TROPIC GATEWAY SOLUTION S.A

11.07.2024

1. Regulatory Landscape

We understand that regulatory bodies have taken a diverse approach to the laws and regulations regarding Digital Assets, including some characterizing or defining Digital Assets as convertible virtual currency. We believe that all Digital Assets available on the Platform are an innovative alternative asset class; therefore, Digital Assets should not be called currency or money. Moreover, Panama's constitutional framework provides a foundational context for understanding how virtual assets might be governed within the country. Article 18 of the Panamanian Constitution articulates a fundamental principle concerning the legality of actions by private individuals and public officials, setting the stage for a broad interpretation of permissible activities unless explicitly restricted by law.

Principle of Legality: This principle is crucial in governing how authorities and individuals operate within Panama. For private individuals and also for Panamanian Legal Entities, there is a wide latitude to engage in activities not specifically prohibited by law, which inherently includes transactions and operations involving virtual assets. For public authorities, however, actions must be explicitly authorized by law, ensuring a restrained and defined scope of governmental power.

Responsibility and Accountability: The Constitution makes a clear distinction between the responsibilities of private individuals and public officers. Private persons are accountable to the authorities only for violations of the constitution or laws, whereas public officers are also accountable for exceeding their authority or failing in their duties. This distinction is vital in the context of regulatory enforcement and compliance in the burgeoning sector of virtual assets.

Principle of Territoriality: Article 3 extends constitutional principles to the entire territory of Panama, which includes the land, territorial sea, submarine shelf, subsoil, and airspace. This comprehensive territorial jurisdiction implies that any regulation or legal framework concerning virtual assets would apply uniformly across all these domains, affecting how virtual assets are managed, traded, and stored within the national boundaries.

Regulatory Scope and Enforcement: Given the constitutional backing for activities not expressly prohibited, Panama provides a flexible regulatory environment for virtual assets. Even though there is no specific regulation, Panama's approach is very flexible, allowing it to perfectly and legally operate crypto-related activities in and from the country.

Legal Framework Development: The constitutional principles provide a basis for the development of future legislation specifically targeted at virtual assets. Lawmakers are guided by these principles to ensure that any new laws are clearly defined and provide explicit guidelines for both individuals and authorities involved with virtual assets.

Territorial Integrity and Legal Jurisdiction: The principle of territoriality ensures that any laws passed concerning virtual assets have national applicability, potentially simplifying the legal landscape but also imposing uniform regulations that might affect international transactions involving virtual assets.

Disclosure: Digital Assets are not fiat money nor fiat currency. Digital Assets are NOT backed by any government or central bank. We may at times have opinions of the different regulatory approaches taken by various government bodies; however, at all times, we will fully abide by the rules and regulations of the respective countries we operate in. We regularly communicate with regulators and the industry on the best approach to regulating digital asset businesses. Furthermore, Tropic Gateway Solution S.A. does not accept certain customers. We may not make all of the Services available in all markets and jurisdictions and may restrict or prohibit the use of all or a portion of the Services from Restricted Locations.

We cooperate with governments respect regulations and comply with applicable regulations. As good corporate citizens, we may be asked for information from law enforcement authorities and will assist if permissible by law as law enforcement conducts investigations to pursue and thwart illicit activity. What this also means is that Tropic Gateway Solution S.A. Platform is intended for law abiding customers. We welcome the opportunity to earn your business, and in return, we require that you act legally and properly on Tropic Gateway Solution S.A.

2. Our AML/CTF program

We have designed our Program to reasonably prevent money laundering and terrorist financing through a risk-based, multi-layer control system.

The first layer includes a stringent customer identification program, including verifying the identity of our customers, whether individuals or entities. In addition to obtaining identification documents, we obtain for non-natural persons their entities' beneficial owners/natural persons consistent to international standards such as the Financial Action Task Force (FATF).

The second layer includes a risk-based system to warrant additional customer due diligence. To accomplish this, we screen our customers (including beneficial owners) against the entities/persons on United States Office of Foreign Assets Control (OFAC) Sanctions Lists, and the United Nations Security Council Sanctions List, among other government-provided lists of sanctioned individuals and entities. We also may screen against other lists on a discretionary basis to protect our reputation and customers.

The third layer includes ongoing monitoring for suspicious activity. If our Program suspects or has reason to suspect suspicious activities have occurred, we will file suspicious activities reports with local regulators. A suspicious transaction is often inconsistent with a customer's known and legitimate business, or personal activities.

These are the primary components of our compliance program; however, the most important glue or connection to these layers are our leadership team and staff, including AML/Risk personnel that execute training, oversight, and a sound compliance culture.

3. AML/CTF Program Procces

To further demonstrate our commitment, expertise, and proficiency in the established AML approach, FINASSETS describes in more detail the onboarding process and other adjacent workflows that might be of interest to our potential partners and clients.

• Onboarding
• Monitoring
• Activity Monitoring
• Transaction Control
• Periodic Review
• Information Storage and Reporting

First off, the onboarding process goes on in the following steps:

1. The client (legal entity representative) visits the company website https://www.finassets.io, and registers an account.
2. In doing so, the client also accomplishes ID check, PEP (Politically Exposed Person) list check, and Sanction list checks via our partner Sum&Substance in order to ensure PEP, Sanction lists compliance, as well as to ensure ID document integrity and validity, as well as to perform the liveness check of a client. The sources for PEP list and Sanction list checks ¹
   • The Office of Foreign Assets Control (OFAC) Sanctions
   • The United Nations Security Council's Sanctions list
   • Her Majesty's (HM) Treasury List
   • The EU Consolidated Sanctions List
   • The EU Most Wanted Warnings
   • The Bureau of Industry and Security
   • The State Department Foreign Terrorist Organizations List and Non-Proliferation List
   • US DOJ (FBI, DEA, US Marshals, and others)
   • Interpol's Most Wanted
   • CBI List (The Central Bureau of Investigation)
   ¹ https://docs.sumsub.com/docs/data-sources-and-refreshment-times
3. After the previous check is done, the client's legal entity provides:
   • Corporate documents
   • Client questionnaires signed
   • UBO and Director ID documents
   And this is finalized by one more check similar to point 2 above, made for all relevant natural persons in the company.
4. When verifying and analyzing the Customer's information and documents gathered during the onboarding procedure, the Initial Risk Level is determined for the given client. It might be either Low, Medium or High. Depending on the risk the level of scrutiny increases respectively, just as the time between periodic reviews decreases for a high-risk client. In the case of a high-risk customer, it might be necessary to consult the respective board member before providing acceptance for such an account. Higher-risk clients also might trigger alerts and thus might be asked to provide additional information and/or documents or Source of Funds and Source of Wealth evidence much more often if compared to Low and Medium risk clients.
5. After the onboarding and initial analysis have been accomplished a decision is made as pertains to carrying on with the business relationship with the given client.
   • If it is a low-risk client, then re-evaluation is done in 3 years
   • In case of a medium risk, the re-check takes place in 2 years
   • And only a 1-year gap is meant for higher-risk clients
   • If the risk is deemed to be too high or unmanageable, the client is turned down and the business relationship does not commence.
   • In case a client of any risk has showcased risky behavior that has been uncovered in the process of client monitoring, it should be escalated to the respective board member to take a final decision as pertains to such a client. The result might be either moving the client to a high-risk category increasing scrutiny, or it might also result in full termination of the relationship and reporting to relevant authorities in the Republic of Panama.
6. In the course of continuous monitoring that follows after the business relationship has been established the AML Staff monitors:
   1. Client transactions
   2. Sanction lists and PeP lists, (so that on any given day we know, that our clients were not included in any of those lists)
   3. Client Behavioral patterns in the course of client transactions
   4. Accomplishment of regular client re-checks to verify that
   5. No new negative information has emerged
   6. All previously received information has not changed, and the risk setting should not be changed
   7. All client actions are carried out in line with previously provided information
   8. If any of the above is not true the AML staff carries out a re-evaluation in an effort to gain a new improved and up-to-date understanding of client actions and adjust risk settings so as to keep adhering to the FATF risk-based approach.
7. In case any risky activity takes place on the side of the client, it is always being recorded and reported to the competent Panama based authorities that oversee AML processes across the country.