Last updated: May 2026
This public policy is a summary for merchants, business users and counterparties. It does not replace the Company’s internal AML/CTF and Sanctions Policy, provider due diligence records, escalation workflows, risk assessments or contractual obligations.
This public Anti-Money Laundering, Counter-Terrorist Financing and Sanctions Policy (the “Policy”) summarises the principles and controls applied by G7 Company LLC, a company registered in Georgia, in connection with Nimera, its website, dashboard, APIs, software interfaces, merchant onboarding support, provider-led crypto acquiring support, technical integrations and related services (the “Services”).
Important role clarification. The Company does not itself provide regulated virtual asset, payment, acquiring, money remittance, exchange, brokerage, custody, wallet custody, settlement, banking or investment services. Any regulated virtual asset, payment, acquiring, exchange, conversion, transfer, custody, KYC/KYB/KYT, Travel Rule, sanctions screening, transaction monitoring or settlement functionality is performed by independent authorised, registered or licensed third-party provider(s) under their own regulatory permissions, compliance framework and customer terms.
For provider-led crypto acquiring flows, the relevant third-party provider is responsible for the regulated functions it performs, which may include end-user KYC/KYT, wallet screening, Travel Rule compliance, transaction monitoring, sanctions screening, checkout operation, execution, conversion, payment, transfer, settlement, refunds, reversals, suspicious activity reporting and recordkeeping. The Company may perform direct due diligence on its own merchants, business customers, partners and counterparties and may coordinate support or information requests.
Before materially integrating with or relying on a provider, the Company may conduct proportionate provider due diligence, including review of corporate status, licensing/registration, permitted services, AML/CTF and sanctions framework, restricted jurisdictions, prohibited business standards, data protection, adverse media, operational reliability and contractual responsibility allocation.
The Company may collect and verify information on direct merchants, business customers, partners, providers, beneficial owners, directors, authorised representatives and other counterparties where proportionate to the relationship and required by internal policy, law, contract or provider requirements.
Due diligence may include legal name, registration number, jurisdiction, address, website/domain, corporate documents, ownership and control, directors, authorised representatives, beneficial owners, nature of business, expected use of Services, source of funds/source of wealth where relevant, expected activity, countries involved, provider relationship and connection to high-risk jurisdictions.
Before onboarding a merchant for provider-led crypto acquiring support, the Company may review the merchant’s website, products/services, checkout wording, refund policy, terms and conditions, privacy notice, prohibited business exposure and public representations.
Access to certain Services or provider-controlled features may require identity verification, business verification, sanctions screening, PEP/adverse media screening, wallet screening, blockchain analytics, Travel Rule information, source of funds/source of wealth checks, transaction monitoring or other compliance controls. These checks may be performed by the Company for its direct relationships, by independent third-party providers for provider-controlled flows, or by both within their respective roles.
Monitoring may consider wallet addresses, blockchain exposure, device/account signals, geographic indicators, business model, transaction patterns, provider alerts, merchant website content, refund/reversal activity, suspicious behaviour and information provided by users, merchants or providers.
Enhanced due diligence may apply to higher-risk relationships or activity, including high-risk jurisdictions, PEP involvement, complex or opaque ownership, nominee arrangements, adverse media, sanctions proximity, crypto-related red flags, high transaction volumes, unusual business models, unclear source of funds, reluctance to provide information, mismatch between stated and observed activity or elevated provider/merchant risk.
Enhanced measures may include additional documents, beneficial ownership verification, source of funds/source of wealth information, licence/exemption checks, merchant website review, provider confirmations, limits, additional monitoring, Compliance Officer review and Senior Management approval where required.
The Company applies sanctions controls covering, at minimum, sanctions and restrictive measures applicable under Georgian law, United Nations sanctions and sanctions lists/requirements required by our providers, banks, payment partners or other counterparties. As an internal risk standard, we may also screen against EU, UK, OFAC and other sanctions lists where relevant to our cross-border exposure or contractual commitments.
We may screen merchants, business users, partners, providers, beneficial owners, directors, authorised representatives, wallet addresses, bank accounts, domains, IP/geolocation indicators and other relevant data points. Potential sanctions matches are escalated for compliance review. We may refuse, suspend, restrict or terminate relationships or features, reject wallet addresses or transactions, notify providers or authorities, or take other action where legally required or operationally possible.
The Services must not be used for illegal goods or services, fraud, scams, phishing, ransomware, darknet markets, terrorist financing, proliferation financing, sanctions evasion, human trafficking, child exploitation, illegal weapons, illegal drugs, stolen goods, counterfeit goods, unlicensed gambling, unlicensed financial services, unlicensed payment services, unlicensed money remittance, unlicensed investment/brokerage services, pyramid schemes, deceptive investment products or other activity prohibited by law, provider requirements or our risk appetite.
Activities that may be lawful in some jurisdictions but present heightened risk, such as high-risk crypto businesses, high-risk gaming, adult content, high-dispute businesses, high-risk digital goods, donation flows, cross-border remittance-like models, offshore structures, opaque ownership, privacy coin/mixer exposure or high-risk jurisdictions, may require enhanced review or may be refused.
If we identify unusual or suspicious activity, sanctions exposure, fraud, scam indicators, circumvention of provider controls, regulatory perimeter concerns or prohibited activity, we may restrict, suspend or terminate access, request additional information, preserve records, notify a provider, cooperate with investigations and submit reports or notifications to competent authorities where legally required and applicable to our role.
We do not disclose suspicious activity reviews, sanctions investigations, provider notifications, regulatory reports or law-enforcement inquiries to unauthorised persons where disclosure is prohibited or may prejudice an investigation.
Compliance records, due diligence files, provider allocation evidence, screening results, escalations, approvals, rejections, terminations, investigations and training records are maintained in accordance with applicable law, provider requirements and internal policy. Such records are confidential and may be accessed or disclosed only to authorised personnel, providers, auditors, advisers or competent authorities where necessary.
As a risk standard, compliance, due diligence, provider allocation, screening, escalation, rejection, termination and training records may be retained for at least five years after the end of the relevant relationship or activity, unless a different period is required by applicable law, provider requirements, litigation hold, regulatory request or legal advice.
We may update this Policy to reflect changes in law, regulatory guidance, sanctions regimes, provider requirements, business model, risk assessment or products. Questions or compliance reports may be submitted to support@nimera.io.
.png)
.png)
