Anti-Money Laundering (AML), OFAC Sanctions, & Know Your Customer (KYC) Compliance Policy
Anti-Money Laundering (AML), OFAC Sanctions, & Know Your Customer (KYC) Compliance Policy
1. Introduction
Nook Savings App (“Nook”) is a decentralized, self-custody digital asset wallet that enables users to interact directly with blockchain networks. Although Nook does not take custody of user assets, we are committed to supporting compliance with applicable anti-money laundering (AML), counter-terrorism financing (CTF), and sanctions regulations, including those of the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC).
2. Regulatory Scope
This policy is designed in accordance with:
The Bank Secrecy Act (BSA)
USA PATRIOT Act
OFAC Sanctions Programs
Financial Action Task Force (FATF) guidelines
FinCEN guidance for convertible virtual currency and self-hosted wallets
3. AML/CTF Framework
3.1
Risk-Based Approach
We assess and mitigate risks based on:
Geographic exposure
Nature of blockchain transactions
Type of on/off-ramp integrations (e.g., fiat onramps via Plaid or Stripe)
Volume and velocity of transfers
Interaction with DeFi protocols and smart contracts
3.2
Transaction Monitoring
While Nook does not control or process transactions, we implement:
Integration with on-chain analytics tools (e.g., Chainalysis or TRM Labs) to flag wallet addresses tied to known illicit activity.
Heuristics to identify high-risk behaviors (e.g., mixers, high-volume bridging).
4. OFAC Sanctions Compliance
4.1
Blocked Address Screening
Nook screens addresses interacting with the application (via APIs or UI) against OFAC’s SDN (Specially Designated Nationals) list and other restricted party lists using third-party tools.
4.2
Geolocation & IP Blocking
We restrict access to users located in OFAC-sanctioned jurisdictions using:
IP geofencing
VPN detection heuristics
5. Know Your Customer (KYC) Policy
While Nook does not require identity verification to use the wallet core, KYC is enforced under specific conditions:
5.1
Conditional KYC Triggers
Fiat on/off ramp usage (via integrated providers)
Elevated transaction limits
Linking to centralized services
Participation in specific Nook rewards, airdrops, or staking programs
5.2
KYC Procedure
Where triggered, users must provide:
Government-issued ID
Proof of address
Selfie liveness check
KYC verification is conducted via a regulated identity provider (e.g., Persona, Jumio).
6. Recordkeeping
Transaction metadata (e.g., wallet address, timestamp, IP) is stored in encrypted logs for a minimum of 5 years, where applicable.
KYC records, when collected, are securely retained for at least 5 years post-relationship termination.
7. Reporting Obligations
Nook cooperates with law enforcement and may file suspicious activity reports (SARs) in coordination with compliance partners and on-ramp providers when required.
8. Internal Controls & Training
All staff undergo AML/CTF training annually.
We designate a Compliance Officer responsible for policy oversight, audits, and regulatory correspondence.
9. Policy Review
This policy is reviewed and updated at least annually, or as required by regulatory changes.
1. Introduction
Nook Savings App (“Nook”) is a decentralized, self-custody digital asset wallet that enables users to interact directly with blockchain networks. Although Nook does not take custody of user assets, we are committed to supporting compliance with applicable anti-money laundering (AML), counter-terrorism financing (CTF), and sanctions regulations, including those of the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC).
2. Regulatory Scope
This policy is designed in accordance with:
The Bank Secrecy Act (BSA)
USA PATRIOT Act
OFAC Sanctions Programs
Financial Action Task Force (FATF) guidelines
FinCEN guidance for convertible virtual currency and self-hosted wallets
3. AML/CTF Framework
3.1
Risk-Based Approach
We assess and mitigate risks based on:
Geographic exposure
Nature of blockchain transactions
Type of on/off-ramp integrations (e.g., fiat onramps via Plaid or Stripe)
Volume and velocity of transfers
Interaction with DeFi protocols and smart contracts
3.2
Transaction Monitoring
While Nook does not control or process transactions, we implement:
Integration with on-chain analytics tools (e.g., Chainalysis or TRM Labs) to flag wallet addresses tied to known illicit activity.
Heuristics to identify high-risk behaviors (e.g., mixers, high-volume bridging).
4. OFAC Sanctions Compliance
4.1
Blocked Address Screening
Nook screens addresses interacting with the application (via APIs or UI) against OFAC’s SDN (Specially Designated Nationals) list and other restricted party lists using third-party tools.
4.2
Geolocation & IP Blocking
We restrict access to users located in OFAC-sanctioned jurisdictions using:
IP geofencing
VPN detection heuristics
5. Know Your Customer (KYC) Policy
While Nook does not require identity verification to use the wallet core, KYC is enforced under specific conditions:
5.1
Conditional KYC Triggers
Fiat on/off ramp usage (via integrated providers)
Elevated transaction limits
Linking to centralized services
Participation in specific Nook rewards, airdrops, or staking programs
5.2
KYC Procedure
Where triggered, users must provide:
Government-issued ID
Proof of address
Selfie liveness check
KYC verification is conducted via a regulated identity provider (e.g., Persona, Jumio).
6. Recordkeeping
Transaction metadata (e.g., wallet address, timestamp, IP) is stored in encrypted logs for a minimum of 5 years, where applicable.
KYC records, when collected, are securely retained for at least 5 years post-relationship termination.
7. Reporting Obligations
Nook cooperates with law enforcement and may file suspicious activity reports (SARs) in coordination with compliance partners and on-ramp providers when required.
8. Internal Controls & Training
All staff undergo AML/CTF training annually.
We designate a Compliance Officer responsible for policy oversight, audits, and regulatory correspondence.
9. Policy Review
This policy is reviewed and updated at least annually, or as required by regulatory changes.
