Purpose and Scope
The Anti-Money Laundering and Countering the Financing of Terrorism Policy (the Policy) governs all activities conducted by Bk33 in relation to online gaming services, account management, payments, and customer interactions. The Policy establishes the framework for identifying, assessing, and mitigating money laundering and terrorist financing risks in accordance with applicable laws, regulatory expectations, and international standards.
Regulatory Framework and Licensing
Bk33 operates in compliance with the licensing and regulatory requirements applicable to its business activities. The Policy aligns with applicable AML/CFT statutes, regulations, and supervisory guidance. The Company shall maintain ongoing compliance with the duties imposed by the supervising authority and available enforcement mechanisms, including customer due diligence, record-keeping, and reporting obligations.
Governance and Roles
The ultimate responsibility for AML/CFT compliance rests with the designated Compliance Officer, who reports to the Board or the equivalent governance body. The Compliance Officer shall oversee the implementation of this Policy, ensure staff training, approve risk-based procedures, and coordinate with internal and external auditors as required.
Risk-Based Approach
Bk33 applies a risk-based approach to AML/CFT controls. Risk is assessed at onboarding and reviewed on an ongoing basis in response to changes in customer profiles, products, channels, or geography. The Company maintains a risk register detailing customer risk, product risk, interface risk, and geographic risk, with higher scrutiny applied to elevated risk categories.
Customer Due Diligence (CDD) and Onboarding
- Customer identity must be verified before activation of an account or the provision of services. Acceptable verification documents include government-issued photo ID and proof of address. Verification shall be completed using reliable, independent source documents, data, or methods.
- For corporate or legal entity customers, identify the ultimate beneficial owner(s) and control structure.
- Obtain information regarding the source of funds and, where applicable, the source of wealth for risk-based customers, particularly where large or unusual activity is anticipated. Documentation may include payslips, bank statements, or corporate documents demonstrating legitimate funds.
- The extent of due diligence is proportional to risk. Enhanced verification may be required for higher-risk customers or jurisdictions.
Ongoing Monitoring and Due Diligence
Bk33 conducts ongoing monitoring of customer activity to identify suspicious, unusual, or high-risk transactions. Monitoring extends to profile updates, transaction pattern analysis, and reconciliation of expected versus actual activity. The Company conducts periodic reviews to ensure customer information remains accurate and up-to-date and to reassess risk levels as customers’ activity evolves.
Enhanced Due Diligence (EDD)
EDD applies to customers or transactions presenting elevated risk due to factors such as high-risk geographies, PEP status, large or unusual transaction patterns, or complex ownership structures. EDD requires additional identity verification, source of funds verification, closer monitoring, and, where necessary, senior management or Compliance Officer approval before continuing business relationships.
Sanctions, Politically Exposed Persons (PEP) and Screening
Bk33 maintains ongoing sanctions screening and PEP screening for all customers and counterparties. Any positive match triggers immediate escalation, halting of transactions if required, and notification to the Compliance Officer for further action consistent with regulatory obligations.
Record Keeping and Data Retention
All records related to customer due diligence, ongoing monitoring, transactions, and internal communications are retained for not less than five (5) years from the date of the last business interaction or as required by applicable law. Records shall be stored securely, protected from unauthorized access, and readily retrievable for regulatory examination or internal audits.
Suspicious Activity Reporting and Cooperation
Any suspicious activity or transactions identified by Bk33 must be assessed by the Compliance Officer. If warranted, a Suspicious Transaction Report (STR) or equivalent notification shall be filed with the competent authority in accordance with applicable law. Internal escalation shall occur promptly to ensure timely action, and information shall be shared with authorities as legally permissible.
Training and Competence
Bk33 provides ongoing AML/CFT training to all staff, including identifying red flags, proper handling of customer data, and the legal obligations surrounding reporting. Training frequencies are determined by risk level and role, with completion records maintained for audit purposes.
Third-Party Relationships and Payment Processing
Due diligence is conducted on third-party service providers, agents, and payment processors engaged by Bk33. Contracts include AML/CFT obligations, data security requirements, and the right to audit. Ongoing monitoring of third parties ensures continued compliance with applicable AML/CFT standards.
Data Privacy and Information Security
Bk33 treats personal data in accordance with applicable privacy laws and its Privacy Policy. Access to customer data is restricted to authorized personnel, protected by appropriate technical and organizational measures, and used solely to fulfill AML/CFT purposes.
Responsible Gaming and Self-Exclusion
Self-exclusion and responsible gaming measures are integrated with AML controls. Where a customer has self-excluded, access to gaming services is restricted as appropriate, and ongoing monitoring may be intensified to detect circumvention attempts, in alignment with regulatory and internal risk policies.
Policy Review and Amendments
This Policy is reviewed at least annually and upon material regulatory or business changes. Any amendments require approval by the governance body and communication to relevant stakeholders. The effective date of the latest revision shall be recorded and made available to regulators if requested.