• Terms of Use
  • KYC and AML policy
  • Privacy policy
  • Cookie policy

KYC & AML policy

  • Terms of Use
  • KYC and AML policy
  • Privacy policy
  • Cookie policy

The operator of the buycoin.online platform is EVERNORTH FINTECH INC. (hereinafter — “Evernorth”, “Operator”), a Money Services Business registered with FINTRAC (MSB No. N300000091), operating in accordance with the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its regulations.

This summary describes Evernorth’s approach to client identification (KYC) and Anti-Money Laundering / Counter-Terrorist Financing (AML/CTF). Detailed procedures are set out in Evernorth’s internal documentation.

1. Purpose and scope

This KYC and AML/CTF Policy applies to all services provided by Evernorth through the buycoin.online platform, to all clients (natural persons and, where applicable, legal entities), transactions and service channels.

2. Principles

  • Risk-Based Approach (RBA). KYC/AML measures are proportionate to the risk profile of the client, transaction, jurisdiction and products used.
  • Ongoing monitoring. Controls operate throughout the client lifecycle — from onboarding to continuous transaction monitoring.
  • Transparency and privacy. Personal data is processed in accordance with law (including PIPEDA) and the Privacy Policy.

3. Identification and verification (KYC)

3.1. Mandatory identification.

Services are available only after successful KYC. Evernorth may decline service until verification is completed.

3.2. Documents (public list).

To complete identification, the Client provides:

  • a passport issued by a governmental authority;
  • a national identification card;
  • a residence permit;
  • a driver’s license;
  • where necessary, proof of address (e.g. a utility bill or bank statement issued no more than 6 months ago);
  • up-to-date contact details.

As part of verification, Evernorth conducts liveness checks and biometric face-matching against the document photo, as well as document authenticity checks. Additional information may be requested based on the level of risk.

3.3. Enhanced Due Diligence (EDD).

In higher-risk cases, Evernorth conducts EDD as a separate procedure. EDD may involve the collection of additional information and evidence relevant to assessing the lawful origin of assets and the purpose of transactions.

A conservative approach applies: where a reasonable level of assurance is lacking, service may be refused and/or the relationship terminated.

4. Screening and registry checks

All clients and transactions are screened against all relevant and available sources, including (without limitation):

  • sanctions lists and restrictive measures — international (UN, OFAC, EU, UK OFSI) and Canadian regimes (SEMA, JVCFOA, United Nations Act, Consolidated Canadian Autonomous Sanctions List);
  • politically exposed persons (PEP) and related parties;
  • high-risk jurisdictions and export controls;
  • adverse media;
  • specialised commercial databases and other registers required by law.

Matches or risks trigger manual review and, where appropriate, refusal or blocking.

5. Transaction monitoring

Evernorth performs ongoing monitoring of activity, analysing anomalies and risk patterns (including blockchain-analytics signals relating to risky addresses, mixers, darknet services, etc.). Where suspicions arise, transactions may be paused or blocked, additional information may be requested, and, where required by law, competent authorities may be notified.

6. Travel Rule

For transfers of an amount equivalent to CAD 1,000 and above, Evernorth collects and transmits originator and beneficiary information to the extent required by applicable law, taking into account the technical compatibility of the virtual-asset service providers involved. For self-hosted (non-custodial) addresses, proof of control over the address or wallet may be required.

7. Refusal, suspension and freezing

Evernorth may refuse or terminate service where KYC/AML requirements are not met or risk is elevated. Where justified (AML/sanctions concerns, requests from authorities or partners, source-of-funds checks, security or operational incidents), assets or operations may be frozen for up to 30 business days, extendable to 90 business days to complete a review or investigation. Notifications are provided within a reasonable time unless prohibited by law or by an authority’s request.

8. Client obligations

The Client must provide accurate and up-to-date data and documents, update them in a timely manner, follow the requirements shown in the order/process interface, and comply with the Terms of Use, including the List of Prohibited Countries and Territories and the list of Prohibited and Unsupported Services.

9. Data sharing

On a lawful basis (including contract performance, AML control, fraud prevention and security), KYC/AML data may be used within Evernorth on a strictly need-to-know basis and shared with third parties strictly to the extent necessary, in accordance with the Privacy Policy.

10. Record-keeping

KYC files, screening and monitoring results, and transaction records are retained for at least 5 years after the end of the client relationship in accordance with the requirements of the PCMLTFA, or longer where required by law or investigation. Records may be produced to competent authorities within the prescribed timelines. Appropriate technical and organisational security measures are applied.

11. Training and internal control

Evernorth provides regular staff training on KYC/AML and sanctions compliance and conducts internal controls over the effectiveness of the measures applied. Detailed procedures are set out in internal documentation.

12. Regulatory interactions

Evernorth fulfils its statutory obligations to report suspicious and large transactions (including suspicious transaction reports and large virtual currency transaction reports to FINTRAC) and responds to requests from competent authorities in accordance with applicable law.

13. Policy updates

This Policy is reviewed and updated as laws, regulatory practice and risk profiles evolve. The current version is published on the website.