Log in
Log in

Anti-Money Laundering (AML) Policy

Documents

Choose a document from the list below.

AML Policy

Policy on Anti-Money Laundering, Counter-Terrorist Financing, and Sanctions Compliance

Last updated on Jul 1, 2025

1. General provisions

This Policy on Anti-Money Laundering, Counter-Terrorism Financing, and Sanctions Compliance (“Policy”) sets forth the internal procedures, obligations, and control mechanisms adopted by Sheepy LLC, a company incorporated under the laws of Georgia with company number 400417697 and its registered office at Tbilisi, Gldani District, Omar Khizanishvili Street, N 264, within the Free Industrial Zone of Tbilisi Technology Park. Sheepy operates under the trade name “Sheepy” (“Sheepy” or “Company”) and provides virtual currency payment processing and related services (“Services”).

This Policy is designed to ensure that Sheepy’s operations are not used, intentionally or unintentionally, for the purposes of money laundering, the financing of terrorism, or the circumvention of international sanctions. Sheepy is fully compliant with the Law of Georgia on Facilitating the Prevention of Money Laundering and the Financing of Terrorism (“AML/CFT Law of Georgia”), and it implements a risk-based framework aligned with international standards, including Directive (EU) 2018/843 (AMLD5), and the recommendations of the Financial Action Task Force (FATF).

This Policy is formally approved by Sheepy’s Director and implemented under the oversight of the appointed Money Laundering Reporting Officer (MLRO), who is responsible for ensuring that the Company’s anti-money laundering and counter-terrorist financing (AML/CFT) obligations are fulfilled. The Policy is reviewed periodically and updated in response to changes in legal requirements, supervisory expectations, internal risk assessments, or the operational structure of Sheepy.

2. Risk-based approach and due diligence

Sheepy applies a risk-based approach to customer due diligence and ongoing monitoring in accordance with the AML/CFT Laws of Georgia and International Sanctions. This approach enables Sheepy to tailor the nature and intensity of due diligence measures to the specific money laundering,terrorist financing and sanctions risks posed by each Merchant, their counterparties, and associated transactional behavior. The Company has established its risk appetite in consideration of its capacity for risk-taking and prevailing market practices. The approach to onboarding Merchants is informed by a range of risk factors and risk-based restrictions, which may encompass the jurisdictions of the Merchants and their associated parties, the nature of the business activities conducted, and the Merchants' onboarding behavior, among other relevant considerations.

The international scope of Sheepy's operations exposes it to sanctions imposed by various governmental authorities, including those of the EU, the USA, and the UN, among others. Virtual currencies inherently carry risks primarily associated with sanctions evasion. The Company adopts a risk-based approach that prioritizes compliance with relevant International Sanctions, even in instances where local laws and regulations may be less stringent. Consequently, Sheepy reserves the right, under certain circumstances, to apply specific sanctions beyond the immediate local jurisdiction, thereby implementing them on a global basis.

Before establishing a business relationship or executing any transaction for a Merchant, Sheepy must identify and verify the legal entity and its structure. This includes verifying the incorporation details/documents, control structure, and identities of directors, authorized representatives, and Ultimate Beneficial Owners.

The Company does not establish Business Relationships with anonymous, unidentified legal entities and their representatives. The Company relies on AML/CFT Law provisions for non-face-to-face identification of persons and verification of data using information technology means.

In order to grant access to the Account, the Company requests the following information, including, but not limited to: (1) legal name; (2) organisational and legal form; (3) address of registration and actual business address; (4) ownership/corporate structure; (5) registration number.

The following documents, issued by a competent authority or body within the last 3 months, may be used for Merchant identification: (1) registry card from the relevant register; or (2) registration/incorporation certificate from the relevant register; or (3) any document equivalent to the aforementioned documents or other relevant documents establishing the Merchant.

The information shall be presented in originals or certified copies. Where necessary, Sheepy requests further evidence regarding regulatory status, source of funds, operational jurisdictions, or the intended purpose of the Business Relationship, in line with Articles 6 and 10 of the AML/CFT Law of Georgia.

Merchants are onboarded through an integrated KYB platform powered by Sumsub, which automates document checks, biometric and liveness detection, proof of address verification, device and IP analysis, and video identification where required. For legal entities, incorporation records, control structures, and beneficial ownership are verified against official registries and reliable third-party databases. The Company shall also identify and verify the nature and scope of the right of representation. The name, date of issue and issuer of the document (for example, power of attorney, agent agreement, etc.) that serves as the basis for the right of representation must be recorded and retained, except when the right of representation is verified using information from a relevant register (such as the commercial register, register of non-profit associations and foundations, or the relevant register of a foreign country).

Once KYB is completed, all relevant individuals associated with the entity (including directors, shareholders, and Ultimate Beneficial Owners) must undergo KYC procedures.

KYC procedures include document authentication, identity verification, facial recognition, sanctions screening, politically exposed person (PEP) screening, adverse media checks, determination of location, use of VPN, and device switching. Sheepy uses a combination of automated screening and manual compliance review to identify discrepancies and apply enhanced due diligence when warranted.

Enhanced due diligence is mandatory under Article 13 of the AML/CFT Law of Georgia in specific circumstances, such as when a client or associated party is identified as a PEP, or when the client is located in a high-risk jurisdiction, uses non-transparent structures, or engages in business activities with elevated financial crime exposure. In such cases, Sheepy obtains senior management approval to establish or maintain the relationship, conducts verification of the source of funds and source of wealth, and applies heightened monitoring measures throughout the relationship lifecycle.

Sheepy rejects Business Relationships with shell banks, anonymous or fictitious entities, and clients whose business activities cannot be verified. Relationships are also denied where documents submitted are found to be falsified, materially misleading, or incomplete. No access to the Services is granted until all onboarding checks have been fully completed, reviewed, and approved in accordance with Sheepy’s internal procedures and the AML/CFT Law of Georgia.

Ongoing due diligence is conducted at regular intervals and is risk-based. Sheepy continuously reviews and updates client information to ensure continued accuracy. Triggers for re-verification include transactional anomalies, changes in ownership or control, updated sanctions designations, or risk reclassifications based on internal monitoring.

AML/CFT policies and controls are consistently applied across all Sheepy group entities, agents, and white-label partners. Third-party vendors who support onboarding or verification activities are contractually bound to uphold equivalent standards. These agreements include enforceable clauses covering data protection, audit access, confidentiality, and service delivery. Sheepy remains fully accountable for AML/CFT compliance, even when functions are delegated to third parties.

All third-party providers are subject to performance reviews, and their tools and methodologies are evaluated for reliability, accuracy, and alignment with applicable laws. Vendors failing to meet legal or contractual obligations are subject to remediation or termination.

3. Enhanced due diligence

Enhanced due diligence measures must be taken in cases where the risk level of the Merchant is greater than normal. The Representative shall establish the Merchant’s risk profile and determine the risk category in accordance with the Policy. The risk category may be altered during the course of the Business Relationship, taking into consideration the changes in data gathered.

The Representative, who upon entering into a Business Relationship with a new Merchant, detects that there is at least one of the following high-risk characteristics present with respect to the Merchant, shall consult with and report to the MLRO, and shall take the due diligence measures set out in the Rules. The Representative shall apply enhanced due diligence measures in the following situations: (1) the Merchant is suspected in forgery and or submission of falsified documents; (2) the Merchant is located in a third country, which is included in the list of high-risk countries; (3) the Merchant or it’s Beneficial Owner/representative is suspected to be under the control of a third party; (4) the Merchant’s Beneficial Owner/representative is suspected to use services of intermediaries that make it difficult to identify such Beneficial Owner; (5) the Merchant or its Beneficial Owner/representative is suspected to be subject to International Sanctions (6) the wallet that the Merchant used for a transaction with the Company has been reported by SumSub KYT as a suspicious wallet during the ongoing monitoring; (7) in case of the unusual transaction (a complex, unusually large transaction or unusual patterns of transactions, which have no apparent economic (commercial) or lawful purpose); (8) other cases when the MLRO has a suspicion over the Merchant or his transactions.

Enhanced due diligence measures shall include one of the following measures in addition to normal due diligence measures: (1) obtaining additional information regarding the proof of sources of funds; (2) request of additional information and commentaries as regards publicly available derogatory information; (3) request of the bank statement; (4) asking to complete a written questionnaire; (5) reassessment of a risk profile of a Merchant not later than 6 months after the establishment of the Business Relationship.

After taking enhanced due diligence measures, the Manager shall decide whether to establish or continue the Business Relationship with the Merchant with respect to whom enhanced due diligence measures were taken.

In addition to the application of enhanced due diligence measures, the Company examines the background of an individual transaction to the extent reasonably necessary, including recording the details of the transaction and analysing the circumstances that have arisen, in order to identify the most common features of the most common transactions. The main factors to consider when analysing such transactions are: (1) whether there are any suspicious circumstances in the operations, transactions or other circumstances; (2) whether the Company is satisfied that it knows the Merchant to the required extent and whether the Merchant's activities correspond to previously known information about it or whether it is necessary to collect additional information about it and use reasonable and sufficient measures to understand the background and purpose of the transaction; (3) whether there have been repeated manifestations of suspicious operations and transactions (incl. in relation to similar situations or circumstances); (4) whether it is necessary to pay more attention to the Merchant's activities and Business Relationship in general in the future, including details; (5) whether it is necessary to comply with the obligation to notify the FCIS.

4. Ultimate beneficial owners

Sheepy identifies and verifies the Ultimate Beneficial Owners (UBOs) of all Merchants in accordance with Article 6 of AML/CFT Law of Georgia. This includes identifying all natural persons who ultimately own or control a legal entity, directly or indirectly, through ownership rights, voting power, control arrangements, or other means. Beneficial ownership is determined based on transparent thresholds and includes ownership of at least twenty-five percent (25%) of shares or voting rights, or control through other means such as influence over management or contractual arrangements.

The Beneficial Owner of a Merchant is identified through the following stages, with the Company proceeding to each subsequent stage if the Beneficial Owner cannot be determined in the previous one: (1) determine if there is a natural person or persons who actually ultimately control the Merchant or exercise influence or control over it in any manner, regardless of the size or directness of the shares, voting rights, or ownership rights; (2) identify if there is a natural person or persons who own or control the Merchant through direct or indirect shareholding, taking into account family and contractual connections; (3) identify the natural person in senior management who must be defined as the Beneficial Owner if the previous two stages do not yield a clear identification of the Beneficial Owner.

If the documents used for identifying the Merchant or other submitted documents do not directly indicate the Beneficial Owner, the relevant data will be recorded based on the statement/documents provided by the Merchant's representative.

The Company shall take reasonable measures to verify the accuracy of the information established through such statements or documents. This may include making inquiries in relevant registers and requiring the submission of the Merchant's annual report or other pertinent documents. If there are doubts about the accuracy or completeness of the information, the Company will verify the information from publicly available sources and, if necessary, request additional information from the Merchant.

Sheepy collects beneficial ownership information as part of its standard onboarding procedures and verifies the accuracy of such data using independent and reliable sources, including official company registries, corporate documentation, third-party databases, and declarations made by the client. All Beneficial Owners are subject to individual KYC screening, including identity verification, sanctions and PEP screening, and adverse media checks.

If Sheepy identifies any discrepancy between the beneficial ownership information submitted by a Merchant and the data registered in the relevant commercial/business registers, Sheepy is obligated to report the discrepancy to the relevant authority without delay. The MLRO is responsible for documenting and submitting such discrepancy reports and for monitoring the resolution of any resulting actions or clarifications.

Sheepy does not establish or continue Business Relationships with the Merchants that fail to disclose complete, accurate, and verifiable beneficial ownership information. Merchants are required to promptly notify Sheepy of any changes to their beneficial ownership structure, and Sheepy performs periodic reviews to confirm that existing records remain current and complete. Any concealment, misrepresentation, or obstruction related to beneficial ownership constitutes a material breach of this Policy and may result in immediate account suspension or termination.

5. Transaction monitoring

When executing virtual currency exchange or payment transactions, Sheepy collects and retains all necessary identifying information related to the transaction and its participants. This includes the unique transaction identifier, the virtual currency address involved in the transaction, and, where applicable, the identifier of the payment account or virtual currency wallet used. Sheepy is obligated to store information that enables the virtual currency address to be linked to the identity of the virtual currency owner, in accordance with its obligations under the AML/CFT Law of Georgia and applicable technical guidance.

Sheepy implements continuous, risk-based monitoring of all client activity to detect suspicious behavior, abuse, or indicators of money laundering and terrorism financing. Monitoring applies to both the initial stages of onboarding and the entire lifecycle of the business relationship. The monitoring process involves reviewing transactional patterns, counterparties, frequency, value, geographical exposure, behavioral inconsistencies, and deviations from the expected activity profile of each Merchant. Sheepy establishes client risk profiles at onboarding and regularly updates them based on real-time behavior, adverse findings, and trigger events.

If at any time Sheepy becomes aware that a Merchant has provided false, incomplete, or misleading information (including deliberate concealment of beneficial ownership, use of nominee directors, or misrepresentation of jurisdictional exposure) the Company may take immediate enforcement action. This includes freezing associated wallets, suspending access to Services, terminating the Business Relationship, and submitting a Suspicious Transaction or Activity Report (SAR) to the Financial Monitoring Service of Georgia or other relevant authorities.

6. Recordkeeping

Sheepy securely stores all onboarding and transaction-related data for a minimum of five (5) years following the termination of the business relationship, or longer where required by law or regulatory obligation. This includes identity documentation, KYB and KYC files, beneficial ownership data, source of funds declarations, corporate records, risk assessments, screening logs, internal communications, transaction histories, audit trails, and regulatory filings. Personal data is collected and processed in accordance with the Law of Georgia on Personal Data Protection, the General Data Protection Regulation (GDPR), and Sheepy’s Privacy Policy. All records are stored in encrypted digital formats with access strictly limited to authorized personnel and are subject to robust access controls and audit logging to preserve confidentiality and integrity.

In compliance with Article 17 of the AML/CFT Law of Georgia, all customer due diligence records and transaction data are retained for at least five (5) years. Records of executed transactions are preserved for five (5) years from the date of execution. Records generated through monitoring, screening, or internal AML/CFT analysis, including Suspicious Activity Reports (SARs), associated internal reviews, and any correspondence with the Financial Monitoring Service of Georgia or law enforcement agencies, are retained for a minimum of five (5) years from the date of filing.

7. Suspicious activity reporting and regulatory compliance

Sheepy ensures the timely identification, internal escalation, and regulatory reporting of any activity that may reasonably be suspected of involving money laundering, terrorism financing, or sanctions evasion. Where such suspicion arises (whether during onboarding, transaction execution, monitoring, or periodic review) an internal alert is submitted immediately to the Money Laundering Reporting Officer (MLRO) for further assessment.

Sheepy maintains strict confidentiality over all SAR-related processes. Merchants are not notified of the filing of a SAR, nor are any third parties unless explicitly authorized by law. Any unauthorized disclosure of a SAR, its contents, or the fact of its submission is strictly prohibited and may constitute a criminal offence under Georgian law. All internal reports, compliance reviews, and correspondence with the FMS are classified and accessible only to authorized personnel involved in AML/CFT compliance.

Where the FMS requests additional information, clarifications, or documentation in relation to a filed SAR, Sheepy cooperates promptly and without obstruction. All documentation related to internal suspicions, SARs, MLRO assessments, and regulatory communications is securely retained for a period of at least five (5) years from the date of filing or from the last communication with the FMS, whichever is later.

8. International sanctions

Sheepy maintains a comprehensive and risk-based sanctions compliance program in accordance with the AML/CFT Law of Georgia, relevant restrictive measures and sanction regimes. The program is designed to prevent Sheepy’s Services from being used, directly or indirectly, by persons or entities that are the subject of economic or financial sanctions.

Sheepy conducts real-time screening of all Merchants, their directors, ultimate beneficial owners, and authorized representatives against relevant sanctions lists, including but not limited to those maintained by the United Nations Security Council, the European Union, the United Kingdom (HM Treasury), the United States (OFAC), and the National Sanctions List of Georgia. Sanctions screening is embedded into the onboarding workflow and is repeated during the lifecycle of the business relationship through automated re-screening mechanisms and manual reviews.

Where a match is deemed inconclusive, Sheepy may request additional documentation or clarifications from the Merchant to verify whether the match is a false positive. Merchants must fully cooperate with all such information requests and provide supporting documentation in a timely manner. Failure to respond or attempts to mislead, delay, or obstruct verification constitute a material breach of this Policy and may result in termination of the relationship without prior notice.

Sheepy strictly prohibits any attempt to evade sanctions controls, including the use of VPNs, falsified geographic information, incorrect merchant categorization, or concealed beneficial ownership to bypass geographic or entity-based restrictions. Any such conduct will result in immediate suspension and may trigger regulatory reporting and legal consequences.

Sheepy re-screens all existing Merchants, including their directors, beneficial owners, and authorized users, against updated sanctions lists and politically exposed person (PEP) databases at intervals not exceeding ninety (90) calendar days. The re-screening process is automated where possible, with results independently reviewed by the compliance team. In the event of a new match or change in sanctions designation, the MLRO conducts an immediate review and determines whether continued provision of Services is permissible. Where applicable, Sheepy reports the match to the relevant authority and applies any mandatory restrictions without delay.

Sheepy retains full records of all sanctions screening activities, escalations, regulatory communications, and enforcement decisions for a minimum of five (5) years, in accordance with applicable recordkeeping obligations. Access to such data is strictly limited to authorized compliance personnel and is protected by encryption and secure storage systems.

Sheepy reserves the right to terminate any relationship that presents an unacceptable sanctions risk, irrespective of whether a formal designation has been imposed, where the structure, behavior, or geographic exposure of a Merchant suggests elevated risk that cannot be mitigated.

9. Jurisdictional restrictions

Sheepy does not provide access to its Services to any natural or legal person that is resident, incorporated, established, or otherwise operating in jurisdictions designated as high-risk, non-cooperative, or subject to comprehensive international sanctions. This restriction reflects Sheepy’s commitment to compliance with the AML/CFT Law of Georgia, relevant international obligations adopted by Georgia, and the risk-based guidance issued by the Financial Action Task Force (FATF).

Jurisdictional restrictions are applied during both the onboarding process and the course of the business relationship through automated IP screening, document verification, and jurisdictional monitoring tools. Sheepy uses multiple independent data sources to assess the jurisdictional footprint of its Merchants, including geolocation data, supporting business documentation, and KYC/KYB information. If a Merchant or associated party is determined to be linked to a prohibited jurisdiction, Sheepy will decline onboarding or immediately suspend access to its Services without further notice.

Merchants are strictly prohibited from circumventing jurisdictional restrictions through the use of virtual private networks (VPNs), proxy servers, misrepresentation of country of registration or residence, or nominee arrangements designed to conceal geographic risk. Any such attempts constitute a material breach of this Policy and may result in immediate account suspension, fund freezing, and notification to the relevant authorities. Sheepy reserves the right to request additional documentation or conduct enhanced due diligence where there is uncertainty or inconsistency in the geographic disclosures made by a Merchant.

As of the effective date of this Policy, Sheepy does not provide Services to entities from, or associated with, the countries and regions listed in Annex 2.

The list of prohibited jurisdictions is maintained and reviewed in accordance with official publications issued by the Financial Monitoring Service of Georgia, the United Nations, the European Union, the United States (OFAC), and the Financial Action Task Force, including its designations of High-Risk Jurisdictions subject to a Call for Action and jurisdictions under Increased Monitoring. This list may be updated at any time without prior notice based on legal obligations, enforcement developments, or internal risk assessments.

Merchants are responsible for monitoring their own compliance with Sheepy’s jurisdictional restrictions and must promptly notify Sheepy if their place of business, incorporation, or registration changes in a manner that may trigger a geographic restriction. Failure to disclose relevant jurisdictional ties or attempts to operate from a restricted region may result in permanent termination of Services and potential legal liability.

Sheepy reserves the right to block or deny access to its infrastructure from any IP address, domain, or entity associated with a restricted jurisdiction or known sanctions evasion techniques.

10. Prohibited activities

Sheepy enforces a strict policy prohibiting the use of its Services, Website, API, or any component of its infrastructure for any activity that is illegal, deceptive, abusive, fraudulent, or otherwise incompatible with legal and regulatory obligations. All Merchants and their affiliates must conduct themselves in a manner that supports the integrity of financial systems and upholds the principles of transparency, accountability, and lawfulness.

Sheepy does not support any business model, use case, or activity that creates unacceptable risk under applicable anti-money laundering, counter-terrorism financing, or sanctions legislation. Any attempt to use Sheepy’s Services to facilitate the movement of illicit funds, conceal the identity of transacting parties, or circumvent regulatory controls is considered a material breach of this Policy.

Merchants are required to ensure that their business operations, underlying activities, and client engagement do not involve or support prohibited conduct as determined by Sheepy’s internal risk framework and applicable laws. Activities that expose Sheepy to heightened regulatory scrutiny, reputational harm, enforcement action, or financial crime risk are not tolerated.

Sheepy reserves the right to assess the permissibility of any activity or business model at its sole discretion. Where activity is deemed prohibited, Sheepy may take immediate enforcement actions, including transaction blocking, account suspension, service termination, or referral to law enforcement or regulatory authorities.

A detailed, non-exhaustive list of prohibited business activities and models is set out in Annex 1 of this Policy.

11. Enforcement and liability

Sheepy’s Director, Money Laundering Reporting Officer (MLRO), and other authorized Representatives are jointly responsible for overseeing the effective implementation and ongoing enforcement of this Anti-Money Laundering and Counter-Terrorism Financing Policy. All breaches or suspected breaches of this Policy, whether internal or by a Merchant, are treated with the highest priority and escalated for immediate assessment by the MLRO or designated compliance personnel.

12. Contact and Governance

All questions, concerns, or reports relating to this Anti-Money Laundering and Counter-Terrorism Financing Policy should be directed to Sheepy’s Money Laundering Reporting Officer (MLRO) or Sheepy’s compliance team at [email protected]. Sheepy encourages prompt internal reporting of any suspected violations, operational irregularities, or uncertainties concerning AML/CFT obligations and provides secure and confidential channels for such communication.

Annex 1: Prohibited business activities

  1. Engaging in money laundering, terrorism financing, or evasion of international sanctions.
  2. Using coin tumblers, mixers, or privacy-focused virtual currencies (e.g., Monero, shielded Zcash) to obscure fund flows.
  3. Operating unregistered or unlicensed money service businesses, financial institutions, or virtual currency service providers.
  4. Conducting transactions involving or benefiting sanctioned individuals, entities, or jurisdictions designated by international sanctions authorities (e.g., UN, EU, OFAC).
  5. Accessing services from, or routing transactions through, restricted jurisdictions, including the use of VPNs or proxies to mask location.
  6. Participating in Ponzi, pyramid, or multi-level marketing schemes, high-yield investment programs, or similar financial frauds.
  7. Engaging in market manipulation activities, including spoofing, wash trading, or pump-and-dump schemes.
  8. Impersonating others, submitting false or stolen KYC documents, or gaining unauthorized access to Sheepy systems.
  9. Conducting unlicensed securities offerings, investment advisory services, or token sales (e.g., ICOs, IEOs, IDOs).
  10. Providing unauthorized financial services, such as lending, escrow, insurance, or brokerage.
  11. Selling or distributing illicit drugs, drug-like substances, chemical precursors, or any substances used in their production, including methods or instructions for synthesis.
  12. Operating marketplaces, including those on the dark web, that facilitate any prohibited activity.
  13. Running unlicensed gambling, betting, lotteries, or games of chance.
  14. Offering unlawful or exploitative adult content, including prohibited escort or companionship services.
  15. Distributing malware, ransomware, spyware, or any other form of malicious software.
  16. Committing phishing, denial-of-service attacks, credential stuffing, or other forms of cybercrime.
  17. Engaging in unauthorized scraping, data harvesting, or reverse engineering of Sheepy’s infrastructure.
  18. Misrepresenting partnership, affiliation, or endorsement by Sheepy.
  19. Creating multiple accounts to bypass restrictions or to abuse referral or fee structures.
  20. Abusing the service operationally, including generating excessive chargebacks or transactional disputes.
  21. Selling or offering weapons, ammunition, defense products, or replicas of firearms or cold steel weapons.
  22. Selling drugs, drug-like substances, plants and ingredients used for drug production, or guides for producing such substances.
  23. Distributing medical drugs and medications dispensed only via prescription, or raw materials and instructions for their production.
  24. Trading in state awards or distinguishing badges.
  25. Possessing, producing, or distributing identification documents and government-issued documents (including falsified versions), or anything related to producing or obtaining counterfeit documents.
  26. Selling or distributing government agency uniforms or specialty items related to police or law enforcement.
  27. Using or selling electronic equipment that is prohibited in the relevant jurisdiction.
  28. Selling or distributing devices used for hacking or tampering with locks.
  29. Sharing information containing personal data or data that can facilitate illegal activity, such as spam lists.
  30. Disseminating state, banking, or trade secrets.
  31. Sharing information that violates privacy or damages the honor, dignity, or business reputation of individuals or legal entities.
  32. Transmitting information solely in virtual form with no material carrier (e.g., ideas, methods, or principles).
  33. Trading in archaeological heritage items.
  34. Offering or promoting items or services that violate public morality, including child pornography, Nazi memorabilia, escort services, or prostitution.
  35. Selling or using any equipment for organizing or conducting gambling.
  36. Trading in items from which serial numbers have been removed.
  37. Distributing malicious software or code.
  38. Promoting or offering goods or services that incite illegal activity, discrimination, violence, harassment, or propaganda of terror or self-harm.
  39. Selling perishable goods where unsafe or logistically non-compliant.
  40. Selling fake or counterfeit goods.
  41. Selling or distributing tools or software used to remove copyright protection or regional restrictions, or any components that facilitate the unauthorized use of protected works.
  42. Trading in dangerous goods, including those with explosive, toxic, poisonous, or radioactive properties.
  43. Sharing information about the production of explosive, pyrotechnic, incendiary, or similar substances and devices.
  44. Selling human organs or human remains.
  45. Offering goods or services that have no identifiable value in use.
  46. Using financial or payment instruments that lack systems for identifying the owner for anti-money laundering and anti-fraud purposes.
  47. Selling or trading in items of artistic or historical value that are part of a nation’s cultural heritage.
  48. Operating a cash-intensive business.
  49. Providing services to military entities.

Annex 2: Prohibited countries and territories

  1. Afghanistan
  2. Algeria
  3. Angola
  4. Belarus
  5. Bolivia
  6. Burkina Faso
  7. Cameroon
  8. Central African Republic
  9. China
  10. Crimea and Sevastopol
  11. Côte d’Ivoire
  12. Democratic Republic of the Congo
  13. Donetsk People’s Republic (DNR)
  14. Eritrea
  15. Haiti
  16. Iran
  17. Iraq
  18. Lebanon
  19. Libya
  20. Luhansk People’s Republic (LNR)
  21. Mali
  22. Myanmar/Burma
  23. Mozambique
  24. Namibia
  25. Nepal
  26. Nigeria
  27. North Korea
  28. Russia
  29. Somalia
  30. South Sudan
  31. Sudan (excluding Darfur)
  32. Syria
  33. Tanzania
  34. Venezuela
  35. Vietnam
  36. Yemen
  37. Zaporizhzhia and Kherson oblasti of Ukraine

Connect with our expert team

ifxsigma

Ready to get started?

Create your account in minutes, start accepting crypto payments, and unlock the future of crypto transactions today. For a custom package tailored to your needs, the Sheepy team is here to help.
Get startedContact sales
icon hours

Individual support round-the-clock

Experience personalized support with Sheepy. Our dedicated team is available 24/7 via chat and email to assist you at every step.
Contact us
icon copy

Start integrating right away

Get sandbox access in just 10 minutes. Our easy-to-follow API reference ensures swift and simple integration.
Explore developers page

Company

About us

Become a partner

Products

Developers

Support

Resources

Sitemap

Brand assets

Legal

Restricted activities

Restricted countries

Licenses

© 2025 Sheepy LLC. All rights reserved. Use of this website is governed by Terms of Use and Privacy Policy, and is subject to applicable laws. The content presented on this site is for general informational purposes only and does not constitute legal, financial, tax, or other professional advice. It is not intended to be relied upon in any regulatory, compliance, or contractual context. All figures, statistics, and related data regarding clients, merchants, products, transactions, or platform activity are aggregated, illustrative, and non-binding. Omar Khizanishvili Street, 264 Tbilisi, Georgia.