Legal

Policy AML

CoreSettle's Anti-Money Laundering policy outlining our commitment to preventing financial crime and maintaining regulatory compliance.

Last updated: January 15, 2026

Introduction

CoreSettle is committed to the highest standards of Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) compliance. This policy sets out the measures we take to prevent, detect, and report money laundering and terrorist financing activities.

All employees, officers, and agents of CoreSettle are required to comply with this policy and the applicable AML/CTF laws and regulations. Failure to comply may result in disciplinary action, including termination of employment, and may expose individuals to criminal liability.

Regulatory Framework

CoreSettle operates under the regulatory oversight of the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) and complies with the following legislation and regulations:

  • Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA)
  • Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTFR)
  • FINTRAC guidance and directives
  • Applicable provincial legislation
  • International standards set by the Financial Action Task Force (FATF)

We maintain registration with FINTRAC as a money services business and submit all required reports and filings in accordance with applicable regulatory timelines.

Know Your Customer

Our Know Your Customer (KYC) program requires identification and verification of all merchants before they are approved to use our payment processing services. KYC procedures include:

  • Collection and verification of business registration documents
  • Identification and verification of beneficial owners holding 25% or more ownership
  • Verification of the identity of authorized signatories and key personnel
  • Screening against sanctions lists, politically exposed persons (PEP) databases, and adverse media sources
  • Assessment of the business model and expected transaction patterns
  • Verification of the physical business address and operational presence

We will not establish a business relationship or process transactions where we are unable to satisfactorily complete our KYC procedures.

Customer Due Diligence

CoreSettle applies a risk-based approach to Customer Due Diligence (CDD). The level of due diligence applied is proportionate to the risk assessment of each merchant:

  • Standard Due Diligence (SDD): Applied to merchants assessed as low to moderate risk, involving standard KYC procedures and periodic reviews
  • Enhanced Due Diligence (EDD): Applied to merchants assessed as higher risk, including those in high-risk industries, jurisdictions, or with complex ownership structures. EDD involves additional documentation requirements, more frequent reviews, and senior management approval
  • Simplified Due Diligence: May be applied in limited circumstances where the risk of money laundering or terrorist financing is demonstrably low, subject to regulatory requirements

Risk assessments consider factors including the merchant's industry, geographic location, transaction volumes and patterns, ownership structure, and any adverse information identified during screening.

Transaction Monitoring

CoreSettle maintains automated transaction monitoring systems that analyze all transactions processed through our platform in real time. Our monitoring systems are designed to detect:

  • Unusual transaction patterns that deviate from a merchant's established baseline
  • Structuring or splitting of transactions to avoid reporting thresholds
  • Transactions involving high-risk jurisdictions identified by FATF or other regulatory bodies
  • Rapid movement of funds that may indicate layering
  • Transactions inconsistent with the merchant's stated business model
  • Patterns associated with known money laundering typologies

Alerts generated by our monitoring systems are reviewed by trained compliance personnel who determine whether further investigation or reporting is required.

Suspicious Activity Reporting

CoreSettle files Suspicious Transaction Reports (STRs) with FINTRAC when there are reasonable grounds to suspect that a transaction or attempted transaction is related to money laundering or terrorist financing.

All employees are trained to recognize indicators of suspicious activity and are required to report any concerns to the Compliance Officer immediately. It is a criminal offence to "tip off" a merchant or any other person that an STR has been or will be filed.

In addition to STRs, we file Large Cash Transaction Reports, Electronic Funds Transfer Reports, and Terrorist Property Reports as required by FINTRAC regulations.

Record Keeping

CoreSettle maintains comprehensive records in accordance with FINTRAC requirements. Records are retained for a minimum of five years from the date of creation or the date of the last transaction, whichever is later.

Records maintained include:

  • KYC documentation and identity verification records
  • Transaction records including date, amount, currency, and parties involved
  • Risk assessments and due diligence findings
  • Suspicious transaction reports and supporting documentation
  • Compliance training records
  • Internal audit reports and remediation actions

Training and Compliance

All CoreSettle employees receive AML/CTF training upon joining the company and on an annual basis thereafter. Training covers:

  • Overview of money laundering and terrorist financing risks
  • Applicable laws, regulations, and CoreSettle policies
  • KYC and CDD requirements and procedures
  • Indicators of suspicious activity and reporting obligations
  • Sanctions compliance and screening procedures
  • Employee responsibilities and consequences of non-compliance

CoreSettle's Chief Compliance Officer is responsible for overseeing the AML program, ensuring regulatory compliance, and serving as the primary point of contact with FINTRAC and other regulatory authorities.

Ongoing Monitoring

Our AML program is subject to ongoing monitoring and periodic review to ensure its effectiveness. This includes:

  • Annual independent review of the AML program by qualified external auditors
  • Regular updates to risk assessments based on emerging threats and typologies
  • Periodic review of transaction monitoring rules and thresholds
  • Ongoing screening of existing merchants against updated sanctions and PEP lists
  • Assessment of the effectiveness of training programs
  • Review of regulatory developments and incorporation of new requirements

Findings from internal and external reviews are reported to senior management and the Board of Directors, with remediation actions tracked to completion.

Contact Information

For questions about this AML Policy or to report suspicious activity, please contact:

Chief Compliance Officer CoreSettle 181 Bay Street, Bay Wellington Tower, Suite 292 Toronto, Ontario M5J 2T3 Email: compliance@coresettle.com