November 2023

Stripe is a global technology company with dual headquarters in San Francisco and Dublin as well as operations in multiple jurisdictions. Stripe and its subsidiaries are fully committed to the highest standards of financial crimes compliance. To comply with Stripe’s regulatory, financial partner, and legal obligations, manage any financial crimes risks associated with its business, and to align Stripe’s risk assessment results with Stripe’s risk appetite, Stripe maintains risk-based controls, conducts periodic testing of these controls, and manages a robust training program, all of which are overseen globally by Stripe’s Global Head of Compliance. Stripe appreciates that failure to comply with relevant laws and regulations can expose the company to civil and criminal liability, reputational damage, limitation on business and other serious consequences.

Our Financial Crimes Program

Stripe’s Financial Crimes program is designed to protect Stripe, our users and the broader financial ecosystem from being exploited by criminals and other nefarious actors. Stripe is closely supervised by regulators, who expect Stripe to maintain robust controls that are commensurate with the level of our risk exposure. Stripe seeks to deter and detect financial crime, but recognizes that such risk is inherent in its business activities and operations in certain products, customer verticals and geographies.

Stripe’s Global AML Policy, Global Sanctions Policy, Global Trade Controls Policy, as well as country-specific policies set out the minimum standards and requirements for Anti-Money Laundering (AML), Countering the Financing of Terrorism (CFT), sanctions and export controls compliance that apply to:

• Stripe Inc, including all of its wholly-owned subsidiaries
• Stripe’s products and services
• All Stripe employees, management, and the Board

Stripe must comply with applicable AML, CFT, sanctions and export controls laws and regulations in every jurisdiction in which Stripe operates. Where local regulatory requirements differ from Stripe’s global policies, the stricter requirements must be followed. Given Stripe’s global presence, in addition to the United States laws and regulations, the laws of the following jurisdictions may apply: the European Union, Canada, the United Kingdom, Australia, New Zealand, and others. Stripe is also committed to complying with the UN sanctions at all times.

To stay compliant with applicable laws, Stripe maintains a suite of procedures and controls that are applied both at the user level and at the transaction level.

• Stripe conducts ongoing screening of its users against sanctions lists administered by the UN, US, EU, UK, Canada, and other applicable jurisdictions. Stripe has also implemented controls reasonably designed to identify users with dealings or other nexus to comprehensively sanctioned jurisdictions and to prevent transactions involving sanctioned financial institutions or comprehensively sanctioned jurisdictions.
• Stripe maintains robust Know Your Customer (KYC) standards and procedures, including Customer Due Diligence designed to identify and verify users and, where applicable, beneficial owners. Stripe also conducts ongoing transaction monitoring of user activity and maintains systems for identifying and reporting suspicious activity to appropriate regulatory authorities.

How Our Financial Crimes Program Impacts You

Our Financial Crimes compliance program sets strict standards of compliance with laws and regulations applicable to Stripe. Given Stripe’s dual headquarters in the US and Ireland as well as extensive presence in other jurisdictions, Stripe may not be able to support certain business dealings involving particular individuals, entities, or jurisdictions even if that activity is not locally prohibited.

Given the above, note that the use of Stripe's products and services for any dealings, engagement, or sale of goods and services linked directly or indirectly to the following is prohibited:

• Jurisdictions Stripe has deemed high risk, such as Cuba, Iran, North Korea, Syria, and the Crimea, Donetsk, and Luhansk Regions;
• Persons Stripe has deemed high risk, such as those individuals or entities named to a restricted person or party list of the United States, United Kingdom, European Union, Canada or United Nations, including the sanctions lists maintained by the U.S. Office of Foreign Assets Control or the Denied Persons List or Entity List maintained by the U.S. Department of Commerce.

Additionally, it is prohibited to use Stripe's products and services to directly or indirectly export, reexport, sell, or supply accounting, trust and corporate formation, management consulting services, architecture services or engineering services to any person located in Russia. Further, it is prohibited to use Stripe’s products and services for any dealings, direct or indirect, in goods prohibited by law (e.g. luxury goods) involving Russia or Belarus.

The list of restrictions above is not exhaustive and Stripe has procedures in place to stay abreast of the latest changes to applicable laws and regulations and comply with them. Stripe may change the prohibitions outlined above without providing any prior notice to users.

Even if applicable laws and regulations do not impose specific prohibitions, Stripe may nevertheless decide not to provide services or facilitate business dealings where such activities are considered high risk and fall outside of Stripe’s risk appetite.