AURUM NEO-BANK sp. z o.o. – Market Abuse Policy

Table of Contents

1. Purpose and Scope
2. Definitions and Regulatory Provisions
3. Regulatory Obligations and Standards
4. Risk Identification and Assessment
5. Controls and Procedures to Prevent & Detect Market Abuse
6. Reporting and Escalation of Suspicious Activity
7. Training and Awareness
8. Record-Keeping and Documentation
9. Coordination with Regulators
10. Enforcement and Disciplinary Action
11. Roles and Responsibilities
12. Policy Monitoring and Audit
13. Policy Review and Updates

1. Purpose and Scope

Purpose

AURUM NEO-BANK sp. z o.o. (“the Company”), operating as Polex, maintains a zero-tolerance approach toward any conduct that may compromise market integrity.

This Policy establishes systems and controls to detect, prevent, investigate, and report:

• Insider dealing
• Unlawful disclosure of inside information
• Market manipulation

The Company operates a crypto-asset exchange (fiat-to-crypto and crypto-to-crypto conversion). The Company does not engage in proprietary trading, market-making, or price-support arrangements.

This Policy ensures compliance with:

• Markets in Crypto-Assets Regulation – Title VI (Articles 88–92)
• Market Abuse Regulation (where crypto-assets qualify as financial instruments)
• Polish AML legislation
• Guidance of the Polish Financial Supervision Authority

Scope

This Policy applies to:

• Board members
• Senior management
• Employees
• Contractors
• Agents
• Any person acting on behalf of the Company

It governs all crypto-asset trading activity admitted to trading on the Company’s platform.

2. Definitions and Regulatory Provisions

Market Abuse: Insider dealing, unlawful disclosure, or market manipulation under MiCA Title VI and, where applicable, MAR.

Inside Information: Precise, non-public information likely to have a significant effect on crypto-asset price.

Insider Dealing: Trading based on inside information.

Market Manipulation: Including but not limited to:

• Wash trading
• Spoofing / layering
• Pump-and-dump schemes
• Order book manipulation
• False or misleading signals

STOR: Suspicious Transaction and Order Report submitted to KNF.

Applicability of MAR vs MiCA

• MAR applies where a crypto-asset qualifies as a financial instrument.
• MiCA Title VI applies to crypto-assets admitted to trading on a CASP platform.
• Where both apply, the stricter standard governs.

3. Regulatory Obligations and Standards

The Company complies with:

• MiCA Title VI (Articles 88–92)
• MAR Article 16 (where applicable)
• Polish AML/CFT legislation

Pursuant to MiCA Article 92, the Company maintains effective arrangements, systems, and procedures to:

• Detect insider dealing and manipulation
• Report suspicious transactions without undue delay
• Cooperate fully with supervisory authorities

4. Risk Identification and Assessment

The Company conducts structured risk assessments covering:

Insider Information Risk

Controlled via insider lists and restricted access protocols.

Client Order Misuse / Front-Running

Mitigated via segregation of duties and personal trading restrictions.

External Market Manipulation

Managed through trade surveillance and enhanced due diligence.

Issuer Coordination Risk

The Company strictly prohibits coordination with token issuers for liquidity support or artificial price stabilization.

Technological & Algorithmic Risk

Managed via system controls, volatility mechanisms, and API monitoring.

Formal risk assessments occur annually and upon new product launches.

5. Controls and Procedures to Prevent & Detect Market Abuse

5.1 Governance and Oversight

The Board of Directors:

• Formally adopts this Policy
• Reviews annual surveillance effectiveness
• Receives summaries of STOR activity
• Oversees market integrity metrics

The Compliance Officer:

• Oversees implementation
• Submits STORs
• Liaises with KNF
• Escalates material findings

Segregation of duties is strictly enforced.

5.2 Conflicts of Interest Controls

The Company ensures:

• Equal market access
• Transparent fee structures
• No selective disclosure
• No preferential liquidity arrangements
• No hidden rebate schemes

Conflicts are documented and mitigated.

5.3 Insider Information & Confidentiality

• Insider lists maintained and timestamped
• Information barriers implemented
• Role-based access controls
• Mandatory NDAs
• Immediate revocation of access upon role change

5.4 Employee Conduct & Personal Trading

Employees must:

• Obtain pre-clearance for personal trades
• Disclose external trading accounts
• Observe minimum holding periods where imposed
• Avoid short-term speculative behavior

Front-running, tipping, and misuse of confidential information are strictly prohibited.

Annual compliance attestations are mandatory.

5.5 Trade Surveillance & Quantitative Controls

The Company implements:

• Automated real-time surveillance systems
• T+1 manual reviews
• Pattern recognition analytics
• Blockchain forensic analysis
• API abuse detection
• Order throttling mechanisms
• Volatility circuit breakers
• Fat-finger protections

Surveillance effectiveness is:

• Reviewed quarterly
• Back-tested against known abuse scenarios
• Calibrated to manage false positive rates

All alerts are documented and reviewed.

5.6 Technology Integrity Controls

The Company maintains:

• Tamper-evident system logs
• Order book integrity validation
• Disaster recovery procedures
• Access-controlled system environments
• Periodic penetration testing

System integrity is essential to market integrity.

6. Reporting and Escalation of Suspicious Activity

6.1 Internal Reporting

Employees may report concerns via confidential channels.
Retaliation is strictly prohibited.

6.2 Investigation & Interim Measures

Upon suspicion:

• Compliance initiates formal investigation
• Accounts may be frozen
• Employees may be suspended
• Evidence is preserved

Preventive measures do not imply guilt.

6.3 External Reporting (STOR Obligations)

Where reasonable suspicion exists:

• A STOR shall be submitted to Polish Financial Supervision Authority immediately upon forming suspicion and no later than the next business day.

Where AML elements exist:

• An STR shall be submitted to the Polish Financial Intelligence Unit.

The Company fully cooperates with supervisory authorities.

7. Training and Awareness

The Company maintains:

• Mandatory onboarding training
• Annual refresher training
• Role-specific compliance programs
• Annual compliance attestation

Training records are maintained and auditable.

8. Record-Keeping and Documentation

The Company retains records for:

• Minimum five (5) years or longer if required by law.

Records include:

• Trade data
• Surveillance alerts
• Insider lists
• STOR/STR filings
• Communications

All records are securely stored and tamper-evident.

9. Coordination with Regulators

The Company cooperates with:

• Polish Financial Supervision Authority
• Polish Financial Intelligence Unit
• Law enforcement authorities

Transparency and proactive engagement are core principles.

10. Enforcement and Disciplinary Action

Violations may result in:

• Immediate suspension
• Termination for gross misconduct
• Regulatory reporting
• Criminal referral
• Client account closure and permanent blacklisting

Individuals may face administrative fines, civil liability, and criminal penalties under EU and Polish law.

11. Roles and Responsibilities

Board: Oversight and accountability.
CEO: Operational enforcement.
Compliance Officer: Surveillance, reporting, regulator liaison.
MLRO: AML coordination.
Risk Function: Surveillance calibration and control testing.
All Personnel: Duty to comply and report.

12. Policy Monitoring and Audit

The Company conducts:

• Ongoing control monitoring
• Internal compliance reviews
• Periodic independent audits
• Regulatory inspection readiness assessments

Control deficiencies are remediated promptly.

13. Policy Review and Updates

This Policy is:

• Reviewed annually
• Updated upon regulatory changes
• Approved by the Board for material amendments
• Version-controlled and archived

Employees are notified of all material updates.