Anti-Money Laundering Policy (AML)

4. GENERAL COMPLIANCE

‍4.1 Compliance Officer
The Company has designated and appointed Joe Wallin to be the Compliance Officer and responsible for implementing, enforcing, supervising, and monitoring the AML Program and the Company's compliance with it. This includes, but is not limited to, identity verification, compliance monitoring, reviewing and updating this policy, risk assessment, and communication with law enforcement to the extent such is necessary for the Company's compliance with applicable law. This individual is, and any future replacement will be, a member of the senior management of the Company and has knowledge of, and familiarity with, the operation of the Company's business and applicable laws and regulations. The designated Compliance Officer has the responsibility and authority to conduct internal audits of the Company's procedures and controls to ensure compliance with this policy.

4.2 Registration as a Money Services Business
The owner or controller of each money services business ("MSB"), including "money transmitters" is required to register the MSB with FinCEN. STORE has evaluated its business model against FinCEN's regulations and guidance, considering factors such as the scope of money transmission activities and the risk profile of the business. Based on this evaluation, it is STORE's position that it does not currently qualify as an MSB. However, STORE commits to ongoing monitoring of FinCEN guidance and regulatory developments that may impact its MSB status. If STORE experiences a change in ownership, control, or business model that alters the MSB qualification analysis, STORE will promptly re-evaluate its status and register as an MSB if required. Such new registrations shall occur within 180 days following the change in ownership/control or business model.

4.3 Know Your Customer Guidelines
This AML Program provides KYC guidelines that list the key components that need to be understood to form a reasonable belief that STORE knows the identity of a person who establishes a relationship with STORE as an investor through the purchase of the rights to tokens issued. STORE's KYC guidelines are designed to:
-Determine and document the identity of investors by requesting and reviewing personal and background information
-Obtain and document any additional information and assess fraud and money laundering risks posed by the investor's expected use of STORE's tokens
-Protect STORE from the risks associated with doing business with investors whose identities cannot be determined.

4.3.1 Identification
STORE shall gather information during the initial sign-up process sufficient to support its KYC guidelines. Such information will be provided on the STORE website or obtained by STORE personnel in follow-up telephone or email communication. If the identity of the investor cannot be confirmed or does not provide appropriate information that meets the risk assessment for STORE, STORE will not countersign the Subscription Agreement to enter into a binding contract nor receive from such persons.

STORE's risk assessment methodology involves assigning risk scores to various customer and transaction attributes, such as customer location, transaction volume, and source of funds. These risk scores are weighted based on their importance in determining overall money laundering risk. The weighted risk scores are aggregated to produce an overall risk rating for each customer, which determines the level of due diligence and monitoring applied.

STORE's customer due diligence (CDD) procedures include collecting and verifying customer identification information, understanding the purpose and intended nature of the business relationship, and conducting enhanced due diligence for higher-risk customers. Identity verification methods may include documentary verification (e.g., government-issued ID) and non-documentary verification (e.g., electronic database checks). Higher-risk customers, such as politically exposed persons (PEPs), are subject to more extensive CDD measures, such as obtaining additional information on source of wealth and enhanced transaction monitoring.

For entity investors, STORE's identity verification procedures require that the Company is provided with, or otherwise collects, reliable, independent source documents, data, or information including:
-Complete name and legal address of the entity or entities
-Organizational documents of the entity or entities
-Persons that own more than 10% of the entity
    o Name  
     o Address  
     o DOB  
     o Identification number (License/passport copy)    
     o Sample signature
-Profiles, backgrounds, and experience of key managers and persons with signatory authority, including running a "bad press" search
-Information regarding Politically Exposed Persons.

STORE assesses each party and each set of circumstances individually and evaluates and assesses the risk that each potential transaction or relationship poses within the context of the Company AML Program and all applicable laws and regulations. The Company provides each party with notice that they are requiring this information to verify their identities and reserves the right to request additional information or alternative forms of information as the circumstances require and as deemed necessary or advisable by the designated Compliance Officer.

In the event that a party either refuses to provide the information or appears to have intentionally provided misleading or false information, the Company does not do business with the said party in any form, and the Company's designated Compliance Officer is notified to assess the situation and determine the Company's obligations for notifying applicable law enforcement agencies.

4.3.2 Diligence
Based on the risk presented by each transaction, and to the extent reasonable and practicable, STORE performs due diligence to verify and confirm the information that has been provided or collected to ensure that it knows the true identity of each party by using risk-based procedures to verify and document the accuracy of the information obtained. The Company considers the nature and purpose of the relationship for the purpose of developing a risk profile.

STORE personnel review information provided by prospective new investors for indicators of invalidity, such as suspicious names, misspelled words, non-standard capitalization, non-corporate email addresses, and non-use of accounting software. The investigation of prospective new investors can include reviewing the investor's website, calling the investor to verify the telephone number, asking the investor to provide confirming documentation (such as a bank account statement or articles of incorporation), etc.  

STORE uses a third-party service provider to perform an automated check of investors' names against the U.S. Department of Treasury's list of Specially Designated Nationals ("SDNs"). STORE operations personnel will resolve any suspected "hits" prior to accepting any transfer of funds for investment. If STORE personnel cannot resolve a suspected "hit," they will notify the Compliance Officer. Additionally, STORE will not send payments to or from embargoed countries, as identified by the Office of Foreign Assets Control ("OFAC").

STORE retains identifying information for prospective investors that are denied service due to suspicious or fraudulent activity. STORE personnel review information provided by prospective new investors and investigate those that contain the same identifying information as investors who have been denied service in the past.

To the extent deemed necessary, the Company reserves the right to perform additional diligence and require additional information to verify the identity of any party. In the event that the Company is unable to verify the information obtained and discovers suspicious information that indicates possible illegal or suspicious activity, it will follow procedures as described in "Monitoring and Reporting Suspicious Activities" below.

4.3.3 Monitoring
STORE regularly checks the information obtained under this policy against recognized "black lists" (e.g., OFAC) and assesses ongoing or new risks to the Company for both new and existing business relationships. With regard to this policy, the Company monitors all transactions and it reserves the right to (i) ensure that transactions of suspicious nature are reported to the proper law enforcement agency through the designated Compliance Officer, (ii) require any additional information and documents in the case of any suspicious parties or transactions, and (iii) suspend or terminate any existing relationship with any party when the Company has reasonable suspicion that such party has or is engaged in illegal activity. These steps are not an exhaustive list and may be updated and expanded at the discretion of the Company. The Compliance Officer, at regular intervals, arranges for audits of compliance with this policy and includes the results of such audits in reports to the Board of Directors.

STORE's transaction monitoring parameters include thresholds for identifying unusually large or frequent transactions, relative to the customer's risk profile. Transactions flagged based on these parameters are subject to additional review to determine if a suspicious activity report (SAR) should be filed. The specific thresholds and parameters are regularly reviewed and updated based on the Company's risk assessment.

If the Compliance Officer determines that a SAR should be filed, they will prepare and file the SAR in accordance with FinCEN's instructions, ensuring that all required information is included. The SAR will be filed within 30 days of the initial detection of the suspicious activity, unless no subject was identified, in which case the SAR will be filed within 60 days. The Compliance Officer will maintain records of all SARs filed and the underlying analysis and documentation.

The Company monitors transaction activity for unusual size, volume, pattern, or types of transactions, taking into account risk factors and red flags that are appropriate to its business. The risk profile serves as a baseline for assessing potentially suspicious activity and the designated Compliance Officer or their designee is responsible for this monitoring and documenting any suspicious activity detected.  

STORE is not a registered MSB. Therefore, STORE is not required to report suspicious activities with FinCEN via Form SAR-MSB. Nonetheless, it is the responsibility of all STORE employees to promptly advise the Compliance Officer of any suspicious activity that may warrant reporting with FinCEN. The Compliance Officer shall report a suspicious transaction to FinCEN if the transaction involves or aggregates funds or other assets of at least $2,500 and STORE knows, suspects, or has reason to suspect that the transaction (or a pattern of transactions of which the transaction is a part):
-Involves funds derived from illegal activity or is intended or conducted in order to hide or disguise funds or assets derived from illegal activity (including, without limitation, the ownership, nature, source, location, or control of such funds or assets) as part of a plan to violate or evade any federal law or regulation or to avoid any transaction reporting requirement under federal law or regulation
-Is designed, whether through structuring or other means, to evade any requirements of the BSA;
-Or involves the use of STORE to facilitate criminal activity.

The Compliance Officer shall report suspicious transactions that may relate to terrorist activity by calling FinCEN's Financial Institutions Hotline at 1–866–556–3974.  

4.3.4 Monitoring
STORE recognizes the importance of protecting investor privacy while meeting regulatory KYC requirements. When third-party service providers are used for identity verification:
-All service providers are contractually bound to maintain strict data security standards and use encryption for data storage and transmission
-Data sharing is limited to the minimum necessary for regulatory compliance and identity verification purposes
-Investors are clearly informed about:
       -What personal data is collected
       -Which third parties may process their data
       -The specific regulatory purposes for data collection
       -Data retention periods
       -Their rights regarding their personal data

4.4 Reports and Record-keeping
STORE creates an audit trail for activities in a STORE account that includes email registration, the transmission of contracts to prospective investors, and the signing and counter-signing of a Subscription Agreement. The audit trail records the activity, date, and time. The audit trail is accessible by approved STORE personnel.

All AML records, including customer identification information, due diligence records, transaction monitoring logs, and SARs, will be maintained in a secure electronic format, accessible only by authorized personnel. Records will be maintained for at least five years from the date of the transaction or the end of the customer relationship, whichever is later.

STORE shall maintain the following documents for at least 12-months unless applicable law specifies a longer period:
-All data entered in the STORE website by a customer upon sign-up (except for data entered as part of a password necessary for investors to create accounts)
-The identity verification procedure, including all identifying information provided or obtained in the procedure, the methods used and results of verification, and the resolution of any discrepancies identified in the verification process
-Reports made to another financial institution concerning suspicious activities relating to possible money laundering or other criminal conduct, together with supporting documentation
-Reports made to another financial institution and records concerning transactions blocked or rejected due to OFAC rules and regulations
-Records of anti-money laundering training materials, including the dates, participants, and documents used during the training sessions; and• Any other documents required to be retained under applicable anti-money laundering laws.  

4.5 Internal AML/KYC Procedures
STORE expects that its employees will comply with applicable AML laws and with this AML Program. STORE also expects its employees to conduct themselves by the highest ethical standards.  

STORE employees are prohibited from providing advice or other assistance to individuals who attempt either to violate or avoid AML laws or this AML Program. Such assistance may include, but is not limited to, overriding customer identification procedures or suggesting inappropriate uses of the STORE protocol.

STORE employees that notice suspicious activities but fail or neglect to make further inquiries, may be considered to have knowledge of such activity. STORE employees who suspect money laundering or other illicit activities must refer the matter to the Compliance Officer.

Non-compliance with the AML Program by employees will result in disciplinary action, up to and including termination of employment, as detailed in STORE's Employee Handbook and Code of Conduct. Employees will be required to certify their understanding of and compliance with the AML Program on an annual basis.

Failure to adhere to this AML Program may subject STORE employees to disciplinary action up to and including termination of employment. Violations of anti-money laundering laws may also subject STORE employees and STORE to fines, forfeiture of assets, and other serious punishment, including imprisonment.

Employees must promptly report any potential violations of this AML Program to the Compliance Officer, unless the violations implicate the Compliance Officer, in which case the employee must report to the Chief Executive Officer. Such reports will be confidential, and the employee will suffer no retaliation for making them.

4.6 Training
The Compliance Officer will provide comprehensive AML compliance training to all employees on an annual basis, with additional targeted training for employees in AML-sensitive roles such as customer onboarding and transaction monitoring. The training will cover topics including money laundering risks and red flags, customer due diligence procedures, transaction monitoring, SAR filing, and regulatory developments. Training completion will be tracked and documented.

The Compliance Officer will determine the frequency of training and which personnel must be trained based on their roles and job functions in relation to the AML Program and will maintain records of all training materials used.

4.7 Audit
The independent audit will be conducted on an annual basis and will cover all key aspects of the AML Program, including customer due diligence, transaction monitoring, SAR filing, record keeping, and training. The auditor will issue a written report detailing their findings and recommendations, which will be presented to the Board of Directors and senior management. Any deficiencies noted will be promptly addressed and remediated.

STORE will test this AML Program. The test may be performed by an external auditor or by a STORE employee who (1) is not the Compliance Officer, (2) does not report to the Compliance Officer, (3) does not perform the AML functions being tested, and (4) does not report to any such person. The person who performs the test will report material findings to STORE's Board of Directors. STORE will keep a record of deficiencies, recommendations, and how they are resolved.

4.8 Non-Compliance
Failure to ensure compliance with this policy may lead to the following consequences for the Company:
-Criminal or civil liabilities for the Company
-Serious reputational damage
-The unenforceability of agreements entered into, and finances entering the company as proceeds from laundered money.

Failure to ensure compliance with this policy may lead to the following consequences for employees:
-Personal criminal liability
-Disciplinary action initiated by the Company, including dismissal
-Personal reputational damage.