Our AML policies, procedures and internal controls are designed to ensure compliance with all applicable BSA regulations and FINRA rules and will be reviewed and updated on a regular basis to ensure appropriate policies, procedures and internal controls are in place to account for both changes in regulations and changes in our business.
We will conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, maintain and update customer information, using the customer risk profile as a baseline against which customer activity is assessed for suspicious transaction reporting.
General risk evaluation
The main risk regarding money laundering and terror financing threats in this industry lies in the wallet-based model that most sales platforms in the industry use. A customer could, for example, deposit a certain amount of money using one payment method (like a credit card) and then later withdraw from his balance another amount, using a different method (such as a bank transfer).
In order to prevent such abuses, we have established a number of safeguards:
- There are daily and monthly transaction limits that are in place for all customers
- Any withdrawal by a customer can only be processed by a method that was previously used by the same customer for a deposit.
- All larger translations will automatically be recognized, flagged and reported to management.
Player-to-player transactions are not possible due to our business model.
Transaction limits, blocked countries
We also block from making any kind of transaction on our website customers from countries listed on the EU’s list of high-risk countries, which in its latest update from December 12th, 2023, includes the following countries:
Afghanistan, Barbados, Belarus, Burkina Faso, Cameroon, Democratic Republic of the Congo, Gibraltar, Haiti, Iran, Jamaica, Mali, Mozambique, Myanmar, Nigeria, North Korea, Panama, Philippines, Russia, Senegal, South Africa, South Sudan, Syria, Tanzania, Trinidad and Tobago, Uganda, United Arab Emirates, Vanuatu, Vietnam, Yemen
Deposits and purchases by any one single customer are limited to an amount of €1.000,00 per day, and €10.000,00 per month.
Customers from the USA, Germany and the Netherlands are also blocked from making any kinds of transactions on our site.
Customer due diligence, Signup procedure, General KYC Procedure
Upon signup, the customer is prompted to enter his email address. The customer will then receive a confirmation email with a verification link. By clicking that verification link, it is confirmed that the customer is the owner of that email account.
Upon making a ticket purchase, or a deposit into the player’s account, the player will be required to enter his/her first an last name and his country of residence.
Only private persons are allowed to sign up and purchase tickets through our website. Corporate entities are not accepted as customers, so that UBO checks are not necessary.
It is not possible to create more than one account with the same email address.
No customer is allowed to be represented by a third party or any type of representative.
Politically Exposed Persons will not be allowed to make any kind of transactions or our website.
Ongoing Due Diligence ODD
Every month, the entire customer database will be re-checked against the sanctions, PEP and adverse media list, using namescan.io.
Every three months, all customers will be contacted via email and asked to update their personal information, and given 7 days to either confirm that the information is up to date, or to edit their information. In case of any changes to the information, the necessary documents pertaining to that information have to be re-submitted by the customer.
If any check against the sanctions, PEP or adverse media lists indicates that the information given by the customer does not correspond to the information from that list, the customer account will be blocked, a manual revision of the account data will be initiated, and the customer will be prompted to update his information and undergo a full, new KYC process, as described in §4.
We will monitor account activity for unusual size, volume, pattern or type of transactions, by taking into account risk factors and red flags that are appropriate and pertinent to our business.
Our sales platform will constantly check all purchases and transactions against set parameters such as amount of a single purchase, daily, weekly and monthly total volume. In cases where one of those parameters is exceeded, the customer account and the transaction in question will be flagged, and reported to our support staff as well as to the AML compliance person.
Group 1: Customers with a transaction volume higher than €2000 per month, larger wins, or at least one single transaction of €500,00 or higher will automatically be flagged by our sales platform, and reported for manual revision by the AML Compliance Person.
All customers of this group 1 will be required to provide information and documentation regarding their source of funds. While the manual revision is ongoing, they will be blocked from executing any further purchase or transaction on our website.
Group 2: Customers from the countries listed in §3 will be blocked from executing any transaction or purchase on our website.
Group 3: Customers identified as signing up from the same IP address will be flagged for manual revision by our staff.
All cases (group 1, 2 and 3) that require Enhanced Due Diligence EDD will be included in a daily report for checking the customer’s location, IP address, payment method and his transaction history. Also, all such customer accounts will also again be checked against a list of politically exposed persons (PEP), sanctions and adverse media list using namescan.io.
In cases where any of the abovementioned checks and revisions results in the suspicion of activity in breach of AML provisions, or activity related to terrorism financing, we will file a detailed report to the authorities dealing with such infractions.
Potential Red Flags in Customer Due Diligence and Interactions with Customers
The customer provides the firm with unusual or suspicious identification documents that cannot be readily verified or are inconsistent with other statements or documents that the customer has provided. Or, the customer provides information that is inconsistent with other available information about the customer. This indicator may apply to account openings and to interaction subsequent to account opening.
The customer is domiciled in a jurisdiction that is known as a high-risk geographic location (e.g., known as a narcotics-producing jurisdiction, known to have ineffective AML/Combating the Financing of Terrorism systems) or conflict zone, including those with an established threat of terrorism.
The customer maintains multiple accounts, or maintains accounts in the names of family members.
The customer frequently changes bank account details or information for redemption proceeds, in particular when followed by redemption requests
Funds are transferred to financial or depository institutions other than those from which the funds were initially received, specifically when different countries are involved.
Funds are transferred into an account and are subsequently transferred out of the account in the same or nearly the same amounts, especially when the origin and destination locations are high-risk jurisdictions.
I all abovementioned cases (when a red flag is raised), Enhanced Due Diligence will be performed, as described in §8.
Responding to Red Flags
When an employee of the firm detects any red flag, or other activity that may be suspicious, they will notify management. Management will determine whether or not and how to further investigate the matter. This may include gathering additional information internally or from third-party sources, contacting the government, freezing the account and/or filing a Suspicious Activity Report to law enforcement agencies (see $17).
Processing a win
When a customer wins an amount of up to €2000,00, that amount will be credited to his player wallet.
When a customer wins an amount of more that €2000,00, our customer support will send the customer a claim form with his personal data, and his instructions regarding the pay-out of the winnings. To receive his payment, depending on the lottery, the customer can choose between a bank transfer, or a bank check. The customer will then also have to provide us with documents for identity verification:
- a scan of a government-issued ID
- a scan of a utility bill with the same address as above, no older than 3 months
- if the ticket was paid by credit card: a scan of both sides of his credit card (credit card number showing only the last 4 digits, CVV number must be blackened)
- if the ticket was paid via bank transfer, or if the customer decides to receive his winnings via a bank transfer: a scan of a bank statement (no older than 3 months), showing the customer’s name and address
All cases of winnings over €2000,00 will be reported immediately to management, and the customer will be checked against a PEP, sanctions and adverse media list using namescan.io.
If the revisions do not result in any suspicion, we will then forward those documents to the relevant lottery organization, and present them with the winning ticket on behalf of the customer.
Information storing, Record Keeping
The following information will be stored for five years:
- All information pertaining to the data provided by the customer during signup, account verification and KYC procedures
- Any document that we relied on to verify a customer’s identity, noting the type of document, any identification number contained in the document, the place of issuance, and if any, the date of issuance and expiration date.
- With respect to non-documentary verification, we will retain documents that describe the methods and the results of any measures we took to verify the identity of a customer. We will also keep records containing a description of the resolution of each substantive discrepancy discovered when verifying the identifying information obtained. We will retain records of all identification information for five years after the account has been closed; we will retain records made about verification of the customer’s identity for five years after the record is made.
- Information about purchases, deposits and withdrawals, as well as ticket data
The five-year period will begin after the last purchase, last deposit, or last withdrawal activity of the customer in question
We will keep other documents according to other record keeping requirements.
Staff training
We will develop ongoing employee training of senior management. Our training will occur on at least an annual basis. It will be based on our firm’s size, its customer base, and its resources and be updated as necessary to reflect any new developments in the law.
Sanctions
If a customer has committed a breach of terms and conditions, or a suspicion of illegal activity by a customer has been proven by our research beyond reasonable doubt, the customer account will be closed. The customer will be informed about such a closure by email.
All customer data for that customer will then added to a blacklist, with the effect that the customer be kept from creating a new account on our website using the same IP address, the same name or the same email address.
If a customer has been identified as being on either the sanctions list, PEP list or the adverse media list (by a search run via namescan.io) during any of the diligence actions (including the Customer Due Diligence described in §4), the customer account will be blocked from any transaction on our website.
All customer data for that customer will then added to a blacklist, with the effect that the customer be kept from creating a new account on our website using the same IP address, the same name or the same email address.
Reporting
Whenever a revision reveals suspicious activity, or activity of a person listed as a PEP, or activity of a person on a sanctions list, or a person on an adverse media list, all pertinent data will promptly be forwarded to the relevant authorities, such as the Financial Intelligence Unit.
In situations involving violations that require immediate attention, such as terrorist financing or ongoing money laundering schemes, we will immediately inform the appropriate law enforcement authorities, such as, but not limited to:
- In cases involving customers from the EU, the relevant Financial Intelligence Unit of the EU
- The UK National Crime Agency http://www.nationalcrimeagency.gov.uk/
- The Financial Crimes Enforcement Network Fincen https://www.fincen.gov/
- The law enforcement agency of the country or city that corresponds to the customer’s residence.