Purchase Crypto
Last updated on 04.03.2026

Anti‑Money Laundering and Counter‑Terrorist Financing (AML/CFT) Statement and Client Notice

1. Introduction

Unramp OOD ("Unramp", "we", "us", "our") is a private company limited by shares, incorporated under the laws of the Republic of Bulgaria, registered with company number 207160415 and having its registered seat at 22 San Stefano Str., San Stefano Plaza, entr. B, 5th fl., office 16, City of Sofia 1504, Bulgaria.

We operate an online platform available at unramp.com (the "Platform"), which allows retail Clients to buy crypto‑assets for their own private purposes. As a CASP in the process of authorisation, we are an obliged entity under the Bulgarian Measures Against Money Laundering Act (MAMLA), the Implementing Regulations for the Law on Measures Against Money Laundering (IRMAMLA), Law On Measures Against The Financing Of Terrorism And The Proliferation Of Weapons Of Mass Destruction, the EU AML Directives (including Directive (EU) 2015/849 and its amendments) and related regulations, hereinafter referred to as the “AML Package”.

Unramp is committed to applying rigorous AML/CFT measures to prevent our Platform from being misused for money laundering, terrorist financing or other financial crime.

This notice is a high‑level summary for Clients. It complements, but does not replace, our internal AML/CFT policies and procedures.

2. Client Eligibility Criteria

To use the Services provided through our Platform, you must meet all of the following eligibility criteria:

  1. You are a natural person acting on your own behalf and for your own account (we do not currently onboard legal entities or Clients acting as intermediaries or professional service providers).
  2. You are at least 18 years old and have full legal capacity to enter into and comply with our Terms and Conditions.
  3. You are not subject to EU, UN or other applicable sanctions, and you are not resident in a jurisdiction in which our Services are prohibited (see Section 6 below).
  4. You are transacting for legitimate purposes and not on behalf of any third party whose identity and source of funds are undisclosed.

We reserve the right to request evidence of compliance with these criteria at onboarding and throughout the business relationship, and to reject or terminate relationships that do not meet them.

3. Client Due Diligence (Identification and Verification)

In order to comply with MAMLA, EU AML Directives and related rules, we are required to identify and verify our Clients before providing Services, and in some cases during the ongoing relationship.

Depending on the risk profile and transaction type, we may collect and verify, among others, the following information and documents:

  1. Identification data: full name, date and place of birth, nationality, personal identification number (where applicable).
  2. Tax ID.
  3. Contact and address data: current residential address, country of residence, contact email and telephone number.
  4. Government‑issued photo identification: a valid passport, national ID card or, where permitted, driver’s licence.
  5. Proof of address: recent utility bill, bank statement, official certificate of residence or similar document issued within a recent period.
  6. Source of funds (SoF) and source of wealth (SoW): information and supporting documents evidencing how the funds used for transactions were obtained (e.g. payslips, employment contracts, tax returns, bank statements, sale agreements).
  7. Additional information: information about your occupation, main income sources, expected transaction volumes and frequency, and any other data required to understand and assess the AML/CFT risk.

We may use reliable and independent electronic identification tools and databases, including publicly available registers and specialised third‑party providers, in line with law and supervisory guidance.

If you do not provide the information and documents requested, or if we cannot verify them to our satisfaction, we may be unable to establish or continue a business relationship or to execute specific transactions.

4. Risk‑Based Approach

Unramp applies a risk‑based approach based on the AML Package regarding the crypto‑asset service providers.

We assess and manage money‑laundering and terrorist‑financing risks based on a range of risk factors, including:

  • Client‑related factors (e.g. profile, occupation, behaviour, Politically Exposed Person status);
  • product and service characteristics (e.g. type of crypto‑asset, payment methods, transaction size and frequency);
  • delivery channels (e.g. fully online onboarding, remote identification tools);
  • geographic risk (e.g. country of residence, location of counterparties, links to high‑risk jurisdictions).

Based on this assessment, we apply:

  • standard Client due diligence (CDD) for normal‑risk Clients;
  • simplified due diligence where strictly allowed by law and only for genuinely low‑risk situations;
  • enhanced due diligence (EDD) for higher‑risk situations, including high‑risk countries, higher transaction volumes, unusual patterns or PEP involvement.

Enhanced due diligence measures may include, among others:

  1. Obtaining additional identification documents or information;
  2. Conducting enhanced identity verification, such as liveness checks or video calls;
  3. Requesting more detailed SoF/SoW documentation and clarifications;
  4. More frequent and granular monitoring of transactions and behaviour;
  5. Approval of transactions or relationships by senior management;
  6. Refusing or restricting transactions that do not meet our risk appetite or legal obligations.

5. Ongoing Monitoring

We continuously monitor our Clients and their transactions to ensure that activities remain consistent with our understanding of the Client’s profile, risk rating and the origin and intended use of funds.

The ongoing monitoring includes, in particular:

  1. Identifying unusual or complex transaction patterns, such as rapid in‑and‑out movements, structuring (smurfing), or use of multiple wallets without a clear economic rationale.
  2. Checking for transactions that are inconsistent with the Client’s known profile, wealth or stated purpose of the relationship.
  3. Monitoring transactions involving high‑risk jurisdictions, offshore centres or jurisdictions with increased ML/TF risk.
  4. Screening Clients and relevant parties against sanctions lists and PEP/adverse‑media databases on an ongoing basis.
  5. Using blockchain analytics tools and other risk indicators to identify links to darknet markets, mixers, ransomware or other typologies associated with higher ML/TF risk, as recommended for CASPs.

Where our monitoring identifies unusual or suspicious activity, we may request additional information or documentation from you and, where necessary, report such activity to the competent authorities.

6. Prohibited Jurisdictions and Sanctions

Our Services may be accessed by domestic and international Clients who independently initiate contact with us, subject to our eligibility and risk criteria.

We do not offer Services to individuals or entities that:

  • are listed on international sanctions lists (e.g. United Nations, European Union, US OFAC) or equivalent national lists, or
  • are resident, established or located in jurisdictions subject to comprehensive sanctions or in other jurisdictions that we classify as prohibited for AML/CFT or risk‑management reasons.

As of the date of this notice, we do not onboard or service Clients located in, or transactions directly involving, the following countries or territories (non‑exhaustive list):

  • Afghanistan
  • Belarus
  • Cuba
  • Democratic Republic of the Congo
  • Iran
  • Iraq
  • Japan
  • Libya
  • North Korea
  • Russia
  • Sudan
  • South Sudan
  • Syria

We may update this list in line with changes in sanctions regimes, FATF listings, EU and Bulgarian governmental guidance and our internal risk assessment. We may also apply restrictions to specific regions, sectors or counterparties, even if not formally sanctioned, where we consider the AML/CFT risk to be unacceptably high.

7. Data Security and Privacy

We ensure the secure storage and handling of all Client data in accordance with applicable EU and Bulgarian data‑protection laws, including the GDPR and the Bulgarian Personal Data Protection Act.

Personal data collected and processed for AML/CFT purposes is used solely for:

  • fulfilling our legal obligations under MAMLA and EU AML legislation;
  • preventing and detecting money laundering, terrorist financing and related crimes;
  • complying with our regulatory and supervisory obligations.

We retain AML/CFT‑related data and documentation for the periods required by law (typically at least 5 years after the end of the business relationship or the date of an occasional transaction), and longer if required by applicable regulations or ongoing proceedings. After the retention period, data is deleted or irreversibly anonymised in line with our data‑retention policy. More detailed information is available in our Privacy and Cookie Policy.

We apply appropriate technical and organisational security measures, including access controls, encryption, secure storage, staff confidentiality obligations and regular reviews of our data‑protection framework.

8. Training and Awareness

We are ensuring that all relevant staff are properly trained and equipped to perform their AML/CFT responsibilities.

Our staff receive initial and ongoing training on:

  • AML/CFT laws and regulations applicable to Unramp (AML Package);
  • internal AML/CFT policies, procedures and risk‑based approach;
  • identification and handling of suspicious activity, including crypto‑asset‑specific typologies;
  • updates on regulatory changes, emerging risks and supervisory expectations for CASPs.

Training programmes are tailored to roles and responsibilities and are periodically reviewed and updated.

9. Reporting Obligations

As an obliged entity, we have a legal duty to report suspicious transactions, operations or circumstances that may be related to money laundering or terrorist financing to the competent Bulgarian AML authority (the Financial Intelligence Directorate of the State Agency for National Security, SANS) and other authorities where required.

Where we detect activity that we classify as suspicious or likely connected with money‑laundering and/or terrorist financing, we will:

  • file the relevant report(s) with the competent authority without informing the Client (tipping‑off prohibition), and
  • cooperate fully with law‑enforcement, supervisory and other competent authorities, including by providing information and documentation as required by law.

We may, in line with our legal obligations, delay or refuse to execute transactions or to provide the Services, where such measures are necessary.

10. Internal Controls and Governance

We maintain robust internal controls to ensure adherence to AML/CFT policies and procedures and to demonstrate effective compliance with applicable legislation.

Our internal AML/CFT framework includes, among others:

  • clear governance arrangements and assignment of responsibilities, including the appointment of a dedicated AML/CFT compliance officer;
  • written policies and procedures for CDD, risk‑assessment, ongoing monitoring, sanctions screening, reporting, record‑keeping and staff training;
  • documented risk‑assessment methodology for Clients, products, services, delivery channels and geographic exposure, regularly reviewed and updated;
  • independent testing and internal audits of AML/CFT controls;
  • periodic reporting of AML/CFT metrics and key risk indicators to senior management;
  • procedures for reviewing and updating policies and systems in light of regulatory changes, supervisory feedback and evolving typologies.

11. Right to Refuse or Terminate Service

In accordance with our legal and regulatory obligations, and our risk‑based approach, we reserve the right to:

  • decline to provide the Services;
  • suspend or refuse to execute a transaction;
  • restrict certain services;
  • Implementation of limitations;
  • terminate an existing relationship,

where:

  • you do not meet our eligibility or onboarding criteria;
  • you fail to provide information or documentation requested for AML/CFT purposes, or such information cannot be verified to our satisfaction;
  • you are identified as high‑risk or outside our risk appetite;
  • you are subject to sanctions or reside in a prohibited jurisdiction;
  • we have grounds to suspect money‑laundering, terrorist financing or other criminal activity, or to believe that continuing to provide services would breach applicable law.

In some cases, we may be legally prohibited from informing you of the specific reasons for our decision (for example, where this would constitute tipping‑off).

12. Platform Usage and Intended Purpose

Our Platform is designed for private, non‑professional use and for Clients acting for their own account. We primarily serve individual retail Clients and do not currently offer services to professional intermediaries, financial institutions or other legal entities. Using the Platform for:

  • professional money‑remittance or exchange services;
  • acting as an unregistered/unlicensed crypto‑asset service provider;
  • pooling funds for undisclosed third parties,

is strictly prohibited and may result in termination of the provided Services and reporting to the competent authorities.

13. Client Acknowledgement and Cooperation

By using our Platform and Services, you:

  • acknowledge and agree to comply with this AML/CFT Statement and Client Notice, as amended from time to time;
  • confirm that all information and documents you provide are accurate, complete and not misleading;
  • agree to cooperate fully, promptly and without delay with any reasonable requests we make for information or documentation in connection with our AML/CFT obligations;
  • understand that we may, in some circumstances, be legally required to delay or refuse transactions or to report your activity to the competent authorities, and that we may not always be able to inform you of this.

Failure to cooperate may result in restrictions on your use of the Platform and/or refusal of transactions.

14. Informational Notice

This present document is intended for informational purposes. It summarises, in accessible terms, key aspects of our AML/CFT framework as required under Bulgarian law and EU standards.

Unramp maintains detailed internal policies, procedures and controls that govern the practical implementation of these obligations, including more granular rules on CDD, monitoring, sanctions, reporting and record‑keeping.

15. Commitment to Compliance and Continuous Improvement

We are committed to complying with all applicable AML/CFT laws and regulations and to preventing the misuse of our Platform for illegal activities. Our policies and controls are designed to identify, manage and reduce AML/CFT risks and to ensure the integrity and transparency of our Services.

We continuously monitor regulatory and supervisory developments at the EU level and in Bulgaria and update our policies, systems and training programmes to ensure ongoing alignment with best practices.

16. Contact Details

If you have questions about this AML/CFT Statement and Client Notice or about our AML/CFT practices, you can contact us at:

Please note that we may not be able to provide details of specific internal procedures or reports where disclosure is restricted by law.

Remember that past performance is not a guarantee of future returns. Cryptocurrencies involve high risk, and an investment may both increase and decrease in value. There is no guarantee that you will recover the full amount invested.