Winner Island Casino - AML Policy

We assess the money-laundering and terrorist-financing risk of every customer relationship using a documented risk-assessment framework that considers customer type, geographic location, product, transaction patterns and delivery channel. Customers are categorised as low, medium or high risk and the level of due diligence applied is calibrated accordingly.

Our risk assessment is reviewed at least annually by our Money Laundering Reporting Officer (MLRO) and re-performed whenever there is a material change in our products, customer base or the regulatory environment.

Before you can withdraw funds and, in any case, before reaching the regulatory threshold of €2,000 in deposits or wagers (whichever comes first), you must complete identity verification. This requires a valid government-issued photo ID (passport, driving licence or national ID card) and a proof of address dated within the last three months (utility bill, bank statement or council tax bill).

We use electronic identity-verification providers and may also rely on credit-reference data, mobile-network data and database checks to verify your identity. Where electronic verification is inconclusive, manual document review is performed.

We do not accept anonymous accounts, accounts in fictitious names or accounts opened on behalf of an undisclosed third party.

We apply EDD where a customer is identified as higher risk, including: politically exposed persons (PEPs) and their close associates; customers from high-risk third countries listed by the FATF or the UK Treasury; customers whose source of funds or wealth is unclear; and customers whose transactional behaviour deviates significantly from their declared profile.

EDD measures may include obtaining additional ID documents, requesting payslips, tax returns, sale-of-property contracts or letters from regulated professionals, and requiring senior-management approval to continue the relationship.

We may request documentary evidence of the source of the specific funds you deposit (e.g. salary credits, savings transfers) and of your overall source of wealth (e.g. employment, business income, inheritance, investments). We will tell you exactly which documents are acceptable.

If you do not provide satisfactory evidence within a reasonable time, we may suspend deposits and gameplay and, in some cases, return funds to source after deducting any losses or fees, in line with our regulatory obligations.

All customers, beneficial owners and connected parties are screened at onboarding and on an ongoing basis against the consolidated UK sanctions list (OFSI), EU consolidated list, UN Security Council list, US OFAC SDN list and global PEP and adverse-media databases.

A confirmed match results in immediate account suspension, freezing of funds and a report to the Office of Financial Sanctions Implementation. We will not unfreeze assets or process payments without OFSI authorisation.

We operate real-time and post-event transaction monitoring covering deposits, withdrawals, transfers and gameplay. Automated rules detect rapid deposit-withdrawal cycles with minimal play, structuring below thresholds, unusual peer-to-peer patterns, sudden changes in stake size and use of multiple payment instruments.

All alerts are reviewed by trained analysts and escalated to the MLRO where appropriate.

Where we know, suspect or have reasonable grounds to suspect that funds are the proceeds of crime or are intended for terrorism, our MLRO submits a SAR to the National Crime Agency (NCA) via the SAR Online portal. We will not tip off the customer that a report has been made — doing so is a criminal offence under POCA s.333A.

Staff are prohibited by law from disclosing internal investigations, SARs, or the existence of any AML inquiry to the customer or to any third party other than authorised regulators and law enforcement.

All Winnerisland staff complete AML, counter-terrorist financing, sanctions and bribery training on induction and refresher training at least annually. Customer-facing and risk-team staff receive enhanced training tailored to their role. Training records are retained for five years.

We retain customer due-diligence documents, transaction records and internal AML reports for a minimum of five years from the end of the business relationship or the date of the transaction, whichever is later. Records are stored securely and made available to regulators on request.

Our nominated officer (MLRO) is registered with our regulator, Anjouan Gaming (licence no. ALSI-202411081-FI2), and reports directly to the Board. The MLRO produces an annual AML report covering policy effectiveness, training, SAR statistics and remediation actions. The Board reviews and approves this AML Policy at least annually.