AITHEA implements robust KYC procedures to verify the identity and legitimacy of all clients and business partners. These procedures include:

• Verification of identity and legal form
• Beneficial ownership checks
• Business registration and licensure verification
• Geographic risk assessment

We may request and securely store supporting documents to meet regulatory obligations and maintain high standards of integrity.

AITHEA GmbH strictly adheres to applicable sanctions laws and regulations, including those enforced by the European Union, the United Nations, the UK Office of Financial Sanctions Implementation (OFSI), and the U.S. Office of Foreign Assets Control (OFAC).

We do not engage in business, directly or indirectly, with individuals, entities, or countries that are subject to comprehensive economic sanctions. Prior to engaging with any client or vendor, AITHEA conducts due diligence to ensure that no sanctioned party is involved.

AITHEA screens clients and key stakeholders against PEP databases as part of our enhanced due diligence process. Where a client is identified as a PEP, additional risk-based controls are applied, including:

• Senior management approval
• Source of wealth and funds verification
• Ongoing monitoring

AITHEA reserves the right to decline or terminate relationships deemed to present unmanageable risk.

AITHEA maintains a zero-tolerance policy for money laundering and terrorist financing. We implement the following safeguards:

• Risk-based client onboarding and monitoring
• Suspicious activity detection and escalation procedures
• Staff training on AML red flags and obligations
• Record-keeping in line with applicable retention laws

Suspicious transactions may be reported to the appropriate authorities.

AITHEA is committed to conducting business with honesty and integrity and does not tolerate bribery or corruption in any form. We prohibit:

• Offering, giving, or accepting bribes or kickbacks

• Facilitating payments, whether to public or private individuals

• Use of third parties to circumvent anti-bribery rules

All staff, contractors, and partners must comply with this policy and report any actual or suspected misconduct.

AITHEA’s products and services, including AI-powered tools and learning content, may be subject to export control regulations under EU and national laws.

We:

1. Assess the export classification of our solutions
2. Restrict access or licensing in jurisdictions subject to embargoes or export restrictions
3. Require clients to comply with all applicable export control laws when using our services

Use of AITHEA's products or solutions for prohibited end uses or in restricted territories is strictly forbidden.

⚖️ Core Principles

1. Transparency & Explainability

AITHEA supports the deployment of AI systems that are understandable by compliance professionals. We advocate for clear documentation of AI models, decision logic, and limitations, especially in high-stakes compliance use cases like sanctions screening or transaction monitoring.

2. Human Oversight

AI does not replace compliance officers. We promote “human-in-the-loop” governance, ensuring that final decisions—particularly those affecting regulatory reporting or customer risk—remain with qualified human experts.

3. Fairness & Bias Mitigation

We help clients assess AI solutions for potential biases (e.g., demographic, geographic, or behavioral) and encourage ongoing testing to prevent discriminatory or skewed outcomes.

4. Privacy & Data Protection

All AI systems used or recommended by AITHEA must comply with GDPR and applicable data protection regulations. We discourage the use of unstructured, unconsented personal data in model training or inference.

5. Accountability & Risk Management

AITHEA integrates AI risk management into project planning and solution selection, including due diligence on third-party vendors. We align with evolving AI regulations, such as the EU AI Act and ISO/IEC 42001 standards.

6. Ethical Use Cases Only

We do not support AI technologies used for unethical purposes, including surveillance without legal basis, discriminatory profiling, or circumvention of legal obligations.