GLOBAL MOUNTAIN GROUP LLC

Last Updated: 26 January 2026

Global Mountain Group LLC (“Company”, “GMG”, “we”, “us”, or “our”) operates under a strict compliance-first, eligibility-based, and risk-controlled framework.

This Policy governs the screening, acceptance, continuation, limitation, suspension, and termination of any engagement, whether related to security, logistics, cross-border investigative operations, evidence-led risk intelligence, software and SaaS development, or other services provided by the Company.

This Policy applies before engagement, during execution, and throughout the entire contractual relationship.

1. Compliance-First and Risk-Controlled Principle

All Company activities are conducted subject to applicable laws, regulations, and internal compliance standards, including but not limited to:

• United States federal and state laws
• International sanctions regimes and export-control regulations
• Trade, logistics, transport, and technology restrictions
• Data protection, privacy, and intelligence-related legal frameworks
• Licensing, authorization, and professional requirements

No commercial, operational, contractual, or strategic consideration shall override compliance, legality, or risk-acceptability requirements.

2. Eligibility Is Conditional and Ongoing

Eligibility to engage the Company is never presumed, permanent, or unconditional.

Eligibility:

• is assessed prior to engagement
• continues to be assessed during execution
• may be reassessed at any time

The existence of a signed agreement does not limit the Company’s right to reassess eligibility.

3. Mandatory Screening and Due Diligence

Before and during any engagement, the Company may conduct screening and due diligence, including but not limited to:

• identity and authority verification
• legitimacy of the counterparty and beneficiaries
• end-user and end-use analysis
• jurisdictional and territorial assessment
• sanctions, export-control, and regulatory screening
• reputational, legal, operational, and security risk evaluation

The Company may request additional information at any time.

Failure or refusal to provide requested information may result in suspension or termination.

4. Accuracy and Completeness of Information

The counterparty is responsible for ensuring that all information provided to the Company is:

• accurate
• complete
• truthful
• not misleading by omission

Any false statement, misrepresentation, concealment, or omission—whether intentional or negligent—shall be deemed a material compliance breach.

5. Discovery of New Facts During Engagement

If, at any time during an ongoing engagement, the Company discovers or reasonably determines that:

• information previously provided was false, inaccurate, incomplete, or misleading
• material facts were withheld
• circumstances have changed materially
• new facts emerge affecting legality, sanctions exposure, or risk profile
• continued collaboration may damage the Company’s reputation
• continued collaboration may expose the Company to unacceptable legal, regulatory, security, or operational risk

the Company may take immediate action as set forth below.

6. Right to Suspend, Limit, or Terminate Ongoing Engagements

In the situations described above, the Company reserves the unilateral right, at its sole discretion, to:

• suspend activities (in whole or in part)
• limit scope, deliverables, or access
• impose additional compliance conditions
• terminate the engagement immediately

Such actions may be taken:

• with or without notice
• with or without explanation
• without liability, to the fullest extent permitted by law

No prior breach determination, cure period, or formal finding is required.

7. Reputational and Strategic Risk Protection

The Company reserves the right to refuse, suspend, or terminate an engagement where continued association may:

• harm or threaten the Company’s reputation
• damage trust with partners, insurers, banks, or regulators
• expose the Company to public, legal, or political scrutiny
• conflict with internal risk tolerance or ethical standards

Reputational risk shall be considered a standalone and sufficient basis for disengagement.

8. Investigative, Intelligence, and High-Risk Contexts

Where activities involve investigative operations, intelligence-led risk analysis, verification, or high-complexity environments (including matters related to Ukraine or other sensitive jurisdictions):

• eligibility is subject to enhanced scrutiny
• methods, sources, and criteria are not disclosed
• the Company may neither confirm nor deny operational capabilities
• disengagement may occur immediately upon risk escalation

No continuity, availability, or permanence is implied.

9. No Obligation to Justify Decisions

The Company is under no obligation to:

• disclose findings
• reveal sources or methods
• explain risk assessments
• justify refusal or termination decisions

All determinations may be made internally and confidentially.

10. Authorized Partners and Delivery Constraints

Where required by law or operational necessity, the Company may operate exclusively through authorized partners or professionals.

If lawful delivery becomes impossible, impractical, or excessively risky, the Company may disengage.

11. No Waiver

Failure to enforce any provision of this Policy does not constitute a waiver.

All rights are expressly reserved.

12. Policy Updates

This Policy may be updated at any time.

The “Last Updated” date reflects the current version.

13. Governing Law

This Policy shall be governed by the laws of the State of Wyoming, United States of America, unless mandatory law provides otherwise.

14. Contact

For compliance-related inquiries (where appropriate):