Vendor Change Request Policy

1. Policy Title: Vendor Change Request Policy

2. Version: 1.0

3. Effective Date: 21.01.26

4. Review Date: 21.01.27

5. Policy Owner: Head of Procurement

6. Policy Sponsor: Director of Operations

Note: Following receipt of a change request, all subsequent transactions and smart contract payments may be temporarily paused until verification is complete and the request is processed.

7. Purpose:

• This policy defines the procedures for requesting, verifying and processing changes to vendor contract details and operational arrangements after contract execution. It applies to change requests submitted by a vendor’s Authorized Signatory or Designated Representative in accordance with the Vendor Delegation of Authority Policy. The policy ensures all changes are securely verified, properly authorized, auditable, and processed in a risk-based manner.

8. Scope:

This policy applies to all vendors with active contracts and encompasses the following types of changes:

• Wallet address or bank account detail changes

• Whitelist or approved account/address/system updates

• Vendor entity or company detail changes (company name, registration, address, tax information)

• Signatory or authorized representative changes

• Commercial and operational contract changes, including:

  • Milestone adjustments

  • Milestone delivery date changes

  • Pricing or cost changes

  • Payment terms or payment triggers

  • Other agreed operational updates

Excluded or at Intersects discretion:

• Amendments to legal clauses

• Liability or indemnity provisions

• Contract term or termination rights

9. Principles:

This policy is grounded in the principles of:

• Authorization: Only an Authorized Signatory or formally recognized Designated Representative may submit change requests.

• Verification: All change requests must be verified before implementation.

• Security: Additional safeguards apply to higher-risk financial changes.

• Auditability: All change requests, approvals, and actions are logged with method, date/time and verifier retained for internal audits.

• Risk-Based Controls: Verification steps are proportionate to the risk level of the requested change.

10. Definitions:

• Authorized Signatory: The individual who executed the vendor contract and has authority to bind the vendor.

• Authorized Representative: An individual formally delegated authority by the Authorized Signatory under the Vendor Delegation of Authority Policy.

• Change Request: Any formal request submitted by a vendor to update contractual, operational or payment-related details.

• Change Request Form (CRF): Form outlining the Vendor Change Request, signed off by the Authorized Signatory or Authorized Representative.

• High-Risk Change: Changes that affect financial instructions or payment destinations.

• KYC/KYB: Know Your Customer / Know Your Business identity verification process. For more information, read the Intersect Due Diligence Policy.

• Enhanced Verification: Additional checks which may include phone or video confirmation or further documentation review.

• Wallet Address: Blockchain wallet used for receiving payments.

• Vendor Whitelist: List of approved addresses for vendor fund withdrawals

• Verification Call: A phone call conducted to confirm the identity and intent of the individual requesting the wallet address change.

11. Policy Statements:

• All post signed contract changes must be submitted in writing via email and fill out a Change Request Form as provided by Intersect.

• Only Authorized Signatories or recognized Designated Representatives may request changes, as per the Vendor Delegation of Authority Policy. .

• No change will be implemented until required verification is completed.

• Requests outside delegated authority or within excluded categories require formal contract amendment.

• For financial or system-related changes, Intersect may temporarily pause related payments or system actions until verification is complete.

• All approved changes will be confirmed in writing and recorded for audit purposes.

12. Roles and Responsibilities

Vendor Authorized Signatory

• Appoints and maintains Designated Representatives.

• Submits or authorizes contract change requests in writing via email.

• Completes Change Request Form as requested by Intersect.

• Provides clarification where required.

Designated Representative

• Acts only within their delegated scope.

• Submits or authorizes contract change requests in writing via email.

• Completes Change Request Form as requested by Intersect.

• Provides supporting documentation or verification as requested.

Intersect Procurement and Operations Team

• Provide Change Request Form once received initial Change Request.

• Verify requester authority and documentation.

• Apply appropriate verification measures, including conducting verification calls for high-risk change requests.

• Process approved changes.

• Maintain logs of all change requests, Change Request Form, verification steps, and approvals, including method, date/time and verifier.

• Escalate out-of-scope requests to the Authorized Signatory.

13. Procedures

Submission of Change Requests

• Change Request Forms must be submitted in writing via email to [email protected] and cc in [email protected]

• Intersect will aim to respond within 10 working days. Should no response be received, the vendor is responsible for re-submission.

• Requests must clearly describe the proposed change and provide supporting documentation.

Verification

Intersect verifies:

• The vendor’s KYB records on file.

• The requester’s authority under the Vendor Delegation of Authority records.

• Supporting documentation for the requested change.

• For higher-risk changes, Intersect will require the requesting individual to complete KYC and may perform enhanced identity verification, including direct confirmation through a verification call or equivalent control. KYC of the requesting individual is only required for high-risk changes.

Processing

• Verified change requests are processed by Intersect.

• Out-of-scope or excluded changes are escalated for formal contract amendment.

• Approved changes are implemented and confirmed in writing and logged by Intersect.

• Where changes affect payments, Intersect may temporarily pause payments until verification is complete. Intersect reserves the right to pause payments for any change within the scope of this policy.

14. Verification Guidelines*

Guidelines are discretionary, but typical verification illustrated below.

*KYC is to prove legitimacy of the individual, not necessarily personal background checks.

15. Monitoring and Compliance:

• All change requests and approvals must be securely retained, including verification steps.

• Unauthorized or unverified requests will be rejected.

• Repeated non-compliance may result in delayed processing or contractual remedies.

16. Review and Amendment

This policy will be reviewed annually by the Policy Owner or earlier if required by operational, contractual, or regulatory changes. Amendments require approval from the Policy Sponsor.

17. Related Documents / References

• Vendor Delegation of Authority Policy

• Delegation of Authority Form

• Intersect Due Diligence Policy