Anti-Bribery & Anti-Corruption Policy

1. Introduction

XchangeOn FZCO (the “Company” or “XchangeOn”) is committed to conducting its business with the highest standards of integrity, transparency, and accountability. In accordance with the Virtual Assets and Related Activities Regulations (2023) (“VARA Regulations”) and the VARA Company Rulebook (Part IV) and Market Conduct Rulebook (Part II), the Company maintains a zero-tolerance approach to bribery and corruption. All employees, officers, directors, agents, and third-party intermediaries acting on behalf of XchangeOn must comply fully with applicable anti-bribery and anti-corruption laws, including UAE Federal Law No. 3 of 1987 (as amended), and any other relevant statutes of jurisdictions in which XchangeOn operates.

2. Purpose

This Anti-Bribery & Anti-Corruption Policy (the “Policy”) establishes clear standards and procedures to:

  • Prevent and detect bribery, corruption, and any form of improper inducement in all Company dealings;
  • Ensure that XchangeOn’s employees and representatives avoid conflicts of interest that could compromise regulatory compliance or client interests;
  • Safeguard XchangeOn’s reputation by fostering a culture of ethical conduct; and
  • Fulfill VARA’s requirement that a VASP maintain robust controls to mitigate bribery and corruption risk (VARA Company Rulebook Part II).

3. Scope

This Policy applies to:

  • All XchangeOn employees, officers, directors, and members of the Board (“Employees”);
  • All contractors, consultants, agents, and intermediaries engaged to act for or on behalf of XchangeOn;
  • All business activities and transactions conducted in connection with XchangeOn’s Virtual Asset Exchange Services, whether in the Emirate of Dubai or any other jurisdiction.

4. Definitions

This Anti-Bribery & Anti-Corruption Policy (the “Policy”) establishes clear standards and procedures to:

  • Bribery: Offering, giving, receiving, or soliciting anything of value (monetary or non-monetary) to influence an individual in a position of trust to act improperly.
  • Corruption: Abuse of entrusted power for private gain.
  • Facilitation Payment: A payment made to expedite or secure the performance of a routine governmental action.
  • Gift: Anything of value (cash, cash equivalent, goods, services, or entertainment) provided to or received from any third party.
  • Hospitality: Meals, travel, lodging, event tickets, or any form of entertainment extended to or received from third parties.
  • Conflict of Interest: Any situation where personal interests, or those of a related party, could influence—or appear to influence—an Employee’s objectivity in performing XchangeOn duties.

5. General Prohibitions

  • The Company and its Employees must not, under any circumstances:
    • Offer, promise, or give any gift, hospitality, or payment to any public official, client, or third party with the intent to influence business decisions or secure an improper advantage;
    • Solicit or accept any gift, hospitality, or payment from any person or entity if it is intended to induce or reward improper performance or violate any law or regulation;
    • Make any facilitation payment, except in extreme circumstances involving a threat to health, safety, or liberty—and even then, only with prior approval from the CEO and subsequent immediate reporting to the Compliance Officer;
    • Use charitable contributions, sponsorships, or political donations as a disguised means to confer improper advantages;
    • Act as an intermediary, directly or indirectly, for any payment or benefit that may constitute a bribe or violate anti-corruption laws.
  • Engaging in or facilitating any form of corruption or bribery constitutes a disciplinary offense and may result in immediate termination and referral to UAE competent authorities.

6. Gifts, Hospitality & Entertainment

  • Permitted Gifts & Hospitality (Nominal & Business-Related):
    • Employees may accept or offer gifts or hospitality (e.g., business meals, tokens of appreciation) only if all the following conditions are met:
      • The gift or hospitality is reasonable, infrequent, and in line with customary market practice;
      • Its aggregate value does not exceed USD 400 (or equivalent);
      • It is not given with the intent to influence any business decision or reward past conduct; and
      • It would not place the recipient under any obligation.
  • Approval & Recording Requirements:
    • Gifts or hospitality with a value in excess of USD 400 (AED 1,469) must be pre-approved in writing by the recipient’s line manager. If the recipient is a line manager or executive, approval must come directly from the CEO or the Board Chair.
    • All accepted or provided gifts/hospitality (regardless of value) must be registered within five (5) business days in the Company’s “Register of Gifts & Hospitality” maintained by the Compliance Officer (see Section 8.1).
  • Prohibited Gifts & Hospitality:
    • Cash or cash equivalents (gift cards, vouchers, loans);
    • Any gift or entertainment that could create an actual or perceived conflict of interest;
    • Any gift or hospitality extended to a government official, regulator, or public body that could be construed as seeking to influence official actions or decisions.

7. Facilitation Payments & Kickbacks

  • Prohibition:
    • Facilitation payments—small payments intended to expedite routine administrative or governmental actions—are considered bribes under UAE law and are strictly prohibited, except in circumstances where an Employee’s health, safety, or liberty is at immediate risk.
  • Exception & Reporting:
    • In the event of an extreme emergency (e.g., to secure safe release from detention), a facilitation payment may be made only with prior verbal approval from the CEO (wherever feasible) and must be reported immediately to the Compliance Officer upon return, with full documentation of the circumstances.
  • Kickbacks:
    • The offering or acceptance of kickbacks (i.e., payments, goods, or services given in return for preferential treatment) is strictly forbidden.

8. Conflicts of Interest

  • Employees must avoid any situation where personal interests—or those of a family member or close associate—conflict, or appear to conflict, with XchangeOn’s interests.
  • Any actual, potential, or perceived conflict of interest must be disclosed promptly to the Compliance Officer or a manager and is subject to review and resolution under XchangeOn’s Conflicts of Interest Policy.

9. Register of Gifts & Hospitality

  • The Company shall maintain a centralized “Register of Gifts & Hospitality” (the “Register”), managed by the Compliance Officer. For each gift or hospitality event (received or provided) with a value exceeding USD 400, the Register must record:
    • Date of gift or hospitality
    • Name and position of the recipient
    • Name, position, and organisation of the giver
    • Description of gift, hospitality, or entertainment
    • Estimated monetary value
    • Approval details (approving manager/CEO and date)
    • Any relevant comments or context
  • The Register shall be reviewed by the Compliance Officer on a monthly basis, and summaries shall be reported to the Board’s Audit & Risk Committee quarterly.

10. Donations & Charitable Contributions

  • XchangeOn may make donations to bona fide charitable organisations or causes, provided that:
    • They are not made to influence any public or private decision
    • They are not made to political parties, public officials, or government entities
    • They are pre-approved in writing by the Board Chair and recorded in the “Donations Register”
  • Contributions to political parties or candidates are expressly prohibited.

11. Third-Party Intermediaries & Agents

  • Engaging intermediaries, consultants, or agents to facilitate business dealings may create heightened bribery risk. All third-party intermediaries must undergo enhanced due diligence, and any payments to such parties must be transparent, documented, and justifiable as fair market value for bona fide services.
  • No commission, fee, or payment may be made to any third party—directly or indirectly—if there is a reasonable suspicion it will be passed onward as a bribe.

12. Reporting, Investigations & Whistleblower Protection

  • Raising Concerns: Any Employee, Board member, or third party who observes or suspects a violation of this Policy must immediately report the concern to the Compliance Officer atcompliance@xchangeon.io or via the Company’s confidential whistleblower atreport@xchangeon.io.
  • Investigation Process: Upon receiving a report of potential bribery or corruption, the Compliance Officer shall:
    • Open a formal investigation file and preserve all relevant evidence;
    • Appoint an independent, qualified investigator (internal or external) to review the matter and prepare a written report;
    • Maintain confidentiality of all individuals involved, in accordance with UAE data privacy laws and VARA’s Information Security standards;
    • Inform the Board’s Audit & Risk Committee of the existence and status of the investigation (without breaching confidentiality requirements);
    • Upon conclusion, deliver the investigator’s findings to the Board;
    • If wrongdoing is confirmed, implement appropriate corrective actions—including disciplinary measures up to and including termination—and report the matter promptly to VARA and other competent authorities, as required by law.
  • Whistleblower Protection: No Employee who in good faith reports actual or suspected wrongdoing under this Policy shall suffer any retaliation, discrimination, or harassment. Any such retaliatory conduct is itself a violation of this Policy and will be subject to disciplinary action.

13. Training & Communication

  • The Compliance Officer shall ensure that:
    • All Employees, officers, and Board members receive mandatory training on this Policy upon hire and at least annually thereafter;
    • All new third-party intermediaries are informed of XchangeOn’s zero-tolerance stance on bribery and corruption and sign a written acknowledgment of this Policy;
    • Annual updates to the Policy (or any high-profile enforcement actions) are communicated promptly to all Employees and directors.

14. Monitoring, Audit & Recordkeeping

  • 14.1 Ongoing Monitoring:
    • The Compliance Officer shall conduct periodic reviews (at least annually) of the Register of Gifts & Hospitality, Donations Register, and third-party intermediary contracts to verify compliance with this Policy.
  • 14.2 Internal Audit:
    • The Internal Audit department shall include anti-corruption controls in its annual audit plan, performing independent testing of high-risk areas (e.g., expense reimbursement, vendor payments, gift approvals).
  • 14.3 Record Retention:
    • All records relating to gifts, hospitality, donations, facilitation payments, and investigations shall be retained for a minimum of eight (8) years from the date of creation, in compliance with VARA’s record-keeping requirements.

15. Non-Compliance & Disciplinary Measures

  • 15.1 Any breach of this Policy by an Employee may result in disciplinary action, up to and including immediate termination for cause.
  • 15.2 Any breach by a third-party service provider may lead to suspension or termination of the contractual relationship, and potential referral for legal action as permitted by applicable laws.

16. Reporting to VARA

XchangeOn shall promptly notify VARA of any confirmed or suspected bribery or corruption incident that could materially affect its operations, reputation, or regulatory compliance. Such notice shall include a summary of the incident, remedial actions taken, and any regulatory filings made with other authorities (e.g., U.A.E. Ministry of Justice, Dubai Public Prosecution).

17. Review & Update

  • a) This Policy shall be reviewed at least annually by the Compliance Officer and presented to the Board for approval.
  • b) Any amendments required by changes in applicable laws, VARA’s rulebooks, or material incidents shall be implemented without delay.

Approval

Approved by the Board of Directors on 05-06-2025.

Prepared by: CCO