Acceptable Use Policy & AML/KYC and Compliance Policy

Last updated: July 2026

A trading name of Dake Bromley Limited, a private company incorporated in Hong Kong under the Companies Ordinance (Cap. 622), Company No. 78791695.

This document (this "Policy") consists of two integrated parts — the Acceptable Use Policy (Part A) and the AML/KYC & Compliance Policy (Part B) — applicable to all Users of the HarbiX Pay International platform (the "Platform"), operated by Dake Bromley Limited ("HarbiX Pay International", "we", "us"). This Policy forms part of, and is incorporated by reference into, our Terms of Use, and should be read together with it. Capitalized terms not defined in this Policy, including "Provider", have the meaning given to them in the Terms of Use.

This Policy becomes binding on you on the same Effective Date as, and for so long as, the Terms of Use remain in effect between you and the Company, and any update to this Policy takes effect in accordance with the acceptance and notice mechanism set out in the Terms of Use.

PART A: Acceptable Use Policy

A.1 Purpose

Because HarbiX Pay International relies on one or more third-party, independently regulated financial service providers (each, a "Provider") to deliver payment, wallet, currency conversion, and cross-border transfer functionality, all use of the Platform must at all times comply with both this Policy and the applicable Provider's own restricted and prohibited business policies. The identity of the Provider(s) integrated with the Platform may change from time to time, and this Policy applies regardless of which Provider is in use at any given time. Where there is any inconsistency between this Policy and a Provider's own restricted business policy, the more restrictive position shall apply.

A.2 Prohibited Businesses

You may not use the Platform in connection with any of the following categories of business or activity:

  • Illegal goods or services under the laws of Hong Kong, the United Arab Emirates, or any other jurisdiction relevant to the transaction, including your jurisdiction of operation;
  • Weapons, ammunition, explosives, or related accessories;
  • Illegal drugs, controlled substances, or drug paraphernalia;
  • Unlicensed or unregulated gambling, betting, lotteries, or prize-based games of chance;
  • Adult content, pornography, or escort and companionship services;
  • Counterfeit or unauthorized replica goods, or goods infringing third-party intellectual property rights;
  • Multi-level marketing, pyramid, or matrix schemes, and "get rich quick" or high-yield investment programs;
  • Unregistered or unlicensed money service business activity, including unlicensed remittance, currency exchange, or virtual asset exchange services carried out by you independently of the Platform;
  • Regulated financial products or services (such as securities, derivatives, credit, or insurance products) offered without the appropriate license or authorization;
  • Sale of protected wildlife, endangered species, or related products;
  • Sanctioned goods, services, or activities involving sanctioned individuals, entities, or jurisdictions;
  • Any business or activity restricted under the then-current restricted or prohibited business list of any Provider integrated with the Platform.

A.3 Prohibited Activities

Regardless of the nature of your business, you may not use the Platform to:

  • Engage in fraud, misrepresentation, or deceptive practices toward other Users, counterparties, us, or any Provider;
  • Facilitate money laundering, terrorist financing, or sanctions evasion;
  • Initiate or receive transfers on behalf of an unrelated third party who has not been separately verified in accordance with our onboarding requirements, or otherwise act as an unauthorized aggregator or reseller of access to the Platform;
  • Circumvent, disable, or interfere with any KYC, KYB, sanctions-screening, or verification process;
  • Structure transactions to avoid reporting or verification thresholds;
  • Use the Platform for a purpose materially different from what was disclosed during onboarding;
  • Misuse, reverse-engineer, or interfere with the security or operation of the Platform;
  • Submit false, misleading, or stolen identification or business documentation;
  • Use the Platform in a manner that damages, disables, or impairs our systems or the systems of any Provider.

A.4 Ongoing Monitoring

We and our Provider(s) may monitor transactions and account activity on an ongoing basis to identify activity that may violate this Policy, applicable law, or a Provider's own policies. We may request additional information or documentation at any time to verify compliance with this Policy, and failure to promptly provide such information shall itself constitute a breach entitling the Company to suspend or terminate your account.

A.5 Enforcement

Where we reasonably believe that a User has violated this Policy, we may, in our sole discretion and without prior notice where circumstances require, and without any liability to you:

  • Suspend or terminate the User's access to the Platform;
  • Suspend, restrict, or terminate the ability to send, receive, or hold funds through the Platform;
  • Instruct or support the applicable Provider in placing a hold, reserve, or restriction on funds;
  • Report the activity to relevant regulators, law enforcement, or the Joint Financial Intelligence Unit (JFIU) or equivalent authority, where required or appropriate;
  • Take any other action reasonably necessary to protect the Company, the integrity of the Platform, our other Users, or our compliance obligations.

You agree to indemnify the Company for any losses arising from your breach of this Policy in accordance with the indemnification provisions of the Terms of Use.

A.6 Reporting Violations

If you become aware of activity on the Platform that may violate this Policy, please report it to us at [email protected].

PART B: AML/KYC & Compliance Policy

B.1 Regulatory Context and Status

HarbiX Pay International is a technology platform. HarbiX Pay International does not hold User funds, does not provide banking or deposit-taking services, and is not licensed as a bank or authorized institution under the Banking Ordinance (Cap. 155). Currency conversion, wallet, custody, and cross-border transfer or remittance services are carried out exclusively through one or more independently regulated third-party financial service providers engaged by the Company from time to time (each, a "Provider"), which may hold licenses or authorizations including, as applicable to their specific activities, licensing as a money service operator under the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (Cap. 615) ("AMLO") or as a stored value facility under the Payment Systems and Stored Value Facilities Ordinance (Cap. 584), or equivalent licenses in other relevant jurisdictions, including the United Arab Emirates and other Middle East markets.

Notwithstanding the above, we have adopted this Part B, and the practices described in it, as a matter of good governance, to align with the compliance requirements of our Provider(s), and to support the integrity of the Platform. This Part B does not constitute a representation that any particular license or authorization is or is not required for the Company's own activities in any given jurisdiction — including whether the Company's role in facilitating access to multi-currency wallet and cross-border transfer functionality may itself require licensing (for example, as a money service operator or stored value facility) as the business evolves and as specific Provider relationships are finalized. Such determinations depend on the specific facts, the terms of the applicable Provider arrangement, and applicable law, and are to be confirmed with qualified legal counsel in each relevant jurisdiction before the corresponding service is launched. Nothing in this Part B shall be construed as creating any regulatory obligation on the Company beyond what is required by applicable law.

B.2 Risk-Based Approach

We apply a risk-based approach to onboarding and monitoring Users, calibrated to factors including the User's business type (if any), geographic footprint, transaction volume and value, the jurisdictions involved in a given transfer (including corridors between Hong Kong, the United Arab Emirates, and other Middle East markets), and the nature of counterparties involved. Higher-risk Users are subject to enhanced due diligence, in addition to any due diligence conducted independently by our Provider(s).

B.3 User Onboarding: KYC and KYB

Before a User is permitted to transact live on the Platform, we require completion of Know-Your-Customer ("KYC") and, where applicable, Know-Your-Business ("KYB") verification, which may include:

  • Verification of the identity of individual Users, and of the directors, ultimate beneficial owners, and authorized signatories of corporate Users;
  • Verification of business registration, incorporation documents, and proof of address, where applicable;
  • Screening against global sanctions lists, politically exposed persons ("PEP") lists, and adverse media;
  • Assessment of the User's intended use of the Platform, expected transaction corridors and profile, and counterparties against our Acceptable Use Policy;
  • For higher-risk Users, additional documentation regarding source of funds, source of wealth, or business licensing.

Separately, and independently of our own onboarding process, each User must also complete any KYC, KYB, or underwriting process required directly by the applicable Provider before that User can process live transactions. The Company bears no responsibility for a Provider's decision to decline, restrict, or delay a User's onboarding.

B.4 Ongoing Monitoring

We conduct ongoing monitoring of User activity on the Platform, with reference to expected transaction patterns established at onboarding. Indicators that may trigger further review include unexplained changes in transaction volume, value, or corridor, transactions inconsistent with the User's stated purpose, unusual patterns of reversals or disputes, or activity flagged by our Provider(s).

B.5 Sanctions Compliance

We do not knowingly onboard, or permit continued use of the Platform by, any User who is listed on, owned or controlled by, or acting on behalf of a person or entity listed on, a sanctions list maintained by the United Nations, Hong Kong, the United States (OFAC), the European Union, the United Kingdom, the United Arab Emirates, or any other applicable authority, or who is located in or conducting business from a comprehensively sanctioned jurisdiction. Sanctions screening is performed both by us and independently by our Provider(s) as part of their own compliance obligations.

B.6 Suspicious Activity

Where we identify activity on the Platform that we reasonably suspect may relate to money laundering, terrorist financing, fraud, or other financial crime, we will take appropriate action, which may include restricting or suspending the relevant account, escalating the matter internally, and, where appropriate, making a report to the Joint Financial Intelligence Unit (JFIU) of the Hong Kong Police Force and Customs and Excise Department, or any other relevant authority, in addition to any obligations our Provider(s) may separately have to make such reports.

B.7 Record Keeping

We retain KYC/KYB records, transaction monitoring records, and related compliance documentation for a period consistent with generally accepted AML record-keeping practice (generally a minimum of five years following the end of the business relationship), subject to our Privacy Policy and applicable data protection law.

B.8 Reliance on Provider Compliance Programs

Our Provider(s) operate their own independent compliance, KYC, sanctions-screening, and transaction-monitoring programs as regulated financial institutions. Our internal compliance measures are designed to complement, and not to replace or substitute for, the compliance obligations and controls operated directly by our Provider(s). Final approval of a User's ability to process live transactions rests exclusively with the relevant Provider, and the Company accepts no liability for a Provider's compliance decisions.

B.9 Staff Awareness

Personnel involved in User onboarding, account review, and customer support are made aware of this Part B and are expected to escalate any concerns regarding suspicious activity, prohibited business categories, or sanctions exposure in accordance with our internal escalation procedures.

B.10 Policy Review

This Part B is reviewed periodically and updated as our business, applicable law, and the requirements of our Provider(s) evolve, including as specific Provider relationships (including for markets such as the United Arab Emirates and other Middle East jurisdictions) are finalized.

B.11 Contact

Questions regarding this Part B may be directed to [email protected].