Sanctions & Prohibited Use Policy

BitLease Technologies Ltd. A subsidiary of 49G Holding Ltd. Incorporated in Abu Dhabi Global Market (ADGM) Registered Address: Unit PC-1, Level 7, Al Maryah Tower, Abu Dhabi Global Market Square, Abu Dhabi, Al Maryah Island, United Arab Emirates

ADGM Registration No.: 34619

Last Updated: 21 March 2026

Effective Date: 21 March 2026 Version: 1.0

1. Introduction

1.1 Purpose

This Sanctions & Prohibited Use Policy (“Policy”) sets out BitLease Technologies Ltd.’s (“BitLease”) approach to international sanctions compliance, jurisdictional restrictions, prohibited activities, and the enforcement actions taken to prevent the misuse of the Platform. This Policy forms part of BitLease’s broader compliance framework and should be read in conjunction with the AML/CFT Policy, Terms of Service, and Compliance Statement.

1.2 Commitment

BitLease maintains a zero-tolerance policy toward sanctions violations, prohibited use, and any activity that compromises the integrity of the Platform or the global financial system. This commitment is not contingent on regulatory licensing. It is a foundational principle of BitLease’s operations.

As a structured digital asset financing platform operating the Lease-to-Own (LTO) model, BitLease recognizes that the contract-based, stablecoin-denominated nature of LTO creates specific sanctions and prohibited use risks that require controls tailored to the LTO model, in addition to general financial crime prevention measures. The structured nature of LTO, with its installment payments, Buyout mechanisms, and staking delegation, introduces pathways that demand dedicated monitoring beyond what standard transaction screening provides.

1.3 Scope

This Policy applies to:

1. All users of the Platform: Clients (Lessees), Lessors (Capital Providers), and prospective users;
2. All services: LTO Contracts, Investment Contracts, LTO Wallets, LTO Staking Delegation, and any ancillary services;
3. All jurisdictions in which BitLease operates or to which it provides services;
4. All BitLease employees, officers, directors, contractors, and agents;
5. All third-party service providers acting on behalf of BitLease.

2. Sanctions Framework

2.1 Applicable Sanctions Regimes

BitLease complies with the following sanctions regimes and monitors them continuously for updates:

Note on OFAC compliance: Although BitLease does not provide services to US persons, BitLease screens against OFAC lists for several important reasons. Many OFAC-designated persons and entities operate globally, not only in the US. OFAC sanctions have extraterritorial reach, affecting USD-denominated transactions and entities with a US nexus. Stablecoins, particularly USD-pegged stablecoins, may be subject to US regulatory jurisdiction. Compliance with OFAC is also expected by institutional partners, banking correspondents, and custody providers, including Fireblocks.

2.2 Sanctions Risk Assessment

BitLease conducts a specific sanctions risk assessment as part of its enterprise-wide risk assessment, evaluating the following dimensions:

1. Geographic risk: Exposure to jurisdictions with elevated sanctions risk, including countries subject to comprehensive sanctions, sectoral sanctions, or FATF grey/black list jurisdictions;
2. Customer risk: Potential for sanctioned persons or entities to attempt to access the Platform directly or through nominees, agents, or complex ownership structures;
3. Digital asset-specific risk: The potential for stablecoins and digital assets to facilitate sanctions evasion through pseudonymous transactions, cross-border transfers, and interaction with sanctioned blockchain addresses;
4. LTO-specific risk: The potential for LTO Contracts to be used as a mechanism for sanctions evasion. For example, a sanctioned person could use a front entity to enter into LTO Contracts as a means of accessing and later realizing digital asset value;
5. Counterparty risk: The risk that BitLease’s service providers, banking partners, or stablecoin issuers become subject to sanctions, affecting platform operations;
6. Emerging risk: New sanctions designations targeting the digital asset sector, specific blockchain addresses, or stablecoin infrastructure.

3. Restricted Jurisdictions

3.1 United States of America: Comprehensive Exclusion

BitLease does not provide services to citizens, nationals, residents, or tax residents of the United States of America. This restriction applies regardless of the individual’s current physical location.

This comprehensive exclusion reflects several factors. The US federal and state regulatory frameworks for digital asset services are complex and fragmented. US securities, commodities, banking, and money transmission regulations have extraterritorial reach. BitLease has determined that it cannot currently ensure full compliance with all applicable US regulations. There is also a risk that the LTO model could be classified as a regulated financial product under US law, including as a security under the Howey test, a commodity under CFTC jurisdiction, or a consumer credit product under federal or state lending laws. Additionally, OFAC sanctions apply extraterritorially to transactions involving USD-denominated instruments.

Scope of the US restriction:

The restriction applies to US citizens, regardless of where they reside; US nationals (including certain residents of US territories); US permanent residents (green card holders), regardless of current location; US tax residents (persons meeting the substantial presence test); entities incorporated or organized under US federal or state law; entities with principal place of business in the United States; trusts with a US trustee or US beneficiaries; and any person acting on behalf of, or for the benefit of, a US person in connection with the Platform.

3.2 Comprehensively Sanctioned Jurisdictions

BitLease does not provide services to persons located in or organized under the laws of jurisdictions subject to comprehensive international sanctions. As of the effective date, these include Cuba, Iran, North Korea (DPRK), and the Crimea, Donetsk, Luhansk, Zaporizhzhia, and Kherson regions of Ukraine (as designated), along with any other jurisdiction added to comprehensive sanctions programs by OFAC, the EU, the UN, or the UK.

Syria is not included in this list following the lifting of comprehensive sanctions in 2025.

This list is dynamic and subject to change as sanctions designations are updated by the relevant authorities. The current list of comprehensively sanctioned jurisdictions is maintained on the Platform and will be reflected in real time.

3.3 Additional Restricted Jurisdictions

BitLease may restrict access from additional jurisdictions where:

1. BitLease has determined it cannot comply with local regulatory requirements;
2. The jurisdiction presents unacceptable AML/CFT risk (including FATF black-listed jurisdictions);
3. Political instability, conflict, or governance failures create elevated risk;
4. BitLease has received regulatory guidance or direction to restrict access.

The current list of Additional Restricted Jurisdictions is maintained on the Platform and may be updated at any time.

3.4 Enforcement of Jurisdictional Restrictions

Jurisdictional restrictions are enforced through multiple-layered controls, each reinforcing the others:

3.5 VPN and Circumvention Detection

BitLease implements measures to detect and prevent the use of VPNs, proxies, Tor exit nodes, and other circumvention tools to access the Platform from Restricted Jurisdictions. While no detection system is infallible, BitLease employs commercial IP intelligence databases that identify known VPN, proxy, and Tor infrastructure; behavioral analysis detecting IP address patterns inconsistent with declared residence; device fingerprinting to identify inconsistencies between declared location and device characteristics; and escalation to compliance review when circumvention indicators are detected.

4. Sanctioned Persons and Entities

4.1 Prohibition

BitLease will not knowingly:

1. Establish or maintain a business relationship with any sanctioned person or entity;
2. Execute any LTO Contract, Investment Contract, or other transaction involving a sanctioned person or entity;
3. Process any payment to or from a sanctioned person or entity;
4. Hold any asset on behalf of a sanctioned person or entity;
5. Facilitate any action that would enable a sanctioned person or entity to access, use, or benefit from the Platform, directly or indirectly.

4.2 Screening Procedures

Screening is conducted at multiple points throughout the relationship lifecycle, not only at onboarding.

At Onboarding: Every applicant is screened against all applicable sanctions lists before the business relationship is established. Screening covers full legal name and any aliases or alternative spellings, date of birth, nationality/citizenships, country of residence, and for entities: entity name, registration jurisdiction, directors, and beneficial owners (to the 10% threshold).

At Each Significant Transaction: Sanctions screening is performed before LTO Contract execution, Full Settlement and ownership transfer, Buyout execution, large stablecoin deposits or withdrawals (above risk-based thresholds), and any other significant transaction as determined by the compliance framework.

Ongoing Batch Screening: All active Clients and Lessors are re-screened against all applicable sanctions lists on a daily batch cycle. This catches newly designated persons who are existing clients.

Blockchain-Level Screening: Incoming stablecoin transactions are screened through blockchain analytics for direct connections to sanctioned wallet addresses, indirect connections (one or more hops) to sanctioned addresses, exposure to wallets associated with darknet markets, ransomware, fraud, or mixers/tumblers, and interaction with addresses on OFAC’s SDN list (which includes specific blockchain addresses).

4.3 Match Handling

The way a match is handled depends on its nature and certainty.

Exact Match:

1. Account immediately restricted, with all transactions blocked;
2. MLRO notified immediately;
3. Compliance investigation initiated;
4. If confirmed: account frozen, assets frozen, relevant authority notified, no further services provided;
5. Assets remain frozen until the sanctioning authority provides instructions or the designation is lifted.

Potential (Fuzzy) Match:

1. Alert generated and queued for compliance review;
2. Compliance analyst investigates within twenty-four (24) hours;
3. Additional information may be requested from the customer;
4. Outcome: confirmed match (treated as exact match), false positive (documented and cleared), or inconclusive (escalated to MLRO for risk-based decision).

Negative Screening Result:

1. Documented and retained as a compliance record;
2. Confirms no match at the time of screening;
3. Does not guarantee future non-designation. Ongoing screening is continuous precisely because designations change.

4.4 Beneficial Ownership and Sanctions

For entities, sanctions screening extends beyond the entity itself to all beneficial owners holding 10% or more (directly or indirectly), all directors and officers, the entity itself, parent companies and significant subsidiaries, and any person known to control the entity through other means.

If any beneficial owner, director, or controlling person is a sanctioned individual, the entity is treated as sanctioned. This is consistent with OFAC’s “50% Rule” (entities owned 50% or more, individually or in aggregate, by sanctioned persons are themselves blocked) and equivalent principles under EU, UN, and UK sanctions.

4.5 Politically Exposed Persons (PEPs)

PEPs are not automatically prohibited from using the Platform. However, PEP status is a significant risk factor that triggers Enhanced Due Diligence (as described in the AML/CFT Policy), senior management or MLRO approval before establishing the relationship, enhanced sanctions screening with broader name-matching parameters, enhanced ongoing monitoring, and periodic review at a minimum 6-month intervals.

PEPs who are also sanctioned individuals are subject to the sanctions prohibition, not merely Enhanced Due Diligence.

5. Prohibited Activities

5.1 Financial Crime

Users are strictly prohibited from using the Platform for or in connection with:

1. Money laundering: Concealing or disguising the origin, nature, location, disposition, movement, or ownership of proceeds of criminal activity, including through the use of LTO Contracts, Buyouts, LTO Wallets, or staking;
2. Terrorist financing: Providing, collecting, or making available funds or assets to be used in whole or in part to carry out terrorist acts, or for the benefit of a terrorist, terrorist organization, or person associated with terrorism;
3. Proliferation financing: Contributing to the financing of the proliferation of weapons of mass destruction, including nuclear, chemical, and biological weapons and their delivery systems;
4. Sanctions evasion: Using the Platform, directly or indirectly, to evade, circumvent, or facilitate the circumvention of any applicable sanctions regime;
5. Fraud: Engaging in deception, misrepresentation, identity theft, impersonation, or any other form of fraud in connection with the Platform;
6. Tax evasion: Using the Platform to evade tax obligations, hide taxable income, or engage in abusive tax arrangements;
7. Bribery and corruption: Using the Platform in connection with bribery, corruption, or any illegal payment to public officials.

5.2 Platform Abuse

Users are strictly prohibited from:

1. Providing false information: Submitting false, misleading, or incomplete identity, financial, or other information during registration, verification, or at any point during the business relationship;
2. Circumventing compliance controls: Attempting to bypass, disable, or undermine KYC/AML procedures, sanctions screening, jurisdictional restrictions, IP-based controls, or any other compliance mechanism;
3. Using the Platform from Restricted Jurisdictions: Accessing or attempting to access the Platform from a Restricted Jurisdiction, including through VPNs, proxies, Tor, or other circumvention tools;
4. Acting as a front or nominee: Using the Platform on behalf of a sanctioned person, US person, person in a Restricted Jurisdiction, or any other prohibited person, whether through nominee arrangements, trusts, shell entities, or other structures designed to conceal the ultimate beneficiary;
5. Exploiting pricing methodology: Systematically using LTO Contracts and Buyouts to exploit differences between Platform Reference Prices and external exchange prices for speculative gain unrelated to genuine asset acquisition;
6. Structuring: Splitting transactions, contracts, or deposits into smaller amounts designed to avoid triggering compliance thresholds, verification requirements, or monitoring alerts;
7. Multiple accounts: Opening or operating multiple accounts to circumvent restrictions, limits, or compliance requirements;
8. Interfering with the Platform: Unauthorized access to Platform systems, APIs, or infrastructure; attempting to reverse engineer, decompile, or extract source code; deploying bots or automated tools in violation of Platform policies; or disrupting Platform operations;
9. Third-party misuse: Allowing any other person to use your account or credentials.

5.3 LTO-Specific Prohibited Patterns

The LTO model, by its structured nature, introduces specific misuse patterns that BitLease actively monitors for and prohibits:

1. Rapid contract cycling: Opening LTO Contracts with minimum Down Payment and immediately initiating Buyouts repeatedly, with no genuine acquisition intent. This pattern may be designed to move value through the Platform;
2. Third-party funding: Funding an LTO Wallet from wallets not associated with the verified account holder, or from wallets with exposure to high-risk services (mixers, darknet, sanctioned addresses), without a satisfactory explanation;
3. Disproportionate contract values: Entering into LTO Contracts whose values are significantly inconsistent with the Client’s declared financial profile, source of funds, or affordability assessment;
4. Staking reward redirection: Opting into staking and immediately directing all rewards to external wallets with no connection to the verified account holder;
5. Settlement value extraction: Repeatedly entering contracts, allowing brief appreciation, then completing Full Settlement and withdrawing. This uses LTO as a de facto exchange mechanism rather than a structured acquisition tool.

6. Monitoring and Detection

6.1 Multi-Layer Monitoring

BitLease implements continuous, multi-layer monitoring designed to detect sanctions violations, prohibited use, and suspicious patterns. Each layer addresses a different dimension of risk, and together they provide comprehensive coverage.

Layer 1, Sanctions Screening (Real-Time and Batch): As described in Section 4.2. All customer names, entity names, beneficial owners, and wallet addresses are screened against all applicable sanctions lists.

Layer 2, Transaction Monitoring (Automated): Rule-based and AI-assisted monitoring covering all LTO Contract executions, payments, Buyouts, Full Settlements, and terminations; all LTO Wallet deposits, withdrawals, and internal transfers; all staking delegation and reward distributions; threshold-based alerts for unusual transaction values, frequencies, or patterns; and behavioral anomaly detection comparing activity against the customer’s established profile.

Layer 3, Blockchain Analytics (KYT): Continuous blockchain-level analysis of all stablecoin transactions interacting with the Platform, including source wallet risk scoring, destination wallet risk scoring, exposure analysis for connections to sanctioned addresses, darknet markets, ransomware, fraud, and mixing services, and transaction flow analysis and clustering.

Layer 4, Jurisdictional Monitoring: IP geolocation monitoring at login and during sessions, VPN and proxy detection, comparison of declared jurisdiction against behavioral indicators, and flagging of IP addresses from Restricted Jurisdictions or high-risk regions.

Layer 5, Periodic Reviews: Risk-based periodic customer reviews (frequency determined by risk rating), re-screening against updated sanctions lists, review of customer activity against their declared profile, and trigger-based reviews upon adverse media alerts, regulatory updates, or internal escalations.

6.2 Alert Handling

All monitoring alerts follow the structured handling process defined in the AML/CFT Policy: initial triage within 24 hours, full investigation within 5 business days (high-priority alerts expedited), resolution as a false positive (documented), escalated to MLRO, or enforcement action initiated, and all alert handling documented with reasoning and evidence.

7. Enforcement Actions

7.1 Available Actions

When a sanctions match, prohibited activity, or policy violation is identified or suspected, BitLease may take one or more of the following actions:

7.2 Sanctions-Specific Enforcement

Upon confirmed sanctions match, the following actions are taken immediately and without exception:

1. Immediate asset freeze: All assets in the affected account are frozen instantly. No transactions of any kind are processed, including LTO Wallet withdrawals, Buyouts, Full Settlements, contract terminations, or staking operations;
2. Regulatory notification: The relevant sanctioning authority is notified immediately (within the timeframe required by law, typically within 24 hours);
3. Duration of freeze: Assets remain frozen indefinitely until the sanctioning authority provides specific instructions (release, forfeiture, or other direction) or the sanctions designation is lifted;
4. No user communication regarding sanctions basis: Due to the tipping-off prohibition, BitLease cannot inform the user that the account restriction is related to a sanctions match. The user may be informed that their account is restricted pending review, without disclosure of the specific reason;
5. BitLease liability: BitLease complies with the sanctions authority’s directions regarding frozen assets. BitLease does not make independent determinations about the disposition of sanctioned assets. This is the exclusive prerogative of the relevant authority.

7.3 Handling of Client Assets Upon Enforcement

For sanctions-related freezes: Assets remain frozen under BitLease’s custody. BitLease acts as custodian pending instructions from the relevant authority. No Surplus Value is returned until authorized. Client claims regarding frozen assets are directed to the relevant sanctioning authority.

For non-sanctions enforcement (prohibited activity, policy violation):

1. Active LTO Contracts are terminated through the standard termination process;
2. Surplus Value is calculated and returned to the Client’s LTO Wallet, subject to any legal hold;
3. LTO Wallet balances (free assets) are available for withdrawal, subject to any legal hold;
4. If an STR/SAR has been filed, the MLRO determines whether a transaction hold is required pending FIU consent (where applicable);
5. BitLease does not forfeit, confiscate, or retain Client assets unilaterally. Only a court order, regulatory direction, or sanctioning authority instruction can result in the permanent withholding of client assets.

7.4 Client Communication During Enforcement

1. The Client is informed that their account is under review or restricted, using general language that does not constitute tipping off;
2. The Client is not informed that a STR/SAR has been filed or is being considered;
3. The Client is not informed that the restriction is related to sanctions, AML, or any specific investigation;
4. The Client retains the right to submit complaints through the standard complaints procedure, but compliance-driven account actions are not reversed through the complaints process;
5. If the investigation concludes with no adverse finding, restrictions are lifted, and the Client is notified.

8. Proliferation Financing

8.1 Policy

BitLease implements controls to prevent the financing of proliferation of weapons of mass destruction (WMD), in compliance with UN Security Council Resolutions and applicable national legislation (including UNSCR 1718, 1737, 2231, and related resolutions targeting DPRK, Iran, and other proliferation programs).

8.2 Controls

BitLease screens against all proliferation financing-related sanctions designations and monitors for indicators associated with proliferation financing, including connections to designated entities, front companies, procurement networks, or trade patterns associated with WMD programs. Enhanced Due Diligence is applied for customers or transactions with any nexus to jurisdictions or sectors with elevated proliferation financing risk. Suspected proliferation financing is reported to the relevant FIU or authority.

9. Stablecoin-Specific Sanctions Considerations

The use of stablecoins as the payment medium for all LTO activity introduces sanctions considerations that are specific to the digital asset context.

9.1 Stablecoin Issuer Actions

Certain stablecoin issuers (e.g., Tether/USDT, Circle/USDC) maintain the ability to freeze or blacklist specific wallet addresses in compliance with law enforcement or sanctions requirements. If a stablecoin issuer freezes or blacklists a wallet address associated with a BitLease user:

1. BitLease will comply with the freeze and cooperate with the issuer and relevant authorities;
2. The affected stablecoin balance may become inaccessible;
3. BitLease is not liable for losses arising from stablecoin issuer actions taken in compliance with law or sanctions;
4. The Client is informed to the extent permitted by law.

9.2 Secondary Sanctions Risk

USD-pegged stablecoins may be subject to US regulatory jurisdiction regardless of the geographic location of the transacting parties. BitLease’s OFAC screening program addresses this risk by screening all transactions against OFAC lists, even though BitLease does not provide services to US persons.

9.3 Stablecoin Source Analysis

All incoming stablecoin deposits to LTO Wallets are analyzed through blockchain analytics to assess the source wallet’s risk profile, exposure to sanctioned addresses (direct and indirect), exposure to high-risk services (mixers, darknet, ransomware, fraud), and transaction patterns consistent with layering or structuring.

Deposits flagged as high-risk are held pending compliance review. Deposits with confirmed direct exposure to sanctioned addresses are blocked and reported to the relevant authority.

10. Record Keeping

10.1 Retention

All records related to sanctions screening, jurisdictional controls, prohibited activity investigations, enforcement actions, and related decisions are retained in accordance with the AML/CFT Policy:

10.2 Format

Records are maintained in encrypted, tamper-evident form, readily retrievable for regulatory examination or legal proceedings.

11. Training

11.1 Sanctions-Specific Training

All BitLease employees receive sanctions-specific training as part of the AML/CFT training program. This training is mandatory and reflects the critical nature of sanctions compliance in the digital asset context.

Onboarding (within 30 days): Covers an overview of applicable sanctions regimes, BitLease’s sanctions policy and procedures, recognizing sanctions red flags, jurisdictional restrictions, and US person identification, escalation procedures for potential sanctions matches, and the tipping-off prohibition.

Annual Refresher: Covers updates to sanctions designations and regulatory guidance, new typologies for sanctions evasion in the digital asset sector, case studies from regulatory enforcement actions, and a refresher on procedures and escalation.

Role-Specific: Compliance team members receive training on advanced screening techniques, match investigation, and liaison with authorities. Customer-facing staff are trained on identifying US person indicators and recognizing jurisdiction-related red flags. Technology team members receive training on sanctions screening system configuration and blockchain analytics interpretation.

12. Governance

12.1 Oversight

This Policy is overseen by the MLRO with Board-level accountability. The MLRO is responsible for the design, implementation, and effectiveness of sanctions controls; receives all sanctions-related alerts and makes filing and enforcement decisions; reports to the Board on sanctions compliance at least quarterly; and has authority to freeze assets, suspend accounts, and make regulatory filings without business override.

12.2 Policy Review

This Policy is reviewed and updated:

1. At least annually;
2. Upon significant changes to applicable sanctions regimes;
3. Upon new FATF guidance or regulatory direction relevant to digital asset sanctions;
4. Upon changes to BitLease’s products, services, jurisdictions, or risk profile;
5. Following a significant sanctions-related incident;
6. Upon recommendations from internal or external audit.

12.3 Approval

13. Contact

For sanctions or compliance inquiries:

BitLease Technologies Ltd. A subsidiary of 49G Holding Incorporated in Abu Dhabi Global Market (ADGM) Registered Address: Unit PC-1, Level 7, Al Maryah Tower, Abu Dhabi Global Market Square, Abu Dhabi, Al Maryah Island, United Arab Emirates

ADGM Registration No.: 34619

Website: www.bitlease.com

Note: The MLRO contact (mlro@bitlease.com ) is for internal reporting only and is not a public contact.