Get Started
Contact Us

AML/KYC POLICY

Anti-Money Laundering & Know Your Customer Policy

EnterPayment OÜ, trading as EnterPay
Registry Code: 17391111, Estonia
Effective: February 2026 | Version 1.0 | Reviewed annually

1. INTRODUCTION

EnterPayment OÜ, trading as EnterPay (Registry Code: 17391111, registered in Estonia), operates a cryptocurrency payment facilitation platform that enables merchants to accept digital asset payments with settlement in fiat currency.

We take our obligations to prevent financial crime seriously. This policy sets out our approach to anti-money laundering (AML), counter-terrorist financing (CTF), and know your customer (KYC) compliance. It applies to our platform, our merchant relationships, and all activities carried out through EnterPay services.

This policy is reviewed annually and updated to reflect changes in law, regulatory guidance, and our business activities.


2. OUR COMMITMENT

EnterPay is committed to:

– Preventing our platform from being used for money laundering, terrorist financing, fraud, sanctions evasion, or other financial crime;
– Complying with all applicable AML/CTF laws and regulations in the jurisdictions in which we operate;
– Co-operating fully with competent authorities, regulators, and law enforcement agencies;
– Applying a risk-based approach to compliance — focusing resources and controls where the risk is greatest;
– Maintaining a culture of compliance across our organisation.

EnterPay has appointed a Money Laundering Reporting Officer (MLRO) who is responsible for overseeing our AML/KYC compliance programme and serving as the primary point of contact for all regulatory and compliance matters.


3. REGULATORY FRAMEWORK

Our AML/KYC programme is designed to be consistent with the following laws and standards:

Estonia & European Union

– RahaPTS — Estonian Anti-Money Laundering and Counter-Terrorist Financing Prevention Act, which transposes EU 4AMLD, 5AMLD, and 6AMLD into Estonian law;
– MiCA — EU Markets in Crypto-Assets Regulation, applicable from 30 December 2024;
– GDPR — EU General Data Protection Regulation, governing how we handle personal data collected during KYC processes.

UAE / Dubai

– Federal Decree-Law No. 20 of 2018 on Anti-Money Laundering and Combating Terrorism Financing;
– Applicable regulations issued by CBUAE, DFSA, and VARA.

International Standards

– FATF Recommendations — in particular R.10 (Customer Due Diligence), R.15 (Virtual Assets), R.16 (Travel Rule), and R.20 (Suspicious Transaction Reporting).


4. HOW OUR PLATFORM WORKS

EnterPay is a technology platform. We do not hold, custody, exchange, or transmit funds or digital assets on our own account. When a customer makes a crypto payment at a merchant terminal, the transaction is processed by our licensed and regulated financial partners — the entities that hold the appropriate payment institution, virtual asset service provider (VASP), or equivalent licences.

Our regulated financial partners are primarily responsible for end-customer KYC, transaction monitoring, and suspicious activity reporting in respect of payment flows. EnterPay is primarily responsible for merchant onboarding (Know Your Business / KYB) and operates an additional, risk-based identity verification layer at the terminal through our integration with Didit (didit.me).

Both layers of compliance apply: our partners perform KYC on end customers under their own regulatory obligations, and EnterPay independently verifies merchant identities and, where required, triggers identity checks at the point of payment.


5. MERCHANT ONBOARDING & KNOW YOUR BUSINESS (KYB)

Before any merchant is permitted to use the EnterPay platform, we conduct Know Your Business (KYB) due diligence. We will not onboard a merchant unless we are satisfied that the business is legitimate and compliant with our requirements.

What we verify

– Business identity: certificate of incorporation, business registration details, and trading name;
– Beneficial ownership: identity of all natural persons who ultimately own or control 25% or more of the business;
– Directors and officers: government-issued identity documents for all directors;
– Business address: current proof of business address;
– Business activity: description of the merchant’s business, customer base, and sector;
– Applicable licences: any regulatory or trading licences relevant to the merchant’s sector.

Screening

All merchants and their beneficial owners are screened against:

– International sanctions lists (OFAC, EU Consolidated List, UN Consolidated List, UK HM Treasury, UAE sanctions lists);
– Politically Exposed Person (PEP) databases;
– Adverse media and regulatory enforcement databases.

Ongoing monitoring

Merchant relationships are not a one-time check. We conduct periodic reviews of all active merchants, re-screen against current sanctions and PEP lists, and update risk profiles when new information comes to light. Merchants are required to notify us promptly of any material changes to their business, ownership, or legal status.

Risk-based approach

Merchants are assigned a risk rating at onboarding. Higher-risk merchants — for example, businesses in luxury sectors, high-value transaction environments, or jurisdictions subject to enhanced monitoring — are subject to additional due diligence and more frequent review.


6. CUSTOMER IDENTITY VERIFICATION (KYC)

EnterPay provides merchants with the ability to activate identity verification at the terminal for their customers, powered by Didit (didit.me) — an ISO 27001-certified, GDPR-compliant identity verification platform.

When KYC may be required at the terminal
Depending on the merchant’s configuration, sector, or the jurisdiction of the customer, a KYC check may be triggered at the point of payment. This may occur in the following circumstances:

– The customer is from a country subject to enhanced due diligence requirements;
– The merchant operates in a sector that requires customer identity verification (e.g. high-value retail, luxury hospitality);
– The transaction value exceeds a configured threshold;
– The merchant has elected to require identity verification for all customers.

What the verification involves
Where a KYC check is triggered, customers will be asked to:

– Present a valid government-issued identity document (passport, national ID card, or driving licence);
– Complete a brief biometric liveness check to confirm the person presenting the document is live and present.

The verification is processed by Didit in under 4 seconds. Results are logged securely and are accessible to the merchant and to EnterPay’s compliance team.

Your rights as a customer
We are required by law to conduct these checks in certain circumstances. If you decline to provide the information requested, the transaction may not be able to proceed. You have rights in respect of your personal data under GDPR — please see our Privacy Policy for details.

In all cases, our regulated financial partners also conduct their own independent KYC processes on customers as part of the payment flow, under their respective regulatory licences. EnterPay’s terminal verification is an additional, complementary layer.


7. SANCTIONS SCREENING

EnterPay is committed to full compliance with all applicable international sanctions regimes. We will not process any transaction, or maintain any business relationship, that would breach applicable sanctions laws.

Applicable sanctions regimes

– OFAC (U.S.) — Office of Foreign Assets Control Specially Designated Nationals list;
– EU Consolidated List — European Union financial sanctions;
– UN Consolidated List — United Nations Security Council sanctions;
– UK HM Treasury — UK financial sanctions list;
– UAE — UAE Ministry of Foreign Affairs local sanctions list;
– FATF — High-risk and other monitored jurisdictions lists.

How we screen
All merchants and their beneficial owners are screened at onboarding and on an ongoing basis. Where our Didit integration is active at the terminal, end-customers are also screened against sanctions and PEP databases as part of the identity verification process. Our regulated financial partners independently screen all payment counterparties and wallet addresses as part of their own transaction monitoring obligations.

Prohibited jurisdictions
EnterPay does not onboard merchants operating in, or process transactions involving, jurisdictions subject to comprehensive OFAC, EU, or UN sanctions, or jurisdictions listed by FATF as high-risk without adequate mitigation.

Any potential sanctions match identified during screening is immediately escalated to our MLRO for review. If confirmed as a true match, the relevant transaction or relationship is blocked and, where required, reported to the competent authority.


8. TRANSACTION MONITORING & FRAUD PREVENTION

EnterPay and its regulated financial partners operate a layered transaction monitoring framework designed to detect and prevent money laundering, terrorist financing, and fraud.

Our regulated partners are responsible for real-time blockchain analytics and on-chain transaction risk scoring, screening of wallet addresses against sanctions databases and known high-risk sources, FATF Travel Rule compliance for qualifying crypto transfers, detection of layering, structuring, and other money laundering typologies, and filing of Suspicious Transaction Reports (STRs) with the relevant Financial Intelligence Unit (FIU).

We monitor transaction patterns and merchant activity across our platform for red flags, including unusual transaction volumes, transactions inconsistent with a merchant’s declared business, and patterns indicative of structuring or fraud. Any concerns identified are escalated to our MLRO for review.

Our Didit integration includes active fraud prevention measures including biometric liveness detection (iBeta Level 1 certified, resistant to deepfakes and spoofing), document tampering detection, and a reusable KYC system that flags previously identified fraudulent identities.


9. SUSPICIOUS ACTIVITY REPORTING

EnterPay operates an internal suspicious activity escalation process. Any person within our organisation who knows or suspects that a customer, merchant, or transaction involves money laundering, terrorist financing, or sanctions evasion is required to report this immediately to our MLRO.

Where an investigation concludes that a suspicion is founded, a Suspicious Activity Report (SAR) or Suspicious Transaction Report (STR) will be filed with the relevant Financial Intelligence Unit — in Estonia, the Financial Intelligence Unit (RAB); in the UAE, the UAE Financial Intelligence Unit.

We are legally prohibited from informing any person that a SAR has been filed, or that they are the subject of a suspicious activity investigation. Disclosure of this information is a criminal offence under Estonian law and UAE law.


10. PROHIBITED ACTIVITIES & MERCHANTS

EnterPay will not provide services to merchants or individuals engaged in the following activities:

– Unlicensed gambling or online gaming;
– Weapons, firearms, or ammunition dealing;
– Adult entertainment or sexually explicit content;
– Narcotics, controlled substances, or drug-related products;
– Counterfeit goods or intellectual property infringement;
– Shell companies with no identifiable beneficial owner;
– Any entity or individual subject to international sanctions;
– Businesses operating in comprehensively sanctioned jurisdictions;
– Pyramid schemes, multi-level marketing, or unlicensed investment solicitation;
– Any activity that is illegal in the jurisdiction of operation.

Merchants found to be engaged in prohibited activities will have their accounts suspended immediately and may be reported to the relevant authorities.


11. RECORD KEEPING

We retain records required for AML/KYC purposes in accordance with applicable law. As a minimum:

– Merchant KYB files — retained for 5 years from the date of termination of the merchant relationship;
– Transaction records — retained for 5 years from the date of the transaction;
– KYC verification records — retained for 5 years;
– SAR/STR records — retained confidentially by our MLRO for 5 years.

All records are stored securely in compliance with GDPR. See our Privacy Policy for full details of how we handle personal data.


12. TRAINING & AWARENESS

All EnterPay personnel with responsibilities that touch AML/KYC, merchant onboarding, or platform operations complete AML awareness training on joining and annually thereafter. Training covers the recognition of money laundering and terrorist financing red flags, our internal escalation procedures, and our sanctions compliance obligations.

Records of training completion are maintained by our MLRO. No person assumes AML-related responsibilities before completing the relevant training.


13. QUESTIONS & CONTACT

If you have questions about this policy, wish to report a concern, or need to contact our compliance team, please get in touch:

Compliance Team
EnterPayment OÜ
Rahumäe tee 6b-67, Kristiine, Tallinn 13415, Estonia
Email: compliance@enterpay.com

This policy was last updated in 27th of February 2026. EnterPayment OÜ reserves the right to amend this policy at any time.

EnterPay provides seamless crypto payment solutions for hospitality and entertainment venues. Fast, secure, and compliant – designed to attract the next generation of guests and high‑spending customers.

Support

Legal

© 2025 EnterPayment OÜ. All rights reserved.