Schedule 6

Anti-Money Laundering and Know Your Customer Policy

This document sets out the anti-money laundering (“AML”), counter-terrorist financing (“CTF”), and know-your-customer (“KYC”) policy of SPY Genesis Corp. (trading as “SpacePay”), a company incorporated under the laws of the Republic of Panama with registered office at Via Ricardo J. Alfaro, Edificio PH The Century Tower, Office 317, Corregimiento de Betania, District of Panama, Province of Panama, Republic of Panama (the “Company”). This Policy is designed to ensure compliance with Directive (EU) 2024/1640 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (“AMLD6”), Regulation (EU) 2023/1113 on information accompanying transfers of funds and certain crypto-assets (the “Transfer of Funds Regulation”), Regulation (EU) 2023/1114 on markets in crypto-assets (“MiCA”), and all applicable national implementing legislation.

1. Risk-Based Approach

1.1The Company adopts a risk-based approach to AML/CTF compliance. The nature and extent of due diligence measures are determined by the assessed level of money laundering and terrorist financing risk associated with each Client, transaction, and jurisdiction.

1.2The Company conducts an enterprise-wide risk assessment at least annually, and more frequently where material changes in the business, regulatory environment, or threat landscape require.

2. Client Due Diligence

2.1Standard Due Diligence: Prior to establishing a business relationship, the Company shall: (a) identify the Client and verify its identity using reliable, independent source documents; (b) identify the ultimate beneficial owners holding, directly or indirectly, more than 25% of shares, voting rights, or ownership interest, and take reasonable measures to verify their identities; (c) understand the ownership and control structure of the Client; (d) understand the purpose and intended nature of the business relationship; and (e) verify the Client's regulatory licences and authorisations.

2.2Enhanced Due Diligence: The Company shall apply enhanced due diligence measures where: (a) the Client is established in a high-risk third country identified by the European Commission or the Financial Action Task Force; (b) the Client's ownership structure is complex or opaque; (c) the Client is a politically exposed person or associated with a politically exposed person; (d) the transaction or business relationship presents an elevated risk for any other reason identified through the Company's risk assessment.

2.3Enhanced due diligence measures may include: obtaining additional documentation regarding the source of funds and source of wealth; obtaining senior management approval for the establishment or continuation of the business relationship; conducting enhanced ongoing monitoring; and requiring face-to-face or video verification of beneficial owners.

3. Ongoing Monitoring

3.1The Company shall conduct ongoing monitoring of business relationships, including: (a) scrutiny of transactions undertaken throughout the course of the relationship to ensure that the transactions are consistent with the Company's knowledge of the Client, its business, and its risk profile; (b) ensuring that documents, data, and information held for the Client are kept up to date; and (c) re-screening against sanctions lists, politically exposed person databases, and adverse media on a continuous, automated basis.

4. Transaction Monitoring

4.1The Company maintains automated transaction monitoring systems, powered by Chainalysis blockchain analytics, calibrated to detect patterns indicative of money laundering, terrorist financing, or sanctions evasion. Monitoring rules are reviewed and updated at least quarterly.

4.2The Company's transaction monitoring specifically addresses risks associated with the iGaming sector, including but not limited to: rapid cycling of funds, structuring to avoid thresholds, misuse of bonus or promotional funds, and transactions with no apparent economic rationale.

5. Sanctions Screening

5.1The Company screens all Clients, beneficial owners, and transaction counterparties against: (a) the Consolidated List of Persons, Groups and Entities Subject to EU Financial Sanctions; (b) the OFAC Specially Designated Nationals and Blocked Persons List; (c) the United Nations Security Council Consolidated List; (d) the UK HM Treasury Sanctions List; and (e) any other sanctions list applicable in the relevant jurisdiction.

5.2Screening is performed at onboarding, upon any update to the sanctions lists (with same-day processing), and on a continuous, automated basis for all transactions.

6. Travel Rule Compliance

6.1In compliance with the Transfer of Funds Regulation, the Company shall ensure that all crypto-asset transfers are accompanied by information on the originator and the beneficiary. The Company shall collect and transmit the following information: (a) the name of the originator; (b) the originator's distributed ledger address and, where applicable, the originator's account number; (c) the originator's address, official personal document number, customer identification number, or date and place of birth; (d) the name of the beneficiary; and (e) the beneficiary's distributed ledger address and, where applicable, the beneficiary's account number.

6.2The Company employs interoperable messaging protocols to facilitate the exchange of Travel Rule information with counterparty CASPs.

7. Suspicious Activity Reporting

7.1Where the Company knows, suspects, or has reasonable grounds to suspect that a transaction or activity involves the proceeds of crime or is related to terrorist financing, it shall file a Suspicious Activity Report (SAR) with the applicable Financial Intelligence Unit without delay.

7.2The Company shall not disclose to any Client or third party that a SAR has been or is being made (tipping-off prohibition).

8. Record-Keeping

8.1The Company shall retain all records relating to customer due diligence, transaction monitoring, and suspicious activity reporting for a minimum of five (5) years following the termination of the business relationship or the completion of the transaction, or such longer period as required by applicable law.

9. Training

9.1All employees of the Company shall receive AML/CTF training upon commencement of employment and at least annually thereafter. Training covers: the Company's AML/CTF policies and procedures; applicable legal and regulatory requirements; recognition and handling of suspicious transactions; the use of Chainalysis and other compliance tools; and the specific risks associated with crypto-assets and the iGaming sector.

10. Governance

10.1The Company has appointed a Money Laundering Reporting Officer (“MLRO”) who is responsible for: (a) overseeing the Company's AML/CTF compliance programme; (b) receiving and assessing internal suspicious activity reports; (c) filing external SARs with the applicable Financial Intelligence Unit; and (d) liaising with regulatory authorities and law enforcement.

10.2The MLRO reports directly to the Board of Directors and has unrestricted access to all information and records necessary for the performance of their duties.

Last updated: 16 February 2026