Anti-Money Laundering Policy

ABBREVIATIONS

Company – SPORTESLA N.V., a company organized and existing under the laws of the Curacao.

KYC — Know Your Customer is a control procedure that apply to exist and new customers to identify and avoid risks. Know your customer check plays a key role in eliminating the risks associated with money laundering, terrorist financing, corruption, fraud, bribery, and other illegal financial activities.

KYC Questionnaires – Questionnaires for counterparty companies as part of KYC control procedure.

AML - Anti-Money Laundering refers to all policies and pieces of legislation that force Company to monitor their clients to prevent money laundering. The objective of AML is to deter criminals from feeding their illicit funds into the financial system of Company.

AML Officer / MLRO - Money Laundering Reporting Officer - nominated officer – provides oversight for AML systems, and acts as a focal point for related inquiries and makes strategic decisions about activities relating to money-laundering and financial crime;

CDD - customer due diligence - this means establishing and verifying the identities of Company customers in order to understand who they are doing business with and the risk that their transactions present;

AML COS – automated Client Onboarding System and AML transaction monitoring solutions allows Company to collecting and collating data and identification documents pertaining to a customer, monitor customer transactions on a daily basis or in real-time for risk. By combining this information with analysis of customers’ historical information and account profile, the software can provide Company with a “whole picture” analysis of a customer’s profile, risk levels, and predicted future activity, and can also generate reports and create alerts to suspicious activity. The transactions monitored can also include sanctions screening, blacklist screening, and customer profiling features.

CFT – counter-terrorist financing – these are a multitude of laws and regulations enacted to reign in the financing of terrorist activity. Under these policies, Company is required to fulfill many strict requirements regarding monitoring customers’ transactions and behavior, conducting proper due diligence, and maintaining appropriate records.

SAR - suspicious activity report is a document sent by a Company to the appropriate authority according to compliance regulations.

FATF - Financial Action Task Force is a global financial organization that sets standards related to AML/CFT procedures

AMLD - Anti-Money Laundering Directives

INTRODUCTION

As a Company, we are committed to carrying on business in accordance with the highest ethical standards. This includes complying with all applicable laws and regulations aimed at combating money laundering and terrorist financing. This AML Policy has been developed by Company to reduce the risk of money laundering and terrorist financing associated with its business and the sale of its products.

It is Company's policy to comply with all applicable AML Laws in our operations worldwide. To this end, Company will only conduct business with customers who are involved in legitimate business activity and whose funds are derived from legitimate sources.

Anti-Money Laundering and Compliance

The following policy has been derived from the general principles, laws, regulations and directives for combating money laundering based on current actual Directives the European Parliament and the Council of the European Union on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing.

The Company is taking security measures and has adopted policies, practices and procedures that promote high ethical and professional standards and prevent the Company from being used, intentionally or unintentionally, by criminal elements. The Company has put in place Know Your Customer (KYC) programs as an essential element for service, risk management and control procedures.

The Company is obliged not only to establish the identity of its customers, but also to monitor account activity to determine those transactions that do not conform with the normal or expected transactions for that customer or type of account. KYC constitutes a core feature of services’ risk management and control procedures. The intensity of KYC programs beyond these essential elements is tailored to the degree of risk.

Such programs include:

User onboarding procedures.Reduce underage by verifying the date of birth of a customer. Ensure geographic jurisdiction and age verification requirements are met. Automatically screen new applicants with comprehensive, real-time global coverage of sanctions, watchlists, PEPs.

Fraud detections.Determine customers who are using multiple accounts or involved in forgery. Decrease level of customers unfair behavior and cheating.

Credit card processing.Eliminate credit card fraud by identifying its holder. Verify customers' identity documents and ensure the person holding the card is who they say they are.

AML/KYC compliance.Ensure regulatory compliance including Know Your Customer (KYC) Questionnaires and Anti-Money Laundering (AML) procedures.

Know Your Business (KYB).Corporate Documents review, authorized person and UBO identity check, sanction list check.

Age check.We ensure age verification requirements are met. Depending on region of operation we can apply different age limits (18+, 21+ etc) for a single client.

Transaction confirmation.We match amount of the deposit with the transaction in the player’s bank statements or credit card mask used for account funding versus player’s selfie with a credit card.

Ongoing monitoring.We constantly monitor client’s players base versus black lists and list of people prohibited to play.

Online and Offline verification.We verify players in our offices as well as use special online video identification procedure via Internet or messengers. AML Officer in offices uses smartphone to make a photo of the player’s documents for checking by black lists and list of people prohibited to play. In case online verification mode AML Officer request player’s ID by video connection in real time session.

Fraud

Fraud, for the purposes of these procedures, relates to actions taken by registered players to make fraudulent gains to the detriment of our company by using false identities and personal details and/or false credit card details to deposit and withdraw money which will possibly be reclaimed at a later stage through a chargeback by the rightful owners.

Fraud could also relate to a legitimate player who falsely claims that his Credit Card was used without his knowledge so that he can recover monies lost when gambling on the company’s system.

Transaction Monitoring

Transaction monitoring is a requirement for AML/CFT programs around the world and a vital tool in the fight against money laundering and terrorism financing. Implemented effectively, transaction monitoring allows banks, financial institutions and other obligated entities to detect, report and ultimately prevent criminals from using their services to launder money.

Company collect and analyze data about customer payments and, with the benefit of risk profiles, use that data to spot suspicious activity. Indicators of suspicious activity associated with payment service transactions include:

• Unusual transaction patterns, such as high frequencies or high volumes of transactions that do not match a customer’s risk profile;
• Transactions involving high risk countries;
• Transactions involving politically exposed persons (PEP);
• Customers that are involved in adverse or negative news stories;
• Transactions with persons that are subject to international sanctions.

Proper extent of controls:

In line with the concept of a risk-based approach, Company is monitoring the following items for executing of the proper extent of AML/CFT controls:

• customer profile;
• country and geographical diversity;
• the volume and size of the transactions.

MAIN PRINCIPLES:

• a) The Company shall only carry on business with persons whom they have adequately identified and in whom there is no suspicion of criminal or terrorist activity.
• b) The Company must not launder money or assist others to do so intentionally or otherwise.
• c) The Company shall take all measures necessary to detect and prevent fraudulent players and activity through regular monitoring of player activity.
• d) The Company must not impede, by action or inaction, any official investigation of money laundering.
• e) The Company shall, as much as possible, follow the relevant recommendations of the Financial Actions Task Force and National Crime Agency UK.
• f) The Company shall follow all the laws and regulations relating to anti-money laundering and prevention of terrorism.
• g) The company shall provide the necessary training for its personnel in anti-money laundering and fraud procedures.

Money Laundering Reporting Officer

All personnel must report any suspicion of money laundering to the Money Laundering Reporting Officer – nominated officer – provides oversight for AML systems, and acts as a focal point for related inquiries and makes strategic decisions about activities relating to money-laundering and financial crime. In addition to ensuring compliance with anti-money laundering controls, MLRO have a duty to deal with any information, knowledge or suspicion of money laundering. MLRO are involved in designing relevant policies and procedures, record-keeping, filing internal and external reports, and ensuring due diligence is performed on customers and clients. MLRO is also participate in the ongoing review of internal policies of Company AML, procedures, and professional relationships, to ensure that money laundering and other financial crimes are detected and reported in compliance with the law. In this capacity, MLRO provides training to Company staff.

E-Gaming Rules

The company shall maintain and implement all requirements from Curacao E-Gaming. The Сompany's activity is regulated by an international license issued by an organization authorized by the government of Curacao. Users from the USA, Switzerland, Cyprus, Liechtenstein, Gibraltar and other countries where sport betting is illegal, are prohibited from playing on web. All other clients, must read the terms and conditions to be able to use all the various services provided on our website

Company’s approach

Company must only do business with clients whom we believe to be of good character, integrity and reputation, and whose wealth and funds are only derived from legitimate sources.

Company endeavor to verify the data supplied by our clients upon registration and first deposit through tools and data available depending on country of residence.

Company must obtain reasonable information, adequately documented and corroborated, about the identity of all our clients when required to do so under the remote gaming regulations.

If Company should develop suspicions of money laundering activities regarding a client or a proposed client, or any third party observed in the course of our business, (wherever that client or third party may be located) it should be reported promptly to the company’s MLRO. The MLRO must investigate, analyses, consult and, if appropriate, report the activity to the Regulator or Government enforcements agency, Police or any other appropriate entity and take any other action considered legal and necessary.

Anti-Fraud Guidance and Requirements

This Guidance is based on regulatory requirements and FATF recommendations — breach of which may well result in legal liability for the company and/or the individuals concerned. Adherence to this Guidance is, therefore, important for your protection as well as that of the company. The key anti-money laundering regulations affecting our operation are currently specified in Remote Gaming Regulations:

• Clients may only maintain one active account;
• Details of clients must be registered with us before they are permitted to place bets;
• Funds must be paid back to the account from where they originated (Note: although this is difficult to achieve as not all credit card companies accept deposits from operators, however, we will protect ourselves by only accepting withdrawals payable to a bank account in the name of the client as well as by knowing our clients).

Company was Implement transaction monitoring measures in order to spot suspicious bets transactions that might be indicative of suspicious activity. This includes transactions over certain reporting thresholds, unusual transaction patterns or transactions involving high-risk countries.

AML Red Flags

• A customer provides insufficient, false or suspicious information or is reluctant to provide complete information;
• Methods or volumes of payment that are not consistent with the payment policy;
• Transactions above jurisdictional reporting thresholds;
• Suspicious transaction patterns, such as customers making an unusually high frequency, or an unusually high volume, of transactions;
• Multiple accounts in different currencies that appear to be connected;
• Payments to or from countries considered to be tax havens or offshore jurisdictions;
• Unexpected spikes in a customer’s activities;
• Transactions involving PEPs, sanctioned customers or customers involved in adverse media stories.

The above is not intended to be an exhaustive list. Deviation from customer and accepted business practice are alert Company to further investigation activity in accordance with current AML Policy.

KYC PROCESSES

Player Registration and Deposit

Client onboarding is the point at which a Company collect a range of important information about players as part of the CDD and KYC process.

CDD involves the collection of names, addresses, and birth-dates. However, for clarify information Company can consider to enhanced CDD measures, including the collection of digital biometric data such as face and voice.

The onboarding process is including the following main steps:

• Collecting and collating data and identification documents pertaining to a customer;
• Conducting background checks to verify customer-submitted data;
• Running historical checks to establish whether the customer has been involved in previous criminal activity, has sanctions placed against them or is a politically exposed person (PEP) - government and high-ranking officials qualify as politically exposed persons (PEP) and present a higher risk of money laundering. Company must screen their customers to establish their PEP status on an ongoing basis;
• Categorizing the customer as high- or low-risk for the purposes of ongoing AML screening and monitoring – Company is screening customers against relevant international sanctions lists, such as the OFAC SDN list, the UN consolidated list, and the EU consolidated list.

The onboarding process is proceeded with automated AML Client Onboarding System (COS) that helps Implemented effectively registration in Company, enhance procedural accuracy and reduce the potential for human error by compliance teams.

During the registration process a new player is required to submit the above personal details. Players under 18 are not allowed to register. The system prevents minors from registering by checking on the date for birth. The system does not allow to register USA residents and players from prohibited countries. There is an automatic check to verify that the Email address is genuine. The system will generate a ‘Welcome’ email which is sent to newly registered players to the email address provided during registration. The returned emails will be monitored and the respective accounts checked for other inconsistencies or inaccuracies and should be closed or rendered inactive if suspicious. Players who are not registered are not allowed to play.

Once the account details are verified the limits can be adjusted manually by the player.

If there is any doubt about a player's identity full authentication must take place at the deposit stage before the player is allowed to place any bets. The account shall not be enabled until authentication is completed.

СВВ is assist in determining the level of AML due diligence to be exercised with regard to the customer, a “Compliance” risk profile is calculated first of all on entry into relations (Low, Medium, High), and is then recalculated daily. For some dedicated higher risk customer categories, a periodically risk-based review is carried out to ensure that customer-related data or information is kept up-to-date. The current KYC review process regarding the other customer categories is essentially based on an “awareness principle” following the examination of a dedicated file by the MLRO.

Full KYC Verification

A full KYC verification exercise is carried out when customer support has any doubts about the Player’s identity or when the Player’s activity meets one of the following criteria:

• Cumulative withdrawals exceeding the pre-defined amount by risk officer or MLRO;
• Suspicious deposit patterns - multiple small deposits within a short timeframe (player deposits money 5 times or more per one hour);
• Suspicious patterns (Three or more different payment methods used within one week will result KYC);
• Several cards used for effecting deposits must belong to the player only (at least two non 3D secure cards used for deposit).

Thus, the player will be requested to send a copy of the following documents, to Customer Support via email or fax:

• Valid ID Card/Passport/Driving License;
• Proof of ownership of funds (Copy of credit card with hidden card number or bank statement);
• Utility Bill (only requested if the identification document provided is not enough to verify the Player’s place of residence).

Normally, the player would be familiar with AML procedures and would cooperate by sending the necessary documentation. These documents are cross-checked with the player’s profile in the back office application. If all the checks are successful, the player’s “Money laundering check” field status will be set to “Passed”.

If in doubt about the authenticity of the documentation, the player is asked to provide further documentation or a certified copy of the documentation is submitted.

Any documents provided by players are to be held on file and kept in a secure environment.

Ongoing transaction monitoring

AML-Compliance ensures that an “ongoing transaction monitoring” is conducted to detect transactions which are unusual or suspicious compared to the customer profile. This transaction monitoring is conducted on two levels:

1. 1) The first Line of Control:The specific transactions submitted to the AML Red Flags must also be subject to due diligence. Determination of the unusual nature of one or more transactions essentially depends on a subjective assessment, in relation to the knowledge of the customer (KYC), their financial behavior and the transaction counterparty. The transactions observed on customer accounts for which it is difficult to gain a proper understanding of the lawful activities and origin of funds must therefore more rapidly be considered atypical (as they are not directly justifiable). Any Company staff member must inform the MLRO of any atypical transactions which they observe and cannot attribute to a lawful activity.
2. 2) The second line of control:The first line of control is supplemented by a risk-based automated second line of control, including an increased monitoring of transactions of customers considered as high risk. The monitoring is conducted using a high-performance AML tools, supported by IT. To accompany these due diligence measures, other more structural measures are put in place, like the limitation of deposits or withdrawals (or set up amount by them) applicable for each category of customer.

Duplicate or Multiple Accounts

The system carries out a few validation checks during the registration process on the email field to detect duplicate or possible duplicate accounts.

Withdrawals/Payouts

It is the policy of Company not to accept cash deposits and cash withdrawals will not be effected.

To meet the clients’ expectations for fast payments high efforts are put in place to validate the player identity and card details (through input of verification code) from the registration process stage.

Withdrawals can be made at any time using the preferred method — credit card, bank transfer, any e-wallets.

Where possible the funds must be paid back into the account from where they originated. Where this is not possible funds must only be paid out to an account in the name of the client. It is not acceptable to make payouts to third parties whatever the reason provided by the client.

To complete withdraw transaction it has to be manually confirmed by financial controller. Financial controller follows internal withdraw confirmation procedure.

REPORTING SUSPICIOUS ACTIVITY

The company shall keep records of all procedures carried out and reporting effected. Record-keeping data is stored accurately for situations in which it is needed for the submission of suspicious activity reports (SARs) or for subsequent investigations by financial authorities. The COS automated onboarding is arranging data storage, in which all AML departments have access to a central repository of information and can share information more easily. Data consolidation allows Company to expedite AML alerts, get the right information to the right compliance staff and ensure the SAR process takes place in a timely manner. When Company detect suspicious transactions, it is their duty to report them to the authorities. This is done in order to prevent potential criminal behavior, such as money laundering or the financing of terrorism. The reporting of suspicious activity takes place via the submission of a suspicious activity report (SAR).

A suspicious activity report is necessary whenever a Company detects a potentially suspect transaction from one of its clients. When that suspicious activity is detected, the Company usually has around 30 days to confirm and submit the SAR, but that period may be extended to 60 days if more evidence is required to support the document. Circumstances which might trigger a SAR include:

• Transactions over a certain value;
• Unusual transactions or account activity.

In most cases, suspicious activity may be detected by an automated monitoring system - AML COS, but it falls to human administrators - MLRO to verify and report that activity. SARs necessarily involve clients’ confidential personal information and generate potentially significant legal consequences, so it is important that the reporting process takes place confidentially.

All management and staff in the company must report any suspicion of money laundering to the MLRO. There should be no restrictions on when to report a money laundering suspicion. Once a suspicion is arisen then it should be reported. The MLRO will decide on the outcome of the report.

Considerations of client confidentiality must not prevent reporting of suspicion to the MLRO — in reporting knowledge or suspicion of money laundering, the company is protected against breach of confidentiality.

The MLRO must be informed as soon as reasonably practicable of suspicion. Once suspicion has been reported to the MLRO, those reporting must follow the instructions given by the MLRO. The MLRO, will determine whether a report will be made to another appropriate law enforcement body.

Avoiding Tipping off/Prejudicing an investigation

A person should not disclose information when that person knows or suspects a report has been made to the authorities and that the disclosure may prejudice an investigation (i.e. by law enforcement agencies).

Once you have formed suspicion and decided to report, or you are aware suspicion has been reported to the MLRO, this may not be discussed with or disclosed to any other person without the express consent of the MLRO.

Generally, if following a report of suspicion the company wishes for its own commercial or ethical reasons to exit a relationship, there is nothing to prevent this provided the way the exit is communicated does not constitute “tipping off/prejudicing an investigation”.

The MLRO is available to provide guidance on individual cases and will take legal advice and/or consult with the FIAU if appropriate.

Communications with clients

Continued resistance to provision of information may well indicate that you should become suspicious. If this occurs, contact the MLRO for advice.

The points set out below may assist in explaining the requirements to clients.

Carrying out anti-money laundering checks is a regulatory responsibility for licensed betting companies.

This is a normal routine now applied to all clients falling within the scope of the Regulations.

Requests from law enforcement agencies

If a Law Enforcement Order is received, or a search warrant or similar is served on the company in connection with suspicion or allegations of money laundering, the MLRO must immediately be contacted. The MLRO will oversee and manage our response and will seek urgent legal advice as appropriate.

All instructions given by the MLRO must be followed. This is vital as, although we will comply with lawful requests, we must not unwittingly breach any privilege to which our client is entitled in respect of documents held by us.

You should not comply with any request from law enforcement for disclosure or investigation in connection with a money laundering investigation unless you have confirmed with the MLRO.

TRAINING

As per AMDL requirements, It is important that employees of Company know which activities constitute the crime of money laundering, and its predicate offences. In particular, employees should be trained to understand the cybercrime and environmental crime offences which have been added to the list of money laundering predicate offences under AMLD.

For the ensuring Company management employees understand their AML/CFT responsibilities and their place within the internal AML/CFT program, MLRO are providing suitable oversight for compliance employees and arranging training and examinations.

Effective KYC procedures embrace routines for proper management oversight, systems and controls, segregation of duties, training and other related policies.

The board of directors of the Company is fully committed to an effective KYC program and procedures that ensures their effectiveness. Explicit responsibility is allocated within the organization for ensuring that the Company’s policies and procedures are managed effectively and are in accordance with local supervisory practice. The channels for reporting suspicious transactions are clearly specified and communicated to all personnel. The Company maintains an on-going employee training program so that the staff is adequately trained in KYC procedures.

The timing and content of training for various staff categories is adapted by the Company for its own needs. Training requirements should have a different focus for new staff, front-line staff, compliance staff or staff dealing with new customers. New staff is educated in the importance of KYC policies and the basic requirements at the Company.

Staff members who deal directly with the customers are trained to verify the identity of new customers, to exercise due diligence in handling accounts of existing customers on an on-going basis and to detect patterns of suspicious activity. Regular refresher training is provided to ensure that employees are reminded of their responsibilities and are kept informed of new developments.

It is crucial that all relevant staff fully understand the need for and implement KYC policies consistently. A culture within services that promotes such understanding is the key to a successful implementation.

MISCELLANEOUS

On a regular basis Company perform an enterprise-wide risk assessment (EWRA) to gauge the effectiveness of their AML infrastructure, including integrated technology solutions, and make adjustments to address specific issues and challenges.

In order to meet the new compliance demands of AMLD, Company annually update automated smart technology tools AML COS for increasing speed, accuracy, and efficiency advantages when analyzing AML data, and for reducing friction and adapt smoothly to regulatory challenges to the every new AMLD requirement.

Due to provide with effective AML compliance program Company has a schedule of independent testing and auditing by AML organizations every 12-18 months, although it might consider a more frequent schedule in case of high volume of SARs. The AML organization chosen to test AML compliance is qualified to conduct a risk-based audit appropriate.

In Company is implemented a base level of AML training for all employees and special targeted training to MLRO with more AML-specific responsibilities. Also in Company created an audit and testing schedule on AML compliance program for ensuring that those employees receive regular knowledge, and know how to perform assigned duties.

The management of Company is committed to complying with all laws. Any employee who violates the rules in this AML Policy or who permits anyone to violate those rules may be subject to appropriate disciplinary action, up to and including dismissal, and may be subject to personal civil or criminal fines.

This AML Policy may be updated from time, and the updated version of the AML Policy will be immediately made available on the Company web.

If you have any questions about this AML Policy you should contact our AML Department or MLRO directly.