Noviuz
Noviuz
  • Platform
  • Governance
  • Partners
  • Company
PT Contact us
  • Platform
  • Governance
  • Partners
  • Company
  • Português
  • Contact us
Room 09 // Compliance

Compliance & Eligibility.

Noviuz Compliance and Eligibility Framework — Version 2.0

Version 2.0 • July 2026

Clear Language Summary

The Noviuz Platform was conceived to allow structures, relations, authorities, documents, decisions, and processes to be organized with greater clarity, traceability, and accountability.

These principles also guide the approach to compliance in the Noviuz Ecosystem.

The Platform can be used in relationships involving different:

  • Users;
  • Organizations;
  • Operators;
  • Relevant Providers;
  • Partners;
  • Service Providers.

Each participant is responsible for the obligations related to the activities they actually control, decide, or execute.

Therefore, there is not necessarily a single, universal compliance process applicable to every relationship or to every participant in the Noviuz Ecosystem.

Depending on the service, relationship, risk, jurisdiction, and applicable obligations, the responsible participant may perform verifications, request information, establish eligibility criteria, apply additional controls, or restrict activities within the scope under their control.

This Framework describes the public principles that guide this architecture.


1. OBJECT AND SCOPE

1.1. Purpose

This Compliance and Eligibility Framework, referred to as “Framework”, describes the general principles related to:

  • lawful use of the Platform;
  • eligibility;
  • integrity of relationships;
  • risk-based approach;
  • identification and representation;
  • understanding of structures and relevant participants;
  • prevention of fraud and abuse;
  • applicable sanctions and restrictions;
  • cooperation between participants;
  • review of relationships when necessary.

1.2. Contextual application

The applicable compliance measures depend on the concrete activity.

Different participants may have different:

  • responsibilities;
  • legal obligations;
  • risk policies;
  • eligibility criteria;
  • procedures;
  • monitoring duties;
  • documentary requirements.

Responsibility for a specific control must be assigned to the participant who actually:

  • controls the relationship;
  • provides the service;
  • makes the relevant decision;
  • executes the activity;
  • holds the corresponding legal obligation.

1.3. Relevant Provider

When a specific Interface, feature, or service is under the responsibility of a Relevant Provider, they may apply controls and criteria within the scope they actually control.

The use of the Platform or participation in the Noviuz Ecosystem does not automatically transfer regulatory obligations from one participant to another.

1.4. Public nature

This Framework presents general principles.

It does not disclose confidential internal controls, including:

  • detection rules;
  • risk parameters;
  • thresholds;
  • scoring models;
  • monitoring scenarios;
  • internal lists;
  • investigation procedures;
  • security controls.

Preserving the confidentiality of these elements helps protect the effectiveness of the applicable controls.

2. RESPONSIBILITY MODEL

2.1. Responsibility by function

Each participant is responsible for the activities they actually control, decide, or execute, considering:

  • the nature of the relationship;
  • the service provided;
  • the applicable contracts;
  • the incident legislation;
  • their own obligations.

2.2. Absence of universal compliance

Approval, verification, or acceptance carried out by one participant does not mean automatic approval by another.

Each Relevant Provider, Operator, Partner, or Service Provider may apply:

  • their own legal obligations;
  • their own risk criteria;
  • their own eligibility requirements;
  • their own documentary requirements;
  • their own service limitations.

2.3. Infrastructure and regulated activity

The existence of technical integration, registration, authentication, data organization, or operational support through the Platform does not mean, by itself, that the participant responsible for the technology is also responsible for the underlying regulated activity.

Responsibility must reflect the actual activity.

2.4. Cooperation

Participants involved in the same relationship may cooperate, when necessary and legally permitted, to:

  • verify information;
  • investigate inconsistencies;
  • respond to incidents;
  • prevent fraud;
  • comply with applicable obligations;
  • protect the integrity of the relationship.

3. FUNDAMENTAL PRINCIPLES

3.1. Legality

The Platform and related services must not be used for illegal activity or to facilitate the deliberate violation of mandatorily applicable obligations.

3.2. Proportionality

Controls must be proportional:

  • to the activity;
  • to the service;
  • to the relationship profile;
  • to the identified risks;
  • to the applicable obligations.

Not every relationship requires the same level of diligence.

3.3. Functional transparency

When necessary for the relationship or service, it must be possible to adequately understand:

  • who participates;
  • who represents whom;
  • who controls;
  • who decides;
  • who can instruct;
  • who can execute;
  • who possesses a relevant economic benefit.

Legitimate complexity should not be automatically confused with opacity or irregularity.

3.4. Legitimate origin

The Platform and related services must not be knowingly used to organize, facilitate, or support assets, resources, or activities of illegal origin.

When necessary for the service, risk, or applicable obligations, the responsible participant may request additional information or evidence.

3.5. Understandable purpose

When relevant to the context, the purpose of a Structure, relationship, or operation must be sufficiently understandable to the participant responsible for the respective analysis.

3.6. Distributed responsibility

Compliance is a functionally distributed responsibility.

Users, Organizations, Operators, Relevant Providers, Partners, and Service Providers must comply with the obligations corresponding to the activities they actually perform.

3.7. Responsible privacy

Diligence does not mean indiscriminate exposure of information.

Data must be processed and shared:

  • for a legitimate purpose;
  • to the extent necessary;
  • with appropriate participants;
  • under appropriate controls;
  • in accordance with the Privacy Policy and applicable obligations.

4. RISK-BASED APPROACH

4.1. General principle

When applicable, eligibility and risk assessments may consider the concrete characteristics of the relationship.

The objective is to allow the intensity of controls to be proportional to the risks and obligations of the responsible participant.

4.2. Relevant factors

Depending on the context, factors related to the following may be considered:

People

  • activity;
  • occupation;
  • role;
  • representation;
  • relevant history;
  • political exposure;
  • materially relevant public information.

Organizations and Structures

  • activity;
  • ownership;
  • control;
  • relevant beneficiaries;
  • jurisdictions involved;
  • complexity;
  • purpose;
  • economic and operational coherence.

Service or relationship

  • nature;
  • volume;
  • assets involved;
  • complexity;
  • speed;
  • possibility of movement or transfer;
  • dependence on third parties.

Geography

  • residence;
  • incorporation;
  • operation;
  • source or destination of funds;
  • existence of relevant restrictions;
  • availability and reliability of information.

Channel

  • direct relationship;
  • intermediated relationship;
  • remote onboarding;
  • partner involved;
  • documentary availability.

4.3. Proportional measures

The analysis may result, within the scope of responsibility of the relevant participant, in:

  • simplified process, when permitted;
  • ordinary diligence;
  • additional diligence;
  • enhanced review;
  • request for complementary information;
  • limitation of features;
  • additional monitoring;
  • refusal;
  • suspension;
  • termination of the relationship.

5. IDENTIFICATION, AUTHORITY, AND TRANSPARENCY

5.1. Identity

When necessary, sufficient information may be requested to identify a person or organization and understand their relationship with the relevant activity.

5.2. Organizations

Depending on the context, information related to the following may be requested:

  • incorporation;
  • registration;
  • activity;
  • administrators;
  • representatives;
  • signatories;
  • ownership;
  • control;
  • relevant beneficiaries.

5.3. Representation

Proof may be requested that a specific person is authorized to:

  • represent;
  • instruct;
  • access;
  • approve;
  • sign;
  • execute;
  • act on behalf of another person or Organization.

The existence of a technical permission on the Platform does not replace the legal authority required for the underlying act.

5.4. Ownership, control, and benefit

When relevant to the relationship or required by the responsible participant, information necessary to understand the following may be requested:

  • ownership;
  • control;
  • authority;
  • economic benefit;
  • relationship between participants.

The criteria and extent of the analysis depend on:

  • the Structure;
  • the service;
  • the jurisdiction;
  • the risk;
  • the applicable obligations.

5.5. Complexity

Complex structures are not automatically inappropriate.

When necessary, clarification may be requested on elements such as:

  • multiple layers;
  • different jurisdictions;
  • intermediation;
  • specific powers;
  • separation between formal ownership, control, and economic benefit.

6. ADDITIONAL DILIGENCE

6.1. Complementary information

Depending on the relationship, service, risk, and applicable obligations, the responsible participant may request additional information related to:

  • economic activity;
  • purpose of the relationship;
  • wealth context;
  • source of funds;
  • source of wealth;
  • nature of the operation;
  • coherence between declared activity and observed activity;
  • other materially relevant elements.

6.2. Proportionality

The nature and extent of the documentation requested must consider:

  • materiality;
  • risk;
  • reasonable availability;
  • nature of the information;
  • jurisdiction;
  • elapsed time;
  • purpose of the verification.

It is not assumed that all participants or relationships must present identical documentation.

6.3. Update

Information may be requested again when there is, for example:

  • expiration of documents;
  • material change;
  • change of control;
  • change of activity;
  • relevant inconsistency;
  • change of risk;
  • requirement of the service;
  • applicable legal obligation.

7. SANCTIONS, RESTRICTIONS, AND RISK FACTORS

7.1. Sanctions and restrictions

When relevant to the context, people, organizations, beneficiaries, or other related parties may be checked against sanctions lists, restrictions, or other sources applicable to the relationship.

The criteria depend on:

  • the jurisdiction;
  • the legal obligation;
  • the service;
  • the Service Provider;
  • the risk policy of the responsible participant.

7.2. Potential matches

The initial identification of a possible match does not mean, by itself, that the person or organization is actually subject to the identified restriction.

The following may be necessary:

  • review;
  • validation;
  • additional information;
  • investigation.

7.3. Politically exposed persons

The identification of a politically exposed person or a relevant relationship with a PEP does not automatically imply refusal.

When applicable, it may result in:

  • additional diligence;
  • additional approval;
  • additional understanding of the source of funds or wealth;
  • proportional monitoring.

7.4. Relevant public information

Legitimate and materially relevant public information may be considered in assessments related to:

  • fraud;
  • corruption;
  • sanctions;
  • financial crimes;
  • other relevant illicit risks.

Isolated, unverified, or irrelevant mentions should not, by themselves, automatically determine a conclusion.

8. REVIEW, ELIGIBILITY, AND MEASURES

8.1. Dynamic nature

Eligibility and risk may be reviewed when there is a material change in circumstances.

8.2. Relevant events

A review may occur due to:

  • change of ownership or control;
  • new relevant beneficiary;
  • material change of activity;
  • change of jurisdiction;
  • new material risk information;
  • significant inconsistency;
  • legal requirement;
  • requirement of the service or the Service Provider.

8.3. Decisions within scope of control

The participant responsible for a specific relationship, Interface, feature, or service may, within the scope they control:

  • request information;
  • condition access;
  • limit features;
  • temporarily suspend;
  • refuse;
  • terminate the relationship.

These measures may be adopted when there is, for example:

  • insufficient information;
  • unresolved inconsistencies;
  • unmitigatable risk;
  • reasonable suspicion of fraud;
  • applicable sanction or restriction;
  • legal obligation;
  • contractual requirement;
  • inability to adequately understand the relationship.

When permitted and appropriate, clarifications may be requested before a final decision.

9. PROHIBITED ACTIVITIES, COOPERATION, AND AUTHORITIES

9.1. Illicit use

The Platform must not be used for illicit activity, including fraud, money laundering, terrorist financing, corruption, illegal evasion of sanctions, or other serious forms of illicit conduct.

The Acceptable Use rules of the Terms of Use also apply.

9.2. Necessary sharing

Information may be shared, when necessary and legally permitted, with participants legitimately involved in:

  • verification;
  • service provision;
  • investigation;
  • fraud prevention;
  • security;
  • risk management;
  • obligation compliance.

Sharing must observe the Privacy Policy and applicable instruments.

9.3. Independence of decisions

Approval, verification, or determination of eligibility carried out by one participant does not automatically bind another participant.

Each responsible party may apply their own:

  • legal obligations;
  • risk policies;
  • verifications;
  • eligibility criteria;
  • service requirements.

9.4. Communications and mandatory measures

When a participant is legally obliged or authorized to:

  • report;
  • communicate;
  • preserve information;
  • restrict activity;
  • block assets;
  • provide data to a competent authority;

they must act in accordance with the legislation applicable to their activity and the relevant relationship.

Nothing in this Framework requires communication to a person when such communication is prohibited by applicable law.

10. RESPONSIBILITIES OF USERS AND ORGANIZATIONS

Users and Organizations must:

  • provide true and materially complete information;
  • not provide false or altered documents;
  • not deliberately conceal material information legitimately requested;
  • report relevant changes when applicable to the relationship;
  • respect legitimately imposed restrictions;
  • cooperate with reasonable verifications;
  • use the Platform and related services only for lawful purposes;
  • respect the limits of their authority.

The obligation to cooperate does not require providing information that cannot be legitimately requested or processed.

11. CHANGES AND CONTACT

11.1. Updates

This Framework may be updated to reflect:

  • evolution of the Platform;
  • new services;
  • operational changes;
  • new risks;
  • evolution of compliance standards;
  • relevant legal changes.

Each version will be identified by a version number or identifier and effective date.

11.2. Compliance

Institutional questions related to this Framework:

compliance@noviuz.com

11.3. Legal questions

legal@noviuz.com

11.4. Privacy

privacy@noviuz.com

11.5. Sensitive communications

When there is a specific channel for reports, incidents, or sensitive communications, it will be indicated on the Platform, website, or applicable relationship.

When a specific question is related to a specific Relevant Provider, Operator, or Service Provider, the person may be directed to the responsible participant.

Back to home
Room 09 // Contact

Questions about compliance?

Our compliance team is at your disposal for institutional clarifications.

Institutional Contact
Noviuz
Wealth sovereignty.
By design.

Infrastructure to structure, govern, and preserve wealth on a global scale.

Noviuz exists to transform wealth rights into architectures of control, continuity, and freedom.

NVI / INSTITUTIONAL CLOSE
Noviuz
  • Platform
  • Governance
  • Partners
  • Company
  • Contact
Legal
  • Privacy
  • Terms of use
  • Compliance
  • Legal notices

Noviuz acts as a governance, custody, and operations infrastructure for qualified partners. Legal, tax, financial, or regulatory structuring depends on individual analysis and qualified professionals.

© 2026 Noviuz. All rights reserved.