1. General provisions
This Anti-Money Laundering and Counter-Terrorism Financing Policy (“Policy”) outlines the internal procedures and control mechanisms implemented by Alfacash UAB, operating under the trade name “Sheepy” (“Sheepy”, “Company”), to prevent the use of its Services for money laundering, terrorism financing, or any illicit purpose. Sheepy is incorporated in the Republic of Lithuania and complies with the Law on the Prevention of Money Laundering and Terrorist Financing, the Law on the Implementation of Economic and Other International Sanctions, relevant EU directives including AMLD5, and the recommendations issued by the Financial Action Task Force (FATF).
The Policy is approved by Sheepy’s Director and maintained by the appointed Money Laundering Reporting Officer (MLRO). It is reviewed and updated regularly in light of regulatory developments, risk assessments, and operational changes. The principles established herein are binding on all Sheepy Representatives who engage with business clients, conduct onboarding, manage transactions, or implement compliance operations. Sheepy ensures that all relevant staff receive AML/CFT training and have continuous access to this Policy.
Sheepy may, where legally permitted, disclose information about AML/CFT risk controls to third parties including correspondent institutions, regulatory authorities, or compliance counterparties who reasonably require such disclosures for their due diligence or onboarding processes. Merchants agree to cooperate fully and timely with such requests and acknowledge that refusal to cooperate may result in suspension or termination of access to the Services.
2. Risk-based approach and due diligence
Sheepy applies a risk-based approach to customer due diligence and ongoing monitoring. Before establishing any business relationship or executing transactions on behalf of a merchant, Sheepy must identify and verify the merchant’s identity and business structure. This includes identifying ultimate beneficial owners, verifying directors or authorized representatives, assessing the source of funds, and understanding the purpose and intended nature of the relationship. Sheepy collects supporting documentation such as company formation records, shareholder registries, governance documents, and identification of key individuals. Additional documentation may be requested to verify regulatory status, licensing, or jurisdictional exposure.
All merchants are required to complete Know Your Business (KYB) procedures through an onboarding portal integrated with Sumsub, enabling automated data collection and verification. This includes real-time checks, biometric and liveness detection, proof of address, device metadata, and video identification where required. For legal entities, Sheepy verifies incorporation, ownership and control structures, and beneficial ownership through official registries and independent sources.
Once KYB is completed, relevant natural persons such as shareholders or directors must undergo Know Your Customer (KYC) procedures. These include document verification, identity authentication, facial recognition, sanctions and PEP screening, and adverse media monitoring. Sheepy combines automated tools with human oversight to detect inconsistencies and apply enhanced due diligence where elevated risk is identified. Enhanced due diligence is mandatory for clients located in high-risk jurisdictions, operating opaque corporate structures, or conducting high-risk business activities.
Sheepy does not onboard clients associated with shell banks, anonymous entities, or unverifiable business activities, and refuses any relationship involving forged documentation or misleading declarations. No access to Services is granted before full completion and approval of onboarding checks. Sheepy performs periodic reviews and re-verifies client information throughout the duration of the business relationship.
Sheepy ensures consistent application of AML/CFT policies and procedures across its group entities, agents, or white-label partners. Affiliates and service providers are subject to equivalent AML standards, and their due diligence obligations must be met prior to data sharing, technical integration, or transactional activity.
Where due diligence obligations are outsourced to third-party vendors (e.g., KYC/AML platforms), Sheepy retains full responsibility for compliance. Contracts with such vendors include enforceable data protection clauses, audit rights, and service level agreements to ensure ongoing compliance. Sheepy regularly assesses the performance and reliability of such vendors and may change providers if compliance standards are not upheld.
3. Monitoring and transaction controls
Sheepy continuously monitors client activity to detect anomalies, abuse, or risk indicators. This includes analyzing transaction volume, frequency, counterparties, and contextual behavior. Unusual or structured transactions, activity inconsistent with the client’s profile, or dealings involving sanctioned or high-risk jurisdictions may trigger alerts for internal review by the MLRO.
All transactions are screened against global sanctions lists, PEP databases, law enforcement records, and adverse media sources. Real-time transaction monitoring systems log alerts, risk flags, and internal decisions. Sheepy escalates suspicious cases for further assessment and determines appropriate action based on risk exposure.
If at any point Sheepy determines that a Merchant has provided false or misleading information during the onboarding process or attempted to conceal beneficial ownership, ultimate control, or jurisdictional exposure, Sheepy reserves the right to terminate the Business Relationship with immediate effect, freeze any associated wallets, and file a report with FCIS or other relevant authorities without further notice.
4. Data collection and storage
Sheepy securely stores all onboarding and transaction-related data for a minimum of eight (8) years following the termination of the business relationship, or longer where legally required. This includes identity documentation, KYB and KYC files, risk assessments, transaction records, screening logs, communications, and regulatory reports.
Personal data is collected and processed in line with the General Data Protection Regulation (GDPR) and Sheepy’s Privacy Policy. All records are encrypted and access is restricted to authorized personnel only.
Notwithstanding the standard retention period, where a regulatory investigation is pending or reasonably anticipated, Sheepy shall retain relevant AML/CFT records until such investigation or enforcement proceedings are resolved. Merchants are not entitled to erasure of data during such periods if doing so would contravene legal retention obligations.
5. Suspicious activity reporting and regulatory compliance
If suspicious behavior or indicators of money laundering, terrorist financing, or sanctions evasion arise, the MLRO is notified without delay. Following internal analysis, the MLRO may file a Suspicious Activity Report (SAR) with the Financial Crime Investigation Service (FCIS) of Lithuania. Transactions involving €15,000 or more, whether in one or multiple linked operations, are also reported in accordance with Lithuanian AML law.
Sheepy may suspend such transactions and label the merchant profile with an internal “AML” marker pending investigation. Merchants are not notified of SAR filings or internal alerts. Disclosure of SAR filings to clients or third parties is strictly prohibited. Business relationships may be terminated at Sheepy’s discretion without explanation if AML/CFT concerns arise.
While Sheepy employs automated transaction monitoring and risk scoring solutions, final decisions involving potential service restriction, SAR reporting, or account closure are escalated to the MLRO or a designated compliance officer for human review. No automated process independently determines enforcement action without oversight.
6. International sanctions
Sheepy screens all clients and transactions against the consolidated list of persons and entities subject to United Nations, European Union, United Kingdom, and United States sanctions. The MLRO is responsible for implementing Sheepy’s sanctions screening program. If a merchant or associated party is found to be on a sanctions list, the MLRO will escalate the case to the Director and notify the relevant authorities. The merchant’s access will be restricted, and all services suspended pending regulatory clearance.
If additional information is required to determine sanctions exposure, Sheepy may request supporting documentation. Merchants are obliged to cooperate with such requests. Any attempt to circumvent sanctions screening, including the use of VPNs, misrepresenting country of origin, or obscuring beneficial ownership, constitutes a breach of this Policy and will result in termination of the relationship.
Sheepy re-screens all existing Merchants, their representatives, and beneficial owners against updated sanctions lists and PEP databases at regular intervals not exceeding ninety (90) days. Any matches identified during re-screening trigger immediate review by the MLRO and suspension of Services where necessary.
7. Jurisdictional restrictions
Sheepy does not provide services to individuals or entities resident, incorporated, or operating in jurisdictions designated as high-risk or under comprehensive international sanctions. Merchants attempting to bypass these restrictions using technical measures or false declarations are denied access to the Services. These jurisdictions include but are not limited to:
Afghanistan, Albania, Barbados, Belarus, Burkina Faso, Central African Republic, China, Cuba, Darfur, Democratic Republic of the Congo, Eritrea, Guam, Guinea-Bissau, Haiti, Iran, Iraq, Jamaica, Lebanon, Libya, Mali, Myanmar (Burma), Nicaragua, North Korea, Russia, Crimea and Sevastopol, Donetsk, Luhansk, Kherson, and Zaporizhzhia regions of Ukraine, Panama, Senegal, Somalia, South Sudan, Sudan, Syria, Trinidad and Tobago, Uganda, Venezuela, Yemen, Zimbabwe, and the United States of America (including its territories: Guam, Puerto Rico, American Samoa, and the U.S. Virgin Islands).
This list is subject to change at any time based on changes in law, official advisories, or internal risk assessments. Any attempt to bypass geographic restrictions is considered a material breach of these Terms.
8. Prohibited activities
Sheepy strictly prohibits the use of its Services, Website, API, or any part of its technical infrastructure for unlawful, abusive, deceptive, fraudulent, or otherwise inappropriate purposes. Merchants and their affiliates must not engage in any activity that poses a risk of regulatory breach, reputational harm, or misuse of financial systems. The following business activities, service models, and use cases are deemed incompatible with Sheepy’s AML/CFT obligations and risk appetite and are therefore not permitted.
Sheepy does not engage with or provide Services to any individual or entity involved in money laundering, terrorism financing, or the evasion of international sanctions. This includes the use of coin tumblers, mixers, or privacy-focused cryptocurrencies such as Monero or shielded Zcash to obscure fund flows. The operation of unregistered or unlicensed money service businesses, financial institutions, or virtual asset service providers is similarly prohibited.
Sheepy rejects any transactions involving or benefiting sanctioned individuals, entities, or jurisdictions as designated by international sanctions authorities including the United Nations, European Union, and Office of Foreign Assets Control (OFAC). Attempts to access Services from restricted jurisdictions, or routing of transactions through such regions using VPNs or proxies, are considered policy violations.
Fraudulent investment schemes such as Ponzi, pyramid, or multi-level marketing (MLM) structures, high-yield investment programs (HYIPs), and other deceptive practices are banned. Market manipulation activities, including spoofing, wash trading, and pump-and-dump schemes, are not tolerated. Impersonation of individuals or entities, submission of forged, stolen, or misleading KYC documentation, and unauthorized access to Sheepy’s systems constitute serious breaches.
Sheepy prohibits unlicensed securities offerings, investment advisory services, or token sales such as Initial Coin Offerings (ICOs), Initial Exchange Offerings (IEOs), or Initial DEX Offerings (IDOs). Unauthorized financial services such as lending, escrow, insurance, or brokerage are not allowed. The sale or distribution of illicit drugs, chemical precursors, firearms, explosives, counterfeit goods, human organs, or endangered species is strictly forbidden.
Merchants may not operate marketplaces, including those on the dark web, that facilitate any of the prohibited activities. Gambling, betting, lotteries, or games of chance without appropriate licensing and in contravention of applicable laws are not permitted. Sheepy also excludes any engagement with adult content platforms where the material is unlawful, exploitative, or not compliant with the laws of the applicable jurisdiction.
The distribution of malware, ransomware, spyware, or any malicious code, as well as phishing, denial-of-service attacks, credential stuffing, or other forms of cybercrime, are strictly prohibited. Unauthorized scraping, data harvesting, or reverse engineering of Sheepy’s infrastructure is likewise banned. False representation of affiliation, partnership, sponsorship, or endorsement by Sheepy without express written consent constitutes a breach of this Policy.
Merchants may not create multiple accounts to evade restrictions, abuse incentive structures, or manipulate fee schedules. Operational abuse, including excessive chargebacks or the generation of disproportionate volumes of transactional disputes, may result in immediate account review.
Sheepy reserves the right to determine, in its sole discretion, whether any behavior, transaction, or business activity constitutes a prohibited use. Where violations are suspected or confirmed, Sheepy may take enforcement actions including transaction blocking, account suspension, fund freezing, termination of Services, and reporting to law enforcement or regulatory authorities.
9. Enforcement and liability
The Director, MLRO, and other authorized Representatives are jointly responsible for ensuring implementation of this Policy. Any breach or suspected breach is addressed without delay and may result in disciplinary action, regulatory reporting, or termination of the business relationship. Sheepy is not liable for damages arising from suspension or termination of Services due to regulatory obligations or suspicious activity.
10. Contact and governance
Questions, concerns, or reports related to this Policy should be directed to the MLRO or Sheepy’s compliance team at [email protected]. This Policy is approved by the MLRO and Director and is reviewed at least annually or upon material changes in law, regulation, or business risk.
'%3e%3cpath%20d='M4%2013C4.325%2015.532%205.881%2017.781%208%2019'%20stroke='%231C1D39'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3cpath%20d='M20%2011.0002C19.7554%209.24041%2018.9391%207.60985%2017.6766%206.35969C16.4142%205.10953%2014.7758%204.30911%2013.0137%204.08175C11.2516%203.85438%209.46362%204.21268%207.9252%205.10144C6.38678%205.9902%205.18325%207.36013%204.5%209.00019'%20stroke='%231C1D39'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3cpath%20d='M4%205V9H8'%20stroke='%231C1D39'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3cpath%20d='M12%2015H14C14.2652%2015%2014.5196%2015.1054%2014.7071%2015.2929C14.8946%2015.4804%2015%2015.7348%2015%2016V17C15%2017.2652%2014.8946%2017.5196%2014.7071%2017.7071C14.5196%2017.8946%2014.2652%2018%2014%2018H13C12.7348%2018%2012.4804%2018.1054%2012.2929%2018.2929C12.1054%2018.4804%2012%2018.7348%2012%2019V20C12%2020.2652%2012.1054%2020.5196%2012.2929%2020.7071C12.4804%2020.8946%2012.7348%2021%2013%2021H15'%20stroke='%231C1D39'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3cpath%20d='M18%2015V17C18%2017.2652%2018.1054%2017.5196%2018.2929%2017.7071C18.4804%2017.8946%2018.7348%2018%2019%2018H20'%20stroke='%231C1D39'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3cpath%20d='M21%2015V21'%20stroke='%231C1D39'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_112_4974'%3e%3crect%20width='24'%20height='24'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cpath%20d='M8%206C8%205.46957%208.21071%204.96086%208.58579%204.58579C8.96086%204.21071%209.46957%204%2010%204H18C18.5304%204%2019.0391%204.21071%2019.4142%204.58579C19.7893%204.96086%2020%205.46957%2020%206V14C20%2014.5304%2019.7893%2015.0391%2019.4142%2015.4142C19.0391%2015.7893%2018.5304%2016%2018%2016H10C9.46957%2016%208.96086%2015.7893%208.58579%2015.4142C8.21071%2015.0391%208%2014.5304%208%2014V6Z'%20stroke='%231C1D39'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3cpath%20d='M4%2010C4%209.46957%204.21071%208.96086%204.58579%208.58579C4.96086%208.21071%205.46957%208%206%208H14C14.5304%208%2015.0391%208.21071%2015.4142%208.58579C15.7893%208.96086%2016%209.46957%2016%2010V18C16%2018.5304%2015.7893%2019.0391%2015.4142%2019.4142C15.0391%2019.7893%2014.5304%2020%2014%2020H6C5.46957%2020%204.96086%2019.7893%204.58579%2019.4142C4.21071%2019.0391%204%2018.5304%204%2018V10Z'%20stroke='%231C1D39'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_112_4982'%3e%3crect%20width='24'%20height='24'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
