Anti Money Laundering Policy

1. Introduction

1.1 Money Laundering

Money laundering is the process of hiding the illegal origin or purpose of money or other assets and making them appear legitimate. Money laundering involves complex financial transactions and transformations that conceal the true source and destination of the funds. Money laundering is often used by criminals to avoid detection, prosecution, taxation, or confiscation of their illicit income.

1.2 Anti-Money Laundering

Anti Money Laundering Policy (AML) is a set of laws and procedures that aim to prevent the laundering of illegal funds and to restrict the criminals from turning their illicit money into legitimate income. AML policies are based on the legislation of different countries and the recommendations of international organizations, such as FATF (Financial Action Task Force), which was established in 1989 to promote global cooperation against money laundering. AML policies are designed to combat the financing of terrorism, tax evasion, and international smuggling, among other crimes.

Some of the elements of AML policies are:

  • Customer identification and verification (KYC)
  • Transaction monitoring and reporting
  • Record keeping and data protection
  • Risk assessment and management
  • Compliance training and audit
  • Sanctions and penalties

2. Regulation

Employees working in the remote gambling industry are required to make reports regarding information that comes to them in the course of their activities:

  • When they know something;
  • when they suspect something;
  • when they have reasonable grounds to know or suspect that a person is engaging in money laundering, terrorist financing or spending money obtained through criminal activity.

This is collectively called reliable knowledge or reasonable suspicion. Authorities need us to be able to demonstrate (and prove) that risk assessments are and have been carried out before entering into business relationships with customers and that due diligence is performed to ensure that customer transactions are appropriate to the level of associated risk.

The Merchant must be able to demonstrate that the amount of ongoing monitoring is appropriate to the level of risk and that all records are retained by us with appropriate controls over risk profiles. In this document, we have described additional measures for risk monitoring and justified the need for customers to declare the source of funds in situations that are high risk and possibly indicative of money laundering.

2.1 Specific Regulations.

Merchant must ensure compliance with the requirements for all aspects of our business and hold a Curaçao Gaming License that allows us to operate internationally in the field of gambling through our service lines.

3. Crime, disorder and AML policy

The AML policy is based on the following principles and practices:

  • We develop systems and controls that are appropriate for our business, compliant with legislation and regulatory requirements.
  • We assess the AML related risks of our current business at least once a year. We then adopt a flexible, effective, proportionate and cost-effective risk-based approach.
  • We are all fully committed to and responsible for this, including the top management team.
  • We regularly assess the adequacy of our controls and systems.
  • We maintain transaction records where necessary and our records meet law enforcement requirements for money laundering and terrorist financing investigations.
  • We provide initial and ongoing training to all employees involved.
  • We provide the assigned employee with the necessary resources and authority to act objectively and independently.

4. Risk Management

We have implemented policies and procedures in relation to risk assessment and management as required by the Money Laundering Regulations 2007 (the Regulations). This risk-based approach involves  separate steps to assess the most proportionate way to manage and mitigate the money laundering and terrorist financing risks we face:

  • Identifying the money laundering and terrorist financing risks that are relevant to us.
  • Developing and implementing policies and procedures to manage and minimize the assessed risks.
  • Monitoring and optimizing controls.
  • Accounting for what has been done and why.

This risk-based approach focuses efforts where they are most needed and where they will have the greatest impact. The approach is fully observed and supported by our senior management and all employees. We have assessed the exposure of our business to the risk of money laundering and the implications of this.

5. Suspicious Activity

Suspicious activity in this case is suspect transactions and Players Profiles whose deposits differ from other items. Other examples of how we identify players that our team should take a risk-based monitoring approach to and determine when to specifically conduct due diligence are:

  1. Passport or ID card.
  2. Bank statement. 
  3. Utility bill.
  4. Other means of proving identity.

The Enhanced Due Diligence Checks depend on the Players Profiles and the level of risk they pose to us. Only when we identify some or a combination of the above attributes, we will flag the clients in question and perform risk monitoring. Among other things, checks will be performed on where the client works, the value of the house in which the client lives and the relationship between the value of the house and the client’s expenses.

5.1 Suspicious Activity Reports

Suspicious Activity Reports (SARs) are a mandatory requirement under this approach. The Merchant ensures that every employee will report to the risk assessment team if they have reliable knowledge or reasonable suspicion that the person or customer is involved in activities related to money laundering or terrorist financing. Any member of staff who fails to do so may be prosecuted.

SARs escalations should be confidential and should be done in hand-written form, not by email, to ensure maximum anonymity.

Under no circumstances should a staff member disclose or discuss AML related information with the person or persons under investigation or any other person. Disclosure (also known as «‎tipping off») is strictly prohibited and carries very serious legal consequences.

In addition, to provide us with maximum protection, there should be no remarks on the account that would indicate that money laundering related suspicions have been raised, in case a player wishes to request full account details.

5.2 Operating Procedure.

The Merchant analyzes player spending and gameplay to identify suspicious activity. The procedures below are followed before any withdrawal transaction is processed:

  1. Customer deposit history is checked to confirm there are no suspicious payments to the customer’s account. The frequency and amounts of deposits are reviewed to ensure that they are within the customer’s normal range as determined by analyzing the customer’s deposit history and the deposits of other customers throughout our network.
  2. The customer’s turnover is checked to ensure that the customer has played in a casino and has not used the Vendor’s services as a method of money transfer.
  3. When possible, funds should always be returned using the same payment method the player used to make the deposit.

5.3 Withdrawal process

When verifying the client’s account before withdrawing funds, the agent must answer the following questions in the AML segment in the Risk Entry:

  1. Did the player place any bets?
  2. The payment method belongs to the player and was used by the player to make the deposit?
  3. Are the customer’s transactions and bets in line with the player’s expectations?

5.4 Escalation Process

Compliance with applicable AML policies and escalation of any suspicious activity, as described above, is critical to the company as it protects it from financial loss and ensures compliance with regulatory requirements in various jurisdictions.

Information about any activity, even minor activity, should be escalated if the activity appears suspicious. Failure to escalate suspicions of money laundering can lead to criminal prosecution.

6. Employees

6.1 Senior Management

Senior Management is fully committed to this policy and is responsible for its implementation. Senior Management recognizes its personal liability for condoning or acquiescing in the wrongful acts under the Act, including the lack of due diligence.

6.2 Money Laundering Reporting Officer (MLRO)

The designated SRO (Nikos Lazos; finance@pin-up.casino; +35780077001) is responsible for the preparation of SARs on the prevention and detection of money laundering and terrorist financing activities, as well as for the implementation of our obligations under the Proceeds of Crime Act 2000 (and separately under parallel regime for SARs arising from systems located in Malta.

The designated MLRO is responsible for the following tasks:

  • preparing reports to the senior management on anti-money laundering (AML) and countering the financing of terrorism (CFT);
  • obtaining information from employees in accordance with Part 7 of the Proceeds of Crime Act 2002 (POCA) and Part III of the Terrorism Act 2000 (the Terrorism Act);
  • making similar reports to external recipients where necessary.

The MLRO has the authority to act independently and has access to sufficient resources to carry out its responsibilities.

6.3 Staff Training

All staff will receive training to explain their obligations in relation to money laundering reporting and the procedures in place for reporting any suspicious incidents to the Money Laundering Reporting Officer (MLRO). As part of this process, staff are made aware that failure to comply with legal requirements, such as failure to report a customer who spends money generated by crime, may result in criminal or administrative penalties.

7. High Risk Jurisdictions

High risk countries are those identified as such in publications issued periodically by the Financial Action Task Force; and those identified as such by the Gambling Commission. Customers registered in High Risk Countries are always subject to EDD.

Currently, the current list of high-risk countries compiled by the FATF is as follows:

  • Afghanistan
  • Algeria
  • Angola
  • Bosnia & Herzegovina
  • Ecuador
  • Guyana
  • Iraq
  • Lao PDR
  • Myanmar
  • Panama
  • Papua New Guinea
  • Syria
  • Uganda
  • Yemen
  • Iran
  • Democratic People’s Republic of North Korea

Players on the FATF list of jurisdictions identified in FATF publications as threatening the international financial system through ongoing and substantial money laundering or terrorist financing activities will be denied service.

8. Recording

We ensure an audit log is in place to assist in any financial investigation by law enforcement. Our accounting policies and procedure cover the following areas:

  • details of how the designated officer has monitored compliance;
  • delegation of AML/CTF tasks by the designated officer;
  • the designated employee reporting to senior management;
  • information that the designated employee did not process, with justification as to why no further action was taken;
  • customer identification and screening information;
  • maintenance of records regarding business relationships or incidental transactions;
  • employee training records;
  • SARs for internal and external recipients;
  • contacts between the designated employee and law enforcement or nationally authorized agencies, including records related to appropriate consent.

9. Offenses

All employees are aware of the risk associated with the following offenses:

  • POCA and the Terrorism Act create offences by failing to report suspicious activity.
  • If an employee fails to comply with their obligations to disclose information to a designated employee or a designated employee fails to provide information to NCA* as soon as reasonably practicable after information that gives rise to knowledge or suspicion reaches such employee or employee, they are liable to criminal prosecution.
  • They may also commit an offense under the POCA or the Terrorism Act if they disclose information that an SAR has been submitted that may form the basis of an investigation, or that an investigation has been initiated into a potential violation of the POCA or the Terrorism Act.
  • They also commit an offense when they know or suspect how a relevant officer is acting (or proposes to act) in connection with an investigation that is being or is to be conducted, or when they forge, conceal, destroy or otherwise dispose of documents that are relevant to an investigation.

10. Vetting procedures for new employees

The Company has a number of screening procedures when hiring employees. We verify that an employee is of legal age through appropriate identity checks, verify employee identification and credentials using at least two independent sources. We will also verify any additional personal or background information.

11. Protecting our equipment from internal crime and misuse

The Company recognizes that in order to effectively combat fraud, it must first determine where its most valuable assets are located. Processes and controls have been embedded into the company’s current operations to minimize the likelihood that any of its key assets will be misused.

Our server equipment is housed at Unicept Malta, where the necessary policies are in place and equipment security features are in place, including visitor access control, fire alarms, confidential document destruction facilities, locking cabinets, testing procedures, security service, etc. The Merchant also implements such policies at our offices.

12. Regulatory and Risk Committee

We intend to organize it to assess executive risk. The MLRO and the compliance officer and another non-executive director will be members of this committee. Meetings will be held at least quarterly or as and when required.

13. Checking the creditworthiness and reputation of the companies we deal with

The Merchant promotes the principles of business and professional ethics at all levels. When selecting vendors, we consider a number of criteria:

– Financial strength (for long-term sustainability);

– compliance with regulatory requirements;

– commitment to a broader corporate responsibility program;

– willingness and ability to deliver quality and value.

All new suppliers must go through an approval process – all the information they provide is carefully checked.

This information is then assessed internally to consider the risks associated with a particular supplier. All of the above criteria are taken into account. In the event of rejection, the Merchant will be notified. The Merchant ensures that all organizations we contract with understand the compliance obligations in their respective player jurisdictions.

4. Our responsibilities under the Proceeds of Crime Act

The Merchant is fully aware of the procedures and policies under the Proceeds of Crime Act 2002 (Proceeds of Crime Act 2002) and applies the relevant rules and procedures relating to that Act (as detailed below).

15. Internal Record Keeping

The key principles are as follows: “know your customer”, internal record keeping and reporting, and monitoring compliance with laws and regulations.

  • Records of all customer transactions, both payments and rates, will be stored for a minimum of 6 years.
  • Records of customers, regardless of their value or status (active/blocked), will be stored for at least 6 years after termination of the customer relationship.
  • Records of money laundering investigations and suspicious activity reports will be stored for 6 years after the investigation has been completed.

16. Compliance with collusion prevention and data protection requirements

The Merchant’s Terms and Conditions contains a clear indication that fraud is unacceptable and that in case of fraud, customer accounts will be closed.

With regard to data protection, all data relating to user accounts for payments is stored, encrypted and managed by Payment IQ and the Merchant’s employees do not have access to users’ payment information. All customer information within the organization will be protected through a strict information security policy to which all employees and Merchants will adhere, including system access control and authentication, password policy, anti-malware measures, intrusion prevention policy, encryption policy, strong network control and management.

Know Your Customer (KYC)

Introduction

By agreeing to the Terms, you allow us to carry out any checks that we may require or that third parties (including regulators) may require to verify your identity and contact details (Checks).

During Verifications, we may prohibit you from withdrawing funds from your account.

If any information you provide is false, inaccurate, misleading, does not match your identification or is otherwise incomplete, we reserve the right to immediately terminate your account and/or prohibit you from using the Services, in addition to any other action we deem appropriate.

If we cannot confirm that you are of legal age, we may suspend your account. If you are under the legal age of majority at the time of any betting or gaming transactions, then:

  • your account will be closed;
  • all transactions made during this time will become void and all associated funds will be fully refunded;
  • all winnings you have accumulated during this time will be annulled and you will be required to return to us all funds withdrawn from your account.
  • If there are any changes to your personal data, you must inform us by contacting our support team.

Purpose of the Policy

The Company requests user confirmation of its Services in the following situations:

  1. Suspicion of fraud, money laundering, criminal activity, etc.
  2. Doubts about the authenticity of the documents provided.
  3. Violation of the terms of use of the Company’s services.
  4. Any other situation at the discretion of the Company.

Through such a request, the Company may require a standard set of identification data and documents, as well as additional documents.

The minimum set of identification data is:

  • FULL NAME;
  • date of birth;
  • citizenship;
  • permanent residence address;
  • identification number.

Mandatory documents:

  • valid passport/identification card of the client;
  • a document confirming the client’s permanent residence address at the moment (utility bill, bank statement, etc.)

Additional documents:

  • Additional national ID (driver’s license, military ID, etc.);
  • photo of the user with the passport opened near the face (the document must be readable);
  • photo of the front side of the card (the 5 first and 4 last digits, the owner’s name and expiration date must be readable).

The Company may also ask the User to provide documents confirming the sources of funds, i.e. the User will have to provide evidence for the actual sources of funds that the Client uses for betting or gaming.

This information may be in the following form:

  • proof of earnings: salary, director’s remuneration, dividends, pension;
  • bank statement/bank account confirming continuous receipts from an identifiable source;
  • a trust declaration confirming entitlement to the funds;
  • dated proof of remuneration/payment to the user;

Documents provided by the user will not be validated if:

  • the address/name in the documents does not match the address/account name;
  • the documents or their copies are not readable;
  • the document is of an invalid type (e.g., the user sends a copy of a document that is not on the list of documents for identity verification, or a copy of the mailing envelope instead of the utility bill itself);
  • there are any other reasons, at the discretion of the Company’s employees or contractors.

Upon review of the documents provided, the Company will make a decision in accordance with the Terms Conditions, Privacy policy, License agreement of the Website and legislation requirements.

Obligations

Due diligence (DD): the Company’s clients must be subject to the Due Diligence process and records must be maintained.

Anonymous Accounts: Anonymous or nominee accounts are prohibited. Any existing anonymous accounts or accounts that are registered to an alias or are not authenticated must be subject to due diligence to establish the identity and integrity of the account holder at the earliest opportunity. If the identity of the account holder cannot be established, the account shall be closed, winnings shall be forfeited, and deposits shall be paid to the account from which they were received, or withheld if the return of deposits proves impossible or costly.

Duplicate/Multiple Accounts: Many customers wish to use parallel accounts to share their gambling expenses. Despite this, the Company must identify and match linked accounts that may be owned or controlled by the same person. The Company has the right to cancel additional accounts or accounts of the player in question, cancel winnings so obtained and return deposits to the account holder.

Politically Exposed Persons (PEP). The Company must respond to any attempt to gamble by any influential political person, that is, any person who holds a significant public position (or held it at any time in the previous year) and has access to public funds or significant influence. PEPs also include identifiable family members and partners. A risk-based approach should be applied, taking into account the value, scale of gambling and location of such customers. Questionnaires should include questions that identify PEPs.

The Company reserves the exclusive right to unilaterally reject any client’s application and/or terminate further services without providing any justification or explanation to the client in case of violation of the «Know Your Client» policy.