1. Our Commitments
MavenPay is a regulated money platform. The trust members place in us — to hold their money, move it, and act on their behalf agentically — requires us to operate above the regulatory floor, not just within it.
Every employee, contractor, board member, and AI agent operating on MavenPay infrastructure agrees to this Code as a condition of access. Violations are grounds for termination of the engagement.
2. Conflicts of Interest
No employee or contractor may transact on a MavenPay account where they hold a personal or familial financial interest in the counterparty, without prior written disclosure to Compliance.
No employee may accept a gift, entertainment, or benefit valued above CAD $200 from a current or prospective MavenPay vendor, partner, or counterparty without prior written approval from Compliance.
Board members, executive officers, and Compliance staff disclose all outside business interests annually. Disclosures are reviewed by the Audit Committee.
3. Anti-Bribery and Anti-Corruption
MavenPay complies with the Canadian Corruption of Foreign Public Officials Act, the US Foreign Corrupt Practices Act, the UK Bribery Act 2010, and equivalent local regulation in every jurisdiction we operate in.
Facilitation payments — payments to expedite a routine government action — are prohibited even where they may be locally tolerated.
MavenPay does not make political contributions on its own behalf in any jurisdiction. Employees may make personal political contributions consistent with local law, on their own time, without representing MavenPay.
4. AML, Sanctions, and Financial Crime
MavenPay is registered with FINTRAC as a Money Services Business (#C1000000640) and as a Payment Service Provider with the Bank of Canada under the Retail Payments Activities Act. We comply with FATF Recommendations including Recommendation 19 (enhanced due diligence on high-risk jurisdictions), the EU AMLD6, the US BSA, and the UK MLRs.
We do not knowingly transact with persons on the OFAC SDN list, the EU Consolidated List, the UK OFSI Consolidated List, or the UN Security Council Consolidated Sanctions List, or in the four sanctioned jurisdictions (Cuba, Iran, North Korea, Syria).
Suspicious Transaction Reports (STRs) and Threshold Transaction Reports are filed with FINTRAC and counterpart regulators per the regulatory floor; the floor is not the ceiling.
Employees who identify suspected financial-crime activity are protected from retaliation regardless of whether the underlying suspicion is ultimately confirmed.
5. Fair Treatment of Customers
MavenPay does not offer differential pricing, account access, or service quality based on protected characteristics (race, gender, age, religion, sexual orientation, gender identity, disability, national origin) except where required by law to validate identity.
KYC and onboarding decisions are made on documented, jurisdiction-agnostic criteria. Denial of service is auditable; members receive a documented reason consistent with regulatory non-tipping-off requirements.
Account termination, balance freeze, or transaction reversal decisions require a documented compliance basis and supervisor approval. Members receive notice and an appeals path consistent with regulatory non-tipping-off limits.
Members may file complaints under the Bank of Canada PSP Complaints Framework — see /compliance/regulatory for the canonical complaints contact path.
6. AI Agent Integrity
MavenPay operates AI agents under documented policy. Every agent that can authorize a money-moving action is cryptographically identified, passes documented policy enforcement, and is gated by an authorization layer before execution.
Agents do not act on member funds outside the scope of authorization the member has granted. Authorization scopes are time-bounded and revocable from the member-facing account portal.
Agents do not collect, retain, or share member data outside the scope necessary to fulfill the authorized intent. Data minimization is enforced at the policy layer.
Hallucination-class errors that affect a member transaction are escalated to human approval before settlement. Members are notified of the agent decision and the human override path.
7. Data Protection
Member data is processed per the Privacy Policy at /compliance/privacy. We comply with PIPEDA, GDPR, UK GDPR, LGPD, CCPA / CPRA, and equivalent regional regulation.
Member PII is tokenized at the application data plane (Postgres, Snowflake, OpenSearch, Kafka) per our locked tokenization architecture. Cleartext PII does not leave the regulated processing zone.
Right-to-erasure requests are processed within 30 calendar days where regulatory retention does not override (e.g. AML record retention).
8. Whistleblower Protections
Employees, contractors, agents, and members may report suspected violations of this Code without fear of retaliation. Reports may be made to ethics@mavenpay.com, the Chief Compliance Officer directly, or via an external reporting channel — to be designated upon staff growth — once shipped.
Anonymous reporting will be supported via a designated external channel as the company scales; the current scale supports direct-to-Compliance reporting only.
Retaliation against a good-faith reporter is itself a violation of this Code and grounds for termination.
9. Governance and Updates
This Code is owned by the Chief Compliance Officer and reviewed annually by the Audit Committee.
Updates are published at this URL with an updated Effective Date. Material changes are notified to members per the notice provisions of the Terms of Service.
Effective from 2026-06-05. Next review: 2027-06-05.
Contact: ethics@mavenpay.com or compliance@mavenpay.com.
