Sign Up Login
Legal

Sanctions Policy

Malum Limited maintains a sanctions compliance programme designed to prevent the platform from being used by, or for the benefit of, persons or entities subject to international economic, financial, or trade sanctions. This policy summarises that programme.

Last modified 05/12/2026 Malum Legal Team

Table of Contents

  1. Scope and applicable regimes
  2. Screening
  3. Blocked jurisdictions
  4. Handling a sanctions match
  5. Reporting obligations
  6. Training and governance
  7. Consequences of breach
  8. Contact

Scope and applicable regimes

This policy applies to all Malum customers, merchants, end-users, employees, contractors and counterparties. We comply with sanctions imposed by the following authorities at minimum:

  • The UK Office of Financial Sanctions Implementation (OFSI), HM Treasury.
  • The US Office of Foreign Assets Control (OFAC), including the SDN, SSI and Consolidated Sanctions lists.
  • The European Union (Council Regulations and the EU Consolidated List).
  • The United Nations Security Council Consolidated Sanctions List.

Where stricter local sanctions law applies to a transaction, we comply with the stricter regime.

Screening

Sanctions lists are imported daily into our compliance database by an automated cron job (import-sanctions.php). Names, dates of birth, addresses, IP geolocation (via MaxMind GeoLite2), and where applicable beneficial owners are screened against the consolidated list at the point of:

  • Account creation and merchant onboarding.
  • Material changes to KYC information.
  • Each incoming and outgoing transaction.
  • Cryptoasset wallet addresses, against publicly attributed sanctioned addresses.

Blocked jurisdictions

Malum does not provide services to persons ordinarily resident in, or entities organised under the laws of, jurisdictions subject to comprehensive sanctions (currently Cuba, Iran, North Korea, Syria, the so-called Donetsk and Luhansk People's Republics, and Crimea). The full and current list of restricted countries is published at Geographic Restrictions.

Handling a sanctions match

Confirmed positive matches result in the following actions, taken without prior notice to the customer:

  1. Immediate freeze of the affected balance and suspension of access to the dashboard.
  2. Internal escalation to the Money Laundering Reporting Officer (MLRO).
  3. Filing of a Suspicious Activity Report (SAR) where required, and notification to the relevant competent authority.
  4. Refusal to release funds without authorisation from the relevant authority (for example an OFSI licence or OFAC release).
Tipping off. Malum personnel are prohibited from tipping off customers about the existence or content of a sanctions investigation or filed report. Limited information may be shared only as legally permitted.

Reporting obligations

Frozen-asset reports are filed with OFSI on the schedule required by HM Treasury, and OFAC blocked-property reports are filed within ten (10) business days of blocking. Records are retained for at least five (5) years.

Training and governance

All personnel receive annual sanctions training. The MLRO has direct reporting access to the Board and ownership of this policy. Independent assurance reviews of the sanctions programme are performed at least every twenty-four (24) months.

Consequences of breach

Attempting to use Malum in breach of sanctions law is a criminal offence in many jurisdictions and a material breach of our Terms of Service. We will terminate offending accounts, retain related funds for so long as the law requires, and cooperate fully with the relevant authorities.

Contact

OFSI licence questions, frozen-asset queries, and sanctions disclosures: [email protected]. The MLRO can be contacted at [email protected].

Last modified 05/12/2026