1.This Policy is designed to foster a culture of transparency at First Crypto Exschange L.L.C (hereinafter referred to as Company) in order to prevent illegal or unethical actions against the Company's employees and third parties (customers, business partners, suppliers, etc.).
2. The Policy defines the procedure for reporting possible violations in the Company, including violations of legislation, local legal acts of the Company (hereinafter referred to as the Company's LLA), including the Rules of Professional Ethics of the Company's employees, which may have a negative impact on the Company's operations and/or reputation status in general and which cannot be considered and resolved properly at the level of the Company's structural subdivision, including violations related to:
legalization of proceeds of crime legalization of proceeds of crime; corrupt practices;
use of official position for personal gain; fraud;
conflict of interest;
violations of human rights and freedoms (including bullying, discrimination, violence, sexual harassment, etc.);
other violations that may have a negative impact on the Bank's activities and (or) reputation status.
3. The Policy applies to all employees of the Bank, including third parties (customers, business partners, suppliers) who wish to report a possible violation to the Bank.
4. Within the framework of this Policy, terms are used with the following meanings:
compliance control department - compliance control department of the Bank's internal and compliance control department;
authorized persons - an official responsible for internal control in the Bank, employees of the compliance control department;
disciplinary action, dismissal or threat of dismissal, other unfavorable treatment or discrimination in respect of official duties, rewards, promotion, certification.
5. Reports of misconduct under this Policy shall not be considered evidence of misconduct and shall not constitute grounds for taking any management decisions and/or enforcement action against the person against whom the report is made.
6.Informing authorized persons supplements, but does not replace other mechanisms that contribute to the detection of illegal, unethical or improper behavior, including those set forth in the job descriptions of the Company's employees, as well as in the procedure for addressing citizens in accordance with the laws of the UAE.
7. This Policy is based on the following basic principles:
no adverse consequences, including retaliation, to the whistleblower for making a report;
confidentiality;
notifying the whistleblower of the outcome of the whistleblowing process (unless the whistleblower is anonymous).

8. Informing authorized persons about possible violations in the Company may be carried out through the following communication channels:
8.1. sending a corresponding written message to authorized persons by e-mail to the following address:
compliance@fce-uae.com - Internal and Compliance Control Department;
8.2. reporting to the hotline, including anonymous reporting.
9. Any employee who believes that he or she has been personally involved in a violation must report it immediately. The Company's employees also have the right to report possible violations in the Company, including conflicts of interest of their colleagues or third parties (customers, business partners, suppliers, etc.), directly to authorized persons without prior approval of their immediate supervisor.
At the same time, the informing shall be of a well-meaning and disinterested nature.
An employee's actions are defined as:
“well-meaning” if he/she provides information that he/she believes to be complete, true and accurate, which allows him/her to reasonably believe in its truthfulness, even if it is later discovered that the information provided is erroneous;
“disinterested” if he/she informs about a violation without expecting any financial reward or other benefit.
10. In the message it is necessary to indicate the most detailed information available to the applicant so that the authorized persons could assess the situation and conduct an inspection:
10.1. general information, the essence of the issue, the reason of the problem;
10.2. positions, names, initials of the Bank's employees, dates, places and other information related to the issue;
10.3. documents confirming the facts stated in the message (if any);
10.4. when and how the applicant became aware of the violation;
10.5. if there is no full confidence in the reliability of the information provided, the existing doubts should be indicated;
10.6. contact details for feedback.
If after informing about a possible violation in the Bank, the employee realizes that he/she has made a mistake, he/she should immediately inform about it through the communication channel he/she used when informing earlier.
11.If the message contains insufficient information and there is no real possibility of obtaining more detailed information, including in case of the applicant's refusal to provide such clarifying information, further verification may not be conducted.
12. A person who has reported a violation shall have the right to remain anonymous and not to provide identifying information. At the same time, the Bank reserves the right not to carry out the verification or to terminate it prematurely if the identity of the applicant is critical and he/she wishes to preserve his/her anonymity.
13.Irrespective of whether the identity of the applicant is known or not, the verification shall be conducted confidentially, if possible and permissible in the specific case.
14.If someone is involved in violations, including in the execution of orders and instructions from superiors contrary to statutory requirements and/or the LLA, and decides to take the initiative to report these violations, this fact may serve as a mitigating circumstance in any subsequent decision to impose disciplinary measures, but does not completely eliminate responsibility for the violation.
The following actions may be recognized as aggravating circumstances when deciding on the application of measures, including disciplinary sanctions:
informing about a possible violation in the Company is not of a well-meaning and disinterested nature, but is done maliciously or with the purpose of deriving financial reward or benefit from it;
creating obstacles (by action or inaction) to inform about a possible violation in the Bank or its consideration;
failing to comply with the obligations of the Bank; failing to inform about a possible violation in the Bank or its consideration.
15. All employees who believe that they are being harassed for having informed about a possible breach in the Company or participated in its consideration have the right to contact the official responsible for internal control in the Company or the CEOof the Company in order to take action within the scope of competence in accordance with this Policy.
16. In order to provide an opportunity for the Company's employees and other persons to inform the Company about violations:
the HR Policy Department shall familiarize the Company's employees with this Policy at the time of hiring;
the Company's official website shall post this Policy, as well as contact information for reporting violations. Responsibility for providing such information for posting on the website shall be assigned to the official responsible for internal control.
17. All reports are confidential. Information may be disclosed only to a limited circle of persons and only when necessary for official purposes. Information may go beyond this circle only when disclosure is required by UAE law.

18. Upon receipt of a breach report, the authorized persons shall analyze the information provided in order to assess for compliance with the criteria set forth in clause 2 of this Policy and arrange for preliminary verification activities by the Compliance Control Department or initiate an internal affairs investigation in accordance with the Instruction on the Procedure for Conducting Internal Affairs Investigations at First Crypto Exschange L.L.C
In this case, it is possible to request additional information from the applicant (if it is possible to contact him/her).
19. Based on the results of the analysis, a decision may be made not to conduct an audit if there are grounds provided for in paragraphs 11 - 12 of this Policy, as well as if the specified violation does not fall within the scope of this Policy. In the latter case, the report shall be sent in the manner prescribed by the Company's LLA to make the appropriate decision.
20. In order to provide an opportunity to the employee against whom a violation has been reported to provide an explanation of the facts stated,
authorized persons shall inform such person of the reported violation, without disclosing the name of the complainant, if known to them.
21. Within the framework of the inspection, the authorized persons shall have the right to request any information, documents and their copies, explanations, etc. from any structural subdivision of the Company without disclosing the purpose of obtaining such information. Heads of structural subdivisions shall ensure that the information requested by the authorized persons is provided within the time limits set by the authorized persons.
22.The analysis and verification shall be conducted independently, fairly and impartially with respect to all participants and in accordance with the applicable UAE legal regulations.
23. Following the results of the audit, a report shall be drawn up, which shall contain the essence of the report, a description of the work carried out as part of the audit, the conclusions of the audit on the confirmation or non-confirmation of the facts stated in the report, as well as proposals to strengthen the internal control system to prevent similar violations in the future as much as possible (if necessary). The report shall be signed by the authorized persons directly involved in the audit.
24. The report shall be submitted to the CEO of the Company not later than two working days after its signing for information and management decision-making.
25. If the results of the audit lead to conclusions that violations may affect the efficiency of corporate governance and (or) financial reliability of the Company, the report shall be brought to the attention of Owner of the Company no later than two working days after the report is reviewed by the CEO of the Company. Final management decisions on the results of such audits shall be made by the Owner of the Company.
26. If the violations do not jeopardize the effectiveness of corporate governance and/or the financial reliability of the Company, the results of the audits shall be communicated to Owner of the Company as part of the reports of the officer responsible for internal control within the timeframe and frequency established by the Company's LLA for such reports.
27.If the negative information in the report concerned the CEO, the report on the results of the audit shall not be submitted to him, but shall be submitted to Owner of the Company for review within five working days after signing. Final management decisions on the results of such audits shall be made by Owner of the Company.
28. Upon completion of the verification, authorized persons shall notify the complainant of the results of consideration of the communication (if it is possible to contact him/her).
29. Authorized persons shall keep records of all received communications with recording of decisions taken on the results of analysis, main results of inspections, decisions taken on the results of inspections. All materials related to the violation report and verification shall be systematized and stored in the Compliance Control Department.

30. The Company guarantees that a Company employee who has reported a violation in good faith, except as provided for in paragraph 14 of this Policy, will not be subject to disciplinary action or other measures.
31. The Internal and Compliance Control Department shall:
monitor compliance of this Policy with the requirements of UAE law, the Company's LLA;
update this Policy as necessary.
32. The developer of this LLA is the Department of Internal and Compliance Control.