Anti-Money Laundering & Counter-Terrorism Financing (AML/CTF) Policy

Home > AML/CTF Policy

ZeroPact maintains internal procedures specifically designed to prevent and detect money laundering and terrorism financing risks, ensuring the legitimacy of corporate financial transactions and protecting the integrity of the company's corporate structure, in conceptual conformity with Portuguese Law no. 83/2017 of 18 August.

ZeroPact's AML/CTF program and guidelines are reviewed and updated periodically, and are formally approved and endorsed by the company's Executive Commission, ensuring the direct involvement of senior management in compliance decisions.

As a cornerstone of its AML program, ZeroPact requires the rigorous identification and mandatory verification of the identity of all of its investors and institutional counterparties of financial relevance at the very moment the business relationship begins (at the inception of the relationship). The acceptance of capital contributions, the subscription of investment rounds, or any inflow of corporate funds is not permitted without the prior collection, validation, and documentary filing of identification details and of the legitimacy of the ultimate beneficial owners (UBOs).

Given ZeroPact's strictly technology-based operating model — focused on the provision of automated, plug-and-play software under the SaaS (Software as a Service) model — the platform's end users and ordinary online customers are not subject to the corporate KYC/AML internal procedures applied to investors. The ordinary activity of marketing and subscribing to software does not qualify as a financial activity or a sector-specific regulated risk activity within the mandatory scope of Law no. 83/2017.

In line with ZeroPact's current size, organizational structure, and risk profile, the AML program focuses exhaustively on rigorous control and documentary validation at entry (at inception). For the purposes of transparency towards third parties and banking institutions, the company declares that its current program does not include an automated process of scheduled, recurring periodic review of the identification requirements of long-standing partners, without prejudice to case-by-case reassessments triggered by specific risk events.