CASH AND CRYPTO ASSET TRANSFER POLICY – Arbitex

1. PURPOSE AND SCOPE

This Cash and Crypto Asset Transfer Policy ("Policy") regulates the general principles regarding the execution of cash and crypto asset transfer transactions to be carried out through Arbitex Kripto Varlık Alım Satım Platformu A.Ş. ("Platform"). It is aimed by the Platform to ensure that transactions are carried out in a reliable, transparent, efficient, stable, fair, honest, and competitive manner.

This Policy has been prepared within the framework of the Capital Markets Law No. 6362, the relevant capital markets legislation, and other legislations, particularly the Communiqué on the Establishment and Operating Principles of Crypto Asset Service Providers No. III-35/B.1, and the Communiqué on the Operating Principles and Capital Adequacy of Crypto Asset Service Providers No. III-35/B.2, and it is published on the Platform's website within the scope of Article 24/2-d of the Communiqué No. III-35/B.1. Users who register on the Platform are deemed to have accepted the policy.

2. DEFINITIONS

The terms used within the scope of this Policy shall be understood as defined below:

Customer: Real or legal persons who have opened an account before the Platform and completed the identity verification (KYC) process according to the Platform procedures,
Crypto Asset: Intangible assets that can be created and stored electronically using distributed ledger technology or a similar technology, distributed over digital networks, and capable of expressing value or rights, and can be bought and sold digitally,
Wallet: Software, hardware, systems, or applications that enable the transfer of crypto assets and the storage of these assets or the private and public keys related to these assets,
Cash Transfer: Deposit and withdrawal transactions performed by the customer or carried out towards the customer through banking channels,
Crypto Asset Transfer: Crypto asset deposit and withdrawal transactions carried out by the customer between wallets,
Transaction Limit: The transfer amount limit determined by the Platform, which the customer can perform daily or per transaction,
Board: The Capital Markets Board (CMB / SPK),
MASAK: The Financial Crimes Investigation Board of the Ministry of Treasury and Finance,
Suspicious Transaction: Refers to transactions carried out or attempted to be carried out by customers which, by virtue of their transaction amount, parties, nature, or frequency, arouse reasonable suspicion that they may be linked to the crime of laundering proceeds of crime or financing of terrorism, and which give rise to a notification obligation within the scope of Law No. 5549 and the relevant MASAK regulations.

3. CASH TRANSFER TRANSACTIONS

3.1. Tracking, Principles of Use, and Transfer of Cash Receivable Balances in Customer Accounts

Accounts opened by the Platform with banks and designated as customer accounts are defined by clearly stating that they belong to the respective Platform customers and shall not be used outside their intended purpose. Customer cash held with banks is tracked separately from the Platform's own cash assets in individual accounts opened or to be opened for Platform customers. Customer accounts cannot be shown as credit collateral, and no blockage, pledge, or similar encumbrances can be established on these accounts in favor of the Platform. The cash of customers in the bank accounts of the Platform cannot be seized, pledged, included in the bankruptcy estate, or subjected to an injunction due to the debts of the Platform, nor can the assets of the Platform be seized due to the debts of the customers, even if it is for public receivables.

The current accounts opened by the Platform with banks as customer accounts for the cash belonging to customers can be accessed via the Platform's website and through the mobile application.

Depending on the authorization given by the customer in the framework agreement, the Platform may utilize the customer's cash held with banks, either collectively or on a customer basis, in line with their authorized activities, operating policies, and customer preferences, provided that they are tracked on an account basis in accounting systems. In the event that the said cash is utilized collectively, it is essential that the revenues obtained are distributed proportionally to the customer accounts.

The Platform may determine a lower limit for the use of cash balances in customer accounts.

The customer may authorize the Platform to yield returns (interest/yield generation) on the deposited amount. Customer cash is utilized within the framework of the conditions determined in this regard. The cash of customers who do not request a return may be utilized in a way that the return remains with the Platform, in line with the written or electronic approval to be obtained from the customers individually, separate from the framework agreement.

3.2. Cash Deposit and Withdrawal Transactions

Users who have not performed identity verification procedures in accordance with the relevant legislation within the scope of Identity Verification (KYC), or whose information and documents submitted to the Platform within this scope cannot be verified or approved, cannot perform transactions. All transfer transactions to be carried out on the Platform are subject to the condition of being an "Identified Customer". Customers must complete the KYC process in order to perform transactions. Customers who complete this process can perform cash withdrawal and cash deposit transactions through a bank account that belongs to them and is accepted by the Platform.

Cash cannot be received in person from customers, delivered in person to customers, or stored in any way by the Platform. Money transfers through the Platform can only be carried out through the bank accounts belonging to the customers themselves. No money can be accepted by the Platform other than electronic transfers to be made through banks.

The customer will not be able to send cash from a bank account not defined in their own name, nor will they be able to perform a cash withdrawal transaction to a bank account they do not own. It is forbidden for the customer to transact on behalf of someone else, and each customer must create an account only in their own name and perform cash transfers in their own name. Various measures may be taken and sanctions may be applied, including the closure of the accounts of customers who are found to have opened accounts on behalf of someone else.

Deposits cannot be made by customers through ATMs or any other channel outside their own bank accounts. In addition, depositing money into the account through electronic money institutions, payment institutions, or with credit cards is not possible. Customers can currently only perform Turkish Lira deposit and withdrawal transactions. Cash deposits and withdrawals made through non-bank or unaccepted methods are returned by the Platform to the sending or depositing account within reasonable periods envisioned. The costs and commissions incurred during this process are refunded by deducting them from the cash balance to be returned.

When the customer makes a payment to the account opened specifically by the Platform with banks for customer deposit transactions, the deposited amount is credited to the customer's account. After the cash deposit transaction is completed, the crediting process is carried out as quickly as possible. Likewise, it is essential that cash withdrawal transactions requested from the Platform to the customers' own accounts are carried out in the shortest possible time. The Platform reflects incoming transfers within the limits specified on the website to the customer's account, except for technical failures and other unforeseen circumstances; it forwards outgoing transfers to the bank within 1 business day at the latest, except for technical failures and other unforeseen circumstances.

Different commission rates may be applied by banks for customers' cash deposit and withdrawal transactions, and the customer is responsible for the payment of these commissions.

There are limits regarding the amounts to be deposited or withdrawn in cash deposit and withdrawal transactions, and the said limits can be changed unilaterally by the Platform at any time on a customer basis. You can access the current minimum and maximum limits and current commission rates for cash transfer transactions on the Platform's website.

The Platform reserves the right to update/change limits and commission fees. Customers can access current limits and expenses on the Platform's website.

4. CRYPTO ASSET TRANSFER TRANSACTIONS

4.1. Principles regarding the execution of transfer orders

According to the legislation, the process of executing transfer orders refers to the process of signing and transmitting transfer orders, whose access control process to the wallets defined in the second paragraph has been successfully completed, to the distributed ledger network.

In the execution of transfer orders, the regulations made by MASAK are complied with.

In transfer orders, the multi-factor authentication mechanism (MFA) specified in the Communiqué No. VII-128.10 is applied to customers, and measures are taken to ensure the confidentiality of the authentication data they possess during the use of these factors in the authentication process.

As of the moment the transfer order is transmitted, it is possible for transfer requests below 1,000,000 TL to be approved by fully automated processes. A higher amount may be determined by the Platform within the conditions specified in the relevant communiqués.

The customer performs crypto asset transfers with instructions on the user screen, which they log into with their own password. The Platform reserves the right to reject or review the customer's request.

4.3. Crypto Asset Deposit and Withdrawal Transactions

While performing crypto asset deposit and withdrawal transactions, it is the customers' responsibility to select the correct network and to enter the wallet address and, if applicable, the mandatory tag/memo code information correctly. The Platform cannot be held responsible for irreversible losses that may occur as a result of transactions attempted to be carried out over unsupported networks by entering incorrect, incomplete, or faulty address and tag/memo code information. Moreover, the Platform has no obligation to refund the relevant amounts or deposit them into the customer's account regarding losses arising from the customer's failure to use the correct addresses and networks.

Customers can deposit the crypto assets listed on the Platform only over the blockchain networks supported by the Platform and by completely defining the correct wallet address specified in the system and, if applicable, the mandatory “tag/memo code” information. Deposits whose blockchain confirmation number is insufficient will not be processed.

The Platform reserves the right to update/change limits and commission fees in crypto asset transfer transactions. Customers can access current limits and expenses on the Platform's website.

The Platform issues a transaction result form with consecutive numbers showing the type, quantity, and price of the crypto assets bought and sold in transactions made by customers, as well as the commissions and expense accruals charged to the customer. The customer can access account statements electronically.

It is essential for users to act in accordance with the Financial Crimes Investigation Board (MASAK) regulations, the enhanced measures determined by the Board pursuant to the relevant Regulations and Communiqués, and the travel rule brought specifically for crypto asset transfers in connection with these during deposit and withdrawal transactions.

Users must define an address by verifying it with 2FA (two-factor authentication process) to withdraw crypto assets. The user can only withdraw crypto assets to the addresses defined in their account in this way.

Users' crypto asset withdrawal transactions are carried out using multi-factor authentication (MFA) mechanisms pursuant to the Communiqué No. VII-128.10.

In order for users to approve the withdrawal request, it is mandatory for them to successfully complete the defined secondary security steps. In addition to these, it is essential for users to ensure the security of passwords known only to themselves, one-time passwords (OTP) generated by the system during account login and crypto transfer transactions, and the telephone number, e-mail address, and devices defined in their account, and not to share the information here with third parties in any way. Arbitex cannot be held responsible for any damage or loss resulting from the Customer's failure to fulfill one or more of the security measures specified above due to their own negligence and/or fault.

Crypto asset transfer transactions are monitored, audited, and necessary measures are taken by our Platform within the scope of the relevant legislation, framework agreement, company policies, procedures, and operating principles, as well as the Law No. 5549 on Prevention of Laundering Proceeds of Crime, relevant secondary regulations (such as Enhanced Measures, Travel Rule), and communiqués, guides, and obligations published by MASAK. Within this scope, transactions regarding the transfer of certain crypto assets may be subject to additional examination (in this context, certain information/documents may be requested from the user), may be temporarily suspended, may not be reflected in the available balance in the user's account, or may be rejected without being executed, without being limited to the situations specified here.

It is not possible for our company to have an effect on or interfere with network structures, network systems, network participants, validators, or network transactions in crypto asset transfer transactions. For this reason, our company cannot be held responsible for delays, errors, and losses that may occur.

Users can access the names, transfer dates, times, and amounts of all transferred crypto assets from account movements (transaction result form) and monthly statements.

5. ACCOUNT STATEMENT

Customers can access:

The names, purchase, sale, or transfer dates, times, prices, and quantities of all crypto assets bought, sold, or transferred,
All movements regarding their crypto assets held before the Platform and the custodian institution and their cash held in banks,
All kinds of commissions, fees, and taxes accrued to the account from their account statements.

Account statements of customers are sent by the Platform on a monthly basis to the electronic mail address to be declared by the customer within five business days following the relevant period, or customer account statements are made available for access in electronic environment. Account statements may not be sent to customers who did not make any transactions within the relevant period.

6. LEGAL COMPLIANCE, BLOCKED ACCOUNTS, SUSPICIOUS TRANSACTION REPORTING

The Policy is compliant with MASAK, BRSA (BDDK), CBRT (TCMB), and other regulatory institutions.

A blockage may be placed on the customer's account in line with requests from judicial or administrative authorities or in cases required by the provisions of the relevant legislation. As long as the blockage is applied, the customer cannot perform any transaction on the account balance. In the event that the blockage is lifted in accordance with the provisions of the relevant legislation, the customer can perform cash deposit and withdrawal transactions.

The Platform is obliged to report suspicious transactions to MASAK due to its legal obligations. In this process, suspicious transaction detection is carried out based on customer profile and historical transaction pattern analysis. It is possible to request additional information or supporting documents in line with the said analyses. The Company may direct additional questions, request explanations about the source of the money, and refrain from executing the suspicious transaction within the framework of the legislation pursuant to MASAK regulations.

7. RETENTION OF DOCUMENTS

Records are kept for a period of 10 years. However, records and documents that are the subject of a dispute continue to be retained until the said dispute is definitively concluded.

8. ENFORCEMENT

This Policy enters into force by the Decision of the Board of Directors. The Policy is reviewed periodically at least once a year and necessary revisions are carried out. Changes are notified to customers electronically before they enter into force.