No results

Try adjusting your search

Legal & Security > KYC / AML / CTF policy


Kriptomat is a regulated VASP (Virtual Assets Service Provider), with great attention for the safety of its Users and is fully compliant with all the relevant legal requirements of Estonia and the EU (AMLD6) with having implemented its KYC (Know Your Customer) and AML/CFT (Anti-Money Laundering and Counter-Terrorist Financing) Policy (hereinafter referred to as Policy).

This is to introduce some of the general rules and stipulations of the Policy which directly concerns and affect the services we render.


Kriptomat group services are offered by group companies that are licensed, authorized, or registered by different supervisory authorities:

  • FintechX OÜ is licensed by the Estonian Financial Unit, authorized to provide virtual currency services (license No. FVT000310 – license information: link)
  • FintechX OÜ is registered as a provider of exchange services between virtual currencies and fiat currencies (registration information: link) and Custodian wallet providers (registration information: link) in the register kept by the Hellenic Capital Market Commission, Greece


The compliance, transaction processing, and support teams monitor thoroughly on an ongoing basis the compliance of the internal, partner-based, and regulatory rules and procedures with the relevant laws and regulations considering each case and each User.

Kriptomat has implemented various measures to protect Kriptomat from the involvement of money laundering or terrorist financing activities, raising Users´ awareness on particular transactions and protecting User funds by using advanced technology in the crypto-sector to detect and prevent fraud, by:

  • Performing compliant due diligence procedures (the KYC and background check) for every user (natural and legal person) who registers on the Kriptomat platform;
  • Making risk assessment for each user that successfully has passed the KYC;
  • Detecting suspicious transactions by risk categories and different risk levels;
  • Ongoing monitoring for sanctions, wanted, PEP lists, and suspicious transactions;
  • Reporting suspicious transactions to the authorities.

Internally, Kriptomat conducts periodic AML audits and provides AML training and certification to its employees.


We do not support anonymous usage of our services. According to our Policy’s due diligence process, we are obliged to perform the KYC process for every:

  • User – a natural or legal person;
  • Representative of the User – an individual who is authorized to act on behalf of the User;
  • Beneficial Owner of the User;
  • Politically exposed person (PEP) or a person connected with the PEP.

During the registration procedure, each User must provide Kriptomat with several personal information and documents.

NATURAL PERSON NEEDS TO PROVIDE AT LEAST: First name, last name; Date of birth, place of birth; Home address; Phone number and email; Government-issued ID document (both sides); Video liveness with biometric face check; Bank account and/or Credit card details; Video conference and Onboarding questionnaire. Other information and documents on the request of Kriptomat.

LEGAL PERSON NEEDS TO PROVIDE AT LEAST: Business name of the legal person; Registry code and the date of registration; ID of the shareholders (same as for the natural person identification), ID of the director(s) and/or members of the management board (same as for the natural person identification), ID’s of the representatives (same as for the natural person identification); Proof of the registered office/seat; ID’s and SOF supporting documents of the beneficial owners (same as for the natural person identification); Bank statement; Proof of representation; Articles of association; Other information and documents on the request of Kriptomat.

If we cannot determine, beyond a reasonable doubt, that the documents provided belong to the User and are authentic, we won’t be able to let the User execute any transactions.


Kriptomat has obtained the Information Security Management System (ISO 27001:2013) Certificate, which means we meet the highest security standards.

Kriptomat has a designated Data Protection Officer who is responsible for making sure that we process personal data lawfully and follow the best standards.


We monitor diligently all transactions that take place on our platform looking for suspicious and unusual behaviors – for that we have implemented thorough risk categorization. Transactions are analyzed by our Compliance team and evaluated if they do not provide significant AML / CTF risks or if they need to be ceased and clarified with the User with additional verification.


When the User’s trade volume rises, our AML / CTF verification duties increase correspondingly. The same applies when User’s transactions are “flagged” as suspicious or unusual, or our verification of the User’s personal results are qualifying the User as a person imposing significant AML / CTF risk.

In such situations, we require additional information with proof documentation regarding the source of funds the User is using on our Platform and other additional data (e.g. proof of living address, occupation, source of funds explanation, information about the amount of incomes etc).

In case our compliance team evaluates information received from the User not clarifying the doubts or risks, we will be obliged to disable the services or even report the User’s transactions to relevant authorities.

Kriptomat reserves the right to refuse to process the User’s transaction at any time, in case of suspicion of AML / CTF risk.


Based on our Policy we do not open accounts and do not process transactions for country of residents of, as well as people with nationality in countries with prohibition/restriction on cryptocurrencies such as but not limited to: Afghanistan, Algeria, American Samoa, Bangladesh, Bolivia, China, Democratic Republic Of Congo, Democratic People’s Republic Of Korea (Dprk), Ecuador, Egypt, Ethiopia, India, Iran, Iraq, Kyrgyzstan, Pakistan, Palestine, Qatar, Saudi Arabia, Syria, Morocco, Nepal, United States Of America, Vanuatu, Vietnam, Zambia.

Resident / Citizen Of The High Risk Countries such as but not limited to: Bahrain, Yemen, Jordan, Kuwait, Lebanon, Libya, Malaysia, Mali, Mauritania, Nigeria, Oman, Somalia, Serbia, Sri Lanka, Sudan, Tunisia, Ethnic Groups Of Caucasus Belonging To Russian Federation (Chechens, Etc.), Trinidad & Tobago, Ukraine.

Low Tax Or Tax-free Countries such as but not limited to: Oman, Bahrain, Qatar, Saudi Arabia, Kuwait, Bermuda, Cayman Islands, The Bahamas, Brunei, Vanuatu, Anguilla, Belize, Costa Rica, Guatemala, Panamá, Nicaragua.

In case of any doubts or concerns, please contact us at:  [email protected]

Valid from: 12.11.2021

Kriptomat App
Fast, secure and easy