Anti-Money Laundering & Countering the Financing of Terrorism Policy
The Company's policy on preventing and detecting money laundering and the financing of terrorism, in line with FATF standards and the Tobique Gaming Act 2023.
Terms and Definitions
“Commission” means the Tobique Gaming Commission.
“Financing of terrorism” includes an activity where:
- (a) A person provides or collects funds, and intends or is negligent or reckless as to whether the funds will be used to facilitate or engage in a terrorist act; or
- (b) A person to become involved in an arrangement which makes money or other property available to another if he or she knows, or has reasonable cause to suspect, it may be used for terrorist purposes.
“Financing of terrorism offence” is an offence whether committed in the Tobique First Nation or under the laws of another jurisdiction, which criminalizes the financing of terrorism, and includes circumstances where financing was provided even if the terrorist act does not occur.
“Gaming Act” means the Tobique Gaming Act 2023.
“Money Laundering” is the activity whereby:
- (a) A person uses, transfers the possession of, sends or delivers to any person or place, or otherwise deals with, in any manner and by any means, any property or any proceeds of any property with intent to conceal or convert that property or those proceeds, knowing or believing that, or being reckless as to whether, all or a part of that property or of those proceeds was obtained or derived directly or indirectly as a result of criminal activity; or,
- (b) A person enters into, or becomes concerned in, an arrangement which he or she knows, or has reasonable cause to suspect, facilitates the acquisition, retention, use or control of criminal property by or on behalf of another person.
“Money laundering offence” is an offence whether committed in the Tobique First Nation or under the laws of another jurisdiction, which criminalizes money laundering or disposal of the proceeds of crime.
“Person” includes an individual, corporation, partnership, limited liability company and any other business entity recognized under the laws applicable within the Tobique First Nation.
“Politically Exposed Person (PEP)” means an individual who holds a prominent public position or function in a government body or an international organization, including:
- (a) Head of State or head of a country or government;
- (b) Government minister or equivalent senior politician;
- (c) Senior government official;
- (d) Senior judge in a foreign country or international organization;
- (e) Governor of a central bank;
- (f) Senior foreign representative, ambassador, or high commissioner;
- (g) High-ranking member of the armed forces; or,
- (h) Board chair, chief executive, or chief financial officer of, or any other position that has comparable influence in, any State enterprise or international organization.
In this Policy definition PEP includes immediate family member (spouse, de facto partner, child and a child's spouse or de facto partner, parent). Also in this Policy definition PEP includes Close associate (any individual who is known (having regard to information that is public or readily available) to have joint beneficial ownership of a legal entity or legal arrangement with a PEP; or sole beneficial ownership of a legal entity or legal arrangement that is known to exist for the benefit of a PEP).
“Person having a close connection to a sport or sporting event” includes an individual who (having regard to information that is public or readily available) owns, plays with, coaches, trains or manages a sporting team, or who has a senior role with the governing body of a sport. This definition includes immediate family member (spouse, de facto partner, child and a child's spouse or de facto partner, parent). Also this definition includes close associate (any individual who is known (having regard to information that is public or readily available) to have joint beneficial ownership of a legal entity or legal arrangement with a Person having a close connection to a sport or sporting event; or sole beneficial ownership of a legal entity or legal arrangement that is known to exist for the benefit of a Person having a close connection to a sport or sporting event).
“Transaction” includes a single transaction or a series of transactions which appear to be linked.
“Restricted Jurisdiction” refers to any country or territory subject to sanctions or restrictions imposed by international regulatory bodies such as the United Nations (UN), European Union (EU), United Kingdom (UK), United States (US), or any other relevant international or national authority as provided in Annex IV. This includes jurisdictions or entities designated under the United Nations Security Council (“UNSC”) resolutions, such as resolutions 1267 (1999), 1373 (2001), and their successors, which mandate the freezing of assets and the prohibition of financial dealings with specified entities or individuals. These jurisdictions are considered entirely out of the Company's risk appetite due to legal, regulatory, or strategic concerns, such as pervasive sanctions, inadequate anti-money laundering controls, or systemic corruption. The Company prohibits any form of business engagement, including gaming rights or financial transactions, with entities or individuals operating from these jurisdictions.
“High-Risk Jurisdiction” is a country or territory having high corruption scoring or identified by the Financial Action Task Force (FATF) as having significant deficiencies in its AML/CFT frameworks as provided in Annex IV. These jurisdictions are categorized under the FATF “grey list” or other similar regulatory or corruption risk lists and are subject to Enhanced Due Diligence (EDD) measures. Relationships or transactions with parties associated with high-risk jurisdictions are assessed on a case-by-case basis, considering the holistic risk factors outlined in the Company's Customer Risk Assessment Methodology.
1. Introduction
1.1. The Company is committed to upholding robust standards to prevent and counter money laundering (“AML”) and terrorism financing (“CTF”) in all areas of its business and operations. The Company strictly prohibits the use of its services for any illegal activities, including money laundering and terrorism financing. Therefore, the Company will not establish or maintain business relationships with any individual or entity where customer due diligence (“CDD”) cannot be completed satisfactorily, or where there is reason to believe or suspect involvement in money laundering or terrorist financing.
1.2. All employees, officers, and directors of the Company (collectively referred to as “Employees”), as well as consultants, representatives, agents, brokers, distributors, and any other intermediaries acting on behalf of the Company, are required to fully adhere to this policy and its associated procedures.
2. Legal Framework
The Company has implemented AML/CTF procedures, systems, and controls designed to prevent and detect money laundering and terrorism financing, in alignment with recognized international best practices, such as those recommended by the FATF and:
- Regulations Concerning Anti-Money Laundering and Counter Terrorism Financing as enacted by the Commission pursuant to Section 22 of the Tobique Gaming Act 2023.
- Tobique Gaming Commission (“TGC”) Gaming Act 2023;
- TGC Remote Gambling Anti-Money Laundering (“AML”) Code of Practice; and,
- TGC General Code of Practice.
These measures are aimed at ensuring that the Company's operations align with global standards and contribute to a secure and compliant business environment.
3. Sanctions Compliance
The Company ensures full compliance with all applicable sanctions laws and regulations, including resolutions issued by the UNSC under Chapter VII of the UN Charter. This includes resolutions related to the prevention and suppression of terrorism, terrorist financing, and the proliferation of weapons of mass destruction. The Company will freeze without delay the funds or assets of, and ensure that no funds or assets are made available, directly or indirectly, to or for the benefit of any Restricted Jurisdiction, as well as individual or entity designated by the UNSC or relevant authorities in accordance with resolutions such as 1267 (1999), 1373 (2001), and successor resolutions.
4. Compliance Officer
4.1. The Company has appointed a Compliance Officer (“Compliance Officer”) as part of its senior management team to ensure the effective implementation, management, and oversight of all AML/CFT measures. The Compliance Officer is accountable to the Board of Directors and serves as the primary authority for managing the Company's AML/CFT systems, ensuring compliance with international and national regulatory frameworks.
2. The Board of Directors and senior management have clearly defined and documented AML/CFT responsibilities. The Compliance Officer, as performing functions of the Money Laundering Reporting Officer (MLRO), owns the day-to-day management of ML/TF risks. However, senior executives remain personally and corporately accountable for preventing money laundering activities within the Company.
3. The Compliance Officer has sufficient autonomy, expertise, and influence to effectively challenge internal decisions and ensure independent oversight. They are empowered to escalate material ML/TF risks to the Board of Directors or an appropriate Risk Committee for review and resolution, using formal reports and assessment tools.
4. The Company has established clear governance processes for reviewing customer accounts and other issues raising AML concerns. Material risks are escalated to a senior risk management forum, which includes the Compliance Officer and may involve the Board of Directors or a dedicated Risk Committee. Formal documentation, including minutes of meetings and structured risk assessments, is maintained for accountability.
5. In accordance with Tobique regulatory requirements, the Company conducts an Enterprise-Wide Risk Assessment (EWRA) on an annual basis. This assessment is led by the Compliance Officer, who is responsible for evaluating the overall exposure of the Company to ML/TF risks. The EWRA takes into account a comprehensive set of risk factors, including:
- The typology and risk profile of the Company's customers;
- The countries and geographic regions in which the Company operates or serves customers;
- The nature and risk level of products and services offered;
- Payment and transaction patterns, including volumes, frequency, and complexity;
- The operational delivery channels used, particularly non-face-to-face onboarding or remote services;
- The involvement of third-party service providers, including payment processors, agents, and technology vendors.
Following the completion of the assessment, the Compliance Officer prepares a formal report to the Board of Directors. This report provides an update on the Company's corporate risk exposure, summarizes key AML/CFT activities conducted throughout the year, and highlights any material ML/TF risks identified. Interim reports may also be submitted to the Board or senior management on an ad hoc basis in response to significant events, regulatory developments, or emerging threats.
6. The Compliance Officer acts as the primary point of contact for regulatory authorities, promptly responding to compliance-related requests. Within the Company, the Compliance Officer serves as the primary resource for employees on money laundering and terrorist financing matters, receiving internal reports of suspicious transactions and taking appropriate investigative and reporting actions as required.
7. The Compliance Officer possesses in-depth AML/CFT knowledge and experience, particularly within the gaming and remote gaming sectors. They ensure the establishment and maintenance of a comprehensive AML/CFT training program for all employees, including periodic updates on money laundering risks, regulatory changes, and guidance. The Compliance Officer also actively pursues external training to stay current with emerging AML/CFT trends and best practices.
8. The Compliance Officer is responsible for conducting periodic risk assessments concerning the Company's AML/CFT controls and advising the Board on strategic measures to mitigate identified risks. He ensures all employees are informed of updates regarding sanctions, guidance, or notices related to ML/TF risks.
5. Risk-Based Approach and Risk Assessment
1. The Company acknowledges that the gaming sector is exposed to specific money laundering and terrorist financing risks. These include but are not limited to:
- The introduction or movement of funds with illicit origins through deposit, gambling, withdrawal, or money transfer activities.
- Customers knowingly attempting to disguise, convert, or dispose of illicit funds as legitimate through gaming activities.
- Risks arising from ownership, control, or misuse of the Company's platform by criminals or their associates.
- Peer-to-peer fund transfers, such as “chip-dumping” in poker, used to facilitate ML or TF activities.
2. The Company applies a risk-based approach to AML/CTF measures, prioritizing efforts in areas where risks are assessed as higher. This approach is guided by the following principles:
- Recognizing that ML/TF risks vary based on factors such as customer profiles, geographical regions, services offered, and financial instruments.
- Tailoring policies, procedures, and controls to the Company's specific risk profile, as approved by the Board of Directors.
- Continuously assessing the risks associated with services, customers, and jurisdictions, ensuring effective mitigation strategies are in place.
- Allocating resources to focus on higher-risk areas to maximize the efficiency and effectiveness of compliance efforts.
3. To address the risks identified the Company evaluates and documents risks related to customers, financial instruments, services, and geographical areas in its risk management manual.
4. Measures are implemented to mitigate identified risks, including enhanced due diligence (EDD) procedures for high-risk customers or transactions.
5. The Compliance Officer ensures robust procedures are in place to safeguard against common ML methods, such as disguising, converting, or disposing of illicit funds.
- Disguise: Misrepresentation of illicit funds as legitimate.
- Conversion: Transformation of “dirty money” into “clean” funds through winnings or account balances.
- Disposal: Use of illicit funds for gambling activities or settling debts.
6. The Company continuously monitors and enhances the effectiveness of its AML/CTF controls. This includes regular reviews of the policies, procedures, and controls in response to evolving risks and regulatory updates, strong mechanisms for identifying and addressing gaps in compliance practices and training and awareness programs to ensure all employees understand the specific ML/TF risks associated with the gaming sector.
7. The Compliance Officer, supported by the Board of Directors, oversees the implementation of the risk-based approach. The Company maintains clear governance processes for escalating material ML/TF risks to the Board or an appropriate Risk Committee. These processes are documented, and formal reports are prepared to ensure accountability.
8. The Company addresses AML/CTF risks in its vendor selection process and supply chain management, ensuring that all third-party relationships comply with the Company's risk management standards and regulatory requirements.
9. The Company conducts customer risk assessments in accordance with the risk-based approach. Each customer is evaluated based on a range of predefined risk factors, including customer profile, behavior, communication channels, and service usage patterns. The assessment is performed using the methodology detailed in Annex VII, where risk levels are assigned as Low, Medium, or High depending on the nature and number of applicable risk indicators. Key risk factors considered include:
Customer-related risks, such as:
- Bearer share companies,
- Offshore entities,
- PEPs,
- Persons with a close connection to a sport or sporting event,
- Transactions involving large cash volumes,
- Customers from High-Risk jurisdictions.
Behavioral risks of customers, such as:
- Transactions lacking a clear financial rationale,
- Difficulties in verifying the origin of funds or wealth,
- Reluctance to provide beneficial ownership details.
Communication channel risks, including:
- Non-face-to-face customer interactions,
- Introductions from third parties.
Risks related to services and financial instruments offered, including:
- Services allowing third-party payments,
- Significant cash deposits or withdrawals.
10. The Company also set alert triggers for the following warning signs (“Red Flags”):
- High losses which are not consistent with the normal activity of the customer nor in line with such customer's player profile or documented financial means
- Spikes in player activity: significant increase in the customer's play or betting activity which appears not to be consistent with known or profiled activity for that customer
- Avoidance or delay by the customer to connect personally with the Company.
- Provision of false or implausible information or documentation by the customer in a seeming attempt to conceal or withhold information or documentary evidence required for AML/CFT purposes.
- Identification of inconsistent personal information or adverse media related to that customer's reputation, financial standing or previous convictions.
- Customer withdrawals not consistent with usual player activity such as minimal play or spend.
- ‘Loading’ of remote gambling accounts by means of the transfer of cash funds deposited in person in live betting shops.
- Deposits made from corporate cards or accounts and/or by players with access to corporate funds such as senior financial officers.
- Problem gambling behaviour resulting in increased wagering levels and frequencies, where customer may be financing addiction from stolen funds.
- A customer misleads the Company as to the source of their deposits, where the source of funds is linked to a criminal activity.
- A player transfers criminal funds to another player whether by play or by other means. The customer will still be deemed guilty of money laundering whether or not that player is colluding with that customer.
- A customer engages in very low risk gambling activity or in minimal play in an attempt to recycle illicit funds, or a proportion thereof, through gambling facilities.
11. Compliance Officer designs and implements suitable measures and controls, with special focus on high-risk customers. These measures include:
- Verifying customer identity
- Gathering information for a comprehensive economic profile
- Monitoring customer transactions and activities
- Raising awareness of high-risk situations across business units
- Escalating approval for account establishment when necessary
- Applying enhanced “Know Your Customer” (KYC) and Enhanced Due Diligence (EDD) protocols
- Increasing transaction monitoring and ongoing review levels
- Seeking additional verification of customer identity beyond standard requirements
- Obtaining further details on the nature of relationships and anticipated business volumes
- Requesting additional documentation regarding source of funds and wealth
- Implementing independent verification procedures
- Requiring senior management approval for high-risk relationships
- Establishing a process for senior management to evaluate and, if necessary, exit high-risk relationships that exceed risk tolerance
- Analyzing AML/CTF risk factors in new acquisitions and service or product developments
- Updating third-party data more frequently in high-risk contexts
12. The Compliance Officer prepares and maintains a list for the categories (low, medium or high risk) of customers, which contain, among others, the customers' names, account numbers, and date of commencement of relationship. These lists are promptly updated with all new or existing customers that the Company has determined, in the light of additional information received.
6. On-boarding and Customer Due Diligence
6.1. The Company applies CDD measures in line with Recommendation 10 of the FATF standards. These measures are required when
- establishing business relationships (on-boarding);
- conducting occasional transactions;
- there is suspicion of money laundering or terrorist financing
- there is doubt about the veracity or adequacy of previously obtained customer identification data.
6.2. The aim of CDD is to assess and manage the risks of money laundering and terrorist financing associated with customers. This is achieved by identifying potential risks early and applying measures to address them appropriately. Enhanced Due Diligence (EDD) is applied to customers deemed higher risk to provide an additional layer of protection.
6.3. As part of CDD measures, KYC (verification) is applied. This process includes gathering key information such as identity, date of birth and residential address via On-Boarding Application Form (Annex V), confirmation source of funds and performing standard screening checks (adverse media, PEPs and sanctions).
6.4. KYC (verification) begin (whichever of the following thresholds is initiated first):
- Within 30 days of first deposit;
- When the cumulative deposits reach an equivalent of EUR2,000 or more; and/or
- Before any money is paid out (first withdrawal).
6.5. Means of verifying of customers.
Means of Verifying Identity. To verify the identity of a customer, the company requires government-issued identification, which may include an ID card, passport, social insurance card, or any other document issued by an independent and reliable source that includes the customer's photo. Copies of these documents are kept on file and must be certified as true copies of the original by the Head of the Customer Department.
Verifying Proof of Residential Address. Verification of a customer's residential address requires documentation that matches the address stated by the customer upon registration. This can include utility bills from an electricity or telecommunication authority, a local authority tax bill (dated within the last six months), entries in a telephone directory, or a bank statement (dated within the last six months).
Verifying Customer Source of Funds. To confirm the customer's source of funds, the company may rely on introductions from employees, officers, or current reliable customers, as well as references from banks, legal firms, or attorneys with existing business relations with the customer, agreements, etc. Bank statements may also be used to confirm the origin of funds, provided they are recent and authentic.
6.6. All customers are screened at the point of registration and on an ongoing basis against industry databases to identify Politically Exposed Persons (PEP), individuals subject to sanctions, and adverse media. Sanctioned customers are barred from making deposits or wagering, and any identified PEP accounts are frozen until further checks and risk assessments are completed. Screening results related to adverse media are reviewed within 30 days of account opening or first deposit and before processing any withdrawals.
6.7. For customers assessed as higher risk or have associated Red Flags, additional verification steps are required (Enhanced Due Diligence, EDD). These may include obtaining extra documentation to verify identity or confirm the source of wealth. Enhanced screening methods may also be employed, such as cross-referencing databases and additional internet searches.
6.8. Approval from senior management or the Compliance Officer is often required before proceeding with higher-risk customers. These relationships are also subject to more frequent and detailed monitoring to identify unusual or high-risk activities.
6.9. Circumstances Requiring Enhanced Due Diligence.
- When there is a change in the risk assessment for the customer.
- When there is any suspicion regarding the true identity of the customer.
- When transactions are identified that are not consistent with the customer's usual activity.
- When there is a suspicion of money laundering or terrorist financing.
- When there are doubts about the veracity or adequacy of previously obtained customer identification data.
6.10. High-Risk Factors Necessitating Enhanced Due Diligence.
- The customer is associated with High-Risk Jurisdictions.
- The use of forged or stolen identification documents.
- A customer previously excluded for problem gambling who has bypassed blocking measures to start playing again.
- The use of high-risk payment methods, such as prepaid cards or cryptocurrency.
- The presence of significant adverse media, particularly related to financial crime, serious offenses, or reputationally damaging events.
- The identification of the customer as a Politically Exposed Person (PEP).
- An indirect link to a sanctioned individual, entity, or country.
- Transactional activity that is unusually high in value or volume, especially when it exceeds the customer's estimated affordability levels.
7. Politically Exposed Persons
7.1. PEPs are considered higher risk for money laundering due to the influence and access associated with their political positions, which makes them vulnerable to corruption. PEP status does not imply involvement in suspicious activities but requires heightened vigilance and categorization into a higher risk tier.
7.2. All customers identified as PEPs must undergo EDD measures and continuous monitoring. These steps include:
- Conducting a comprehensive risk assessment to determine the materiality of the PEP relationship.
- Applying enhanced screening and ongoing monitoring for high-risk PEPs.
- Securing board-level approval for allowing PEPs to engage in wagering activities.
7.3. Compliance officer maintains a PEP log with information about PEPs and changes in their statuses.
7.4. The Company maintains a policy of monitoring individuals identified as PEPs for at least 12 months after they cease holding a prominent public function. Appropriate measures are applied during this period until the individual is deemed to no longer pose a PEP-specific risk.
7.5. PEPs associated with Higher-risk Jurisdictions are considered to represent an extremely high risk. For such cases, the Company takes the following measures:
- Conducts additional, stringent customer due diligence checks.
- Prepares a risk mitigation statement outlining identified risks and the measures taken to address them.
- Requires senior management approval to continue the business relationship.
8. Person with a Close Connection to a Sport or Sporting Event
8.1. The Company implements EDD to identify and manage relationships with customers who may be Persons with a close connection to a sport or sporting event. This applies specifically when the Company accepts bets related to the team, sport, or sporting event in question.
8.2. These EDD includes:
- Securing senior management approval before establishing or continuing such relationships.
- Verifying the source of wealth and source of funds through reasonable measures.
- Conducting enhanced ongoing monitoring to ensure compliance and mitigate risks.
8.3. If adverse information arises regarding a customer, their family member, or close associate, or if the Company cannot reasonably verify the source of funds, the following steps are taken:
- A thorough review of the business relationship's integrity is conducted.
- Consideration is given to terminating the business relationship if necessary.
8.4. All decisions regarding the establishment, continuation, or termination of business relationships with Person with a close connection to a sport or sporting event must be fully documented, including the reasons for the decisions.
9. Employee Due Diligence
9.1. The Company is committed to implementing measures to ensure employees are screened, monitored, and managed in a way that minimizes risks of involvement in money laundering or terrorist financing activities. Ongoing mechanisms are in place to detect, address, and report any control breaches by employees.
9.2. The Company applies a risk-based approach to employee due diligence, ensuring appropriate systems are established to:
- Screen prospective employees who may be in positions to facilitate money laundering or terrorist financing. The level and method of screening are determined based on the potential risk associated with the role.
- Re-screen employees when they are transferred or promoted into roles that carry increased exposure to such risks.
9.3. The Company maintains a system to manage employees who fail to comply with established systems, controls, or procedures without reasonable excuse. This includes applying disciplinary measures and taking corrective actions as necessary to address non-compliance and safeguard the integrity of operations.
10. Commercial or Business-to-Business (B2B) Relationships
10.1. If the Company B2B License Holder it applies initial Customer Due Diligence measures during the onboarding of B2C Operator Customers. This involves gathering and verifying information about the B2C customer, its owners, controllers, and related parties to identify and manage associated risks.
10.2. Key Elements of the Onboarding Process
- a) Verification of Corporate Existence. Proof of the corporate entity's existence is obtained through reliable and independent documentation, such as a certificate of incorporation, business registration documents, or equivalent legal documentation.
- b) Directors. A complete list of the company's directors is collected. For each director, the following documentation is required: proof of identity (e.g., government-issued ID, passport); proof of address (e.g., utility bill, bank statement).
- c) Ownership and Ultimate Beneficial Owners (UBOs). The ownership structure of the corporate entity is reviewed to identify UBOs. UBOs with ownership thresholds of 25% or more for Low/Medium-risk customers and 10% or more for High-risk customers are identified and verified. Documentation for UBOs includes proof of identity (e.g., government-issued ID, passport) and proof of address (e.g., utility bill, bank statement).
- d) Control Structure and Proof of Ownership. Steps are taken to establish the control structure of the entity and verify proof of ownership. This includes shareholder agreements, registries, or other official records demonstrating the allocation of shares or ownership percentages.
- e) Purpose and Intended Nature of the Business Relationship. The purpose and intended nature of the business relationship are documented, including the services to be provided, the scale of operations, and the anticipated duration of the relationship.
- f) Transactional Profile and Source of Funds. The predicted transactional profile of the B2C Operator Customer is established. This includes an analysis of the expected transaction types, volumes, and frequency. Additionally, the source of funds used to finance the business relationship is scrutinized to ensure they are legitimate.
10.3. When the Company provides customer-facing services to B2C Operator Customers, such as customer support, VIP account management, or fraud and risk services, we ensure that these activities comply with anti-money laundering and counter-terrorism financing standards. Such services require approval from relevant regulatory authorities, and ongoing monitoring is conducted to ensure compliance with required standards.
10.4. For B2C Operator Customers that accept business from corporate account holders, such as professional betting companies, the Company conducts thorough corporate due diligence. This includes identifying natural persons qualifying as UBOs and applying appropriate CDD measures to those individuals.
10.5. In addition to B2C Operator Customers, the Company applies CDD measures to other relevant B2B partners. Specific actions include:
- Conducting due diligence on gambling software providers when onboarding B2B aggregators.
- Monitoring gameplay and transactional activities when the Company supplies real-time gaming platforms, peer-to-peer poker networks, or betting exchanges. This helps identify and address potential money laundering or terrorist financing activities, including complex schemes like chip dumping or P2P transfers.
10.6. The Company ensures that monitoring practices remain flexible and adapt to emerging money laundering methodologies.
10.7. The Company implements Enhanced Due Diligence (EDD) measures for higher-risk customers to gain a comprehensive understanding of their ownership and control structure, as well as to address any specific risks. A risk-based approach is applied to ensure effective mitigation of potential issues.
10.8. EDD measures include:
- Conducting deeper checks into the ownership structure of corporate customers, identifying UBOs with ownership stakes of 10% or more.
- Performing additional verification of identity, including certified government-issued photo IDs for relevant directors or controllers.
- Obtaining evidence of the source of wealth and source of funds for UBOs.
- Enhancing screening practices by combining multiple data sources, such as search engines and third-party databases.
- Requiring approval from senior management and the Compliance Officer for establishing or continuing relationships with high-risk customers.
11. Reliance on Third Parties
11.1. The Company may utilize third parties to assist with customer identification and CDD processes, including identifying and verifying the customer's identity, identifying and verifying the identity of beneficial owners and collecting information on the purpose and intended nature of the business relationship.
11.2. When relying on third parties, the Company ensures that:
- Third parties make relevant data, information, and documents (such as certified true copies) available without delay.
- The third party has appropriate AML/CTF controls that meet the requirements of applicable legislation.
- The roles, obligations, and responsibilities of both the Company and the third party are clearly defined and documented.
11.3. All third-party arrangements must be reviewed and approved by the Compliance Officer.
11.4. The Company performs ongoing monitoring of third-party relationships to ensure:
- The third party continues to meet all compliance standards.
- Any changes in the third party's structure, ownership, or control are reviewed to assess potential risks.
- CDD data is updated periodically to reflect any changes in the customer's profile or risk factors.
11.5. The ultimate responsibility for ensuring compliance with CDD requirements remains solely with the Company. The Company remains fully accountable for the outcomes of the CDD process and ensures that all third-party activities are subject to stringent oversight and verification.
12. Ongoing Monitoring and Periodic Reviews
12.1. The ongoing monitoring of accounts and transactions is overseen by the Compliance Officer. This process is conducted throughout the duration of the business relationship and is integral to maintaining compliance with AML/CTF requirements. The Company aims to develop a full understanding of the typical account activity and economic profile of its customers to identify and address any potential risks.
12.2. The primary objectives of the ongoing monitoring process include:
- Identify high-risk customers and accounts.
- Detect transactions that deviate from the expected activity of an account.
- Identify complex or unusual transactions, including those without a clear economic purpose or legitimate reason.
- Ascertain the source and origin of funds credited to accounts.
- Screen customers regularly against PEP, sanctions, and adverse media databases.
- Monitor linked accounts to identify and assess aggregated activity across all accounts owned by the same individual.
12.3. Particular attention is paid to transactions inconsistent with the customer's economic profile, as well as the source and origin of funds credited to accounts. The Company ensures that any findings from these monitoring activities are acted upon promptly, with suspicious transactions or activities reported internally to the Compliance Officer and externally to the relevant regulator, if required.
12.4. Transaction Monitoring. The Company maintains a robust Transaction Monitoring framework as a core component of its AML/CFT controls. Transaction Monitoring is conducted on an ongoing basis, with automated and manual processes used to identify unusual or potentially suspicious activity. Monitoring focuses on the frequency, volume, and value of transactions, including bets, deposits, and withdrawals, and compares these against each customer's established transactional profile and risk rating. Expected customer behavior is defined during onboarding and regularly updated based on the customer's activity. Any deviations—such as large, high-frequency, or inconsistent betting patterns—trigger alerts for further analysis. The system applies predefined thresholds and behavioral scenarios (e.g., excessive betting in a short period, repeated minimal play followed by high withdrawals, use of multiple payment instruments) to identify potential red flags.
Any significant deviations are investigated, and findings are recorded in the respective customer's file. When transactions cannot be justified based on available information, a thorough examination is conducted to determine if they raise suspicions of money laundering or terrorist financing, triggering an internal report to the Compliance Officer.
12.5. The Company conducts periodic reviews of customer CDD and risk assessments based on the associated ML/TF risk level:
- High-Risk Customers: Every 1 year.
- Medium-Risk Customers: Every 2 years.
- Low-Risk Customers: Every 3 years.
12.6. Periodic Reviews will comprise of a full refresh of all customer risk assessments, Know Your customer information and documentation gathered in support of their CDD requirements, screening against PEP, sanctions and adverse media databases and transaction monitoring reviews to reset customer transactional profiles. These reviews ensure that customer data and risk assessments remain current and accurate throughout the relationship.
12.7. Event-Driven Reviews. Event-Driven Reviews are conducted in response to specific circumstances that may indicate an increased risk of ML/TF. These reviews are not part of routine periodic assessments but are triggered by identifiable risk factors or material changes related to the customer. Such triggers include, but are not limited to:
- Detection of high-risk factors or Red Flags during screening or transaction monitoring, for example: unusually large bets that significantly exceed the customer's historical activity or the platform's typical thresholds; frequent or repetitive betting activity within short timeframes, which may indicate automated behavior or structured transactions; bets placed during or around high-profile events (e.g., major sporting events), which could suggest insider knowledge or attempts at match-fixing; use of unusual payment methods or multiple funding sources that lack clear justification or traceability.
- A significant change in the ownership or control of a customer's business, for example: sale or transfer of the business to a third party; appointment of new Ultimate Beneficial Owners (UBOs) or controlling individuals; introduction of complex legal structures such as trusts or offshore entities that obscure ownership transparency; any other change that materially affects the customer's legal or operational status.
- Any other indicators of increased ML/TF risk, which may arise from internal risk assessments, external intelligence, law enforcement notifications, or suspicious behavior patterns, and may include: customer refusal to provide updated information or documentation; negative media or sanctions alerts; discrepancies in provided data or unexplained changes in transaction patterns.
As part of an Event-Driven Review, a full refresh of the customer's KYC and CDD records must be carried out. This includes:
- Obtaining updated identification and verification documents for both individuals and entities involved;
- Revalidating the customer's source of funds and source of wealth, if applicable;
- Reviewing and updating information on the customer's business activities, geographic exposure, and transactional behavior;
- Performing a comprehensive reassessment of the customer's risk profile, taking into account any new risk factors or changes in behavior;
- Applying EDD measures if the new risk level is classified as high.
The outcome of the Event-Driven Review may result in reclassification of the customer's risk level, implementation of new monitoring thresholds, or in extreme cases, suspension or termination of the business relationship.
12.9. Off-boarding Procedure. If the Company determines that a customer poses an unacceptable level of risk or the business relationship is no longer sustainable, off-boarding procedures are initiated. The off-boarding process includes:
Triggering events for off-boarding:
- Identification of unresolvable ML/TF risks, including repeated Red Flags or high-risk factors.
- Non-compliance by the customer with requests for updated KYC or CDD information.
- Evidence of fraudulent activities, links to criminal networks, or regulatory violations.
- Significant reputational risk to the Company.
Off-boarding Process includes the following steps:
- The Compliance Officer conducts a final review of the customer's activity, including outstanding transactions or issues.
- The customer is formally notified of the termination of the business relationship. The notification includes a clear explanation of the decision, except where prohibited by regulatory or legal constraints (e.g., tipping-off provisions).
- All pending transactions are reviewed to ensure they comply with AML/CTF requirements. Funds are returned to the customer via the original payment method, where possible, to minimize risks.
- The offboarding decision and all related correspondence are documented and retained as part of the customer's record.
If offboarding is initiated due to suspected ML/TF activities, the relevant regulatory authorities are notified as required by law. The account remains subject to monitoring for any subsequent suspicious activities linked to past transactions or associated parties.
13. Data Recording and Record-Keeping
13.1. The Company maintains comprehensive records of all customer data and associated documentation as part of its customer CDD obligations. Customer information is recorded on a designated form, which is stored in the customer's file along with supporting documents and internal records, such as meeting notes and correspondence with the customer. These files are updated regularly, at least bi-annually, or whenever new information emerges that modifies or enhances the customer's economic profile.
13.2. All records obtained through the CDD process, including copies of official identification documents, account files, and business correspondence, are retained for a minimum of five years after the termination of the business relationship or the date of an occasional transaction. These records also include the originator/payer and beneficiary/payee information for wire transfers, electronic fund transfers, and other electronic payments to ensure compliance with AML/CTF regulations.
13.3. Should the Company relocate its business operations or cease its activities, it is obligated to provide the relevant regulator or licensing authority with copies of all records, as specified by regulatory requirements. This ensures the continuity of oversight and adherence to compliance standards even in the event of organizational changes.
14. Reporting
The Company has a responsibility to report any identified instances of suspicious activity to Commission. This obligation applies in cases where the Company knows or reasonably suspects that a customer's behavior may be related to money laundering, terrorism financing, or other criminal activities, or if their activity is unusual compared to their typical transactional behavior.
15.1. The Compliance Officer receives information from the Company's employees, as provided in Annex I, which is considered to be knowledge or suspicion of money laundering or terrorist financing activities or might be related with such activities.
15.2. The Compliance Officer evaluates and examines the information received by reference to other relevant information and discusses the circumstances of the case with the informer and, where appropriate, with the informer's superiors. If following the evaluation the Compliance Officer decides not to notify Regulator, then he fully explains the reasons for such a decision as provided in Annex I.
15.3. Suspicious Activity Reports (SARs) provided in Annex III must be lodged by Compliance Officer in compliance with established timeframes.
15.4. A suspicious matter report must be submitted if there are reasonable grounds to suspect that:
- The customer is not who they claim to be.
- The provision or potential provision of services is connected to money laundering, terrorism financing, or other criminal activities.
- A transaction does not appear to have a lawful economic purpose.
15.5. The Company must adhere to strict timelines when submitting reports:
- Money laundering or other criminal activities: Reports must be lodged within 5 business days of forming the relevant suspicion.
- Terrorism financing: Reports must be lodged within 24 hours of forming the relevant suspicion.
15.6. All suspicious matter reports must:
- Clearly state the grounds for the suspicion.
- Include a detailed explanation of the circumstances that led to the suspicion.
15.7. Additionally, the Company must fully document the reasoning behind any decision to submit or not submit a suspicious matter report. This ensures transparency and accountability in the decision-making process.
15.8. The Company may be required to provide additional reports on AML/CFT compliance measures upon request from the Commission.
15.9. The Company will also report all SARs to the domestic Financial Intelligence Unit (“FIU”).
16. Training
16.1. Compliance Officer ensures that all employees receive adequate training on AML/CFT. Training equips staff with the knowledge and skills required to understand the risks, recognize suspicious activities, and fulfill their responsibilities in preventing and mitigating risks associated with money laundering and terrorist financing.
16.2. The Company provides both general and role-specific training tailored to the responsibilities and exposure of each staff member.
16.3. Key topics covered include:
- Understanding money laundering and terrorism financing risks relevant to the business.
- Applicable legislation and employee obligations under AML/CFT laws.
- The Company's Risk Assessment methodology, along with policies, controls, and procedures to mitigate risks.
- How to identify and report suspicious transactions or activities.
- Indicators and Red Flags specific to the gaming and gambling sectors.
16.4. After each training session, employees must complete an assessment to evaluate their understanding of the material. A minimum score of 75% is required to pass. Employees who do not meet this standard must re-take the assessment and, if necessary, repeat the training.
16.5. Employees are required to attend refresher training annually, on the anniversary of their initial training. Refresher sessions will include updates on any changes to relevant regulations, policies, or procedures, ensuring that staff remain informed of evolving compliance requirements.
16.6. Training sessions are conducted on a regular basis to ensure consistency and reinforce understanding across the organization. Comprehensive records of all training sessions and assessments are maintained, documenting attendance, assessment results, and any remedial actions taken.
17. Review
17.1. This Policy is subject to review every two years by an independent audit. This frequency may be increased to an annual review in response to significant compliance findings, to ensure the policies remain effective and align with legal and industry best practices.
17.2. The purpose of the review is to:
- Assess the effectiveness of the Policy having regard to the money laundering or financing of terrorism risk of the Company
- Assess whether the Policy has been effectively implemented;
- Assess whether the Company has complied with its program.
17.3. The results of the review, including any report prepared, must be provided to senior management and, where applicable, the governing body of the reporting entity.
17.4. The results of the review, including any report prepared, must be provided to the Commission.
17.5. Internal audits are performed annually to evaluate the implementation of policies, identify potential gaps, and recommend improvements.
Annex I: Internal Suspicious Report for Money Laundering and Terrorist Financing
Informer's Details
- Name / Tel
- Department / Fax
- Position
Customer Details
- Name
- Address / Date of Birth
- Tel / Occupation
- Fax / Details of Employer
- Passport No. / Nationality
- ID Card No. / Other ID Details
Information / Suspicion
- Brief description of activities/transaction
- Reason(s) for suspicion
- Informer's Signature / Date
For Compliance Officer's Use
- Date Received / Time Received / Ref
- Reported to Commission: Yes/No / Date Reported / Ref
Annex II: Internal Evaluation Report for Money Laundering and Terrorist Financing
- Reference / Customer's Details
- Informer / Department
- Inquiries Undertaken (Brief Description)
- Attached Documents
- Compliance Officer's Decision
- File Number
- Compliance Officer's Signature / Date
Annex III: Compliance Officer's Report to the Regulator
I. General Information
- Organisation's Name
- Address where customer's account is kept
- Date when a business relationship established or occasional transaction was carried out
- Type of account(s) and number(s)
II. Details of Natural Person(s) and/or Legal Entity(ies) Involved in the Suspicious Transaction(s)
(A) Natural Persons (beneficial owner(s) and authorised signatory(ies) of the account(s)): Name(s); Residential address(es); Business address(es); Occupation and Employer; Date and place of birth; Nationality and passport number.
(B) Legal Entities: Legal entity's name, country and date of incorporation; Business address; Main activities.
III. Details of Suspicious Activities
- Details of suspicious activities should be given
- Knowledge/suspicion of money laundering or terrorist financing (explain, as fully as possible, the knowledge or suspicion connected with money laundering or terrorist financing)
- Other information — Other services provided to the customer(s)
- Compliance Officer's Signature / Date
The above report should be accompanied by photocopies of the following:
- For natural persons: the relevant pages of customer's passport or ID card evidencing identity.
- For legal entities: certificates of incorporation, directors and shareholders.
- All documents relating to the suspicious transaction(s).
Annex IV: Jurisdictions
I. Restricted Jurisdictions
The consolidated list of restricted jurisdictions is the following:
Afghanistan, Canadian Province of New Brunswick, China, Cuba, Central African Republic, Democratic Republic of Congo, Haiti, Iran, Iraq, Israel, Libya, Myanmar, North Korea, Russia, Somalia, South Sudan, Syria, UK, USA, Yemen, Venezuela.
The list is based on:
- United Nations (UN) Sanctions Lists — UN Consolidated Sanctions List: un.org/securitycouncil/sanctions/information
- U.S. Department of the Treasury – Office of Foreign Assets Control (OFAC) — Specially Designated Nationals and Blocked Persons List (SDN List): SDN human-readable lists; Consolidated Sanctions List: consolidated sanctions list data files
- European Union (EU) Sanctions Lists — EU Sanctions Map: sanctionsmap.eu; EU Consolidated List of Sanctions: EU consolidated list
- United Kingdom (UK) Sanctions Lists — UK Sanctions List: gov.uk/government/publications/the-uk-sanctions-list
- Conflict Zones — Afghanistan, Central African Republic, Iran, Iraq, Lebanon, Libya, Mali, Myanmar, Nigeria, North Korea, Pakistan, Palestinian Territory, Somalia, South Sudan, Sudan, Syria, Ukraine, Yemen.
- Countries Considered to be Funding Terrorism — state.gov/state-sponsors-of-terrorism
- FATF High-Risk Jurisdictions (the “Black List”) — fatf-gafi.org/en/countries/black-and-grey-lists.html
II. High-Risk Jurisdictions
The consolidated list of high-risk jurisdictions is the following:
Albania, Barbados, Bulgaria, Burkina Faso, Burundi, Chad, Comoros, Cameroon, Cayman Islands, Croatia, Equatorial Guinea, Gibraltar, Jamaica, Jordan, Lebanon, Mali, Mozambique, Nicaragua, Nigeria, Pakistan, Palestinian Territory, Panama, Philippines, Senegal, South Africa, Tanzania, Tajikistan, Turkey, Turkmenistan, Uganda, United Arab Emirates, Ukraine, Vietnam, Zimbabwe.
The list is based on:
- FATF Jurisdictions Under Increased Monitoring (the “Grey List”) — fatf-gafi.org/en/countries/black-and-grey-lists.html
- High Corruption Scoring Jurisdictions — countries with a Corruption Perception Index (CPI) score of 20 or under are deemed the worst offenders and therefore have a high MLTF risk: transparency.org/en/cpi/2024
Annex V: Natural Person On-boarding Application Form
Section 1: Personal Information
- Full Name
- Date of Birth
- Residential Address
- Phone Number
- Email Address
Section 2: Account Details
- Username (Preferred)
- Preferred Currency
- Cryptocurrency Usage: Yes / No
Section 3: Identity Verification
- Government-issued ID (e.g., passport, driver's license)
- Proof of address (e.g., utility bill, tax bill, bank statement)
Section 4: Politically Exposed Persons (PEP) Declaration
Are you, or is anyone in your immediate family or close associates, a Politically Exposed Person (PEP)? Yes / No (if yes, please provide details).
Section 5: Acknowledgement
- I confirm that I am over 18 years old.
- I confirm that the information provided is accurate and that I am not using another person's identity, and I understand that my account will remain restricted until verification is complete.
- I acknowledge that I have read and agree to the Terms and Conditions of the Company, including its AML and CFT policies.
- I consent to the processing of my personal data for the purposes of account creation, identity verification, and compliance with anti-money laundering (AML) and counter-terrorism financing (CFT) regulations, and I have reviewed and agree to the Privacy Policy, which is available on the Website.
Verification Checklist (For Internal Use)
- Documents Received: Government-issued ID (Yes/No); Proof of Address (Yes/No)
- Screening Results: PEP Check; Adverse Media; Sanctions Check (Clear / Further Review Required)
- Approval: Verified by / Date
Annex VI: Company On-boarding Application Form
Section 1: Corporate Information
- Registered Company Name
- Trading Name (if applicable)
- Country of Incorporation
- Date of Incorporation
- Company Registration Number
- Registered Office Address
- Head Office Address (if different)
- Telephone Number
- Email Address
- Company Website
Section 2: Directors and Key Controllers
Provide details for all company directors and key controllers (Full Name, Position, Date of Birth, Nationality, Proof of Identity, Proof of Address). Supporting documents required: government-issued ID (passport/ID card); proof of address (utility bill, bank statement issued within the last 6 months).
Section 3: Ultimate Beneficial Owners (UBOs)
Provide information on all individuals/entities with ownership thresholds of 25% or more / 10% or more (Full Name, Ownership %, Date of Birth, Nationality, Proof of Identity, Proof of Address). Supporting documents required: proof of identity for UBOs (government-issued ID/passport); proof of address; documentation evidencing ownership structure (e.g., shareholder agreements, registries).
Section 4: Control Structure and Ownership Details
- Shareholder Details: attach supporting documents to demonstrate ownership percentages (e.g., Certificate of Shareholders, Share Registry).
- Control Structure: provide a visual chart or description of the company's ownership and control structure.
- Declaration for Nominee Shareholders (if applicable): are nominee shareholders acting on behalf of beneficial owners? Yes / No (if yes, attach a trust deed/agreement).
Section 5: Purpose and Business Relationship Details
- Purpose of Establishing Business Relationship
- Nature of Business / Professional Activities
- Services Required
- Anticipated Duration of Relationship
- Scale of Operations
Section 6: Transactional Profile
- Expected Transaction Types
- Expected Transaction Volumes (Monthly)
- Expected Transaction Frequency
- Source of Funds Used to Finance the Business Relationship
Section 7: Supporting Document Checklist
- Certificate of Incorporation
- Memorandum and Articles of Association
- Certificate of Registered Office Address
- Certificate of Directors and Secretary
- Certificate of Shareholders
- Declaration for Ultimate Beneficial Owners (UBOs) and Ownership Structure
- Trust Deed/Agreement (if nominee shareholders are involved)
- Proof of Identity for Directors, Key Controllers, and UBOs
- Proof of Address for Directors, Key Controllers, and UBOs
- Audited Financial Statements or Management Accounts
- Recent Bank Statement / Utility Bill
Section 8: Declaration
I/We hereby confirm that the information provided in this application is true, accurate, and complete to the best of my/our knowledge. I/We undertake to promptly inform the Company of any changes to the information provided herein (Authorized Signatory: Name, Title, Signature, Date).
Annex VII: Customer Risk Rating Methodology (CRRM)
Customer Risk Rating Matrix
| Risk Category | Risk Factor | Assigned Risk Level |
|---|---|---|
| Customer-Related Risks | Bearer share companies | High |
| Customer-Related Risks | Offshore entities | High |
| Customer-Related Risks | Politically Exposed Persons (PEPs) | High |
| Customer-Related Risks | Persons closely connected to a sport or sporting event | Medium |
| Customer-Related Risks | Transactions involving large volumes of cash | High |
| Customer-Related Risks | Customer is from a High-Risk Jurisdiction (FATF/EU lists or internal high-risk list) | High |
| Behavioral Risks | Transactions without clear financial rationale | High |
| Behavioral Risks | Inability to verify source of funds or wealth | High |
| Behavioral Risks | Refusal or delay in providing beneficial ownership information | High |
| Communication Channel Risks | Non-face-to-face customer onboarding | Medium |
| Communication Channel Risks | Introduction via third parties | Medium |
| Service/Product Risks | Services allowing third-party payments | High |
| Service/Product Risks | Significant use of cash deposits or withdrawals | High |
| Red Flags (Alert Triggers) | Losses inconsistent with customer profile or means | Medium |
| Red Flags (Alert Triggers) | Unusual spikes in betting or gambling activity | Medium |
| Red Flags (Alert Triggers) | Avoidance or delay in connecting with the Company | Medium |
| Red Flags (Alert Triggers) | False, implausible, or misleading KYC documentation | High |
| Red Flags (Alert Triggers) | Adverse media or inconsistent identity/financial background | High |
| Red Flags (Alert Triggers) | Withdrawals not aligned with betting behavior | High |
| Red Flags (Alert Triggers) | Use of cash deposits to fund online account via betting shops | High |
| Red Flags (Alert Triggers) | Deposits using corporate cards/accounts or by individuals with access to company funds | High |
| Red Flags (Alert Triggers) | Problem gambling patterns linked to potential embezzlement or theft | High |
| Red Flags (Alert Triggers) | Misleading statements about source of funds tied to criminal activity | High |
| Red Flags (Alert Triggers) | Player-to-player criminal fund transfers (regardless of collusion) | High |
| Red Flags (Alert Triggers) | Minimal gambling behavior used to recycle illicit funds | High |
Risk Scoring Guidelines
| Total High-Risk Factors | Total Medium-Risk Factors | Overall Risk Rating |
|---|---|---|
| ≥ 3 High | — | High |
| 1–2 High | ≥ 2 Medium | Medium |
| 0 High | ≥ 3 Medium | Medium |
| 0 High | 0–2 Medium | Low |
Contact
For AML/CFT queries, contact our compliance team at compliance@afrislots.com.