1. Purpose
This Anti-Money Laundering and Counter-Terrorism Financing Policy (AML/CFT) sets forth the principles, responsibilities and procedures adopted by Nora Finance to detect, prevent and report suspicious activity related to money laundering, terrorism financing and the financing of proliferation of weapons of mass destruction (ML/TF/PFWMD).
The policy is grounded in the risk-based approach (RBA) recommended by FATF (Financial Action Task Force) and aligned with the prevailing Brazilian regulatory framework.
2. Nora Finance's Regulatory Positioning
Nora Finance operates exclusively as a stablecoin issuer (pure issuer model), issuing and managing BRS - a stablecoin pegged 1:1 to the Brazilian Real, with reserves composed of federal Government Bonds and CDBs from major Brazilian financial institutions.
Nora Finance does not provide custody of third-party digital assets, intermediation, order execution or wallet management services. As a result, it does not qualify as a Virtual Asset Service Provider (PSAV) under Decree no. 11,563/2023 or BCB Resolution no. 518/2024.
Notwithstanding, Nora Finance voluntarily assumes AML/CFT obligations consistent with its activity, recognizing that:
-
Its direct customers (NAMs) frequently operate as PSAVs or regulated financial institutions
-
Stablecoin issuance is an activity with potential risk of misuse for ML/TF purposes
-
Adoption of rigorous compliance standards is both a competitive differentiator and a commitment to financial system integrity
| Important Note Responsibility for KYC of end users lies with each NAM individually. Nora Finance has no direct access to NAMs' customers and does not perform due diligence on natural persons or legal entities other than partners credentialed in the NAM program. |
|---|
3. Legal and Regulatory Basis
| Instrument | Relevance |
|---|---|
| Law no. 9,613/1998 (AML/CFT) | Brazilian Money Laundering Law; identification, registration, monitoring and COAF reporting obligations |
| Law no. 14,478/2022 | Brazilian crypto-asset legal framework |
| Decree no. 11,563/2023 | Regulation of Law no. 14,478/2022; defines PSAV and activities subject to BCB authorization |
| BCB Resolution no. 518/2024 | PSAV authorization and operating requirements; basis of Nora's regulatory positioning |
| COAF Resolution no. 36/2021 | COAF reporting obligations |
| BCB Circular no. 3,978/2020 | AML/CFT policy for BCB-regulated entities (adopted as best-practice reference) |
| FATF Recommendations (2012, updated 2019) | International AML/CFT standards; reference for risk-based approach |
| RFB Normative Instruction no. 2,291/2025 (CARF) | Diligence and automatic reporting obligations; adopted as best-practice reference |
| Law no. 13,709/2018 (LGPD) | Personal data protection in compliance processes |
4. Definitions
| Term | Definition |
|---|---|
| ML (Money Laundering) | Process of concealing or disguising the nature, origin, location, disposal, movement or ownership of assets, rights or values derived from a criminal offense |
| TF (Terrorism Financing) | Provision or collection of funds to finance terrorist acts, terrorist organizations and individual terrorists |
| NAM (Nora Authorized Minter) | Legal entity credentialed by Nora Finance as the only direct customer type authorized to mint and burn BRS |
| UBO (Ultimate Beneficial Owner) | Natural person who, directly or indirectly, holds an interest of 25% or more or exercises effective control over an entity |
| PEP (Politically Exposed Person) | A person who holds or has held, in the last 5 years, a relevant public function in Brazil or abroad, as defined in Law no. 9,613/1998 |
| COAF | Council for Financial Activities Control; Brazil's financial intelligence unit |
| RBA (Risk-Based Approach) | AML/CFT methodology that scales control measures proportionally to the risk identified in each customer and operation |
| Suspicious Activity | Transaction or set of transactions which, due to their characteristics, volume, frequency or pattern, may indicate ML/TF |
5. Policy Principles
-
Risk-based approach: AML/CFT measures are proportionate to the risk identified in each NAM and each operation
-
Know your customer: no NAM is activated without satisfactory completion of the KYB/KYC process (see KYC/KYB Policy)
-
Compliance independence: Compliance decisions are independent of commercial pressure
-
Individual responsibility: every team member is responsible for identifying and internally reporting suspicious situations
-
Continuous improvement: the policy is reviewed periodically and updated upon regulatory or operational changes
-
Zero tolerance: Nora Finance does not maintain relationships with entities that refuse to cooperate with AML/CFT procedures
6. Institutional Risk Assessment (IRA)
Nora Finance periodically performs an Institutional Risk Assessment that maps the main ML/TF exposure vectors of its operation.
6.1 Activity Risk Profile
| Risk Vector | Level | Justification |
|---|---|---|
| Product nature (stablecoin) | Medium-High | Stablecoins can be used for rapid cross-jurisdictional value transfer |
| Customer type (NAMs) | Medium | Customers are exclusively legal entities subject to mandatory KYB; no anonymous end users |
| Distribution channels | Medium | API operations with identified wallets; no in-person service or anonymous channel |
| Jurisdictions | Medium | Primary operation in Brazil; NAMs may have international operations |
| Volume and velocity | Medium | Mint/burn can execute in seconds; high volumes possible as the network scales |
6.2 Mitigating Factors
-
Mandatory KYB for every NAM prior to any activation
-
Wallet whitelist: only pre-approved addresses can execute mint/burn
-
Per-NAM operational limits configured and enforced in the system
-
Continuous on-chain monitoring of every mint and burn operation
-
NAMs are contractually responsible for KYC of their end users (NAM Agreement)
7. Customer Identification and Diligence
Nora Finance applies the KYB/KYC process to every NAM candidate as detailed in the KYC/KYB Policy and the NAM Program v1. This section summarizes the points relevant for AML/CFT purposes.
7.1 Minimum Required Identification
Of the entity (legal person):
-
Corporate name, CNPJ, incorporation date and address
-
Legal form and corporate purpose
-
Ownership structure and control chain
-
Active registration with the Brazilian Federal Revenue
-
Regulatory status (authorized PSAV, in process, or other equivalent regulation)
Of beneficial owners and representatives (natural persons):
-
Full identification (name, CPF or passport, nationality, date of birth)
-
PEP qualification (direct and indirect, including family history)
-
Identity verification with biometric check
7.2 Risk-Proportional Diligence
| Category | Diligence Applied |
|---|---|
| Low Risk | Standard KYB + KYC; PEP and sanctions screening; annual review |
| Medium Risk | KYB + KYC + onboarding interview with Compliance; semi-annual review |
| High Risk | Mandatory EDD: source of funds declaration, in-depth ownership chain investigation, adverse media search, formal interview; board approval; quarterly review |
7.3 Heightened Attention Situations
The following situations require mandatory enhanced diligence:
-
NAMs with PEP in a position of effective control
-
NAMs headquartered in or with material operations in FATF grey or black list jurisdictions
-
NAMs with complex ownership structure involving multiple holding layers
-
NAMs in business segments classified as high risk by FATF (e.g., DeFi protocols without permissioned access)
-
NAMs whose corporate controllers are in a process of merger or acquisition with material impact
8. Continuous Operations Monitoring
8.1 Monitoring Criteria
Nora Finance monitors all mint and burn operations through a combination of automated systems and analyst review. The criteria considered include:
-
Volume: operations exceeding the NAM's historical pattern or approaching the monthly limit suddenly
-
Frequency: unusual sequence of operations within a short time window
-
Structuring: multiple operations of similar value performed in sequence to circumvent reporting thresholds
-
Origin/destination addresses: transactions involving wallets on risk lists or associated with known illicit activity
-
Timing: high-volume operations at atypical hours without prior justification
-
Jurisdiction: fund flow with origin or destination in high-risk jurisdictions
8.2 Alert Investigation Workflow
| Step | Description |
|---|---|
| 1. Alert Generation | On-chain monitoring system generates an automatic alert based on Section 8.1 criteria |
| 2. Triage (within 24h) | Compliance team analyzes the alert and determines whether it is a false positive or a maintained suspicion |
| 3a. False positive | Internal record with justification and alert closure |
| 3b. Maintained suspicion | In-depth investigation; NAM may be questioned for clarification |
| 4a. Satisfactory clarification | Record with documentation of clarification and closure |
| 4b. Confirmed suspicion | COAF report + assessment of immediate technical suspension of the NAM |
8.3 Suspicion Indicators
The following indicators may, individually or in combination, characterize a suspicious operation:
-
Mint or burn of value incompatible with the NAM's historical volume or declared size
-
NAM unable to explain the economic purpose of a specific operation when questioned
-
Operations involving wallet addresses not on the approved whitelist
-
Refusal or unjustified delay in periodic registration update
-
News or external information suggesting involvement of the NAM or its controllers in illicit activities
-
Sudden change in operational profile without prior notice to Compliance
-
Repeated attempts at operations exceeding system-configured limits
9. COAF Reporting
9.1 Mandatory Reports
Nora Finance will report to COAF, within the deadlines established by law:
-
Operations or situations indicative of money laundering or terrorism financing
-
Any operation that, after internal analysis, has not obtained satisfactory clarification regarding its lawfulness
9.2 Reporting Process
-
Reports are prepared by the Compliance Officer (CFO)
-
Submitted to COAF through the official system (SISCOAF - Sistema de Controle de Atividades Financeiras)
-
Recorded internally with date, time and reason
| Mandatory Confidentiality (Tipping Off) The existence of a COAF report cannot be disclosed to the NAM that is the subject of the report. Disclosure of this information (tipping off) is expressly prohibited by Law no. 9,613/1998 and subject to criminal sanctions. |
|---|
9.3 Absence of Suspicious Activity
In periods where no suspicious operation or situation is identified, Nora Finance will submit a negative report to COAF in accordance with the frequency required by applicable regulation.
10. Sanctions and Restrictive Lists
Nora Finance performs continuous screening of every active NAM, its representatives and UBOs against the following databases:
-
UN (UNSC), OFAC (USA), HM Treasury (United Kingdom) and SECO (Switzerland) sanctions lists
-
National and international PEP lists, including indirect and historical exposure
-
COAF and Central Bank of Brazil communications and determinations
-
Jurisdictions under FATF enhanced monitoring (grey list and black list)
-
Adverse media databases on compliance, fraud and financial crime
| Confirmed Sanctions Hit A confirmed positive match on a sanctions list triggers immediate technical suspension of the NAM and a COAF report. The relationship cannot be reinstated without formal guidance from external legal counsel and, where applicable, authorization from the competent authority. |
|---|
11. Records and Data Retention
Nora Finance maintains complete and traceable records of:
-
The full NAM onboarding process (documents, decisions, dates, versions)
-
Results of PEP and sanctions screening (onboarding and ongoing monitoring)
-
Monitoring alerts generated and their resolution (false positive or investigation)
-
COAF reports (internal records; documents submitted to COAF are confidential)
-
Decisions on approval, rejection, suspension and termination of NAMs with justification
-
Periodic reviews and re-KYBs performed
| Retention Term Minimum of 5 (five) years after the termination of the relationship with the NAM, in accordance with Law no. 9,613/1998. All data is processed in compliance with the LGPD (Law no. 13,709/2018). |
|---|
12. Responsibilities
| Responsible Party | AML/CFT Duties |
|---|---|
| Bruno Moniz (CFO & Compliance Officer) | Officially responsible for the AML/CFT policy; COAF reporting; approval of high-risk cases; suspension and termination decisions; interface with regulatory authorities |
| Jean Martina (CTO & Co-Compliance Officer) | Implementation and maintenance of AML/CFT technology stack; on-chain monitoring; alert automation; immediate technical suspension of NAMs |
| Luigi Remor (CEO) | Joint approval with CFO for EDD cases and definitive NAM termination; executive sponsorship of compliance culture |
| Victor Cioffi (CRO) | Reporting to Compliance any relevant information obtained in the commercial relationship; no autonomy to suppress compliance alerts |
| External Legal Counsel | Legal guidance in complex cases; periodic policy review; support in regulatory or judicial investigations |
| All Team Members | Responsibility to internally report to the Compliance Officer any suspicious situation identified |
13. Training and Compliance Culture
-
Every Nora Finance team member receives initial AML/CFT training during onboarding
-
Annual mandatory refresher training for the entire team
-
The Compliance Officer maintains continuous professional development on crypto regulation and AML/CFT
-
Compliance culture is a leadership responsibility: no commercial pressure justifies non-compliance with this policy
14. Review and Effectiveness
This policy enters into force on the date of its approval by Nora Finance's executive board and shall be reviewed:
-
Annually, as part of the regular internal policy review cycle
-
Whenever a material change occurs in applicable legislation or regulation (in particular following approval of Bill no. 4,308/2024 and publication of BCB operational rules for stablecoin issuers)
-
Upon recommendation by external legal counsel or external audit
-
In the event of a compliance incident requiring procedural adjustment
| Version | Date | Changes |
|---|---|---|
| 1.0 | March 2026 | Initial version |
| Bruno Moniz CFO & Compliance Officer - Nora Finance | Jean Martina CTO & Co-Compliance Officer - Nora Finance |
|---|
15. Related Documents
-
KYC/KYB Policy - Nora Authorized Minters (NAM)
-
NAM Program v1 - Nora Authorized Minters
-
NAM Agreement (Authorized Minter Partnership Agreement)
-
Institutional Risk Assessment (IRA) - to be drafted