Know-Your-Customer (KYC) Policy

1. Introduction

These procedures are designed to mitigate the risk of the Registry being used for money laundering, terrorist financing, illicit trade, or other forms of financial misconduct. Although Origin Ledgers is not currently regulated as a financial institution under Swiss law, it voluntarily adheres to internationally recognized AML and KYC best practices, in keeping with its role as a critical infrastructure provider to the voluntary carbon market.

This Policy draws its structure and principles from:

• The Swiss Anti-Money Laundering Act (AMLA) and related ordinances issued by the Swiss Financial Market Supervisory Authority (FINMA)
• The European Union’s Anti-Money Laundering Directives, particularly Directive (EU) 2018/843 (AMLD5) and Directive (EU) 2015/849 (AMLD4), which govern KYC procedures and beneficial ownership transparency
• The European Union’s Anti-Money Laundering Directives, particularly Directive (EU) 2018/843 (AMLD5) and Directive (EU) 2015/849 (AMLD4), which govern KYC procedures and beneficial ownership transparency

The KYC obligations under this Policy apply to all Account Holders on the Trade Room registry, including:

• Buyers of carbon credits
• Project Mangers or Suppliers that generate emissions
• Authorized representatives, intermediaries, and brokers acting on behalf of buyers or suppliers

The goal of this Policy is to establish a consistent, risk-based due diligence framework that ensures all participants are identifiable, lawfully operating entities, with clear beneficial ownership, verified source of funds, and no known association with sanctioned entities or high-risk jurisdictions.

2. Ongoing Review of the Policy

This KYC Policy will be reviewed at least once per year by the Chief Compliance Officer (CCO) or a designated member of the Trade Room Governance and Risk Committee at Origin Ledgers.

The purpose of this review is to ensure continued alignment with:

• Evolving Swiss AMLA and FINMA regulatory standards
• Updates to EU AMLD6, as well as other pan-European AML/KYC enforcement mechanisms
• Emerging risk typologies and threat intelligence relevant to financial crime in environmental markets

The Policy may also be reviewed and revised outside the standard review cycle in response to: (i)A confirmed or suspected breach, compliance issue, or onboarding incident involving an Account Holder; (ii)Official designation of Origin Ledgers under regulated entity status by a Swiss, EU, or other national AML supervisory authority; (iii)Material changes to applicable laws or industry-wide best practices that necessitate enhancements to the Trade Room’s KYC framework.

All updates will be recorded, approved by senior management, and implemented without delay. Where appropriate, Origin Ledgers will communicate material policy changes to affected stakeholders or make updated policy documentation publicly available via the Trade Room registry.

3. KYC Requirements

In line with its commitment to transparency, regulatory readiness, and best practice in financial compliance, Origin Ledgers requires all entities registering as Account Holders on the Trade Room registry to undergo a Know-Your-Customer (KYC) review prior to onboarding.

This requirement applies to both Buyers and Sellers. At a minimum, the following information shall be collected during account onboarding:

• Full legal name of the entity
• Official registered address
• Corporate registration number and jurisdiction
• Primary business activity or industry sector

Upon collection, Origin Ledgers will:

• Screen the entity and its jurisdiction of registration against international sanctions lists, including the UN Sanctions List, the EU Consolidated Financial Sanctions List, and any FATF-designated high-risk jurisdictions
• Review the entity’s ownership structure and business model to assess legitimacy
• Maintain verified KYC documentation for a minimum of five years following the most recent transaction or account activity
• Monitor registry activity associated with the account for patterns of unusual or potentially suspicious transactions
• If an entity is found to be associated with a prohibited jurisdiction or is flagged through sanctions screening, the account will not be opened. For existing accounts, a positive match will trigger a freeze and formal closure procedure.

4. Ongoing Monitoring

Origin Ledgers conducts ongoing due diligence on all Account Holders to detect changes in risk profile or the emergence of suspicious activity patterns. Monitoring includes transactional activity, behavioral patterns, and updates to sanction or watchlist designations. If suspicious activity is detected, Origin Ledgers may take one or more of the following actions:

• Temporarily freeze account activity pending internal review
• Request documentation to verify beneficial ownership and conduct renewed watchlist and sanctions screening
• Conduct an in-person or virtual site review of high-risk entities or project proponents (where feasible)

What constitutes unusual or suspicious activity is determined using a risk-based approach, drawing on guidance from Swiss FINMA circulars, EU AMLD standards, and FATF recommendations. Illustrative examples of flagged behavior include:

• A one-time transaction significantly above the historical norm for the Account Holder or sector
• An abnormal volume of small, low-value transactions
• Transaction amounts that consistently fall just below predefined thresholds (e.g. offsetting of 9,999 emissions)
• A sudden change in counterparties, location of transfers, or account behavior without explanation.

5. Training and Capacity Building

Preventing financial misuse of the Trade Room is a shared responsibility across all personnel at Origin Ledgers. This Policy is mandatory reading for all new employees and is included in the onboarding materials for relevant contractors and consultants. Updated versions will be distributed at least annually. All employees receive role-specific AML/KYC training. For example, registry engineers and platform developers receive training on transaction flagging logic and user behavior profiling, while client-facing teams are trained to identify red flags during onboarding or engagement with partners.

6. Reporting of High-Risk Entities

Any employee who identifies a potential high-risk Account Holder must report their concern immediately to their direct supervisor or to the designated KYC Compliance Officer. A client may be deemed high-risk due to:

• Trigger conditions discovered during onboarding (e.g. jurisdictional red flags or incomplete disclosure)
• Suspicious patterns detected through ongoing monitoring or partner notifications
• These reports are logged internally and reviewed for further action.

7. Mitigation Measures and Enforcement

Once a client has been flagged as high-risk, the matter is escalated to the Compliance and Risk team, who will verify the trigger conditions and determine appropriate next steps.

These may include:

For pending account applicants: additional documentation may be requested. If risk is confirmed, the application will be denied.

For existing Account Holders: the account will be temporarily frozen, pending investigation. If high-risk status is confirmed, the account will be formally closed in accordance with Origin Ledgers’s contractual and legal obligations.

In either case, communication with the client will be limited to a general explanation of non-compliance. Specific triggers will not be disclosed to avoid tipping off, in line with AML norms. If the review reveals potential criminal activity (e.g., fraud, sanctions evasion, terror finance), Origin Ledgers will submit a report to the relevant financial intelligence unit (FIU) in Switzerland or the applicable host country.

While not regulated under AML law at present, Origin Ledgers will ensure such reports reflect the structure and intent of a Suspicious Activity Report (SAR), modeled on FINMA, EU AMLD, and FATF best practices.