Legal

AML/CFT & Risk Policy

Last updated 7 May 2026 · Effective 7 May 2026

BAM NFT operates a risk-based program to prevent the misuse of the Service for money laundering, terrorist financing, sanctions evasion, and other financial crime. This page summarises the framework — the internal procedures, screening tooling, and record- keeping that implement it are non-public.

1. Legal framework

Our program is built around:

• the Norwegian Anti-Money Laundering Act (hvitvaskingsloven) and its implementing regulations;
• the EU’s anti-money-laundering directives (currently AMLD5 and forthcoming AMLR / AMLD6) as they apply to crypto-asset services in the EEA;
• Financial Action Task Force (FATF) recommendations, including the Travel Rule for virtual-asset transfers (FATF Recommendation 16); and
• sanctions regimes administered by the United Nations, the European Union, the United Kingdom, and the United States.

2. Where the controls live

Buyer-facing KYC, transaction screening, and chargeback monitoring are performed by our regulated payment and card-processing partners under their own AML/CFT licences and programs. We do not custody fiat balances and we do not custody buyer private keys.

On top of that we maintain our own internal controls covering:

• merchant onboarding (identity, beneficial-ownership, business purpose, source-of-funds where the engagement warrants it);
• wallet-address screening against sanctions lists and known high-risk addresses;
• transaction monitoring for patterns associated with structuring, velocity abuse, multi-account collusion, or sanctions evasion;
• enhanced due diligence on merchants based in higher-risk jurisdictions or operating higher-risk verticals;
• recording of decisions, escalations, and suspicious-activity referrals in an audit log retained for the period required by law.

3. What we ask of you

By using the Service you agree that:

• you are not located in, ordinarily resident in, or acting on behalf of a person located in any jurisdiction subject to comprehensive sanctions (currently including, without limitation, the Crimea, Donetsk, and Luhansk regions, the so- called DNR/LNR, Iran, North Korea, Syria, and Cuba);
• you are not, and you are not acting on behalf of, a person or entity on the consolidated sanctions list of the UN, the EU, the UK, or the United States Specially Designated Nationals list;
• you will not use the Service to launder the proceeds of crime, finance terrorism, evade taxes, or commit fraud;
• you will respond to reasonable requests for additional information from us or our payment partners, including identity documents and source-of-funds evidence, where law requires it or risk signals warrant it.

4. What we will and won’t do

We will refuse, freeze, reverse, or report transactions where we reasonably believe doing so is required by law or by the policies of our payment partners. Where we are legally required to file a suspicious-activity report, we cannot tip you off that we have done so and we cannot describe the contents of the report.

We will not act as a money-services business, run a crypto on-ramp, or facilitate the conversion of fiat to arbitrary crypto. The fiat-to-USDC/POL settlement that backs your NFT purchase is operated by our regulated payment partners; we are the merchant of record only for the digital good (the NFT).

5. Other risks

Section 7 of the Terms of Use sets out the blockchain and NFT-specific risks you accept by using the Service. In summary: blockchain transactions are irreversible, NFT prices are volatile, and nothing on the Service is investment advice or a promise of resale value.

6. Reporting concerns

If you suspect a misuse of the Service — sanctions evasion, laundering, terrorist financing, or another financial crime — email help@bamnft.com with the subject line “AML Concern”. Reports are reviewed in confidence.

7. Contact

General questions about this policy: help@bamnft.com. See also our Privacy Policy for how we handle the personal data we collect as part of these controls.