Anti-Money Laundering Policy

This Anti-Money Laundering and Counter-Terrorist Financing Policy ("AML Policy") sets out the framework, procedures, and commitments of Railon ("Company") to prevent the use of our platform and services for money laundering, terrorist financing, and other financial crimes.

This policy is established in accordance with Mexico's Federal Law for the Prevention and Identification of Transactions with Resources of Illicit Origin (Ley Federal para la Prevención e Identificación de Operaciones con Recursos de Procedencia Ilícita) and applicable international standards including FATF recommendations.

1. Policy Statement

Railon is committed to the highest standards of anti-money laundering (AML) and counter-terrorist financing (CTF) compliance. We will not knowingly facilitate transactions related to the proceeds of criminal activity, terrorist financing, sanctions evasion, or any other financial crime.

As a technology infrastructure provider, Railon's AML/CTF obligations are discharged through a combination of our own compliance program and the licensed financial partners through whom all regulated financial activities are processed. Our partners maintain their own full AML/CTF programs as required by their licenses.

2. Risk-Based Approach

We adopt a risk-based approach to AML/CTF compliance, calibrating our controls to the level of risk presented by each client, transaction, and corridor. Risk factors considered include:

• Geographic risk — jurisdiction of incorporation and operation;
• Business activity and industry sector;
• Ownership and beneficial control structure;
• Transaction volume, frequency, and patterns;
• Source of funds and source of wealth;
• Exposure to politically exposed persons (PEPs).

3. Know Your Customer (KYC) and Know Your Business (KYB)

3.1 Onboarding Verification

All business clients must complete our KYB process prior to accessing the Services. This includes:

• Verification of legal entity registration and good standing;
• Identification and verification of beneficial owners (25%+ ownership threshold);
• Verification of directors and authorized signatories;
• Assessment of business activity, purpose, and revenue sources;
• Screening against global sanctions lists, PEP databases, and adverse media.

3.2 Ongoing Monitoring

KYB verification is not a one-time event. We conduct:

• Periodic re-verification based on risk classification;
• Continuous transaction monitoring for unusual patterns;
• Alert-based review when risk indicators are triggered;
• Annual review for high-risk client relationships.

4. Transaction Monitoring

All transactions processed through Railon's infrastructure are subject to automated monitoring for indicators of suspicious activity, including:

• Transactions inconsistent with the client's stated business profile;
• Unusual transaction volumes or frequencies;
• Round-number or structured transactions designed to avoid reporting thresholds;
• Transactions involving high-risk jurisdictions;
• Rapid movement of funds with no apparent business purpose;
• Transactions matching known typologies of money laundering or fraud.

5. Sanctions Screening

All clients, beneficial owners, and transaction counterparties are screened against applicable sanctions lists at onboarding and on an ongoing basis, including:

• OFAC (Office of Foreign Assets Control) — SDN and other lists;
• UN Security Council Consolidated Sanctions List;
• EU Consolidated Sanctions List;
• Mexico's UIF designated persons list;
• Other applicable national and international lists.

Any match or potential match triggers an immediate review process. Transactions involving sanctioned parties are blocked.

6. Risk Classification

Clients are assigned a risk classification (Standard, Enhanced, or Declined) based on the outcome of KYB assessment and ongoing monitoring. Enhanced due diligence applies to clients classified as higher risk, including those with complex ownership structures, PEP connections, or operations in higher-risk jurisdictions.

7. Suspicious Activity Reporting

Where suspicious activity is identified, Railon and its licensed financial partners fulfill their respective reporting obligations under applicable law, including filing Suspicious Activity Reports (SAR) or equivalent reports with competent authorities as required. Client tipping-off restrictions apply in all cases.

8. Record Keeping

We maintain records of all KYC/KYB documentation, transaction records, and compliance decisions for a minimum of five (5) years as required under Mexican AML law, and longer where required by our licensed financial partners' regulatory obligations.

9. Staff Training

All Railon personnel with compliance responsibilities receive regular training on AML/CTF obligations, typologies, and procedures. Training is updated in line with regulatory developments.

10. Prohibited Activities

Railon will not onboard or continue to service clients whose business activities include:

• Unlicensed money service businesses;
• Shell companies with no legitimate business purpose;
• Activities prohibited by applicable law in the operating jurisdiction;
• Any activity designated as prohibited by our licensed financial partners.

11. Contact

For AML compliance inquiries or to report concerns, contact: info@railon.com.mx