Anti-Money Laundering Policy

2. Objective of the Policy

Our objective is to protect the platform, customers, partners, and the financial system from criminal abuse. We verify identities, understand customer risk, and monitor transactions to ensure funds come from legitimate sources. Where concerns arise, we escalate promptly, restrict activity where necessary, and report to the relevant authorities.

3. Legal Framework

Our AML measures are designed to align with:

• Directive (EU) 2015/849 and amendments including Directive (EU) 2018/843 and Directive (EU) 2018/1673 (6AMLD).
• Regulation (EU) 2015/847 on information accompanying transfers of funds.
• GDPR (Regulation (EU) 2016/679).
• Applicable legislation of Anjouan and the Union of Comoros.
• FATF Recommendations.
• For UK facing operations: principles consistent with the UK Proceeds of Crime Act 2002, the Money Laundering Regulations 2017 (as amended), and JMLSG guidance (to the extent relevant to cross border services).

4. What Constitutes Money Laundering

Money laundering includes concealing the origin of criminal proceeds, converting or transferring assets to disguise their source, acquiring or using property knowing it derives from crime, or assisting such actions. These offences apply whether the predicate crime occurred domestically or abroad. Attempts, participation, and facilitation are treated with equal seriousness.

5. Governance and Responsibility

Ultimate responsibility for AML compliance rests with the General Management of RBGAMING N.V. An appointed Anti-Money Laundering Compliance Officer (AMLCO) oversees the framework, conducts risk assessments, manages monitoring tools, and coordinates external reporting. Senior management receives regular AML reports covering key risks, alerts, SAR decisions, and control effectiveness.

6. Customer Due Diligence (KYC)

We apply risk based identification at onboarding and whenever risk changes (e.g., large transactions, unusual behaviour, or data mismatches). Standard verification includes a government issued photo ID and proof of address; enhanced checks may be required for higher risk profiles.

Required documents may include:

• Photo ID: passport, national ID card, or driving licence. Corners must be visible; images must be clear and unaltered. A live selfie may be requested alongside a handwritten onetime code.
• Proof of address: recent (within 3 months) utility bill, bank statement, or official government letter. Electronic verification is attempted first; if it fails, manual documentation is required.
• Source of funds/wealth (where applicable): recent payslips, employer letter, company ownership records, dividend or investment statements, inheritance documentation, or sale agreements.

Failure to complete KYC may lead to account restrictions, payment holds, or closure.

7. Ongoing Monitoring and Controls

All accounts are subject to continuous, risk sensitive monitoring. Automated tools flag patterns such as repeated deposits and withdrawals without gameplay, sudden device or location changes, payment method rotation, or unusual bet sizing. Trained analysts review alerts, request clarifications or documents, and may pause transactions during checks. High risk cases are escalated to the AMLCO, who determines whether to file a report with the competent Financial Intelligence Unit (FIU).

8. Risk Based Approach (EWRA)

An enterprise wide risk assessment (EWRA) is conducted at least annually and whenever material changes occur. It evaluates product features, delivery channels, customer types, geographies, and emerging typologies. Outcomes guide KYC thresholds, monitoring rules, segment specific limits, and training priorities. Control enhancements are tracked to completion and subject to periodic testing.

9. Enhanced Due Diligence (EDD)

Where higher risk is identified such as complex ownership, adverse media, politically exposed persons (PEPs), or atypical transaction flows EDD measures are applied. These can include senior management approval, deeper source of wealth analysis, tighter transaction limits, and more frequent review cycles. If risk cannot be mitigated to an acceptable level, services may be refused or terminated.

10. Reporting Suspicious Activity

Any staff member who detects or suspects criminal property, terrorist financing, or sanctions evasion must notify the AML team without tipping off the customer. The AMLCO reviews internal reports and, where the suspicion meets the reporting threshold, files a Suspicious Activity/Transaction Report with the relevant FIU. Accounts may be restricted pending guidance from authorities.

11. Record Keeping

KYC data, risk assessments, communications, and transaction records are retained securely for at least 10 years after the relationship ends, unless a longer period is required by law or by an authority. Storage combines secure encrypted systems with restricted access, audit trails, and documented retention/destruction schedules.

12. Sanctions and PEP Screening

Before activation and periodically thereafter, customers and relevant counterparties are screened against applicable sanctions lists and PEP databases. Matches are investigated and, where needed, escalated for AMLCO decisioning. Services will not be provided where doing so would breach sanctions.

13. Payment Processing Rules

Only payment instruments registered to the named account holder may be used. We may refuse third party payments, crypto to fiat pass throughs lacking provenance, or attempts to cycle funds without legitimate play. Payouts are generally returned to the original payment route, subject to provider availability and AML checks.

14. Confidentiality and Data Protection

Personal data collected for AML purposes is processed under lawful bases, proportionate to risk, and limited to what is necessary. Information is shared only with authorised parties, service providers under contract, or competent authorities when legally required. Users can exercise applicable GDPR rights via the Help Centre, subject to AML exemptions where disclosure would prejudice prevention or detection.

15. Training and Awareness

All relevant employees complete AML training at onboarding and at least annually. Modules cover red flags, reporting lines, document authentication, sanctions compliance, PEP handling, and UK facing risks. Competence is tested, and additional instruction is provided when regulations or risk profiles change.

16. Responsibilities of Users in England

Customers using rainbetapp.org.uk must provide accurate information, update details promptly, and cooperate with any verification request. Attempting to obscure funding sources, share accounts, or use another person’s payment method is prohibited. Where we request documents or clarifications, timely responses help prevent delays to deposits or withdrawals.

17. Policy Review

This policy is reviewed at least annually and after significant regulatory or operational changes. Updates may reflect new guidance, revised risk appetite, technology improvements, or supervisory feedback.

18. Contact and Complaints

For AML or KYC queries, please contact the support team via the on site Help Centre or email [email protected]. If your query concerns a pending verification or withdrawal, include your username and relevant transaction reference. We will acknowledge receipt and respond through secure channels.