the freezing of the relevant funds or assets, a report to the competent authorities as required by Canadian law, and the closure of the customer relationship.

5. Transaction monitoring and reporting

5.1 Monitoring
Each Order is screened in real time against rules and scenarios designed to detect patterns associated with money laundering, terrorist financing, fraud, sanctions evasion, market manipulation, and use of the Platform to acquire or dispose of the proceeds of crime. The scenarios are reviewed and tuned regularly based on typology updates from FINTRAC, the Egmont Group, the FATF, public enforcement actions and our own experience.

We also use blockchain-analytics tooling to assess risk associated with destination and origin wallet addresses. Addresses linked, in our screening data, to sanctioned entities, darknet markets, ransomware, mixers, scams or fraud are blocked.

5.2 Suspicious Transaction Reports (STRs)
Where we have reasonable grounds to suspect that a transaction or attempted transaction is related to the commission or attempted commission of a money laundering offence or a terrorist activity financing offence, we file a Suspicious Transaction Report with FINTRAC. There is no minimum dollar threshold. The customer is not notified of the filing — Canadian law prohibits tipping off.

5.3 Large Virtual Currency Transaction Reports (LVCTRs)
Where we receive virtual currency in an amount equivalent to CAD 10,000 or more in a single transaction, or two or more amounts totalling CAD 10,000 or more within a 24-hour window made by or for the same person, we file a Large Virtual Currency Transaction Report with FINTRAC within five working days, as required by the PCMLTFR.

5.4 Travel Rule (virtual currency transfers ≥ CAD 1,000)
When we send a virtual currency transfer on a customer's behalf in an amount equivalent to CAD 1,000 or more, we are required by the PCMLTFR to transmit the following information to the receiving entity:
- the customer's name, address and account or reference number; and
- the name, address and (if any) account or reference number of the beneficiary.

When we receive a transfer in an amount equivalent to CAD 1,000 or more on behalf of a customer, we take reasonable measures to ensure the corresponding originator information has been transmitted by the sending entity. Where the information is missing or appears inaccurate, we may delay processing, request the information from the sending entity, return the transfer, or treat the matter as suspicious activity.

Self-hosted (non-custodial) wallets fall outside the strict scope of the Canadian Travel Rule. However, where a transfer involves a self-hosted wallet, we apply additional due diligence: we may ask the customer to confirm ownership of the address, to provide information about the counterparty, and to evidence the source of the funds or assets.

5.5 Other reports
We also file other reports prescribed by the PCMLTFA where the relevant triggers are met, including Terrorist Property Reports in respect of property we have in our possession or control that we know or suspect to be owned or controlled by or on behalf of a terrorist or a terrorist group.

5.6 CARF reporting
In line with the Canadian implementation of CARF (effective 1 January 2026, first annual reporting in 2027), we collect, retain and report to the Canada Revenue Agency information about reportable crypto-asset transactions by reportable users, including the user's name, address, jurisdictions of tax residence, tax-identification numbers, and aggregate gross amounts of relevant transactions during the reporting period. The Canada Revenue Agency may exchange this information with foreign tax authorities under applicable agreements.

6. Record-keeping

We retain records of customer identification, Account activity, Orders, transaction supporting documentation, risk assessments and internal compliance decisions for the period required by the PCMLTFR — at least five years from the later of (a) the date of the last business transaction and (b) the closure of the Account. CARF-related records are retained for the period required by the Income Tax Act and applicable CRA guidance. Where ongoing litigation, investigation or regulatory enquiry requires it, records are retained longer.

7. Restricted Jurisdictions

We do not provide the Exchange Services to persons located in, or ordinarily resident in, the jurisdictions listed at /policies/restricted-jurisdictions. The list reflects, among other things, jurisdictions subject to Canadian sanctions, jurisdictions identified by the FATF as high-risk and subject to a call for action, and jurisdictions where we are not authorised to operate. We update the list to reflect changes in sanctions law, FATF guidance and our risk appetite, and we keep an audited history of the list.

The Exchange Services are also not directed at persons in the United States of America, the United Kingdom or the European Economic Area. Persons in the EEA who approach us on their own exclusive initiative may, exceptionally, be onboarded under the Reverse Solicitation Notice; they remain subject to the same KYC, sanctions-screening and ongoing-monitoring obligations described in this Policy.

8. Multiple Accounts

Customers are entitled to one Account only. If we identify multiple Accounts linked to the same natural person, we will pause activity on all of them, ask the customer to nominate which Account remains active, and close the others. Where multiple Accounts appear to have been opened to evade limits, sanctions screening or our risk appetite, we will close all the Accounts and may file an STR.

9. Documents we may ask for

Depending on the customer's risk profile, the nature of an Order and the amounts involved, we may ask for any of the following:
- a government-issued photo identification document (passport, driver's licence, national identity card);
- a recent proof of address (utility bill, bank statement, lease, government correspondence — generally not older than six months);
- evidence of source of funds and source of wealth, for example payslips, tax returns, sale-of-asset documents, or inheritance or gift documents;
- a photograph of the payment card used (with most of the number masked), and a photograph of the customer holding the card or a handwritten note, where required by the card scheme rules or by our fraud controls;
- a written explanation of the purpose and intended pattern of Orders, where the activity is unusual relative to the customer's profile; and
- a self-certification of tax residence and tax-identification numbers, for CARF purposes.

We accept colour scans or high-resolution photographs. Documents must be unaltered, legible, and within any validity period stated on their face. Edited, redacted or low-quality copies will be rejected and a fresh copy requested.

10. Customer cooperation

By using the Platform you agree to provide truthful and accurate information, to respond to our requests in a reasonable time, and to notify us of material changes to the information you have provided (in particular changes of name, residential address, employment, country of residence, or tax residence).

We may pause an Account, refuse to process an Order, or close the relationship if a customer does not cooperate with reasonable requests, if information provided is inconsistent or appears unreliable, or if the customer's activity falls outside our risk appetite. We are not obliged to disclose the reason for any such decision.

11. Training and culture of compliance

All staff who interact with customers or with transaction data receive AML and sanctions training on joining and at least annually afterwards. Training is tailored to the role and covers Canadian legal requirements, our internal procedures, current typologies, and the consequences of non-compliance for staff personally and for the Company.

12. Independent review

Our AML Programme is subject to an independent effectiveness review at least once every two years, as required by the PCMLTFR. Findings are reported to senior management, and remediation is tracked through to completion.

13. Reporting concerns

If you believe a person is using the Platform for an unlawful purpose, or if you have information about a suspicious transaction on the Platform, write to compliance@nextsolutionscorp.com. We treat all such information confidentially.

14. Contact

Compliance Officer
Next Solutions Corp.
300 Supertest Road, Unit 1
North York, Ontario M3J 2M2
Canada
compliance@nextsolutionscorp.com