CEX.IO

• Act as the designated MLRO for the Spanish MiCA‑authorised entity, with full accountability for AML/CFT/PF compliance. • Serve as the primary point of contact with Spanish competent authorities (including AML and prudential supervisors) on all compliance & financial crime matters. • Ensure compliance with MiCAR AML‑related obligations applicable to CASPs, including governance, risk management, and internal control expectations and MiCAR reporting. • Prepare and submit all required AML‑related regulatory filings, suspicious activity reports, and periodic reports in accordance with Spanish law and SEPBLAC guidance. • Prepare and present the annual AML/CTF/PF report to the Board of Directors, including risk assessments, control effectiveness, incidents, and remediation plans. • Monitor regulatory developments under MiCAR, ESMA, and EBA’s guidance, AMLA guidance, and Spanish AML updates, ensuring timely implementation. • Advise senior management and the Board on Compliance & AML/CFT/PF risks, regulatory developments, and supervisory expectations. • Design, implement, and maintain a robust AML/CFT/PF framework. • Develop and maintain the enterprise‑wide and Spain‑specific AML/CFT/PF risk assessment, ensuring alignment with risk‑based requirements. • Ensure appropriate Compliance & AML/CFT/PF risk classification of the business, customers, products, delivery channels, and geographies. • Identify emerging financial crime risks related to crypto‑assets, DeFi exposure, cross‑border activity, and new product launches. • Oversee and advise on day‑to‑day Compliance & AML operations, including quality assurance of onboarding, alerts, investigations, and reporting. • Ensure timely and accurate filing of suspicious transaction/activity reports with CNMV/SEPBLAC in Spain. • Coordinate with group‑level compliance, risk, and product teams to ensure consistency while maintaining local regulatory ownership. • Draft, maintain, and continuously update AML/CFT/PF policies, procedures, and controls in line with MiCAR, Spanish AML law, and EU guidance. • Ensure policies are embedded operationally and reflect actual business practices. • Ensure AML/CTF/PF training is aligned and contains local-specific requirements, including tailored training for senior management and high‑risk functions. • Identify control gaps, weaknesses, or regulatory findings and design remediation plans. • Track remediation actions to completion and report progress to senior management and the Board. • Protect and enhance the reputation of CEX.IO Europe through a strong compliance culture and proactive regulatory engagement. • Provide regular updates to the Board of Directors regarding Compliance & AML/CFT/PF risks, regulatory developments, and supervisory expectations.

• Lead the implementation and maintenance of the ICT risk management framework to meet CNMV and ESMA standards • Supervise and control ICT services provided by CEX.IO Ltd (UK), including cloud infrastructure, software development, and security operations • Identify, assess, and mitigate technological risks. Conduct annual reviews of the Business Impact Analysis (BIA) and the ICT Risk Assessment • Act as the ultimate authority for initiating the Incident Response Plan (IRP) for high and critical levels. Coordinate the notification of major incidents to the CNMV within mandated timelines (4h/72h/30 days) • Supervise critical ICT third-party service providers, with a focus on monitoring and ensuring compliance with agreed SLAs, RPOs, and RTOs • Oversee the security of crypto-asset custody solutions (Proprietary V2/V3 and external sub-custodians, like Coinbase). Ensure the integrity of MPC (Multi-Party Computation), HSM (Hardware Security Modules), and multisig signing processes. • Supervise the Secure Software Development Life Cycle and validate security testing in pre-production (UAT) environments before deployment • Approve and collaborate on operational resilience testing plans and specific tests regarding Distributed Ledger Technology (DLT) • Maintain a unified and centralized inventory of CEX.IO systems and infrastructure

• Provide independent oversight to the Executive Management team • Ensure operations maintain high standards of financial integrity and regulatory excellence • Help executive directors identify hidden problems or external factors impacting profitability • Ensure adherence to the Markets in Crypto-Assets Regulation (MiCAR) and local mandates • Advise on developing robust risk management and internal control systems • Participate in Board meetings and specialized committees

• Collaborate with the Board to define the company’s enterprise-wide risk appetite, covering operational, financial, cyber, and strategic risks. • Present and justify the Risk Management Framework to the Board Risk Committee for approval. • Advise the Board on conflicts of interest regarding qualifying shareholders and shared resources. • Provide regular risk reports to the Board Risk Committee, highlighting any key risk indicators (KRIs) and emerging trends in the crypto-asset sector. • Develop, implement, and maintain the comprehensive risk management framework and policies across the organisation. • Act as the primary point of contact for the Banco de España and/or CNMV and external auditors regarding risk management matters and compliance with industry standards.