← Back to all policies

Code of Conduct and Ethics

Walleexer s.r.o.
Last Updated: July 2025

Table of Contents

  1. Purpose and Scope
  2. Core Values
  3. Compliance with Laws and Regulations
  4. Anti-Money Laundering & Counter-Terrorist Financing (AML/CFT)
  5. Anti-Bribery and Corruption
  6. Non-Custodial Responsibility & Client Funds
  7. Data Protection & Privacy
  8. Information Security
  9. Conflicts of Interest
  10. Insider Trading & Market Abuse
  11. Fair Dealing & Transparency
  12. Gifts, Entertainment & Hospitality
  13. Workplace Conduct & Culture
  14. Diversity, Equity & Inclusion
  15. Reporting Misconduct & Whistleblowing
  16. Disciplinary Actions
  17. Governance & Oversight
  18. Training & Certification
  19. Acknowledgment of Receipt

1. Purpose and Scope

Walleexer s.r.o. is dedicated to building trust and integrity in the virtual asset ecosystem by providing fully non-custodial payment services. This Code:

  • Applies to: All employees, officers, directors, contractors, interns, and third-party partners acting on behalf of Walleexer ("Personnel").
  • Covers: Professional conduct, legal compliance, ethical decision-making, and safeguarding company reputation.
  • Objective: Ensure consistent behavior aligned with Walleexer's mission while meeting MiCA, Czech, and EU regulatory requirements.

2. Core Values

Integrity

  • Act honestly in all interactions with clients, regulators, and colleagues.
  • Uphold commitments, even when challenging.

Client Empowerment

  • Promote user autonomy by facilitating non-custodial solutions.
  • Provide clear guidance on self-custody responsibilities.

Compliance & Accountability

  • Meet or exceed all applicable legal standards.
  • Embrace responsibility for actions and decisions.

Security & Privacy

  • Maintain rigorous technical and organizational measures.
  • Protect client data as a fundamental right.

Innovation with Ethics

  • Encourage creative solutions within ethical boundaries.
  • Conduct thorough risk assessments before deploying new technology.

3. Compliance with Laws and Regulations

  • Regulatory Framework: MiCA, Czech AML/CFT Act, GDPR, Czech Personal Data Protection Act, EU Market Abuse Regulation (MAR), and other relevant statutes.
  • Required Actions:
    • Monitor legal developments and integrate changes into policies.
    • Consult the Legal department before entering new markets or launching services.
    • Document compliance decisions and maintain audit-ready records.

4. Anti-Money Laundering & Counter-Terrorist Financing (AML/CFT)

Risk-Based Approach

  • Classify clients by risk categories (low, medium, high).
  • Apply Enhanced Due Diligence (EDD) for high-risk individuals and entities.

KYC / CDD Procedures

  • Verify client identity using reliable documents.
  • Screen clients against sanctions and watchlists.

Transaction Monitoring

  • Implement automated systems to flag unusual volume, frequency, or patterns.
  • Escalate suspicious activities to the Compliance Officer within 24 hours.

Reporting & Recordkeeping

  • File Suspicious Activity Reports (SARs) as required by Czech and EU law.
  • Retain client and transaction records for a minimum of five years.

5. Anti-Bribery and Corruption

  • Prohibition: No Personnel may offer, solicit, or accept bribes or facilitation payments.
  • Due Diligence: Vet third-party agents, vendors, and partners for corruption risk.
  • Reporting: Immediately report any requests for improper payments to Compliance.
  • Record Integrity: Ensure bookkeeping accurately reflects all transactions.

6. Non-Custodial Responsibility & Client Funds

  • Service Model: Walleexer provides smart-contract interfaces; clients retain exclusive control of private keys.
  • Client Education: Supply clear documentation, tutorials, and risk disclaimers on key management.
  • Incident Response:
    • IT must log and triage vulnerabilities within 2 hours of discovery.
    • Notify affected clients and regulators in accordance with MiCA disclosure timelines.

7. Data Protection & Privacy

  • Lawful Processing: Collect personal data only with explicit purpose and consent.
  • Data Minimization: Retain only the minimum data necessary for service delivery.
  • Security Controls: Encrypt data at rest and in transit; enforce role-based access.
  • Rights Management: Facilitate client rights requests (access, rectification, deletion) within 30 days.
  • Breach Notification: Report personal data breaches to the Czech Data Protection Authority within 72 hours.

8. Information Security

Access Management:

  • Enforce strong, unique passwords changed every 90 days.
  • Require multi-factor authentication (MFA) for all sensitive systems.

Secure Development:

  • Integrate security reviews into the SDLC.
  • Conduct quarterly penetration tests.

Incident Management:

  • Follow the documented Incident Response Plan.
  • Communicate status updates to all stakeholders.

9. Conflicts of Interest

  • Disclosure: Declare any personal relationships or financial interests that may influence business decisions.
  • Approval: Obtain written clearance from Legal before engaging in relevant outside activities.
  • Ongoing Review: Update conflict disclosures annually or upon change.

10. Insider Trading & Market Abuse

  • Information Barriers: Restrict sensitive information to authorized personnel.
  • Trading Guidelines: Personnel in possession of material non-public information must defer trading for at least 48 hours after public release.
  • Monitoring: Compliance reviews trading patterns of key employees quarterly.

11. Fair Dealing & Transparency

  • Marketing: All promotional materials must be reviewed by Marketing and Compliance for accuracy.
  • Client Communication: Provide clear fee disclosures, transaction timelines, and risk factors.
  • Complaint Handling: Acknowledge complaints within 48 hours; resolve within 30 days.

12. Gifts, Entertainment & Hospitality

  • Acceptable Threshold: Gifts or hospitality under €50 are permissible if infrequent and disclosed.
  • Approval Process: Any gift or entertainment above the threshold requires pre-approval by Compliance.
  • Recordkeeping: Log all gifts and hospitality in the Gifts Register monthly.

13. Workplace Conduct & Culture

  • Respect & Inclusion: Treat all colleagues and clients with dignity.
  • Anti-Harassment: Zero tolerance for bullying, harassment, or discrimination.
  • Professionalism: Maintain courteous communication, both in-person and online.

14. Diversity, Equity & Inclusion

  • Recruitment: Implement unbiased hiring processes; strive for diverse candidate slates.
  • Training: Provide annual DE&I workshops and unconscious bias training.
  • Metrics: Track workforce diversity and report progress to the Board annually.

15. Reporting Misconduct & Whistleblowing

  • Channels: Use secure, anonymous reporting tools managed by the AML/Compliance department.
  • Protection: Guarantee non-retaliation and confidentiality for whistleblowers.
  • Follow-Up: Compliance must acknowledge receipt within 2 business days and conclude investigation within 30 days.

16. Disciplinary Actions

  • Proportional Response: Consequences range from written warnings to termination, depending on severity.
  • Due Process: Investigations are conducted impartially, with opportunity for response.
  • Escalation: Serious violations (fraud, corruption) will be reported to authorities as required.

17. Governance & Oversight

  • Board Responsibilities: The Board of Directors annually reviews the Code and oversees implementation.
  • Compliance Committee: Chaired by the Chief Compliance Officer; meets quarterly to assess risk and controls.
  • External Audit: Engage third-party auditors for biennial compliance reviews.

18. Training & Certification

  • Mandatory Programs: All Personnel must complete annual training on AML/CFT, GDPR, and security awareness.
  • Specialized Training: Roles in IT, AML/Compliance, and Legal require additional certification (e.g., CISSP, CAMS).
  • Recordkeeping: Training completion tracked in the HR LMS; compliance rates reported monthly.