1. AML commitment
BlueLock adopts strict policies to prevent money laundering (AML) and terrorism financing (CFT), in compliance with Law 9.613/1998, BCB Resolution 119/2021 (Brazil), and Geldwäschereigesetz (GwG, Switzerland). Operations are monitored in real time by automated systems and reviewed by a human compliance officer. Monitoring covers deposits, withdrawals, FX, transfers, CDB contracting and liquidation, and monthly APY yield credits.
2. KYC — Client identification
All KYC is performed via Web App (browser), with no native iOS or Android app. Before opening an account, we validate identity via: (a) official photo ID (RG or passport) — photographed via the browser camera; (b) active CPF in good standing with the Receita; (c) proof of address from the last 90 days; (d) video selfie for liveness detection, captured via the browser camera over WebRTC. Identity is revalidated every 5 years or when the usage profile changes significantly. Reopening a closed account requires a full new KYC.
3. PEPs and close associates
Politically Exposed Persons (PEPs) and their close family undergo Enhanced Due Diligence before approval: confirmation of fund origin, public press review, approval by two senior compliance officers. Foreign PEPs receive additional review via the FINMA-regulated Swiss partner bank. PEPs may be limited in terms of contractable CDB volume and in access to FX operations above CHF 50,000 without prior review.
4. Source of funds
For cumulative deposits above R$ 50,000/month (or CHF equivalent), we require proof of fund origin: payslip, service contract, IRPF declaration, asset sale contract. For operations above CHF 100,000, additional proof + Swiss review. APY yield credited monthly by BlueLock and CDB liquidation at maturity are treated as known internal origin and require no new proof of source — the counterparty was already validated when the principal was deposited.
5. Sanctioned countries
We don't operate with residents or nationals of: Afghanistan, Belarus, Crimea, Cuba, Iran, North Korea, Russia (post-2022 sanctions), Venezuela, Yemen, Donetsk/Luhansk regions. List updated per OFAC, UN, EU, and Swiss SECO.
6. Transaction monitoring
Automated system monitors 100% of operations 24/7, including: deposits, withdrawals (subject to the progressive withdrawal schedule), FX, SEPA/SWIFT/SIX/Pix transfers, CDB contracting and liquidation. Manual review triggers: (a) operation above R$ 50,000 with a new third party; (b) pattern of operations at atypical times; (c) operations in sequence without clear economic rationale; (d) COAF alert list; (e) repeated withdrawal attempts above the fraction released by the progressive schedule (smurfing test). Monthly APY yield credit and CDB liquidation at maturity are expected operational patterns and do not generate an alert per se — they are monitored as predictable counterparties, and deviations (frequency, amount outside the principal-expected range) may generate an internal accounting-integrity alert. Each alert generates an internal SAR (Suspicious Activity Report).
7. COAF reporting
Suspicious operations are reported to COAF (Council for Financial Activity Control) under BCB Resolution 119/2021. In parallel, we report to Swiss MROS (Money Laundering Reporting Office) when there's a CHF nexus, including movements over the free balance, CDB, or yield credits. The client is not informed of the report (tipping-off is a crime).
8. Refusal and blocking
We may refuse account opening, block an operation, or close an account unilaterally when: (a) client doesn't respond to Enhanced Due Diligence requests; (b) COAF/MROS reporting is in progress; (c) a sanction applies; (d) client appears on international sanctions lists; (e) there is strong evidence of misuse of the CDB or the progressive withdrawal schedule to fragment amounts (smurfing). Client receives an explanation where legally permitted. On closure, the balance and CDB rules in Terms of Use clause 13 apply.
9. Training and culture
All staff who interact with clients or financial operations go through: (a) mandatory annual AML/KYC training; (b) CAMS certification for compliance officers; (c) monthly regulatory updates. BlueLock culture: reasonable doubt = escalation to compliance, without friction.
10. Updates
This policy is reviewed annually or when there is a significant regulatory change, including evolution of the APY yield product, the CDB, or the progressive withdrawal schedule. Current version: 1.4. Last revision: May 19, 2026. Changes don't apply retroactively to already-approved operations, but apply to future operations.