BitLease Technologies Ltd. A subsidiary of 49G Holding Ltd. Incorporated in Abu Dhabi Global Market (ADGM) Registered Address: Unit PC-1, Level 7, Al Maryah Tower, Abu Dhabi Global Market Square, Abu Dhabi, Al Maryah Island, United Arab Emirates
ADGM Registration No.: 34619
Last Updated: 21 March 2026
Effective Date: 21 March 2026
This Anti-Money Laundering and Counter-Terrorist Financing Policy (“AML/CFT Policy” or “Policy”) sets out the principles, procedures, and controls that BitLease Technologies Ltd. (“BitLease,” “Company,” “we,” or “us”) implements to prevent, detect, and report money laundering, terrorist financing, proliferation financing, sanctions evasion, and other financial crimes in connection with the BitLease platform and all related services (the “Platform”).
BitLease is committed to operating at the highest standards of financial crime compliance. As a structured digital asset financing platform incorporated in Abu Dhabi Global Market (ADGM) and a subsidiary of 49G Holding, BitLease recognizes that the integrity of the Lease-to-Own (LTO) model depends on maintaining a platform free from abuse by those seeking to exploit financial systems for illicit purposes.
This commitment extends beyond regulatory minimums. BitLease aims to meet or exceed the standards expected of regulated financial institutions operating in the asset financing and leasing sector, recognizing that the digital asset class demands heightened vigilance. Compliance is not a formality. It is part of the architecture of trust that makes this platform possible.
This Policy applies to:
All users of the Platform, including Clients (Lessees), Lessors (Capital Providers), prospective users, and any person or entity interacting with BitLease;
All products and services offered through the Platform, including LTO Contracts, Investment Contracts, LTO Staking Delegation, LTO Wallets, and any ancillary services;
All BitLease employees, officers, directors, contractors, and agents;
All third-party service providers processing data or transactions on behalf of BitLease;
All jurisdictions in which BitLease operates or to which it provides services.
BitLease is not a cryptocurrency exchange, broker-dealer, or money transmitter. It is a structured Lease to Own business where all transactions occur in stablecoins, all agreements are bilateral between BitLease and the user, and all digital assets are stored in MPC-secured escrow.
This closed system naturally reduces some types of money laundering risk, such as layering via peer-to-peer transfer, but in the process, it also raises other types of risk that require particular attention, such as the use of LTO Contracts in the laundering of money and the use of Buyout in the transfer of value. This Policy is intended to address these types.
BitLease’s AML/CFT framework is designed to comply with the following, as applicable:
ADGM (Primary Jurisdiction):
ADGM Anti-Money Laundering and Sanctions Rules and Guidance (ADGM AML Rules)
ADGM Financial Services Regulatory Authority (FSRA) regulatory requirements
UAE Federal Decree-Law No. 20 of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Financing of Illegal Organisations (as amended)
UAE Cabinet Decision No. 10 of 2019 Implementing the Executive Regulations
UAE National Anti-Money Laundering and Combating Financing of Terrorism and Financing of Illegal Organisations Committee (NAMLCFTC) guidance
International Standards:
Financial Action Task Force (FATF) Recommendations (2012, as updated)
FATF Guidance on Virtual Assets and Virtual Asset Service Providers (updated October 2021)
FATF Risk-Based Approach Guidance
Other Jurisdictions (where BitLease operates or plans to operate):
EU Anti-Money Laundering Directives (AMLD 5, Directive 2018/843; AMLD 6, Directive 2018/1673)
EU Markets in Crypto-Assets Regulation (MiCA), AML provisions
EU Transfer of Funds Regulation (TFR), Travel Rule provisions
UK Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 (as amended)
UK Proceeds of Crime Act 2002 (POCA) and Terrorism Act 2000
Singapore Prevention of Money Laundering and Countering the Financing of Terrorism (applicable MAS Notices and Guidelines)
Singapore Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act (CDSA)
BitLease actively engages with regulatory authorities in all jurisdictions where it operates. Licensing applications are in progress with ADGM FSRA, VARA, MiCA-designated authorities, FCA, and MAS. AML/CFT compliance is maintained regardless of licensing status. It is a foundational obligation, not a licensing condition.
The Board of Directors of BitLease (and the Board of 49G Holding at the group level) bears ultimate responsibility for ensuring that the AML/CFT framework is adequate, effective, and appropriately resourced. Senior management is responsible for:
Approving and overseeing the implementation of this Policy;
Ensuring adequate resources (personnel, technology, training budget) are allocated to compliance;
Receiving and reviewing regular compliance reports;
Setting the Company’s risk appetite for financial crime exposure;
Fostering a culture of compliance throughout the organization.
BitLease has appointed a Money Laundering Reporting Officer (MLRO) with the following responsibilities:
Overall oversight of the AML/CFT compliance program;
Receiving, evaluating, and filing Suspicious Transaction Reports (STRs) / Suspicious Activity Reports (SARs) with the relevant Financial Intelligence Unit (FIU);
Acting as the primary point of contact with regulatory authorities and FIUs on AML/CFT matters;
Reporting to the Board on the effectiveness of AML/CFT controls;
Ensuring that the Company’s risk assessment is current and that controls are proportionate to identified risks;
Maintaining independence from business operations to ensure objectivity.
The MLRO has direct access to the Board and may not be overruled on decisions to file STRs/SARs.
MLRO Contact: mlro@bitlease.com (internal reporting only, not a public contact)
A Deputy MLRO is appointed to act in the MLRO’s absence and to support the MLRO’s functions. The Deputy MLRO has the same authority and responsibilities when acting in the MLRO’s stead.
A dedicated compliance team supports the MLRO in:
Conducting customer due diligence reviews;
Performing ongoing monitoring and investigation;
Maintaining AML/CFT records;
Delivering training programs;
Managing relationships with third-party screening and monitoring providers.
BitLease applies the three lines of defense model:
First Line, Business Operations: All employees are responsible for identifying and escalating potential financial crime indicators. Front-line staff are trained to recognize red flags.
Second Line, Compliance, and Risk: The MLRO, compliance team, and risk management function provide oversight, develop policies, monitor adherence, and conduct quality assurance.
Third Line, Internal Audit/External Review: Independent periodic review of the AML/CFT framework’s adequacy and effectiveness, conducted by internal audit or an external firm.
BitLease applies a risk-based approach (RBA) to AML/CFT, as mandated by the FATF Recommendations and ADGM AML rules. Resources and controls are directed proportionately to areas of highest risk. This does not mean lower-risk areas are ignored. It means controls are calibrated to the assessed risk level.
BitLease conducts a comprehensive enterprise-wide risk assessment (EWRA) that evaluates money laundering and terrorist financing risk across the following dimensions:
Customer Risk:
Individual Clients: jurisdiction of residence, source of funds, transaction patterns, PEP status, adverse media
Institutional Lessors: nature of institution, jurisdiction of incorporation, regulatory status, ownership structure, source of capital
High-risk categories: PEPs, customers from higher-risk jurisdictions (per FATF grey/black lists), complex ownership structures, cash-intensive businesses
Product/Service Risk:
LTO Contracts: risk of misuse for integration of illicit funds through structured payments
Buyout mechanism: risk of early exit as a value transfer method
Full Settlement: large single-payment risk
LTO Staking Delegation: risk of yield being directed to third parties
LTO Wallets: stablecoin deposit/withdrawal patterns
Geographic Risk:
Jurisdiction of user residence and nationality
FATF grey-list and black-list jurisdictions
Jurisdictions with known deficiencies in AML/CFT frameworks
Sanctions-targeted jurisdictions
Restricted Jurisdictions (including the United States)
Channel/Delivery Risk:
Digital-only onboarding (non-face-to-face)
Cross-border nature of services
Use of stablecoins as the payment medium
Emerging Risk:
New typologies specific to digital assets
Regulatory changes
Technological developments (privacy coins, mixers, bridges, though BitLease does not interact with these directly)
The EWRA is reviewed and updated:
At least annually;
Upon the introduction of new products, services, or markets;
Upon significant changes in the regulatory environment;
Upon identification of new money laundering or terrorist financing typologies relevant to the LTO model;
Following a significant compliance incident.
Each customer is assigned an individual risk rating (low, medium, or high) based on factors including
| Factor | Lower Risk Indicators | Higher Risk Indicators |
|---|---|---|
| Jurisdiction | FATF-compliant, low-corruption jurisdictions | FATF grey/black list, high corruption, weak AML |
| Customer type | Individual, transparent source of funds | Complex structures, trusts, nominees |
| PEP status | Not a PEP | PEP or close associate/family member of PEP |
| Adverse media | No adverse findings | Adverse findings related to financial crime |
| Transaction profile | Consistent with stated purpose, small-medium value | Large or unusual transactions, inconsistent profile |
| Source of funds | Salary, documented savings, regulated investment | Undocumented, cash-intensive, high-risk sectors |
| Behavioral patterns | Consistent, predictable | Erratic, multiple rapid Buyouts, unusual patterns |
Risk ratings are reviewed periodically and may be upgraded or downgraded based on ongoing monitoring.
BitLease undertakes Customer Due Diligence (CDD) on all customers before the establishment of a business relationship and continues to do so throughout the duration of the business relationship. The extent and frequency of CDD measures vary based on the risk profile of the customers.
BitLease applies a tiered approach to platform access and verification. Each tier reflects a level of verification proportionate to the services the user can access.
Tier 1, Basic Access (Limited Services): Access to the basic functionality of the BitLease platform, such as browsing, simulation, and educational content, is granted without the need to complete verification, subject to the following conditions:
Basic identity capture (name, email, jurisdiction);
Sanctions screening against all applicable lists;
IP-based jurisdiction verification (Restricted Jurisdictions blocked);
No ability to execute LTO contracts, deposit stablecoins, or access financial services.
Tier 2, Standard Verification (Full Platform Access): Required before executing any LTO contract, funding an LTO Wallet, or accessing financial services:
Government-issued photo identification (passport, national ID, or driver’s license);
Proof of address (utility bill, bank statement, or government correspondence, dated within 3 months);
Selfie/liveness check for facial recognition matching against ID document;
Sanctions, PEP, and adverse media screening.
Source of funds declaration;
Jurisdiction and US person verification;
Affordability assessment data collection.
Tier 3, Enhanced Verification (Triggered by Risk Indicators): Performed if risk indicators are identified:
Detailed source of wealth documentation and verification;
Additional documentary evidence of the source of funds;
Enhanced ongoing monitoring with elevated frequency;
Senior management or MLRO approval for the business relationship;
More frequent periodic re-verification;
Potential restrictions on contract value or frequency.
Tier 4, Institutional KYB (Lessors and Institutional Clients):
Certificate of incorporation and constitutional documents;
Register of directors and officers;
Beneficial ownership structure to ultimate beneficial owners (UBOs) holding 10% or more, directly or indirectly;
Verification of identity of all UBOs and authorized signatories (to Tier 2 standard);
Regulatory license verification;
Audited financial statements (most recent two fiscal years);
AML/CFT policy attestation or summary;
Source of capital documentation;
Sanctions, PEP, and adverse media screening on all UBOs, directors, and the entity itself.
CDD must be completed before the establishment of a business relationship (i.e., before the first LTO Contract execution or LTO Wallet funding);
Where permitted by applicable law and justified by risk assessment, verification may be completed during the establishment of the relationship, provided that (i) the delay is necessary to not interrupt normal business operations; (ii) money laundering and terrorist financing risks are effectively managed; and (iii) verification is completed as soon as practicable.
If CDD cannot be completed satisfactorily, the business relationship must not be established, or if already established, must be terminated.
CDD is not a one-time event. BitLease conducts ongoing due diligence, including:
High-risk customers: at least every 6 months
Medium-risk customers: at least every 12 months
Low-risk customers: at least every 24 months
Unusual transaction patterns
Significant change in transaction value or frequency
Adverse media alerts
Change in customer circumstances (e.g., new PEP status)
Request for service outside the customer’s normal profile
Multiple rapid Buyouts or contract terminations
Large or unusual LTO Wallet deposits
BitLease has adopted enhanced due diligence for dealing with PEPs, their family members, and their close associates.
Identification: All customers are identified through checks of global PEP data bases during the onboarding process and on a regular basis during the course of the business relationship.
Definition: A PEP is defined as individuals who hold or have held the highest office in a country, top government officials, top judicial and military officials, top officials of state-owned enterprises, and top political party officials. It also covers their family members, including their spouse, children, parents, and siblings, and their close associates, including known business associates and legal advisors.
Enhanced Measures for PEPs:
Senior management approval is required before establishing the business relationship.
Enhanced source of funds and source of wealth documentation;
Enhanced ongoing monitoring;
More frequent periodic reviews (at least every 6 months);
The MLRO must be informed of all PEP relationships.
BitLease does not automatically decline PEPs but subjects them to the highest level of scrutiny.
For all entities (Lessors, institutional Clients, corporate accounts):
BitLease identifies and verifies the identity of all beneficial owners, meaning natural persons who ultimately own or control 10% or more of the entity (directly or through a chain of ownership);
Where no natural person meets the 10% threshold, the natural person(s) exercising control through other means are identified;
Where no such person can be identified, the senior managing official(s) are verified;
Beneficial ownership structures are documented and reviewed at least annually;
Complex, opaque, or multi-layered structures are treated as higher risk.
If BitLease is unable to complete CDD to a satisfactory standard,
The business relationship must not be established.
If already established, it must be terminated in an orderly manner.
Active LTO Contracts will be settled through the standard termination process with Surplus Value returned to the customer.
The MLRO must be consulted on whether a STR/SAR filing is warranted.
All documentation and reasoning are recorded.
BitLease provides extensive and constant transaction monitoring for all activities on the Platform. It covers the entire lifecycle of transactions, including onboarding, LTO wallet activities, contract execution, installment payments, Buyouts, Full Settlements, terminations, and staking.
Rule-Based Monitoring: Automated rules designed to detect patterns and thresholds indicative of money laundering, terrorist financing, or other financial crime. Rules are calibrated to the specific risk typologies of the LTO model.
Behavioral Analysis: AI-assisted analysis of customer behavior patterns to identify anomalies that static rules may not capture. This includes deviations from established customer profiles, unusual timing patterns, and activity inconsistent with stated purpose.
Know Your Transaction (KYT): Blockchain-level analysis of stablecoin transactions interacting with the Platform, including:
Source wallet analysis (exposure to high-risk services: mixers, darknet, sanctioned entities);
Destination wallet analysis (for outgoing transfers, Buyout proceeds, staking rewards);
Transaction clustering and flow analysis;
Counterparty risk scoring.
BitLease monitors for the following indicators, among others: These red flags are specific to the risks of the LTO model as well as general financial crime patterns.
LTO-Specific Red Flags:
Structuring through LTO Contracts: Multiple contracts opened in rapid succession with minimum Down Payments, followed by immediate Buyouts or terminations, potentially designed to move value through the Platform.
Disproportionate Down Payments: Down Payments that are significantly larger than necessary or inconsistent with the customer’s declared financial profile;
Rapid Buyout patterns: Executing Buyouts shortly after contract inception, particularly where the economic rationale is unclear (the asset has not appreciated, no market event occurred);
Third-party funding: LTO Wallet funded from wallets not associated with the verified customer, or from wallets with exposure to high-risk services;
Inconsistent profile: Transaction values or patterns inconsistent with the customer’s declared source of funds, income, or employment;
Geographic anomalies: Access from Restricted Jurisdictions, or IP addresses inconsistent with declared residence;
Multiple accounts: Attempts to open multiple accounts or to use nominee identities;
Refusal to provide information: Reluctance to complete CDD, provide source of funds documentation, or answer compliance inquiries;
Abnormal staking behavior: Immediately opting into staking delegation and directing rewards to external wallets with no connection to the verified customer;
Sudden large settlement: Full Settlement of high-value contracts using funds with no documented source.
General Financial Crime Red Flags:
Transactions with wallets identified by blockchain analytics as having direct or indirect exposure to sanctioned entities, darknet markets, ransomware, fraud, or terrorist financing;
Customer information matches sanctions lists or adverse media profiles;
Unusual frequency of transactions with no apparent economic purpose;
Customer cannot or will not explain the economic rationale for their transactions;
Use of multiple stablecoin types or frequent conversion between stablecoins before depositing.
Automated alerts are generated by the monitoring system and queued for compliance review.
A trained compliance analyst reviews each alert, conducts additional investigation as necessary, and determines whether escalation to the MLRO is warranted.
Alerts are resolved as false positives, documented and closed; (ii) Escalated to MLRO for STR/SAR consideration; (iii) Requiring additional CDD or restrictions on the account.
All alert handling is documented with reasoning, evidence reviewed, and outcome.
Alert handling timeframes: initial triage within 24 hours; full investigation within 5 business days (or sooner for high-priority alerts).
Real-Time Screening: All customers and counterparties are screened against all applicable sanctions lists at:
Onboarding;
Each LTO Contract execution;
Each significant transaction (Buyout, Full Settlement, large deposits);
On an ongoing, daily batch basis for all active customers.
Sanctions Lists:
OFAC Specially Designated Nationals and Blocked Persons (SDN) List
OFAC Consolidated Sanctions List
EU Consolidated Sanctions List
UN Security Council Consolidated List
UK HM Treasury Financial Sanctions Targets
ADGM/UAE National Sanctions List
Any additional lists mandated by jurisdictions where BitLease operates
Match Handling:
Exact matches result in immediate account restriction pending investigation.
Potential matches (fuzzy matches) are escalated to the compliance team for manual review within 24 hours.
Confirmed matches result in: account freezing, reporting to the relevant authority, and no further services provided.
All screening results, including negative results, are documented and retained.
Where applicable (including under the EU Transfer of Funds Regulation, FATF Recommendation 16, and equivalent regulations):
BitLease collects and transmits required originator and beneficiary information for qualifying transfers.
Information includes name, account/wallet address, and additional identifiers as required;
BitLease assesses incoming transfers for completeness of travel rule information and applies risk-based measures where information is missing or incomplete.
Travel Rule compliance is implemented in coordination with BitLease’s stablecoin payment infrastructure.
All BitLease employees, contractors, and agents are required to report any suspicious activity, or activity that generates suspicion or reasonable grounds for suspicion, to the MLRO.
Suspicion means a level of suspicion that is greater in degree than speculation, although it does not require a high degree of certainty. If a reasonable person in the same position as the reporting person would regard the activity as having a potential link to money laundering, terrorist financing, or any other type of financial crime, it must be reported.
The process is designed to be straightforward and clearly defined so that every team member knows exactly what to do.
Step 1, Detection: An employee identifies activity that raises suspicion through monitoring alerts, customer interaction, document review, or any other means.
Step 2, Internal Report: Employee submits an internal Suspicious Activity Report (iSAR) to the MLRO through BitLease’s secure internal reporting system. The iSAR includes: customer identification, description of the suspicious activity, supporting evidence, and the employee’s assessment.
Step 3, MLRO Assessment: The MLRO (or Deputy MLRO) evaluates the iSAR, conducts additional investigation as necessary, and determines whether the suspicion meets the threshold for external reporting.
Step 4, Decision:
If the threshold is met: The MLRO files a STR/SAR with the relevant FIU within the timeframe required by applicable law;
If the threshold is not met: The MLRO documents the reasoning and retains the iSAR for record-keeping purposes;
In either case, The MLRO determines whether additional measures are required (enhanced monitoring, account restrictions, or relationship termination).
Step 5, Consent: Where required by applicable law (e.g., UK POCA), the MLRO seeks consent from the relevant authority before proceeding with transactions that are the subject of a STR/SAR.
STRs/SARs are filed with:
UAE/ADGM: UAE Financial Intelligence Unit (FIU), goAML portal;
EU: Relevant national FIU in the applicable member state;
UK: National Crime Agency (NCA), SAR Online;
Singapore: Suspicious Transaction Reporting Office (STRO), MAS;
Other jurisdictions: The designated FIU or authority as required by local law.
It is a criminal offense to inform a customer, or any other person, that a STR/SAR has been filed or is being considered.
All BitLease employees are trained on the tipping-off prohibition. Communications with customers during investigations are carefully managed to avoid any disclosure that could constitute tipping off.
BitLease prohibits retaliation against any employee who makes a good-faith internal suspicious activity report. Employees who report suspicions are protected under applicable whistleblower legislation and BitLease’s internal policies.
BitLease maintains comprehensive records of all CDD documentation, transaction data, monitoring alerts, STR/SAR filings, and compliance decisions for the periods required by applicable law.
| Record Type | Retention Period | Legal Basis |
|---|---|---|
| CDD/KYC/KYB documentation | 7 years after the end of the business relationship | ADGM AML Rules; FATF Rec. 11; EU AMLD Art. 40; UAE AML Law |
| Transaction records | 10 years after the transaction | ADGM AML Rules; financial record-keeping requirements |
| Monitoring alerts and investigation files | 7 years after the closure of the alert | ADGM AML Rules: regulatory expectations |
| STR/SAR filings and related correspondence | Indefinite (until authorized for deletion by the relevant FIU) | AML law; regulatory guidance |
| Internal suspicious activity reports (iSARs) | 7 years after filing (whether or not externally reported) | ADGM AML Rules: best practice |
| Sanctions screening records | 7 years after the end of the business relationship | ADGM AML Rules; sanctions compliance |
| Training records | 7 years after the training event | ADGM AML Rules: regulatory expectations |
| Risk assessments (EWRA and customer-level) | 7 years after superseded | ADGM AML Rules; audit requirements |
| Compliance audit reports | 7 years after the audit | Regulatory expectations |
Records are maintained in a format that:
Allows reconstruction of individual transactions and customer relationships;
Is readily retrievable and can be provided to competent authorities within the timeframe required by law;
Is protected against unauthorized access, tampering, and loss;
Is stored in encrypted form at rest and in transit.
BitLease maintains a zero-tolerance policy toward sanctions violations. BitLease will not knowingly:
Establish a business relationship with any sanctioned person or entity;
Process any transaction involving a sanctioned person, entity, or jurisdiction;
Provide any service that would facilitate the circumvention of sanctions.
BitLease conducts a specific sanctions risk assessment considering the following:
Geographic exposure of the customer base;
Nature of digital assets and stablecoins (potential for cross-border value transfer);
Evolving sanctions designations affecting the digital asset sector;
Specific risks associated with each Supported Digital Asset’s blockchain (exposure to sanctioned addresses).
As described in Section 6.5, screening is conducted at onboarding, at each significant transaction, and on an ongoing batch basis. BitLease uses automated sanctions screening solutions with configurable matching algorithms (exact and fuzzy matching).
Upon identification of a confirmed sanctions match:
All accounts and assets associated with the sanctioned person or entity are immediately frozen;
No transactions are permitted, including LTO Contract terminations, Buyouts, or withdrawals;
The relevant authority is notified immediately.
Assets are held frozen until the relevant authority provides instructions or the sanctions designation is lifted.
The MLRO oversees the process and maintains documentation.
BitLease does not provide services to:
Citizens, nationals, residents, or tax residents of the United States of America;
Persons located in Restricted Jurisdictions as maintained on the Platform;
Persons located in jurisdictions subject to comprehensive sanctions (e.g., OFAC comprehensively sanctioned countries).
These restrictions are enforced through IP-based geolocation screening, jurisdiction declaration at onboarding, ongoing monitoring, and Terms of Service provisions.
BitLease implements controls to prevent the financing of the proliferation of weapons of mass destruction (WMD), in compliance with UN Security Council Resolutions and applicable national legislation.
Screening against all proliferation financing-related sanctions lists;
Monitoring for indicators of proliferation financing, including connections to designated entities, front companies, or trade patterns associated with WMD programs;
Reporting of suspected proliferation financing to the relevant authority.
All BitLease employees, including senior management, receive AML/CFT training. This is not optional, and it is not a formality. Every person who interacts with the Platform or its users is expected to understand their obligations.
Onboarding Training: Within 30 days of joining. Covers:
Legal framework and BitLease’s obligations;
Overview of this Policy and related procedures;
Customer due diligence procedures;
Recognizing and reporting suspicious activity;
Sanctions compliance;
Tipping-off prohibition;
Employee’s personal legal obligations and potential criminal liability.
Annual Refresher Training: Mandatory for all staff. Covers:
Updates to legislation and regulatory guidance;
New typologies and emerging risks specific to digital assets and the LTO model;
Lessons learned from internal monitoring and investigations;
Regulatory enforcement actions and case studies;
Refresh on reporting procedures.
Role-Specific Training: Additional specialized training for:
Compliance team: advanced investigation techniques, STR/SAR drafting, blockchain analytics;
Customer-facing staff: recognizing red flags during onboarding and customer interaction;
Senior management and Board: governance responsibilities, regulatory expectations;
Technology team: understanding monitoring systems, data integrity, and security implications.
All training attendance, content, and assessment results are documented and retained for at least 7 years.
Beyond formal training, BitLease fosters a culture of compliance awareness through:
Regular compliance bulletins and updates;
Compliance team accessibility for questions and guidance;
Clear escalation procedures;
Senior management’s visible commitment to compliance.
Where AML/CFT concerns are identified, BitLease may take one or more of the following actions:
Enhanced monitoring: Increasing the frequency and depth of transaction monitoring.
Account restrictions: Limiting transaction types, values, or frequency;
Transaction holds: Temporarily holding specific transactions pending investigation.
Additional verification: Requiring the customer to provide further documentation or information.
Account suspension: Suspending all account activity pending completion of the investigation.
Asset freezing: Freezing all assets in the customer’s account (required for sanctions matches);
Account termination: Permanently closing the account and terminating the business relationship.
Contract termination: Terminating active LTO Contracts through the standard termination process, with Surplus Value handled in accordance with the Terms of Service and applicable law.
| Action | Authorized By |
|---|---|
| Enhanced monitoring | Compliance analyst |
| Account restrictions | Senior compliance officer |
| Transaction holds (up to 48 hours) | Compliance analyst |
| Transaction holds (beyond 48 hours) | MLRO |
| Additional verification requests | Compliance analyst |
| Account suspension | MLRO |
| Asset freezing (sanctions) | MLRO (immediate, ratified by Board within 24 hours) |
| Account termination | MLRO + senior management approval |
| Contract termination (compliance-driven) | MLRO + senior management approval |
When enforcement actions are taken:
The customer is informed of restrictions to the extent permitted by law;
No information is provided that would constitute tipping off. The customer is not informed that a STR/SAR has been filed, that they are under investigation for financial crime, or that the restriction is related to AML/CFT concerns;
Restrictions may be described in general terms (e.g., “additional verification required,” “account review in progress”);
The customer retains the right to complain through the standard complaints procedure, though complaints do not override compliance-driven account actions.
When a business relationship is terminated for compliance reasons:
Active LTO Contracts are terminated through the standard process.
Surplus Value is handled in accordance with the Terms of Service, subject to any legal hold, freeze order, or regulatory direction.
If assets are subject to a freeze order, they remain frozen until the relevant authority provides instructions.
BitLease cooperates fully with law enforcement and regulatory authorities.
The customer is not entitled to claim damages for compliance-driven account restrictions or terminations, to the extent permitted by law.
Where BitLease relies on third-party service providers for elements of its AML/CFT compliance (e.g., identity verification, sanctions screening, blockchain analytics), BitLease retains full responsibility for compliance. Outsourcing of execution does not outsource accountability.
Before engaging any third party for AML/CFT-related services:
BitLease assesses the provider’s capabilities, regulatory standing, and reliability;
Contractual agreements require the provider to meet standards at least equivalent to BitLease’s;
Service levels, data protection, and confidentiality are contractually defined;
Regular oversight and performance review is conducted.
Where permitted by applicable law, BitLease may rely on third-party CDD conducted by regulated financial institutions, provided the following:
The third party is regulated and supervised for AML/CFT in a FATF-compliant jurisdiction.
The third party applies CDD standards at least equivalent to BitLease’s
BitLease obtains the relevant CDD documentation without delay upon request.
BitLease retains ultimate responsibility for the adequacy of CDD.
Before launching any new product, service, or delivery channel, BitLease conducts an AML/CFT risk assessment to evaluate the following:
The money laundering and terrorist financing risks associated with the new product.
Whether existing controls are adequate or require enhancement;
Whether additional typologies or red flags are relevant;
The impact on the enterprise-wide risk assessment.
The MLRO must approve the risk assessment before the product is launched.
BitLease cooperates fully and promptly with the following:
Regulatory authorities (ADGM FSRA, VARA, MiCA-designated bodies, FCA, MAS, and equivalent);
Financial Intelligence Units
Law enforcement agencies;
Courts and tribunals.
Cooperation includes providing information and documentation upon lawful request, facilitating investigations, and complying with court orders and regulatory directions.
BitLease maintains its records, systems, and controls in a state of readiness for regulatory examination at all times.
The AML/CFT framework is subject to periodic internal review, conducted by persons independent of the compliance function, evaluating:
Adequacy and effectiveness of policies and procedures;
Quality of CDD and ongoing monitoring;
Appropriateness of risk assessments;
Effectiveness of training;
Quality of STR/SAR processes;
Compliance with applicable law and regulatory guidance.
An independent external review of the AML/CFT framework is conducted at least every two (2) years, or more frequently if required by regulation or if significant deficiencies are identified.
All findings from internal and external reviews are the following:
Reported to the MLRO and senior management;
Escalated to the board if significant.
Subject to documented remediation plans with defined timelines;
Tracked to completion.
BitLease maintains a confidential whistleblowing channel for reporting suspected financial crime, compliance failures, or unethical conduct:
Reports may be made anonymously.
Reports are received by the MLRO or, if the report concerns the MLRO, by the Board directly.
All reports are investigated confidentially.
Retaliation against whistleblowers is prohibited and constitutes a disciplinary offense.
BitLease complies with applicable whistleblower protection legislation.
This Policy is reviewed and updated:
At least annually;
Upon significant changes in applicable law or regulation;
Upon changes to BitLease’s products, services, or risk profile.
Following significant compliance incidents;
Upon recommendations from an internal or external audit.
This Policy is approved by the Board of Directors of BitLease Technologies Ltd. and endorsed at the group level by 49G Holding.
| Role | Name | Date |
|---|---|---|
| MLRO | [Name] | [Date] |
| CEO | [Name] | [Date] |
| Board Chair | [Name] | [Date] |
Money Laundering Reporting Officer (Internal Only): mlro@bitlease.com
Compliance Department: compliance@bitlease.com
BitLease Technologies Ltd. A subsidiary of 49G Holding Ltd. Incorporated in Abu Dhabi Global Market (ADGM) Registered Address: Unit PC-1, Level 7, Al Maryah Tower, Abu Dhabi Global Market Square, Abu Dhabi, Al Maryah Island, United Arab Emirates
ADGM Registration No.: 34619
Last Updated: 21 March 2026
Effective Date: 21 March 2026