Last Updated: 11 Sep 2023

1.1 The purpose of this Policy is to set out the obligations and practical implementation of measures to be put in place by the Company to comply with its obligations under the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 as amended (the Act).

The Act implements the EU's Fifth Anti-Money Laundering Directive ((EU) 2018/843).

This Policy, and any controls and procedures implemented by the Company relating to AML/CFT take account of the Act and external risk reviews issued domestically and at a European Union (EU) level, such as the National Risk Assessment1, the Irish Gambling Sector Risk Assessment2 , the Supranational Risk Assessment and the Financial Action Task Force Mutual Evaluation Report of Ireland have also been taken account of in this Policy.

1.2 By virtue of engaging in the activity of providing gambling services3 , the Company falls within a “prescribed class of persons under the Act" and therefore, is considered a "designated person" for the purposes of the Act.

The relevant competent authority for gambling service providers is the Minister for Justice.

Given its status as a designated person, the Company must implement an appropriate AML/CFT framework to comply with its obligations under the Act.

1.3 This Policy will be reviewed and updated at least annually or as and when either the legislation is amended or there is a material change to the risks identified by the Company.

2.1 The Company / its board of directors (the Board) bear ultimate responsibility for ensuring compliance with the Act.

However, in order to ensure that the Policy is given effect and adhered to in practice, the Company has delegated certain day to day AML/CFT controls and processes to other parties.

This Policy sets out the responsibilities of these parties and how the Board oversees them to ensure that the Company meets its obligations.

The performance of Customer Due Diligence is carried out on behalf of the Company by [Onfido] .

3.1 The Company may rely on a relevant third party, [ • ], to undertake Customer Due Diligence on a customer in the circumstances set out in Section 40 of the Act.

The third party service provider has confirmed to the Company Board that it has policies and procedures in place to perform the necessary checks to ensure that its reliance on third parties is in compliance with Section 40.

4.1 Money laundering is the process by which criminals conceal and control the proceeds of their crimes.

The ultimate goal of the laundering is to make money or other property appear to have originated from a legitimate source and not from the proceeds of crime.

4.1.1 Criminal property can originate from a wide variety of criminal activities, including fraud, bribery, political corruption, human trafficking and tax evasion.

The Act provides that a person commits a money laundering offence in Ireland if he person engages in any of the following acts in relation to property that is the proceeds of criminal conduct:

(a) Concealing or disguising the true nature, source, location, disposition, movement or ownership of the property, or any rights relating the property;

(b) Converting, transferring, handling, acquiring, possessing or using the property;

(c) Removing the property from, or bringing the property into, the State; and

(d) The person knows or believes (or is reckless as to whether or not) the property is the proceeds of criminal conduct.

4.2 An attempt to commit one of these offences is also an offence.

Terrorist Financing
4.2 Terrorist financing is the process by which terrorists conceal and control their funds.

4.3 Terrorist financing differs from money laundering, as terrorism is often funded by clean money (a legitimate source).

A terrorist financier will seek to disguise money so that it looks like it is being used for a legitimate purpose and not to finance terrorist activity.

4.4 A person is guilty of an offence of financing terrorism if they, in or outside of Ireland, directly or indirectly, unlawfully and wilfully, provide, collect or receive funds intending that they be used or knowing that they will be used to carry out an act involving violence or threats with the intention of intimidating or destabilising a population or a government.
​

5.1 In accordance with the Act, the Company has adopted a risk-based approach in applying AML/CFT compliance measures.

An integral part of preventing ML/TF is understanding the risks associated with the Company's business. Section 30A of the Act therefore requires all.

designated persons to carry out a "business risk assessment" (BRA) to identify and assess the risks of ML/TF involved in carrying on the designated person's business activities.

The Company has conducted a BRA taking into account the following risk factors:

(a) the type of customers that the Company has (Customer Risk);

(b) the products and services or transactions that the Company provides or undertakes (Product Risk);

(c) the countries or geographical areas in which the Company operates (Geographic Risk);

(d) the type of transactions carried out; and

(e) the delivery channels that the designated person uses (Channel / Distribution Risk).

5.2 The BRA is approved by the Board and is updated on an annual basis, The BRA shall be reviewed periodically to ensure it is kept up-to-date.

5.3 The risk assessment of the Company's business feeds into the level and extent of customer due diligence (CDD) which is applied to the Company's customers.

6.1 As set out above, the Act requires a risk based approach when applying AML/CFT measures.

The Company must apply appropriate measures to based on the money laundering/terrorist financing risk presented by each individual customer.

The Company must identify and assess the money laundering/terrorist financing risk in relation to a customer or particular transaction in order to determine the level of CDD required.
​

6.2 In carrying out this assessment, the Company will have regard to:

(a) The purpose of an account or relationship;

(b) The size of transactions undertaken

(c) The regularity of transactions;

(d) Any additional risk variables

(e) The presence of any factor suggesting potentially lower risk (as set out at Schedule 3 of the Act) and

(f) The presence of any factor suggesting potentially higher risk (as set out at Schedule 4 of the Act).
​

6.3 The outcome of the assessment will determine the level of CDD required for that particular customer.

6.4 In accordance with the Act, the Company is required to:

(a) identify the customer – obtain details of the business, the directors/authorised signatories (including their power of authority) and where relevant verify the customer’s identity/address through documentation or information from a reliable source;

(b) identify the beneficial owner – obtain details of the beneficial owners and, where relevant, carry out risk-based measures to verify their identity;

(c) obtain information on the nature of the business relationship, the anticipated level and nature of the activity that is to be undertaken through the business relationship; and

(d) conduct ongoing transaction monitoring.

6.5 The Act specifies that CDD must take place “prior to” any of these circumstances:

(a) establishing a business relationship with the customer;

(b) prior to carrying out any service for the customer, if there are reasonable grounds to believe that there is a real risk that the customer is involved in, or the service sought by the customer is for the purpose of, money laundering or terrorist financing;

(c) prior to carrying out any service for the customer, if there reasonable grounds to doubt the veracity or adequacy of CDD documents which have previously been obtained.

6.6 The Company carries out a process of identification which involves obtaining a range of information about the customer.

In some situations, such as when the Company enters into commercial partnerships or obtains investment, the Company will also identify who the beneficial owner of a corporate entity which may include checking the relevant beneficial ownership register.

6.7 At a minimum, the Company will verify the following information about its individual customers:

(a) Full name

(b) Current address

(c) Date of Birth

6.8 Verification is the process of verifying this information against a range of documents, data or information from a reliable and independent source.

6.9 This information can be verified by using government-issued documents, such as passports or driving licences, and other online databases

7.1 Where a customer is assessed as having a higher risk of money laundering, Enhanced Customer Due Diligence (EDD) is required.

7.2 As part of Enhanced Customer Due Diligence, information needs to be obtained from the customer primarily to confirm whether:

(a) the customer is engaged in activities involving substantial amounts of cash handling

(b) the customer can easily confirm and explain the origin of their funds

(c) the customer's expenditures are proportionate to their income or wealth

7.3 The required information to gather from the customer includes:

(a) Company name

(b) Country of operation

(c) Nature of business

(d) Job description

(e) Employment status (executive/employee/part-time/freelancer/unemployed)

(f) Pay cycle (monthly/weekly/daily/irregular)

(g) Monthly salary amount

(h) Payslip image

(i) Whether the customer is involved in cash-handling occupations.

7.4 Customers that are identified as being established or residing in a high-risk third country and/or any other circumstances where there is a heightened risk of money laundering/terrorist financing (e.g. has been identified as a PEP), will be referred to the Board to approve the establishment/continuation of the relationship.

7.5 The Company may use a third party’s automated identity verification service to verify the identity of our customers before they are allowed to open an account, deposit funds or gamble.

7.6 The Company will only allow accounts to be opened by verified Irish residents with an Irish bank account. Also, the Company does not permit any form of third party or agent funding. All non-Irish customers will be blocked on registration.

7.7 Customer location is checked by GPS to avoid risk which arises from cross-border operations. Customers can not login from any countries except Ireland.

7.8 The Company prohibits customers from creating multiple gambling accounts to obscure their spending levels or to avoid threshold checks.

7.9 The third-party identity verification provider will undertake IP and other checks during the registration process and will prohibit account opening when the individual is not located in Ireland.

7.10 The Company does not allow PEPs or those appearing on any European Union (EU) or United Nations (UN) sanctions list to open an account. The third-party identity verification provider will undertake PEP and sanctions checks during the registration process and will prohibit account opening when the individual is a PEP or if there is a sanctions match.

7.11 The Company and/or it’s third party identity verification provider may either use open source information, such as press reports, or negative source information, such as register of deceased persons, in order to carry out checks on individuals.

7.12 Matching identification and bank account name is mandatory. All accounts are fully identified and verified before deposit or bet is placed and only Irish payment methods by way of debit card/bank transfer are accepted.

7.13 The Company will use a third-party identity verification provider to undertake the following checks.

(a) ID document check (to ensure that the identification document is not forged)

(b) Biometric check (to confirm that the photo on the identification document matches the person through video recording)

(c) Proof of address (to verify the match between the address entered and the address on the submitted documents)

(d) ID record (to confirm that the individual is not associated with government officials or fraud groups through cross-referencing with verified external databases).

7.14 To avoid identity fraud, registration using lost ID information will be declined.

If during the source of funds checks, there is evidence of third party funding, a full investigation will take place the business relationship reviewed.

7.15 If, in the course of conducting sanctions screening, the third-party identity verification provider identifies any positive matches, the provider will immediately notify the MLRO to facilitate the MLRO in taking appropriate steps not to transfer funds or make funds or economic resources available, directly or indirectly, to the sanctioned person or entity.

The MLRO will also promptly report the sanctions match on behalf of the Company to the appropriate competent authority.

8.1 Junichi Inaba is the MLRO for the Company.

The MLRO is responsible for ensuring communication of reports of suspicious transactions to the Financial Intelligence Unit of An Garda Síochána and the Revenue Commissioners (the Irish Authorities) pursuant to the Act as soon as practicable and also acts as a liaison with the Irish Authorities.
​

8.2 The MLRO is required to determine whether the information or other matters contained in a suspicious transaction report they have received via any internal reporting procedure merit the making of a report to the Irish Authorities.

Accordingly, the MLRO maintains a formal register of all suspicious transaction reports received by them, the determinations made, any subsequent reports made to the Irish Authorities and any further correspondence sent or received.

Where the MLRO decides not to make a report to the Irish Authorities, a record of that fact is recorded, together with the reason(s) for not making the report.

8.3 The Board will support the MLRO in having free and direct access to the Irish Authorities, or to any supervisory body, in order that any suspicious activity can be reported to the appropriate bodies as soon as practicable after acquiring the relevant knowledge, forming the suspicion or acquiring reasonable grounds to suspect that a person has been or is engaged in money laundering or terrorist financing.

8.4 The MLRO has confirmed to the Board that they have sufficient knowledge of the Act, the Company and its activities, services and systems, and the policies and procedures and the Board is satisfied that they have the authority to act independently and autonomously in carrying out their responsibilities.

8.5 The MLRO is responsible for reporting the following to the Board:

9.1 Submitting a Suspicious Transaction Report (STR) protects individuals, organisations and Irish financial institutions from the risk of laundering the proceeds of crime.

All gambling business have an obligation to report suspicious activity as part of their duties under the Act.
​

9.2 The Company and its employees have a responsibility to report transactions/activities that may constitute money laundering or terrorist financing. Monitoring allows the Company to recognise the risk posed by the customer and identify any unusual behaviour.

9.3 An example of a STR is as follows:

9.4 To minimise the risk of money laundering, we operate a closed loop policy which will ensures that customers can only withdraw their funds back to the same source as their deposit.

9.5 In exceptional circumstances where a closed loop cannot be used, such as expiry of a customer’s debit card, a record will be kept with the reason why the exception was made.

9.6 Customers will be required to level off any deposits made with the same amount of withdrawals for certain payment methods before customers can withdraw any excess funds back via another payment source.

9.7 All reports of suspicious activity, whether emanating from the Company or a third party service provider, are required to be made in the first instance to the MLRO.

9.8 The MLRO is responsible for making a determination as to whether there are reasonable grounds to suspect an offence of money laundering or terrorist financing. In the event that such reasonable grounds exist, the MLRO will file an STR on behalf of the Company as “soon as practicable” with FIU Ireland (using the GoAML system)9 and the Revenue Commissioners (using the ROS system)10 .

9.9 If a suspicion is not reported externally, the MLRO will document and retain the considerations and reasons for not making a report.

9.10 Our flow from withdrawal request to SAR submission decision is as follows .

9.11 In the event that a customer is matched to either the EU terrorist lists or UN terrorist lists, the MLRO will file an STR immediately with FIU and not carry out any service or transaction in respect of the customer until the report has been made.

9.12 It is important not to tell a customer that the MLRO has completed, or is completing a report about them, as this may lead to “tipping off” which is itself a criminal offence under the Act. Employees may discuss with the MLRO the best way to avoid tipping off a suspect.

9.13 If a customers behaviour or status meets the criteria outlined by the Company’s established requirements, the Company will set alerts and conduct EDD (as described above) on the customer. The various requirements and criteria are as follows:

Note: The Company does not permit crypto assets to be used as a means of payment for its betting services, due to concerns about their use in facilitating money-laundering.

Therefore, at this time, even if customers request the use of cryptocurrency, we will explain the reason and circumstances why we do not accept cryptocurrency as a means of payment and will verify our other methods of payment.

Where source of wealth enquiries establish that a customer’s funds are originating from the sale of cryptoassets or cryptocurrency, this will be reported to the MLRO for consideration of submission of a STR to the FIU and Revenue Commissioner.

In the future, technological innovation may create not only the above blockchain technology but also various new innovative technologies.

Even if they are deemed to be reasonable, the technology and compliance staff must be careful to align their views and policies with those of the Irish Government, the national relevant competent authority and applicable legislation, to ensure that they do not contribute to money laundering.

However, updates of the security or new features of existing services are not considered new technology for the purposes of this section.

10.1 The Company has a responsibility to ensure that they have in place appropriate procedures for employees, or persons in a comparable position, to report a contravention of the Act internally through a specific independent anonymous channel, proportionate to the nature and size of the Company.

10.2 The Board of the Company will ensure that it receives periodic updates from any verification service providers and the MLRO in respect of AML due diligence and on-going AML risk management activities.

11.1 The Company ensures that their personnel receive proper training on;

(a) The money laundering risk faced by the Company’s business;

(b) Understanding the Company’s procedures for managing those risks;

(c) Awareness on the identity and responsibilities of the person responsible for making reports to the FIU and the Revenue Commissioner; and

(d) The potential effect of a breach of the Act on the Company’s business and their employees.

11.2 The Company will ensure that mandatory employee training on preventing money laundering and terrorist financing will reoccur annually for all employees.

12.1 The Company will maintain adequate and orderly records in relation to the AML/CFT requirements for a minimum period of five years, or for an extended period up to a further five years where directed by a member of An Garda Síochána.

Upon the expiry of retention periods, the Company will ensure that any personal data contained in any document or other record retained solely for the purposes of compliance with record retention requirements under the Act is deleted.

13.1 Any new employee of the Company or contractor must represent and warrant that they have no criminal history or connection to any criminal activity and any future instances must be communicated to the Company.

13.2 Employees of the Company are prohibited from registering an account. A breach of this policy will result in disciplinary action.

We have not planned the following strategies/schemes to avoid taking general money laundering risks.