GET STARTED
NORTYX

Geoblocking & Restricted Jurisdictions Policy

How Nortyx determines where its services may be accessed, what is restricted or prohibited, and how jurisdictional controls work in practice.

 Last updated 15.06.2026

1. Purpose of This Policy

The purpose of this Anti-Money Laundering, Counter-Terrorist Financing and Sanctions Policy (the “Policy”) is to describe Nortyx’s public approach to financial crime prevention in connection with its website, onboarding processes, client portal, crypto-asset exchange services, transaction services, customer-support channels and related online services. 

 

For the purposes of this Policy, “financial crime” includes money laundering, terrorist financing, proliferation financing, sanctions evasion, fraud, bribery, corruption, tax crime, cyber-enabled financial crime, scams, ransomware, identity misuse, illicit concealment and activity designed to disguise the origin, ownership, destination, purpose or control of funds or crypto-assets. 

 

This Policy does not create a right for any person to access Nortyx’s services. Nortyx may refuse, suspend, restrict, delay, terminate or report any relationship, account, transaction, wallet address, payment method, counterparty or activity where required or appropriate under applicable law, regulatory expectations, sanctions requirements, partner requirements or Nortyx’s risk assessment.

2. Regulatory Position and Important Status Note

Nortyx is structured in this Policy by reference to a Finland/EU crypto-asset-related business model, without implying any specific regulatory authorisation or licensing status. Where a service requires authorisation, registration, notification, passporting or other regulatory entitlement, Nortyx will provide that service only where it is legally permitted, authorised or otherwise entitled to do so under applicable Finnish and European Union law. 

 

Nothing in this Policy should be read as a statement that Nortyx already holds a regulatory authorisation, licence or registration unless that status is separately confirmed on Nortyx’s website or in an official register. If Nortyx has not yet commenced regulated activity, references to controls, processes and obligations describe the framework Nortyx intends to maintain before and during the provision of services. 

 

Nortyx’s AML/CFT and sanctions framework is designed for services that may include, where supported and legally permitted, account registration, customer onboarding, exchange of crypto-assets for funds, exchange of crypto-assets for other crypto-assets, fiat on-ramp or off-ramp activity, crypto-asset transfer support, delivery of crypto-assets to customer-provided external wallet addresses, blockchain analytics, transaction monitoring and related compliance controls.

3. Scope

This Policy applies to all persons and entities that access, attempt to access, register for, use or benefit from Nortyx’s services. This includes website visitors, prospective clients, individual users, verified clients, rejected applicants, former clients, business users where supported, representatives, directors, officers, beneficial owners, controllers, authorised persons, payers, payees, transaction counterparties, external wallet address owners or controllers and any other person connected with a transaction or service request. 

 

For the purposes of this Policy, references to “you” include any individual, legal entity, representative, wallet address owner or controller, transaction counterparty or other person accessing or attempting to access Nortyx’s services. 

 

This Policy applies to all supported and attempted activities, including account registration, onboarding, KYC verification, login access, fiat payment processing, crypto-asset exchange, transaction monitoring, external wallet address screening, blockchain analytics, customer support and any other service made available by Nortyx.

4. Service Availability Categories

Nortyx classifies countries, territories, regions, persons, entities, payment methods, transaction corridors and wallet address exposures into access categories. These categories may change at any time. 

 

A Supported category means jurisdictions where Nortyx has determined that the relevant service may be offered. In such cases, access may be permitted subject to onboarding, verification and ongoing monitoring.

 

 A Restricted category means jurisdictions, persons, transactions or wallet exposures requiring enhanced review or limitations. In such cases, Nortyx may apply enhanced due diligence, transaction review, service limits, manual approval or rejection. 

 

A Prohibited category means jurisdictions, persons, wallet addresses, entities or activity that Nortyx must not support or has decided not to support. In such cases, access will be blocked, onboarding refused, transactions rejected or the relationship terminated.

 

 An Unsupported category means locations or corridors that Nortyx has not assessed, does not operationally support, or cannot service through partners. In such cases, no onboarding or only limited access may be available unless formally approved. 

 

A country or region being classified as supported does not guarantee onboarding or transaction approval. Nortyx may still refuse or restrict services based on sanctions, identity verification results, source of funds concerns, transaction monitoring alerts, fraud indicators, wallet screening results, Travel Rule requirements, payment risks, legal obligations or other risk factors.

5. Supported Jurisdictions

Nortyx may make services available only in jurisdictions that have been approved through its internal jurisdictional assessment process. Supported jurisdictions may depend on the specific service, crypto-asset, fiat currency, payment method, wallet address type, client type and transaction flow. 

 

Where Nortyx operates as a Finland-based company, services may be prioritised for Finland and, where legally supported and operationally enabled, other EU or EEA jurisdictions. Cross-border services may be subject to authorisation, notification, passporting, local law assessments, product restrictions and partner availability. 

 

Nortyx may decide not to support a jurisdiction where local law is unclear, where the relevant service may require local licensing or registration, where partner infrastructure is unavailable, where regulatory expectations are uncertain, or where financial crime, sanctions, fraud, cybersecurity or reputational risk exceeds Nortyx’s risk appetite.

6. Prohibited Jurisdictional Connections

Nortyx will not knowingly provide services where doing so would breach applicable law, sanctions, asset- freezing obligations, terrorist financing restrictions, anti-money laundering requirements, court orders, regulatory instructions or partner restrictions. 

 

Nortyx may block, reject or restrict any account, transaction, payment method, wallet address, counterparty or activity connected to: 

 

  • a country, territory or region subject to applicable EU, UN or other legally relevant sanctions or restrictive measures; 
  • a person, entity, organisation, vessel, wallet address or crypto-asset service provider subject to applicable sanctions, asset freeze, terrorist property, listed person or equivalent restrictions; 
  • a person or entity owned, controlled by, acting for, or operating on behalf of a sanctioned or restricted person or entity; 
  • a jurisdiction subject to comprehensive or sectoral restrictions that prevent Nortyx from providing the relevant service; 
  • a transaction, wallet address or blockchain exposure linked to sanctions evasion, darknet markets, ransomware, stolen funds, terrorist financing, proliferation financing, mixers, obfuscation services or other prohibited activity; 
  • a jurisdiction, counterparty, wallet cluster, platform or payment corridor that Nortyx has classified as prohibited under its internal risk framework. 

 

Prohibited jurisdictional connections may apply even where only part of a transaction, payment chain, blockchain exposure, ownership structure or control relationship is connected to a prohibited jurisdiction, person, entity or wallet address.

7. Restricted and High-Risk Jurisdictions

Nortyx may treat certain jurisdictions as restricted or high risk due to strategic AML/CFT deficiencies, FATF statements, EU high-risk third country status, sanctions exposure, corruption risk, organised crime, terrorist financing, proliferation financing, cybercrime, scam activity, crypto-asset typologies, payment risk, weak supervision, regulatory uncertainty or partner requirements. 

 

Restricted or high-risk jurisdictional connections may result in enhanced due diligence, additional questions, source of funds or source of wealth review, beneficial ownership verification, senior approval, transaction limits, manual transaction review, wallet address restrictions, delayed processing, refusal of service or account termination. 

 

A restricted jurisdiction connection may arise from residence, nationality, citizenship, incorporation, business operations, beneficial ownership, control, payment method country, bank account country, IP address, device location, wallet address exposure, transaction origin, transaction destination, Travel Rule information or other indicators.

8. Unsupported Jurisdictions and Services

Some jurisdictions may be unsupported because Nortyx has not assessed them, cannot provide the service lawfully, cannot complete required compliance controls, cannot process payments, cannot support the relevant crypto-asset, cannot obtain adequate blockchain risk information, cannot complete Travel Rule processing, or is unable to support local legal, tax, reporting or regulatory expectations. 

 

Unsupported jurisdictions are not necessarily prohibited by law. They are jurisdictions or transaction corridors that Nortyx does not currently support. Nortyx may decline onboarding, block access or reject transactions from unsupported jurisdictions until the relevant jurisdiction or service has been approved internally. 

 

Nortyx may also restrict access where a service is available for one user type but not another, for example where individual clients are supported but business users, legal entities, trusts, nominees, brokers, intermediaries, agents or high-risk business models are not supported.

9. Location, Identity and Wallet Screening Indicators

Nortyx may use a range of indicators to assess whether a user, transaction, payment method, wallet address or counterparty is connected to a supported, restricted, prohibited or unsupported jurisdiction. These indicators may include: 

 

  • IP address, device information, browser information, login location and geolocation indicators; 
  • VPN, proxy, Tor, hosting, emulator, remote access or anonymisation indicators; 
  • residential address, proof of address, nationality, citizenship, country of residence and identity document country; 
  • business address, place of incorporation, operating jurisdiction, ownership and control information, where business users are supported; 
  • payment method country, bank account country, payer and payee details, fiat payment data and refund destination; external wallet addresses, blockchain transaction hashes, wallet screening results and blockchain analytics information; 
  • Travel Rule information, originator and beneficiary information, transaction purpose and counterparty information where applicable; 
  • sanctions, PEP, adverse media, fraud, cybersecurity and transaction monitoring alerts; 
  • information from verification providers, payment providers, banking partners, blockchain analytics providers, compliance tools and public sources. 

 

If indicators are inconsistent, incomplete, suspicious or suggest a restricted or prohibited connection, Nortyx may request additional information, conduct manual review, restrict access, delay processing or reject the relevant account, transaction or wallet address.

10. Geoblocking and Access Controls

Nortyx may apply technical, operational, automated and manual controls to identify and restrict access from restricted, prohibited or unsupported jurisdictions. These controls may be applied before onboarding, during account use, at login, before transaction execution, before crypto-asset delivery, during refund processing or as part of ongoing monitoring. 

 

Geoblocking and access controls may include IP-based blocking, device and browser checks, VPN and proxy detection, Tor and anonymisation detection, location monitoring, address verification, payment country checks, sanctions screening, KYC checks, wallet screening, blockchain exposure analysis, transaction monitoring, Travel Rule checks, fraud monitoring, cybersecurity monitoring, manual compliance review and partner-required restrictions. 

 

Nortyx may update or adjust these controls without prior notice where necessary to comply with law, sanctions, regulatory expectations, partner instructions, cybersecurity needs or risk-management requirements.

11. No Circumvention

Users must not attempt to bypass Nortyx’s jurisdictional, geoblocking, sanctions, wallet screening, KYC, Travel Rule, fraud-prevention or transaction monitoring controls. The following activities are prohibited:

 

  • accessing or attempting to access Nortyx’s services from a restricted, prohibited or unsupported jurisdiction;
  • using VPNs, proxies, Tor, hosting services, remote access tools, anonymisation tools or similar technologies to conceal location or bypass controls; 
  • providing false, misleading, incomplete or inconsistent identity, address, residency, nationality, business, ownership, payment, wallet address or transaction information; 
  • using another person’s account, identity, device, payment method or wallet address to bypass this Policy; 
  • processing transactions for persons, entities or counterparties located in or connected to restricted or prohibited jurisdictions; 
  • using wallet addresses, payment methods, intermediaries or transaction structures to conceal a restricted or prohibited connection; 
  • assisting another person or entity in bypassing this Policy or Nortyx’s compliance controls. 

 

Nortyx may treat attempted circumvention as a material breach of its terms and may report suspicious or prohibited activity to competent authorities where required or permitted by law.

12. Actions Nortyx May Take

Where Nortyx determines or suspects that this Policy has been breached, or that a user, transaction, payment method, wallet address, counterparty or activity is connected to a restricted, prohibited or unsupported jurisdiction, Nortyx may take one or more actions: 

  • refuse onboarding or deny registration; 
  • block access to the website, platform or account; 
  • restrict login, account functionality or transaction activity; 
  • request additional information, documents or explanations; 
  • apply enhanced due diligence, wallet review or manual transaction review;
  • reject, delay, cancel or decline transactions;
  • reject or restrict external wallet addresses; 
  • delay, hold, restrict or refuse refunds where legally permitted or required;
  • suspend or terminate the relationship;
  • retain records as required or permitted by law; 
  • report suspicious activity, sanctions concerns, fraud, terrorist financing, proliferation financing or other reportable matters to competent authorities where required or permitted by law. 

 

Nortyx may be unable to return funds or crypto-assets where doing so would breach sanctions, legal obligations, court orders, regulatory instructions, partner restrictions or Nortyx’s compliance controls. Any refund, reversal, transaction completion or asset delivery is subject to law, operational feasibility, compliance approval and contractual terms.

13. User and Business User Responsibilities

You are responsible for ensuring that your access to and use of Nortyx’s services is lawful in your location and consistent with this Policy. You must provide accurate, complete and up-to-date information about your identity, location, residency, nationality, payment method, wallet address, transaction purpose, source of funds where requested and any other information required by Nortyx. 

 

Where Nortyx supports business users, the business user must ensure that its ownership, control structure, authorised representatives, customer base, operating locations, transaction flows, payment methods, wallet addresses, source of funds, source of revenue and geographic exposure comply with this Policy. Business users must not use Nortyx to process transactions for restricted or prohibited persons, jurisdictions, counterparties or wallet exposures. 

 

Users and business users must notify Nortyx promptly if their location, residency, citizenship, business operations, ownership, control, payment arrangements, wallet activity or transaction exposure changes in a way that may affect eligibility to use Nortyx’s services.

14. Relationship With Other Policies

This Policy should be read together with Nortyx’s Terms of Service, AML/KYC Policy, Sanctions Policy, Privacy Policy, Cookie Policy, Risk Disclosure and any other applicable policies or contractual terms. In the event of inconsistency, Nortyx may apply the stricter requirement where necessary to comply with law, sanctions, regulatory expectations, partner requirements or internal risk controls. 

 

Nortyx may collect and process personal data, technical data, location indicators, transaction information, payment information, wallet address information, blockchain analytics information and compliance records to enforce this Policy. Further information about data processing is provided in Nortyx’s Privacy Policy.

15. Updates to This Policy

Legal, regulatory, sanctions, AML/CFT, Travel Rule, blockchain risk, fraud, cybersecurity, partner and operational requirements may change rapidly. Nortyx may update this Policy, its supported jurisdictions, restricted jurisdictions, prohibited jurisdictions, unsupported jurisdictions and geoblocking controls at any time. 

 

Changes may take effect immediately where required by law, sanctions, competent authority expectations, partner requirements, cybersecurity needs or risk-management necessity. Updated versions will be published on the website or otherwise made available through the platform unless immediate confidential action is required for legal, security or compliance reasons.

Annex 1 — Jurisdictional Control Framework

This Annex forms part of the Policy and describes the framework used by Nortyx to classify jurisdictions, persons, entities, wallet addresses, platforms, transaction corridors and activity. The lists below are indicative and must be reviewed regularly against current EU, UN, FATF, Finnish, partner and internal risk sources. 

 

A. Prohibited or Blocked Connections. Nortyx may prohibit or block services involving any of the following connections: 

 

  • persons, entities, organisations, vessels, wallet addresses, crypto-asset service providers or platforms subject to applicable EU, UN or other legally relevant sanctions; 
  • persons or entities owned or controlled by, acting on behalf of, or otherwise connected to sanctioned or restricted persons or entities; 
  • jurisdictions, territories or regions subject to comprehensive or sectoral restrictions that prevent the provision of the relevant service; 
  • North Korea (DPRK), Iran, and other jurisdictions subject to FATF countermeasure calls or equivalent internal prohibition, unless a specific legal exception and internal approval applies;
  • Russia, Belarus, occupied territories of Ukraine including Crimea, Sevastopol, Donetsk, Luhansk and any other territories subject to relevant restrictions, where the service or transaction would be prohibited or outside Nortyx’s risk appetite;
  • transactions involving sanctioned wallet addresses, sanctioned crypto platforms, sanctioned payment channels, sanctions evasion, terrorist financing, proliferation financing or prohibited blockchain exposure.

B. Restricted / Enhanced Review Jurisdictions. Nortyx may apply enhanced due diligence, transaction restrictions or manual approval to jurisdictions identified by the EU as high-risk third countries, by FATF as high-risk or under increased monitoring, by competent authorities or by Nortyx’s internal risk assessment. As of the date of this draft, such sources may include, among others: Afghanistan, Algeria, Angola, Bolivia, British Virgin Islands, Bulgaria, Cameroon, Côte d’Ivoire, Democratic Republic of the Congo, Haiti, Kenya, Kuwait, Lao PDR, Lebanon, Monaco, Myanmar, Namibia, Nepal, Papua New Guinea, Russian Federation, South Sudan, Syria, Trinidad and Tobago, Vanuatu, Venezuela, Vietnam and Yemen. 

 

A jurisdiction appearing in this section does not automatically mean that services are available. Nortyx may treat any such jurisdiction as restricted, unsupported or prohibited depending on the specific user, transaction, payment method, crypto-asset, wallet exposure, sanctions connection and current legal requirements. 

 

C. Unsupported Jurisdictions. Unless otherwise approved by Nortyx, services may be unsupported in jurisdictions outside Finland, the EU or EEA, or in any jurisdiction where Nortyx has not completed a legal, compliance, operational, payment, Travel Rule, wallet screening or partner-support assessment. Nortyx may also treat a jurisdiction as unsupported where local law restricts crypto-asset services, where local licensing may be required, where payment or banking partners do not support the jurisdiction, where sanctions or AML/CFT risk cannot be adequately mitigated, or where required records, verification or transaction monitoring cannot be completed. 

 

D. Case-by-Case Review. Nortyx may conduct case-by-case review where there are mixed indicators, humanitarian considerations, permitted legal exceptions, residency conflicts, dual nationality issues, business-user complexities, historical exposure, source of funds concerns, indirect sanctions links, wallet clustering alerts or inconsistent technical and documentary information. Case-by-case review does not create any obligation to provide services.

18. Changes to This Privacy Notice

Nortyx may update this Privacy Notice from time to time to reflect changes in the services, legal requirements, regulatory expectations, technical systems, compliance controls, business operations or data- processing practices. 

 

The “Last updated” date at the top of this Privacy Notice indicates when it was last revised. Updated versions will be published on the website and will become effective upon publication unless otherwise stated.