Legal Compliance Policy
Effective Date: November 2024
Policy Owner: IOLLIN, Inc.
Legal Compliance Policy
Effective Date: November 2024
Policy Owner: IOLLIN, Inc.
1. Introduction
At IOLLIN, INC. (“IOLLIN,” “we,” “our,” or “us”), we are committed to maintaining the highest standards of compliance with Anti-Money Laundering (AML), Know Your Customer (KYC), and sanctions policies, as well as other applicable regulations under U.S. and international law. As a Delaware C-Corporation operating from the United States, we prioritize the safety and integrity of our platform, protecting both our users and the broader financial ecosystem.
To achieve this, we employ trusted third-party platforms, including Stripe, Persona, or equivalent services, to manage the core functions of KYC/AML and sanctions screening. While these platforms provide critical data and flag potential compliance issues, our internal Trust & Safety Team actively monitors the platform and enforces these policies. This team ensures that flagged projects, transactions, or users are reviewed, and appropriate actions are taken promptly and in alignment with best practices.
Our compliance objectives include:
- Preventing illicit activity on the platform, including money laundering, terrorist financing, fraud, and sanctions violations.
- Ensuring that all users collecting funds undergo a thorough KYC process through our third-party partners.
- Building trust and safety for our global user base by actively monitoring projects and data on the platform.
By integrating automated compliance solutions with proactive oversight from our Trust & Safety Team, we aim to create a secure environment for users and align with Stripe’s and industry-standard policies.
2. User Base and Activities
Primary Users
IOLLIN serves a global user base, including:
- Project Creators: Individuals or entities creating campaigns to raise funds or offer services through the platform.
- Supporters and Contributors: Users providing financial or other forms of support to projects.
Mandatory KYC for Fund Collection
- Any user intending to collect funds through the OLLIN platform must complete a KYC process through our third-party compliance partners (e.g., Stripe, Persona).
- Users who fail to pass the KYC process will be prohibited from collecting funds, and their campaigns or accounts may be suspended or terminated.
Trust & Safety Team Oversight
- While our third-party platforms manage KYC, AML, and sanctions screening, IOLLIN’s internal Trust & Safety Team actively monitors flagged transactions, projects, and users to ensure compliance with platform policies.
- The Trust & Safety Team:
- Reviews flagged activity for potential violations.
- Investigates suspicious patterns or behaviors flagged by third-party platforms or automated systems.
- Enforces compliance actions, including account suspension, fund freezes, or reporting to authorities if required.
Restricted and High-Risk Activities
IOLLIN prohibits participation by users or entities involved in:
- Sanctioned jurisdictions or activities (as identified by OFAC or equivalent international bodies).
- High-risk behaviors, such as fraud, illegal trade, or unlicensed financial activities.
- Campaigns misaligned with IOLLIN’s terms and standards.
The Trust & Safety Team ensures these restrictions are enforced through active monitoring and data analysis.
3. Transaction Types and Limits
Standard Transactions
IOLLIN defines standard transaction types and limits to align with startup best practices while minimizing compliance risks:
- Standard Limits: Single transactions up to $10,000.
- Aggregate Limits: Cumulative transactions up to $25,000 per user within a 30-day period.
Transactions exceeding these limits automatically trigger enhanced review by our compliance partners and internal Trust & Safety Team.
Mandatory Monitoring
All financial activity on the platform is subject to continuous monitoring:
- Third-party systems (e.g., Stripe, Persona) flag unusual activity based on predefined risk criteria.
- The Trust & Safety Team reviews flagged transactions and determines appropriate actions, including halting suspicious campaigns or escalating issues for further investigation.
Prohibited Transactions
IOLLIN explicitly prohibits the following activities:
- Money laundering or terrorism financing.
- Fraudulent transactions, such as unauthorized access or stolen payment methods.
- Sanctions violations involving restricted individuals, entities, or jurisdictions.
- Financial activities associated with illegal goods or unlicensed operations.
Compliance decisions are informed by automated systems but enforced by the Trust & Safety Team to ensure accountability and adherence to the highest standards.
Enhanced Due Diligence (EDD)
Transactions or behaviors that trigger Enhanced Due Diligence (EDD) are subject to a deeper review by our compliance partners and Trust & Safety Team. EDD triggers include:
- Large transactions exceeding $10,000 or aggregate totals exceeding $25,000.
- Irregular transaction patterns inconsistent with user behavior.
- Activities flagged by sanctions databases, adverse media, or involving high-risk jurisdictions.
EDD may require additional documentation, such as proof of funds, user identification, or transaction details, and can result in temporary fund holds pending resolution.
4. Know Your Customer (KYC) Policy
Purpose
KYC ensures the verification of user identities, mitigates risks, and fosters a secure, transparent environment. iOlliN mandates KYC compliance for all high-risk users and activities.
KYC Requirements
- Mandatory Verification:
- Required for project creators and users receiving funds.
- Triggered when users exceed defined transaction thresholds or engage in flagged behavior.
- Reverification:
- Users will be reverified every 12 months or when flagged for changes in their risk profile.
Information Collected
- For Individuals:
- Full legal name, date of birth, and residential address.
- Government-issued ID (e.g., passport, driver’s license).
- Selfie verification to match submitted documentation.
- For Businesses:
- Legal name, registration number, and principal place of business.
- Articles of incorporation or equivalent.
- Identification and verification of beneficial owners and directors.
Third-Party Verification Services
iOlliN will integrate with industry-leading identity verification services (e.g., Stripe, Persona) to ensure efficient and secure KYC processes.
5. Monitoring and Enforcement of Compliance
Automated Screening
IOLLIN leverages automated compliance solutions provided by third-party platforms such as Stripe and Persona to monitor user activity, verify identities, and screen for prohibited activities. These platforms:
- Flag transactions or user behaviors that appear irregular or high-risk.
- Screen all users and transactions against sanctions databases, including the OFAC, FATF, and international watchlists.
- Provide detailed reports on flagged activities to the IOLLIN Trust & Safety Team for further review.
Role of the Trust & Safety Team
IOLLIN’s internal Trust & Safety Team is responsible for acting on the information provided by our compliance platforms to enforce platform policies and ensure compliance. This includes:
- Investigating Flagged Activity:
- Reviewing cases flagged by automated systems for further analysis.
- Using additional tools and data to evaluate the nature and intent of flagged transactions.
- Taking Enforcement Actions:
- Suspending or terminating accounts or campaigns found to be in violation of compliance policies.
- Freezing funds associated with potentially fraudulent or prohibited activities pending investigation.
- Reporting severe violations to relevant regulatory authorities when required by law.
- Data Monitoring:
- Continuously monitoring user activity and transactional data to detect emerging risks or potential vulnerabilities on the platform.
Proactive Risk Management
IOLLIN uses predictive analytics and risk assessment tools to identify patterns of behavior that may signal potential violations. These measures, combined with our compliance partners’ automated systems, allow for a proactive approach to preventing illicit activity.
6. Data Retention and Confidentiality
Data Retention
IOLLIN, in partnership with third-party compliance platforms, retains user and transactional data to meet regulatory and operational requirements. Specifically:
- Retention Periods:
- KYC and AML data: Retained for at least 5 years after account closure or the last completed transaction, as required under the U.S. Bank Secrecy Act (BSA).
- Transactional data: Retained for a minimum of 7 years, aligning with financial reporting and audit obligations.
- Flagged or suspicious activity reports (SARs): Retained indefinitely or as mandated by regulatory authorities.
- Secure Storage:
- All data is stored securely in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA), where relevant.
Confidentiality and Access Control
IOLLIN implements strict access controls to ensure that user data is accessed only by authorized personnel. This includes:
- Role-based access controls (RBAC) for the Trust & Safety Team and key personnel handling compliance.
- Encryption of sensitive data during storage and transmission.
- Regular audits of access logs to prevent unauthorized use or disclosure.
Collaboration with Compliance Partners
Third-party platforms such as Stripe and Persona maintain their own robust data protection measures. IOLLIN partners with these platforms under strict confidentiality agreements to ensure seamless and secure information sharing. All data shared is used exclusively for compliance and enforcement purposes.
User Notification
Users are informed during onboarding about the collection and retention of their data for compliance purposes. Users can request information on their data or its processing by contacting the IOLLIN Trust & Safety Team, subject to legal constraints.
7. Reporting and Escalation
Internal Reporting Mechanisms
IOLLIN has established clear internal reporting mechanisms to ensure that compliance issues are promptly identified, reviewed, and escalated:
- Flagged Activity Reports:
- All flagged transactions or users are logged into a centralized system for review by the Trust & Safety Team.
- Incident Escalation:
- High-risk incidents, such as confirmed sanctions violations, money laundering attempts, or significant fraud cases, are escalated to the Board of Directors and legal counsel for further action.
- Internal Reviews:
- Regular compliance reviews are conducted by the Trust & Safety Team to assess the effectiveness of policies and identify potential gaps.
External Reporting Requirements
In cases where violations of AML, KYC, or sanctions policies are confirmed, IOLLIN complies with all mandatory reporting requirements:
- Suspicious Activity Reports (SARs):
- Filed with the Financial Crimes Enforcement Network (FinCEN) for any transactions suspected of involving illicit activity.
- Regulatory Notifications:
- Relevant state or federal agencies, including OFAC or the Department of Justice (DOJ), are notified when required by law.
- User Reporting:
- Users may be informed of account actions taken against them, such as freezes or terminations, unless prohibited by law (e.g., ongoing investigations).
Collaboration with Law Enforcement
IOLLIN cooperates fully with law enforcement agencies in the investigation of financial crimes.
This includes:
- Providing transaction records or flagged data under appropriate legal processes.
- Participating in investigations initiated by regulatory authorities or law enforcement, as needed.
Transparency and Continuous Improvement
To maintain trust and improve compliance processes, IOLLIN:
- Regularly updates its policies and procedures based on changes in regulations or emerging risks.
- Provides transparency to users, stakeholders, and partners regarding enforcement actions and compliance goals.
- Conducts regular training for the Trust & Safety Team and other relevant personnel to ensure awareness of the latest standards.
8. Training and Awareness
Employee Training
All IOLLIN employees, contractors, and third-party partners engaged in compliance-related tasks must undergo periodic training to ensure understanding of:
- AML, KYC, and Sanctions Policies:
- Key legal requirements under the Bank Secrecy Act (BSA), USA PATRIOT Act, and OFAC regulations.
- Platform-Specific Compliance:
- Procedures for using third-party platforms like Stripe and Persona to verify users, monitor transactions, and enforce compliance.
- Identifying Red Flags:
- Recognizing suspicious behaviors, fraudulent activities, and sanctions violations.
- Data Security and Confidentiality:
- Ensuring the secure handling of sensitive user and transactional data.
Ongoing Education
IOLLIN provides regular updates and workshops for employees to address:
- Changes in relevant laws and regulations.
- Updates to internal compliance policies.
- Evolving industry best practices and emerging risks.
Testing and Certification
All employees responsible for compliance must pass annual certification tests to demonstrate understanding of policies and procedures. Records of completed training are retained by the Trust & Safety Team.
9. User Responsibilities
Compliance with Platform Policies
All users of the OLLIN platform must agree to abide by its policies, including compliance with AML, KYC, and sanctions laws. Users are responsible for:
- Providing Accurate Information:
- Submitting truthful and complete information during onboarding and subsequent KYC checks.
- Adhering to Transaction Limits:
- Complying with standard and enhanced limits set by the platform.
- Prohibited Activities:
- Refraining from engaging in activities flagged as prohibited by IOLLIN (e.g., fraud, money laundering, or sanctions violations).
Consequences of Non-Compliance
Users found to be in violation of these policies may face:
- Immediate suspension or termination of their accounts or campaigns.
- Freezing or forfeiture of associated funds.
- Reporting to regulatory authorities for investigation and potential legal action.
10. Governance and Oversight
Board Oversight
The IOLLIN Board of Directors is ultimately responsible for ensuring that the company adheres to its compliance obligations. The Board shall:
- Periodically review the Legal Compliance Policy.
- Receive and evaluate reports on compliance-related incidents and activities from the Trust & Safety Team.
Compliance Leadership
A designated Compliance Officer within the Trust & Safety Team shall:
- Supervise daily compliance operations.
- Serve as the primary liaison with third-party platforms (e.g., Stripe, Persona).
- Coordinate with legal counsel on escalated issues or regulatory filings.
Audits and Reviews
IOLLIN conducts internal and external audits of its compliance systems at least annually. These reviews ensure:
- Proper functioning of automated systems provided by third-party platforms.
- Effective oversight by the Trust & Safety Team.
- Alignment with updated regulatory requirements.
11. Cooperation with Regulators and Law Enforcement
Regulatory Cooperation
IOLLIN is committed to full cooperation with regulators to ensure compliance with all applicable laws. This includes:
- Responding to Requests:
- Providing requested information, such as transaction logs or KYC data, through proper legal channels.
- Participating in Inquiries:
- Engaging with regulatory investigations related to financial crimes or sanctions violations.
Law Enforcement Support
In cases involving criminal activity or potential violations of national security laws, IOLLIN:
- Promptly notifies appropriate law enforcement agencies.
- Provides full cooperation, including access to records and investigative support, in compliance with relevant laws.
12. Continuous Improvement
Policy Updates
This Legal Compliance Policy is reviewed and updated regularly to:
- Reflect changes in applicable laws and regulations.
- Incorporate lessons learned from audits, investigations, or industry developments.
- Ensure alignment with best practices for startups and platforms operating globally.
Feedback Mechanisms
IOLLIN encourages feedback from employees, users, and partners to improve compliance policies. Suggestions or concerns can be submitted to the Trust & Safety Team, which reviews and incorporates feedback as appropriate.
13. Enforcement of the Policy
Zero-Tolerance Policy
IOLLIN enforces a strict zero-tolerance approach to violations of AML, KYC, and sanctions policies. This includes:
- Immediate Action:
- Suspension of accounts or campaigns in response to verified violations.
- Escalation:
- Flagging serious violations to legal counsel and regulatory authorities.
Accountability
Employees and contractors failing to uphold compliance standards are subject to disciplinary action, up to and including termination. Users violating policies face suspension, fund freezes, or permanent bans from the platform.
14. Reporting Mechanisms
Internal Reporting
The Trust & Safety Team maintains a confidential reporting mechanism for employees to report suspected compliance violations without fear of retaliation.
User Reporting
Users can report suspicious activity or violations through:
- The Platform’s built-in reporting features.
- Direct contact with the Trust & Safety Team via email or support channels.
All reports are reviewed within 48 hours and escalated as necessary.
15. Approval and Acknowledgment
This Legal Compliance Policy has been approved by IOLLIN’s Founder & CEO, Jorge Raziel, and adopted by the Board of Directors. All employees, contractors, and relevant stakeholders must acknowledge receipt and understanding of this policy.
16. Contact Information
If you have any questions about this Legal Compliance Policy, need clarification, or wish to report a potential compliance issue, please contact us at:
Trust & Safety Team
Email: compliance@iollin.com
Mailing Address:
IOLLIN, INC. (Compliance Team)
9436 W. Lake Mead Blvd. Ste 5 #1146, Las Vegas, NV 89134
Reporting
Our Trust & Safety Team is committed to addressing all inquiries and reports promptly and maintaining confidentiality wherever possible. We value your input in helping us maintain a safe and compliant platform for all users.