Compliance
AML / CFT Policy
1. Introduction & Legal Framework
Convexo SAS ("Convexo") maintains a robust Anti-Money Laundering (AML) and Counter-Financing of Terrorism (CFT) compliance program in accordance with applicable Colombian law, including Law 526 of 1999, Law 1121 of 2006, SARLAFT (Sistema de Administración del Riesgo de Lavado de Activos y de la Financiación del Terrorismo) regulations issued by the Superintendencia Financiera de Colombia, and the recommendations of the Financial Action Task Force (FATF).
This policy applies to all users, transactions, and operations conducted through the Convexo platform. All users are required to comply with the obligations set forth in this policy as a condition of accessing our services.
Convexo is committed to preventing its platform from being used, directly or indirectly, for the purpose of money laundering, terrorist financing, or any other form of financial crime.
2. Know Your Customer (KYC)
All users must complete a mandatory identity verification process before gaining full access to the Convexo platform. This process includes: submission of a valid government-issued photo identification document (Cédula de Ciudadanía, Cédula de Extranjería, or Passport); submission of a valid RUT (Registro Único Tributario) certificate issued by the DIAN, dated no more than one month prior to registration; and provision of basic personal and business information.
For corporate users, additional documentation may be required, including: certificate of existence and legal representation (Certificado de Existencia y Representación Legal), identity documents of beneficial owners holding 25% or more of the entity, and description of business activities and expected transaction volumes.
Convexo reserves the right to request additional documentation at any time and to refuse or suspend access if verification requirements cannot be satisfied.
3. Customer Due Diligence (CDD)
Convexo applies a risk-based approach to customer due diligence. All customers are assessed at onboarding and periodically thereafter. Risk classification considers factors such as: geographic origin and counterparty locations, nature and volume of expected transactions, source of funds and wealth, industry sector, and politically exposed person (PEP) status.
Enhanced Due Diligence (EDD) is applied to customers classified as higher risk, including PEPs and their close associates, users whose transactions present unusual patterns, and users from jurisdictions identified as high-risk by the FATF. EDD may include additional documentation, senior management approval, and increased monitoring frequency.
Simplified Due Diligence may apply to low-risk users with demonstrably low transaction volumes and exposure, subject to internal compliance review.
4. Transaction Monitoring
Convexo monitors all transactions on the platform on an ongoing basis to detect potentially suspicious activity. Monitoring criteria include, but are not limited to: transactions inconsistent with a user's stated business purpose or profile; unusual transaction volumes, frequencies, or patterns; transactions involving jurisdictions subject to international sanctions; structuring of transactions designed to avoid reporting thresholds; and sudden changes in transaction behavior without a plausible business explanation.
Our compliance team reviews flagged transactions promptly. Where a transaction cannot be satisfactorily explained, Convexo may delay, suspend, or decline the transaction pending further review.
5. Suspicious Activity Reporting
In the event that Convexo identifies a transaction or pattern of behavior that raises reasonable suspicion of money laundering, terrorist financing, or other financial crime, we are legally obligated to file a Suspicious Activity Report (SAR/REPORTE DE OPERACIÓN SOSPECHOSA) with the Unidad de Información y Análisis Financiero (UIAF) of Colombia without notifying the affected user ("tipping off" prohibition).
Our compliance team is trained to identify and escalate suspicious activity. All reports are handled with strict confidentiality in accordance with applicable law.
6. Sanctions Screening
Convexo screens all users and transactions against applicable sanctions lists, including: the OFAC (Office of Foreign Assets Control) Specially Designated Nationals (SDN) list; the UN Security Council consolidated sanctions list; the EU consolidated sanctions list; and the OFAC list of sanctioned countries and regions.
Any user or transaction matching a sanctions entry will be blocked immediately and referred to our compliance team for review. Convexo will not process transactions that would violate applicable sanctions laws under any circumstances.
7. Record Keeping
Convexo retains all KYC documentation, transaction records, due diligence findings, and compliance reports for a minimum of five (5) years from the date of the last transaction or account closure, whichever is later, in accordance with Colombian AML regulations and FATF Recommendation 11.
All records are stored securely and are available to competent authorities upon lawful request.
8. Politically Exposed Persons (PEPs)
Convexo identifies and applies enhanced scrutiny to Politically Exposed Persons (PEPs), defined as individuals who hold or have held prominent public positions, as well as their immediate family members and known close associates.
Onboarding of PEPs requires senior management approval and is subject to Enhanced Due Diligence procedures. PEP status is assessed at registration and monitored on an ongoing basis.
9. Training & Internal Controls
Convexo maintains internal AML/CFT controls including a designated Compliance Officer responsible for the implementation and oversight of this policy, regular staff training on AML/CFT obligations and red flag recognition, and independent periodic reviews of the compliance program.
Employees and contractors are required to report any suspected AML/CFT concerns to the Compliance Officer and are protected from retaliation for making good-faith reports.
10. Contact & Reporting
For compliance-related inquiries, or to report a concern regarding a potential AML/CFT matter, please contact our Compliance team at: compliance@convexo.xyz.
This policy is reviewed and updated at least annually, or whenever there are material changes in applicable law or regulatory guidance.