AML Policy

Last updated on 19 November, 2024

1. Introduction

PlayWave Sociedad de Responsabilidad Limitada is company incorporated under the laws of Costa Rica, bearing company registration number: CE-2024-206981, having its registered address at: Mata Redonda, Boulevard Ernesto Rohrmoser, Edificio Sabana Business Center, Piso Doce, Diagonal al Estadio Dacional, San José, Costa Rica. The object of the company is to organize, market, promote, manage, support and operate all types of remote gaming activities, comprising of – all types of games, betting and other operation of betting exchange, interactive casinos, bingos, lotteries, poker and other interactive games.

The company holds and operated online casino www.playwave.club and www.fortunejack.com.

In order to carry out activities in full compliance with the requirements of business ethics the company has developed a policy of "Anti-Money Laundering" with respect to the operation of www.playwave.club and www.fortunejack.com (hereinafter - the policy), which is based on the international best practices and standards, including the Financial Action Task Force (FATF) recommendations and the fourth European Union (EU) 2015/849 Directive on legal and regulatory requirements.

The purpose of this policy is to design and implement procedures and controls necessary to mitigate the risks for the company of being used in connection with money laundering and terrorism financing.

The Policy is approved by the company’s current director on the date written above on the very first page of the policy and is subject to annual revision, if necessary.

2. Definition of Terms

Money Laundering - the legalization of illicit income (acquisition, use, transfer or other action), as well as hiding or concealment of its true origin, owner or possessor and / or ownership rights and / or attempt to commit such an act;

Terrorism Financing - any transaction completed directly or indirectly, by any person, in any manner illegal and intentionally (regardless of amount of money) aimed at obtaining, or collecting funds that is aimed to use for financing terrorism and/or acts of terrorism. In some cases it can be extended to legally obtained sources as well;

Illicit Income – illegal and/or undocumented property owned or possessed by a person;

Business relationship - a business, professional or commercial relationship between the company and a customer which arises out of the business of the company and is at the time when the contact is established. Such relationship occurs when customer registers cryptocurrency wallet account with the company;

Identification –obtaining such information on a customer that allows for distinguishing a person from others, if necessary.

Verification - verifying on the basis of documents or information the identification of the customer. Documents issued or made available by an official body are sufficient for the verification purpose.

Suspicious transaction – a transaction (irrespective of the amount and type of the transaction) with respect to which there are reasonable grounds for suspecting that the transaction has been entered into or conducted for the purpose of illicit income legalization and/or that property (including funds), based on which the transaction has been entered into or conducted, has been obtained or originated from criminal activities, and/or that the transaction has been entered into or conducted for financing terrorism (a party to the transaction or the origin of the transaction amount is suspicious, or there are other grounds for which the transaction maybe considered suspicious), or that any party to the transaction is included in the list of terrorists or persons supporting terrorism and/or maybe related to them, and/or the amount involved in the transaction maybe related to or used for terrorism, terrorist acts, or by terrorists or terrorist organizations or by entities financing terrorism, or that the legal or actual address or place of residence of a party to the transaction is within a high risk country, or that the transaction amount is transferred to or from a high-risk country;

Politically Exposed Person - an individual who is entrusted with prominent public functions, other than middle ranking or more junior officials, including the following individuals: 

• Heads of state, heads of government, ministers and deputy or assistant ministers;
• Members of parliament or of similar legislative bodies;
• Members of the governing bodies of political parties;
• Members of supreme courts, constitutional courts or other high-level judicial bodies whose decisions are not subject to further appeal, except in exceptional circumstances;
• Members of courts of auditors or of the boards of central banks;
• Ambassadors, chargés d’affaires and high-ranking officers in armed forces;
• Members of the administrative, management or supervisory bodies of state-owned enterprises;
• Directors, deputy directors and members of the board or equivalent function of an international organization.

The following individuals are also regarded as PEPs by virtue of their relationship or association with the individuals listed above: 

• Family members of the individuals listed above, including spouse, partner, children and their spouses or partners, and parents;
• Known close associates of the individuals listed above, including individuals with whom joint beneficial ownership of a legal entity or legal arrangement is held, with whom there are close business relations, or who is a sole beneficial owner of a legal entity or arrangement set up for the benefit of the PEP.

3. Internal Control System

To prevent money laundering and terrorism financing, the company has in place an effective internal control system, which consists of the following components:

• Internal policy and procedures;
• Staff responsibilities;
• Risk based approach;
• Customer Due Diligence (CDD);
• Ceasing transaction or terminating business relationship;
• Record keeping;
• Staff selection and training;
• Approval of new products and services.

4. Internal policy and procedures

This policy is the basis for internal control system, which defines the general principles for prevention of money laundering and terrorism financing, responsibilities and control mechanisms. In addition to this policy, the company has in place additional internal procedures, which define detailed control mechanisms.

The "Customer Due Diligence" procedure described in the section 7 of this policy is the integral part of this policy, which provides the basis for the identification, verification and ongoing monitoring process of the customers. In addition to this, the company has in place separate “Client Identification Procedure” and “Transaction Monitoring Procedure” which provides detailed operational instructions for establishing business relationship.

This policy is accessible for all employees and those third parties the company contracts with, if so requested by such third party, whereas operational procedures are only accessible for internal use.

5. Staff responsibilities

The company appoints a managing shareholder as the officer responsible for oversight of the compliance with the requirements of this policy.

The company also appoints the employee or hires a respective outsource company responsible for control of money laundering (hereinafter - the responsible employee) whose responsibilities include the following:

• Implementation and maintenance of the internal control system defined by this policy; 
• Implementation and control of the “Client Identification Procedure”, “Transaction Monitoring Procedure” and other internal procedures related to this policy;
• Monitoring of the customers’ identification process and performed transactions;
• Reporting to the responsible managing shareholder of the company regarding the issues related to anti money laundering controls and suspicious transaction of the customers;
• Provide the AML training to the employees of the company;
• Execution of any other function related to the AML controls in the company.

Responsible employee has right to request and receive any information/documents from any employee of the company which is needed for the execution of the above-mentioned functions. 

In order to effectively perform his/her functions the company provides responsible employee all necessary resources, including appropriate technical and IT tools and commercial databases for secure storage of information, documentation and etc.

Along with the responsible employee, the efficiency of the money laundering control system is the responsibility of the company's managing shareholders. Also, implementing separate tools for controls is responsibility of those employees who are directly involved in establishing business relations with the customers.

6. Risk Based Approach

For the purpose of establishment and maintenance of proportionate policies, procedures and controls to mitigate and manage money laundering and terrorist financing risk to which the company’s business is subject, it has developed effective risk management system.

The company takes appropriate steps to identify and assess the risks of money laundering and terrorist financing, taking into account the following risk factors:

• Country or geographic risk;
• Transaction risk;
• Product or service risk.

6.1. Country or Geographic Risk

The company assumes that some countries pose an inherently higher money laundering and terrorist financing risk than others. Country or geographical risk is defined according to the country of citizenship, residency or location of the customer. In order to determine that a country and customers from that country pose a higher risk, the company uses its own experience, as well as takes into account a variety of other credible sources of information, such as information available from FATF and nongovernmental organizations which can provide a useful guide to perceptions relating to corruption in the majority of countries. 

The countries that are considered to have inherently higher money laundering and terrorist financing risk are listed in the Annex #1 of this policy. To determine the country or geographical risks of the customer the company obtains the information about the location of the customer through monitoring Internet protocol (IP) addresses used by the customer to access the gaming facilities of the company – www.playwave.club and www.fortunejack.com. The company also verities the location and residency of the customer by verifying the country through the mobile number indicated by the customer. The company shall also determine the citizenship and residency of the customer during the identification and verification process pursuant to the sections 7.1. and 7.2. of this policy. In case the customer is a citizen or a resident of, or its IP address is in one of the countries listed in the annex #1 of this policy, he/she is assigned high risk category and is subject of enhanced due diligence described in section 7.5 of this policy.

6.2. Transaction risk

The risk related to the transactions is assigned to the customer according to the transactions, account activities, products, services and games he/she is involved in. The company considers above mentioned operational aspects that can be used to facilitate money laundering and terrorist financing. 

The company has developed the following internal controls to mitigate the potential transaction risks:

• Wagering requirement – the customer is required to wager / make bets 2 times of the deposit in order to obtain the approval of the company to withdraw any amount from his/her crypto-wallet registered with the company; 
• Transfers between customers – it is restricted for the customers to transfer funds between themselves;
• Multiple crypto-wallet accounts – it is restricted for the customers to open multiple crypto-wallet accounts, which can be misused to obscure their spending levels. 

The company monitors every transaction performed through crypto-wallet accounts of the customers.Transaction monitoring process enables the company to detect linked transactions, which are further analyzed and monitored. If, on the basis of this monitoring, high risk activity of the customer is identified, the company assigns the high risk category to the customer and performs enhanced due diligence as described in section 7.5 of this policy.

The company assumes that accepting cryptocurrencies on the customers’ crypto-wallet accounts pose a higher risk, therefore has implemented dedicated blockchain transactions monitoring software – “Chainalysis Know Your Transaction” (KYT) to mitigate such risk. KYT provides real time screening to identify potentially high-risk activity and enables the company to take actions before processing withdrawals or crediting deposits.

The following are examples of high risk transactions:

• Association with Darknet markets; 
• Mixing of coins/obfuscation of origin or destination of funds; 
• Uncooperative exchanges.

6.3. Product or Service Risk

Product of service risk includes the consideration of the features and characteristics of particular products and services offered by the company. The company assumes that some products and services may pose an inherently higher money laundering and terrorist financing risk than others. Such products and services include games where two or more persons place opposite, equivalent stakes on even, or close to even stakes.

The products and services with the above mentioned features and characteristics, which are considered of higher risk, are subject to enhanced monitoring in order to detect the activities, where customers misuse certain games to transfer value by deliberately losing to the individual to whom they want to transfer funds.

7. Customer Due Diligence (CDD)

The key requirement of this policy is to make identity checks on customers, known as customer due diligence or CDD.

The company applies CDD measures to the customers, if:

• The customer carries out transaction of withdrawing funds from his/her crypto-wallet opened at and held with the company, that is more than USD 10,000.00 equivalent in respective cryptocurrency if withdrawn as a one-time transaction or more than USD 100,000.00 equivalent in respective cryptocurrency – if withdrawn in total during a calendar month;
• The company doubts the veracity or adequacy of documents or information previously obtained for the purposes of identification or verification;
• The company suspects money laundering or terrorism financing.

CDD measures consist of: 

• Identifying the customer;
• Verifying the customer's identity;
• Where there is a beneficial owner who is not the customer, identifying the beneficial owner and taking reasonable measures to verify the identity of the beneficial owner so that the company is satisfied that it knows who the beneficial owner is;
• Assessing and, where appropriate, obtaining information on the purpose and intended nature of the business relationship.

Where a person claims to act on behalf of a customer (such as an agent), the company: 

• Verifies that the person is authorized to act on the customer's behalf 
• Identifies the person;
• Verifies the person's identity on the basis of documents or information which, in either case, is obtained from a reliable source which is independent of both the person and the customer.

7.1. Identification

The company identifies their customers by asking them for personal information, which may include name, home address and date of birth, or by using other sources of identity, such as: 

• Identity documents, e.g., passports, ID cards and driving licenses submitted by customers;
• Other forms of confirmation, including assurances from entities within the regulated sector (e.g., banks). 

The company may also obtain information from the customer on his/her occupation, source of funds and source of income. This information is used by the company in the ongoing monitoring process to assess about whether a customer’s level of gambling is proportionate to their approximate income, or whether it is suspicious.

7.2. Verification

The company may also obtain information from the customer on his/her occupation, source of funds and source of income. This information is used by the company in the ongoing monitoring process to assess about whether a customer’s level of gambling is proportionate to their approximate income, or whether it is suspicious.

Information about customer identity is verified through documents, data and information which are obtained from the customer through electronic means. In this process the company relies upon documents issued by an authoritative source that can be assessed against official and published guidance on identity documents. Only the documents issued by government departments and agencies that contain a photograph are considered reliable. If documents are in a foreign language, the company requests the customer to ensure a translation of the relevant sections.

The company obtains the confirmation of the customer’s address from the following sources: 

• an official overseas government source;
• a reputable directory of addresses;
• a person regulated for money laundering purposes in the country where the customer is resident (for example, a casino or bank) who confirms that the customer is known to them and lives or works at the overseas address supplied.

In combination with document checks, the company also uses reliable electronic system as the method for verification. This system provides satisfactory evidence of identity by using data from multiple sources and across time, and incorporating qualitative checks that assess the strength of the information supplied.

7.3. Politically Exposed Persons (PEPs)

In combination with document checks, the company also uses reliable electronic system as the method for verification. This system provides satisfactory evidence of identity by using data from multiple sources and across time, and incorporating qualitative checks that assess the strength of the information supplied.

Once the company identifies the customer pursuant to the principles of this policy, the company identifies whether a customer or his/her beneficial owner belongs to the category of Politically Exposed Persons in accordance with the definition provided in the section 2 of this policy. Information is obtained from the customer, as well as by screening customer’s name in the publically available sources and/or dedicated commercial databases.

Where the company has determined that a customer or potential customer is a PEP, or a family member or known close associate of a PEP, the company:  

• Assigns the high risk category to the customer; 
• Assesses extent of the enhanced due diligence measures to be applied in relation to that customer;
• Obtains senior management’s approval for establishing business relationship;
• Takes adequate measures to establish the source of wealth and source of funds which are involved in the proposed business relationship or transactions with that person;
• Conduct enhanced ongoing monitoring of the business relationship with that person.

Where an individual who was a PEP is no longer entrusted with a prominent public function, the company continues to apply the requirements for PEPs for a period of at least 12 months after the date on which the individual ceased to be entrusted with a public function.

7.4. Simplified Customer due Diligence Measures

The measures defined in this section is applicable only for those customers, which has been assigned low or medium risk category. 

According to the SDD measures, the customer identification is performed based on identification information provided by the customer through the electronic channels of communication. When applying this method, the company obtains the following information about the customer at the moment of crypto-wallet account registration process:

• Email address;
• Mobile number, only in case the customer is willing to be engaged in bonus program.

When applying SDD it is not required to obtain the copy of the customer’s identification documents and verification of the identification data. 

7.5. Enhanced Customer due Diligence Measures

The company applies enhanced customer due diligence measures and enhanced ongoing monitoring, in addition to the required CDD measures, to manage and mitigate the money laundering or terrorist financing risks arising in the following cases: 

• In any case identified by the company, where there is a high risk of money laundering or terrorist financing;
• In any business relationship or transaction with a customer situated in a high-risk third country listed in Annex 1 of this policy; 
• If the company has determined that a customer or potential customer is a PEP, or a family member or known close associate of a PEP; 
• In any case where the company discovers that a customer has provided false or stolen identification documentation or information and the company proposes to continue to deal with the customer;
• In any case where a transaction is complex or unusually large, or there is an unusual pattern of transactions, and the transaction or transactions have no apparent economic or legal purpose;
• In any other case which, by its nature, can present a higher risk of money laundering or terrorist financing.

These enhanced measures include:

• Examining the background and purpose of the transaction, as far as reasonably possible;
• Increasing the degree and nature of monitoring of the business relationship in which the transaction is made, to determine whether the transaction or the relationship appear to be suspicious;
• Seeking additional independent, reliable sources to verify information provided or made available to the company;
• Taking additional measures to understand better the background, ownership and financial situation of the customer, and other parties to the transaction; 
• Taking further steps to be satisfied that the transaction is consistent with the purpose and intended nature of the business relationship; 
• Increasing the monitoring of the business relationship, including greater scrutiny of the transaction;
• A video or voice call with the customer by any means of electronic communications.

7.6. Screening the Customers against the Sanctions Lists

Once the company identifies the customer pursuant to the principles of this policy, the company checks the name of the customer in the international sanction lists.

The company uses dedicated commercial databases for screening the names of the customers.

If there is a match with the sanctioned name, the process of establishing business relationship is stopped and the case is analyzed by the responsible employee. On the basis of analyses and additionally obtained information responsible employee decides how to proceed with the transaction/business relationship.

If any party involved in the transaction is on the list of terrorists the responsible employee should immediately inform senior management. In such cases the business relationship with the customer is terminated immediately and senior management decides to report the case to the relevant public authorities.

8. Ceasing transaction or terminating business relationship

Where the company is unable to apply the required CDD measures in relation to a particular customer, the company: 

• Does not carry out a transaction with or for the customer through crypto-wallet account; 
• Does not establish a business relationship with the customer; 
• Terminates any existing business relationship with the customer.

Where the company is unable to complete required CDD measures in relation to a particular customer at the point the CDD threshold for transactions is reached, and is accordingly required to cease transactions or terminate the business relationship with the customer, the company adopts the following procedure: 

• At the point where the threshold is reached, the company puts all funds owed to the customer into an account (or equivalent) from which no withdrawals can be made;
• Further deposits are made to that account as long as they too are locked into it until CDD is completed;
• Bets are made from the account, again providing any winnings are locked until CDD is completed;
• Once CDD is completed, the account is unlocked and business continue as normal;

If the refund is to be completed back to another account (whether partially or completely) the risk assessment of the transaction is conducted that takes into account information such as:

• Multiple destinations – is the customer requesting that the money be sent to several accounts?  
• High risk destination – is the customer requesting that the money be returned to a country where there is a significant money laundering or terrorist financing concern?

The company conducts ongoing monitoring of such cases and, if necessary, considers reporting of findings via relevant fraud monitoring services in the public and private sector.

The customers are made fully aware of the abovementioned procedures when they first register with the company, so that there is no misunderstanding at a later stage.

9. Record Keeping

The company has in place record keeping procedure to ensure that there is an audit trail that could assist in any financial investigation by a law enforcement body. 

The company’s record keeping procedure covers records in the following areas relevant to this policy:  

• Details of how compliance has been monitored by the responsible employee;
• Delegation of AML/CTF tasks by the responsible employee;
• Responsible employee’s reports to senior management;
• Customer identification and verification information; 
• Supporting records in respect of business relationships; 
• Employee training records.

The company ensures that above listed information, documents and evidences of transactions will be preserved during five years since carrying out the transaction.

Information is recorded, systemized and filed in a way, that when needed it can be found and retrieved in a shortest period of time.  

10.  Staff selection and training

Taking into account the fact, that money laundering and financing of terrorism is often assisted by employees of gambling operators, the company uses intensified measures of identification of candidates in the recruitment process. In this process an important attention is paid to reputation, qualification and honesty of a candidate.

Each employee of the company, who is taking part in the process of establishing a business relationship with the customer is trained personally within one month from the moment of hiring and retrained annually. The responsible employee of the company participates in professional training at least annually. The training has an appropriate rank to raise an awareness of employee towards obligations defined by this policy.

The company ensures that relevant employees are aware of and understand: 

• Their responsibilities under the company’s policies and procedures for the prevention of money laundering and terrorist financing;
• The money laundering and terrorist financing risks faced by the company and each of its products and services;
• The company’s procedures for managing those risks;
• The identity, role and responsibilities of the responsible employee, and what should be done in his/her absence;
• How the company undertakes CDD;
• How PEPs, family members of PEPs and known close associates of PEPs will be identified, and how to distinguish PEPs who present a relatively higher risk from those who present a relatively lower risk.  

11. Approval of New Products and Services

If the company designs new products or services for customer or significantly changes existing products or services, before implementation of such changes, risk assessment of money laundering and financing of terrorism shall be carried out by the company. The responsible employee takes part in the process of risk assessment, whose recommendations shall be taken into account before the final approval of the design of product/service.

Risk evaluation of money laundering and financing of terrorism is also mandatory if the company considers the segmentation of services or use of intermediary company.

Annex #1 – High Risk Countries