Aml Policy

Introduction

This Anti‑Money Laundering and Counter‑Terrorism Financing Policy (the AML Policy) governs Xxx777's approach to preventing money laundering and the financing of terrorism in connection with all gaming products and services offered to customers. It establishes the obligations for identity verification, customer due diligence, ongoing monitoring, reporting, data handling, training, and governance applicable to all Xxx777 personnel and contractors involved in AML/CFT compliance.

Regulatory Framework

Xxx777 operates under a Curaçao gaming license and is subject to the Curaçao Gaming Control Board’s AML/CFT requirements, including applicable national regulations on anti‑money laundering and the financing of terrorism. The Policy implements a risk‑based approach, consistent with FATF recommendations as implemented in the jurisdiction, and requires ongoing alignment with evolving laws, guidelines and supervisory expectations.

Scope and Definitions

This Policy applies to all customers, accounts, and transactions processed by Xxx777, including deposits, bets, winnings, withdrawals, and internal transfers. For the purposes of this Policy:

• Customer means any natural person or legal entity that opens an Xxx777 account or transacts using Xxx777 services.
• Customer Due Diligence (CDD) means the process of identifying the customer, verifying identity, assessing risk, and monitoring the business relationship.
• Enhanced Due Diligence (EDD) means heightened due diligence applied to higher‑risk customers or transactions, including additional verification and ongoing monitoring.
• Politically Exposed Person (PEP) means an individual who is or has been entrusted with prominent public functions, and their close associates and family members, as defined by applicable law.
• Suspicious Activity means any transaction, pattern, or circumstance indicating potential money laundering or terrorist financing or a breach of this Policy.
• Source of Funds (SoF) and Source of Wealth (SoW) refer to the origin of funds used for gaming activities and the overall wealth used to support the customer relationship, respectively.
• MLRO means the Money Laundering Reporting Officer appointed to oversee AML/CFT compliance at Xxx777.

Customer Due Diligence (CDD) and Onboarding

Xxx777 shall perform CDD prior to processing funds for a customer or enabling withdrawal rights. Onboarding shall include the following verifications and disclosures:

• Verification of identity using government‑issued documentation (e.g., passport or national ID) and verification of the customer’s full legal name, date of birth, and residential address.
• Proof of age confirming customers are legally eligible to gamble (minimum age of 18 years, or as required by local law).
• Collection of contact details (email, telephone) and a corroborating means of identification where required.
• Assessment of risk at onboarding, including purpose and intended nature of the gaming relationship.
• SoF verification for deposits and transfers exceeding EUR 2,000 in a 24‑hour window, including documentation such as bank statements or payslips showing the origin of funds.
• Screening against sanctions lists and PEP registers; escalating any high‑risk findings to EDD procedures.
• Documentation and retention of verification records for the duration of the business relationship and in accordance with retention requirements.

Enhanced Due Diligence (EDD)

EDD is mandatory for customers presenting elevated risk, including but not limited to PEP status, non‑resident customers from high‑risk jurisdictions, complex ownership structures, or anomalous activity patterns. EDD measures shall include:

• Additional identity verification steps using secondary sources or third‑party validation.
• Verification of the source of funds and, when necessary, source of wealth documentation (e.g., audited accounts, tax records, or employer verification).
• Ongoing, more frequent monitoring of the customer’s transactions and profile, with senior management approval required for establishing or continuing the business relationship.
• Periodic reviews or refresh of KYC information at defined intervals or upon material change in risk profile.

Ongoing Monitoring and Risk Management

Xxx777 conducts ongoing, risk‑based monitoring of all customer activity to detect and deter financial crime. The monitoring program includes:

• Real‑time and batch monitoring of transactions for indicators of money laundering or terrorist financing, including unusual deposit/withdrawal patterns, rapid bet activity, or structuring of transactions.
• Periodic review and updating of customer risk profiles based on new information, transactions, or changes in customer circumstances.
• Automated screening of transactions and customers against sanctions, PEP lists, and adverse media where appropriate.
• Clear escalation paths for suspicious activity, including internal review and reporting to the MLRO within 24 hours of detection or discovery.

Suspicious Activity Reporting and Investigations

Any suspicion of money laundering or financing of terrorism must be reported to the MLRO promptly in accordance with applicable laws and internal procedures. The MLRO shall evaluate the information and, where required, file a Suspicious Activity Report (SAR) with the competent authorities. All SARs and related investigations shall be documented with a full audit trail and maintained in accordance with data retention requirements.

Record Keeping and Data Retention

Xxx777 shall retain all records relevant to AML/CFT obligations for a minimum of five years from the date of the last transaction or account closure, or longer as required by applicable law. Records include identification documents, verification notes, risk assessments, transaction records, and communications with the customer. Records shall be stored securely with access restricted to authorized personnel and in a manner that preserves their integrity and confidentiality.

Data Protection and Privacy

Personal data collected for AML purposes shall be processed in accordance with applicable data protection laws. Data may be used for identity verification, risk assessment, transaction monitoring, and regulatory reporting. Where required by law or regulatory obligation, data may be shared with group entities, service providers, and competent authorities. Data subjects retain rights to access, rectify, or request erasure of their data consistent with retention periods and legal obligations, subject to ongoing compliance needs and statutory restrictions.

Data Sharing and Disclosure to Third Parties

Xxx777 may disclose personal data to group entities, service providers (including payment processors and AML technology vendors), and regulatory or law enforcement authorities as required by law or to fulfill legitimate business purposes. In the event of corporate restructuring, customer data may be transferred with appropriate safeguards and notice to customers as required by law. All third‑party processors operate under data processing agreements that impose equivalent data protection obligations.

Governance, Training and Internal Controls

The AML Program is overseen by the Board with day‑to‑day administration by the MLRO. Xxx777 implements risk‑based customer due diligence, ongoing monitoring, internal controls, and independent audits. All staff receive AML/CFT training at onboarding and at least annually, with training records maintained and access controls enforced to prevent unauthorized data handling.

Sanctions and PEP Screening

Xxx777 conducts ongoing sanctions and PEP screening of customers and beneficial owners using reputable screening sources. Where a PEP or sanctioned individual is identified, Xxx777 applies enhanced due diligence and heightened monitoring, and reports to the competent authorities where required by law.

Compliance, Audit and Continuous Improvement

Xxx777 conducts periodic internal and external reviews of the AML Program. The Board receives annual reports detailing risk exposure, control effectiveness, and residual risk. The Policy is reviewed at least once per year and updated promptly to reflect changes in law, regulation or business operations.