AML / KYC Rules
Mercury AML/CFT Policy (Anti-Money Laundering & Counter-Terrorist Financing Policy)
Effective date: 02 Aug 2023
Last updated: 28 Jan 2026
1. General
1.1. This AML/CFT Policy (the “Policy”) sets out the measures used by Mercury to prevent money laundering and terrorist financing.
1.2. The Policy is an internal regulation of Mercury and is mandatory for employees involved in processing requests and performing operations.
1.3. The Policy is based on the Risk-Based Approach, FATF recommendations, monitoring requirements, and applicable law.
1.4. By using Mercury, the user agrees to this Policy.
2. Terms
2.1. Mercury is a trademark of a digital asset exchange service.
2.2. Service means Mercury’s information system used to provide digital asset exchange services.
2.3. User means an individual using Mercury’s services.
2.4. Digital assets include cryptocurrencies and other digital currencies based on blockchain technology.
2.5. AML check means an automated address/transaction check using AML analytics tools.
2.6. Risk Score means an aggregated numerical risk indicator for a transaction.
2.7. KYT (Know Your Transaction) means transaction monitoring and analysis.
2.8. SoF (Source of Funds) means a procedure to confirm the source of funds.
2.9. KYC (Know Your Customer) means user identity verification.
2.10. MLRO means the responsible officer for AML/CFT matters.
3. AML Control
3.1. AML, KYT, SoF and KYC functions are implemented by Mercury’s internal security unit.
3.2. The unit reviews AML reports and Risk Scores, communicates with users, documents cases, and makes operational decisions.
4. AML Analytics and Providers
4.1. All incoming transactions are subject to mandatory KYT screening using the Rapira AML analyzer.
4.2. Mercury does not manually adjust Risk Scores and does not use alternative scoring models.
4.3. The final Risk Score is the primary risk evaluation criterion. Risk tags are considered as part of the overall risk assessment and are not applied in isolation.
4.4. How the overall Risk Score is formed
4.4.1. The overall Risk Score is calculated by the AML provider within a risk-based transaction scoring model.
4.4.2. The Risk Score is an aggregated numerical indicator calculated from multiple transaction parameters and related risk factors.
4.4.3. The Risk Score may consider, among other factors:
- asset movement history and on-chain provenance;
- the presence and share of risk tags (including but not limited to Scam, Dark Market, Enforcement Actions, and similar categories);
- transaction patterns, structure, and sequencing;
- behavioral and time-based signals;
- other parameters used by the AML provider in its scoring model.
4.4.4. Risk tags are considered only as elements of the overall risk assessment expressed by the final Risk Score.
4.4.5. Mercury does not influence the Risk Score methodology, does not manually adjust it, and uses the result as provided by the AML provider.
4.4.6. The final Risk Score is used to determine the appropriate transaction handling scenario under this Policy.
5. Preliminary AML Check
5.1. Before creating an exchange request, the user may perform a preliminary AML check of a crypto address.
5.2. The “Check wallet” item in the website header links to BestChange AML report page:
https://www.bestchange.ru/report/
5.3. The preliminary AML check may be performed on a paid basis using valid AML tools, including BestChange-provided tools or third-party AML services.
5.4. Based on the preliminary check results, the user may:
- share the results with Mercury’s operator for a preliminary assessment of whether the exchange can be processed; or
- decline to share the results and accept potential risks, including possible transaction suspension during KYT screening.
6. KYT, SoF and KYC Procedures
6.1. KYT applies by default to all incoming transactions and is used to generate a Risk Score and determine whether additional controls are required.
6.2. Additional controls may be triggered by a Risk Score above 60%, a high share of risk tags, lack of source-of-funds explanations, use of anonymous communication channels, or other elevated regulatory/legal risk factors.
6.3. SoF is applied first and is aimed at confirming the origin of funds without identity verification.
6.4. Under SoF, Mercury may request explanations, transaction hashes, links, statements, screenshots and other materials relevant to the origin of funds, without excessive collection of personal data.
6.5. If sufficient and consistent information is provided, KYC may not be required.
6.6. KYC is requested only when SoF confirmation is not possible or the overall risk level requires identity verification.
6.7. Mercury requests only information proportionate to the KYT/SoF/KYC purpose and the risk assessment of a specific operation.
6.8. Control sequence when Risk Score exceeds the threshold
If the overall Risk Score exceeds 60% following KYT screening, Mercury may proceed as follows:
- the transaction is temporarily suspended;
- the user is asked to provide explanations and materials under SoF;
- if SoF confirmation is not possible, KYC may be requested.
6.9. KYC verification may take up to 7 (seven) business days from the moment Mercury receives a complete and correct set of requested materials. If additional clarification is required, the timeline may be extended until sufficient information is provided.
7. Transaction Suspension and Funds Handling
7.1. If the Risk Score exceeds 60%, Mercury may suspend processing until screening is completed.
8. Refunds and Fees
8.1. Following AML screening, Mercury may process the exchange, refund funds, or refuse service where lawful grounds exist.
8.2. If funds are refunded after AML suspension, Mercury may charge a fee of up to 5% of the operation amount, capped at 100 USDT.
8.3. For bona fide users whose funds are not confirmed as linked to unlawful activity, refunds are made without additional fees, except for blockchain network fees.
8.4. If a refund is approved after AML/KYC completion, it will be made within up to 10 (ten) business days from completion date. Actual timelines may depend on blockchain network specifics, payment infrastructure limitations, or external circumstances.
9. Restricted Jurisdictions and Sources of Funds
To reduce AML/CFT risks, Mercury does not provide services to users located in, registered in, or substantially connected to jurisdictions classified as high or unacceptable risk (including FATF guidance and UN/EU sanctions lists, among others).
Service is not provided to users from the following states and territories, and incoming funds may be refunded to the sender where no legal restrictions apply:
United States; Afghanistan; Albania; Angola; Algeria; Barbados; Bolivia; Botswana; Burma (Myanmar); Burundi; Cambodia; Central African Republic; Chad; Congo; Guinea (Conakry); Cote d’Ivoire; Cuba; Democratic People’s Republic of Korea (DPRK); Ecuador; Egypt; Equatorial Guinea; Eritrea; Ghana; Guinea-Bissau; Haiti; Guyana; Iran; Iraq; Lao People’s Democratic Republic; Lebanon; Libya; Mali; Morocco; Nepal; Nicaragua; North Macedonia; Pakistan; Panama; Qatar; Saudi Arabia; Somalia; South Sudan; Sudan; Syria; Tunisia; Uganda; Vanuatu; Venezuela; Yemen; Zimbabwe; Jamaica.
Sources of funds: WhiteBit; HODLHODL; Grinex.
Mercury may update the list of high-risk jurisdictions and sources depending on sanctions regimes, FATF guidance, and monitoring requirements without prior notice.
10. Data Storage and Cooperation with Authorities
10.1. Data collected during AML procedures is stored and processed in a protected environment with restricted access.
10.2. Upon official requests from competent authorities, Mercury provides information to the extent required by applicable law.
11. Final Provisions
11.1. Mercury may amend this Policy to keep it up to date and comply with monitoring requirements and applicable law.
11.2. The updated version takes effect upon publication on the Mercury website.
