01Regulatory Basis
DaisyLink’s AML/CTF program is built to meet its obligations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its regulations, as administered by FINTRAC. Following the March 2026 amendments to the PCMLTFA, DaisyLink’s program is designed to be reasonably designed, risk-based, and effective — the statutory standard now expressly set out in the Act — and DaisyLink maintains universal FINTRAC enrolment consistent with current requirements. DaisyLink’s RPAA registration with the Bank of Canada is a separate regulatory regime concerned with payment service provider operational risk, safeguarding of end-user funds, and incident reporting; it does not itself impose AML/CTF obligations, sanctions requirements, or jurisdiction restrictions, which instead arise under the PCMLTFA, Canada’s sanctions statutes, and related guidance described below.
02Five-Pillar Compliance Program
Consistent with FINTRAC’s compliance program requirements, DaisyLink’s AML/CTF program is built around the following five pillars:
| Pillar | How DaisyLink Implements It |
|---|---|
| 1. Compliance Officer | DaisyLink has appointed a designated Compliance Officer / Chief AML Officer (CAMLO) with documented authority, direct reporting access to senior management and the Board, and day-to-day responsibility for the AML/CTF program's implementation. |
| 2. Policies & Procedures | Written, risk-based policies and procedures covering customer identification, ongoing monitoring, sanctions and PEP screening, record-keeping, and reporting, calibrated to DaisyLink's payment and virtual currency service lines. |
| 3. Risk Assessment | A documented enterprise risk assessment evaluating money laundering and terrorist financing risk across customers, products (including virtual currency), delivery channels, and geography, refreshed on a defined cadence and updated when the business or risk environment changes. |
| 4. Training | Mandatory, role-based AML/CTF training for all relevant employees and agents at onboarding and on a recurring basis, covering red flags, reporting obligations, and sanctions screening. |
| 5. Independent Effectiveness Review | Periodic independent review (internal or external) of the AML/CTF program's design and operating effectiveness, with findings reported to senior management and remediated on a tracked timeline. |
03Customer Due Diligence
DaisyLink applies risk-based customer due diligence (CDD) to all customers before onboarding, including identity verification using prescribed methods, beneficial ownership identification for corporate customers, and assessment of source of funds. Enhanced due diligence (EDD) is applied to higher-risk customers, including those connected to jurisdictions identified in DaisyLink’s Restricted & Prohibited Jurisdictions Policy, politically exposed persons (PEPs) and heads of international organizations, and customers exhibiting other elevated risk indicators. DaisyLink also consults Corporations Canada’s beneficial ownership database where a federal corporate customer is assessed as high-risk, consistent with current PCMLTFA requirements.
04Sanctions Compliance & Prohibited Jurisdictions
DaisyLink screens customers, beneficial owners, and counterparties against the Consolidated Canadian Autonomous Sanctions List (SEMA/JVCFOA), the United Nations Act regulations, and other applicable sanctions lists (including OFAC’s Specially Designated Nationals list, given DaisyLink’s USD-referenced stablecoin exposure) prior to onboarding and on an ongoing basis.
Jurisdictional restrictions are governed by DaisyLink’s Restricted & Prohibited Jurisdictions Policy, which this statement does not restate in full but is fully consistent with. In summary, and without altering the categorization set out in that Policy:
- Comprehensively prohibited jurisdictions — no onboarding and no transactions: the FATF-designated High-Risk Jurisdictions subject to a Call for Action (Iran, North Korea, and Myanmar), together with Belarus and Russia, which are subject to comprehensive sanctions under the Special Economic Measures Act.
- Targeted-sanctions jurisdictions — dealings permitted only after confirming counterparties are not designated persons or entities, with enhanced due diligence applied.
- FATF jurisdictions under increased monitoring (grey list) — not subject to a Canadian legal prohibition, but enhanced due diligence is applied consistent with a risk-based approach.
Where DaisyLink identifies property associated with a sanctioned or listed person, it complies with applicable Listed Persons/Entities Property Reporting (LPEPR) obligations, including freezing, disclosure, and reporting requirements integrated into this AML/CTF program.
05Transaction Monitoring & Reporting
DaisyLink monitors transactions on an ongoing basis to detect unusual or suspicious activity, applying risk-based thresholds calibrated to its customer and product risk assessment. DaisyLink files the following reports with FINTRAC as required:
- Suspicious Transaction Reports (STRs), submitted as soon as practicable where there are reasonable grounds to suspect a transaction is related to money laundering or terrorist financing;
- Large Virtual Currency Transaction Reports and, where applicable, Large Cash Transaction Reports (LCTRs);
- Terrorist Property Reports and Listed Persons/Entities Property Reports, where applicable;
- Any other report prescribed under the PCMLTFA and its regulations.
06Record-Keeping
DaisyLink retains customer identification records, transaction records, risk assessments, and supporting documentation for a minimum of five years from the date the record was created, consistent with PCMLTFA record-keeping requirements, and makes such records available to FINTRAC and other competent authorities upon lawful request.
07Governance & Oversight
DaisyLink’s Board and senior management maintain oversight of the AML/CTF program, receive periodic reporting from the Compliance Officer / CAMLO on program effectiveness, sanctions developments, and material findings, and are responsible for approving material changes to this statement and the underlying policies it references.
08Review Cadence
This statement and the underlying AML/CTF program are reviewed:
- At least annually, or sooner if required by changes in DaisyLink’s risk profile, products, or customer base;
- Following material amendments to the PCMLTFA, its regulations, or FINTRAC guidance;
- In alignment with updates to DaisyLink’s Restricted & Prohibited Jurisdictions Policy, so that both documents remain consistent with one another, including the FATF Plenary review cycle (February, June, and October each year).
Consistency note: this statement is intended to align fully with DaisyLink’s Restricted & Prohibited Jurisdictions Policy. Where the two documents describe jurisdictional restrictions, the Restricted & Prohibited Jurisdictions Policy is the controlling and more detailed source; this statement should be updated promptly if that Policy is revised, to avoid any conflict between the two.
09Disclaimer
This statement summarizes DaisyLink’s AML/CTF program as of July 1, 2026, based on the PCMLTFA and FINTRAC requirements in force at that time, including amendments arising from Bill C-12 (Royal Assent March 26, 2026). Canadian AML/CTF law is subject to ongoing legislative and regulatory change, including phased-in requirements not yet in force. This document does not constitute legal advice and should be reviewed by qualified legal/compliance counsel before operational reliance or external publication.