Anti-Money Laundering (AML) Policy

Employees

All Company employees, both permanent and temporary.

Management

Members of the Board of Directors and senior management.

Compliance Personnel

The appointed Compliance Officer and all staff responsible for AML/CFT functions.

External Partners

Contractors, agents, or third parties acting on behalf of the Company who are involved in player onboarding, payment processing, or other AML-relevant activities.

Money Laundering (ML)

The act of concealing the illicit origin of funds by integrating them into the legitimate financial system. This process generally involves three stages: placement, layering, and integration.

Terrorist Financing (TF)

The direct or indirect provision or collection of funds intended for use in supporting terrorist acts, organizations, or individuals, regardless of the legality of their source.

Proliferation Financing (PF)

The provision of funds or financial services that enable the development, acquisition, or transfer of nuclear, chemical, or biological weapons and their delivery systems, in violation of international obligations.

Customer Due Diligence (CDD)

The process of identifying and verifying customers, understanding the purpose and nature of the relationship, and monitoring transactions to ensure they align with the customer’s risk profile.

Enhanced Due Diligence (EDD)

Additional verification and monitoring measures applied to high-risk situations, such as dealings with Politically Exposed Persons (PEPs) or customers from high-risk jurisdictions.

Politically Exposed Person (PEP)

An individual who holds or has held a prominent public position, as well as their immediate family members or close associates, who may pose a heightened risk of corruption or bribery.

Sanctions Screening

The process of checking customers and transactions against international and national sanctions lists (UN, EU, Curaçao) to ensure compliance with prohibitions.

Beneficial Owner

A natural person who ultimately owns or controls a customer or on whose behalf a transaction is carried out, typically someone with 25% or more ownership or control in a legal entity.

Unusual Transaction Report (UTR)

A report filed with the Curaçao Financial Intelligence Unit (FIU) when a transaction is identified as suspicious or unusual, based on objective or subjective criteria.

Risk-Based Approach (RBA)

A strategic approach in which resources, controls, and procedures are applied proportionally to the level of risk posed by a customer, product, service, or transaction.

Customer Risk

Evaluates types of customers and their potential involvement in money laundering or terrorist financing activities.

Product and Service Risk

Identifies products that offer higher anonymity or liquidity, which may be more vulnerable to misuse.

Delivery Channel Risk

Considers risks associated with non-face-to-face interactions and the use of third-party intermediaries.

Geographical Risk

Examines the jurisdictions involved in customer relationships or transactions, particularly high-risk or sanctioned countries.

National Risk Assessment (NRA)

Integrates findings and recommendations from national assessments into the BRA framework.

Product Changes

Introduction of new products or payment methods.

Market Expansion

Entry into new jurisdictions or markets.

Technology Implementation

Deployment of new technologies or business models.

Regulatory Changes

Amendments to laws or regulatory requirements affecting AML obligations.

Approval Authority

Approved by the Board of Directors.

Maintenance

Managed and maintained by the Compliance Department.

Availability

Provided to the Curaçao Gaming Control Board upon request.

Documentation Includes

Methodology used to assess risk, justification for classifications (low/medium/high), conclusions, and references to data sources.

Customer Risk

Assessment of the player’s financial background, income sources, and behavioral indicators. Red flags include:– Multiple or irregular income sources;– Unverifiable or inconsistent financial data;– Excessive or disproportionate spending;– Use of third parties or agents for transactions;– PEP status;– Multiple accounts to disguise transaction patterns;– Large withdrawals unconnected to gameplay.

Geographical Risk

Evaluation based on the customer’s country of residence, nationality, and origin of funds.

High-risk countries include:– Jurisdictions with strategic AML/CFT deficiencies (as identified by FATF, CFATF, OFAC, etc.);– Countries subject to international sanctions;– Regions with high levels of corruption or terrorist activity;– Countries appearing negatively in the Corruption Perception Index or InCSR reports.

Product, Service, and Transaction Risk

Assessment of the inherent risk in certain products or services, including:– Acceptance of high-risk payment methods (e.g., prepaid cards, crypto, e-wallets);– Peer-to-peer gaming features;– Deposits and withdrawals without real gambling activity;– Transfers between accounts or casinos using the same backend.

Distribution Channel Risk

Evaluation of how the customer interacts with the platform. Higher risk is attributed to:– Non-face-to-face onboarding (if not mitigated by secure verification technologies);– Use of third-party intermediaries without AML oversight;– Anonymous or remote registration channels.

Behavioral

Unusual transaction patterns or irregular betting behavior.

Status

Change in PEP or sanctions status.

Financial

Updated or unexplained source of funds.

High-Risk Indicators

Customers posing higher-than-average ML/TF/PF risk, such as PEPs, individuals from high-risk jurisdictions, or disproportionate spenders.

Risk Categorization

Customers are classified as low, medium, or high risk based on objective indicators and behavior.

CDD Level

The degree of due diligence and monitoring frequency depends on the assigned risk category.

Enhanced Due Diligence Triggers

Applied when risk exceeds acceptable thresholds (e.g., unexplained wealth, sanctioned countries).

UN and EU Consolidated Lists

Verified to prevent engagement with sanctioned individuals or entities.

Local Curaçao Sanctions Lists

Checked for compliance with national AML/CFT obligations.

PEP Databases & Transparency Sources

Such as Transparency International and other reputable providers.

Senior Management Approval

The relationship must be approved at a senior level before proceeding.

Independent Verification

Source of wealth and source of funds must be independently verified.

Enhanced Monitoring

Ongoing review and scrutiny of account activity are applied.

Incomplete CDD

The customer fails or refuses to complete CDD within required timelines.

Fraudulent Documentation

The customer provides falsified or unverifiable documents.

Sanction Links

The customer is confirmed or suspected to have ties with sanctioned entities or terrorist organizations.

Suspicious Activity

Evidence or strong suspicion of criminal activity, money laundering, or third-party proxy use.

Approval

Reviewed and approved by the Board of Directors.

Oversight

Enforced under the supervision of the Compliance Officer.

Documentation

All declined or terminated customer cases are recorded with clear justification and supporting evidence.

Review Cycle

The CAP is reviewed annually or upon material business or regulatory changes.

Transaction Threshold

When a player performs financial transactions equal to or exceeding NAf. 4,000.

Occasional Transactions

When an occasional or linked series of transactions exceeds NAf. 4,000.

Suspicion of ML/TF

Whenever there is suspicion of money laundering or terrorist financing.

Doubt in Existing Data

When previously obtained identification information is found to be inaccurate or insufficient.

1. Customer Identification and Verification

The Company collects and verifies each customer’s full name, permanent residential address, date and place of birth, nationality, and identification number. Verification is conducted using valid, unexpired government-issued photo identification (e.g., passport, national ID). Residential address verification may be supported by secondary documentation such as utility bills or bank statements not older than six months.

Additional Verification Tools

Biometric validation, video verification, cross-checks with geo-location/IP data, and device fingerprinting may be applied where appropriate.

2. Customer Risk Assessment

Each customer is risk-rated during onboarding based on personal characteristics, geography, product use, and behavioral factors. This determines the appropriate CDD level and monitoring intensity.

3. Purpose and Nature of Relationship

The Company collects enough information to understand the intended use of the account, expected funding patterns, and activity level. For low-risk cases, a source-of-wealth declaration may suffice; in higher-risk cases, documentary evidence and behavioural analysis are required.

4. Sanctions and PEP Screening

All customers are screened at onboarding and on an ongoing basis against:– UN and EU Consolidated Sanctions Lists– Curaçao national lists– Reliable databases (e.g., KnowYourCountry, Transparency International). Customers identified as PEPs require senior management approval, verified source of wealth/funds, and enhanced monitoring.

Account Status

The account is suspended immediately.

Transaction Restriction

No further deposits or withdrawals are permitted.

Fund Return

Funds are returned to the original source account unless ML/TF is suspected.

FIU Reporting

In cases of suspicion, the matter is reported to the FIU Curaçao, and where necessary, escalated to the Public Prosecutor’s Office.

Politically Exposed Persons (PEPs)

When the customer is a PEP, a close associate, or an immediate family member of a PEP.

High-Risk Jurisdictions

When the customer resides in, or transactions are linked to, jurisdictions with elevated AML/CFT risk.

Anonymous Payment Methods

When customers use products or payment options that obscure identity (e.g., prepaid cards, cryptocurrencies).

New Technologies or Channels

When new or developing technologies, delivery channels, or business models are used.

Additional Customer Information

Collect detailed information such as occupation, previous address, adverse media reports, and open-source intelligence.

Verification of Relationship Purpose

Obtain specific explanations and documents clarifying the nature and purpose of the business relationship.

Proof of Source of Funds and Wealth

Require documented evidence of income or wealth (e.g., salary slips, inheritance, property sale, gambling winnings).

Transaction Justification

Request a clear explanation for significant or irregular transactions deviating from expected patterns.

Senior Management Approval

Require management authorization before initiating or continuing high-risk relationships.

Enhanced Monitoring

Increase frequency and depth of monitoring of the customer’s account activity.

Funding from Verified Account

Ensure the first deposit originates from an account in the customer’s own name at a financial institution applying equivalent CDD standards.

Periodic Revalidation

For high-risk cases, the customer’s source of funds must be revalidated periodically even without changes in behavior.

Continuous Monitoring

Enhanced oversight remains active for the entire duration of the relationship while elevated risk persists.

Documentation

Every EDD decision and result must be logged in the customer file for audit and regulatory purposes.

Periodic Review

Regular reviews of all customer identification data.

Document Reverification

Recollection of updated identification where material changes occur.

Expiry Tracking

Monitoring expiration dates of ID documents and prompting timely re-verification.

Risk Reassessment

Reviewing the customer’s overall risk profile when significant changes in identity occur.

Pattern Analysis

Comparing transactions against the customer’s historical activity and peer benchmarks.

Investigation

Reviewing the source of funds and purpose of transactions that deviate from the norm.

Supporting Documentation

Requesting documentation for unusual or unexplained activity.

Indicators of Concern

Large, disproportionate, or irregular transactions; use of unfamiliar payment instruments; sudden shifts in betting behavior.

Low Risk

Periodic review to confirm continued compliance with baseline AML controls.

Medium Risk

Regular checks of transactional patterns and updated documentation.

High Risk

Continuous or near real-time monitoring with enhanced review of transactions and source of funds.

Immediate Access to Data

The Company must receive all CDD data and documentation immediately upon reliance.

Written Agreements

Formal contracts guarantee access to full CDD documentation upon request.

Testing of Reliability

Periodic checks are conducted to ensure quality and timely delivery of CDD data.

Regulatory Oversight

The third party must be regulated or supervised under equivalent AML/CFT standards.

Jurisdictional Assessment

The third party’s operating country must have a reliable AML regulatory framework verified by public risk indexes.

No Economic Purpose

Transactions with no clear lawful or economic rationale.

Behavioral Deviation

Sudden changes in spending or gaming habits.

Inconsistent Payment Sources

Use of methods or accounts unrelated to the customer’s declared profile.

Suspected ML/TF Activity

Transactions suspected to be linked to money laundering or terrorist financing.

Sanctioned Persons or Entities

Transactions by or on behalf of entities listed under the Sanctions National Ordinance (N.G. 2014 no. 55).

Large Transactions

Transactions of NAf. 5,000 or more, regardless of payment medium (cash, chips, e-wallets, etc.).

Linked Transactions

Cumulative transactions reaching NAf. 5,000 in a single gaming day.

Unjustified Transfers

Transactions with no clear legal justification or significantly above normal activity levels.

Internal Reporting

All identified unusual transactions are reported internally to the Compliance Officer.

Supporting Documentation

Identity documents, payment confirmations, and correspondence must accompany internal reports.

Non-FIU Reports

Transactions not escalated to FIU are documented internally with clear justification and senior management approval.

Record-Keeping

The Compliance Officer maintains a secure, auditable record of all reported and unreported transactions.

FIU Registration

The Company is registered with the FIU Curaçao and uses the goAML online portal.

Submission Language

Reports are submitted in English with all supporting documents.

Timeliness

Reports must be submitted promptly upon identification of an unusual transaction.

Legal Reference

Reporting complies with Article 11 of the NORUT and FIU Curaçao regulations.

Internal Policies, Procedures, and Controls

The Company enforces written AML/CFT procedures covering due diligence, reporting of unusual transactions, record-keeping, sanctions compliance, and staff conduct. These are approved by senior management and reflect a zero-tolerance stance toward financial crime.

Designated Compliance Officer

A senior, independent Compliance Officer oversees the AML Program, including its design, implementation, staff training, internal investigations, and reporting to the FIU via the goAML portal. The Officer has unrestricted access to CDD records and is supported by a compliance team.

Employee Screening and Training

All relevant employees are screened for integrity and receive mandatory AML training tailored to their roles. New hires receive introductory training, while ongoing refresher courses are provided for critical functions such as cashiers, dealers, compliance, audit, and management.

Independent Audit Function

An internal or external audit—independent from daily operations—is conducted annually. The audit reviews procedures, tests sample transactions, interviews staff, and evaluates the detection system’s effectiveness. Findings are reported to senior management with recommendations and corrective timelines.

Integration with Risk Assessments

The AML Program aligns with both the Business Risk Assessment (BRA) and Customer Risk Assessment (CRA).

Dynamic Risk Scoring

Risk scoring is applied at onboarding, throughout transactions, and during periodic reviews.

Enhanced Controls for High-Risk Areas

Transactions, products, or jurisdictions identified as higher risk receive additional monitoring and due diligence.

Adaptation to Emerging Threats

The program evolves in response to new payment technologies, remote onboarding practices, and typologies identified by regulators or FIUs.

Legal Adherence

Maintains full compliance with the laws and regulations of Curaçao.

Regulatory Standing

Meets all licensing conditions imposed by the Curaçao Gaming Control Board (GCB).

Corporate Reputation

Upholds the Company’s image as a transparent and responsible operator.

Risk Mitigation

Reduces exposure to financial, regulatory, and criminal risks.

All Staff

Must understand and comply with AML/CFT policies, complete all required training, promptly report suspicious activity to the Compliance Officer, cooperate with audits and investigations, and maintain confidentiality of FIU reports.

Management

Must establish a culture of compliance, allocate adequate resources to AML/CFT functions, and lead by example in implementing risk-based controls.

Internal Disciplinary Action

Employees violating AML policies may face disciplinary measures up to and including termination. Contractors or agents may have agreements suspended or terminated.

Regulatory Sanctions

The GCB may impose administrative fines, license suspension or revocation, enhanced supervision conditions, or public reprimands.

Civil and Criminal Liability

Individuals or the Company may face prosecution, civil penalties, or imprisonment for facilitating or failing to report ML/TF activities.

Reputational Damage

AML failures may cause loss of customer trust, banking restrictions, and long-term harm to the Company’s commercial position and brand value.

Internal Monitoring and Audits

Continuous internal reviews to verify compliance effectiveness.

Periodic Employee Reviews

Assessment of staff adherence to AML responsibilities.

Root-Cause Analysis

Investigation of any deficiencies or breaches to prevent recurrence.

Corrective Actions

Implementation of remediation measures and escalation to senior management where necessary.