AML & KYC Policy - Goodfly N.V.

Last updated: 01.08.2023

only.win

Introduction

Only.Win (hereinafter, Website) Goodfly N.V. (hereinafter, Company) having its office at Abraham de Veerstraat 9, Curacao.

Goodfly N.V. is licensed and authorized by the Government of Curacao and operates under the license 365/JAZ Sub-License GLH-OCCHKTW0707052023 as an Information Service Provider.

Scope

The Company is committed to high standards of anti-money laundering (AML) and countering financing terrorism (CFT) according to the EU guidelines.

This Policy is designed to be compliant with :

EU : “Directive 2015/849 of the European Parliament and of The Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering”;

EU : “Regulation 2015/847 on information accompanying transfers of funds”;

EU Directive 2015/849 (AMLD 4) as amended by Directive (EU) 2018/843 (AMLD 5);

EU : Various regulations imposing sanctions or restrictive measures against persons and embargo on certain goods and technology, including all dual-use goods;

BE : “Law of 18 September 2017 on the prevention of money laundering limitation of the use of cash;

CY: Directive DΙ144-2007-08 of 2012 of the Cyprus Securities and Exchange Commission for the prevention of Money Laundering and Terrorist Financing.

This Policy applies to all company officers, employees, appointed contractors, agents, products and services offered by the Company. All business units within the Company will cooperate to create a cohesive effort in the fight against money laundering. Each business unit has implemented risk-based procedures reasonably expected to detect and prevent the reporting of transactions. All efforts exerted will be documented and retained.

The Compliance Officer is responsible for initiating Suspicious Activity Reports ("SARs") or other required reporting to the appropriate law enforcement or regulatory agencies. Any contacts by law enforcement or regulatory agencies related to the Policy shall be directed to the appointed Compliance Officer.

Definitions

Money laundering is understood as:

The conversion or transfer of property, especially money, knowing that such property is derived from criminal activity or from taking part in such activity, for the purpose of concealing or disguising the illegal origin of the property or of helping any person who is involved in the commission of such an activity to evade the legal consequences of that person's or companies action;

The concealment or disguise of the true nature, source, location, disposition, movement, rights with respect to, or ownership of, property, knowing that such property is derived from criminal activity or from an act of participation in such an activity;

The acquisition, possession or use of property, knowing, at the time of receipt, that such property was derived from criminal activity or from assisting in such an activity;

Participation in, association to commit, attempts to commit and aiding, abetting, facilitating and counseling the commission of any of the actions referred to in points before.

Money laundering is a process intended to mask the benefits derived from serious offenses or criminal conduct as described under legislation in force, so that they appear to have originated from a legitimate source. This includes all procedures to change, obscure or conceal the beneficial ownership or audit trail of illegally obtained money or valuables.

Money laundering is also used to hide the link between those who finance terrorism and those who commit terrorist acts.

Financing of terrorism can be defined as the willful provision or collection, by any means, directly or indirectly, of funds with the intention that the funds should be used, or in the knowledge that they are to be used, to facilitate or carry out terrorist acts.

Generally, the process of money laundering comprises three stages, during which there may be numerous transactions that could alert the Company to the money laundering activity:

Placement - the physical disposal of cash proceeds derived from illegal activity. The aim is to remove cash from the location of acquisition to avoid detection. Smurfing is a form of Placement where the launderer makes many small cash deposits instead of a large one to evade local regulatory reporting requirements applicable to cash transactions.

Layering - separating illicit proceeds from their source by creating complex layers of financial transactions (multiple transfers of funds among financial institutions, early surrender of an annuity without regard to penalties, etc.) Designed to disguise the audit trail and provide anonymity.

Integration - the provision of apparent legitimacy to criminally derived wealth. If the layering process has succeeded, integration schemes place the laundered proceeds back into the economy in such a way that they re-enter the financial system appearing to be normal business funds. It is the final stage and the process at which the money is integrated into the legitimate economic and financial systems and is assimilated with all other assets in the system. Integration of laundered money into the economy is accomplished by making it appear to have been legally earned.

Compliance Officer

The Company will appoint a compliance and reporting officer who shall be responsible for ensuring the Company’s compliance with the provisions of AML;

The duties of the compliance and reporting officer shall be the following:

Be a senior officer with the necessary qualifications and experience and able to respond adequately to enquiries relating to the Company and the conduct of its business;

Be responsible for establishing and maintaining such a manual of compliance;

Be responsible for ensuring that the Company’s staff comply with the provisions of the Act and any other law relating to money laundering or financing of terrorism and the provisions of any manual of compliance procedures established; and

Act as the liaison officer between the Company and the supervising authority and the FIU in matters relating to compliance with the provisions the Act and any other law with respect to money laundering or financing of terrorism.

Changes to this policy

Each major change to this policy is subject to approval by the general management of the Company and Compliance officer.

Risk based approach

Before proceeding with withdrawal requests, KYC and due diligence procedures are followed, by examining factors such as customers’ background, country of origin, public or high-profile position, linked accounts, business activities or other risk indicators.

In order to perform a risk based approach at the fullest, the Company has approved a Risk Matrix (Annex A).

Each client is awarded a risk score based on the following criteria (additional factors may apply):

Nationality;

Residency;

Source of funds/wealth;

High-risk transactions;

PEP status and international sanctions.

Having calculated a risk score, the client is placed in one of the following groups:

High risk;

Medium risk;

Low risk.

Know Your Client (KYC) and Due Diligence

Before verifying the account and making a withdrawal, the company shall see to it that satisfactory and competent evidence is properly obtained on the identity of its customers and that effective procedures have been applied for such verification especially on new customers. Customer Account Information Form (CAIF) is kept for the customers.

Due diligence must be exercised to prevent the use of the Company as an instrument for money laundering. The Company implements the following procedures to become aware when it is being requested to “launder money”:

Customer identification: The Company will take all reasonable steps (exercise “due diligence“) to establish, to their satisfaction, the true and full identity of each client, and of each client’s source of wealth, financial situation and investment. Due diligence is essential for an individual with a high net worth whose source of funds is unclear. We will ensure that we are able to “know” at all times the identity of the persons with whom we are dealing;

Customer’s suspicious activity: If there are any suspicions about the activities (dealings, money transfers etc.) of an existing or potential customer, they should be reported immediately to the Compliance Officer, who will: receive reports of suspicious activity from the Company’s personnel, coordinate required AML reviews/meetings with appropriate staff, gather all relevant information to evaluate and investigate suspicious activity, determine whether the activity warrants reporting to senior management and design and implement training programs as required by this Policy.

Employees are prohibited from disclosing to a client or any other person that information has been passed to the Compliance Officer, management or the regulatory authorities.

To ensure compliance with this requirement, all personnel will be required to sign a statement on breach of confidentiality provision of the AML.

The Company can be exposed to reputational risk and should therefore apply enhanced due diligence to such operations.

All new clients and new accounts are approved by at least one person, the Compliance Officer. In case of a new high-risk customer, the final decision is taken by the CEO.

Particular safeguards have been put in place internally to protect confidentiality of customers, the Company ensures that equivalent scrutiny and monitoring of these customers is conducted, e.g. it is available to be reviewed by Compliance Officer and auditors.

The following are safeguards put in place to protect confidentiality of customers:

That employees will be required to sign confidentiality agreements

That the Company will adhere to data protection laws

That there will be segregation of duties between staff and departments and information will be available to different individuals on a need to know basis;

That the organization has put in place strong IT controls to ensure data safety.

Know Your Client (KYC) and account verification

The formal identification of clients upon withdrawal is a vital element, both for the regulations relating to Money Laundering and for this Policy.

Therefore, we require the client to produce a copy of his identification document, such as passport or identity card. In higher risk cases, we shall require the client to produce the document with local notary certification.

All four corners of the document have to be visible in the same image and all details of the document shall be clearly visible.

In higher risk cases, proof of address shall be required, it can be provided in the form of a recent bank statement, utility bill, gas bill and other documents that clearly indicate the current address of the client. Such documents shall be not older than 6 months.

In cases, where the client deposits and withdraws an amount which is not typical to the ordinary and previous deposit and withdrawal history of this client , source of funds verification shall be performed.Until the source of funds is verified, the transaction shall be frozen.

Examples of source of funds proof are:

Ownership of business (corporate documents, proof of payment of dividends);

Employment (payslips);

Inheritance (inheritance letters);

Investment (proof of return of investment);

It is critical that the origin and legitimacy of that wealth is clearly understood.

Payment method verification

In order to proceed with withdrawal requests, the Company shall verify payment methods used by the client. It is essential that payment methods used by the client are not used for the purpose of money laundering and terrorism financing.

Clients are able to make a deposit with one of the following: bank issued cards, electronic wallets and cryptocurrency.

In order to proceed with a withdrawal to any of the methods above, the Company shall verify that the payment method belongs to the customer. Proof can be provided in the form of card statement, screenshot from the electronic wallet provider account, screenshot of the cryptocurrency payment method account.

In the case of bank cards, the most simple way to provide proof of ownership is to request a photo of the card (with CVV) code covered. In case the card does not have the name of the client, a card statement indicating the card number shall be provided.

Compliance with laws

The Company ensures that laws and regulations are adhered to under a business environment of high ethical standards and no service shall be provided to any client where there is good reason that money laundering activities are involved.

Cooperation with Law Enforcement Agencies

Should there be reasonable grounds for suspecting money laundering, we shall fully cooperate with proper law enforcement agencies within the legal constraints relating to customer confidentiality.

Dissemination of policies and procedures

Policies and procedures to prevent possible money laundering activities are properly disseminated to our officers and staff.

Enhanced Customer Due Diligence

The Company will perform enhanced customer due diligence:

Where a higher risk of money laundering or terrorist financing has been identified;

Where through supervisory guidance a high risk of money laundering or terrorist financing has been identified;

Where a customer is from a foreign country that has been identified by credible sources as having serious deficiencies in its anti-money laundering or counter terrorist financing regime or a prevalence of corruption;

Where the customer is a politically exposed person; or In the event of any unusual or suspicious activity.

Industry accepted standards that will always lead to Enhanced Due Diligence (the requirement for further proof of ID and Address) will be High Risk Customers/Politically Exposed Persons

A PEP is an individual entrusted with a prominent public function in the last three (3) years and includes any immediate family member or close associate of such an individual. Both local and foreign PEPs are covered by this definition.

The Company will have a risk management system in place to determine if prospective clients and prospective or existing customers are PEPs and should conduct regular searches and checks for this purpose.

The Company will search for information from reliable sources including https://www.world-check.com and google search. The Company will also rely on public information as allowed by the Guidelines on Anti-Money Laundering and Combating the Financing of Terrorism Procedures in determining whether persons are within the definition of „close associates‟ (for example, partners or joint venturers), and will conduct regular searches and checks for this purpose.

Enhanced CDD and enhanced ongoing monitoring (on a risk-sensitive basis) are required whenever a customer, or any beneficial owner of a customer, is or becomes a politically exposed person (PEP). A “customer” for this purpose includes any person entering a business relationship or undertaking a one-off transaction with the reporting entity.

If the customer is a high risk or politically exposed person, the Company will perform the following procedures:

adequately identify the person and verify his or her identity as set out in this section;

have appropriate risk management systems to determine whether the customer is a politically exposed person;

obtain the approval of senior management before establishing a business relationship with the customer;

take reasonable measures to establish the person's source of wealth and source of property; and

conduct regular enhanced monitoring of the business relationship.

Procedures when dealing with “Politically Exposed Persons”

When dealing with Politically Exposed Persons, the Company will perform the following procedures:

In addition to satisfying customer due diligence requirement we will:

put in place risk management systems to determine whether a person or beneficial owner with whom that person has a business relationship is a politically exposed person, family member or close associate;

ensure that the risk management procedures contain as a component, procedures for requiring that senior management approval be obtained before establishing or continuing a business relationship with a politically exposed person or a family member or close associate take reasonable measures to establish the source of wealth and the source of funds of a person involved in a business relationship and a beneficial owner identified as a politically exposed person or a family member or close associate; and contain as a component, monitoring of the business relationship with the politically exposed person or a family member or close associate.

International sanctions

The Company shall check each customer, though web search and the automated system for appearing in the sanctions lists.

PEP and sanctions list are continually monitored and updated.

Changes to the Customer Status and Operations

The Company immediately takes all necessary actions using the identification procedures and measures to provide due diligence, in order to collect the appropriate evidence in cases of:

a material change in the way an account is operated, such as:

change of persons authorized to handle its account;

a significant transaction that appears to be unusual and/or significant than the usual type of play and profile of the client.

Enhanced Customer Scrutiny and Rejection

Based on the risk, we will analyze any logical inconsistencies in the information or behaviour of its customers. If a potential or existing client either refuses to provide the information described in the above chapters, or appears to have intentionally provided misleading information, a new account will not be opened and, after evaluating the risks involved, will consider closing any existing account. We will also refuse any account which is determined to be “high risk” by the Compliance officer.

Monitoring of Customer Activity

The Company monitors suspicious and revenue-intensive transactions closely, takes timely, appropriate actions on said transactions and informs the appropriate bodies without undue delay.

The system of monitoring implemented by the Company relies both on automated monitoring and, where appropriate, manual monitoring by the staff. A series of status fields have been applied to customer accounts indicating their profile within the system, which assist automated monitoring. We have adopted a regulatory and legally compliant process for suspicious activity reporting that will enable all staff to make a report to the Compliance Officer where they know or suspect that a customer is engaged in money laundering or terrorist financing.

Our staff are trained to monitor a sufficient amount of account activity to permit identification of patterns of unusual size, volume, type of transactions, geographic factors such as whether jurisdictions designated as “non-co-operative” are involved or any of the “red flags” identified below.

The Company shall look at transactions, including deposits and payouts requests, in the context of other account activity to determine if a transaction lacks financial sense or is suspicious because it is an unusual transaction for that customer. The Compliance Officer who will be responsible for this monitoring, will document when and how the transaction is carried out, and will report suspicious activities to the appropriate authorities.

Examples of Red Flags are:

- The Customer exhibits unusual concern regarding the Company’s compliance with government reporting requirements and AML Policy, particularly with respect to his/her identity, assets, or refuses to reveal any information, or furnishes suspicious identification documents;

- The customer wishes to engage in transactions that lack business sense or apparent game strategy, or are inconsistent with the customer’s usual play style;

- The information provided by the customer that identifies a legitimate source for funds is false, misleading, or substantially incorrect

- Upon request, the customer refuses to identify or fails to indicate any legitimate source for his/her funds and other assets

- The customer has a questionable background or is the subject of news reports indicating possible criminal, civil or regulatory violations;

- The customer exhibits a lack of concern regarding risks, commissions, or other transaction costs;

- The customer attempts to make frequent or large deposits, asks for exemptions from the Company’s policies relating to the deposits of cash and cash equivalents;

- The customer is from, or has accounts in, a country identified as a non-cooperative country by the Financial Action Task Force

- The customer’s account shows an unexplained high level of account activity with very low levels of transactions;

- The customer uses the casino account as a savings account.

When a staff member of the Company detects any red flag he/she will investigate further under the direction of the Compliance Officer. This may include gathering additional information internally or from third party sources, contacting the appropriate authority or freezing the account.

Deposit and Withdrawal Requirements

The Company monitors funding from various bank accounts outside of the account holder’s home country. In case of bank transfer or transfer from a bank card, the name indicated during the registration must match the name of the owner of the account/bank card.

The Company neither accepts cash deposits nor disburses cash under any circumstances.

The withdrawal process detailed below is structured around strict guidelines to make sure that funds are securely sent back to their originating source and beneficiary:

- Our customers must submit a withdrawal request containing their correct account information;

- All withdrawal forms are submitted to our accounts department for processing. Our Accounting department confirms the account balance, verifies that there are no holds or withdrawal restrictions on the account, and then approves the withdrawal request, pending compliance approval;

- Our Accounting department reviews all withdrawal requests, verifying the original funds are withdrawn via the same method of deposit and to the account holder on file. Our accounts department examines the withdrawal request against the customer’s deposit history to make sure there is no suspicious activity and verifies the bank account on file;

- Withdrawal requests approved are processed by the accounts department and the funds are released to the client;

In the event that a withdrawal is flagged for suspicious activity, the withdrawal is placed on hold, pending further investigation by our compliance department; and

- Our Management will work with the Compliance department to see if further action is needed and if any relevant regulatory bodies need to be contacted.

SAR Reporting Requirements

The Company shall institute a system for the mandatory reporting of suspicious transactions by appointing a Compliance Officer. Reporting of covered and suspicious transactions must be done by the Compliance Officer within five (5) working days.

Employees, Compliance Officer, and/or directors shall not warn their customers when information relating to them is being reported to the Authorities.

The Company shall register or maintain a complete file on all covered and suspicious transactions that have been brought to the attention of the Compliance Officer. The register shall contain details of:

the date on which the report is made the person who made the report to the Compliance Officer; and

information sufficient to identify the relevant papers related to said reports.

Compliance officer shall file SAR’s through the goAML system of the Financial Intelligence Unit (FIU) Curaçao where and when appropriate and also inform of such reports to the Master License Holder.

Internal Control and Procedures

As a general internal control procedure, directors, officers, agents and staff of the Company shall report any knowledge or suspicion of money laundering activity to the Compliance Officer.

The report should be formally transmitted either in hard copy report, memoranda or note, or via electronic means (inter-office email). Use of external emails in transmitting the report is prohibited. Ensure no one else is provided a copy (including blind copies).

Failure to comply with such requirements exposes the reporting personnel to breach of confidentiality in violation of the Anti-Money Laundering Act.

In line with this requirement, all personnel will be required to sign a statement on breach of confidentiality provision of the AML Act. A copy of this signed statement will be filed together with the personnel file.

After thorough evaluation and reasonable belief that there is really a basis for suspicion of money laundering, the Compliance Officer shall maintain a register of all reports made to the authorities as well as all reports made by the staff of the Company relative to suspicious transactions, whether or not such were reported to the Authorities.

Notwithstanding the duties of the Compliance Officer as reporting officer, the ultimate responsibility for proper supervision, reporting and compliance with the Anti-Money Laundering Act and its implementing Rules and Regulations, shall rest with the Company and its Board of Directors.

Training of the Staff

The Company provides the necessary training, as well as orientation to its staff and Compliance Officer. The Company disseminates to the staff the new procedures and guidelines needed in combating money laundering. The officers and staff are sent to orientations, training and seminars being offered by the regulatory bodies.

The Company also educates staff in the “Know Your Customer” requirements on the prevention and detection of money laundering. Staff will therefore be trained in the true identity of customers and the type of business relationship being established.

The Company shall determine the extent of training/orientation of its personnel with the priority being given to the Compliance Officer who would be directly exposed to situations involving money laundering activities. Scope of training is on the following:

- Provisions of the AML Act;

- The Company’s AML Policy;

- The Company’s Internal Supervision, Control, and Compliance Procedures;

- Updates and changes on the AML Act; and

- Updates and changes on Internal Supervision, Control, and Compliance.

Procedures Refresher training or orientations shall be made from time to time to constantly remind key staff of their responsibilities or if there are changes in the laws and rules in money laundering.

Record Keeping

Records will be kept for all documents obtained for the purpose of customer identification and all data of each transaction, as well as other information related to money laundering matters in accordance with the applicable anti-money laundering laws/regulations. That includes files on suspicious activity reports, documentation of AML account monitoring, etc.

Transactions effected via the Company can be reconstructed, from which the authorities will be able to compile an audit trail for suspected money laundering, when such a report is made to it. The Company can satisfy within a reasonable time any inquiry or order from the authorities as to disclosure of information, including without limitation whether a particular person is the customer or beneficial owner of transactions conducted through the Company. The following document retention periods will be followed:

All documents in opening the accounts of clients and records of all their transactions, especially customer identification records, shall be maintained and safely stored for 5(five) years from the dates of transactions;

With respect to closed accounts, the records on customer identification, account files and business correspondence, shall be preserved and safely stored for at least 5(five) years from the dates when they were closed.

The following records must be kept:

Copies of the evidential material of the customer identity;

Any non-documentary verification methods or additional methods used to verify;

Relevant evidential material and details of all business relations and transactions;

Relevant documents of correspondence with the customers;

Description of how the Company resolved all substantive discrepancies noted.

Checking and review of the documents is done by the personnel assigned to verify the accuracy and completeness of the records maintained by the Company. It is important that any material irregularity or documents lacking are noted and reported for immediate correction.

Transaction documents may be retained as originals or copies, on microfilm, or in electronic form, provided that such forms are admissible in court.

If the records relate to on-going investigations or transactions that have been the subject of a disclosure, they shall be retained beyond the stipulated retention period until it is confirmed that the case has been closed and terminated.

Independent third party inspection

The Company, on a regular basis, will engage with an independent, qualified party to provide an annual independent audit of our AML policies and procedures, and the compliance with said procedures. The Company will perform written follow-up to ensure that any deficiencies noted during its annual review are addressed and corrected.

The Company will confirm with its AML audit firm that their audit program includes the following:

Audit objectives and scope of the exam;

Any recommendations on improving the AML program;

A discussion of any noted deficiencies and an action plan to be implemented

by management to address these deficiencies; and

an overall opinion of the adequacy of the Company’s AML program.

A report of the independent review shall be addressed to senior management with a copy being maintained by the Company’s Compliance Officer.

only.win is owned and operated by Goodfly N.V. (reg. number 163359), with its address at Abraham de Veerstraat 1, Willemstad, Curaçao. The company holds a valid Certificate of Operation, issued under the National Ordinance on Offshore Games of Hazard (Landsverordening buitengaatse hazardspelen, P.B. 1993, no. 63) (NOOGH). Payment Agent Lavencia LTD, registered under the laws of Cyprus, registration number HE450126, registered office at 25 Martiou Palaiometocho 0031, 2682, Nicosia, Cyprus. The Terms and Conditions in a part, which relates to your participation in the Games, shall be governed by the Laws of Curaçao, and in a part which relates to payment collection and transactions shall be governed by the Laws of Curaçao. You acknowledge that, unless stated otherwise, the Games are organized in Curaçao and your participation in these Games takes place within the aforementioned territory. Any contractual relationships between you and Goodfly N.V. shall be deemed to have been entered into and performed by the parties in Curaçao, at the registered address of Abraham de Veerstraat 1, Willemstad, Curaçao. The parties agree that any dispute, controversy or claim arising out of or in connection with these Terms and Conditions, or the breach, termination or invalidity thereof, shall be submitted to the exclusive jurisdiction of courts of Curaçao, except for claims arising out of payment transactions which shall be submitted to the courts of Curaçao.