Fraud Prevention, Security & Custody Infrastructure

1. MiCA-Aligned Compliance Framework

Polex maintains systems and controls designed to comply with MiCA obligations applicable to crypto-asset service providers, including requirements relating to:

• Safeguarding of client funds and crypto-assets
• Operational resilience and ICT risk management
• Prevention of market abuse
• Complaint handling and consumer protection
• Conflict-of-interest management
• Incident reporting to competent authorities

Supervisory oversight is exercised by the Polish Financial Supervision Authority.

Our governance structure ensures that risk management, compliance oversight, and security controls operate independently from revenue-generating functions.

2. Security Architecture Overview

Polex deploys a multi-layered defense-in-depth security architecture built around four core pillars:

1. Custody & Asset Protection
2. Operational & Infrastructure Security
3. Fraud Prevention & Monitoring
4. Governance & Regulatory Oversight

Each pillar is continuously assessed and strengthened to align with regulatory expectations and evolving threat landscapes.

3. Custody & Safeguarding of Client Assets

In line with MiCA safeguarding principles, Polex maintains strict segregation and protection of client assets.

3.1 Asset Segregation

• Client crypto-assets are segregated from company assets.
• Internal ledger systems clearly distinguish client balances.
• Reconciliation procedures are performed regularly.

Under no circumstances are client assets used for proprietary trading or operational financing.

3.2 Wallet Infrastructure

Polex applies a layered custody structure:

• Cold Storage: The majority of client crypto-assets are held in offline, cold storage environments.
• Multi-Signature Controls: Withdrawal processes require multi-party authorization.
• Access Control Segregation: No single individual can unilaterally transfer safeguarded assets.

Private keys are protected through controlled key management procedures and strict access governance.

3.3 Withdrawal Risk Controls

To mitigate fraud and unauthorized transfers:

• Withdrawal requests are subject to behavioral monitoring;
• High-risk withdrawals trigger enhanced review;
• Device and IP consistency checks are applied;
• Cooling-off mechanisms may apply for sensitive changes (e.g., password resets, new withdrawal addresses).

4. Infrastructure & Operational Resilience

Polex maintains robust ICT risk management aligned with MiCA and EU operational resilience expectations.

4.1 Secure Systems Architecture

• Encrypted communications (in transit and at rest);
• Hardened server environments;
• Role-based access control (RBAC);
• Network segmentation;
• Secure API gateways with throttling mechanisms.

4.2 Monitoring & Incident Detection

• 24/7 system monitoring;
• Intrusion detection and anomaly detection systems;
• Tamper-evident logging;
• Automated alert escalation protocols.

All critical system events are logged and reviewed.

4.3 Business Continuity & Disaster Recovery

Polex maintains:

• Redundant infrastructure components;
• Disaster recovery plans;
• Incident response procedures;
• Data backup protocols;
• Operational continuity planning.

Resilience testing is conducted periodically.

5. Fraud Prevention & Financial Crime Controls

Fraud prevention operates alongside AML and market abuse controls.

5.1 Account-Level Protection

• Risk-based KYC and ongoing monitoring;
• Sanctions and PEP screening;
• Two-Factor Authentication (2FA);
• Login anomaly detection;
• Account lockout after failed attempts;
• Device fingerprinting.

5.2 Transaction Surveillance

Our monitoring systems review:

• Abnormal trading patterns;
• Coordinated trading attempts;
• Rapid balance movements;
• Suspicious blockchain behavior;
• Indicators of market manipulation.

Suspicious activity may result in:

• Account restriction;
• Enhanced due diligence;
• Suspicious Transaction Reporting to competent authorities.

6. Market Integrity Controls

Polex maintains controls to prevent:

• Wash trading;
• Spoofing or layering;
• Artificial price support;
• Insider misuse of information.

Market surveillance aligns with MiCA Title VI obligations and internal Market Abuse governance standards.

7. Governance & Oversight

Security and fraud controls are overseen by:

• The Compliance Officer
• The MLRO
• The Risk Management Function
• Senior Management
• The Board of Directors

Periodic reporting includes:

• Fraud incident metrics;
• Security incident summaries;
• Control effectiveness reviews;
• Risk trend analysis.

This ensures independent oversight and accountability.

8. Regulatory Cooperation & Transparency

Where required, Polex:

• Reports suspicious activity to the Polish Financial Supervision Authority;
• Cooperates with financial intelligence authorities;
• Escalates material incidents to competent bodies in accordance with regulatory requirements.

Transparency and supervisory cooperation are central to our compliance model.

9. User Security Responsibilities

Security is a shared responsibility. Users are encouraged to:

• Enable Two-Factor Authentication (2FA);
• Protect login credentials;
• Verify official communications;
• Avoid suspicious links and impersonation attempts;
• Report suspicious activity immediately.

10. Continuous Improvement

Fraud threats and cybersecurity risks evolve rapidly. Polex continuously:

• Updates monitoring models;
• Conducts risk assessments;
• Enhances custody controls;
• Reviews regulatory developments;
• Improves internal governance procedures.

Security is not static — it is an ongoing process embedded into our operational DNA.

Our Commitment

AURUM NEO-BANK sp. z o.o. affirms its commitment to:

• Safeguarding client assets in accordance with MiCA;
• Maintaining robust custody infrastructure;
• Preventing fraud and market abuse;
• Operating transparently under supervisory oversight;
• Preserving trust through strong governance and operational discipline.

Security and regulatory compliance are foundational pillars of the Polex platform.