AMLR&EA Privacy Policy

Effective Date: January 31, 2020

Last Updated: April 30, 2025

At AMLR&EA (Anti-Money Laundering Recovery & Enforcement Alliance), we are committed to protecting the confidentiality, integrity, and lawful handling of all data processed through our systems. This Privacy Policy outlines the types of data we collect, how we use and safeguard that data, and the rights and obligations of institutional users and cooperating agencies.

1. Scope of this Policy

This Privacy Policy applies to all data processed by AMLR&EA through its intelligence systems, investigative platforms, and cooperation channels. It covers: Law enforcement and regulatory partners Financial institutions under compliance cooperation agreements System users authorized by competent authorities Note: AMLR&EA is not accessible to the general public, and we do not collect personal data from private individuals or unauthorized users.

2. Information We Collect

AMLR&EA collects and processes the following categories of information strictly for anti-money laundering, fraud prevention, and regulatory enforcement purposes: Blockchain Metadata: Wallet addresses, smart contracts, transaction hashes, timestamps, and cross-chain movement logs. Suspicious Network Activity: IP addresses, session headers, login attempts, behavioral patterns associated with illicit financial behavior. KYC & Beneficial Ownership Data: Shared by law enforcement or regulators as part of investigations; includes names, IDs, residency, and affiliations. Audit Trails & System Logs: Internal logs to ensure user accountability, data traceability, and compliance with cooperation protocols. Open-Source and Public Records: Data acquired from regulatory filings, public block explorers, or legally available registries. AMLR&EA does not collect biometric, health, or unrelated consumer information. We also do not scrape or mine data from social media or commercial sources.

3. Purpose of Data Collection

AMLR&EA collects and processes information strictly for the following lawful and institutional objectives: AML/CFT Analysis: Identifying and analyzing patterns of money laundering, terrorist financing, and related predicate offenses. Enforcement Support: Providing technical, forensic, and analytical assistance to ongoing criminal or regulatory proceedings. Asset Tracing & Victim Protection: Supporting recovery processes through validated datasets and jurisdictional mappings. Platform Enhancement: Improving the accuracy and effectiveness of AI models and case detection tools through anonymized training data. AMLR&EA does not use personal data for advertising, profiling, or marketing purposes.

4. Data Sharing and Disclosure

AMLR&EA does not sell, license, or disclose any user data or investigative intelligence to private actors, including: Law firms Asset recovery companies Third-party commercial analytics providers Insurance, lending, or credit institutions Data is shared exclusively with verified government agencies and regulatory authorities under one or more of the following conditions: Written cooperation agreement or MOU Judicial or regulatory request consistent with applicable laws Joint task force participation or subpoena order All disclosures are subject to need-to-know and minimum necessary standards.

5. Data Security and Storage

AMLR&EA applies robust technical and organizational safeguards to protect data against unauthorized access, loss, or misuse. These include: End-to-end encryption (AES-256, TLS 1.3) Role-based access control with multi-factor authentication Secure physical hosting in government-compliant data centers Immutable audit logs for every access or data transaction Scheduled vulnerability assessments and penetration testing Data is stored only as long as necessary for the investigative or regulatory purpose for which it was collected, and is then securely deleted in accordance with retention policies.

6. International Transfers

AMLR&EA may transfer data across jurisdictions for legitimate enforcement collaboration. In such cases, we ensure: Data remains within trusted enforcement networks Receiving jurisdiction has adequate legal protections (e.g., GDPR equivalency, MLAT in place) Transfers are documented and auditable We do not transfer sensitive data to countries lacking basic legal safeguards unless mandated by law or treaty-based request.

7. Your Rights and Responsibilities

If your agency or institution has submitted data to AMLR&EA, you may: Request a record of what was submitted and how it is used Request correction or deletion of inaccurate entries Appoint a compliance officer to coordinate reviews These requests must come from the designated authority or data protection officer (DPO) in writing and may be subject to national law constraints (e.g., ongoing investigations).

8. Updates to this Privacy Policy

AMLR&EA may revise this policy from time to time to reflect legal changes, operational needs, or feedback from cooperating agencies. The updated policy will be published with an updated “Effective Date.” We encourage all institutional users to review the Privacy Policy regularly. Continued use of AMLR&EA after any modifications constitutes acceptance of those changes.

9. Contact Information

For privacy inquiries, compliance concerns, or access requests, please contact: Data Protection & Oversight Division Email: [email protected]