Bálkar Miðlun ehf, here after ISX, operates in accordance with the Act on Measures Against Money Laundering and Terrorist Financing, as subsequently amended. ISX is required to perform due diligence on customers, upon the establishment of a business relationship, as part of regular control and/or for individual transactions. To perform due diligence, ISX calls for, among other details, personal information about a customer, including name, Id. No., legal domicile, job title/position, telephone number, email address, place of birth and nationality, in addition to financial information. Legal entities shall provide information about name, Reg. No., legal address, legal form, board of directors, executive board and person authorised to sign, as well as information about the beneficial owners of the legal entity and persons authorised to oblige the entity. ISX also gathers information about the origin of the funds customers intend to use in transactions with ISX, whether transactions are undertaken on behalf of a third party and information about the nature and purpose of the intended business relationship and/or transaction.

As part of due diligence, the customer shall provide proof of identity by showing valid identification issued or attested by a competent authority, e.g. a passport, driver's licence, Icelandic identity card or valid electronic ID. For underage customers, who do not have own personal identification, legal guardians can show their ID. If a business relationship is established on behalf of a legal entity, trust fund or comparable party, all board members, managing directors, authorised signatories and beneficial owners must verify their identity by showing valid identification. The same applies to all owners in a residents' association when property holdings in multi-family dwellings number six or less. Legal entities prove their identity by providing a certificate from the Enterprise Register of the Directorate of Internal Revenue (Fyrirtækjaskrá ríkisskattstjóra) or equivalent registry as proof of their registration. An assessment shall be made on a case-by-case basis whether to request a copy of a company's Articles of Association and/or audited annual financial statements.

ISX uses risk-based monitoring of contractual relationships with customers and gathers updates to information as and when necessary, at any time during a business relationship. Under certain circumstances and in addition to the above, ISX is required to apply enhanced due diligence in certain sensitive cases. In such cases, ISX reserves the right to request additional information, including personal data, about the customer to carry out enhanced due diligence. If ISX suspects that the funds the customer intends to funnel into ISX’s systems are earnings from illegal activity and/or linked to terrorist financing, ISX reserves every right to halt requested transactions without any notice. If ISX has legitimate grounds or reason to suspect certain transactions of being suspicious with regard to money laundering and/or terrorist financing, ISX is obliged to report the transaction to the relevant law enforcement authorities and provide all necessary information in connection with the case. Customers are obligated to inform ISX of any changes to the details submitted to ISX in relation due diligence.