OrbitLink Pay
Platform
Product platformOnboarding / KYBPricingClient portalDocumentation
Solutions
Use casesRequest walkthrough
Trust
Security centerComplianceRisk disclosurePrivacy policyAML / KYC policy
Resources
Resource hubDeveloper docsCompanyContact
Contact
Contact team
Compliance controls

AML / KYC Policy

Version 2.4. Effective July 2025. Last updated July 2025. This policy describes OrbitLink Pay's risk-based anti-money laundering and customer identity verification framework.

Review required: Updated from latest legal feedback. Inquiry email has been corrected to the confirmed support mailbox.
Compliance & SecurityRisk DisclosurePrivacy PolicyTerms of ServiceAML/KYC Policy
1. Risk assessment and customer classificationOpen by default

OrbitLink Pay treats anti-money laundering compliance as an integral part of daily operations. Cross-border payment activity must comply with the U.S. Bank Secrecy Act administered by FinCEN, FINTRAC requirements in Canada, and other applicable laws and regulations.

OrbitLink Pay has established a risk-based compliance framework based on its actual business characteristics and historical transaction data, and continuously improves it through internal operations and external reviews.

OrbitLink Pay dynamically assesses each customer and transaction by considering customer background, business model, transaction behavior, geographic factors, and consistency between source of funds and declared business activity.

Low-risk customers may include businesses with more than three years of operating history, traditional trade or service activities, stable fund flows, and activity highly consistent with declared business.

Medium-risk customers may include recently established businesses, customers with cross-border transactions exceeding 30% of activity, or customers involving multiple ordinary jurisdictions.

High-risk customers may include customers involving high-risk countries or regions, politically exposed persons and related parties, cash-intensive industries, complex transaction patterns, or sources of funds that are difficult to verify.

Risk levels are not determined only once. OrbitLink Pay continuously reassesses risk after onboarding based on daily transaction data and external intelligence, and adjusts risk ratings immediately when material changes occur.

2. Customer due diligence processClick to review

Basic KYC: during onboarding, OrbitLink Pay requires government-issued identification documents, proof of address, company registration documents, and beneficial ownership information.

Enhanced due diligence: for medium- and high-risk customers, OrbitLink Pay may require six to twelve months of recent bank statements, samples of major transaction contracts, explanations of source of funds, and video verification.

For high-risk customers, OrbitLink Pay may engage qualified third-party institutions to conduct background checks.

Ongoing due diligence: low-risk customers are reviewed at least annually, while medium- and high-risk customers are reviewed more frequently, typically quarterly or semiannually.

3. Transaction monitoring and suspicious activity handlingClick to review

OrbitLink Pay has deployed transaction monitoring systems that combine rule engines and manual review to analyze transactions in real time and after the fact.

Key abnormal indicators include transaction amount or frequency suddenly deviating from historical levels or declared business scale, multiple transactions close to regulatory reporting thresholds within a short period, transactions connected to high-risk regions without reasonable commercial explanation, rapid in-and-out fund movement without clear commercial logic, and counterparty information obviously inconsistent with the customer's business background.

The handling process includes automatic system flagging of potentially abnormal transactions, manual compliance review within 24 to 48 hours, requests for customer transaction background explanations where needed, and submission of Suspicious Activity Reports to FinCEN or FINTRAC where suspicion cannot be eliminated.

OrbitLink Pay may suspend or freeze relevant funds where required or appropriate under applicable law, partner requirements, or internal risk assessment.

4. Sanctions and PEP screeningClick to review

OrbitLink Pay uses professional third-party sanctions database tools, including World-Check and similar systems, for screening.

At onboarding, OrbitLink Pay screens customers, beneficial owners, and major counterparties.

For existing customers, OrbitLink Pay performs batch rescreening at least monthly. High-risk customers or sensitive transactions may be screened daily.

PEP screening is performed during onboarding and periodic review. Identified politically exposed persons, their immediate family members, and close associates are subject to enhanced due diligence, additional approval by the compliance officer, and significantly increased monitoring frequency.

If a potential match or high-risk PEP situation occurs, OrbitLink Pay will immediately suspend the relevant transaction and conduct manual investigation.

5. Recordkeeping, internal reporting, and third-party auditClick to review

OrbitLink Pay retains all KYC documents, transaction records, due diligence materials, and suspicious activity analysis records for at least five years, or longer if required by regulation.

The internal reporting mechanism requires the compliance team to report daily suspicious matters to the compliance officer. Major risk events are reported directly by the compliance officer to management. Events involving systemic risk or regulatory concern may be reported to the board.

OrbitLink Pay has engaged external independent compliance advisers to complete an initial framework review and plans to conduct at least one comprehensive external audit each year.

Audit results are used to adjust monitoring thresholds, review processes, and risk classification standards. OrbitLink Pay is currently optimizing transaction monitoring rules based on initial audit feedback.

6. Data security incident handlingClick to review

OrbitLink Pay uses industry-standard encryption, access control, and other measures to protect customer information.

If an incident occurs that may affect customer data or fund security, OrbitLink Pay will initiate internal emergency procedures and notify affected customers and regulators within the time required by applicable laws and regulations.

7. User cooperation obligationsClick to review

By using the platform, users agree to provide true, accurate, and complete identity and business information, and to proactively update information within seven business days after any material change.

Users agree to truthfully explain the purpose, source of funds, and background of each transaction.

Users agree to provide required supporting documents in a timely manner after receiving a compliance inquiry.

Users agree to ensure that all transactions have lawful commercial purposes and lawful sources of funds, and are not used for illegal purposes or to evade regulation.

8. Risk-control measuresClick to review

Based on risk assessment results, OrbitLink Pay may suspend services, freeze accounts, reject transactions, or terminate business relationships.

OrbitLink Pay will notify users of relevant decisions and handling methods in a timely manner to the extent permitted by applicable laws and regulations.

9. Policy updates and contactClick to review

This policy will be reviewed and updated periodically according to regulatory changes, business development, and audit results.

For AML/KYC inquiries, please contact customer support at [email protected] and include “AML/KYC Inquiry” in the subject line.

This draft is provided for product and compliance review only. It is not legal advice and should not be published without review by qualified counsel or the responsible compliance officer.