Due Diligence Policy

1. Policy title: Due Diligence Policy

2. Version: 1.0

3. Effective date: 15 June 2025

4. Review date: Annually, next applicable June 2026

5. Policy owner: Head of Operations

6. Policy sponsor: Intersect Executive Director

7. Purpose:

• The purpose of this Due Diligence Policy is to establish a structured, comprehensive, and iterative framework for thoroughly investigating and verifying information before Intersect commits to new contractual relationships, transactions, or projects with new individuals or businesses. This policy aims to identify, assess, and mitigate potential risks, ensuring that all critical aspects are understood. It provides a structured framework to ensure informed decision-making and uphold ethical and legal standards.

8. Scope:

• This policy applies to the beneficiary, as defined below, who enters into contractual relationships, transactions, or projects with Intersect or with Cardano Development Holdings (CDH) where Intersect is acting as its Administrator.

9. Principles:

• Key principles include risk-based assessment to vet the beneficiary and make all reasonable endeavours to ensure that legal and regulatory thresholds are met. Accordingly, Intersect will carry out Know Your Customer (KYC) and Know Your Business (KYB) through a third party due diligence provider, Sumsub.

10. Definitions:

• Beneficiary: Individual or Company who will be receiving funds and/or entering into contractual relationships with Intersect or with CDH where Intersect is acting as its Administrator.

• Cardano Development Holdings (CDH): CDH is a legal entity created to support the Cardano ecosystem by acting as the contracting counterparty for approved proposals.

• Intersect: Intersect serves as an Administrator within Cardano’s funding ecosystem, helping to operationalize community-approved proposals by coordinating due diligence, contracting, and on-chain disbursements. This role is grounded in the principles of transparency, decentralization, and adherence to the Cardano Constitution.

• Know Your Customer (KYC) - This is a full check designed to identify and verify customers, ensuring compliance and preventing fraud.

  • Identity Verification: This is a core component, involving the collection and verification of personal information like name, date of birth, and address. Sumsub supports over 14,000 types of IDs from 220+ countries and can extract data in various languages. This can be done through document-based verification (uploading photos of government-issued IDs like passports, driver's licenses, or ID cards) or non-document methods that rely on government databases.

  • Liveness and Deepfake Detection: To ensure the person is real and present, Sumsub employs facial biometrics and liveness checks. This technology helps confirm that the provided ID document is truly in the possession of its owner and protects against sophisticated fraud like deepfakes.

  • Proof of Address Verification: Customers are required to provide proof of residence, often through documents like utility bills or bank statements (usually no older than 3 months), which are then verified for authenticity and consistency with the provided address and name.

  • Anti-Money Laundering (AML) Screening: Sumsub performs checks against sanctions lists, watchlists (including Politically Exposed Persons (PEPs)), and adverse media (negative news) to assess the customer's risk profile and ensure they are not involved in illicit activities.

• Know Your Business (KYB) - this is a full check designed to verify the legitimacy of businesses and prevent fraud.

  • Automated Corporate Registry Checks: This process verifies and collects information about an organization and its beneficiaries from all registries. This verifies the organization's legal existence and ownership/management structure.

  • Corporate AML Screening: This is the process of assessing and verifying the legitimacy of corporate entities to ensure they are not involved in illicit activities like money laundering, fraud, or terrorist financing. It involves screening the company and its associated senior individuals against various databases for financial crime risks.

  • Sanctions, Watchlists, and Adverse Media Screening: This encompasses checking individuals and entities (both corporate and individual) against:

    • Sanctions lists: Official government and international lists of individuals, entities, or countries subject to financial or trade restrictions (eg, OFAC, UN, EU sanctions).

    • Watchlists: Databases of individuals or entities deemed high-risk due to involvement in financial crime, terrorism, or other illicit activities, often including PEPs and their associates.

    • Adverse media (or negative news): Publicly available information from news articles, online media, social media, and court records that indicates involvement in criminal activity, corruption, financial misconduct, or other reputational risks.

• Verification of uploaded company documents: This process involves cross-referencing and authenticating legal and financial documents (eg, certificates of incorporation, articles of association, financial statements, shareholder registers) submitted by a company. The aim is to confirm the organization's records to match with official records. This ensures validity in the company's legitimacy.

• Detailed review of ownership and management structure: This entails a thorough examination and mapping of a company's hierarchical relationships, including its shareholders, ultimate beneficial owners (UBOs), directors, senior executives, and other key decision-makers. The purpose is to identify who ultimately controls and profits from the company, ensuring transparency and uncovering any complex or opaque structures that could pose risks.

• KYC checks on associated individuals: This refers to the process of verifying the identity and assessing the risk profiles of key individuals connected to a company. These KYC checks typically involve collecting and verifying personal identification documents, and often include screening against sanctions lists, watchlists, and adverse media to comply with AML regulations.

• Manual review by legal team (up to 24 hours): This describes a human-led, in-depth examination of complex or high-risk cases related to company verification and compliance, performed by legal experts at Sumsub. This manual oversight ensures that intricate legal nuances, unusual structures, or flags identified by automated systems are thoroughly assessed and resolved within a specified timeframe, providing an extra layer of scrutiny.

• Editable and transparent company structure: This indicates a feature that allows the visual representation of a company's ownership and management hierarchy to be easily updated and clearly displayed. It ensures that changes in shareholders, directors, or beneficial owners can be accurately reflected and understood, promoting clarity and facilitating ongoing compliance monitoring.

• Support for complex compliance needs: This signifies the ability of a service or platform to handle and provide solutions for intricate and non-standard regulatory requirements faced by businesses. This includes adapting to varying international legal frameworks, managing multi-layered ownership structures, addressing specific industry regulations, and accommodating high-risk compliance scenarios that go beyond standard automated checks.

Note: Sumsub uses the Comply Advantage source to perform the AML checks. The Comply Advantage returns results with a specific match and Sumsub’s internal tools check this data and determine every match's accuracy and severity degree.

11. Policy statements:

• Anyone entering into a business relationship with Intersect or CDH will be required to complete a KYC or KYB, depending on the nature of the agreement.

• In combination, Intersect will also check that the country of incorporation of the beneficiary is not based in a country where cryptocurrency is illegal. A number of sources will be used to keep this list up-to-date (eg CCN).

  • Intersect will not engage with a beneficiary located in a country where cryptocurrency is illegal.

12. Roles and responsibilities:

• Intersect Operational Services Team: Responsible for ensuring that anyone wishing to enter into business with Intersect or CDH has undergone appropriate due diligence checks, mitigating any risks before establishing new contractual relationships, transactions, or projects.

• Beneficiary: Responsible for complying with Intersect due diligence policy, acting with transparency and providing:

  • Full Disclosure: Proactively disclose all relevant information, even if they perceive it as potentially negative. Hiding or misrepresenting facts can lead to a failed due diligence check.

  • Truthfulness: All information provided must be factually correct.

  • Completeness: Provide all requested documents and data without omission.

13. Procedures:

• Intersect Operational Services team will send the appropriate Sumsub KYC/KYB link to the individual for them to complete and submit the requested documents.

  • A KYC link is sent if the purpose of the agreement is with an individual.

  • A full KYB link is sent if the purpose of the agreement is with a company.

• Sumsub will then take the responsibility of running the checks as described in section 10 of this document.

• These checks can be instant or take up to 72 hours, depending on the level of the check or the information found on the beneficiary.

• Intersect may request Sumsub to do a manual verification if not satisfied with the outcome. This remains at the discretion of Intersect.

• Should the check be incomplete, the beneficiary may be requested by Sumsub to resubmit documentation to complement their case.

• On completion of the check, the Intersect Operational Services Team will inform the individual of the outcome.

• If the beneficiary fails their KYC or KYB then they will have the right to see the report provided by Sumsub and to challenge inaccuracies in the data findings.

• If Intersect determines that the beneficiary fails due diligence checks due to legitimate concerns—such as identification as a PEP, links to adverse media, or other significant risk factors—the beneficiary will be deemed too high-risk to proceed with the proposed business action. This decision is made to protect Intersect from potential legal, financial, and reputational exposures.

14. Monitoring and compliance:

• Monitoring: Repeat screening of beneficiaries who remain in business with Intersect will take place on a yearly basis.

• Compliance: Intersect remains compliant by utilizing a reputable third party, Sumsub, to conduct due diligence checks that follow ISO standards for Security, Risk and Quality Management.

15. Review and amendment:

To ensure the policy remains current and effective, it will be reviewed at least annually. In response to significant organizational changes or regulatory updates, the policy will be updated as required by the Intersect Operational Services team and approved via the Intersect Executive team.

16. Related documents/references:

This policy should be read in conjunction with the following documents, guidelines and regulatory frameworks:

• Governance and policy documents

  • Intersect as an Administrator

  • Transparency Policy

• External regulation and best practices

  • SumSub

  • Sumsub Trust Centre

  • CCN.com - owned and operated by Find.co, is a media outlet dedicated to cryptocurrencies, business, finance and technology.