Compliance & AML Policy
Anti-Money Laundering & Counter-Terrorist Financing
Last updated: January 15, 2026
Introduction
Our regulatory commitment
Fortress Algo Incorporated, operating under the trade name Wiremi, is a corporation incorporated under the laws of Canada with Registry ID 4363756. We are licensed by the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) as a Money Services Business (MSB) under License Number M23401666. This Compliance and Anti-Money Laundering (AML) Policy outlines our comprehensive approach to preventing financial crimes, including money laundering, terrorist financing, fraud, and other illicit activities.
As a licensed financial services provider operating across multiple jurisdictions, we recognize our critical role in the global effort to combat financial crime. We are committed to maintaining the highest standards of regulatory compliance and ethical business practices. Our compliance program is designed to detect, prevent, and report suspicious activities while ensuring that our services are not misused for illegal purposes.
This policy applies to all employees, officers, directors, contractors, and agents of Wiremi, as well as to all users of our services. We require strict adherence to this policy and related procedures, and we provide regular training to ensure that all personnel understand their compliance obligations. Failure to comply with this policy may result in disciplinary action, termination of employment or services, and referral to relevant authorities.
Regulatory Framework
Compliance standards
Our compliance program is built upon a foundation of international standards and national regulations from all jurisdictions in which we operate. We continuously monitor regulatory developments and update our policies and procedures to ensure ongoing compliance. The following regulatory frameworks form the basis of our compliance program:
Financial Action Task Force (FATF) Recommendations
The FATF is the global standard-setter for anti-money laundering and counter-terrorist financing measures. We align our compliance program with the FATF's 40 Recommendations, which provide a comprehensive framework for combating money laundering, terrorist financing, and the financing of proliferation of weapons of mass destruction. We regularly review updates to FATF guidance and incorporate relevant requirements into our policies and procedures.
Canada's Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA)
As a Canadian Money Services Business, we are subject to the PCMLTFA and its associated regulations. This legislation requires us to implement a comprehensive compliance program that includes appointing a compliance officer, developing written policies and procedures, conducting risk assessments, implementing training programs, performing effectiveness reviews, and meeting all record-keeping and reporting obligations to FINTRAC.
Regional and International Regulations
Given our global operations, we comply with applicable regulations in all jurisdictions where we offer services. This includes but is not limited to the European Union's Anti-Money Laundering Directives (AMLDs), which establish comprehensive requirements for customer due diligence, beneficial ownership identification, and suspicious transaction reporting; the United States Bank Secrecy Act (BSA) and related FinCEN regulations for any transactions involving the U.S. financial system; and various national AML laws and regulations in African, Asian, and other markets where we operate.
Sanctions Compliance
We maintain strict compliance with economic sanctions programs administered by the United Nations, the United States Office of Foreign Assets Control (OFAC), the European Union, the Government of Canada, and other relevant authorities. We do not provide services to sanctioned countries, entities, or individuals, and we screen all customers and transactions against applicable sanctions lists.
Customer Due Diligence & KYC
Identity verification
Customer Due Diligence (CDD) is the cornerstone of our compliance program. We are committed to knowing our customers and understanding their financial activities to detect and prevent misuse of our services. Our Know Your Customer (KYC) procedures are designed to verify the identity of all users, understand the nature and purpose of business relationships, and assess the risk profile of each customer.
Identity Verification
Before a customer can use our services, they must complete our identity verification process. For individual customers, this requires submission of a valid, government-issued photo identification document such as a passport, national identity card, or driver's license. We verify the authenticity of these documents using advanced document verification technology that checks for signs of tampering, forgery, or alteration. We also collect proof of address through documents such as utility bills, bank statements, or government correspondence dated within the last three months.
Biometric Verification
To ensure that the person opening an account is the same person whose identity documents have been submitted, we employ biometric verification technology. This includes selfie verification, where customers take a photograph of themselves that is compared against the photo on their identity document using facial recognition technology; and liveness detection, which ensures that the person is physically present during verification and that static images or videos are not being used fraudulently.
Enhanced Due Diligence (EDD)
For customers identified as higher risk, we apply Enhanced Due Diligence measures that go beyond our standard verification procedures. Factors that may trigger EDD include customers from high-risk jurisdictions as identified by FATF or our own risk assessment; Politically Exposed Persons (PEPs) and their close associates or family members; customers with unusual transaction patterns or unclear sources of wealth; complex business structures or beneficial ownership arrangements; and any other factors that suggest elevated money laundering or terrorist financing risk.
Source of Funds Verification
For higher-value transactions or higher-risk customers, we require verification of the source of funds. This may involve collecting documentation such as bank statements, employment records, business financial statements, sale contracts, inheritance documents, or other evidence that demonstrates the legitimate origin of the funds being transferred through our platform.
Ongoing Monitoring and Reviews
Customer due diligence is not a one-time event but an ongoing process. We continuously monitor customer activity and periodically review customer profiles to ensure that information remains current and accurate. Customers may be required to provide updated identification documents, confirm or update their personal information, and answer questions about changes in their circumstances. Risk assessments are updated based on transaction behavior and any new information that becomes available.
Politically Exposed Persons
Enhanced measures
Politically Exposed Persons (PEPs) present an elevated risk for potential involvement in corruption, bribery, and money laundering due to their public positions and influence. We have implemented specific procedures to identify and manage relationships with PEPs in accordance with FATF recommendations and applicable regulations.
Definition of PEPs
For the purposes of our compliance program, PEPs include individuals who hold or have held prominent public functions, such as heads of state or government, senior politicians, senior government officials, judicial or military officials, senior executives of state-owned corporations, and important political party officials. We also apply enhanced measures to family members of PEPs, including spouses, children, parents, and siblings, as well as close associates who are known to have close business or personal relationships with PEPs.
PEP Screening and Identification
We screen all customers against comprehensive PEP databases at the time of onboarding and on an ongoing basis. Our screening process uses specialized third-party databases that are regularly updated with information from government sources, news media, and other reliable sources. When a potential PEP match is identified, our compliance team conducts a manual review to confirm whether the customer is indeed a PEP.
Enhanced Measures for PEPs
When a customer is confirmed as a PEP, we apply enhanced due diligence measures including senior management approval for establishing or continuing the business relationship; enhanced scrutiny of the source of wealth and source of funds; collection of additional documentation to verify the legitimate origin of assets; enhanced ongoing monitoring of transactions with lower thresholds for triggering alerts; and more frequent periodic reviews of the customer relationship.
Duration of PEP Status
A person does not cease to be a PEP immediately upon leaving a prominent public function. We continue to treat former PEPs as presenting elevated risk for a period of at least two years after they leave their position, or longer if the nature of the position, the jurisdiction, or other factors suggest that elevated risk may persist. Even after this period, we may continue enhanced monitoring if other risk factors are present.
Sanctions Screening
Global compliance
Economic sanctions are powerful tools used by governments and international organizations to combat terrorism, weapons proliferation, human rights abuses, and other threats to international peace and security. Compliance with applicable sanctions is a legal requirement and a cornerstone of our commitment to preventing financial crime.
Sanctions Lists We Screen Against
We screen all customers and transactions against multiple sanctions lists, including the United Nations Security Council Consolidated List, which includes individuals and entities subject to UN sanctions; the U.S. Office of Foreign Assets Control (OFAC) Specially Designated Nationals and Blocked Persons List (SDN List); the European Union Consolidated Sanctions List; the Canadian Consolidated Autonomous Sanctions List and the Regulations Establishing a List of Entities (Criminal Code); and other relevant national and international sanctions lists.
Screening Process
We employ automated screening systems that check all customers and transactions in real-time against applicable sanctions lists. Screening occurs at multiple points, including customer onboarding, before processing any transaction, and on an ongoing batch basis to catch any changes to sanctions lists. Our screening systems use sophisticated matching algorithms that account for name variations, transliterations, and common aliases to minimize both false positives and false negatives.
Handling of Matches
When a potential sanctions match is identified, the transaction or account is immediately frozen pending review by our compliance team. Our analysts conduct a thorough investigation to determine whether the match is a true positive or a false positive due to common names or other factors. If a match is confirmed as a true positive, we immediately block the transaction, freeze the account, and report the matter to relevant authorities as required by law.
Prohibited Jurisdictions
We do not provide services to customers located in countries subject to comprehensive sanctions, nor do we process transactions to or from such jurisdictions. The list of prohibited jurisdictions is reviewed and updated regularly based on changes to applicable sanctions programs. We also maintain heightened scrutiny for transactions involving jurisdictions identified by FATF as having strategic deficiencies in their AML/CTF frameworks.
Transaction Monitoring
Detection and reporting
Effective transaction monitoring is essential for detecting suspicious activity that may indicate money laundering, terrorist financing, or other financial crimes. We employ a combination of automated systems and human analysis to monitor all transactions processed through our platform.
Automated Monitoring Systems
Our transaction monitoring infrastructure uses artificial intelligence and machine learning algorithms to analyze transaction patterns in real-time. These systems are designed to detect anomalies that may indicate suspicious activity, including transactions that are inconsistent with a customer's known profile or stated purpose; unusual patterns such as rapid movement of funds, round-dollar amounts, or just-below-threshold transactions; transactions involving high-risk jurisdictions or counterparties; and patterns consistent with known money laundering typologies.
Structuring Detection
Structuring (also known as "smurfing") is the practice of breaking up transactions into smaller amounts to avoid reporting thresholds. Our monitoring systems are specifically designed to detect structuring patterns, including multiple transactions just below reporting thresholds conducted in quick succession; transactions split across multiple accounts or recipients; and the use of multiple payment methods or channels to avoid detection.
Suspicious Transaction Reports (STRs)
When our monitoring systems or staff identify potentially suspicious activity, the matter is escalated to our compliance team for investigation. If, after investigation, there are reasonable grounds to suspect that the transaction or activity is related to money laundering, terrorist financing, or other illegal activity, we file a Suspicious Transaction Report (STR) with FINTRAC. We are prohibited from informing the customer that an STR has been filed (known as the "tipping off" prohibition).
Large Cash Transaction Reports (LCTRs)
In accordance with Canadian regulations, we report to FINTRAC any transaction involving the receipt of CAD $10,000 or more in cash or the equivalent in foreign currency. These Currency Transaction Reports (CTRs) or Large Cash Transaction Reports (LCTRs) are submitted within the timeframes required by law and include all information mandated by regulations.
Electronic Funds Transfer Reports (EFTRs)
We report to FINTRAC international electronic funds transfers of CAD $10,000 or more, as required by the PCMLTFA. These reports help authorities track cross-border fund flows and identify potential money laundering or terrorist financing activities.
Anti-Fraud Policy
Fraud prevention
Fraud prevention is a critical component of our compliance program. We are committed to protecting our customers, our business, and the integrity of the financial system from fraudulent activities. Our anti-fraud measures are designed to prevent, detect, and respond to a wide range of fraud types.
Types of Fraud We Protect Against
Our anti-fraud program addresses multiple categories of fraud, including account fraud involving the creation of accounts using stolen or synthetic identities, or the takeover of legitimate customer accounts; payment fraud including unauthorized transactions, stolen payment credentials, and chargeback fraud; identity theft where criminals use stolen personal information to access financial services; document fraud involving the submission of forged, altered, or counterfeit identity documents; and AML-related fraud such as the use of shell companies, nominees, or false documentation to disguise the origins or ownership of funds.
Prevention Mechanisms
We employ multiple layers of fraud prevention controls, starting with robust KYC verification using advanced document authentication and biometric verification technology. Our transaction monitoring systems analyze patterns in real-time to identify potentially fraudulent activity. We use device fingerprinting and behavioral analytics to detect anomalies that may indicate account compromise or synthetic identity fraud. Strong authentication measures, including multi-factor authentication and biometric login options, protect account access. All sensitive data is encrypted using industry-standard encryption protocols.
Fraud Detection and Response
When potential fraud is detected, our systems can automatically block suspicious transactions or accounts pending investigation. Our fraud investigation team conducts thorough reviews of flagged activity and takes appropriate action, which may include requiring additional verification, blocking transactions, suspending or terminating accounts, recovering funds where possible, and reporting confirmed fraud to law enforcement.
Customer Protection
We are committed to protecting our customers from becoming victims of fraud. This includes educating customers about common fraud schemes and how to protect themselves, providing tools such as transaction alerts and account security settings, promptly investigating customer reports of unauthorized activity, and working to recover funds in cases where customers have been defrauded.
Cryptocurrency Compliance
Digital asset measures
As cryptocurrency and digital assets become increasingly integrated into the global financial system, we have developed specific compliance measures to address the unique risks associated with these assets. Our approach balances innovation with the need to prevent misuse of digital assets for illicit purposes.
Blockchain Analytics
We utilize sophisticated blockchain analytics tools to monitor and analyze cryptocurrency transactions processed through our platform. These tools allow us to trace the origin and destination of cryptocurrency funds; identify transactions linked to known illicit addresses, including those associated with darknet markets, ransomware, sanctions violations, or terrorist financing; assess the risk level of specific wallet addresses based on their transaction history; and comply with the FATF's "travel rule" requirements for virtual asset transfers.
Cryptocurrency Custody Approach
Our business model focuses on conversion services rather than cryptocurrency custody. When customers use our cryptocurrency features, we typically convert cryptocurrency to stablecoins or fiat currency for transfer purposes rather than holding volatile cryptocurrency assets on behalf of customers. This approach reduces custody risks while allowing customers to benefit from the speed and efficiency of blockchain technology for cross-border transfers.
Know Your Transaction (KYT)
Beyond traditional Know Your Customer procedures, we apply Know Your Transaction (KYT) analysis to all cryptocurrency transactions. This involves evaluating the risk of each transaction based on blockchain data, screening wallet addresses against databases of known high-risk addresses, monitoring for patterns consistent with cryptocurrency money laundering typologies, and applying enhanced scrutiny to transactions involving privacy coins, mixers, or other techniques designed to obscure fund flows.
Record Keeping
Data retention
Comprehensive record keeping is a legal requirement and an essential component of our compliance program. We maintain detailed records of all customer information, transactions, and compliance activities in accordance with the PCMLTFA and other applicable regulations.
Types of Records Maintained
We maintain comprehensive records including customer identification documents and verification results; transaction records including date, amount, currency, sender and recipient information, and purpose of transaction; copies of all reports filed with FINTRAC and other regulatory bodies; documentation of compliance reviews, risk assessments, and investigations; training records for all employees who handle compliance responsibilities; and correspondence related to customer accounts and compliance matters.
Retention Periods
In accordance with Canadian regulations, we retain all required records for a minimum of five years from the date of the transaction or the date the business relationship ends, whichever is later. Certain records may be retained for longer periods if required by other applicable laws or regulations, or if we determine that longer retention is appropriate for risk management purposes.
Secure Storage and Access
All records are stored securely using encryption and access controls that limit access to authorized personnel only. We maintain both electronic and, where required, physical copies of essential records. All records must be readily accessible and producible to FINTRAC or other regulatory authorities upon request. We have procedures in place to ensure that records can be retrieved and provided within the timeframes required by law.
Training & Awareness
Staff education
A well-trained workforce is essential for effective compliance. We invest significantly in training and awareness programs to ensure that all employees understand their compliance obligations and can effectively identify and respond to potential risks.
Training Program Structure
Our training program includes initial training for all new employees before they assume their duties, covering the fundamentals of AML/CTF compliance, our policies and procedures, and their individual responsibilities. We provide ongoing annual refresher training that updates employees on regulatory changes, new typologies, and lessons learned from internal and external cases. Role-specific training is provided for employees with specialized compliance responsibilities, such as customer onboarding, transaction monitoring, and investigation staff. Ad hoc training is delivered when new regulations are introduced, significant risks are identified, or specific knowledge gaps are observed.
Training Content
Our training programs cover a comprehensive range of topics including the legal and regulatory framework governing our business; our AML/CTF policies, procedures, and controls; customer due diligence requirements and procedures; red flags and indicators of suspicious activity; reporting obligations and how to escalate concerns; sanctions compliance and screening procedures; fraud prevention and detection; current money laundering and terrorist financing typologies; and the consequences of non-compliance for both individuals and the organization.
Training Documentation and Assessment
We maintain records of all training provided, including attendance records and assessment results. Employees are required to pass assessments demonstrating their understanding of training content. Training effectiveness is evaluated through testing, monitoring of employee performance, and regular review of the training program.
Reporting Suspicious Activity
Reporting procedures
Prompt reporting of suspicious activity is critical for effective compliance and for supporting law enforcement efforts to combat financial crime. We have established clear procedures for internal and external reporting of suspicious activity.
Internal Reporting by Employees
All employees are required to report any suspicious activity or concerns to the compliance team immediately. Reports can be made through our internal reporting system, by email to our compliance department, or through our anonymous whistleblower hotline for those who prefer to report concerns confidentially. Employees are protected from retaliation for good-faith reporting of compliance concerns.
Customer Reporting
Customers who observe or experience suspicious activity, including potential fraud or scams, should report it to us immediately. Reports can be made through our in-app "Report Fraud" feature, which provides a direct channel to our compliance and fraud teams, by contacting our customer support team via phone, email, or chat, or by emailing our compliance department directly.
External Reporting to Authorities
When required by law or when we believe it is appropriate, we file reports with FINTRAC and other relevant authorities. These reports include Suspicious Transaction Reports (STRs), Large Cash Transaction Reports (LCTRs), Electronic Funds Transfer Reports (EFTRs), and Terrorist Property Reports. We cooperate fully with law enforcement investigations and respond promptly to lawful requests for information.
Confidentiality and Non-Disclosure
In accordance with the tipping off provisions of the PCMLTFA and similar laws in other jurisdictions, we are prohibited from disclosing to customers or any other unauthorized person that a suspicious transaction report has been or will be filed, or that related information has been provided to law enforcement. Violation of this prohibition is a criminal offense.
Independent Audits
Continuous improvement
Regular independent review of our compliance program is essential to ensure its effectiveness and identify areas for improvement. We engage external auditors to conduct comprehensive assessments of our AML/CTF controls.
Scope of Audits
Our independent audits cover all aspects of our compliance program, including our policies, procedures, and internal controls; customer due diligence and KYC processes; transaction monitoring systems and their effectiveness; sanctions screening procedures; record-keeping practices; training program adequacy; compliance with all reporting obligations; and overall program governance and accountability.
Frequency of Audits
In accordance with regulatory requirements, we conduct an independent effectiveness review of our compliance program at least every two years, or more frequently if significant changes occur to our business, the regulatory environment, or if deficiencies are identified that require follow-up assessment.
Remediation of Findings
Audit findings are reported to senior management and the board of directors. We develop action plans to address any deficiencies identified, with clear ownership and timelines for remediation. Progress on remediation is tracked and reported to management, and follow-up assessments are conducted to verify that issues have been effectively resolved. We view audits as an opportunity for continuous improvement of our compliance program.
Non-Compliance Penalties
Consequences
We take compliance seriously and have zero tolerance for money laundering, terrorist financing, fraud, and other financial crimes. Violations of our policies or applicable laws will result in swift and decisive action.
Consequences for Customers
Customers who violate our terms of service, engage in prohibited activities, or are found to have provided false information will face immediate account suspension and investigation, permanent account termination and ban from our services, forfeiture of funds related to illegal activity, reporting to FINTRAC and other relevant authorities, and potential referral to law enforcement for criminal prosecution.
Consequences for Employees
Employees who fail to comply with our policies and procedures, or who facilitate or ignore compliance violations, may face disciplinary action up to and including termination of employment, personal liability for regulatory penalties, professional sanctions affecting their ability to work in the financial services industry, and criminal prosecution in cases of willful misconduct.
Regulatory and Criminal Penalties
Under Canadian law and the laws of other jurisdictions where we operate, money laundering and terrorist financing are serious criminal offenses carrying substantial penalties including imprisonment and significant fines. Organizations that fail to maintain adequate compliance programs may face regulatory sanctions including administrative monetary penalties, cease and desist orders, and revocation of licenses. We are committed to full compliance to protect our customers, our employees, our business, and the integrity of the financial system.
Contact Compliance
For AML inquiries, to report suspicious activity, or for any compliance-related questions