Legal

Financial Crime Risk Appetite Statement

Last updated: May 2026

Our commitment

Black Stripe exists to make global payments faster, more accessible, and more transparent for businesses. We take seriously the responsibility that comes with operating in the financial services industry. Protecting the integrity of the financial system, the businesses we serve, and the communities in which we operate is not a compliance obligation we fulfil reluctantly - it is a core part of how we do business.

We have zero tolerance for knowingly facilitating financial crime of any kind. This statement sets out, plainly and publicly, where we stand.

What we will not do

There are certain activities and relationships that fall entirely outside what Black Stripe is prepared to accept, regardless of the commercial opportunity they may represent. We do not make exceptions to these positions.

We will not process payments connected to:

  • Money laundering, terrorist financing, or the financing of proliferation of weapons of mass destruction;
  • Sanctions evasion or transactions involving individuals, entities, or jurisdictions subject to sanctions administered by the United Nations, the United States Office of Foreign Assets Control ("OFAC"), the United Kingdom Office of Financial Sanctions Implementation ("OFSI"), Canada's Office of the Superintendent of Financial Institutions ("OSFI"), the European Union, or any other applicable sanctions authority;
  • Fraud, identity theft, or any scheme designed to deceive financial institutions, regulators, or end-users;
  • The proceeds of any criminal activity, including drug trafficking, human trafficking, modern slavery, cybercrime, or corruption;
  • Child exploitation or any activity that causes harm to minors; or
  • Bribery, corruption, or the facilitation of tax evasion.

We will not onboard or maintain relationships with:

  • Individuals or entities on international sanctions or watchlists;
  • Anonymous or undisclosed beneficial owners where we cannot verify who ultimately controls the business;
  • Businesses that operate without the licences or regulatory permissions required in their jurisdiction;
  • Shell companies or structures that exist solely to obscure the true ownership of funds;
  • Clients who are unwilling or unable to provide the information we need to understand the nature of their business and transactions; or
  • Anyone we have reasonable grounds to suspect is involved in financial crime, regardless of whether that suspicion can be conclusively proven.

How we manage financial crime risk

We apply a risk-based approach to everything we do. This means that the level of scrutiny we apply to any client, transaction, or business relationship is proportionate to the risks it presents. Not every client or transaction carries the same risk, and we do not treat them as if they do.

Knowing our clients

Before we onboard any business, we verify who they are, who owns and controls them, and what they do. We use Sumsub, an industry-recognised identity verification and KYC platform, to carry out identity checks, sanctions screening, adverse media checks, and politically exposed person ("PEP") assessments on all clients and their key principals. We do not allow any transactions until this process is complete.

Ongoing monitoring

Our relationship with clients does not end at onboarding. We continuously monitor transaction activity across our platform to identify patterns or behaviours that are inconsistent with what we know about a client's business. We use automated monitoring tools alongside manual review, and we revisit our risk assessment of clients regularly, annually for higher-risk relationships, and at least every two to three years for others.

Sanctions screening

We screen all clients, transactions, counterparties, and beneficiaries against applicable sanctions lists at onboarding and at the point of each transaction. Where a potential match is identified, no funds are moved until the match has been assessed and either resolved or confirmed. Confirmed matches result in immediate freezing of funds and reporting to the relevant authorities.

Reporting

We report to the Financial Transactions and Reports Analysis Centre of Canada ("FINTRAC") in accordance with our obligations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act ("PCMLTFA"). Where we identify or suspect financial crime, we file Suspicious Transaction Reports ("STRs") or Attempted Suspicious Transaction Reports ("ASTRs") as required. We cooperate fully with law enforcement, regulatory authorities, and financial intelligence agencies when lawfully requested to do so.

Our people

Every member of the Black Stripe team receives training on financial crime risks, our obligations, and what to do if they identify something suspicious. Our Compliance Officer, Vitan Vitanov, holds responsibility for overseeing our financial crime framework day to day. Our Chief Executive, Terence Cave, holds senior accountability for compliance at board level.

Who we work with

Black Stripe serves both businesses and individual clients. Our business clients use our platform to manage payments, process digital assets, and move money across borders. Our individual clients access our services directly for personal payment and currency needs. In many cases we also work with businesses whose own customers, whether businesses or individuals, are the ultimate end-users of the services our platform enables.

Because we can be one step removed from those end-users, we take our responsibilities as a financial intermediary seriously across all client types.

For individual clients, we verify identity, address, and where relevant, source of funds before any transactions are permitted. For business clients, we verify the entity, its ownership structure, and its key principals to the same standard. Where a business client is itself a regulated financial services business or payment provider, we additionally require evidence of their regulatory status and compliance framework before and during our relationship with them.

We apply enhanced scrutiny to any client, whether an individual or a business, who operates in higher-risk sectors or jurisdictions, whose transaction patterns are inconsistent with what we know about them, or whose responses to our questions give us reason to look more closely. Where enhanced due diligence does not give us sufficient comfort, we will not proceed with or will exit the relationship.

High-risk jurisdictions and sanctions

Black Stripe does not conduct business with or process payments to or from jurisdictions that are subject to comprehensive international sanctions, or that have been identified as presenting unacceptable money laundering or terrorist financing risks by the Financial Action Task Force ("FATF") or applicable Canadian ministerial directives.

In line with ministerial directives currently in force, Black Stripe treats all transactions connected to North Korea, Iran, and Russia as high-risk and applies enhanced scrutiny accordingly. In practice, Black Stripe does not accept or send payments in North Korean Won, Iranian Rial, or Russian Rouble, and does not facilitate transactions originating from or destined for these jurisdictions.

Our Country Acceptance Policy, maintained internally and reviewed regularly, sets out the full list of jurisdictions in which we will and will not operate.

Restricted and prohibited activities

Not all business types or transaction types are appropriate for our platform. Our Business Client Acceptance Policy sets out in full the categories of business that we will not serve and those that we will only serve under strict conditions and with enhanced due diligence. These lists are reviewed and updated regularly as our business evolves and as the risk landscape changes.

As a general principle, Black Stripe does not serve businesses involved in unlicensed gambling, unlicensed financial services, adult content, weapons, drugs, counterfeit goods, multi-level marketing schemes, or any business whose primary purpose is to obscure the origin or destination of funds.

Where a business operates across multiple sectors, including some that fall into higher-risk categories, we consider the overall risk profile of the business as a whole rather than applying a blanket prohibition. In these cases, enhanced due diligence and ongoing monitoring are conditions of the relationship, not optional extras.

If something goes wrong

We are a growing business, and we recognise that no compliance programme eliminates risk entirely. What matters is how we respond when something unexpected happens.

If we identify a compliance failure, we investigate promptly, take corrective action, and where appropriate, make voluntary disclosures to FINTRAC. We do not wait to be told. If we receive a report from an employee or a third party about suspected financial crime through our platform, we take it seriously and we act on it. Our whistleblowing channel is open to anyone who has a concern: whistleblow@blackstripe.io. We will never retaliate against anyone who raises a genuine concern in good faith.