(last updated 06.07.2026)
Limitex Ltd. follows international AML regulations, especially regulations issued by the Tobique Gaming Commission.
The policies set forth herein (the “Policies”) are intended to satisfy the statutory requirements of the relevant legislation and to provide direction Limitex Ltd. (or the “Company”) in complying with its obligations at law by taking all reasonable steps and exercising all due diligence to avoid the commission of an offence of money laundering or funding of terrorism.
The Company is aware that criminals and terrorists may attempt to use the Company’s services to channel funds from illegal activities through our services.
The scope of this policy is to establish policies and procedures on internal control, risk assessment, risk management and compliance in relation to AML/CFT.
Users of this and related policies should also refer, where relevant, to the “AML Code of Practice for Remote Gaming License Holders” issued AML Code of Practice was enacted by the Tobique Gaming Commission on April 5, 2024, pursuant to Section 22 of the TOBIQUE GAMING ACT 2023.
Unless the context requires otherwise, words and expressions used in the Policy shall have the same meaning as that set out in the applicable laws and regulations.
The Company is determined and committed to preventing financial activities through its systems that may be related to AML/CFT. This is carried out by sufficient resources devoted to the development of documentation and training for the Limitex Ltd. employees, together with appointing a suitable MLRO to ensure the Policies and Procedures in place are being followed.
The Company shall comply with its legal obligations by establishing the necessary and relevant processes to prevent AML/CFT and ensure that any suspicious activities are escalated to the relevant authorities.
The company aims to avoid penalties and repercussions that arise from noncompliance. Therefore, it is in the interest of the MLRO, together with the Compliance team, to make sure the company is following all regulations set out by the Belize Authorities and Tobique Gaming Commission.
The Limitex Ltd. Policies outline the general and minimum standards of internal anti-money laundering and combating funding of terrorism (AML/CFT) that Limitex Ltd. management and employees should adhere to. Partner companies must also be made aware of this policy.
“Money laundering” is generally defined as “engaging in acts designed to conceal or disguise the nature, control, or true origin of criminally derived proceeds so that those proceeds appear to have been derived from legitimate activities or origins or otherwise constitute legitimate assets.”
The Proceeds of Crime are funds derived from illicit sources from which a benefit or enjoyment may be obtained. Although the aim is not to launder the funds or to fund terrorism, it is still considered to be an illegal activity, and subject persons should be aware of such activity and report it as if it were ML/FT.
The MLRO will own the AML/CFT Risk Assessment, Controls, Policies, and Procedures, report to the Board of Directors, and liaise with the Regulatory Authorities.
The implementation or operation of Limitex Ltd. AML/CFT compliance program will be carried out by the appointed MLRO.
The MLRO appointed should possess professional experience, training and resources to carry out his/her appointment as per PMLA, PMLFTR and FIAU regulations.
The MLRO responsibilities shall include but are not limited to:
The Company is to carry out a yearly business risk assessment, which is a separate document together with a risk matrix which gives a complete overview of the following:
Based on the results of the Risk Assessment and if deemed necessary, to minimize any new risks identified or existing risks being re-classified, the following controls would need to be revisited and amended accordingly:
The risk assessment should also be updated whenever substantial changes to the Company’s systems, processes and overall operations are affected.
The Risk assessment and related measures, policies, controls, and procedures are to be stored and readily available for review by the FIAU and other interested authorities at any time.
Upon registration, customers go through an introductory assessment in which the following is assessed:
Once the customer reaches the €2,000.00 threshold a more in-depth assessment is carried out where a customer is assigned a risk rating based on more information the Company has in place:
After registration, a customer’s activity should undergo ongoing monitoring to reconsider risk level depending on changes in customer’s activity and to establish point of reaching the relevant due diligence thresholds.
For the purpose of this AML & KYC Policy, a Politically Exposed Person (PEP) is an individual who holds, or has held, a prominent public position that may increase their exposure to risks such as corruption, bribery, or money laundering. This category includes high-ranking government officials, senior politicians, judicial or military leaders, and executives of state-owned corporations, as well as their immediate family members and close business associates.
Sanctions are restrictive measures imposed by national governments or international bodies (such as the UN, EU, or OFAC) against specific countries, regimes, entities, or individuals to achieve foreign policy or national security objectives. These measures include financial sanctions, which involve freezing assets and prohibiting the provision of funds or economic resources, as well as trade sanctions like embargoes on specific goods or services. In the context of this Policy, the company is prohibited from establishing or maintaining business relationships with any party appearing on official Sanctions Lists, as doing so could result in severe legal penalties, regulatory fines, and reputational damage.
Customers upon registration are checked to confirm whether the customer is himself, or is a family member of, or known associate to, a person that is considered a PEP and Sanction List screening is carried out upon registration.
The following databases are being used to screen the individuals:
In case a customer is a match to being a PEP the Board of Directors are to be informed and take the decision if to accept the PEP or not, if the business relationship continues then the customer is automatically considered as a high-risk profile and appropriate measures taken to ensure that the business activity with them is not of an ML/FT nature.
For any customer who matches the Sanction List screening, the MLRO is to report the customer to the Sanction Monitoring Board within 72 Hours of being identified, and the customer will be banned from onboarding with the company.
Refer to PEP / Sanction List Procedure and Customer Acceptance Policy for more information on the above.
Customer Due Diligence (CDD) Measures include:
The Customer Due Diligence Procedure defines the procedure used to carry out Customer Due Diligence including timeframes when this will be triggered and in which cases Enhanced Due Diligence will need to be performed.
By applying a risk-based approach, the level of due diligence is adjusted accordingly—the higher the risk of money laundering or terrorist financing, the more extensive the verification process. The following categories of individuals and entities are prohibited from using the Company's services:
Limitex Ltd. enforces a strict zero-tolerance policy regarding third-party transactions. Users are strictly prohibited from depositing funds from, or withdrawing funds to, payment methods (including credit cards, e-wallets, or bank accounts) that are not registered in their own legal name. Furthermore, any form of internal fund transfers, tipping, or sending money between player accounts is strictly prohibited.
When a User registers an account on the Website, his or her place of residence/domicile (hereinafter the "Jurisdiction") must be considered as a matter of priority. At first, the Company checks whether the jurisdiction is on the European Commission's list of "high-risk third countries with strategic deficiencies". Then, the Company checks whether the jurisdiction is presented in the list of "high-risk and other monitored jurisdictions", presented by FATF. Furthermore, the Company conducts its own monitoring of the jurisdictions based on the following parameters:
Restricted jurisdictions are included: Afghanistan; Canadian Province of New Brunswick; China; Cuba; Central African Republic; Democratic Republic of Congo; Haiti; Iran; Iraq; Israel; Libya; Myanmar; North Korea; Russia; Somalia; South Sudan; Syria; UK; USA; Yemen; Venezuela.
Depending on the type of verification process, The Company may request the following types of documents and details from users. Basic Identification Information:
User Identity Verification at the earliest occurrence of any of the following thresholds:
Depending on the verification process, The Company may request the following documents:
The Customer Due Diligence (CDD) process outlines the steps taken to verify user identities, specifying the circumstances and timeframes in which verification is required. It also defines scenarios where Enhanced Due Diligence (EDD) must be conducted for higher-risk users.
The Company applies Enhanced Due Diligence (EDD) measures for users engaging in transactions that exceed €10,000 within a 30-day period, or in cases where transactions exhibit unusual patterns, involve high-risk jurisdictions, or relate to politically exposed persons (PEPs).
As part of the EDD process, users may be asked to provide additional documentation to confirm their identity, source of funds, and overall financial background. Required documents may include:
The Company may implement additional verification processes in the following circumstances:
While low and medium-risk users are primarily monitored through internal compliance measures, the Company reserves the right to request EDD-level documentation if their activity exhibits ML/TF risk indicators or if further verification is deemed necessary.
Where technically possible, The Company will prevent onboarding, block, or suspend users who meet any of the following criteria:
At registration, the Company conducts an initial risk assessment of each customer to determine their Money Laundering (ML) and Terrorist Financing (TF) risk level. This assessment, based on information collected during registration, is updated regularly as new data becomes available. Customers are classified as Low, Medium, or High risk, which determines the degree of monitoring and due diligence applied.
The risk assessment considers:
Customers who are considered High Risk will need to undergo EDD. High-risk customers are subject to Enhanced Due Diligence (EDD). The Company applies a risk-based approach to monitor customers’ typical transaction volumes and amounts. If unusual or suspicious activity is detected, further checks or EDD may be performed to ensure the activity aligns with the customer’s profile and to mitigate potential risks.
The internal CMS system assesses players across multiple factors, assigning a score to each. These scores are aggregated to produce a total risk score, with higher negative scores reflecting a greater level of risk.
| Indicator | Description | Score |
|---|---|---|
| Individual status | Individual status | Individual status |
| PEP | A customer considered to be PEP | 50 |
| Adverse media | A customer was mentioned in negative news or information the company discovered from various sources | 50 |
| Sanctions/blacklist | A customer is under international sanctions/blacklists | 50 |
| Geographical location | Geographical location | Geographical location |
| Not at home | A customer whose IP location is different from their registered address | 20 |
| High-risk country resident | A customer resides in a High-risk country | 30 |
| Gambling behaviour | Gambling behaviour | Gambling behaviour |
| Large sums no play | A customer depositing large sums, then places minimal stake bets, then withdrawing all their funds | 50 |
| Large sums big losses | A customer depositing large amounts and repeatedly losing large amounts as if the loss is of no consequence | 50 |
| Low odds betting | A customer repeatedly placing short odds (such as red/black on roulette or repetitive betting on favourites) bets | 25 |
| Big changes in money | Dramatic changes in terms of volume and size of player deposits or staking activity | 20 |
| Several gaming accounts | A customer is trying to register several gaming accounts | 30 |
| Transactional behaviour | Transactional behaviour | Transactional behaviour |
| Smurfing | A customer making multiple deposits or withdrawals of small amounts without no objective reasons | 30 |
| Spending above wages | A customers spend is outside of their affordability | 20 |
| No withdrawals | Player has never requested a withdrawal | -20 |
| Withdrawal without playing | Money is deposited by a customer or held over a period and withdrawn by the customer without being used for gambling | 30 |
| Payment methods the player is using | Payment methods the player is using | Payment methods the player is using |
| Card switching | A customer opening an account and registering several different cards and making transfers between them | 20 |
| High risk payment methods | A customer uses high-risk payment methods | 30 |
| Fraud red flags a customer triggered | Fraud red flags a customer triggered | Fraud red flags a customer triggered |
| VPN | Customer used a VPN | 30 |
Once the score is calculated, a risk level is assigned:
| CMM Score | Risk Category |
|---|---|
| 0–20 | Low |
| 21–40 | Medium |
| 41 and higher | High |
Due to certain technical and practical constraints, not all factors can be incorporated into the automated calculation. These risks are instead managed through alternative monitoring measures. For example, we detect VPN use and multi-accounting at registration, maintain separate alerts for players using cards registered under different names, and manually review all withdrawals prior to approval and payment.
The level of customer due diligence (CDD) conducted on a player will depend on the risk score assigned to the player as follows:
| Low | Med | High | |
|---|---|---|---|
| Verify ID and address with docs | X | X | X |
| Collect additional personal details | X | X | X |
| Collect Source of Funds/ Wealth info | X | X (with documentation) | |
| Ongoing monitoring | X | X | X (Enhanced) |
| Additional measures to address any other risk identified | X | ||
| Report suspected cases of ML/FT | X | X | X |
The frequency of customer reviews is determined by the assessed risk level, taking into account factors such as geographic location, transaction patterns, and source of funds. High-risk customers, such as those from higher-risk regions or displaying suspicious activity, are monitored more frequently. Medium-risk customers are reviewed on a regular periodic basis, while low-risk customers are assessed less often. The Company adjusts review frequencies in line with regulatory requirements and updates them whenever there are significant changes in a customer’s risk profile.
Money Laundering is understood as:
Money laundering shall be regarded as such even when the activities which generated the property to be laundered were carried out in the territory of another Member State or in that of a third country.
Restricted jurisdictions include: Afghanistan; Canadian Province of New Brunswick; China; Cuba; Central African Republic; Democratic Republic of Congo; Haiti; Iran; Iraq; Israel; Libya; Myanmar; North Korea; Russia; Somalia; South Sudan; Syria; UK; USA; Yemen; Venezuela.
In accordance with the AML legislation, the Website has appointed the “highest level” for the prevention of ML: The full management of Limitex Ltd. is in charge.
Furthermore, an MLRO (Money Laundering Reporting Officer) is in charge of the enforcement of the AML policy and procedures within the System.
The MLRO is placed under the direct responsibility of the general Management.
Each major change of the Website AML policy is subject to be approval by the general management of Limitex Ltd. and the Anti money laundering compliance officer.
Step one verification must be done by every user and customer to withdraw. Regarding of the choice of payment, the amount of payment, the amount of withdraw, the choice of withdraw and nationality of the user/customer step one verification must be done first. Step one verification is a document that must be filled out by the user/customer himself. Following information’s must be filled in: first name, second name, date of birth, country of usual residence, gender and full address.
Step two verification must be done by every user which deposit over 2000 EUR (two thousand Euro) or withdraws any amount. Until step two verification is done the withdraw or deposit will be hold. Step to verification will lead the user or customer to a subpage where he must send in his ID. The user/customer must make a picture of his ID. While a paperclip with a six-digit random generated number is next to his ID: Only an official ID may be used for ID verification, depending on the country the variety of accepted IDs may be different. There will also be an electronic check if the filled in Data from the step one verification is correct. The electronic check will check via two different databanks to insure the given information’s matches with the filled document and the name from the ID: If the electronic test fails or is not possible the user/customer is required to send in a conformation of his current resident. A certificate of registration by the government or a similar document is required.
Step three verification must be done by every user which deposit over 5000 EUR (five thousand euro) or withdraws over 5000 EUR (five thousand euro). Until step three verification is done the withdraw or deposit will be hold. For step 3 a user/customer will be asked for a source of wealth.
The formal identification of customers on entry into commercial relations is a vital element, both for the regulations relating to money laundering and for the KYC policy.
This identification relies on the following fundamental principles:
A copy of your passport, ID card or driving license, each shown alongside a handwritten note mentioning six random generated numbers. Also, a second picture with the face of the user/customer is required. The user/customer may blur out every information, besides date of birth, nationality, gender, first name, second name and the picture. To secure their privacy.
Please note that all four corners of the ID have to be visible in the same image and all details has to be clearly readable besides the named above. We might ask for all details if necessary.
An employee may do additional checks if necessary, based on the situation.
Proof of address will be done via to different electronic checks, which use two different databases. If an electronic test fails, the user/customer has the option to make a manually proof.
A recent utility bill sent to your registered address, issued within the last 3 months or an official document made by the government that proofs your state of residence.
To make the approval process as speedy as possible, please make sure the document is sent with a clear resolution where all four corners of the document is visible, and all text is readable.
For example: An electricity bill, water bill, bank statement or any governmental post addressed to you.
An employee may do additional checks if necessary, based on the situation.
If a player deposits over a five thousand euro there is a process of understandings the source of wealth (SOW).
Examples of SOW are:
It is critical that the origin and legitimacy of that wealth is clearly understood. If this is not possible an employee may ask for an additional document or prove.
The account will be frozen if the same user deposits either this amount in one go or multiple transactions which amount to this. An email will be sent to them manually to go through the above and an information on the website itself.
The Website also asks for a bank wire/credit card to further insure the Identity of the user/customer. It also gives additional information about the financial situation of the user/customer.
The basic document will be accessible via the settings page on the Website. Every user has to fill out the following information:
The document will be saved and created by an AI, an employee may do additional checks if necessary based on the situation.
In order to deal with the different risks and different states of wealth in different regions on the earth the Website will categorize every nation in three different regions of risk.
For every nation from the region one the three-step verification is done as described earlier.
For every nation from the region two the three-step verification will be done at lower deposit or withdraw amounts. Step one will be done as usually. Step two will be done after depositing 1000 EUR (one thousand euro), withdrawing 1000 EUR (one thousand euro). Step three will be done after depositing 2500 EUR (two thousand five hundred euro), withdrawing 2500 EUR (two thousand five hundred euro).
Regions of high risks will be banned. High-risk regions will be regularly updated to keep up with the changing environment of a fast-changing world.
In addition, AML compliance officer will look for any unusual behaviour and report it right away to a employee of the Website.
According to a risk based few and general experience the human employees will recheck all checks which are done bevor by employees and may redo or do additional checks according to the situation.
In addition, a data Scientist supported by modern, electronic, analytic systems will look for unusual behaviour like: Depositing and withdrawing without longer Betting sessions. Attempts to use a different Bank account to for Deposit and Withdraw, nationality changes, currency changes, behaviour and activity changes as well as checks, if an account is used by it´s original owner.
Also, a User has to use the same method for Withdraw as he used for Deposit, for the amount of the initial Deposit to prevent any Money Laundering.
As part of its risk-based approach, the Website has conducted an AML “Enterprise-wide risk assessment” (EWRA) to identify and understand risks specific to the Website and its business lines. The AML risk policy is determined after identifying and documenting the risks inherent to its business lines such as the services the website offers. The Users to whom services are offered, transactions performed by these Users, delivery channels used by the bank, the geographic locations of the bank’s operations, customers and transactions and other qualitative and emerging risks.
The identification of AML risk categories is based on the Website understanding of regulatory requirements, regulatory expectations, and industry guidance. Additional safety measures are taken to take care of the additional risks the world wide web brings with it.
The EWRA is yearly reassessed.
AML-Compliance ensures that an “ongoing transaction monitoring” is conducted to detect transactions that are unusual or suspicious compared to the customer profile.
This transaction monitoring is conducted on two levels:
The Website works solely with trusted Payment Service Providers who all have effective AML policies in place as to prevent the large majority of suspicious deposits onto the Website from taking place without proper execution of KYC procedures onto the potential customer.
The Website makes its network aware so that any contact with the customer or player or authorized representative must give rise to the exercise of due diligence on transactions on the account concerned. In particular, these include:
Also, the three-step verification with adjusted risk management should provide all necessary information about all customers of the Website at all times.
Also, all transactions must be overseen by employees over watched by the AML compliance officer who is overwatched by the general management.
The specific transactions submitted to the customer support manager, possibly through their Compliance Manager must also be subject to due diligence.
Determination of the unusual nature of one or more transactions essentially depends on a subjective assessment, in relation to the knowledge of the customer (KYC), their financial behavior and the transaction counterparty.
These checks will be done by an automated System, while an Employee crosschecks them for additional security.
The transactions observed on customer accounts for which it is difficult to gain a proper understanding of the lawful activities and origin of funds must therefore rapidly be considered atypical (as they are not directly justifiable).
Any the Website staff member must inform the AML division of any atypical transactions that they observe and cannot attribute to a lawful activity or source of income known to the customer.
As a last line of defense against AML the Website will do manual checks on all suspicious and higher-risk users in order to fully prevent money laundering by i) Adverse media screening and searching for negative news or information about individuals or entities in publicly available sources, such as news articles, legal databases, and social media, ii) PEP Screening by identifying individuals who hold prominent public positions or are closely associated with them and are more vulnerable to bribery and corruption; iii) Sanctions Screening by checking individuals and entities against official sanctions lists, such as those published by UN, EU, OFAC (Office of Foreign Assets Control) and other international bodies.
If fraud or Money Laundering is found the authorities will be informed.
In its internal procedures, the Website describes in precise terms, for the attention of its staff members, when it is necessary to report and how to proceed with such reporting.
If there is suspicion that a user is involved in money laundering or terrorist financing (ML/TF), staff must submit an internal report to the MLRO. When unusual activity is detected, an unusual activity report will be prepared and reviewed by the MLRO to assess whether a suspicious transaction report needs to be filed.
If a user is suspected of engaging in money laundering or terrorist financing activities, the Company follows a structured escalation process:
The Company will file a Suspicious Matter Report with the Tobique Gaming Commission as required by applicable law in cases where:
A suspicious matter report concerning a possible money laundering offence or other criminal offence must be lodged with the Commission within 5 business days after the day on which the reporting entity forms the relevant suspicion. A suspicious matter report concerning or in relation to possible financing of terrorism, must be lodged with the Commission within 24 hours after the time when the reporting entity forms the relevant suspicion.
The Company promptly reports to the Commission, or to the Direct Licensee acting on behalf of the Commission, any identified instances of suspicious activity where the Company knows or has reasonable grounds to suspect that a Customer’s behaviour may be related to money laundering, or where such behaviour is unusual or inconsistent with the Customer’s normal transactional activity. The Company ensures that all Suspicious Activity Reports are duly prepared and shared with the Commission without delay.
Additionally, if a User is identified on a sanctions list or linked to ML, TF, or other illicit activities, we will submit a report to the relevant Financial Intelligence Unit (FIU).
The Company will also maintain comprehensive records to ensure compliance with all applicable ML/TF regulatory requirements.
The AML rules, including minimum KYC standards will be translated into operational guidance or procedures that are available on the Intranet site of the Website.
Records of data obtained for the purpose of identification must be kept for at least ten years after the business relationship has ended.
Records of all transaction data must be kept for at least ten years following the carrying-out of the transactions or the end of the business relationship.
These data will be safely, encrypted and stored offline and online.
The Website human employees will make manual controls on a risk-based approve for which they get special training.
The training and awareness program is reflected by its usage:
The content of this training program has to be established in accordance with the kind of business the trainees are working for and the posts they hold. These sessions are given by an AML specialist working in the AML team.
Internal audit regularly establishes missions and reports about AML activities.