GIFT CARD EXCHANGE

Anti-Money Laundering (AML) & Know Your Customer (KYC) Policy

  

Updated: 23 July 2025

Business Entity: GCX Group Pty Ltd
ACN: 644 988 938
ABN: 45 644 988 938
Trading As: Gift Card Exchange (https://www.giftcardexchange.com.au)
Jurisdiction: Australia
Compliance Framework: Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), AUSTRAC Guidelines

1. Overview

GCX Group Pty Ltd, trading as Gift Card Exchange (“we”, “us”, or “our”), is committed to preventing money laundering, terrorism financing, fraud, and other forms of financial crime.

This policy outlines our obligations and procedures under Australia's Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) regime, including the use of trusted third-party identity verification services.

2. Regulatory Context

As an Australian-based operator in the financial services and digital asset environment (gift card exchange, resale, and distribution), we recognise our legal obligation to:

  • Identify and verify the identity of customers and business partners (KYC/KYB)
  • Monitor transactions for suspicious activity
  • Report suspicious matters to AUSTRAC, the Australian Transaction Reports and Analysis Centre
  • Retain specific types of records in accordance with the AML/CTF Act and associated rules

3. Identity Verification (KYC/KYB)

To meet regulatory obligations and reduce risk, we require all users engaging in higher-risk activities (including but not limited to selling gift cards, large redemptions, bulk uploads, or suspicious patterns) to undergo identity verification.

We use iDenfy, a third-party, AUSTRAC-compliant verification provider, to perform:

  • KYC (Know Your Customer) checks for individual users
  • KYB (Know Your Business) checks for companies or corporate sellers
  • Liveness checks, biometric confirmation, and document scanning (e.g., passport, driver’s licence)

Note: Gift Card Exchange does not store or retain personally identifiable information (PII), such as ID documents, photos, or biometric data. All PII is securely processed by iDenfy in compliance with their own privacy policy and data protection obligations under GDPR and the Australian Privacy Act.

4. Transaction Monitoring

All activity on our platform is monitored using a combination of automated tools and manual review. We analyse:

  • Gift card volumes and velocity
  • Suspicious geographic access (e.g., use of proxies, TOR, VPNs)
  • Repeated failed payments or verification attempts
  • Unusual or structured transactions designed to avoid detection

Accounts exhibiting high-risk behaviour may be restricted, suspended, or permanently banned. Where appropriate, reports will be lodged with AUSTRAC.

5. Politically Exposed Persons (PEPs) & Sanctions

Our system screens all users against international sanctions and politically exposed persons (PEP) databases. We do not onboard or permit transactions from:

  • Individuals or entities listed on the AUSTRAC Sanctions List, DFAT, or UN Sanctions Consolidated List
  • Users from high-risk or sanctioned jurisdictions

6. Customer Due Diligence (CDD)

We apply risk-based CDD procedures based on customer profile, transaction size, and activity type. This may include:

  • ID verification for sellers and large buyers
  • Verification of payment method ownership
  • Review of transaction history and behaviour over time

In some cases, Enhanced Due Diligence (EDD) may be triggered, requiring additional documentation or manual compliance review.

7. Data Privacy & Retention

We maintain compliance with the Privacy Act 1988 (Cth) and do not store PII. KYC data is handled directly by iDenfy, who retains records in line with AUSTRAC and GDPR retention standards.

We only retain:

  • Non-personal transaction metadata (for fraud detection and legal compliance)
  • Logs of AML checks and outcomes
  • Email addresses and communication logs related to support and account recovery

8. Reporting Obligations

In compliance with AUSTRAC obligations, we may file:

  • Suspicious Matter Reports (SMRs) for suspected money laundering, fraud, or other illicit activity
  • Threshold Transaction Reports (TTRs) where applicable
  • International Funds Transfer Instructions (IFTIs) (though rare in gift card operations)

We are prohibited from notifying users when an SMR or TTR is submitted, as per the AML/CTF Act.

9. Staff Training & Audits

All team members involved in payment operations, support, or compliance receive AML/CTF awareness training. Internal audits are conducted periodically to ensure adherence to our obligations.

10. Breaches and Enforcement

Breaches of this policy, whether by customers or employees, are taken seriously and may result in:

  • Immediate account suspension or termination
  • Reporting to law enforcement or AUSTRAC
  • Legal action where applicable

11. Contact

For any questions about this policy or to raise a compliance concern:

📧 Email: [email protected]
📞 Phone: (03) 8397 7277
📬 Mail: P.O. Box 323, SANDRINGHAM VIC 3191, Australia