top of page

AML Policy

Last Updated: January 08, 2025

1. General Statement

i-pay.io ("we," "our," or "us") is a facilitator of fiat-to-crypto transaction flows and does not directly engage in financial services, custody of funds, or end-user onboarding. However, we are committed to supporting international efforts to prevent money laundering, terrorist financing, and other forms of financial crime.

While we do not directly perform onboarding, KYC, or process funds, we work with third-party providers who are fully responsible for conducting identity checks, transaction monitoring, compliance reporting, and risk management under applicable regulations.

2. Customer Due Diligence (CDD)

All users making transactions through services integrated with i-pay.io undergo identity verification directly via the responsible KYC provider (e.g., Sumsub). The verification process typically includes:

  • Government-issued ID

  • Proof of liveness

This one-time verification ensures that each user is linked to a real identity before transacting through any platform.

3. Sanctions & Restricted Jurisdictions

i-pay.io does not facilitate access to payment processing for any users or businesses located in:

  • Sanctioned countries (e.g., OFAC, EU, UN lists)

  • Regions flagged for high financial crime risk by FATF or equivalent bodies

We reserve the right to restrict access to our Services based on changes in risk exposure or the presence of unlawful content, use cases, or jurisdictions.

4. Transaction Screening & Suspicious Activity

Although i-pay.io does not process payments, we actively:

  • Monitor API usage for patterns consistent with fraud or circumvention

  • Flag suspicious behavior and notify relevant upstream partners

5. Compliance Monitoring

i-pay.io conducts internal monitoring to ensure its own infrastructure is not misused. This includes:

  • Routine log reviews

  • Abuse flagging automation

Where abuse or suspicious use is detected, we may:

  • Terminate access

  • Blacklist merchant or user IPs

6. Politically Exposed Persons (PEPs)

All identity checks related to end-users are carried out by KYC providers, who apply enhanced due diligence for individuals flagged as PEPs. i-pay.io requires that such providers maintain:

  • Additional risk scoring thresholds

  • Continuous monitoring

  • Manual review workflows for PEPs and high-risk accounts


 

7. Training & Awareness

Although we do not handle end-user onboarding, our internal team is trained to:

  • Recognize the signs of platform abuse and suspicious use cases

  • Understand obligations under applicable AML frameworks

  • Escalate any internal red flags to responsible parties


 

8. Data Retention

We do not retain sensitive personal data such as identification documents or transaction values. Any logs or metadata retained are processed solely for platform security and abuse prevention, and stored in accordance with applicable privacy laws.


 

9. Cooperation With Authorities

We cooperate fully with regulators, law enforcement, and legal bodies on valid inquiries. Information requests should be addressed to our compliance contact with:

  • Proof of authorization

  • Specific request details

  • Valid legal basis (e.g., court order, subpoena)​

All requests should be sent to: compliance@i-pay.io


 

10. Termination

We reserve the right to discontinue access to our services if:

  • There is evidence of abuse, fraud, or financial crime

  • The merchant or their users engage in activities contrary to international AML guidelines


 

This policy may be updated from time to time. Continued use of i-pay.io constitutes acceptance of any updated versions.

bottom of page