ANTI-MONEY LAUNDERING AND KNOW YOUR CUSTOMER

(last updated 06.07.2026)

1. INTRODUCTION

Limitex Ltd. follows international AML regulations, especially regulations issued by the Tobique Gaming Commission.

The policies set forth herein (the “Policies”) are intended to satisfy the statutory requirements of the relevant legislation and to provide direction Limitex Ltd. (or the “Company”) in complying with its obligations at law by taking all reasonable steps and exercising all due diligence to avoid the commission of an offence of money laundering or funding of terrorism.

The Company is aware that criminals and terrorists may attempt to use the Company’s services to channel funds from illegal activities through our services.

2. SCOPE OF THIS POLICY

The scope of this policy is to establish policies and procedures on internal control, risk assessment, risk management and compliance in relation to AML/CFT.

Users of this and related policies should also refer, where relevant, to the “AML Code of Practice for Remote Gaming License Holders” issued AML Code of Practice was enacted by the Tobique Gaming Commission on April 5, 2024, pursuant to Section 22 of the TOBIQUE GAMING ACT 2023.

Unless the context requires otherwise, words and expressions used in the Policy shall have the same meaning as that set out in the applicable laws and regulations.

The Company is determined and committed to preventing financial activities through its systems that may be related to AML/CFT. This is carried out by sufficient resources devoted to the development of documentation and training for the Limitex Ltd. employees, together with appointing a suitable MLRO to ensure the Policies and Procedures in place are being followed.

The Company shall comply with its legal obligations by establishing the necessary and relevant processes to prevent AML/CFT and ensure that any suspicious activities are escalated to the relevant authorities.

The company aims to avoid penalties and repercussions that arise from noncompliance. Therefore, it is in the interest of the MLRO, together with the Compliance team, to make sure the company is following all regulations set out by the Belize Authorities and Tobique Gaming Commission.

The Limitex Ltd. Policies outline the general and minimum standards of internal anti-money laundering and combating funding of terrorism (AML/CFT) that Limitex Ltd. management and employees should adhere to. Partner companies must also be made aware of this policy.

3. OVERVIEW OF AML / CFT

“Money laundering” is generally defined as “engaging in acts designed to conceal or disguise the nature, control, or true origin of criminally derived proceeds so that those proceeds appear to have been derived from legitimate activities or origins or otherwise constitute legitimate assets.”

The Proceeds of Crime are funds derived from illicit sources from which a benefit or enjoyment may be obtained. Although the aim is not to launder the funds or to fund terrorism, it is still considered to be an illegal activity, and subject persons should be aware of such activity and report it as if it were ML/FT.

4. MONEY LAUNDERING REPORTING OFFICER

The MLRO will own the AML/CFT Risk Assessment, Controls, Policies, and Procedures, report to the Board of Directors, and liaise with the Regulatory Authorities.

The implementation or operation of Limitex Ltd. AML/CFT compliance program will be carried out by the appointed MLRO.

The MLRO appointed should possess professional experience, training and resources to carry out his/her appointment as per PMLA, PMLFTR and FIAU regulations.

The MLRO responsibilities shall include but are not limited to:

  • Risk assessment and management;
  • Ensuring customer due diligence measures and ongoing monitoring;
  • Reporting;
  • Record-keeping;
  • Promoting internal control;
  • Perform internal auditing of AML/CFT processes (unless an Internal Auditing function is available);
  • the monitoring and management of compliance with, and the internal communication of, such policies and procedures;
  • monitoring of relevant staff and agent screening Liaison with Law Enforcement Authorities;
  • Manage Investigation Order requests received from the Authorities.

5. RISK ASSESSMENT

Business ML/FT Risk

The Company is to carry out a yearly business risk assessment, which is a separate document together with a risk matrix which gives a complete overview of the following:

  • Identify ML/FT Vulnerabilities;
  • Identify ML/FT Threats; and
  • Identify any new requirements.

Based on the results of the Risk Assessment and if deemed necessary, to minimize any new risks identified or existing risks being re-classified, the following controls would need to be revisited and amended accordingly:

  • Measures;
  • Policies;
  • Controls; and
  • Procedures

The risk assessment should also be updated whenever substantial changes to the Company’s systems, processes and overall operations are affected.

The Risk assessment and related measures, policies, controls, and procedures are to be stored and readily available for review by the FIAU and other interested authorities at any time.

Customer Risk

Upon registration, customers go through an introductory assessment in which the following is assessed:

  • Customer type;
  • Products used (e.g. sportsbook);
  • Services (e.g. poker, bingo, betting exchange).

Once the customer reaches the €2,000.00 threshold a more in-depth assessment is carried out where a customer is assigned a risk rating based on more information the Company has in place:

  • Transactions/payment systems;
  • delivery channels; and
  • geographical origin of the customer and/or payment method used.

After registration, a customer’s activity should undergo ongoing monitoring to reconsider risk level depending on changes in customer’s activity and to establish point of reaching the relevant due diligence thresholds.

6. PEP / SANCTION LIST CHECKS

For the purpose of this AML & KYC Policy, a Politically Exposed Person (PEP) is an individual who holds, or has held, a prominent public position that may increase their exposure to risks such as corruption, bribery, or money laundering. This category includes high-ranking government officials, senior politicians, judicial or military leaders, and executives of state-owned corporations, as well as their immediate family members and close business associates.

Sanctions are restrictive measures imposed by national governments or international bodies (such as the UN, EU, or OFAC) against specific countries, regimes, entities, or individuals to achieve foreign policy or national security objectives. These measures include financial sanctions, which involve freezing assets and prohibiting the provision of funds or economic resources, as well as trade sanctions like embargoes on specific goods or services. In the context of this Policy, the company is prohibited from establishing or maintaining business relationships with any party appearing on official Sanctions Lists, as doing so could result in severe legal penalties, regulatory fines, and reputational damage.

Customers upon registration are checked to confirm whether the customer is himself, or is a family member of, or known associate to, a person that is considered a PEP and Sanction List screening is carried out upon registration.

The following databases are being used to screen the individuals:

In case a customer is a match to being a PEP the Board of Directors are to be informed and take the decision if to accept the PEP or not, if the business relationship continues then the customer is automatically considered as a high-risk profile and appropriate measures taken to ensure that the business activity with them is not of an ML/FT nature.

For any customer who matches the Sanction List screening, the MLRO is to report the customer to the Sanction Monitoring Board within 72 Hours of being identified, and the customer will be banned from onboarding with the company.

Refer to PEP / Sanction List Procedure and Customer Acceptance Policy for more information on the above.

7. CUSTOMER DUE DILIGENCE

Customer Due Diligence (CDD) Measures include:

  • Collection of identification details.
  • Verifying the Identity of Customer.
  • Defining the type of intended business relationship with the customer.
  • Conducting ongoing monitoring of the business relationship, to ensure transactions are consistent with what the business knows about the customer, and the risk assessment retain records of these checks and update them when there are changes.
  • Obtaining Source of Wealth / Source of Funds information once a customer becomes a risk rating higher then low.

The Customer Due Diligence Procedure defines the procedure used to carry out Customer Due Diligence including timeframes when this will be triggered and in which cases Enhanced Due Diligence will need to be performed.

By applying a risk-based approach, the level of due diligence is adjusted accordingly—the higher the risk of money laundering or terrorist financing, the more extensive the verification process. The following categories of individuals and entities are prohibited from using the Company's services:

  • Minors (under the age of 18 or higher is required by domestic legislation);
  • Beneficial owners (whether disclosed or undisclosed) or agents acting on behalf of users;
  • Non-individual entities, such as companies or trusts;
  • Persons subject to sanctions;
  • Individuals residing in Restricted Jurisdictions.

Limitex Ltd. enforces a strict zero-tolerance policy regarding third-party transactions. Users are strictly prohibited from depositing funds from, or withdrawing funds to, payment methods (including credit cards, e-wallets, or bank accounts) that are not registered in their own legal name. Furthermore, any form of internal fund transfers, tipping, or sending money between player accounts is strictly prohibited.

When a User registers an account on the Website, his or her place of residence/domicile (hereinafter the "Jurisdiction") must be considered as a matter of priority. At first, the Company checks whether the jurisdiction is on the European Commission's list of "high-risk third countries with strategic deficiencies". Then, the Company checks whether the jurisdiction is presented in the list of "high-risk and other monitored jurisdictions", presented by FATF. Furthermore, the Company conducts its own monitoring of the jurisdictions based on the following parameters:

  • Legal environment.
  • Political environment.
  • A country's economic structure.
  • Cultural factors and the nature of civil society.
  • Sources, location and concentration of criminal activity (if any).

Restricted jurisdictions are included: Afghanistan; Canadian Province of New Brunswick; China; Cuba; Central African Republic; Democratic Republic of Congo; Haiti; Iran; Iraq; Israel; Libya; Myanmar; North Korea; Russia; Somalia; South Sudan; Syria; UK; USA; Yemen; Venezuela.

Depending on the type of verification process, The Company may request the following types of documents and details from users. Basic Identification Information:

  • Full legal name
  • Date of birth
  • Permanent residential address

User Identity Verification at the earliest occurrence of any of the following thresholds:

  • Within 30 days of the player’s first deposit; or
  • When a user has cumulative deposit's of EUR 2,000 or more; and/or
  • Prior processing first withdrawal.

Depending on the verification process, The Company may request the following documents:

  • A copy or a photo of the user's identification document;
  • A photo of the payment card used or intended to be used in making deposits on the Website. It is important that the name of the cardholder must match the name of the user who passes the verification. CVV code and payment card number (except first six and last four digits) may be hidden or covered. The cardholder's name must not be hidden or covered in any way;
  • A photo of the user holding the documents required for the verification process (may be with the requested information, written by hand (the e-mail of the user, used when registering an account; the date of the photo request and the confirmation code);
  • If applicable, include a bank statement, a letter from User’s duty station or place of employment, and a tax bill;
  • If applicable, User’s address confirmation. It may be a utility bill, a phone bill, or other documents that, in accordance with the jurisdiction's legal and regulatory requirements, are sufficient to confirm the User's address;
  • Any other documents or information that the situation may require.

8. ENHANCED DUE DILIGENCE

The Customer Due Diligence (CDD) process outlines the steps taken to verify user identities, specifying the circumstances and timeframes in which verification is required. It also defines scenarios where Enhanced Due Diligence (EDD) must be conducted for higher-risk users.

The Company applies Enhanced Due Diligence (EDD) measures for users engaging in transactions that exceed €10,000 within a 30-day period, or in cases where transactions exhibit unusual patterns, involve high-risk jurisdictions, or relate to politically exposed persons (PEPs).

As part of the EDD process, users may be asked to provide additional documentation to confirm their identity, source of funds, and overall financial background. Required documents may include:

  • Unique Identification Number (e.g., passport number, taxpayer ID, alien registration number, or any government-issued ID with a photo).
  • Government-Issued Identification (such as a passport or national ID).
  • Recent Proof of Address (utility bill or official correspondence dated within the last three months).
  • Proof of Source of Funds & Wealth (such as tax returns, salary slips, bank statements, or other financial records).

The Company may implement additional verification processes in the following circumstances:

  • The user meets the definition of a Politically Exposed Person (PEP). A politically exposed person is defined as a natural person who is or has been entrusted with prominent public functions, which include the following: (a) heads of government, heads of state, ministers, and deputy or assistant ministers; (b) members of parliament or similar legislative bodies; (c) members of political party governing bodies; (d) members of supreme courts, constitutional courts, or other high-level judicial bodies, the decisions of which are not subject to further appeal, except in exceptional circumstances; (e) members of courts of auditors or central bank boards; (f) ambassadors, chargés d'affaires, and high-ranking officers in the armed forces; (g) members of State-owned enterprise administrative, management, or supervisory bodies; and (h) directors, deputy directors, and members of an international organization's board or equivalent function.
  • Individuals entrusted with prominent public functions, as well as their Relatives and Close Associates (RCAs), represent a heightened risk for financial crime. The Company mandates that all PEPs remain under high-vigilance monitoring for at least 12 months after they have ceased to hold their official position.
  • If the User's country of residence is defined by the European Commission as a "third country with strategic deficiencies" or is on the FATF's list of "high-risk and other monitored jurisdictions";
  • In other cases, when additional verification is required by law or at the request of authorities, financial institutions, etc.

While low and medium-risk users are primarily monitored through internal compliance measures, the Company reserves the right to request EDD-level documentation if their activity exhibits ML/TF risk indicators or if further verification is deemed necessary.

Where technically possible, The Company will prevent onboarding, block, or suspend users who meet any of the following criteria:

  • Failure to Provide Identification – Users who do not submit the required identification documents or fail identity verification.
  • Submission of Fraudulent Documents – Users who provide fake, altered, or otherwise fraudulent identification materials.
  • Concealment of Identity or Location – Users who attempt to mask their real identity or geographical location.
  • Restricted Jurisdiction Users – Individuals who are from or currently located in a jurisdiction where The Company does not offer services.
  • Sanctioned Individuals – Users appearing on U.S., EU, or other international sanctions and watch lists.
  • Multiple Accounts – Users attempting to operate or create duplicate accounts on the platform.

9. CUSTOMER RISK ASSESSMENT

At registration, the Company conducts an initial risk assessment of each customer to determine their Money Laundering (ML) and Terrorist Financing (TF) risk level. This assessment, based on information collected during registration, is updated regularly as new data becomes available. Customers are classified as Low, Medium, or High risk, which determines the degree of monitoring and due diligence applied.

The risk assessment considers:

  • Individual Status – whether the customer is a Politically Exposed Person (PEP) or appears on sanctions lists.
  • Geographical Risk – the risk level associated with the customer’s country of residence.
  • Behavioral Analysis – gambling and transaction patterns that may indicate ML or TF.
  • Payment Methods – risks linked to the methods used for deposits and withdrawals.
  • Fraud Indicators – signs of fraud or other suspicious activities.

Customers who are considered High Risk will need to undergo EDD. High-risk customers are subject to Enhanced Due Diligence (EDD). The Company applies a risk-based approach to monitor customers’ typical transaction volumes and amounts. If unusual or suspicious activity is detected, further checks or EDD may be performed to ensure the activity aligns with the customer’s profile and to mitigate potential risks.

The internal CMS system assesses players across multiple factors, assigning a score to each. These scores are aggregated to produce a total risk score, with higher negative scores reflecting a greater level of risk.

Indicator Description Score
Individual status Individual status Individual status
PEP A customer considered to be PEP 50
Adverse media A customer was mentioned in negative news or information the company discovered from various sources 50
Sanctions/blacklist A customer is under international sanctions/blacklists 50
Geographical location Geographical location Geographical location
Not at home A customer whose IP location is different from their registered address 20
High-risk country resident A customer resides in a High-risk country 30
Gambling behaviour Gambling behaviour Gambling behaviour
Large sums no play A customer depositing large sums, then places minimal stake bets, then withdrawing all their funds 50
Large sums big losses A customer depositing large amounts and repeatedly losing large amounts as if the loss is of no consequence 50
Low odds betting A customer repeatedly placing short odds (such as red/black on roulette or repetitive betting on favourites) bets 25
Big changes in money Dramatic changes in terms of volume and size of player deposits or staking activity 20
Several gaming accounts A customer is trying to register several gaming accounts 30
Transactional behaviour Transactional behaviour Transactional behaviour
Smurfing A customer making multiple deposits or withdrawals of small amounts without no objective reasons 30
Spending above wages A customers spend is outside of their affordability 20
No withdrawals Player has never requested a withdrawal -20
Withdrawal without playing Money is deposited by a customer or held over a period and withdrawn by the customer without being used for gambling 30
Payment methods the player is using Payment methods the player is using Payment methods the player is using
Card switching A customer opening an account and registering several different cards and making transfers between them 20
High risk payment methods A customer uses high-risk payment methods 30
Fraud red flags a customer triggered Fraud red flags a customer triggered Fraud red flags a customer triggered
VPN Customer used a VPN 30

Once the score is calculated, a risk level is assigned:

CMM Score Risk Category
0–20 Low
21–40 Medium
41 and higher High

Due to certain technical and practical constraints, not all factors can be incorporated into the automated calculation. These risks are instead managed through alternative monitoring measures. For example, we detect VPN use and multi-accounting at registration, maintain separate alerts for players using cards registered under different names, and manually review all withdrawals prior to approval and payment.

The level of customer due diligence (CDD) conducted on a player will depend on the risk score assigned to the player as follows:

  Low Med High
Verify ID and address with docs X X X
Collect additional personal details X X X
Collect Source of Funds/ Wealth info   X X (with documentation)
Ongoing monitoring X X X (Enhanced)
Additional measures to address any other risk identified     X
Report suspected cases of ML/FT X X X

The frequency of customer reviews is determined by the assessed risk level, taking into account factors such as geographic location, transaction patterns, and source of funds. High-risk customers, such as those from higher-risk regions or displaying suspicious activity, are monitored more frequently. Medium-risk customers are reviewed on a regular periodic basis, while low-risk customers are assessed less often. The Company adjusts review frequencies in line with regulatory requirements and updates them whenever there are significant changes in a customer’s risk profile.

AML/KYC PROCEDURE

Definition of money laundering

Money Laundering is understood as:

  • The conversion or transfer of property, especially money, knowing that such property is derived from criminal activity or from taking part in such activity, for the purpose of concealing or disguising the illegal origin of the property or of helping any person who is involved in the commission of such an activity to evade the legal consequences of that person's or companies action;
  • The concealment or disguise of the true nature, source, location, disposition, movement, rights with respect to, or ownership of, property, knowing that such property is derived from criminal activity or from an act of participation in such an activity;
  • The acquisition, possession or use of property, knowing, at the time of receipt, that such property was derived from criminal activity or from assisting in such an activity;
  • Participation in, association to commit, attempts to commit and aiding, abetting, facilitating and counselling the commission of any of the actions referred to in points before.

Money laundering shall be regarded as such even when the activities which generated the property to be laundered were carried out in the territory of another Member State or in that of a third country.

Restricted jurisdictions include: Afghanistan; Canadian Province of New Brunswick; China; Cuba; Central African Republic; Democratic Republic of Congo; Haiti; Iran; Iraq; Israel; Libya; Myanmar; North Korea; Russia; Somalia; South Sudan; Syria; UK; USA; Yemen; Venezuela.

Organization of the AML for the Website

In accordance with the AML legislation, the Website has appointed the “highest level” for the prevention of ML: The full management of Limitex Ltd. is in charge.

Furthermore, an MLRO (Money Laundering Reporting Officer) is in charge of the enforcement of the AML policy and procedures within the System.

The MLRO is placed under the direct responsibility of the general Management.

AML policy changes and implementation requirements

Each major change of the Website AML policy is subject to be approval by the general management of Limitex Ltd. and the Anti money laundering compliance officer.

Three step Verification

Step one verification

Step one verification must be done by every user and customer to withdraw. Regarding of the choice of payment, the amount of payment, the amount of withdraw, the choice of withdraw and nationality of the user/customer step one verification must be done first. Step one verification is a document that must be filled out by the user/customer himself. Following information’s must be filled in: first name, second name, date of birth, country of usual residence, gender and full address.

Step two verification

Step two verification must be done by every user which deposit over 2000 EUR (two thousand Euro) or withdraws any amount. Until step two verification is done the withdraw or deposit will be hold. Step to verification will lead the user or customer to a subpage where he must send in his ID. The user/customer must make a picture of his ID. While a paperclip with a six-digit random generated number is next to his ID: Only an official ID may be used for ID verification, depending on the country the variety of accepted IDs may be different. There will also be an electronic check if the filled in Data from the step one verification is correct. The electronic check will check via two different databanks to insure the given information’s matches with the filled document and the name from the ID: If the electronic test fails or is not possible the user/customer is required to send in a conformation of his current resident. A certificate of registration by the government or a similar document is required.

Step three verification

Step three verification must be done by every user which deposit over 5000 EUR (five thousand euro) or withdraws over 5000 EUR (five thousand euro). Until step three verification is done the withdraw or deposit will be hold. For step 3 a user/customer will be asked for a source of wealth.

Customer identification and verification (KYC)

The formal identification of customers on entry into commercial relations is a vital element, both for the regulations relating to money laundering and for the KYC policy.

This identification relies on the following fundamental principles:

A copy of your passport, ID card or driving license, each shown alongside a handwritten note mentioning six random generated numbers. Also, a second picture with the face of the user/customer is required. The user/customer may blur out every information, besides date of birth, nationality, gender, first name, second name and the picture. To secure their privacy.

Please note that all four corners of the ID have to be visible in the same image and all details has to be clearly readable besides the named above. We might ask for all details if necessary.

An employee may do additional checks if necessary, based on the situation.

Proof of Address

Proof of address will be done via to different electronic checks, which use two different databases. If an electronic test fails, the user/customer has the option to make a manually proof.

A recent utility bill sent to your registered address, issued within the last 3 months or an official document made by the government that proofs your state of residence.

To make the approval process as speedy as possible, please make sure the document is sent with a clear resolution where all four corners of the document is visible, and all text is readable.

For example: An electricity bill, water bill, bank statement or any governmental post addressed to you.

An employee may do additional checks if necessary, based on the situation.

Source of funds

If a player deposits over a five thousand euro there is a process of understandings the source of wealth (SOW).

Examples of SOW are:

  • Ownership of business
  • Employment
  • Inheritance
  • Investment
  • Family

It is critical that the origin and legitimacy of that wealth is clearly understood. If this is not possible an employee may ask for an additional document or prove.

The account will be frozen if the same user deposits either this amount in one go or multiple transactions which amount to this. An email will be sent to them manually to go through the above and an information on the website itself.

The Website also asks for a bank wire/credit card to further insure the Identity of the user/customer. It also gives additional information about the financial situation of the user/customer.

Basic document for step one

The basic document will be accessible via the settings page on the Website. Every user has to fill out the following information:

  • First name
  • Second name
  • Nationality
  • Gender
  • Date of Birth

The document will be saved and created by an AI, an employee may do additional checks if necessary based on the situation.

Risk management, levels of due diligence

In order to deal with the different risks and different states of wealth in different regions on the earth the Website will categorize every nation in three different regions of risk.

Region one: Low risk

For every nation from the region one the three-step verification is done as described earlier.

Region two: Medium risk

For every nation from the region two the three-step verification will be done at lower deposit or withdraw amounts. Step one will be done as usually. Step two will be done after depositing 1000 EUR (one thousand euro), withdrawing 1000 EUR (one thousand euro). Step three will be done after depositing 2500 EUR (two thousand five hundred euro), withdrawing 2500 EUR (two thousand five hundred euro).

Region three: High risk

Regions of high risks will be banned. High-risk regions will be regularly updated to keep up with the changing environment of a fast-changing world.

Additional measurements

In addition, AML compliance officer will look for any unusual behaviour and report it right away to a employee of the Website.

According to a risk based few and general experience the human employees will recheck all checks which are done bevor by employees and may redo or do additional checks according to the situation.

In addition, a data Scientist supported by modern, electronic, analytic systems will look for unusual behaviour like: Depositing and withdrawing without longer Betting sessions. Attempts to use a different Bank account to for Deposit and Withdraw, nationality changes, currency changes, behaviour and activity changes as well as checks, if an account is used by it´s original owner.

Also, a User has to use the same method for Withdraw as he used for Deposit, for the amount of the initial Deposit to prevent any Money Laundering.

Enterprise-wide risk assessment

As part of its risk-based approach, the Website has conducted an AML “Enterprise-wide risk assessment” (EWRA) to identify and understand risks specific to the Website and its business lines. The AML risk policy is determined after identifying and documenting the risks inherent to its business lines such as the services the website offers. The Users to whom services are offered, transactions performed by these Users, delivery channels used by the bank, the geographic locations of the bank’s operations, customers and transactions and other qualitative and emerging risks.

The identification of AML risk categories is based on the Website understanding of regulatory requirements, regulatory expectations, and industry guidance. Additional safety measures are taken to take care of the additional risks the world wide web brings with it.

The EWRA is yearly reassessed.

Ongoing transaction monitoring

AML-Compliance ensures that an “ongoing transaction monitoring” is conducted to detect transactions that are unusual or suspicious compared to the customer profile.

This transaction monitoring is conducted on two levels:

1) The first Line of Control

The Website works solely with trusted Payment Service Providers who all have effective AML policies in place as to prevent the large majority of suspicious deposits onto the Website from taking place without proper execution of KYC procedures onto the potential customer.

2) The second Line of Control

The Website makes its network aware so that any contact with the customer or player or authorized representative must give rise to the exercise of due diligence on transactions on the account concerned. In particular, these include:

  • Requests for the execution of financial transactions on the account;
  • Requests in relation to means of payment or services on the account.

Also, the three-step verification with adjusted risk management should provide all necessary information about all customers of the Website at all times.

Also, all transactions must be overseen by employees over watched by the AML compliance officer who is overwatched by the general management.

The specific transactions submitted to the customer support manager, possibly through their Compliance Manager must also be subject to due diligence.

Determination of the unusual nature of one or more transactions essentially depends on a subjective assessment, in relation to the knowledge of the customer (KYC), their financial behavior and the transaction counterparty.

These checks will be done by an automated System, while an Employee crosschecks them for additional security.

The transactions observed on customer accounts for which it is difficult to gain a proper understanding of the lawful activities and origin of funds must therefore rapidly be considered atypical (as they are not directly justifiable).

Any the Website staff member must inform the AML division of any atypical transactions that they observe and cannot attribute to a lawful activity or source of income known to the customer.

3) The third Line of Control

As a last line of defense against AML the Website will do manual checks on all suspicious and higher-risk users in order to fully prevent money laundering by i) Adverse media screening and searching for negative news or information about individuals or entities in publicly available sources, such as news articles, legal databases, and social media, ii) PEP Screening by identifying individuals who hold prominent public positions or are closely associated with them and are more vulnerable to bribery and corruption; iii) Sanctions Screening by checking individuals and entities against official sanctions lists, such as those published by UN, EU, OFAC (Office of Foreign Assets Control) and other international bodies.

If fraud or Money Laundering is found the authorities will be informed.

Reporting of Suspicious transactions on the Website

In its internal procedures, the Website describes in precise terms, for the attention of its staff members, when it is necessary to report and how to proceed with such reporting.

If there is suspicion that a user is involved in money laundering or terrorist financing (ML/TF), staff must submit an internal report to the MLRO. When unusual activity is detected, an unusual activity report will be prepared and reviewed by the MLRO to assess whether a suspicious transaction report needs to be filed.

If a user is suspected of engaging in money laundering or terrorist financing activities, the Company follows a structured escalation process:

  • Transaction Review & Temporary Account Suspension – The suspicious transaction is flagged, and the user’s account may be temporarily restricted pending further investigation.
  • Enhanced Due Diligence (EDD) Measures – The user is required to submit additional documents, such as proof of source of funds and wealth verification.
  • Filing a Suspicious Matter Report (SMR) – If the suspicion is substantiated, a report is filed with the Tobique Gaming Commission and relevant FIUs.
  • Account Closure & Funds Freezing – If the user fails to provide satisfactory explanations or if criminal activity is confirmed, the account may be permanently closed, and funds may be frozen in accordance with regulatory requirements.
  • Right to Appeal – Users whose accounts are restricted may request a review, providing additional documentation to contest the decision. The final determination is made by the Compliance Officer.

The Company will file a Suspicious Matter Report with the Tobique Gaming Commission as required by applicable law in cases where:

  • there are reasonable grounds to suspect that a User is misrepresenting their identity;
  • there are reasonable grounds to believe that our Services are being used in connection with money laundering (ML), terrorist financing (TF), or other criminal activities; and/or
  • a transaction appears to lack a legitimate economic purpose.

A suspicious matter report concerning a possible money laundering offence or other criminal offence must be lodged with the Commission within 5 business days after the day on which the reporting entity forms the relevant suspicion. A suspicious matter report concerning or in relation to possible financing of terrorism, must be lodged with the Commission within 24 hours after the time when the reporting entity forms the relevant suspicion.

The Company promptly reports to the Commission, or to the Direct Licensee acting on behalf of the Commission, any identified instances of suspicious activity where the Company knows or has reasonable grounds to suspect that a Customer’s behaviour may be related to money laundering, or where such behaviour is unusual or inconsistent with the Customer’s normal transactional activity. The Company ensures that all Suspicious Activity Reports are duly prepared and shared with the Commission without delay.

Additionally, if a User is identified on a sanctions list or linked to ML, TF, or other illicit activities, we will submit a report to the relevant Financial Intelligence Unit (FIU).

The Company will also maintain comprehensive records to ensure compliance with all applicable ML/TF regulatory requirements.

Procedures

The AML rules, including minimum KYC standards will be translated into operational guidance or procedures that are available on the Intranet site of the Website.

Record keeping

Records of data obtained for the purpose of identification must be kept for at least ten years after the business relationship has ended.

Records of all transaction data must be kept for at least ten years following the carrying-out of the transactions or the end of the business relationship.

These data will be safely, encrypted and stored offline and online.

Training

The Website human employees will make manual controls on a risk-based approve for which they get special training.

The training and awareness program is reflected by its usage:

  • A mandatory AML training program in accordance with the latest regulatory evolutions, for all in touch with finances;
  • Academic AML learning sessions for all new employees.

The content of this training program has to be established in accordance with the kind of business the trainees are working for and the posts they hold. These sessions are given by an AML specialist working in the AML team.

Auditing

Internal audit regularly establishes missions and reports about AML activities.