Compliance Policy

Privacy Policy

Privacy Policy

AML / Compliance Department

This department is the primary unit responsible for the Anti-Money Laundering program within the organization, tasked with initiating and executing relevant measures.

Business Relationship

Refers to the business or commercial relationship established between a customer and the organization, which is expected to continue for a period of time at the time of establishment (e.g., signing agreements, ongoing participation in gambling/betting activities, and continuous financial operations and transactions).

Close Associate

Refers to a natural person who belongs to the same legal entity or unincorporated group as a Politically Exposed Person (PEP), or who maintains other business relationships with them.

Immediate Family Member

Refers to a spouse, registered partner (such as a cohabitant), parents, siblings, children, and children's spouses or cohabitants.

Customer Due Diligence (CDD)

Refers to the identification and verification of a customer's identity through documents, data, or information obtained from reliable and independent sources; evaluating and, where appropriate, obtaining information on the purpose and intended nature of the business relationship; and conducting ongoing monitoring during the relationship, including reviewing transactions to ensure they are consistent with the organization's knowledge of the customer.

Customer / User / Player

Refers to individuals who use the online gambling and betting services provided by this organization.

FATF - Financial Action Task Force.

FIU - Financial Intelligence Unit.

High-Risk Third Country - Refers to a country identified as having strategic deficiencies in its AML/CFT regime that pose a significant threat to the EU financial system (pursuant to Article 9 of EU Directive (EU) 2015/849).

Identification - A part of Customer Due Diligence (CDD); the procedure of confirming an individual's identity through unique identity information directly related to them.

Law - The Anti-Money Laundering and Counter-Terrorism Financing Act.

Money Laundering

Refers to any act constituting a money laundering offense as defined under the Anjouan Anti-Money Laundering and Counter-Terrorism Financing Act. Such criminal acts cover all procedures attempted to change the identity of illegally obtained funds—which may originate from drug trafficking, terrorist activities, or other crimes—to create the illusion that the funds come from a legitimate source. Money laundering also includes participating in any transaction aimed at concealing or disguising the nature or source of funds derived from illegal activities, such as fraud, corruption, organized crime, or terrorism.

Organization

Refers to KWBYO LIMITED, a company established under the laws of the Republic of Seychelles, with its registered address at House of Francis, Room 303, Ile Du Port, Mahé, Seychelles, Company Number 239335. This company is an online gambling institution established under the laws of the Republic of Seychelles and authorized by the Government of the Autonomous Island of Anjouan, Union of Comoros (License Number: ALSI-122310016-FI6), and is therefore included in the scope of institutions defined by the Anti-Money Laundering and Counter-Terrorism Financing Act.

The terms "Company / Organization" used in this policy document also refer to the organization's governing body and its members, as well as the organization's employees.

Policy

Refers to the "Anti-Money Laundering / Counter-Terrorism Financing and Sanctions Compliance Policy".

Politically Exposed Person (PEP)

Refers to a natural person who is or has been entrusted with prominent public functions, as well as the immediate family members or close associates of such persons.

Prominent Public Functions:

• Heads of State, heads of government, ministers, deputy or assistant ministers, secretaries of state, members of parliament, or general councils of government or ministries.
• Members of Parliament.
• Members of supreme courts, constitutional courts, or other high-level judicial bodies whose decisions are not subject to further appeal.
• Mayors or municipal administrative heads.
• Management members of national supreme audit or supervisory bodies, or the chairman, vice-chairman, or members of the board of directors of a central bank.
• Ambassadors, chargés d'affaires, Commander-in-Chief of the Anjouan Armed Forces, army and unit commanders, chiefs of staff, or high-ranking officers of foreign armed forces.
• Members of the administrative, management, or supervisory bodies of state-owned enterprises, public companies, or private limited companies where more than half of the voting rights are held by the state.
• Members of the administrative, management, or supervisory bodies of municipal enterprises, public companies, or private limited companies if more than half of the voting rights are held by the state and the entity is considered a large enterprise.
• Directors, deputy directors, or members of the management or supervisory bodies of international intergovernmental organizations.
• Leaders, deputy leaders, or members of the management bodies of political parties.

Source of Funds (SOF)

Refers to the origin of the funds involved in a business relationship or occasional transaction. This includes the activity that generated the funds (e.g., the customer's salary) and the channels used by the customer to transfer the funds.

Source of Wealth (SOW)

Refers to the total wealth (total funds) accumulated by a customer over the long term. Determining the source of wealth focuses on obtaining information regarding the customer's activities to explain how they accumulated their wealth.

Terrorist Financing

Refers to the collection, receipt, or provision of funds to support terrorist acts or terrorist organizations. Such funds may come from legitimate or illegal sources. More specifically, according to the International Convention for the Suppression of the Financing of Terrorism, a crime is committed if any person by any means, directly or indirectly, unlawfully and willfully, provides or collects funds with the intention that they should be used or in the knowledge that they are to be used, in full or in part, in order to carry out terrorist acts.

1.1 As part of the commitment to maintain the highest standards and comply with all relevant regulations, the policy of this organization is to prohibit and prevent any form of money laundering and terrorist financing.

Herein, The Organization refers to KWBYO LIMITED, established under the laws of the Republic of Seychelles, registered at House of Francis, Room 303, Ile Du Port, Mahé, Seychelles, Company Number 239335. The company is an online gambling institution established under the laws of the Republic of Seychelles and has obtained authorization from the Government of the Autonomous Island of Anjouan, Union of Comoros (License Number: ALSI-122310016-FI6).

Money Laundering refers to participating in any transaction that attempts to conceal or disguise the nature or source of funds obtained from illegal activities. Money laundering involves not only the proceeds of drug trafficking but also funds related to other illegal activities, including fraud, corruption, organized crime, terrorism, and other various criminal proceeds.

Typically, the money laundering process is divided into three stages:

• Placement
  Introducing cash derived from illegal/criminal activities into financial or non-financial institutions.
• Layering
  Separating criminal proceeds from their source through multiple, complex layers of financial transactions. These layers are designed to break the audit trail, disguise the source of funds, and provide anonymity.
• Integration
  Reintroducing laundered funds into the economy so that they re-enter the financial system and appear to be legitimate funds.

1.2 Terrorist financing covers the various means and methods used by terrorist organizations to raise funds. These funds may come from legitimate sources, such as business profits, or from illegal activities to support the operations of terrorist acts or organizations. Sources of funds for terrorist organizations may also come from illegal activities like trafficking in weapons, drugs, or humans, or kidnapping for ransom.

This policy was drafted by the AML Officer of KWBYO LIMITED (hereinafter "The Organization") based on general principles set by the Board of Directors regarding AML/CFT, and is updated regularly.

This policy applies to all employees of the organization, and its purposes are to:

• Clearly define the primary roles and responsibilities of employees;
• Ensure compliance with the following relevant laws and regulations:
• European Directive 2005/60/EC and European Directive 2018/843 concerning the prevention of the use of the financial system for the purpose of money laundering and terrorist financing, transposed into domestic law L188(I)/2007-2018.
• Anjouan Money Laundering (Prevention) Act 008 of 2005.

All current versions of revisions and/or changes to this policy must be approved by the Company's Board of Directors.

1.3 Responsibility and Recipients of the Document:

Process Owner: AML Officer

Responsibilities:

• This document is binding on all employees in the organization whose duties involve establishing and reviewing business relationships.
• In the event of a breach of procedure, the discoverer should immediately notify their department head.
• If it is found that the organization's actual execution process does not comply with this procedure, the process owner should be notified immediately.

Document Receiving Departments:

• Customer Support / Anti-Fraud Department
• Payments Department
• AML Department

2.1 The Board of Directors is responsible for ensuring that the organization complies with its legal obligations. The Board shall evaluate and periodically review the effectiveness of the policies, arrangements, and procedures established for compliance and take appropriate measures to address any deficiencies.

2.2 The Board’s primary duties and responsibilities regarding AML/CFT include:

• Establishing, documenting, and approving the organization’s general policy principles on AML/CFT and notifying the AML personnel accordingly.
• Appointing the AML Officer and determining their primary roles and responsibilities; appointing compliance assistants where necessary.
• Approving AML policies and procedures.
• Communicating the AML policy to all employees.
• Ensuring that the requirements of laws and AML directives are followed and that the organization maintains adequate, effective, and sufficient systems and controls.
• Ensuring the AML Officer has full access to all documents and information required to perform their duties.
• Ensuring all employees are aware of the AML Officer’s identity and report suspicious transactions as required by law.
• Establishing clear and rapid reporting mechanisms for suspicious transactions directly to the AML Officer.
• Ensuring the AML Officer has sufficient resources, personnel, and technology.
• Reviewing and approving annual reports.
• Reviewing reports submitted by the AML Officer to the Board.

As the overall responsibility for AML/CFT lies with the Board, the Board is also responsible for evaluating and approving the annual reports prepared by the AML Officer and taking necessary remedial measures to address identified weaknesses or deficiencies.

3.1 The organization has designated an internal auditor to continuously review current operating methods and notify the organization of improvement suggestions. Audits are performed at least annually.

All audit results are submitted to the Board, which determines necessary measures to ensure corrections for any identified weaknesses and/or deficiencies.

4.1 The AML Officer possesses the necessary authority, resources, and professional expertise required to perform their duties and responsibilities, and has access to all relevant information. Employees have been informed of the AML Officer’s identity and contact details.

Currently, one employee is appointed as the AML Officer: KO SHENG BIN.

Any changes to the AML department structure will be notified to the Computer Gaming Licensing Board accordingly.

4.2 Responsibilities of the AML Officer:

• Drafting the organization’s AML/CFT procedures and control measures;
• Formulating and refining the Customer Acceptance Policy (CAP) for Board approval;
• Monitoring and evaluating the effective implementation of general policy principles and managing related risks;
• Ensuring compliance with Know Your Customer (KYC) and Enhanced Due Diligence (EDD) procedures;
• Ensuring compliance with sanctions compliance procedures;
• Advising employees on issues arising from the implementation of the AML program;
• Providing AML/CFT and sanctions compliance training materials and training to employees;
• Immediately reporting any violations of laws, regulations, or authority directives to the Board;
• Suggesting necessary amendments to the AML policy to the Board;
• Receiving and evaluating information from all personnel regarding suspicious customer transactions and activities;
• Reporting such transactions and activities to the competent authorities if necessary;
• Ensuring the preparation, maintenance, and update of customer classification lists based on a risk-based approach;
• Reviewing existing customers and transactions to ensure compliance;
• Detecting, recording, and assessing risks arising from existing and new customers, financial instruments, and services at least annually;
• Timely preparation and submission of monthly prevention statements to the Computer Gaming Licensing Board;
• Reporting compliance matters to senior management at least annually, specifically explaining if remedial measures were taken for deficiencies;
• Preparing the annual AML report for submission to the Board.

5.1 The annual report prepared by the AML Officer is an important tool for assessing the degree of the organization's compliance with legal and directive obligations.

5.2 The annual report shall be prepared and submitted to the Board for approval within two months after the end of each calendar year (no later than the end of February). It shall be submitted to the competent authority upon request, along with meeting minutes specifying corrective measures and timelines for identified weaknesses.

5.3 The annual report shall address AML/CFT issues during the review year, covering at least:

• Information on measures/procedures introduced to comply with amended or new legal provisions;
• Information on inspections conducted by the AML Officer and reports on significant deficiencies found in policies and controls;
• The number of internal suspicious transaction reports submitted by employees;
• The number of reports submitted to the authority, including primary reasons for suspicion and specific trends;
• Information on communication with employees regarding AML/CFT;
• Information on policies and controls for high-risk customers, including their number and countries of origin;
• Information on ongoing monitoring procedures for customer accounts and transactions;
• Information on training courses/seminars attended by the AML Officer;
• Details of training provided to employees (number of sessions, duration, attendance, instructor qualifications);
• Evaluation of the adequacy and effectiveness of employee training;
• Recommendations for the next year’s training plan;
• Information on the department's structure and staffing, with recommendations for additional resources.

6.1 General Principles

The principle of the Risk-Based Approach (RBA) adopted by the company is that resources should be allocated proportionally according to the level of Money Laundering/Terrorism Financing (ML/FT) risk faced, giving the highest level of attention to high-risk customers. This ensures that measures are commensurate with identified risks. This policy establishes the framework for the RBA.

6.2 Due to changing regulatory requirements and risks, the AML Officer shall continuously supervise and evaluate the effectiveness of RBA measures. The Board shall review the adequacy of the RBA implementation at least annually.

Risk factors to consider include:

• Customer Category
• Jurisdiction
• Product/Service Type
• Transactions
• Distribution Channels

6.3 Adopted Risk-Based Approach

The RBA followed by the organization is built on the following principles:

• Recognizing that ML/TF threats vary by customer, country, and transaction;
• Allowing the organization to differentiate risks among different customers and match them with specific characteristics;
• Helping establish more cost-effective systems;
• Prioritizing actions to respond to the possibility of ML/TF in online gambling and betting.

6.4 Identified Risks

Sources of risk include:

Customer Nature:

• Customers who are PEPs;
• Customers involved in large fund transactions;
• Customers from high-risk countries known for corruption, organized crime, or drug trafficking;
• Customers unwilling to provide adequate information;
• Customers using VPNs or proxy servers to hide IP addresses;
• Customers using different devices to access the website.

6.5 Adopted Risk-Based Approach (Classification)

7.1 The purpose of the Sanctions Compliance Policy is to establish high-level principles for KWBYO LIMITED to manage and prevent sanctions violations and reduce related risks. Compliance is vital to avoid administrative penalties and protect the organization's reputation.

7.2 What are Sanctions and Embargoes

Political trade restrictions imposed against specific countries to maintain international peace and security. These include arms embargoes, financial sanctions, and import bans on raw materials.

7.3 Sanction Issuing Authorities

• OFAC (USA)
• European Union
• United Nations

7.8 Implementation of Automated Sanctions Screening Tools

KWBYO LIMITED has implemented an IT solution to automate screening. Key data (Name, Surname, Address) of all customers is automatically exported and compared against sanction lists daily. External providers update lists daily.

7.10 Freezing and Unfreezing of Sanctioned Accounts

As required by law, the organization will freeze assets of sanctioned subjects. Frozen accounts can only be unfrozen if authorized by the requesting jurisdiction or if the specific sanctions are formally lifted.

8.1 The CAP sets standards for accepting new customers and classifies them into three risk levels. 8.2 General principles include: accounts cannot be fully activated until CDD is approved; strict prohibition of anonymous or fictitious name accounts.

8.3 Criteria for non-acceptance: Failure to provide verification data, requesting anonymity, attempted initial deposit in cash, legal entities, accounts in the name of third parties, or sanctioned individuals.

9.1 Application: Performed when establishing a relationship, when there is suspicion of ML/TF, or when doubts arise regarding existing data.

9.3 Identification: Collects Account ID, password, phone (verified), email (verified), name, DOB, ID type/number, and permanent address.

9.4 Verification: Ensuring no signs of fraud in documents, checking for valid photos, and using independent sources to verify data.

9.5 Standard KYC: Requires official ID/Passport. Address verification requires a utility bill or bank statement less than 3 months old.

10.1 Extra measures are required for high-risk scenarios (large transactions, PEPs, high-risk third countries). Measures include annual record updates and verifying Source of Wealth.

10.3 PEPs: Extreme caution is required for PEPs, their family, and close associates. 10.3.4 Decisions to establish or maintain a relationship with a PEP must be made by the Board.

10.6 Internet Search: For all new applications and reviews, internet/media searches must be conducted to identify adverse news and cross-reference information.

11.1 Monitoring is essential for risk control. 11.2 Minimum triggers: Cumulative deposits over €5,000 in a month, sudden deposit spikes, high losses, or withdrawals to a different payment system.

12.2 Frequency: Low risk (at least every 3 years), Medium risk (at least every year), High risk (at least every 6 months).

13.1 Termination occurs if a customer becomes a prohibited type, becomes excessively high risk, refuses info updates, or attempts deception.

14.1 Any reasonable suspicion of ML/TF must be reported by the AML Officer via the GoAML platform. 14.3.1 Tipping-off the customer is strictly prohibited.

15.3 Records must be kept for at least 5 years. CDD files are kept for 5 years from the date the relationship ends. 15.5 Responses to authority queries must be made within 5 working days.

16.1 Employees may be personally liable for failing to report suspicions. 16.2 The organization provides training on laws, internal policies, and the importance of KYC.

Internal controls are reviewed annually. The policy must be updated when regulations change or new services are introduced.

Examples of Suspicious Activity: Inconsistency with usual patterns, massive volume, very short duration, payments to third parties, or use of invalid IDs.

Prohibited Countries List: Cuba, Iran, North Korea, Syria, Russia, Afghanistan, Yemen, Venezuela, USA, UK, France, Germany, Spain, etc. (Refer to the full list for details).