AML Policy

Effective Date: April 14, 2026

This Anti-Money Laundering and Counter-Terrorist Financing Policy (the "AML Policy") sets forth the compliance framework adopted by Digital Original and its subsidiaries and affiliates ("Digital Original", "Company", "we", "us", or "our") to prevent the use of our platform and services for money laundering, terrorist financing, sanctions evasion, and other financial crimes.

This AML Policy applies to all users of the Digital Original Platform (the "Platform"), including Galleries, buyers, and any other individuals or entities that access or use the Service as defined in the Terms of Service. This AML Policy supplements and should be read in conjunction with the Terms of Service, Gallery Terms and Conditions, and Privacy Policy.

Digital Original has an unequivocal zero-tolerance approach to money laundering, terrorist financing, sanctions evasion, and other financial crime. The Company takes these risks seriously and is committed to conducting its business in compliance with all applicable anti-money laundering laws and regulations, including but not limited to the U.S. Bank Secrecy Act (BSA), the USA PATRIOT Act, the Anti-Money Laundering Act of 2020 (AMLA), applicable European Union Anti-Money Laundering Directives, the UK Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, and the regulations of the Financial Action Task Force (FATF).

The original language of this AML Policy is English. We may make available translations for convenience. In case of conflicts between the original English version and any translation, the English version shall prevail.

1. COMPLIANCE OFFICER

Digital Original has designated a Compliance Officer who is responsible for the implementation, oversight, and enforcement of this AML Policy and the Company's broader AML compliance program (the "AML Program").

The Compliance Officer's responsibilities include:

The Compliance Officer reports directly to the Company's senior management and has the authority to act independently in all compliance-related matters. The Compliance Officer may delegate specific tasks to qualified members of the compliance team, but retains ultimate responsibility for the AML Program.

  1. Developing, implementing, and maintaining internal AML policies, procedures, and controls.
  2. Ensuring that the AML Program is updated to reflect changes in applicable laws, regulations, and industry best practices.
  3. Overseeing the Know Your Customer (KYC) and Customer Due Diligence (CDD) processes.
  4. Monitoring transactions and user activity for suspicious or unusual patterns.
  5. Ensuring that suspicious activity reports are filed with the relevant authorities in a timely manner.
  6. Coordinating and ensuring the delivery of AML training to all relevant personnel.
  7. Serving as the primary point of contact for regulatory authorities, law enforcement agencies, and third-party compliance partners.
  8. Conducting periodic reviews and risk assessments of the AML Program.

2. RISK-BASED APPROACH

Digital Original employs a risk-based approach to identify, assess, and mitigate the money laundering and terrorist financing risks associated with its Platform and Services. This approach ensures that resources and controls are directed proportionately to the areas of greatest risk.

The Company conducts periodic risk assessments that consider, among other factors:

  1. Customer risk: The nature and profile of users, including Galleries, buyers, and other participants, taking into account factors such as geographic location, type of entity, source of funds, and expected transaction activity.
  2. Product and service risk: The nature of the Collectibles traded on the Platform, including NFTs, Phygital artworks, and other digital assets, and the risk profiles associated with different artwork types, price ranges, and sale formats (direct sale, auction).
  3. Geographic risk: The jurisdictions in which users are located or from which transactions originate, with heightened scrutiny applied to jurisdictions identified as high-risk by FATF, the European Commission, OFAC, or other relevant authorities.
  4. Transaction risk: The volume, frequency, and value of transactions, including patterns that may indicate unusual or suspicious activity.
  5. Delivery channel risk: The methods through which the Service is accessed and payments are processed, including blockchain-based transactions and fiat payment channels.
  6. Third-party risk: The risks associated with third-party service providers, including payment processors, KYC verification providers, and blockchain infrastructure providers.

Based on these assessments, Digital Original assigns risk ratings to users and transactions, and applies proportionate due diligence measures and monitoring controls accordingly. Risk assessments are reviewed and updated periodically, and whenever there are material changes to the Company's products, services, customer base, or regulatory environment.

3. KNOW YOUR CUSTOMER (KYC) AND CUSTOMER DUE DILIGENCE (CDD)

Digital Original implements Know Your Customer (KYC) and Customer Due Diligence (CDD) procedures to verify the identity of users and assess the risks associated with their use of the Platform. These procedures are applied at onboarding and on an ongoing basis throughout the business relationship.

3.1 User Identification and Verification. As set forth in Section 2.1 of the Terms of Service, all users must be at least 18 years of age and must represent and warrant that they are not identified on any prohibited party lists maintained by any government, including the United Nations Security Council, U.S. Treasury Department (OFAC), the European Union, or their home country's government. Users must also confirm that they are not located in, ordinarily resident in, organized, or established in any country subject to comprehensive U.S. sanctions or arms embargo, and that the funds used to purchase Collectibles are not derived from illegal activities.

3.2 Gallery Verification. Galleries, as defined in the Gallery Terms and Conditions, are subject to additional verification requirements, including the provision of information about associated artists or artist estate holders, business registration details (where applicable), and wallet authorization. Digital Original reserves the right to request additional documentation from Galleries at any time to verify identity, ownership, or compliance with applicable laws.

3.3 Third-Party KYC Providers. For fiat-based transactions processed through integrated third-party payment providers (such as Transak), Digital Original relies on the KYC and identity verification procedures performed by such providers in accordance with their own regulatory obligations. Transak, as a registered crypto asset firm with the UK Financial Conduct Authority, conducts its own identity verification and KYC checks on end-users in compliance with applicable AML laws. However, Digital Original does not rely solely on third-party providers for its AML compliance obligations and maintains its own independent compliance framework as described in this AML Policy.

3.4 Enhanced Due Diligence (EDD). Digital Original applies enhanced due diligence measures in situations that present a higher risk of money laundering or terrorist financing, including but not limited to:

  • Users or transactions involving jurisdictions identified as high-risk by FATF, the European Commission, OFAC, or other relevant authorities.
  • Unusually large or complex transactions that have no apparent economic or lawful purpose.
  • Users whose profiles or transaction patterns present elevated risk indicators.
  • Politically Exposed Persons (PEPs) and their associates or family members.
  • Transactions involving Collectibles with unusually high values relative to comparable sales on the Platform.

Enhanced due diligence may include additional identity verification, source of funds verification, source of wealth inquiries, and more frequent monitoring of the user's activity on the Platform.

4. SANCTIONS SCREENING

Digital Original screens users and transactions against applicable sanctions lists to ensure compliance with economic sanctions and embargo programs. Sanctions screening is conducted at the time of user onboarding and on an ongoing basis.

Sanctions lists consulted include, but are not limited to:

  • The U.S. Department of the Treasury, Office of Foreign Assets Control (OFAC) Specially Designated Nationals and Blocked Persons List (SDN List).
  • The European Union Consolidated Sanctions List.
  • The United Nations Security Council Consolidated List.
  • The UK HM Treasury Financial Sanctions List.
  • Other applicable national and international sanctions lists as relevant to the Company's operations.

If a user or transaction is matched to a sanctioned person, entity, or jurisdiction, Digital Original will block the transaction, suspend the user's access to the Service, and report the matter to the appropriate authorities. Digital Original may also utilize blockchain analytics tools to screen wallet addresses associated with sanctioned entities or illicit activity.

5. TRANSACTION MONITORING

Digital Original monitors transactions on the Platform to detect and prevent suspicious or unusual activity. The Company employs a combination of automated systems and manual review processes to identify transactions that may indicate money laundering, terrorist financing, or other financial crime.

Transaction monitoring includes, but is not limited to, surveillance for the following red flags and indicators:

  1. Transactions involving unusually high values relative to the user's profile, history, or comparable sales on the Platform.
  2. Rapid or repeated purchasing and reselling of Collectibles (wash trading) with no apparent economic rationale.
  3. Transactions structured in a manner that appears designed to avoid reporting thresholds or identification requirements.
  4. Users who make purchases using multiple wallets or payment methods in a manner suggestive of layering or structuring.
  5. Transactions involving jurisdictions, wallet addresses, or IP addresses associated with high-risk countries or sanctioned entities.
  6. Use of anonymizing technologies, VPNs, or other tools to conceal the user's identity or location in connection with transactions on the Platform.
  7. Sudden or unexplained changes in a user's transaction patterns or behavior.
  8. Attempts to create multiple accounts or to use the accounts of other persons to conduct transactions.
  9. Self-dealing or related-party transactions where the buyer and seller appear to be the same person or affiliated entities.
  10. Any other activity that, in the judgment of Digital Original, is inconsistent with legitimate use of the Platform.

When suspicious activity is detected, the Compliance Officer will conduct a review and determine the appropriate course of action, which may include requesting additional information from the user, suspending the user's access to the Service, blocking or reversing a transaction (where technically feasible), and/or filing a suspicious activity report with the relevant authorities.

6. SUSPICIOUS ACTIVITY REPORTING

Digital Original is committed to cooperating with law enforcement and regulatory authorities in the detection and prevention of financial crime. Where the Company identifies or suspects that a transaction or user activity may involve money laundering, terrorist financing, sanctions evasion, or other illicit activity, it will file suspicious activity reports (SARs) or equivalent reports with the appropriate regulatory or law enforcement authorities in accordance with applicable law.

All employees and relevant personnel are required to promptly report any suspicious activity to the Compliance Officer. The Compliance Officer is responsible for evaluating the reported activity, making a determination as to whether a SAR or equivalent report is warranted, and ensuring timely filing with the relevant authorities.

Digital Original strictly prohibits any employee, agent, or user from disclosing to any person (including the user who is the subject of the report) that a SAR or equivalent report has been filed or is being considered ("tipping off"). Violation of this prohibition may result in disciplinary action, termination of access, and/or referral to law enforcement.

7. PROHIBITED ACTIVITIES AND USER OBLIGATIONS

As set forth in Section 6.2 of the Terms of Service, users are prohibited from using the Platform for any illegal purpose, including but not limited to money laundering, terrorist financing, fraud, sanctions evasion, or other illicit financial activities. Users are further prohibited from:

Digital Original reserves the right, as described in Section 2.6 of the Terms of Service, to terminate or restrict a user's access to the Service, in whole or in part, at any time and at its discretion, with or without notice, if the Company suspects that the user's activity may be connected to money laundering, terrorist financing, or other financial crime.

  1. Using the Platform to engage in transactions involving funds or assets derived from illegal activities.
  2. Using the Platform to transfer value to or from persons, entities, or jurisdictions that are subject to sanctions or embargoes.
  3. Structuring transactions in a manner designed to avoid identification, reporting, or compliance requirements.
  4. Engaging in wash trading, self-dealing, or other manipulative practices intended to obscure the origin, destination, or nature of funds.
  5. Providing false, misleading, or incomplete information during registration, verification, or at any other time when information is requested by Digital Original.
  6. Assisting, facilitating, or conspiring with any other person to engage in any of the foregoing prohibited activities.

8. RECORD KEEPING

Digital Original maintains records of all user identification and verification information, due diligence documentation, transaction records, and any suspicious activity reports or related correspondence, in compliance with applicable legal and regulatory requirements.

Records are retained for a minimum period of five (5) years from the date of the relevant transaction or the termination of the business relationship with the user, whichever is later, or for such longer period as may be required by applicable law. Records include, but are not limited to:

  • User identification and verification data (name, email address, wallet address, and any additional information collected during onboarding or enhanced due diligence).
  • Records of all transactions conducted through the Platform, including transaction amounts, dates, wallet addresses, and Collectible details.
  • Correspondence and documentation related to suspicious activity reviews and reports.
  • Records of sanctions screening results.
  • Training records for employees and relevant personnel.
  • Risk assessment documentation.

All records are stored securely and in accordance with the Privacy Policy and applicable data protection laws.

9. EMPLOYEE TRAINING

Digital Original provides regular AML training to all relevant employees, contractors, and personnel to ensure awareness of, and compliance with, the Company's AML Program. Training is provided at the time of onboarding and on a periodic basis thereafter (at least annually).

Training covers the following topics:

  • The Company's AML Policy, procedures, and internal controls.
  • Applicable AML laws and regulations, including recent developments and updates.
  • How to identify suspicious activity and red flags specific to the NFT and digital art market.
  • The obligation to report suspicious activity to the Compliance Officer.
  • Sanctions compliance and screening procedures.
  • The prohibition on tipping off and the consequences of non-compliance.
  • Record-keeping obligations and data protection requirements.

Training records, including attendance and content covered, are maintained by the Compliance Officer and are available for review by regulatory authorities upon request.

10. THIRD-PARTY PAYMENT PROVIDERS AND PARTNERS

Digital Original integrates with third-party payment providers and service partners to facilitate certain aspects of the Service, including fiat-based payment processing for the purchase of Collectibles. The Company's current third-party payment provider for fiat-to-NFT transactions is Transak, a regulated crypto asset firm registered with the UK Financial Conduct Authority.

Transak performs its own KYC, identity verification, and AML compliance checks on end-users as part of its regulatory obligations. However, Digital Original does not rely solely on third-party providers for AML compliance. The Company maintains its own independent AML Program, including the procedures described in this AML Policy, to ensure that its compliance obligations are met regardless of the controls implemented by third-party partners.

Digital Original conducts due diligence on third-party payment providers and service partners before entering into business relationships and on an ongoing basis. This due diligence includes assessing the provider's regulatory status, AML compliance framework, KYC procedures, and data security practices. Digital Original will not engage with third-party providers that do not meet its compliance standards.

For subscriptions processed through Stripe or other payment processors, the applicable payment processor's terms, conditions, and privacy policies govern the processing of payments, as described in Section 3.4 of the Gallery Terms and Conditions.

11. BLOCKCHAIN AND WALLET MONITORING

Given that the Platform operates on blockchain technology, including the Ethereum blockchain and other Digital Original-Supported Blockchains, Digital Original recognizes the unique risks associated with blockchain-based transactions and takes steps to mitigate these risks.

Digital Original may employ blockchain analytics tools and services to:

  • Screen wallet addresses against known sanctioned addresses and addresses associated with illicit activity.
  • Monitor on-chain transaction patterns for indicators of money laundering, wash trading, or other suspicious activity.
  • Trace the provenance and transaction history of Collectibles and associated funds.
  • Identify connections between wallets that may indicate structuring, layering, or other obfuscation techniques.

Users are solely responsible for the security of their cryptocurrency wallets and associated private keys, as set forth in Section 2.3 of the Terms of Service. Digital Original does not have custody or control over the contents of users' wallets.

12. COOPERATION WITH AUTHORITIES

Digital Original is committed to full cooperation with law enforcement agencies, regulatory authorities, and other competent bodies in the prevention and detection of financial crime. The Company will respond to lawful requests for information, subpoenas, court orders, and other legal processes in a timely manner and in accordance with applicable law.

As described in the Privacy Policy, Digital Original may disclose user information to law enforcement or regulatory authorities where required by law, where necessary to protect the Company's legal rights, or where the Company reasonably believes that disclosure is necessary to detect, prevent, or address fraud, security issues, or violations of the Terms of Service.

13. INDEPENDENT AUDIT AND REVIEW

Digital Original's AML Program is subject to periodic independent review and audit to evaluate its effectiveness and ensure compliance with applicable laws, regulations, and industry best practices. Reviews are conducted by qualified internal or external auditors who are independent of the compliance function.

The findings of independent reviews are reported to the Company's senior management, and any recommendations for improvement are implemented in a timely manner. The Compliance Officer is responsible for tracking the implementation of audit recommendations and ensuring that identified deficiencies are remediated.

14. POLICY UPDATES AND MODIFICATIONS

Digital Original reserves the right to modify this AML Policy at any time and at its sole discretion, including in response to changes in applicable laws, regulations, regulatory guidance, or the Company's risk profile. Any modifications will be reflected by updating the "Effective Date" at the top of this page.

Your continued use of the Platform and Service after the revised AML Policy has become effective indicates that you have read, understood, and agreed to the current version of the AML Policy. We encourage you to review this AML Policy periodically to stay informed of any updates.

15. CONTACT INFORMATION

If you have any questions about this AML Policy, or wish to report suspicious activity, please contact us by email at: [email protected].