Effective Date: June 2, 2025
Applies to: mycashless Inc. and its subsidiaries
- Purpose
This AML Policy outlines the measures taken by mycashless to prevent its services from being used for money laundering, terrorist financing, or other financial crimes. It aims to ensure compliance with applicable laws and regulations in jurisdictions where mycashless operates, including but not limited to the U.S., Mexico, Brazil, and Spain.
- Scope
This policy applies to all products and services offered by mycashless, including:
• In-app credit top-ups and NFC card transactions
• Ticketing and access control payments
• Refund processes
• Reseller and partner payment flows
- Regulatory Framework
mycashless complies with relevant AML laws and guidelines including:
• The USA PATRIOT Act and FinCEN regulations (USA)
• Ley Federal para la Prevención e Identificación de Operaciones con Recursos de Procedencia Ilícita (Mexico)
• EU AML Directives (Spain)
• Lei nº 9.613/1998 and COAF guidelines (Brazil)
- Risk-Based Approach
We adopt a risk-based approach to AML, assessing and managing the risks based on:
• Geographic location
• Transaction volume and frequency
• Type of customer (event organizers, resellers, end-users)
• Payment method (e.g., credit cards, bank transfers)
- Know Your Customer (KYC)
mycashless ensures identification and verification of key clients (event organizers and partners) via:
• Collection of official identification and legal entity documents
• Validation of tax and banking information
• Ongoing monitoring of business activity and contract performance
Note: End-users topping up balances in the app are subject to transaction limits that reduce AML risk. Higher-value transactions may trigger additional checks.
- Monitoring and Reporting
mycashless monitors for suspicious activities including:
• Large or irregular transactions
• Rapid reversal and refund activity
• Activity inconsistent with user behavior
Suspicious activity is documented and may be reported to relevant authorities (e.g., FinCEN, UIF Mexico, COAF Brazil) in accordance with jurisdictional requirements.
- Third-Party Processors
mycashless partners with regulated third-party processors (e.g., Stripe) that are PCI DSS compliant and have their own AML procedures. mycashless monitors its partners’ performance and ensures contractual obligations include AML compliance.
- Training and Awareness
All relevant employees receive regular training on:
• AML regulations and company obligations
• Identifying and reporting suspicious behavior
• Handling user data securely
- Record Keeping
mycashless maintains transaction and user identification records for at least 5 years or as required by law.
- Policy Review
This policy is reviewed annually and updated based on changes in law, business model, or risk exposure.
