RISK APPETITE STATEMENT

Established by the decision of the Management Board of FINAURA OÜ (registry code 14696643)

(hereinafter referred to as the “Company”) on 30.06.2020.

Registration Code: 14696643

Registered address: Roosikrantsi 2-768K, 10119 Tallinn, Estonia Company Main

Business Activities: providers of a virtual currency service

www.finaura.eu

General provisions 3 Definitions 3 Description of the activities of the Provider of service 4 Compliance Officer

4 Application of due diligence measures 5 Normal due diligence measures 6 Identification of Clients 6

Establishing the purpose and actual substance of a Transaction 12 Simplified due diligence measures 12

Enhanced due diligence measures 13 Risk assessment 13 Registration and storage of data 19 Reporting,

including of suspicious Transactions 20 Implementation of International Sanctions 21 Training 22 Internal

audit and amendment of the Rules 22 Form 1 – virtual currency [wallet/exchange] service 24 Exhibit 1 27

Exhibit 2 28

www.finaura.eu

1. Introduction

1.1. This Risk Appetite Statement (RAS) is essential to the risk management framework. 1.2. The objective of

the Ras is to help us make decisions about risk. It provides guidance in terms of: 1.2.1. The amount of risk that

the Company Is willing to pursue, retain, accept or tolerate to achieve our strategic and operational

objectives.

1.2.2. Embedding risk management as part of our decision making.

1.2.3. Ensuring that an appropriate level of risk taking is being applied in our daily work. 1.2.4. The

purpose of the risk assessment provided in the Money Laundering and Terrorist Financing Prevention

Act (“hereinafter, “the Act””) is to define the possible risks and measures in the economic activities of

the Company and how to mitigate these risks.

2. Definitions

2.1. Client – means a person or legal entity that wishes to conduct a business relationship with the Company.

2.2. Risk appetite – refers to the amount and type of risk that our Company is comfortable to accept to achieve

our objectives. It balances the benefits of change or innovation with the threats that the change may

bring. It sets the boundaries for the risks we can tolerate in our activities and helps us find the balance

between risk taking and risk avoidance.

2.3. Virtual Currency – means a value represented in the digital form, which is digitally transferable, reservable

or tradable and which natural persons or legal persons accept as a payment instrument, but that is not

the legal tender of any country or funds for the purposes of Article 4(25) of Directive (EU).

2.4. Virtual Currency Exchange Services – rmeans a service with the help of which a person exchanges a virtual

currency against a fiat currency or a fiat currency against a virtual currency or a virtual currency against

another virtual currency.

2.5. Virtual Currency Wallet Services - means a service in the framework of which keys are generated for clients

or clients’ encrypted keys are kept, which can be used for the purpose of keeping, storing and

transferring virtual currencies.

2.6. High-Risk Third Country – means a country specified in a delegated act adopted on the basis of Article 9(2)

of Directive (EU) 2015/849 of the European Parliament and of the Council on the prevention of the use

of the financial system for the purposes of money laundering or terrorist financing, amending

Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive

2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC.

2.7. Money Laundering – means the conversion or transfer of property derived from criminal activity or property

obtained instead of such property, knowing that such property is derived from criminal activity or from

an act of participation in such activity, for the purpose of concealing or disguising the illicit origin of the

property or of assisting any person who is involved in the commission of such an activity to evade the

legal consequences of that person’s actions; the acquisition, possession or use of property derived from

criminal activity or property obtained instead of such property, knowing, at the time of receipt, that such

property was derived from criminal activity or from an act of participation therein; and the concealment

or disguise of the true nature, source, location, disposition, movement, rights with respect to, or

ownership of, property derived from criminal activity or property obtained instead of such property,

knowing that such property is derived from criminal activity or from an act of participation in such an

activity.

3. Core Principles

3.1. Overall, the Company has a balanced approach to risk. Our risk appetite is based on our core values and

aligned to our strategic objectives. It is important to remember that risk management is not purely

about avoidance of risk. Our vision and strategic objectives require that we manage risk based on value.

3.2. We accept that risk is commensurate with potential reward such as growth, transformation and

innovation.

3.3. The key aspects of achieving balance are:

3.3.1. Ensuring ethical and effective governance practices, including responsible management of

resources.

3.3.2. Capitalizing on opportunities that promote growth, transformation and innovation, while

avoiding unnecessary negative impacts.

3.3.3. Preventing a culture that is risk averse and stifles growth, transformation and innovation. 3.3.4.

Fostering a culture that supports value-based assessment and management of risks. 3.4. The following core

principles provide context for decision-makers in applying the RAS: 3.4.1. The RAS is not an exhaustive list that

addresses every situation but provides general guidelines. 3.4.2. Everyone is empowered to interpret the RAS

to make pragmatic, risk-based decisions in the best interest of the Company and its shareholders.

www.finaura.eu

3.4.3. The RAS is a forward-looking expression of risk appetite. It reflects our tolerance for accepting new

or developing risks (in addition to current risks) in achieving the Company's strategic objectives.

3.4.4. Our risk appetite and risk tolerance are dynamic and will change over time in response to

different drivers.

3.4.5. All decisions align with the Company's Strategy and Mission, Vision and Values.

4. Key Risk Appetite Concepts

4.1. Our risk appetite is a reflection of the Company's risk profile and capacity to take risks.

4.2. We use the following concepts in defining appetite:

4.2.1. Risk profile — this is our overall position on risk. It considers the type and amount of risk the

Company is exposed to across all risk categories.

4.2.2. Risk capacity —the maximum level or ‘ability' of the Company to accept risk in each risk

category.

4.2.3. Risk appetite — the amount and type of risk the Company is comfortable to accept to achieve its

objectives.

4.2.4. Risk tolerance (upper and lower limits) — the level (generally quantitative) of risk which, if reached,

would require an immediate escalation and corrective action. A breach of tolerance is a breach

of risk appetite The RAS sets boundaries for the Company to identify and control our risk

capacity, risk profile, and risk appetite when evaluating and pursuing our strategic objectives.

5. Statements of

Risk Appetite

5.1. Risk appetite

statements are aligned to categories of risk.

5.2. The table attached hereto under Annex 1, summarizes the Company’s risk appetite within each of our risk

categories.

5.3. We recognize that our appetite for risk varies according to the activity undertaken. Our acceptance of risk

is always subject to ensuring that the potential benefits and risks are fully understood before activities

are authorized, and that sensible measures to mitigate risk are established where required.

6. Risk Appetite Ratings

6.1. The table below lists our Risk Appetite Ratings.

Risk Appetite

Ratings

Description of Criteria Risk Response

Zero Appetite Low Appetite

The Company is not willing to

accept risks, threats, opportunities

under any circumstances. All

reasonably practicable measures

to eliminate the risk must be

taken.

Safe approaches should be taken,

but the cost of controls /

mitigation should be carefully

evaluated to ensure they achieve a

reasonable outcome. A strong

preference for strategies and plans

that present minimal risk.

www.finaura.eu

Unacceptable / No tolerance

Cautious

Moderate Appetite

Can accept a degree of

uncertainty to achieve an

intended outcome providing that

effective measures are in place to

monitor the risk and limit adverse

outcomes.

Tolerable / Conservative

High Appetite

Comfortable for risks to be taken even if there is a high degree of

uncertainty to gain

highly valued reward/s.

Acceptable.

7. Risk Assessment

7.1. For the purpose of identification, assessment and analysis of risks of money laundering and

terrorist financing related to their activities, the Company prepares a risk assessment, taking