PAYMENTS

1. General

1.1 Policy Statement

BetBrave and its affiliated entities are committed to actively preventing their services from being exploited for illegal activities, including money laundering and terrorist financing, through customers’ wagering activities on the platform. All staff members are expected to contribute to this effort, with the objectives of:

• - Ensuring compliance with applicable laws, regulations, and supervisory requirements relevant to BetBrave’s operations

• - Protecting the company and its staff from legal and regulatory risks associated with breaches

• - Maintaining the good reputation of BetBrave by distancing itself from money laundering and terrorist funding allegations

• - Contributing positively to the fight against financial crime and terrorism financing

To achieve these aims, BetBrave’s policy emphasizes:

• - All staff members must fulfill their responsibilities as appropriate for their role
  
• - Commercial interests shall never override BetBrave’s commitment to anti-money laundering obligations
  
• - Appointment of a designated Money Laundering Reporting Officer (MLRO), with a designated deputy, who will be supported by all staff in the performance of their duties. References to the MLRO hereinafter also include the deputy during any absence.

1.2 Definitions

BetBrave recognizes the importance of clearly distinguishing between money laundering and terrorist financing activities before implementing its Fraud Management Procedure.

Money laundering involves disguising the origins of illicitly obtained funds to obscure their criminal source, thus enabling profits derived from crime to be integrated into the financial system. The goal is to conceal the link between the crime and the proceeds.

Funding of terrorism refers to providing financial or other resources, directly or indirectly, to terrorist organizations or individuals to support their activities. Such funding may originate from legitimate sources or a mix of lawful and unlawful sources. Even when sourced legitimately, terrorists may attempt to disguise or obscure the links between funds and their origins, with particular focus on hiding the ultimate recipient. This process is primarily about concealing the destination of the funds rather than the origin.

When regulatory authorities require Suspicious Transaction Reports (STRs) or Suspicious Activity Reports (SARs), these communications must generally be kept confidential, due to legal constraints. The involved parties and the complexity of third-party involvement may extend resolution times, as additional legal or management review may be necessary. Due to these factors, processing times can vary significantly.

2. The Risk Based Approach

2.1 Definition

In accordance with applicable laws, BetBrave employs a risk-based approach. This entails identifying, analyzing, and implementing policies, controls, and procedures to mitigate the risks of money laundering and terrorist financing. The approach provides flexibility and discretion, placing significant responsibility on the company to document and justify its risk assessments and control measures, including conducting thorough risk analyses to ensure compliance and effective risk mitigation.

2.2 Risk Assessment

BetBrave’s risk management framework involves:

• - Recognizing the existence of risks

• - Conducting comprehensive risk assessments

• - Applying controls and strategies to manage and minimize identified risks

The remote gaming sector is inherently risky, but the risk assessment aims to identify key risk factors and their levels, allowing BetBrave to implement appropriate controls, policies, and procedures to prevent risks from materializing. The risk assessment, approved by the governing board, considers factors such as:

• - Product, service, or transaction vulnerabilities, particularly those allowing customer influence over game outcomes
  
• - The interface through which business relationships are established, incorporating technological controls to address identity fraud and impersonation risks
  
• - Geographical risks linked to customer residence, origin, and international sanctions, especially countries with weak AML controls or subject to sanctions
  
• - Customer-specific risks based on activity, source of income, and potential link to Politically Exposed Persons (PEPs) or sanctions

These risk assessments are dynamic, with regular re-evaluation as new risks emerge due to technological developments, evolving customer profiles, or expansion of products. BetBrave performs a minimum annual review to stay updated on risk levels, considering all relevant indicators to develop an accurate customer risk profile.

2.3 Key Risk Factors

BetBrave’s risk assessment encompasses the following factors:

• - Product/Transaction Risk: Certain gaming products or transactions may be more vulnerable, especially those where customer influence or collusion is involved.
  
• - Interface Risk: The customer onboarding and transaction channel, where technological controls (document verification, electronic databases) are employed to mitigate risks, though non-face-to-face interactions are not automatically high risk.
  
• - Geographical Risk: The country of residence or origin, especially those with weak AML regimes, high corruption levels, or subject to sanctions, poses a higher risk.
  
• - Customer Risk: The customer’s source of wealth, activity, and potential PEP association influence the risk level.

Risk assessments are continually updated. Changes in technology, customer base, or offerings may prompt re-evaluation. Continuous monitoring aims to detect and address risks proactively, maintaining a comprehensive risk profile for each customer.

Customer Due Diligence (CDD)

3.1 Procedure

BetBrave’s Fraud Management procedures center on understanding clients and assessing risks related to transactions and the source of funds, including their origin and legitimacy.

Risk assessments are conducted upon establishing a business relationship or processing occasional transactions, recognizing that each case is unique and requires tailored controls. BetBrave exclusively accepts individual players, not corporate entities. The initial risk profile will be refined over time as the customer’s relationship develops, with adjustments made when significant changes occur. Continuous monitoring ensures risks are promptly identified, and controls are updated accordingly.

The onboarding process begins with collecting detailed personal information to build a customer profile, including activity and behavior patterns, to aid in ongoing risk management. Customer Due Diligence (CDD) comprises three main components:

• A. Identification and verification of customer identity
  
• B. Gathering information on the purpose and nature of the business relationship
  
• C. Ongoing monitoring of customer activity and profile updates

3.1.1 Identification and Verification

The process of identification involves collecting personal details during registration, forming the basis for KYC procedures. These details include:

- Full name

- Residential address

- Date of birth (must be over 18 or age of majority in jurisdiction)

- Valid email address

- Place of birth

- Nationality

- Identity/reference number, where applicable

After collecting this information, BetBrave will check if the customer is a Politically Exposed Person (PEP), or related to one, using reliable electronic databases such as opensanctions.org. If the individual is identified as a PEP or related, registration will be denied in line with company policy.

Customer accounts are activated once email verification is completed. If high risk is identified, additional documentation may be requested immediately to ensure identity and legitimacy. BetBrave aims to verify that each customer is authentic, using effective measures to prevent identity fraud and impersonation.

3.1.2 Verification

Verification involves confirming the personal data through independent sources, such as official documents and electronic databases. Discrepancies will trigger additional verifications.

This process can use:

• - Official documents (passport, ID card, driver’s license), with photographs
  
• - Alternative documents such as utility bills or bank statements if address cannot be verified otherwise
  
• - Electronic verification via government-issued e-ID or Bank-ID, or reliable commercial databases, ensuring data accuracy and currency

BetBrave will verify the authenticity, clarity, and quality of all received documents. Additional checks for utility bills or other less straightforward documents may involve verification software. Location data, IP addresses, and other geo-location data will also be considered to corroborate identities, with exceptions handled on a case-by-case basis.

3.1.3 Purpose and Nature of Business

Relationship

The purpose of opening a gaming account is straightforward; no additional explanations are normally required. However, suspicion may arise if BetBrave detects signs of illicit activity. In such cases, further investigation and additional documentation will be requested to clarify the motives behind the account opening.

There is no fixed timeline for such checks; they are conducted when suspicions are raised, either at registration or later, once certain thresholds are reached.

Prior to reaching the threshold, BetBrave will collect sufficient evidence to determine the customer’s source of wealth, including employment details or other income sources, and will verify the declared information through external sources, social media, or independent documentation. If suspicion persists, further scrutiny and verification will be undertaken, including requesting additional proof of the source of wealth (e.g., payslips, bank statements).

3.1.4 Ongoing Monitoring

BetBrave continuously monitors customer transactions, personal data, and any changes in circumstances or gaming behavior. This ensures consistency with the initial risk profile and detects unusual or suspicious activity, especially large or out-of-pattern transactions. Customers are encouraged and obliged to update their personal information promptly.

Monitoring also includes assessing the relationship between transactions and the customer’s stated profile. Discrepancies trigger further inquiries. BetBrave documents all findings and may suspend or terminate accounts if suspicious activity cannot be resolved, or if a customer becomes or is identified as a Politically Exposed Person (PEP) during the relationship.

In cases where a customer, initially not classified as PEP, later is identified as such through ongoing review, BetBrave will close the account and may confiscate winnings, returning balances to the source of funds, preserving strict policies against PEP accounts.

3.2 Timing and Application of CDD measures

A customer account is considered opened upon registration, provided the owner’s age exceeds the minimum legal threshold (eighteen or specified otherwise). Registration will be automatically rejected if the provided date of birth indicates underage status.

BetBrave may undertake verification procedures at any time, especially if cumulative deposits reach €1,000 or more, whether through a single deposit or multiple linked transactions. The system will check daily whether the threshold has been attained and will identify possible multiple accounts created for fraudulent purposes or to evade verification thresholds.

Until the threshold is reached, ongoing monitoring will continue, ensuring that customer data remains accurate and consistent. If discrepancies are detected, further clarification or documentation will be requested, with suspicion of money laundering or terrorism financing guiding additional procedures as described in section 4 below.

Once the €1,000 deposit threshold is surpassed, BetBrave will finalize the customer’s risk profile based on the risk assessment in section 2.2, within thirty days. The resulting risk level—low, medium, or high—will determine necessary control measures according to the following scheme:

Risk and Measures

Low

1. Verification of personal details

2. Continued monitoring to ensure the account remains low risk

3. Reporting any suspicious activity

4. Additional data collection as needed

5. Verification through photographic documents

Medium

1. Collection of source of wealth data

2. Ongoing monitoring to detect anomalies and update profile

3. Reporting suspicious activity

4. Additional verification measures as needed

5. Photographic ID verification

High

1. Source of wealth assessment

2. Enhanced ongoing monitoring

3. Determination of source of funds for specific transactions

While the verification process is ongoing, customers may continue gaming, but withdrawalswill be restricted until verification is complete. If the customer fails to provide required information within thirty days of reaching the €1,000 threshold, BetBrave may close the account following the procedures outlined in section 3.3 below.

3.3 Termination of Business Relationship

BetBrave may conclude its business relationship with a user if the individual fails to submit requested identification or documentation despite multiple requests. In such cases, any winnings will be voided and all deposited funds will be refunded to the original payment source, subject to approval by senior management ensuring no legal or regulatory restrictions impede the transfer. If refunding via the original channel becomes unfeasible, BetBrave will, as a last resort, transfer the remaining funds to a single bank or financial account held in the user's name in a reputable jurisdiction. If no such account is provided, the funds will remain held in the user’s account until valid transfer details are received. Should such details not be provided within thirty (30) months, any remaining funds will be remitted to the Curaçao Gaming Authority. When funds are transferred under these circumstances, BetBrave will include instructions indicating the transfer is due to inability to complete Customer Due Diligence (CDD). BetBrave shall also evaluate whether there are grounds to file a Suspicious Transaction Report (STR) in accordance with applicable procedures.

3.4 B2B Relationships

Prior to establishing any business partnerships, BetBrave conducts comprehensive due diligence involving senior management, legal, and MLRO teams. This process aims to identify potential risks associated with engaging with third parties. The assessment includes verifying the source, nature, and volume of transactions introduced by the third party, with particular consideration given to whether the third party is an approved supplier under Curaçao Gaming Authority standards or is seeking such approval at the time of contracting. Additional scrutiny is applied to determine if the third party operates in or collaborates with entities in jurisdictions known for non-reputation or poor AML standards. All necessary documentation—such as incorporation certificates, organizational bylaws, certificates of good standing, financial statements, officer and shareholder identification, and bank references—must be obtained in original or certified form. Only once due diligence confirms that the third party's conduct aligns with BetBrave’s risk appetite and compliance standards will formal agreements be executed, accompanied by ongoing monitoring and possibly audit rights to ensure continued compliance.

BetBrave reserves the right to terminate or suspend relationships if subsequent reviews reveal non-compliance or reputational concerns. All anti-money laundering reviews will be documented separately, and BetBrave retains the right to cease cooperation if its AML obligations are jeopardized. Notifications to the Curaçao Gaming Authority will be made as required.

3.5 Reliance on Agents and Third Parties

BetBrave may rely on third-party providers or agents for customer onboarding and verification processes. These entities will be established in reputable jurisdictions, such as EU member states or regions with AML standards equivalent to Curaçao’s, according to reliable international sources including FATF assessments and similar evaluations. If relying on such third parties, BetBrave retains the right to request verification documents from the customer directly. The contractual arrangement will include provisions for ongoing monitoring and a right to audit the third party’s compliance with AML procedures. BetBrave will ensure that all relevant due diligence, KYC, AML, and payout procedures are faithfully implemented, while ultimately remaining responsible for regulatory compliance in its jurisdiction.

4. Reporting Suspicious Activity and Transactions

4.1 Appointment of the Money Laundering

Reporting Officer (MLRO)

The MLRO is responsible for reviewing internal reports of suspicious transactions, following up appropriately, and filing Suspicious Transaction Reports (STRs) with the Financial Intelligence Unit (FIU). The MLRO serves as the primary communication link with the FIU, ensuring that BetBrave’s policies on AML/CFT are properly implemented. The MLRO will also keep abreast of sanctions lists such as FATF and OFAC, updating staff on relevant legal or regulatory changes, and will operate independently with sufficient authority to make decisions without undue influence. The MLRO will have access to all necessary information and personnel to fulfill its duties effectively, with a designated deputy available during absences. These individuals will be registered with the Curaçao Gaming Authority as contact points for AML matters.

4.2 Reporting Suspicious Activity and

Transactions

BetBrave will monitor accounts for indicators of money laundering or terrorist financing, and when suspicions arise, will ensure all due diligence is performed regardless of thresholds. If suspicion persists, an STR will be filed promptly with the FIU. Internal reporting involves staff training to recognize red flags, such as multiple accounts by the same user or suspicious deposit patterns. If staff suspect illicit activity, they will report internally to the MLRO without informing the customer or management, to prevent tipping off. The MLRO will document each suspicion and investigation, maintaining confidentiality and records separate from the customer’s file. If, after investigation, grounds exist, the MLRO will proceed with formal reporting to the FIU, following regulatory instructions.

BetBrave will maintain internal logs of suspicion reports, documenting the investigation process and decisions. These logs are accessible only to the MLRO and are kept secure. The MLRO will also inform the initial reporter of the outcome as appropriate, ensuring procedural transparency.

4.2.3 Indicators of Suspicious Activity

Activities that may trigger suspicious activity reports include any actions suggesting links to money laundering or terrorism financing, regardless of whether transactions have occurred. This includes objective signs such as multiple accounts, unusual deposit patterns, or discrepancies in client information. BetBrave is obligated to report such activity to the FIU and notify the Curaçao Gaming Authority as necessary.

4.2.4 Action Following Suspicion

Given the nature of online gaming transactions, BetBrave may proceed with a transaction even when suspicion arises, to avoid compromising the investigation. The company will file an STR immediately after the transaction’s completion if suspicions are confirmed. This approach balances operational integrity with regulatory obligations.

4.2.5 Confidentiality and Disclosure

Restrictions

BetBrave shall only disclose suspicion reports to:

• the Curaçao Gaming Authority;
  
• relevant authorities within the same corporate group, if applicable;
  
• other jurisdictions or entities where legal requirements such as professional secrecy or data protection are equally applicable;
  
• regulatory or enforcement agencies upon request or in accordance with legal obligations.

Disclosures aimed at avoiding tipping off or compromising ongoing investigations are prohibited unless explicitly authorized by law or regulator guidance. BetBrave will consult FIU analysts before taking any action against the suspect to ensure actions are proportionate and do not hinder the investigation. Documentation of all decisions and actions related to suspicion management will be maintained.

5. Payout Management Procedures

Withdrawals by players will only be processed to reputable financial institutions in jurisdictions with AML and CFT standards equivalent to those applicable in Curaçao. Funds will generally only be refunded to the original deposit source to reduce money laundering risks. Cash deposits and withdrawals are strictly prohibited. All withdrawal requests will be executed promptly, subject to account verification and compliance checks.

The procedure for processing withdrawals includes:

• Immediate processing of withdrawal requests upon receipt.
  
• Prohibition of cash transactions; all transfers shall be electronic.
  
• Review of gameplay and financial transactions for signs of manipulation, cheating, or bugs, with appropriate action taken if issues are identified.
  
• Assessment of whether customer due diligence (CDD) has been completed. If not, management will decide if CDD is necessary before processing the withdrawal.
  
• Conducting a risk assessment to determine the player's risk profile relative to their activity with BetBrave.
  
• Verification documents and source of funds documentation will be requested if not already obtained, especially in cases involving delegated or manual payouts or when fund source verification is necessary.
  
• If verification cannot be obtained or if fraudulent activity is suspected, withdrawals will be blocked, winnings voided, and deposits returned to the original source.
  
• In cases where refunds cannot be made to the original source, alternate verified payment methods will be sought.
  
• Manual payouts, such as account closures, will be processed within 10 business days,provided the amount does not exceed the weekly withdrawal limit.
  
• Source of funds documentation will be requested if necessary, with decisions made within 30 days upon receipt of all documentation. If not provided within this period, accounts may be restricted, with further action at management’s discretion.

6. Training and Awareness

BetBrave mandates annual anti-money laundering training for all staff with client interaction or access to client information. Training programs ensure awareness of AML/CFT obligations, detection techniques, and internal procedures. The training covers the entire process—from customer onboarding to cashout—to foster a comprehensive understanding among employees. The MLRO will ensure that ongoing training is provided and that staff remain updated on regulatory changes, sanctions lists such as FATF and OFAC, and other relevant legal requirements. Training modules will include testing and assessments to confirm comprehension, with special focus given to senior personnel and compliance teams.

The Human Resources department will:

• Inform staff of mandatory training schedules;
  
• Monitor attendance and completion of training programs, issuing reminders as needed;
  
• Maintain records of completed training and assessment results;
  
• Update employee records accordingly;
  
• Refer cases of non-compliance or unsatisfactory results to senior management for further action.

The MLRO will have full access to training records. Post-training, the HR department will coordinate ongoing education and updates, ensuring staff remains informed of legislative and procedural developments. Line managers will provide feedback on training effectiveness and support day-to-day implementation, including guidance on significant client instructions and activities that require managerial attention. Staff will also be trained on identifying suspicious activities and indicators, with continual professional development opportunities tailored to their roles.

7. Record Keeping of Customer Due

Diligence Data

BetBrave staff responsible for CDD collections will:

• Maintain comprehensive and organized records within each customer file;
  
• Document any instances where requested information is not provided or explanations are unsatisfactory;
  
• Ensure records are accessible, consistent, and understandable to authorized personnel including the MLRO;

Customer transaction and account records will be retained for the period mandated by applicable laws, such as AML obligations and taxation requirements. Customers may access their transaction history via their profile for up to two months; thereafter, requests can be made through customer support.

If an investigation or report is filed against a user, their records will be retained for a longer period to ensure compliance with AML obligations. Once concluded, records will be archived in accordance with standard policies..

8. Monitoring and Compliance

Management

BetBrave will continuously evaluate compliance with AML policies through regular internal audits and, where appropriate, through external auditors. Outcomes, including compliance gaps and remediation plans, will be reviewed by the Board of Directors. The MLRO will oversee this process, monitor AML procedures, and report findings at least annually, covering changes in regulation, ongoing AML activities, detected deficiencies, corrective actions, and staff training initiatives. The MLRO will also identify urgent issues requiring immediate management intervention, reporting such cases directly to the Board and requesting necessary support. The annual audit by the MLRO will compile a report summarizing the AML compliance status, internal controls, and ongoing development plans for staff awareness and training. The review frequency may be increased if legal or regulatory changes occur or if deemed necessary by the Board.

Games & More BV will allow players to continue using their gaming account while it is still obtaining necessary information and/or documentation from the player concerned. However, up until the time when Games & More BV actually obtains the mentioned information and/or documentation, and verifies the player’s identification, it will not allow the player to effect any withdrawals from his account, independently of the amount involved. Furthermore, if thirty days have lapsed from when the € 1,000 threshold has been met, and the player has not provided the requested information and/or documentation Games & More BV may terminate the business relationship with the player, following the procedure laid out in the next section.

3.3 Termination of business relationship

Games & More BV will terminate its business relationship with a player if he fails to provide the requested information and/or documentation, which Games & More BV has repeatedly requested of him. Games & More BV will void any winnings and will then transfer deposited funds to the original source from where the funds originated. All approval for such action must be taken by senior management and only once it has ascertained that there is no restriction on the transfer of the funds. If Games & More BV finds it impossible to remit the funds back to the player through the same channels, it will, as a measure of last resort, remit the funds to a single account held with a credit or financial institution in a reputable jurisdiction in the player’s name. If no such account is made available then the funds will continue to be held in the players’ name. The funds will continue to be held on account until the player provides adequate details for the transfer. If this never materializes then after the lapse of 30 months any funds remaining on account will be remitted to the CURACAO GAMING AUTHORITY. Whenever remitting such funds, Games & More BV will indicate in the instructions accompanying the funds that these are being remitted due to inability to complete CDD. Games & More BV will also consider whether there are grounds for filing a Suspicious Transaction Report (STR), as per the procedure laid out hereunder.

3.4 B2B relationships

Games & More BV will also conduct due diligence exercises before entering into any business relationships with third parties. These exercises will be carried out by senior management together with the legal department and the MLRO. Just like CDD, business due diligence (BDD) will seek to identify what risks would emerge should Games & More BV engage in business with the third party. In carrying out this assessment, it will be determined whether the source, nature and volume of business to be introduced via the third party can be established. Games & More BV will also give a lot of weight to the fact that a supplier is already an approved supplier as per CURACAO GAMING AUTHORITY requirements. It is also considered positive if a supplier that is presently not approved seeks approval at the point in time when contracting with Games & More BV. The assessment will also seek to establish whether the third party has business dealings with other third parties which are known not to be reputable, or if the third party conducts its business in or from a non-reputable jurisdiction. In this regard, Games & More BV will ask the third party to provide it with original/certified copies of all the necessary documentation, including, company incorporation certificate, memorandum and articles of association, certificate of good standing, annual financial statements, identification of officers of the company as well as a shareholders list, and a bank reference letter, confirming that the company’s affairs are dealt with in a good manner. Once it has been determined that the third party conducts business in a manner which will not jeopardize Games & More BV’s position, then the parties will agree on the terms of the business relationship and sign the relevant agreements and documentation. As part of the BDD, Games & More BV will conduct ongoing monitoring to ensure that the third party still conducts its business in a diligent manner, based on their own experience of the manner in which the services are provided. Furthermore, Games & More BV also reserves the right to include a Right to Audit clause in the agreement it signs with the third party, if this is deemed necessary.

Any anti-money laundering review conducted will be separately noted in the third party’s file. In any case, Games & More BV will always reserve its right to terminate its business relationship with any third party should it feel that in conducting business with the third party, it is putting its compliance with its anti-money laundering and funding of terrorism obligations at risk. Notification to the CURACAO GAMING AUTHORITY will be given as per the agreement and as per the requirements of the same authority.

3.5 Reliance and agents

Games & More BV may decide to rely on the information and documentation collected at customer on-boarding stage by a third party, and/or engage an agent. In either of the cases, Games & More BV will ensure that the third party is established in an EU Member State or a reputable jurisdiction which adopts the same anti-money laundering or countering of funding of terrorism measures as laid out in the applicable Curacao laws, or measures which are equivalent thereto. In determining the latter, Games & More BV will rely on reputable sources such as the Financial Action Task Force on Money laundering evaluation reports,IMFCountryReportsetc.

If Games & More BV decides to rely on information provided by a third party, it may still request the player to provide it with any verification documents. In such circumstances, Games & More BV will still conduct the customer-based risk assessment itself, determine the customer’s risk rating and conduct on-going monitoring. The relationship between Games & More BV and the third party will be laid out in an agreement, and one of the conditions will be that of the third party providing Games & More BV with documents concerning players, immediately upon request. Games & More BV will also include a Right to Audit clause in the agreement and will indeed periodically test this arrangement, to ensure that the necessary player personal details and documentation is being collected as per the agreed specifications.

A copy of this procedure will also be provided to the third party so as to ensure that the CDD requirements and applicable thresholds are adequately communicated, and thus the third party will never have the excuse that they were not aware of what the applicable company requirements are. Games & More BV may, whenever allowed by law, opt to use the services of agents in order to on-board or service customers. Games & More BV may request the agent to carry out the necessary anti-money laundering/countering of funding of terrorism controls and adoption of measures when on-boarding or servicing one of Games & More BV’s customers. In any case however, Games & More BV will ensure that any application of CDD measures is carried out diligently and as required by the applicable laws. Games & More BV is well aware that in exercising reliance or making use of agents, it remains ultimately responsible for ensuring it is adhering to its anti-money laundering/countering of funding of terrorism obligations.

4. Reporting suspicius activity and transactions

4.1 Appointment of the Money Laundering Reporting Officer (MLRO)

While the detailed description of the responsibilities of the MLRO is laid out in the Human Resources Roles and Responsibilities Policy, the MLRO’s main responsibility will be that of considering any internal reports of unusual or suspicious transactions that are raised within the company, and, following up on these reports and also filing a STR with the Financial Intelligence Analysis Unit (FIAU), when this is deemed necessary. The MLRO, will also act as the main channel through which any communications with the FIAU will be conducted. He will ensure that Games & More BV is effectively implementing the policies and procedures which it has adopted in order to address its anti-money laundering/countering of funding of terrorism obligations. The MLRO will be responsible for monitoring any updates on sanctions

lists such as that of the Financial Action Task Force (FATF) and the Office of Foreign Assets Control (OFAC). He will then update the rest of the staff on any amendments to the sanctions lists and any fundamental changes to the applicable law. Games & More BV will ensure that the individual appointed as MLRO enjoys sufficient seniority and command to be able to act independently of its management.

The MLRO will have access to all the necessary information/documentation and company employees to effectively carry out his obligations. Games & More BV has also appointed a designate employee who would be able to act as the MLRO during the MLRO’s absence. The MLRO’s as well as the designate employee’s appointments will be made known to the CURACAO GAMING AUTHORITY , so that the CURACAO GAMING AUTHORITY , as well as the FIAU, may address queries and requests directly to them, whenever the need arises. Thus, such individuals will act as a contact point between Games & More BV and the relevant authorities in matters related to anti-money laundering/countering of funding of terrorism.

4.2 Reporting suspicious activity and transactions

Games & More BV may develop a suspicion or have reasonable grounds to suspect that activity on an account is linked to money laundering or funding of terrorism. At that point in time, Games & More BV will ensure that all CDD requirements are met, regardless of whether any applicable threshold has been met. It will consequently submit a STR as soon as possible.

4.2.1 Internal Reporting Procedures

As laid out in further detail in section 6 below, all staff communicating with the players, or having access to information about clients’ affairs, will receive anti-money laundering training. In this manner, they would be able to identify which player’s action should reasonably lead them to suspect that money laundering or funding of terrorism activity is being attempted or has been carried out. For instance, they would be expected to realise that if a player attempts to register more than one account with Games & More BV, or if he deposits considerable amounts during a single session by means of multiple pre-paid cards, then such actions should constitute indicators or red flags which should lead them to question the player’s behavior. At that point, the employee may subtly seek explanations from the player, without disclosing his suspicion to the player. This disclosure is forbidden whether directly or indirectly, and hence all members of stuff must be astute in this respect. If the officer does not manage to obtain any convincing information, and after full consideration the officer is still suspicious of foul play, then at that point he shall inform his immediate superior. Obviously enough, prior to reporting to his superior, the employee will have to be satisfied that there is a clear indication of intent to circumvent the safeguards, and that use of the financial system for criminal purposes is present.

There may be instances wherein the manager disagrees with the officer, but the officer still feels he has reasonable grounds to suspect wrongdoing. In such circumstances, the employee is to inform the MLRO anyway of his suspicions. The employee may discuss the matter directly with the MLRO and is in no way obliged to inform or involve his manager. On receipt of the internal report from the employee, the MLRO will acknowledge its receipt in writing, referring to the report by its date and unique file number, without including the name of the person(s) suspected. In this manner, the officer’s legal obligation to report will be considered to have been fulfilled. The employee will only be allowed to discuss the matter internally with management, or with other employees, if at all deemed necessary, after having obtained approval from the MLRO. Any external discussions are prohibited and will be considered as tipping off. If circumstances arise that make it difficult for the employee to communicate with the player without risking any possibility of tipping off, the employee is to seek advice and follow the MLRO’s instructions. This procedure shall constitute Games & More BV’s internal procedure for reporting suspicious activity and transactions.

4.2.2 External Reporting Procedures

As already described in the previous section, the MLRO shall receive and evaluate internal suspicion reports. He will open and maintain a log detailing the progress related to each report, noting down any information which needs to be documented so as to ensure that an adequate track record of the reasons leading to his decision are maintained. Such documentation may also be used to assist the Authorities in any analysis or investigation of the suspected money laundering or funding of terrorism, when such details are directly requested from the MLRO. This log shall be held by the MLRO and shall only be accessible to him, and will not form part of the player’s file. The MLRO shall gather all the necessary information and pose any questions to any of Games & More BV’s employees’ as part of his investigation. The employees (whether those having submitted the internal report or otherwise) shall provide the MLRO with relevant information. In doing so, they will not be breaching their obligation of client confidentiality. Once the MLRO decides that there are reasonable grounds which warrant the submission of a STR via the Authority’s online submission system, he shall make this formal disclosure to the FIAU on behalf of Games & More BV. No copies of either the internal or external reports will be made. The MLRO will keep such records secure. The MLRO shall, where appropriate, inform the originator of the internal report whether or not a formal disclosure has been made. Following a formal disclosure, the MLRO shall take such actions as required by the Authorities in connection with the disclosure and accordingly follow their instructions.

4.2.3 What should give rise to a suspicious activity?

For clarity’s sake, STR reporting will cover:

Any activity which leads Games & More BV to think that a person is linked to money laundering/funding of terrorism or to any proceeds of crime, or that either of the two is being committed, or may be committed, independently of whether any transactions have taken place or otherwise.

Any instance wherein objective facts will lead Games & More BV to have reasonable grounds to suspect that money laundering/funding of terrorism or of proceeds of crime may be taking place.

Games & More BV shall be obliged to submit an STR with the FIAU with regards to activity carried out on the basis of its Curacao Gaming Licence, and accordingly notify the CURACAO GAMING AUTHORITY, when deemed necessary and as per instructions given by the FIAU.

4.2.4 Stopping/continuing work following a suspicion

Due to the nature of the gaming products and services offered by Games & More BV, and the nature of the transactions in question, Games & More BV will not always be in a position to refrain from carrying out a pending transaction prior to the filing of a STR. This is because should Games & More BV refrain from accepting a transaction when it usually does so instantly, the delay in acceptance may trigger the player into knowing that he is being suspected of fraudulent activity. Any delay may prejudice an analysis or investigation of the suspected transaction. Hence, whenever Games & More BV suspects money laundering/funding of terrorism, then Games & More BV will still proceed with executing the suspected transaction. However, Games & More BV will, submit an STR to the FIAU immediately after the execution of the transaction.

4.2.5 Prohibition of Disclosure

✓ Disclosures to the supervisory Authority, in this case the CURACAO GAMING AUTHORITY;

✓ Disclosures between subject persons in the same group;

✓ Disclosures between a subject person undertaking a ‘relevant activity’ and another person undertaking similar activities and where similar requirements are imposed by the jurisdiction. The persons being within the same legal person or within a larger structure to which they belong, which have common, ownership, management;

✓ Sharing of information based on the same transaction, where the subject persons and the related activity are subject to the same legal obligations and the persons are of the same professional category and hence have similar obligations in respect of professional secrecy and data protection;

✓ Disclosures by a subject person in the course of proceedings initiated in respect of delays in carrying out transactions, where the subject person was actually following instructions as per FIAU;

✓ Disclosure by a subject person to a supervisory authority as per the request made by the supervisory authority, in this respect, the CURACAO GAMING AUTHORITY.

Games & More BV will also consider carefully any of the measures which it decides to adopt vis-a-vis the suspected player, consequent to the submission of a STR. So as not to jeopardise any investigation, prior to undertaking any such action, Games & More BV will seek guidance from the FIAU’s analysts. Games & More BV will, as much as possible, consider such actions as a measure of last resort, and not unnecessarily burden the FIAU with every small suspicion. In cases of minor suspicions not warranting reporting, it will instead increase on- going monitoring and only submit STRs to the FIAU once a suspicion persists or the indicators increase. Games & More BV will ensure proper documentation of such internal decisionmaking.

5. Payout Management Procedure

Whenever a player makes a withdrawal request, regardless of the payment method used, Games & More BV will, prior to acceding to such a request, ensure that the institution to which the funds are to be remitted is situated in a reputable jurisdiction and has equivalent anti- money laundering/counterfeit terrorism requirements as are applicable to Games & More BV. Obviously enough this also ties in to the institutions from where player deposits are accepted. As a general rule, withdrawals will only be processed to the same source from where the funds originated. This measure will limit the risk of successful money laundering or funding of terrorism withdrawals.

Furthermore, no cash deposits or withdrawals will be affected. Withdrawal requests shall be carried out as per the following procedure:

✓ Withdrawal requests will be processed immediately upon request.

✓ No cash withdrawals can be processed under any circumstances. Cash transactions are specifically prohibited and in fact there are no methods that players may apply to process any fund transfers in cash.

✓ The gameplay will be checked as well as all financial transactions.

✓ Games & More BV will also consider whether individuals are playing fairly, or whether the gaming system has in any way been manipulated, or whether the system is, alternatively, malfunctioning, and the player was in any way taking advantage of any bug without, accordingly informing Games & More BV, as per the Terms & Conditions’ requirements.

✓ Reference will also be made as to whether CDD verification has been conducted. If it has not yet been carried out since the deposit requirement was not reached, a management decision is taken as to whether it is deemed necessary to conduct CDD verification at this stage prior to completing the withdrawal process.

✓ The risk assessment is also conducted / checked to ensure that the player’s risk vis-a- vis his activity with Games & More BV is determined.

✓ Applicable CDD requirements will be as per section 3.2 above.

✓ If the player does not provide the necessary documents for verification to take place, when requested, or if it becomes clear that verification cannot take place because the individual has acted fraudulently, withdrawals will not be processed. Once it becomes clear to Games & More BV that the individual was attempting to act fraudulently, it will block the player’s account, void all winnings and simply return the deposit to the account from where the funds originated.

✓ In the event that withdrawals cannot be processed to the account from where the funds originated, such as when the player is making use of Mastercard or Paysafecard, then Games & More BV will formally request for player verification documents and also request for details of another payment system that may be confirmed to be in the player’s name and hence minimising the risk of remitting funds to an individual that is different from the person that had originally remitted the deposits. This process is in place to discourage credit card theft and identity theft.

In the case where a manual payout is required due to account closures, the payouts will be paid within 10 business days, so long the amount does not exceed the weekly withdrawal limit.

In the event that source of funds/source of wealth documents are required, the decision will be made within 30 days upon receiving all required documents. If the provided documents require further documents to the sent, this deadline shifts to 30 days since receiving the last document. In case the documents are not provided within 30 days, the account will be restricted and the decision on how to proceed with the funds is at the managements and legal department discretion.

6. Training

It is the policy of Games & More BV that all staff who have client contact, or access to information about clients’ affairs, shall receive anti-money laundering training to ensure that their knowledge and understanding is at an appropriate level. Training will furthermore be provided at least once a year so as to maintain awareness and ensure that the company’s legal obligations are met. Any training given will take into consideration the practicality of assigning different tasks to staff as per their role, and all information accessible will be on a need-to-know basis. However, training about the whole process will be provided to employees, so as to ensure that each officer has a holistic understanding of the due diligence, KYC, AML and payout procedures, since these are very closely related.

In light of the seriousness of the obligations placed by law and regulations, and the gravity of the possible penalties, the MLRO shall ensure that information about these obligations is available to all members of staff at all times. The MLRO will also ensure that on-going training is provided, that is, as and when the need arises, even based on direct requests made by employees.

The training programs will include testing to ensure that each individual has achieved the appropriate level of knowledge and understanding. Testing may be conducted in various ways, whether through formal testing, assessment via discussion of case studies, or other means. Special consideration will be given to the training needs of senior management, and of the compliance team, whose knowledge and understanding must be most thorough.

The Human Resources (HR) Department will:

✓ inform every member of staff of the training programs that they are required to undertake, and the timetable for completion;

✓ check that every member of staff has completed the training programs assigned to them, issuing reminders to any who have not completed the programs as per the applicable timetable;

✓ keep records of training completed, including the results of tests or other evaluations demonstrating that each individual has achieved an appropriate level of competence;

✓ update employee personal files with details of training undertaken and results obtained where applicable;

✓ refer to senior management any cases where members of staff fail to respond or whose results are unsatisfactory, to issue reprimands or provide additional training as per the individual case.

The MLRO will be provided with full access to all records held by the HR Department.

On completion of a training cycle, the HR Department will ensure the continuity of ongoing training and also obtain updates from the MLRO in respect of changes happening in the field, so that the HR may ensure that up-to-date training is organized and provided to all members of staff.

Line managers will also provide feedback to the HR Department in respect of:

✓ the effectiveness of the programs completed; and

✓ make suggestions as to different methods of delivery.

Line managers will supplement the training provided to support staff by giving guidance on a day-to-day basis on:

✓ the type of client instructions and transactions that count as ‘significant’ and so should be brought to their attention

✓ identifying client instructions and transactions which, although not of a nature normally counting as ‘significant’, are in some way unusual or anomalous and should be considered with regard to possible suspicion of money laundering or funding of terrorism. The MLRO will determine the training needs for his/her own role, and ensure that he/she undergoes Continued Professional Education (CPE) as required to fulfil his/her legal obligations.

The aim of all training provided is to ensure that staff is capable of identifying any attempted or actual money laundering or funding of terrorism activity exercised by players when using Games & More BV’s services.

Chipstars is using an external 3rd party provider for the simplified due diligence verification procedure and is not liable for mistakes if an error occurs on the external providers side.

7. Keeping records of clients due diligence information

When information is being collected for CDD purposes, the responsible service staff will:

✓ keep records in the client file.

✓record instances where information requested has not been forthcoming, or explanations provided have not been satisfactory.

✓ ensure that all records are kept in a consistent manner so that they are accessible by and comprehensible to other authorized members of staff, including the MLRO.

Transaction and customer records from the date of transaction and end of business relationship respectively, are kept as long as Games & More BV has a valid legal reason to keep such records. Such reasons are limited only to legal obligations which Games & More BV needs to abide by, such as, anti-money laundering obligations, taxation regulations etc. The records are consequently archived. The players have the possibility of accessing transactions from their profile for a period of 2 months. Following that time lapse, details about the transactions may be requested through customer support on [email protected].

Should Games & More BV determine that a player’s record needs to be retained for a prolonged period of time due to the fact that a report has been filed with regards to that player, all relevant records will be retained on the live system and not archived. This is done so as to ensure that Games & More BV complies with its anti-money laundering obligations. Once the enquiry / investigation has been completed and the MLRO has been accordingly informed, then the records will be treated similar to all other information and the same archivingpolicywillthenapply.

8. Monitoring and management of complience

Compliance with this policy shall be constantly tested and ensured. The Board of Directors reserves the right to engage external auditors to examine whether the company is complying with the measures laid out in this procedure. The findings of such audits and any appropriate recommendations for action will be reported to the Board of Directors. The latter will then request for feedback from management in respect of the suggestions made by the auditors. Based on the recommendations as well as management’s feedback, the directors will take a decision of what processes / procedures to amend or introduce. A timeline for implementation will also be discussed and decided upon. Feedback on the implementation of any changes is to be reported back to the directors, since they are ultimately responsible for the company’s operations.

The MLRO will obviously be involved and his input will be deemed paramount in respect of this process. He will be tasked to monitor aspects of the company’s CDD and anti-money laundering policies and procedures. Any deficiency in these procedures or the compliance thereto, which requires urgent rectification will be dealt with immediately by the MLRO, who will report such incidents to the Board of Directors as appropriate. He will also request the Board to provide him with any needed support.

The MLRO will audit the procedure directly, at least annually. The MLRO will also report his findings to the Board of Directors. This report will include:

✓ a summary of any changes in the regulatory environment(s) in which Games & More BV operates.

✓ a summary of AML activities within the company, including the number of internal suspicion reports received by the MLRO and the number of disclosures made to the Authorities.

✓ details of any compliance deficiencies on which action has already been taken, together with reports of the outcomes.

✓ details of any compliance deficiencies on which action needs to be taken, together with recommended actions including suggested timeframe and management support required.

✓ an outline of plans for the continuous development of involved staff, including periodic training and awareness raising activities for all relevant staff.

Whereprovide their feedback and timeline of when necessary action will be taken. management action is indicated, the Board of Directors will request management to.

This procedure will be reviewed and updated at least every six months. However, this may take place more frequently, if changes in legislation or guidelines are introduced at any point in time, or if deemed necessary.