AML Policy

1. Purpose and scope

This Anti-Money Laundering and Counter-Terrorism Financing Policy ("AML Policy") describes the controls Cinoslots N.V. operates to prevent, detect and report money laundering, terrorism financing, proliferation financing, sanctions evasion and predicate criminal conduct on the Cinoslots platform. The policy is owned by the Money Laundering Reporting Officer ("MLRO") and approved by the Board of Directors. It is reviewed at least annually and after any material regulatory change. The policy applies to every employee, contractor, affiliate and player.

The policy is informed by the Forty Recommendations of the Financial Action Task Force ("FATF"), the European Union's Sixth Anti-Money Laundering Directive ("6AMLD") read alongside the EU's Markets in Crypto-Assets Regulation ("MiCA"), the recommendations of the Caribbean Financial Action Task Force ("CFATF"), the directives of the Curaçao Gaming Control Board, the National Ordinance on Reporting Unusual Transactions, and applicable sanctions regimes including the United Nations consolidated list, the European Union consolidated list, the United States Office of Foreign Assets Control ("OFAC") list and the United Kingdom Office of Financial Sanctions Implementation ("OFSI") list.

2. Risk-based approach

We assess the inherent money-laundering and terrorism-financing risk of every player, every product, every payment channel and every geography. Risk is scored continuously using a model that factors in: country of residence and access; the cumulative deposit amount over rolling thirty-day, ninety-day and one-year windows; the wagering pattern (including the ratio of deposits to wagered amount); the deposit asset and the source wallet's blockchain reputation score; the velocity of deposits and withdrawals; KYC tier and PEP/sanctions status; behavioural anomalies relative to the player's own historical baseline.

Each player is placed into a risk band — low, medium, high or prohibited — and the controls applied scale with the band. High-risk players are subject to enhanced due diligence, lower transaction limits, manual review of every withdrawal and senior-management sign-off on any account-closure decision.

3. Customer due diligence (CDD) and KYC tiers

Customer due diligence is performed at three tiers; full details are in the KYC Policy.

• Tier 0 — basic: email, password, country, age attestation, IP geolocation, device fingerprint. Permits play and withdrawals up to the limits set on the Deposit page (typically 0.5 BTC equivalent per ninety days). Triggered automatically at registration.
• Tier 1 — standard: government photo ID + selfie liveness + proof of residential address. Required when cumulative net deposits or withdrawals exceed Tier 0 thresholds, when the player is detected in a higher-risk jurisdiction, when a velocity anomaly is flagged, or when a regulator requires it.
• Tier 2 — enhanced (EDD): source-of-funds documentation (payslips, bank statements, tax returns, sale-of-asset paperwork, inheritance documents) plus, for very high-volume players, source-of-wealth documentation. Required for cumulative volume above $50,000 USD-equivalent, for any player flagged as a politically exposed person, and for any player whose deposit funds are flagged by blockchain analytics as having touched a mixer, sanctioned address or other high-risk source.

4. Sanctions and PEP screening

Every player is screened against the consolidated UN, EU, OFAC, OFSI and Swiss SECO sanctions lists, against PEP and adverse-media databases, and against an internal block-list of previously closed accounts. Screening is performed at registration, on any change of name or country, on first deposit, on every withdrawal request and continuously through a daily delta sweep. A positive sanctions match results in the immediate freeze of the account and a confidential report to the relevant Financial Intelligence Unit. PEP matches result in mandatory enhanced due diligence and senior-management sign-off on any further activity.

5. Source of funds and source of wealth

Source-of-funds enquiries seek to confirm the lawful origin of the specific funds being deposited, including the wallet from which the deposit originated and, for fiat-derived crypto purchases, the exchange and bank account used. Source-of-wealth enquiries seek to confirm the lawful origin of the player's overall financial position and are reserved for very high-volume players. Acceptable evidence is non-exhaustive and risk-graded; common documents include bank statements, tax returns, employer letters, pension statements, dividend statements, sale-of-property contracts, gift declarations and inheritance documents. Documents in a language other than English, Spanish, Portuguese or Dutch must be accompanied by a certified translation.

6. Transaction monitoring

Every deposit, withdrawal, internal transfer and high-volume wager is screened in real time by an automated rules engine. Rules cover, without exhaustion: structuring (multiple deposits just below a reporting threshold); rapid deposit-then-withdraw with minimal play ("loop testing"); deposits from sanctioned, mixer or darknet-market wallets; abnormal increase in stake size relative to baseline; mismatch between residential country and IP country sustained over time; wagering patterns suggestive of bonus abuse or chip-dumping; receipt of funds immediately preceding a sanctions match.

Alerts are triaged by the AML team within four (4) business hours. False positives are documented and used to retrain the model. True positives result in a Suspicious Activity Report ("SAR") filed with the relevant Financial Intelligence Unit. Filing a SAR is confidential by law and we are prohibited from "tipping off" the player; if your account is frozen for reasons we are not at liberty to disclose, this is the most likely explanation.

7. Reporting and record-keeping

We file SARs with the FIU of Curaçao and, where required by law, with the FIU of the player's residence. We also file Currency Transaction Reports and equivalent reports where applicable thresholds are crossed. All KYC records, transaction records, wager records, screening results and SAR documentation are retained for a minimum of seven (7) years from the date of the relevant event, encrypted at rest and access-controlled on a strict need-to-know basis. Records are made available to regulators, courts and law enforcement on lawful request without prior notice to the player.

8. Prohibited activity and player obligations

You must not deposit funds derived from criminal conduct, attempt to layer or integrate proceeds of crime through wagering, deposit on behalf of a third party, accept payment from a third party for a withdrawal, structure transactions to avoid reporting thresholds, or use the platform to facilitate any sanctioned transaction. Any of the foregoing is a material breach of the Terms of Service and the AML Policy and will result in account closure, forfeiture of any tainted funds and a confidential report to the FIU.

9. Training, governance and audit

Every employee with access to player or transaction data completes annual AML training; the AML team and senior managers complete additional role-specific training. The MLRO reports to the Board of Directors at least quarterly with a written summary of risk metrics, alert volume, SAR volume, regulatory engagement and policy changes. The AML programme is independently audited at least every two (2) years; the most recent audit report is available to the regulator on request.

10. Cooperation with authorities

We cooperate fully and proactively with regulators, the FIU of Curaçao, foreign FIUs operating through Egmont Group channels, courts and law enforcement, including by responding to formal requests for information, freezing orders, restraint orders and asset-recovery orders. Where law permits we will notify the player of a request; where law prohibits notification (for example a "tipping-off" prohibition under SAR rules) we will not.

11. Contact

MLRO: [email protected] (PGP fingerprint published at /security). Compliance team: [email protected]. Postal: Cinoslots N.V., Attn: MLRO, Heelsumstraat 51, E-Commercepark Unit 102, Willemstad, Curaçao.