Customer identification and verification (KYC)

Introduction

The formal identification of customers on entry into commercial relations is a vital element, both for the regulations relating to money laundering and for the KYC policy.

Identification Requirements

This identification relies on the following fundamental principles:

• A copy of your passport, ID card or driving license, each shown alongside a handwritten note mentioning six random generated numbers. Also, a second picture with the face of the user/customer is required. The user/customer may blur out every information, besides date of birth, nationality, gender, first name, second name and the picture. To secure their privacy.
• Please note that all four corners of the ID have to be visible in the same image and all details have to be clearly readable besides the name above. We might ask for all details if necessary.
• An employee may do additional checks, if necessary, based on the situation.

Proof of Address

Proof of address will be done via different electronic checks, which use two different databases. If an electronic test fails, the user/customer has the option to make a manual proof.

For example, a recent utility bill sent to your registered address, issued within the last 3 months or an official document made by the government that proves your state of residence.

To make the approval process as speedy as possible, please make sure the document is sent with a clear resolution where all four corners of the document are visible, and all text is readable.

For example: An electricity bill, water bill, bank statement or any governmental post addressed to you.

An employee may do additional checks, if necessary, based on the situation.

Source of Funds

If a player deposits over a five thousand euro there is a process of understandings the source of wealth (SOW).

Examples of SOW are:

• Ownership of business
• Employment
• Inheritance
• Investment
• Family

It is critical that the origin and legitimacy of that wealth is clearly understood. If this is not possible an employee may ask for an additional document or prove.

The account will be frozen if the same user deposits either this amount in one go or multiple transactions which amount to this. An email will be sent to them manually to go through the above and information on the website itself.

www.apuestasroyal.com also asks for a bank wire/credit card to further insure the Identity of the user/customer. It also gives additional information about the financial situation of the user/customer.

Basic document for step one

The basic document will be accessible via the setting page on www.apuestasroyal.com. Every user has to fill out the following information:

• First name
• Second name
• Nationality
• Date of birth
• Gender

The document will be saved and created by an AI; an employee may do additional checks, if necessary, based on the situation.

Risk Management

In order to deal with the different risks and different states of wealth in different regions on earth www.apuestasroyal.com will categorize every nation in three different regions of risk.

• Region one: Low risk, For every nation from region one the three-step verification is done as described earlier.
• Region two: Medium risk, For every nation from region two the three-step verification will be done at lower deposit, withdrawal and tip amounts. Step one will be done as usual. Step two will be done after depositing 1000$ (one thousand Dollars), withdrawing 1000$ (one thousand Dollars) or tipping another user/customer 500$ (five hundred Dollars.) Step three will be done after depositing 2500$ (two thousand five hundred Dollars), withdrawing 2500$ (two thousand five hundred Dollars) or tipping another user/customer 1000$ (one thousand Dollars). Also, users from a low-risk region that change crypto currency in any other currency will be treated like users/customers from a medium risk region.
• Region three: High risk - Regions of high risks will be banned, Regions of high risks will be banned. High risk regions will be regularly updated to keep up with the changing environment of a fast-changing world.

Additional measurements

In addition, an AI which is overseen by the AML compliance officer will look for any unusual behavior and report it right away to an employee of www.apuestasroyal.com.

According to a risk based few and general experience the human employees will recheck all checks which are done before by the AI or other employees and may redo or do additional checks according to the situation.

In addition, a data Scientist supported by modern, electronic, analytic systems will look for unusual behavior like: Depositing and withdrawing without longer Betting sessions. Attempts to use a different Bank account for Deposit and Withdraw, nationality changes, currency changes, behavior and activity changes as well as checks, if an account is used by its original owner.

Also, a User has to use the same method for Withdraw as he used for Deposit, for the amount of the initial Deposit to prevent any Money Laundering.

Enterprise-wide risk assessment

As part of its risk-based approach, www.apuestasroyal.com has conducted an AML “Enterprise-wide risk assessment” (EWRA) to identify and understand risks specific to www.apuestasroyal.com and its business lines. The AML risk policy is determined after identifying and documenting the risks inherent to its business lines such as the services the website offers. The Users to whom services are offered, transactions performed by these Users, delivery channels used by the bank, the geographic locations of the bank’s operations, customers and transactions and other qualitative and emerging risks.

The identification of AML risk categories is based on www.apuestasroyal.com understanding of regulatory requirements, regulatory expectations and industry guidance. Additional safety measures are taken to take care of the additional risks the world wide web brings with it.

The EWRA is yearly reassessed.

Ongoing Transaction Monitoring

AML-Compliance ensures that an "ongoing transaction monitoring" is conducted to detect transactions which are unusual or suspicious compared to the customer profile.

This transaction monitoring is conducted on two levels:

1) The first Line of Control:

www.apuestasroyal.com works solely with trusted Payment Service Providers who all have effective AML policies in place to prevent the large majority of suspicious deposits onto www.apuestasroyal.com from taking place without proper execution of KYC procedures onto the potential customer.

2) The second Line of Control:

www.apuestasroyal.com makes its network aware so that any contact with the customer or player or authorized representative must give rise to the exercise of due diligence on transactions on the account concerned. In particular these include:

• Requests for the execution of financial transactions on the account;

• Requests in relation to means of payment or services on the account;

Also, the three-step verification with adjusted risk management should provide all necessary information about all customers of www.apuestasroyal.com at all times.

Also, all transactions must be overseen by employees over-watched by the AML compliance officer who is over-watched by the general management.

The specific transactions submitted to the customer support manager, possibly through their Compliance Manager must also be subject to due diligence.

Determination of the unusual nature of one or more transactions essentially depends on a subjective assessment, in relation to the knowledge of the customer (KYC), their financial behavior and the transaction counterparty.

These checks will be done by an automated System, while an Employee cross check them for additional security.

Any www.apuestasroyal.com staff members must inform the AML division of any atypical transactions which they observe and cannot attribute to a lawful activity or source of income known to the customer.

3) The third Line of Control:

As a last line of defense against AML www.apuestasroyal.com will do manual checks on all suspicious and higher risk users in order to fully prevent money laundering.

If fraud or Money Laundering is found the authorities will be informed.

Reporting of Suspicious transactions on www.apuestasroyal.com

In its internal procedures, www.apuestasroyal.com describes in precise terms, for the attention of its staff members, when it is necessary to report and how to proceed with such reporting.

Reports of atypical transactions are analyzed within the AML team in accordance with the precise methodology fully described in the internal procedures.

Depending on the result of this examination and on the basis of the information gathered, the AML team:

• will decide whether it is necessary or not to send a report to the FIU, in accordance with the legal obligations provided in the Law of 18 September 2017.
• will decide whether or not it is necessary to terminate the business relations with the customer.

Procedures

The AML rules, including minimum KYC standards will be translated into operational guidance or procedures that are available on the Intranet site of www.apuestasroyal.com.

Record keeping

Records of data obtained for the purpose of identification must be kept for at least ten years after the business relationship has ended.

Records of all transaction data must be kept for at least ten years following the carrying-out of the transactions or the end of the business relationship.

This data will be safely, encrypted, stored offline and online.

Training

www.apuestasroyal.com human employees will make manual controls on a risk-based approval for which they get special training.

The training and awareness program is reflected by its usage:

• A mandatory AML training program in accordance with the latest regulatory evolutions, for all in touch with finances.
• Academic AML learning sessions for all new employees.

The content of this training program has to be established in accordance with the kind of business the trainees are working for and the posts they hold. These sessions are given by an AML-specialist working in Bet N Play Solution B.V. AML team.

Auditing

Internal audit regularly establishes missions and reports about AML activities.

Data Security

All data given by any user/customer will be kept secure, will not be sold or given to anyone else. Only if forced by law, or to prevent money laundering data may be shared with the AML-authority of the affected state.

www.apuestasroyal.com will follow all guidelines and rules of the data protection directive (officially Directive 95/46/EC)