Last updated: February 12, 2026
Data Controller: Bank of Bali · Contact: hello@bankofbali.com
Bank of Bali takes anti-money-laundering (AML) and counter-terrorism-financing (CTF) seriously. This policy explains the controls we apply, when we may ask for additional information, and how we balance them against your right to privacy.
Although Bank of Bali is a non-custodial wallet provider, certain operations (fiat on-ramp, OTC, merchant settlement) involve regulated counterparties. We apply a risk-based AML framework consistent with the FATF Recommendations (2012, as amended), the EU's 6th AMLD, and the standards expected by our payment partners.
We assess risk along four axes: user (geography, profile), product (wallet vs. swap vs. OTC), transaction (size, velocity, counterparty), and delivery channel. Most users — small-balance, non-fiat — fall into the lowest risk band and never face additional checks.
We may request additional information when one or more of the following is true:
Where EDD is required, we may ask for: government-issued ID, proof of address (utility bill / bank statement < 3 months), source-of-funds declaration, and — for OTC — proof of beneficial ownership. EDD documents are encrypted at rest, accessible only to compliance staff, and deleted in line with our retention schedule.
All EDD subjects are screened against the OFAC SDN List, UN Consolidated List, EU sanctions, HM Treasury OFSI, and politically-exposed-persons (PEP) databases. Matches result in transaction refusal and, where required, regulatory reporting.
Our internal "Fraud" and "Security" AI agents continuously evaluate login telemetry and transaction patterns. The AI cannot itself freeze user funds (we are non-custodial) but it can refuse fiat-on-ramp, OTC, or platform-credit payouts.
Where we have a reasonable suspicion of unlawful activity, we will file a Suspicious Activity Report (SAR) with the appropriate Financial Intelligence Unit. By law, we may be prohibited from telling you that a SAR has been filed ("tipping-off" rules).
You retain all GDPR data-subject rights. You may request a copy of any document you submitted. If we close your account on AML grounds, you may export your wallet via your seed phrase at any time — we never have custody of your funds.
AML-relevant records are retained for at least 5 years after the end of the business relationship or the date of the relevant transaction, in line with FATF Recommendation 11.
Compliance enquiries: hello@bankofbali.com with subject "AML / Compliance".
We respect your privacy.
Bank of Bali uses strictly-necessary cookies to keep you signed in. Analytics cookies are optional and never used for advertising. See our Cookie Policy and Privacy Policy.