Conflicts of Interest Policy

1. Purpose

The purpose of this policy is to establish a framework for identifying, preventing, managing, and

disclosing Conflicts of Interest that may arise in the course of providing crypto-asset services. CF

Technologies Limited (the ‘Company’) is committed to acting in the best interests of its clients,

ensuring transparency and fairness in all business operations.

2. Scope

This policy applies to all employees, management, shareholders, and connected persons at CF

Technologies Limited. It covers all crypto-asset services and activities provided by the Company

and applies to situations where Conflicts of Interest may arise between the company, its connected

persons, and its clients. The purpose of this Policy is to prevent Conflicts of interest from adversely

affecting the clients’ interests.

3. Legal Background

Formal documents underlying this policy include the following:

• Virtual Financial Assets Act (the « VFA Act »);

• Virtual Financial Assets Regulations (the « Regulations »);

• Virtual Financial Assets Rulebook Chapter 3 (the « Rulebook »);

• MiCA Regulations (Regulation (EU) 2023/1114)

• ESMA Draft Technical Standards specifying certain requirements in relation to conflicts of

interest for crypto-asset service providers under the Markets in Crypto Assets Regulation

(MiCA);

• Companies Act, Chapter 386 of the Laws of Malta; and;

• Any guidelines on Conflicts of Interest as issued by the MFSA from time to time.

4. Definitions

For this Policy, the following definitions shall apply:

Company:

Shall mean CF Technologies Limited

Conflict of Interest:

(d) has or has had during at least the last 3 years a political relationship with a person, body or

entity with interests conflicting with those of the Company;

(e) carries out conflicting tasks or activities, is entrusted with conflicting responsibilities or is

hierarchically supervised by a person in charge of conflicting functions or tasks.

In order for the Company to identify and establish an economic interest, a connected person

shall:

(a) hold shares, tokens (including governance tokens), other ownership rights or

membership in that person, body or entity;

(b) hold debt instruments of or has other debt arrangements with that person, body or

entity; (c) has any form of contractual arrangements, such as management contracts, service

contracts, delegation or outsourcing contract or intellectual property licenses with that person,

body or entity.

In order for the Company to identify the persons, bodies or entities with conflicting interests to

the Company, the company takes into account, at least, whether that person, body or entity is in any

of the following situations:

(a) it is likely to make a financial gain, or avoid a financial loss, at the expense of the Company;

(b) it has an interest in the outcome of a crypto-asset service provided or an activity carried

out or decision taken by the Company, which is distinct from the company’s interest in that

outcome;

(c) it carries out the same business as the Company or is a client, consultant, adviser,

delegatee, outsourcee, service provider or other supplier (including subcontractors) of the

company and it can be reasonably deemed from objective circumstances that there may be a

conflict of interests with the company.

5.3 Situational conflicts

The company provides guidelines to situational conflicts of interest and the duty to declare. Typical

examples of situational conflicts can give rise to conflicts and include, but are not limited to the following.

If a director has a conflict of interest in relation to any matter, such conflict of interest shall be declared

at the earliest available opportunity, and a record of such declaration shall be entered into the company’s

minute books. The following procedure should be followed during the Board meeting:

● A member who is in any way, directly or indirectly, interested in any contract, arrangement or

any other matter which is being or is about to be discussed by the Board or which is being or

may be entered into by the Company should declare the nature of the interest to the other

members at the meeting at which the matter arises or if the member was not interested in the

matter at the date of the meeting then at the next meeting held after the member became

interested. In the case where such a member becomes interested in a contract, arrangement

or other matter after it is made, the said declaration shall be made at the first meeting of the

Board of administration held after such member becomes so interested;

● Unless agreed by the other members, a member shall avoid entering into a discussion in

respect of any contract or arrangement in which s/he is interested and should withdraw from

the meeting while the matter he is interested in is being discussed;

● The interested members should abstain from voting at a meeting regarding any contract or

arrangement they are interested in. Alternatively, their vote shall not be counted as part of the

quorum; and

● The minutes shall accurately record the sequence of such events and the conflict of interest

declaration by the member.

A situational Conflict may arise if the Auditor, who is in a position of trust, has a competing professional

or personal interest and thus it makes it difficult for the auditor to fulfil his duties impartially. The

Company recognises its’ obligation not to appoint an independent auditor/compliance officer who is: ●

an individual or audit firm who is an Administrator, Qualifying Holder, Officer, representative or employee

of the Company;

● the partner of, or in the employment of, any person in (a) above;

● the spouse, civil partner, parent, step-parent, child, step-child or other close relative of any

person in (a) above;

● a person who is not otherwise independent of the Company;

● a person disqualified by the MFSA from acting as an Auditor of a Company. Also, the Auditor

shall not be regarded as an Officer or an employee of the Company.

6. Identification, Prevention and Management of Conflicts of Interest

This policy has been prepared taking into account the scale, nature and range of crypto-asset

services and other activities provided or carried out by the Company and the group to which it

belongs.

The Company implements effective measures to manage Conflicts of Interest that are identified

and may arise during the provision of crypto-asset services aiming to ensure transparency,

fairness, and the protection of the clients’ interests in line with the regulatory requirements.

6.1. Identification of Conflicts of Interest

The Company maintains robust procedures for identifying Conflicts of Interest that may arise

between the Company, any connected persons or between one or more clients. These conflicts

could impact the impartiality and objectivity of decisions taken by the Company, adversely

affecting the best interests of its clients.

The Company also takes into account any circumstances which may give rise to a conflict

of interest due to the structure and business activities of other entities within the group.

In this regard, the Company aims to prevent any abuse that may result from concentrated control

and management of related-party transactions, including those involving affiliated companies and

transparency of related-party transactions.

6.1.1 Reporting a Conflict of Interest

When a Conflict of interest is identified, the following steps should be followed:

• Immediate Notification:

The individual identifying the potential / existing Conflict of Interest must notify the Designated

Responsible Person in writing as soon as possible by filling in the ‘Conflict of Interest Disclosure

Form’ which can be found in Annex A.

If the individual identifies the possibility of an potential or existing Conflict of interest of a third

party, information shall be discussed confidentially with the Designated Responsible Person,

who shall assess and assist on whether the circumstances shall be notified as Potential or

Existing Conflict or otherwise, and in case a Conflict of interest is identified, the Designation

Responsible Person, proposes the mitigating measures.

• Confidentiality:

The reporting of Conflicts of Interest is treated confidentially. Any sensitive information provided

as part of the report will be protected and only shared on a need-to-know basis.

6.1.2 Risk Assessment process

Upon receiving a conflict of interest report, the Designated Responsible Person will:

1. 2. Acknowledge the Report: Confirm receipt of the report within two (2) business days.

Investigate the Conflict: Investigate to determine the nature, scope, and potential impact

of the conflict.

3. Propose Mitigation Measures: Based on the findings, recommend appropriate actions to

manage or mitigate the conflict, including:

o Adjusting roles or responsibilities to reduce exposure to the conflict. o

Implementing information barriers or rotating personnel.

o In extreme cases, escalating the matter to senior management for resolution.

4. Communication of Outcome: The responsible person will communicate the outcome of

the investigation and the mitigation measures to the individual who reported the conflict, as

well as to any other relevant stakeholders. This will include any follow-up actions required

by the individual or team involved.

5. Escalation: If the conflict cannot be managed internally, the responsible person will

escalate the matter to the Board of Administration, for possible further action.

6.2. Preventing Conflicting Activities

The Company implements various measures to prevent conflicts of interest. Such measures

include:

• implementing the conflicts of interest policy including the conflicts of interest form and the

process to be adhered to for connected persons to declare any potential/existing conflict

immediately;

• established a process to review the declared Conflict of interest, which shall include any

mitigating measures, if the conflict of interest could not be eliminated/ prevented;

• maintain records of all disclosures, evaluations and mitigating measures acted on for a

defined period of time, in line with the GDPR and keeping these records should be

consistent with its document retention policy. Records shall include any decisions related

to transactions involving an actual or possible conflict of interest;

• Control measures implemented when a conflict could not be eliminated

Connected persons engaged in different business activities that may give rise to a potential or actual

conflict of interest shall carry out these activities at a level of objectivity and independence

appropriate to the scale, nature and range of crypto-asset services provided by the crypto-asset

service provider and of the group to which it belongs, whilst also taking into consideration the risk

of damage to the interests of one or more clients or the interests of the company.

6.3. Managing and Mitigating Conflicts

When a Conflict of Interest could not be eliminated, the Company implements adequate measures

to mitigate the conflict of interest that may be either detrimental to clients or even detrimental to the

Company itself. To safeguard itself and its clients, the company adopts the following principles:

• prevents and controls the exchange of information between connected persons

engaged in activities involving a risk of a conflict of interest where the exchange of that

information may harm the interests of one or more clients; or where the exchange of that

information may affect the performance of such connected person’s duties and

responsibilities to the company. Information barriers through information sharing on a need

to know basis and the segregation of roles and responsibilities, are implemented throughout

the organisation, taking into account the nature and the scale of the company. The company

established transparent reporting lines within its organisation in order to ensure that issues

involving risks of non-compliance with conflicts of interest rules are given the necessary

priority.

• prevents any person from exercising inappropriate influence over the way in which a

connected person carries out the crypto-asset services; moreover prevent connected

persons who are also active outside the company from having inappropriate influence

within the company in relation to those other outside activities;

• prevents or controls the simultaneous or sequential involvement of a connected

person in separate crypto-asset services or activities where such involvement may

impair the proper management of conflicts of interest. Staff rotation may be implemented;

• eliminates any direct link between the remuneration provided to the employees,

delegatees, outsourcees, subcontractors or members of the management body principally

engaged in one activity and the remuneration of, or revenues generated by, different

employees, delegatees, outsourcees, subcontractors or members of the management body

of the company principally engaged in another activity, where a conflict of interest may arise

in relation to those activities; A remuneration policy is in place.

• provides sufficient guidance and training on the identification and management of

conflicts of interest that may impede the ability of members of the management body to

take objective and impartial decisions that aim to fulfil the best interest of the company; A

responsible dedicated person has been identified for conncected persons to discuss any

queries should they need assistance in determining whether a potential/existing conflict

exist.

• establishes the responsibility of the members of the management body to inform

other members of and abstain from voting on any matter where a member has or may

have a conflict of interest or where the member’s objectivity or ability to properly fulfil his or

her duties to the company may be otherwise compromised;

• prevents members of the management body from holding other directorships in

competing companies outside of the same group;

7. Responsibilities

To ensure the effective identification, management and reporting of the Conflicts of Interest, the

following roles and responsibilities are assigned:

7.1. Employees

• Identify and Report: all employees, managers, Board members, and any other connected

persons are responsible for identifying potential or actual Conflicts of Interest in the course

of their work and shall report these conflicts immediately to the Designated Responsible

Person, in accordance with the procedures outlined.

• Compliance: all employees must comply with all internal policies and procedures related

to Conflicts of Interest and refrain from engaging in any activities that could create conflicts

unless these are appropriately disclosed and managed.

• Ongoing Awareness: Individuals must remain vigilant in identifying and reporting Conflicts

of Interest as they arise and participate in any required training to ensure awareness of

their responsibilities.

7.2. Designated Responsible Person

• conducts regular reviews of the Conflicts of Interest policy, at least once annually, to

ensure ongoing compliance with both internal policies and external regulatory requirements.

Any material changes or risks identified during these reviews will be promptly reported to the

Board, along with recommended actions for improvement.

• Identifying and assessing Conflicts of Interest: The responsible person shall monitor the

business activities of the Company, identifying potential or actual/ existing conflicts, and ensures

appropriate measures are taken including the conduct of the risk assessment on the reported

conflict to manage associated risks.

• Record Keeping: The responsible person shall maintaining a Conflicts of Interest Register to

document all reported conflicts, actions taken, and the final outcomes. This register will be

reviewed periodically and updated as necessary.

• Investigation and Reporting: The responsible person will investigate any reported conflicts

and provide recommendations for managing or mitigating the conflict. Clear communication is

to be maintained with the individual who reports the conflict and escalate unresolved or severe

conflicts to senior management and/or the Board.

• Escalation: Reporting directly to the Board on conflict of interest matters, including providing

regular updates and making recommendations for improving conflict management practices.

• Regulatory Reporting: Where required, the Compliance Officer will liaise with regulatory

authorities to provide updates or reports on Conflicts of Interest that pose material risks to the

company or its clients.

• Training and Education: The responsible person ensures that all employees and connected

persons receive regular training on conflict of interest policies and their responsibilities,

enhancing awareness across the Company and their role to adhere to this policy.

The Designated Responsible Person operates independently of any business functions that could give

rise to Conflicts of Interest, ensuring objectivity and impartial decision-making. This independence is

critical to maintaining the integrity of the conflict of interest management process.

The Designated Responsible Person shall be granted full access to all necessary information,

personnel, and records within the Company to ensure comprehensive oversight and prompt resolution

of any Conflicts of Interest. This ensures the role is effectively carried out with the appropriate

resources.

7.3. The Compliance Officer

The Company has appointed the Compliance Officer, as the designated individual responsible

for the identification, prevention, management, disclosure, reporting and keeping up to date

records of Conflicts of Interest. The Compliance Officer holds the necessary authority, skills, and

independence to oversee all processes related to identifying, preventing, managing, and disclosing

Conflicts of Interest. The designated responsible person may be changed from time to time, as

decided by the Board of Directors subject to holding the necessary authority, skills and

independence to oversee all processes related to identifying, preventing, managing, disclosing

and reporting Conflicts of interest.

As part of the Compliance Monitoring plan, the Compliance Officer also ensures ongoing

monitoring of potential Conflicts of Interest and the effectiveness of implemented measures. The

Compliance Officer also ensures that it keeps records updated including the Conflicts of Interest Register.

7.4. Senior Management

• Support and Escalation: Senior management is responsible for providing support in

complex or severe conflict of interest cases that cannot be resolved through routine

procedures. Senior management shall review escalated conflicts and ensure appropriate

action is taken to resolve or mitigate the risks against the company and its clients.

• Policy Review: Senior management must regularly review the effectiveness of the conflict

of interest policy and recommend any significant changes to the policy. In addition, Senior

management shall review the performance of the designated responsible person in

carrying out their duties.

7.5. Board of Administration

• Oversight and Governance: The Board of Administration is responsible to define, adopt,

implement and monitor compliance with the company’s conflict of interest policies as

aligned with the Regulatory requirements. The Board of Administration oversees the

implementation of the governance arrangements to ensure effective and prudent

management of the company, including the segregation of duties to prevent conflicts of

interest. In this regard, the Board of Administration periodically assesses and reviews the

effectiveness of the policy and procedures adopted and address any deficiencies in this

respect.

• Strategic Decision Making: In cases where Conflicts of Interest involve strategic

decisions, the members of the Board shall ensure that these decisions are made

objectively and in the best interest of the company and its clients, without undue influence

from conflicting interests. Any conflicting interest shall be communicated and reported as

detailed in this policy under section 5.3 of this policy.

8. Remuneration considerations

The Company takes into account the interests of all their clients, in the short, medium or long term, as

well as the scale, the nature and range of crypto-asset services provided when putting into place the

remuneration arrangements so as not to create a conflict of interest or incentive that may lead the

persons to whom they apply to favour their own interests or the company’s interests to the potential

detriment of any client or that may lead the persons to whom they apply to favour their own interests to

the detriment of the company.

The company ensures that remuneration processes apply to its employees and any other natural person

whose services are placed at the disposal and under the control of the company who is involved in the

provision of crypto-asset services; members of its management body; and any natural person directly

involved in the provision of services to the company provided under an outsourcing arrangement for

the purpose of the provision of the crypto-asset services.

In order to further safeguard the interest of its clients, remuneration and similar incentives shall not be

solely or predominantly based on quantitative commercial criteria, and shall take into account

appropriate qualitative criteria reflecting compliance with the applicable regulations, the fair treatment

of clients and the quality of services provided to clients. A balance between fixed and variable

components of remuneration shall therefore be maintained at all times, so that the remuneration

structure does not favour the interests of the company or its connected persons against the interests of

any client.

Any direct links between the remuneration provided to the company’s employees, delegatees,

outsourcees, subcontractors or members of the management body principally engaged in one activity

and the remuneration of, or revenues generated by, different employees, delegatees, outsourcees,

subcontractors or members of the management body of the company principally engaged in another

activity, are removed if a conflict of interest may arise in relation to those activities.

9. Personal Transactions

A Personal Transaction is a transaction in a crypto-asset or resulting in a position in or exposure

to a crypto-asset effected by or on behalf of a connected person, where at least one of the following

criteria are met:

• the connected person is acting outside the scope of the activities he carries out in his

professional capacity;

• the transaction is carried out for the account of any of the following persons:

• the connected person;

• any person with whom a connected person has a family relationship or close links;

• a person in respect of whom the connected person has a direct or indirect material interest in

the outcome of the transaction, other than obtaining a fee or commission for the execution of

the transaction.

A personal relationship is defined as one of the following:

(a) the spouse of the connected person or any partner of that person considered by national law as

equivalent to a spouse;

(b) a dependent child or stepchild of the connected person;

(c) any other relative of the connected person who has shared the same household as that person for

at least one year on the date of the personal transaction concerned or the previous 5 years.

A connected person shall:

• be aware of the restrictions on personal transactions, and of the measures established by the

Company in connection with personal transactions;

• promptly inform the Company of any personal transaction entered into by a connected person,

either by notification of that transaction or by other procedures enabling the Company to identify

such transactions;

The company shall record the personal transaction notified to the Company or identified by the

company, including any authorisation or prohibition in connection with such a transaction.

The Company shall ensure that an employee or its officials do not enter into a personal transaction

which meets any of the following criteria:

• that person is prohibited from entering into a personal transaction if the transaction may give

rise to Market Abuse or inside information or insider dealing or market manipulation. Please

refer to the Prevention of Market abuse policy for further details on this matter.

• transaction involves the misuse or improper disclosure of confidential information; or;

• transaction conflicts or is likely to conflict conflicts or is likely to conflict with an obligation of the

company under the MICA Regulation (EU) 2023/1114.

In the case of outsourcing arrangements, the Company shall ensure that the entity to which the activity

is outsourced maintains a record of personal transactions entered into by any connected person and

provides that information to the company promptly on request.

A separate Personal Transactions Reporting policy is in place to support employees or its officials and

have clear guidelines and adequate arrangements regarding personal transactions performed by

themselves, which may give rise to Conflict of Interest.

10. Documentation and Record Keeping

All Conflicts of Interest reports and their outcomes will be documented and securely saved in

accordance with company policy. The Designated Responsible person will maintain a Conflicts of

Interest Register to track all reported conflicts, including:

• The date of the report.

• The nature of the conflict.

• The parties involved.

• The actions taken to mitigate or resolve the conflict.

• The final outcome.

Up-to-date records of all situations giving rise to actual and potential conflicts of interest shall be

kept, including the relevant crypto-asset services or activities, and of the measures taken to prevent

or manage such conflicts in the relevant situations.

Conflicts of Interest are reported to the Board of Administration on a quarterly basis, as part of the

Compliance Report which is prepared by the Company’s Compliance Officer. The Conflict of Interest

register shall remain available for inspection by regulatory authorities upon request.

10.1. will:

Follow-up and Monitoring of Conflicts of Interest

For any conflict of interest that requires ongoing monitoring, the Designated Responsible Person

• monitor the situation;

• conducts regular follow-up reviews to ensure effective controls of such conflict of interest;

• updates the Board as necessary on the status of the conflict.

10.2. Disclosure Obligations

The Company is committed to providing clients with clear and sufficient information regarding any

Conflicts of Interest that may arise and could affect the services provided.

Where a conflict of interest cannot be prevented or managed, the Company will disclose the

general nature, source, and mitigation measures of the potential / existing Conflict of Interest to its

clients, to allow clients to make an informed decision about whether to proceed with the service.

Information shall include the steps the Company has taken to mitigate the conflict, as well as any

remaining risks that the client should consider to ensure full transparency and compliance with

regulatory obligations. In such circumstances, the Company shall put this information in a

prominent place on its website, disclosing to its existing clients and prospective clients the general

nature and sources of conflicts of interest and the steps taken to mitigate them.

The purpose of disclosing Conflicts of Interest is to ensure transparency and allow clients to make

informed decisions based on situations that may influence the services they receive or the

impartiality of the Company.

10.2.1 Disclosure Content

• Nature of the Conflict: A concise description of the conflict of interest, explaining the activities

or relationships that create the conflict.

• Source of the Conflict: Information on the source of the conflict, whether it is internal (e.g.,

personal interests or business ties of connected persons) or external (e.g., relationships with

third parties or investments).

• Impact on Clients: An explanation of how the conflict may impact the services provided to

clients or the impartiality of decision-making.

• Steps Taken to Mitigate the Conflict: A description of the measures taken by the Company to

mitigate or manage the conflict, such as the implementation of information barriers, the

segregation of duties, or the use of independent decision-makers.

10.2.2 Disclosure Communication

Disclosures shall be available to clients at all times and on any devices. Where the company makes

disclosures available on the relevant device, the company should also provide a link to the disclosures

on its website. The following methods in all languages used by the Company to market its services:

• Website Disclosure: Disclosures will be made available in a clear and prominent location

on the Company’s website, providing clients with easy access to information on Conflicts

of Interest.

• Direct Communication: For specific conflicts related to individual clients, disclosures will

be made directly to the client through email or another agreed method of communication.

10.2.3 Disclosure Timing

Disclosures will be made as soon as a conflict of interest is identified and cannot be fully

mitigated by internal controls. This ensures that clients receive timely information, enabling them to

make informed decisions regarding their services.

10.2.4 Clients’ Rights

Clients will be provided with sufficient information to decide whether to proceed with the service in light

of the disclosed conflict of interest. Clients have the right to:

• request further details on the nature and mitigation of the conflict;

• discuss alternative measures or request additional safeguards from the Company; or;

• decline the service if they believe the conflict poses a significant risk to their interests.

11. Review and Approval

The Compliance Officer shall regularly review and recommend update on the Conflicts of Interest policy

to ensure that they remain effective and compliant with evolving regulatory requirements. The review

shall cover:

• An annual review of internal systems and controls to identify any gaps or areas for improvement.

• Regular training of employees to ensure they are aware of their responsibilities in preventing,

managing, and disclosing Conflicts of Interest.

• Monitoring compliance with policies and reporting to senior management as necessary.

The Board of Administration is responsible for approving the Conflicts of Interest Policy at least, once

annually.

The Board of Administration shall seek advice from the Compliance Unit prior to approving any changes

to this Policy. Approved changes will be documented in this Policy, which will be distributed to all

identified staff as defined within this policy, and clients, as detailed in this policy.