“KNOW YOUR CUSTOMER” ANTI-MONEY LAUNDERING POLICY

Last Updated: May 12, 2022

1. Everbloom Anti-Money Laundering (AML) Policy Statement

It is the policy of Everbloom (Everbloom, we, us, or our) to prohibit and actively prevent money laundering and any activity that facilitates money laundering or the funding of terrorists or criminal activity.

Money laundering is generally defined as engaging in acts designed to conceal or disguise the true origin of criminally derived proceeds so that the unlawful proceeds appear to have derived from legitimate origins or constitute legitimate assets. Generally, money laundering occurs in three stages:

Placement: Cash generated from criminal activities is converted into monetary instruments, such as money orders or traveler's checks, or deposited into accounts at financial institutions.

Layering: Funds are transferred or moved into other accounts or other financial institutions to further separate the money from its criminal origin.

Integration: Funds are reintroduced into the economy and used to purchase legitimate assets or to fund other criminal activities or legitimate businesses.

Terrorist financing may not involve the proceeds of criminal conduct, but rather an attempt to conceal the origin or intended use of the funds, which will later be used for criminal purposes. Because Everbloom provides an open marketplace for non-fungible tokens (NFTs), there is a very small but real risk of criminal activity through the purchase or sale of NFTs.

2. AML Compliance Officer Designation and Duties

As required under the USA Patriot Act of 2001 (PATRIOT Act), Everbloom designates Fortress as the Anti-Money Laundering Compliance Officer (AMLCO), with full responsibility for Everbloom's AML program. The AMLCO will ensure:

Everbloom's AML Program is implemented effectively, including monitoring compliance by the Everbloom's officers and employees with their obligations under the program;

The AML program is updated, as necessary; and

Appropriate persons are educated and properly trained.

3. Sharing AML Information with Federal Law Enforcement Agencies

Everbloom will respond to any Financial Crimes Enforcement Network (FinCEN) request about accounts or transactions by immediately searching our records to determine whether we maintain or have maintained any account for, or have engaged in any transaction with, each individual, entity, or organization named in FinCEN's request. Upon receiving an information request, the AMLCO is to be responsible for responding to the request and similar requests in the future. Unless otherwise stated in FinCEN's request, we are required to search current accounts and transactions, accounts maintained by a named suspect during the preceding 12 months, and transactions conducted by or on behalf of or with a named subject during the preceding six months. If we find a match, we will report it to FinCEN by completing FinCEN's subject information form in a timely manner. If we search our records and do not uncover a matching account or transaction, then we will not reply as allowed under Section 314(a) of the PATRIOT Act.

We will not disclose the fact that FinCEN has requested or obtained information from us, except to the extent necessary to comply with the information request. We will maintain procedures to protect the security and confidentiality of requests from FinCEN, as required by Section 501 of the Gramm-Leach-Bliley Act.

4. Checking the Office of Foreign Assets Control (OFAC) Lists

Before approving any transactions which may potentially involve money laundering we will check to ensure that a potential buyer or seller does not appear on the Treasury's OFAC Specifically Designated Nationals and Blocked Persons List (SDN List), and is not from, or engaging in transactions with people or entities from, embargoed countries and regions listed on the OFAC website (see www.treas.gov/offices/enforcement/ofac/sdn/index.html).

In the event that we determine a potential buyer or seller, or someone with or for whom the potential buyer or seller is transacting, is on the SDN List or is from or engaging in transactions with a person or entity located in an embargoed country or region, we will reject the transaction and if there is sufficient concern we may also call the OFAC Hotline at 1 (800) 540-6322.

5. Identification and Verification

Everbloom has established, documented, and maintained a written Identification Program. We will collect certain minimum identification information from each Everbloom user and provide notice to each user that we will seek identification information and compare that with government-provided lists of suspected terrorists referenced above.

a. Required Identification Information

Everbloom is a closed-loop marketplace. As such, Everbloom only requires screening for users who conduct transactions above $2,999.99.

Prior to approving any transaction that meets or exceeds $2,999.99, we will collect the following information from all users involved in the transaction: first name, last name, residential address, an Army Post Office ("APO") or Fleet Post Office ("FPO") number (if applicable), a country or state-issue identification number, such as a driver's license or passport or any other government-issued document evidencing nationality or residence and bearing a photograph or other similar safeguard (for non-U.S.-based persons). We will not approve a transaction in the event that a user cannot prove his or her identity to the satisfaction of the AMLCO.

b. Users Who Refuse to Provide Identification Information

If a user either refuses to provide the information described above when requested, or appears to have intentionally provided misleading information, Fortress and Everbloom will reject the transaction. In either event, the AMLCO will be notified so that we can determine whether we should report the situation to FinCEN.

c. Verification of Information

Based on the risk, and to the extent reasonable and practicable, we will ensure that we have a reasonable belief that we know the true identity of our users by using risk-based procedures to verify and document the accuracy of the information we get about our users. In verifying user identity, we will analyze any logical inconsistencies in the information we obtain.

We will verify user identity through documentary evidence, non-documentary evidence, or both. Due to increased instances of identity fraud, we will supplement the use of documentary evidence by using the non-documentary means described below whenever possible. We may also use such non-documentary means, after using documentary evidence, if we are still uncertain about whether we know the true identity of the user. In analyzing the verification information, we will consider whether there is a logical consistency among the identifying information provided, such as the user’s name, street address, zip code, telephone number (if provided), date of birth, etc.

Appropriate documents for verifying the identity of users include, but are not limited to, the following: For an individual, an unexpired government-issued identification evidencing nationality, residence, and bearing a photograph or similar safeguard, such as a driver's license or passport;

We understand that we are not required to take steps to determine whether the document that the user has provided to us for identity verification has been validly issued and that we may rely on a government-issued identification as verification of a user's identity. However, if we believe that the document shows some obvious form of fraud, we must consider that factor in determining whether we can form a reasonable belief that we know the user's true identity.

We may use any or all of following non-documentary methods of verifying identity:

Contacting a user;

Independently verifying the user's identity through the comparison of information provided by the user with information obtained from a consumer reporting agency, public database, employer or other source;

Checking references with financial institutions;

We will use non-documentary methods of verification in the following situations: (1) when the user is unable to present an unexpired government-issued identification document with a photograph or other similar safeguard; (2) when Fortress is unfamiliar with the documents the user presents for identification verification; (3) when there are other circumstances that increase the risk that Fortress will be unable to verify the true identity of the user through documentary means.

d. Recordkeeping

We will maintain records of all identification information and verification information obtained for five years after the transaction is completed.

e. Notice to Users

We will provide notice to user that Fortress will be requesting information from them to verify their identities, as required by federal law. We will give notice to users regarding the policy either verbally or as a plainly posted notice such as:

To help the government fight the funding of terrorism and money laundering activities, federal law requires us to obtain, verify, and record information that identifies each person who engages in financial transactions through the Everbloom website or application. We will ask for your name, address and other information that will allow us to identify you. We may also ask to see your driver's license or other identifying documents.

6. Monitoring Transactions for Suspicious Activity

a. Detecting Red Flags

Red flags that signal possible money laundering or terrorist financing include, but are not limited to:

The user exhibits unusual concern about Everbloom's compliance with government reporting requirements or AML policies or is reluctant or refuses to reveal any information concerning personal finances or furnishes unusual or suspicious identification or documents.

The information provided by the user that identifies a legitimate source for funds is false, misleading, or substantially incorrect.

Upon request, the user refuses to identify or fails to indicate any legitimate source for his or her funds and other assets when making large payments.

The user (or a person publicly associated with the user) has a questionable background or is the subject of news reports indicating possible criminal, civil, or regulatory violations.

The user exhibits a lack of concern regarding transaction costs.

The user has difficulty describing the nature of his or her business.

The user makes unexplained or sudden payments involving cash or cash equivalents or other monetary instruments that appear to be structured to avoid government reporting requirements, especially if the cash or monetary instruments are in an amount just below reporting or recording thresholds.

The user requests that a transaction be processed to avoid the Everbloom’s normal documentation requirements. The user has inflows of funds or other assets well beyond the known income or resources of the user.

b. Responding to Red Flags and Suspicious Activity

When Everbloom detects any red flag they will investigate further under the direction of the AMLCO. This may include gathering additional information internally or from third-party sources, contacting the government or filing a suspicious activity report (Form SAR). Fortress is obligated to report suspicious transactions that are conducted or attempted by, at or through a loan or finance company and involve or aggregate at least $5,000 in funds or other assets. We recognize that transactions are reportable under 31 U.S.C. 5318(g) regardless of whether they involve currency. Form SARs will be filed no later than 30 days after initial detection.

Fortress is provided with the same “safe harbor” as provided for other financial institutions protecting lenders and their employees recognizing they must feel free to report suspicious transactions, and to share information in the employment context about individuals involved in misconduct, without fear of liability.

7. AML Recordkeeping

a. Suspicious Activity Report (SAR) Maintenance

We will hold SAR and any supporting documentation confidential. We will not inform anyone outside of a law enforcement or regulatory agency about a SAR. We will segregate SAR filings and copies of supporting documentation from other Everbloom books and records to avoid disclosing SAR filings.

b. Responsibility for AML Records and SAR Filing

Our AMLCO, Fortress, will be responsible to ensure that AML records are maintained properly and that any SARs are filed as required.

c. Records Required

As part of our AML program, Fortress will create and maintain SAR and other relevant documentation on user identity and verification, as well as fund transfers, transmittals and any records related to user listed on the OFAC list. We will maintain SAR and their accompanying documentation for at least five years.

d. Monitoring Employee Conduct and Accounts

We will subject employee transactions to the same AML procedures as user accounts, under the supervision of the AMLCO.

e. Confidential Reporting of AML Non-Compliance

Employees will report any violations of Everbloom's AML compliance program to the AMLCO, unless the violations implicate the AMLCO, in which case the employee shall report to an appropriate member of Everbloom's senior management. Such reports will be confidential, and the employee will suffer no retaliation for making them.

f. Additional Areas of Risk

Everbloom has reviewed all areas of its business to identify potential money laundering risks that may not be covered in the procedures described above and is continually working to improve its AML program.of this agreement.