ACCEPTANCE POLICY

HiPay SAS

VERSION 10 (10/2023)

94, rue de Villiers - 92300 Levallois-Perret

S.A.S au capital de 11 125 143.00€ - RCS Nanterre B 390 334 225

Summary of Changes

OWNER OF THE MACRO-PROCESS

Name

First name

Fonction

Pirau

d

Matthieu

Chief Risk Compliance and Permanent Control Oﬃcer

OWNER OF THE PROCESS

Name

First

name

Fonction

Piraud

Matthieu

Chief Risk Compliance and Permanent Control Oﬃcer

WRITING

APPROVAL

By

Date

By

Date

Lara Baguet

05/2022

Geneviève Guintran/Grégoire Bourdin

13/05/2022

VALIDATION

Owner of the Macro-process

(OM)

Risk Committee

OM’s Name

Date

Members’ Names

Date

Matthieu

Piraud

13/05/2022

Stéphanie Le Beuze; Yvan

Lefranc-Morin; Grégoire Bourdin;

Geneviève Guintran; David Cohen ;

Jérôme Daguet ; Thomas Nansot ;

Matthieu Piraud; Sarah Smirnow;

Julien Soudée.

24/06/2022

VERSIONNING

Ve

rsi

on

Date

Commentary

01

24/06/2022

Creation of the policy for both perimeters of HiPay SAS

02

31/08/2022

Approval of new EMIs

03

22/09/2022

Adding Switzerland to the appendix 3 - Merchant registration

countries

04

18/10/2022

Approval of new EMIs

05

27/01/2023

Approval of new EMIs

06

07/03/2023

Approval of new EMIs

07

25/04/2023

Approval of new EMIs Approval Andorra as registration country

08

27/06/2023

Approval of new EMIs

09

05/07/2023

Approval of new PI / News activities lists / Countries Lists Update

10

31/10/2023

Approval of new PI/EMIs

Document destination

RECIPIENTS

Conﬁdential =

Owner Team only)

(Yes/No)

Internal = Listed HiPay

Teams only

(Yes/No)

Recipient Teams

No

All HiPay

External

 Summary 
 Introduction   5 
 Deﬁnitions   5 
 Illegal lines of business   5 
 Refused lines of business   6 
 Lines of business subject to authorization   6 
 Merchant registration countries   6 
 Countries in which the merchant can neither carry out his activity nor domicile his outpayment 
 account   7 
 Outpayments to an Electronic money institution or a Payment institution account   7 
 Appendix 1   9 
 Appendix 2   10 
 Appendix 3   11 
 Appendix 4   13 
 Appendix 5   14 
 Appendix 6   15 

Introduction

The purpose of this policy is to establish the requirements of HiPay SAS when entering into a

business relationship with a prospect or during the course of a business relationship with a

customer in order to offer a quality service while guaranteeing risk prevention, compliance with the

rules established by the card networks, compliance with the regulations in force and the HiPay Risk

Policy.

HiPay is responsible for setting up and monitoring knowledge of its customers with regard to its own

risk policy, its AML Policy and the regulations in force.

Since the risks vary according to the economic model of the merchant (whether prospect or

customer), HiPay carries out a risk analysis considering the speciﬁcity of each merchant.

This policy aims to categorise the conditions to enter into a relationship with a merchant as well as

the continuation of the business relationship in the event of a change in the merchant's situation.

These guidelines apply to all of HiPay SAS.

HiPay reserves the right to modify these conditions at any time.

Deﬁnitions

«Merchant» refers to prospect or customer of HiPay.

« Prospect » refers to the merchants with which HiPay plans to enter into a relationship with.

«Customer» refers to merchants which are already in a relationship with HiPay.

«End user» refers to the merchant’s customer.

Illegal lines of business

HiPay does not accept merchants whose line of business is illegal under applicable domestic law of

the country in which:

● The merchant is registered; or

● The merchant is actively marketing its products/services; or

● HiPay is registered.

Depending on the applicable law, the merchant's activity may be considered legal or illegal. It is

therefore necessary to seek the advice of the legal department in order to determine the legality of

an activity in the country concerned and the conditions attached to it.

Refused lines of business

Some lines of business, although legal, can carry a risk level too high regarding HiPay’s Risks and

AML-CTF Policies.

HiPay refuses any merchant whose line of business is on this list.

This list is available in appendix 1.

HiPay reserves the right to modify this list at any time.

Regardless of the line of business, recurring payments are refused on the Professional platform.

Lines of business subject to authorization

The prior authorisation request applies to merchants operating in good faith in certain business

sectors considered high risk ( AML-CTF or Fraud Risks ) according to HiPay's risk classiﬁcation.

For this category of merchants, additional requirements and guarantees may be requested

HiPay may accept these merchants under some conditions. All lines of business listed under the

subject to authorization category require approval from the HiPay Client acceptance Committee.

The lists of these lines of business are available in appendix 2 ( AML-CTF risk ) and appendix 6

( Fraud risk ).

Some of these activities are refused on the Professional platform. These activities are identiﬁed in

appendix 2 by an *.

These lines of business include high risk merchants per payment schemes.

Merchant registration countries

HiPay is only allowed to open business relationships with merchants registered in a country in which

Hipay holds EU passporting enabled by its licence, under the freedom to provide services or any

other speciﬁc licence.

This list is available in appendix 3.

The list of HiPay’s passports is also available on the REGAFI website:

https://www.regaﬁ.fr/spip.php?rubrique1 .

Countries in which the merchant can neither carry out his

activity nor domicile his outpayment account

Due to international sanctions and embargoes, business relations with certain countries are

restricted.

As a result, transactions to or from these countries may be prohibited.

In addition, HiPay reserves the right to prohibit transactions to or from certain countries according to

a risk based approach associated to these transactions pertaining to HiPay's Risk Policy and

AML/CFT Policy.

Countries in which the merchant can neither carry out his activity nor domicile his outpayment

account.

This list is available in appendix 4.

The following consequences result from these restrictions:

- The merchants cannot target countries included in this list;

- The country of the settlement’s bank account cannot be included in this list.

Outpayments to an Electronic money institution or a

Payment institution account

Electronic money institutions (EMIs) and payment institutions (PIs) present additional risks

compared to credit institutions.

The Compliance team is responsible for analysing any new EMI/PI, which has to be submitted to the

Client Acceptance Committee for approval.

The list of approved EMIs/PIs is available in appendix 5.

Appendix 1

Refused lines of business

Refused activities

Validation : 07/2023

Adult content websites (including nudity or any direct reference to sexual encounters)

Any service providing secondary support of illegal acvies

Beauty pageants/contests involving children

Business investment opportunies operang as get rich quick schemes (including those based on

hierarchical/pyramids, mul-level markeng, Ponzi schemes, chain leers requiring donaons, gi

giving that encourages one to recruit people into a club in order to receive a return on investment)

Cash advances, cheque cashing

Claims Management Services (e.g. PPI, PBA, SERPS compensaons)

Cryptocurrencies – anonymous (digital or virtual currency that uses cryptography for security including

but not limited to bitcoin)

Escort services

Filesharing & online storing (due to risk of infringement on copyrights)

Gold & precious materials & precious stones

Merchants, principals or related enes previously idenﬁed by regulators or card scheme for

decepve pracces or any violaon of standards

Money transfer services or Money Service Businesses (money transmiers, wire transfers,

issiung/selling/redeeming of money orders or travelers cheques, cash advances, cheque cashing,

online vouchers)

Pay day lenders and/or pay day loan facilitator

Penny aucons

Pharmaceucal (prescripon drugs) – sale of non-face-to-face

Polical acvies

Prepaid cards (anonymous)

Private local network currencies e.g. Monnaie Locale Complémentaire (MLC). Some examples include

Coopek, Sol- Violee, Eusko etc.

Religious acvies

Sale of certain types of drugs or chemicals (such as synthec drugs; salvia divinorum, psilocybin

mushrooms and spores, and nitrite inhalants)

Sale of weapons (for personal or commercial use even if licensed)

Trade in animals (live or dead) and animal products of any nature (per internaonal trade guidelines)

Appendix 2

Lines of business subject to authorization

Activities with an * are refused for Professional

High risk industries

Validation : 07/2023

Industry

Administrave assistance (of all kinds)

Adversing inserts

agribusiness

aircra industry

Any business model including cash back, “free gi/ prize”, guaranteed rebate, refund, sweepstakes as an

inducement to purchase a product/service

Arms industry*

associave and humanitarian sector

Automove sector (except res)

Binary opon brokers/dealers

construcon industry

Corporate consulng

Crowdfunding/crowdlending services*

Cryptoassets (non anonymous)*

Digital Markeng

Energy industry*

Extracve industry*

Financial services (including new alternave payments methods, online banking e.g. neobanks)

Foreign exchange, forex (including buying, selling and exchanging of currencies)*

Fortune telling

Gambling*

Gaming and digital goods

Gi Cards*

healthcare (including pharmacies and drug stores) and research instuons

Insurance agents/brokers

Internet dang sites

IT consulng and tech support

Luxury Jewellery

Military equipment*

Industry

Mobile phone company/pre-owned mobile phone retailer

Nutraceucals (dietary supplements) : Product must not include any ingredient or substance that are:

- regulated or require a license or prescripon;

- illegal or prohibited by law or the schemes such as synthec drugs, salvia divinorum, psilocybin

mushrooms and spores, and nitrite inhalants.

Merchants are required to list ingredients.

Para-pharmacies (nonprescripon products only).Product must not include ingredients that are regulated or

require a license or prescripon.

Pay TV subscripons

Private auconing*

Public auconing*

public body

Real estate*

scienﬁc acvies

Self-employed worker

Shipping industry

Tobacco products (excluding e-cigarees and smokeless cigarees)*

VPN Access, Web hosng services and Computer Network/Informaon Services

Appendix 3

Merchant registration countries

Pays d'immatriculation du marchand

Date de publication : 04/2023

ISO

Pays

Area

AD

Andorre (e-commerce)

Other

AT

Austria

EU

BE

Belgium

EU

BG

Bulgaria

EU

HR

Croatia

EU

CY

Cyprus

EU

CZ

Czech Republic

EU

DK

Denmark

EU

EE

Estonia

EU

FI

Finland

EU

FR

France

EU

ISO

Pays

Area

DE

Germany

EU

GR

Greece

EU

HU

Hungary

EU

IE

Ireland

EU

IT

Italy

EU

LV

Latvia

EU

LT

Lithuania

EU

LU

Luxembourg

EU

MT

Malta

EU

NL

Netherlands

EU

PL

Poland

EU

PT

Portugal

EU

RO

Romania

EU

SK

Slovakia

EU

SI

Slovenia

EU

ES

Spain

EU

SE

Sweden

EU

CH

Switzerland (e-commerce)

other

UK

United Kingdom (e-commerce)

other

IS

Iceland

EEA

LI

Liechtenstein

EEA

NO

Norway

EEA

Appendix 4

Refused transactions

Refused transacons countries

GAFI + embargos/sancons + fraud ﬁghng

Validaon : 07/2023

Iso

Country

AF

Afghanistan

AL

Albanie

BB

Barbados

KH

Cambodia

CF

Central African Republic

CG

Congo (Brazzaville)

CU

Cuba

GQ

Equatorial Guinea

ER

Eritrea

ET

Ethiopia

GH

Ghana

GN

Guinea

GW

Guinea-Bissau

HT

Hai

IR

Iran

IQ

Iraq

JM

Jamaica

LR

Liberia

LY

Libya

MM

Myanmar (Burma)

NA

Namibia

NI

Nicaragua

KP

North Korea

PK

Pakistan

PA

Panama

SO

Somalia

LK

SriLanka

SD

Sudan

SY

Syria

TJ

Tajikistan

TT

Trinidad & Tobago

UG

Uganda

YE

Yemen

Appendix 5

Approved EMIs Pis

Name

Country of registration

Approval

Aion Bank

Belgium

31/12/2021

Airwallex

Netherlands

29/8/2023

ANNA Money

UK

1/8/2023

Anyme

Belgium

27/9/2022

Blank SAS

France

5/7/2022

Bunq

Netherlands

30/8/2022

Currenxie

UK

27/1/2023

Ebury

UK

30/8/2022

Equals group PLC

UK

19/9/2023

FINOM

Netherlands

30/8/2022

Fire Financial Services Limited

UK/Ireland

25/11/2021

iBanq (IFX Payments Limited)

UK

26/4/2022

ISX Financial EU PLC

Cyprus

26/7/2022

KNAB

Netherlands

21/3/2023

Manager.one

France

31/12/2021

Monese

UK

27/12/2019

Monzo

UK

27/12/2019

N26

Germany

27/12/2019

Paykrom

France

28/2/2023

Payoneer

UK

15/6/2021

Paysera LT

Lithuania

18/10/2022

Pennylane

France

4/7/2023

Penta

Germany

26/7/2022

Qonto

France

27/12/2019

Revolut

UK

27/12/2019

Shine

France

27/12/2019

Sogexia

Luxembourg

6/12/2022

Starling Bank

UK

20/6/2023

SumUp

Ireland

17/1/2023

SWAN

France

30/8/2022

Transferwise

UK

27/12/2019

Treezor

France

1/4/2021

Viva Wallet

Greece

27/9/2022

Worldﬁrst

UK

26/7/2022

Appendix 6

List of fraud risk activities

Fraud risk activities

Validation : 07/2023

Activities

Car accessories (res, spare parts, ...)

Digital goods and services

Drugstore and cosmecs

Fortune telling

Fuel cards (ex : Total)

Gi cards

High Tech products (Mobiles, digital pads, computers, ...)

Hotels, resorts and vacaon rental (tourists accommodaons)

iGaming, online gaming

Luxury jewellery (watches, gemstones etc.)

Meal delivery

Online gambling (poker, sports bets, ...)

Sell of sports goods

Sell of well-known brands products

Tickeng: Purchase of ckets for events (concerts, fesvals etc.), leisure parks, exhibions,....

Tourist coaches

Travel agencies and tour operator

Vehicules rental (car, motorbike, scooter, boat, ...)