Anti-Money Laundering and Counter-Terrorist Financing (AML/CFT) Policy of Pingwin Casino

    Version 1.0 Effective Date: May 20, 2025

    1. Purpose and Principles

    1.1 This Policy establishes a system of measures to prevent the use of Pingwin Casino products and services for money laundering, terrorist financing, sanctions violations, and other illegal activities.

    1.2 This Policy is based on:

    • FATF Recommendations (including the Travel Rule for virtual assets);
    • 2016 Curaçao AML/CFT Regulations;
    • Curaçao License OGL/2024/995/0478;
    • EU General Data Protection Regulation (GDPR) and national regulations.

    1.3 The Company applies a Risk-Based Approach (RBA): the depth of verification and monitoring is directly proportional to the identified risk level of the client, product, channel, and jurisdiction.

    2. Scope of Application

    2.1 This Policy is mandatory for all employees, managers, agents, service providers, and clients of Pingwin Casino.

    2.2 It covers all gaming products (online casino, sports betting, crypto transactions), channels (web, mobile applications, API), and currencies (fiat, virtual assets).

    3. Definitions

    • ML/TF — actions aimed at legalizing criminal proceeds and financing terrorism.
    • Client — an individual creating an account on the platform. Legal entities are not serviced.
    • PEP — Politically Exposed Person.
    • CDD/EDD — basic and enhanced customer due diligence procedures.
    • STR — Suspicious Transaction Report to the authorized body (FIU).

    4. Corporate Governance

    4.1 The Board of Directors approves the Policy, AML KPIs, and receives quarterly reports.

    4.2 Chief Compliance Officer (CCO):

    • bears personal responsibility for the implementation and updating of the AML/CFT program;
    • organizes risk assessment, investigations, reporting, and interaction with the FIU;
    • annually initiates an independent external audit.

    4.3 The company operates a Fusion Center (AML + anti-fraud + cybersecurity) for log sharing and real-time response.

    5. Enterprise-Wide Risk Assessment (EWRA)

    5.1 Conducted at least annually or when the business model changes.

    5.2 Assessed:

    Category Example Factors
    Client "Jurisdiction, PEP status, crypto reputation, source of funds"
    Product "Fiat, USDT/TRC-20, bonus schemes"
    Channel "Web access, API, third-party wallets, anonymizers"
    Geography "FATF high-risk countries, sanctioned territories"

    5.3 Results are documented, approved by the Board of Directors, and integrated into CDD/monitoring rules.

    6. Know Your Customer (KYC/CIP) Program

    6.1 Basic CDD (Low/Medium Risk):

    • Full name, date of birth, address, nationality, e-mail, IP/device fingerprint;
    • identification document + Liveness/Selfie-check;
    • age verification ≥ 18 years;
    • sanctions and PEP screening (UN, EU, OFAC, UK HMT, World-Check, adverse media).

    6.2 Enhanced DD (High Risk / triggers):

    • source of funds (SoF) and source of wealth (SoW);
    • proof of income (employer's certificate, broker statement, etc.);
    • explanation of gaming purposes, betting profile;
    • tax status confirmation.

    6.3 It is prohibited to open/maintain an account if the client:

    • evades providing data or submits forged documents;
    • is on sanctions lists or resides in a prohibited jurisdiction;
    • uses anonymizers to hide geolocation;
    • shows signs of gambling addiction (based on RG analysis results).

    6.4 Re-verification: every 3 years for Medium Risk clients, annually for High Risk clients, or as required by the monitoring system.

    7. Sanctions Compliance and Geo-blocking

    7.1 Automatic screening of identity and crypto addresses upon registration, each deposit, and withdrawal.

    7.2 Blocking of IP/GPS/time-zone from comprehensively sanctioned countries (Iran, North Korea, Syria, Cuba, Crimea, LPR/DPR, etc.).

    7.3 Re-screening of all active accounts every 24 hours using real-time API of sanctions databases.

    8. Transaction Monitoring

    8.1 Technologies: proprietary rules-engine, Chainalysis API, AI-velocity checkers, bonus abuse detector, ban-evasion software.

    8.2 Red Flags (sample):

    • deposit/withdrawal > 10,000 USD or a sharp increase in activity (velocity);
    • multiple accounts, matching devices, VPN masking;
    • use of mixers, privacy coins, "sandwich" patterns (deposit-bet-withdrawal);
    • bonus laundering (minimum bonus turnover → withdrawal).

    8.3 Travel Rule: for crypto transfers ≥ 1,000 USD, sender/receiver data is exchanged via TRISA/Notabene.

    8.4 Response Process: alert → account freeze → EDD and document collection → internal investigation → STR (if necessary) → CCO decision (unfreeze/block/close).

    8.5 Withdrawal Same-Route: withdrawal of funds is allowed using the same method from which the deposit was made until EDD is completed.

    9. Suspicious Transaction Reporting (STR)

    9.1 STR is sent to FIU Curaçao (and, if necessary, to other competent authorities) no later than 3 working days after internal approval by the CCO.

    9.2 Employees are prohibited from informing the client about the fact of STR submission (non-tipping-off principle).

    10. Record Keeping and Data Storage

    10.1 KYC dossiers, monitoring logs, STR decisions are stored for ≥ 5 years after account closure;

    10.2 Backup copies — in a secure cloud (RTO ≤ 1 hour).

    10.3 Access — on a "need-to-know" basis; all data is encrypted.

    10.4 Data transfer to third parties is permissible only by law, Travel Rule, or request from regulatory authorities.

    11. Vendor Management

    11.1 Before connecting a KYC/analytics provider, due diligence and AML level assessment are conducted.

    11.2 Contracts include an obligation to comply with this Policy; annual reviews.

    11.3 In case of non-compliance — a corrective action plan or termination of services.

    12. Training and Awareness

    12.1 All employees undergo an introductory AML/CFT and Responsible Gaming course upon hiring and annual e-learning with a gamified test (passing threshold ≥ 80%).

    12.2 Separate modules for VIP managers, technical support, Fraud analysts.

    12.3 Results are stored in LMS and included in CCO's KPIs.

    13. Independent Audit and Testing

    13.1 External audit of the AML program — annually; the report is sent to the Board of Directors and, upon request, to the regulator.

    13.2 Red-team / stress-test scenarios (layering, mass withdrawal, KYC provider breach) — at least once every 2 years.

    14. Whistleblowing Channels

    14.1 Anonymous whistleblower line (email + web form) goes directly to the CCO; zero-tolerance policy for retaliation.

    15. AML Key Performance Indicators (KPIs)

    • Average response time to a critical alert ≤ 60 min;
    • Percentage of EDDs completed ≤ 30 days ≥ 95%;
    • STR/alerts level — monitored dynamically;
    • Number of detected duplicate accounts to the total number of registrations.

    16. Business Continuity Plan (BCP)

    16.1 Redundant infrastructure for AML systems; daily off-site backups;

    16.2 BCP test — annually.

    17. Policy Updates

    17.1 The CCO revises the document annually or when legislation/risks change.

    17.2 Changes are approved by the Board of Directors;

    17.3 Employees and partners are notified within 10 working days.

    Final word from Pingwin Casino

    We love fair play, we adore thrills, but we have no love for money laundering and never will.

    If you are an honest player — you will have fun with us, safely and transparently.

    If you decide to try your luck in financial fraud — you will definitely not be lucky.

    Follow the rules, respect yourself and others, and let your only reason for excitement be the jackpot reel

    With love and compliance,
    The Pingwin Casino Team