AML

Before initiating a contractual engagement, we run risk-proportional due diligence: contracting party identification (CNPJ/business registry, constitutional documents), Ultimate Beneficial Owner (UBO), authorized representatives, contract purpose, and source of funds.

For high-risk clients (e.g., FATF enhanced monitoring jurisdictions, Politically Exposed Persons — PEP), we apply Enhanced Due Diligence (EDD) with additional approval.

All clients and UBOs are screened against sanctions lists: OFAC SDN (US), UN Security Council, EU Consolidated, COAF (Brazil), HMT UK, and equivalents.

We refuse business with sanctioned individuals or entities, even if listed only in secondary jurisdictions. See also our Sanctions Policy.

Suspicious transactions (unusual payment structure, fragmentation to evade thresholds, opaque source of funds) are reported internally to the Compliance Officer and, when applicable, to COAF (Brazil) or the competent authority of the relevant jurisdiction.

We do not notify the client of the report as legally required ("tipping off" prohibited).

We accept USDC, USDT, or BTC payments only via regulated exchanges with KYC verified by the exchange (we do not receive transfers from self-custody anonymous wallets for amounts above USD 1,000 or equivalent).

We apply the Travel Rule (FATF Recommendation 16) for sender/beneficiary information in crypto transfers.

All client-facing staff receives annual AML-CTF training. Internal program audit is conducted annually with effectiveness testing.

Suspicions of money laundering involving intrus.io or its staff may be reported confidentially to contato@intrusioncyber.com (whistleblower channel) or to official COAF/local FIU channels.