AML Policy
Rules on Combating Money Laundering and Terrorism Financing
Table of Content
1.Purpose……………………………………….........….....4
2.Terms and Abbreviations………………................…….4
3.Description of the Rules…………..…………............….5
4. The Process of Revision of the Rules .……….…..…..18
5.Related Documents, Appendices……………….………18
- Purpose
- The purpose of this document is to define:
- The compulsory AML/CFT (anti-money laundering/combating the financing of terrorism) measures and procedures practiced by TG Malta Limited (hereinafter the Company) to eliminate activities of money laundering, terrorism financing, and the proliferation of weapons of mass destruction by the clients of the Company through the Company:
- Competencies of the Company's management bodies and employees;
- The criteria for recognizing a business relationship or transaction as suspicious;
- Procedures for conducting customer due diligence and record-keeping, activities of the Internal compliance unit, collating, recording and maintaining information on suspicious and other transactions, suspension of suspicious transactions, freezing funds of the persons linked to terrorism, reporting to the Authorized unit.
1.2. The Rules were developed in accordance with the Maltese Law on Combating Money Laundering and Terrorism Financing (hereinafter the Law).
1.3. The main concepts used in the Rule have the meaning as defined by the Law.
1.4. The provisions of the Rules are mandatory for the Company's managers of the administrative staff, Internal Control Department, Internal Compliance Unit, Finance Directorate, Financial Risk Team, Customer (B2C) Operations Division, Fraud Analysis Team, and Customer Support Specialists.
- Terms and Abbreviations
Term base
Other terms used in this document
Term |
Description |
Authorized Unit |
Financial Unit in Malta or Romania |
Transaction |
Placing bets, paying or providing winnings |
- Description of the Rules
- The functions of the AML/CFT Internal Compliance Unit aimed at combatting money laundry and terrorism financing
2. AML/CFT internal monitoring function is assigned to the Company employee (hereinafter referred to as the Internal Compliance Unit or Head of Internal Compliance Unit) as defined by the Order of the Company Director, who is hired in accordance with the standard procedure and meets the criteria established by the Rules.
3. The head/employee of the Internal Compliance Unit during his/her activity is governed by the legislation of Malta and/or Romania, where the company will perform activity, the charter of the Company, this Rules, and other internal legal acts of the Company.
4.The head/employee of the Internal Compliance Unit (the relevant employee of the Company defined in point 3.1.1. of this Rules) must have higher education and at least one year of professional work experience.
5.The head/employee of the Internal Compliance Unit cannot be someone who:
a) has previous conviction for a deliberately committed crime;
b) has been deprived of the right to hold positions in financial, banking, tax, customs, commercial, economic, legal spheres by the court;
c) has been declared bankrupt and has outstanding (unremitted) liabilities;
d) is involved in a criminal case as a suspect, an accused, or a defendant;
e) has a negative business reputation in the banking system;
f) has previously been the cause of bankruptcy of a lottery organizer or other person;
g) does not comply with the criteria set by the authoritities from Malta and/or Romania;
h) is affiliated with the Company's management;
i)does not meet the standards set by the Company.
5. When performing the functions stipulated by this Law and the normative legal acts adopted on basis of this Law, the Internal compliance unit shall be independent and should have a status of senior management The Internal Compliance Unit.
- The Internal Compliance Unit is obliged to report directly to the Director of the Company on the issues related to AML/CFT.
- All documents related to the customer's accounts and transactions, including confidential documents, are directly accessible to the Internal Compliance Unit. It has the right to request clarifications on business relations (transactions) and clients, authorized persons and beneficial owners from any employee of other divisions of the Company.
- The Internal Compliance Unit has the right to be on correspondence with the structural and territorial subdivisions of the Company on issues related to AML/CFT.
- The Internal Compliance Unit has the right to independently inquire the information necessary to verify the reports on above-threshold and suspicious transactions (Form 005) from the employee who has carried out the transaction.
- The heads and employees of the structural and territorial subdivisions of the Company have the right to apply to the Internal Compliance Unit for clarifications on AML/CFT related issues.
- The Internal Compliance Unit assists and advises the Company Director on the performance of their AML/CFT functions.
- The Internal Compliance Unit
1) develops the AML/CFT related internal legal acts of the Company, submits them for the approval of the Director of the Company;
2) monitors the effectiveness of AML/CFT related internal legal acts, submits proposals on increasing the effectiveness thereof;
3) no later than once a semester, examines (including in service centers) the compliance of the Company's transactions (business relations), the actions of the Company's structural-territorial subdivisions and of the employees thereof with the requirements of the Law, other legal acts adopted on the basis of the Law and the Rules; Such inspections can be performed on spot or remotely, as well as using the "Mystery Shopper" method.
4) Ensures the Company's liaison with the Authorized Body on AML/CFT issues;
5) On behalf of the Company, ensures the provision of reports on above-threshold transactions and other information defined by Law to the Authorized Body;
6) Carries out analysis and other actions to reveal suspicious business relations or transactions;
7) Follows the current monitoring of business relations and periodically reviews the process of correcting and updating information;
8) Ensures the classification of the Company's clients according to the degree of risk, carries out ongoing monitoring of business relations with high-risk standards;
9) Organizes internal education and training in AML/CFT field, monitors the progress and results of training programs;
10) Makes a decision on the matter of suspending the business relationship or the transaction, or rejecting the implementation, freezing the funds related to terrorism, if necessary discusses that issue with the customer service employee, and in case of disagreement, makes a decision.
11) Informs the management of the company about the suspension or denial of the business relationship or the transaction;
12) Monitors the recording and maintaining of information;
13) In a timely manner, provides the information (lists) envisaged by the Rule to the employees carrying out transactions, updates those promptly;
14) Carries out other functions as defined by the Rules, internal legal acts of the Company, or assigned by the Company's management.
13) The regular report of the Internal Compliance Unit shall be e submitted to the Director of the Company no later than quarterly and shall include at least:
1) The number of above-threshold and suspicious transactions and business relations, as well as a brief description of suspicious transactions (business relations);
2) the number and summary description of the transactions and business relations that were analyzed, but were not presented as suspicious transactions or business relations;
3) the number and a brief description of the business relations and transactions that were suspended or rejected, the value of the suspended transactions;
4) the size of frozen funds;
5) other information defined by the internal legal acts of the Company.
14. The employee of the Internal Compliance Unit is obliged to inform the employees of the stakeholder subdivisions about the new amendments to the legislative regulation before the application thereof.
15.The employer of the Internal compliance unit shall pass qualification in the manner and based on the professional eligibility criteria established by the Authorized Body.
16. The employee of Internal Compliance Unit regularly participates in training and retraining courses organized by the Authorized body or other specialized organizations.
17.All employees of the Company should be aware of the AML/CFT related internal legal acts of the Company. The Company regularly, but not less than once a year, organizes training for all AML/CFT related employees, in particular the Internal Control Directorate, Internal Compliance Unit, Finance Directorate, Financial Risk Team, Casino Risks, and B2C Operations Division, Fraud Analysis Team and for Customer Support Specialists.
18.Training is intended to ensure that staff has adequate knowledge of AML/CFT requirements and procedures, in particular:
1) on high, low, and medium risk criteria, grounds and criteria for a suspicious transaction or business relationship, including typologies of suspicious transactions provided by the guidelines of the Authorized body;
2) on the provisions of legislation and internal legal acts of the Republic of Malta and/or Romania (for the activity performed in this jurisdiction) on combatting ML/TF (especially regarding the obligations of due diligence of the clients and reporting on suspicious business relations or transactions).
3) on existing risks and typologies of money laundering and terrorism financing.
19.AML/CFT training for stakeholder subdivisions and employees is organized within three months of hire.
20.The training programs implemented by the Company, all the material related to those, as well as the names of the persons who participated in the training programs are separately registered and kept by the employee of the Internal Compliance Unit for at least five years.
21.Each year until December 31, the Internal Compliance Unit develops a regular training program on combatting ML/TF for the Company’s employees for the following year.
- Combatting money laundering and terrorism financing in the Company: suspicious transaction or business relation
- Circulation of means of money laundering, terrorism financing, and mass destruction weapons in the Company is prohibited.
- In accordance with the Law, other legal acts adopted on the basis of the Law and the Rules, the Company:
a) takes measures to detect and prevent suspicious transactions made by its Customer, and performs other obligations as defined by Law;
b) provides information to the Authorized body on money laundering and terrorism financing, including confidential information as defined by law.
- The Company, its employees, and representatives have no right to inform other persons, such as the person about whom information is provided to the Authorized body, about the fact of providing the information.
- The Internal Compliance Unit shall submit a paper report containing the information specified in sub-clause "b" of clause 3.2.2 of this section to the Authorized body, and if provided by the legal acts of the Authorized body, also electronically.
- The Internal Compliance Unit provides the Authorized body with a report on any of the following transactions (Form 005) in the manner and within the timeframe established by the Authorized body: non-cash transactions above the threshold of 10.000 Euro within 24 hours, cash transactions exceeding 1000 Euro within 24 hours, with the exception of the transactions defined in sub-clause 3.2.7 of this clause - suspicious transactions or business relationships, regardless of the amount stipulated by this Clause..
- The typologies, grounds, or criteria of a suspicious transaction are defined by the Law, normative legal acts of the Authorized body and Appendix 1 of the Rules.
- The transaction should be considered suspicious by the Customer Service Authority, and he/she should immediately notify the Internal Compliance Unit if it is suspected or there are sufficient grounds to suspect that the transaction involves funds that are related or intended to be used by terrorist organizations or individual terrorists for the purposes of terrorism.
- The transaction may be considered suspicious if the criteria set out in Appendix 1 are met. The existence of these criteria is a basis for the Internal Compliance Unit to start the mandatory analysis of the transaction on the same day, and if impossible, the next business day.
- The Internal Compliance Unit may report a suspicious transaction or business relation to the Authorized body in cases where the s suspiciousness of that transaction or business relationship does not arise from the grounds, criteria, and typology of a suspicious transaction as defined by Law, Authorized body's guidelines, and/or the Rules, but the logic and movement (dynamics) of it suggest that it is done for the purpose of money laundering or terrorism financing.
- The report on the suspicious and above-threshold transaction indicates the necessary information defined by the Authorized body.
- The report of a suspicious business relationship or transaction also states the grounds, criteria, and description of the suspicious transaction and the fact that the transaction or business relationship has been suspended, rejected or the income of persons involved in terrorism has been frozen.
- The reports specified in this clause shall be submitted in a serial number, signed by the Head of the Internal Compliance Unit (paper versions also signed).
- Every day, the Internal Compliance Unit checks the list of persons deprived of the right to participate in the Games of the Company, the requirements of international sanctions (in particular, the list of the UN, the European Union, OFAC/blacklist). The list of banned persons includes persons provided by the Authorized body. On the same day after receiving the list of persons, countries included in this list, the employee of the Internal Compliance Unit submits it to the Directorate of Information Technologies, which updates the list of banned persons on the same day.
- The Internal Compliance Unit monitors on daily basis the date of the "Specially designed Nationalized List (SDN)" compiled by the Office of Foreign Assets Control ("OFAC") of the US Department of the Treasury via internet. If there are changes in the list, it sends it to the Information Technology Directorate of the Company on the same day, which updates the list of banned persons on the same day.
- In the case of coincidence with the lists of persons mentioned in sub-clauses 3.2.13 and 3.2.14 of this clause, the transactions are rejected.
- It is prohibited to inform the customer about the fact of providing suspicious transaction report to the Authorized body
- Customer registration, identification, and due diligence
- Identification of the customer, including the authorized person and the beneficial owner –, is performed by the Company in accordance with the Law, the legal acts adopted on the basis of the Law and the Rules.
- The customer can make transactions on the Company's online platform only after creating a personal account and uploading the necessary identification data. During registration, the customer must enter:
- name, surname, and identity card details,
- phone number,
- email address
- Individuals are not allowed to participate in gambling, if the persons haven’t attained the age of 18 .
- In case of having an identification card or electronic signature, the individual wishing to register fills in the relevant fields and signs/ ratifies with an electronic signature.
- In the absence of an electronic signature, individuals should visit the company or service office. Only after checking the required passport data of the customer and verifying the authenticity, the customer service officer makes the registration.
- After registration, the individual receives an identification key and password (ID and Password) via e-mail or mobile phone number.
- In cases when the individual acts on behalf of another person, he/she fills in a statement on the existence of a beneficial owner – according to the form defined by the Authorized body.
- Within three business days after registering the customer on the online platform, the employee of the Internal Compliance Unit conducts a proper due diligence of the customer, and a risk assessment.
- Proper customer due diligence at least includes:
a) customer identification and verification,
b) review of transactions made,
c) a proper ongoing review of transactions being made.
10.The Customer Service employee shall identify customers and verify their identities based on credible documents from authorized bodies or other information, if:
1) Doubts arise about the reliability or completeness of previously obtained data on customer identification;
2) There are suspicions of money laundering and/or terrorism financing.
11.At the Customer Service Office, any individual at the request of the customer service employee must provide a passport or other identity document.
12.Returns the passport or other identification document after verifying the information required for identification.
13.On behalf of the Internal Compliance Unit, the customer service department requests the necessary information from the customer, without specifying which department requested the information.
14.During customer identification and verification, the data obtained through official correspondence with other reporting entities, specialized intermediaries, or a third-party authorized person as a result of customer identification and verification may be the basis.
- Identification and due diligence of medium and high-risk customers
- The risk management system in the company performs an ongoing risk management process.
- ML/TF risk assessment is performed for any new product, new product delivery method.
- The following are considered high risk.
- Depositing funds into gaming accounts through electronic transfer systems that do not allow customer identification;
- Clients who are from offshore areas;
- Politically exposed persons, their family members or persons related to them;
- transactions that do not pursue economic or other legitimate goals;
- transactions and business relationships without face-to-face interaction;
- All complex or unusually large transactions.
Transactions by high-risk clients are allowed.
- All customers who do not meet the criteria set forth in clause 3.4.3 are considered medium/standard/ risk customers.
- In the presence of high-risk customers and any indicators of suspiciousness, the Internal Compliance Unit conducts an additional due diligence examination of the customer, during which:
1) conducts a more comprehensive and in-depth verification of the customer identification data, checks the authenticity of documents (information) when concluding a transaction, as, for example, requiring other substantiating documents (information);
2) may request information on the sources of the customer's assets and funds;
3) reviews customer, business relationship and transaction information in databases;
4) makes inquiries to other reporting entities or other, including foreign partners, to verify information on the client, business relations and one-time transactions with him/her;
5) takes other measures to form a real and complete picture of the customer, business relations, and transactions with him/her.
- The Internal Compliance Unit conducts additional due diligence once a semester, except for the politically exposed person, in which case it conducts additional due diligence once a quarter.
- At the request of the Internal Compliance Unit, the customer service department requests the necessary information from the customer without specifying for which department the information is required.
- Recording, collecting, and updating the information
- In case of concluding a high-risk transaction with the Customer, the Customer Service Officer is obliged to obtain Customer information the provision of which is stipulated by Law, Legal Acts, the Rules..
- The information must be recorded. The Internal Compliance Unit makes the record. The record should be made through classified databases. The information should be recorded in such a way that it is possible to retrieve, if necessary, the data of the employee who performed the identification or other actions subject to recording.
- The information can be stored in the form of documents, in computers, electronic carriers.
- The Company ensures the security, confidentiality of the recorded and maintained information and prevents its unauthorized use and management.
- The Company records and maintains information for at least five years:
1) any analysis performed to determine the suspiciousness of the transaction and data on other actions performed;
2) the report on the suspicious transaction, as well as the information underlying the report and protocols on the matter of providing a report
3) data and assumptions about a suspicious transaction or business relationship, which in the reasonable opinion of the financial monitoring officer were not qualified as suspicious, in connection with which a report on a suspicious transaction or business relationship was not submitted to the Authorized body.
- Termination and suspension of suspicious transactions
- The customer service employee is obliged to reject the business relationship or transaction, not to establish or not to initiate a business relationship or not to conclude a business relationship or terminate the transaction based on the decision of the Authorized body or if, as a result of actions taken in accordance with the Law, it is not possible to identify customers. In the cases when the risk is effectively under control, it can be done within seven days.
- In the event of a business relationship or transaction being rejected, the Company shall consider reporting a suspicious transaction to the Authorized body
- The Company terminates, suspends or eliminates transaction, within the timeframe and in the manner and forms prescribed by the Board of the Authorized Body.
- The decision of the Company or the Authorized body to suspend the business relationship or transaction before the expiration of the suspension period can be revoked only by the Authorized body on its own initiative if it turns out that the suspect of money laundering or terrorism is groundless.
- The Internal Compliance Unit provides the employees initiating a transaction with lists of terrorism-related individuals published by the Authorized body.
- The employees initiating transactions shall immediately inform the Internal Compliance Unit in case of the presence of a customer name (title) included in the lists mentioned in sub-clause 3.6.5 of this clause. The Internal Compliance Unit provides relevant information to the Authorized body and the Director of the Company.
- The Internal Compliance Unit receives ML/TF suspicious transactions:
- From other authorized subdivisions
- As a result of its own monitoring
- As a result of the analysis of signals automatically generated by the system on the basis of suspicious transactions criteria
- Signals received from the authorized body, foreign partners, publicly available sources of information
7.The transaction is considered suspicious when:
- There is a match of the customer data with the identification data of the person related to terrorism or proliferation of weapons of mass destruction or the persons specified in the directives of the Authorized Body.
- The circumstances of the case under consideration fully or partially match the criteria or typologies of suspicious transactions or business relationships
- The logic or other characteristics of the performed or attempted transaction or business relationship provide grounds to assume that it may be carried out for the purpose of the money laundering or terrorism financing,
- Signals generated by automated system on the basis of suspicious transactions criteria.
- The employee of the Internal Compliance Unit examines the transactions of the client performed in the platform. In case the analysis requires additional information from the customer, the Internal Compliance Unit does it indirectly through the customer service staff.
- The employees are prohibited from informing the person, that he is suspected for money laundering and terrorism financing.
- For the increased efficiency of combating money laundering and terrorism financing at the reasonable request of Internal Compliance Unit employee the IT Management provides ongoing process of automating suspicious transactions signals.
- After automating money laundering and terrorism financing signals, IT management provides system testing. Logs of all tests are maintained.
- Closing customers' gaming account and record retention
- The customer has the right to apply to the Company to close his/her gaming account. Before deciding to close a gaming account, the relevant unit should apply to the Internal Compliance Unit.
- The Internal Compliance Unit analyzes and gives its consent within three business days after receiving the request for closing the client's account.
- The Company keeps the information on the customer, customer transactions electronically for 5 (five) years.
- Rules and terms of detection, discussion, and notification of above-threshold and suspicious transactions
- The Internal Monitoring Authority personally fills in the relevant reporting form on above-threshold transactions (Form 005) established by the Authorized body. For each financial transaction, a separate report is completed.
- The Internal compliance unit submits a report (Form 005) on the above-threshold transaction to the Authorized body within the time specified by the Authorized body from the moment of concluding the transaction.
- The Customer Service employee immediately notifies the Internal Compliance Unit via electronic system in case of suspicions in business relations or transaction arising from the Law, the standards or typologies described by guidelines of the Authorized body or in case of ML/FT suspicions based on his/her opinion.
- If identifying a suspicious transaction, the customer service employee submits a proposal to the Internal Compliance Unit to refuse its execution.
- The Internal Compliance Unit performs possible actions and analysis, including the use of national and international databases and making relevant queries to determine the suspiciousness of the transaction.
- The Internal Compliance Unit processes the information related to suspicious transactions, verifies it, summarizes the results, and draws possible conclusions within one business day.
- In case of finding the transaction or business relationship suspicious, the Internal Compliance Unit submits a report (form 005) during the same business day. In case of its impossibility, by 12:00 of the next business day.
- The impossibility of providing the transactions defined by this point may be conditioned:
a) by the end of the business day,
b) by insurmountable software or communication problems.
- If the Company suspects that the proposed or executed transaction is related to or intended for terrorism activity, terrorism act, or terrorist organization, it immediately suspends the transaction and immediately notifies the Authorized body of the suspicious transaction.
- The Company also promptly suspends transactions with persons included in the lists of persons (including organizations) involved in terrorism as published by the United Nations security council or included in the list of persons (including organizations) submitted by the Authorized body.
- The decision on suspension is submitted to the Authorized body at the same time as the information of the suspicious transaction.
- Lists of persons involved in terrorism are posted on the website of the Authorized body. Some lists (names, titles) may also be provided to reporting entities in secret.
- In case of finding names, titles corresponding to those in the lists of persons related to terrorism, the Authorized Body's decision to suspend the transactions of those persons shall be immediately implemented by the Company.
- AML/CFT related functions of the Executive Body of the Company
For the sake of uninterrupted implementation of AML / CFT the director of the company at least shall:
a) establish the AML / CFT Rules;
b) approve internal control programs in the field of AML / CFT;
c) if necessary, instruct the Internal Compliance Unit to perform actions aimed at eliminating the shortcomings revealed by the Internal Control Directorate;
d) approve the AML/CFT implementation rules;
e) appoint the head (employee) of the Internal Compliance Unit;
f) examine and approve the conclusions of the Internal Control Directorate, as well as approves at least once a semester the report of the Internal Compliance Unit, which at least includes the compliance of the Company's transactions and business relations, compliance of structural and territorial subdivisions;
g) ensures the implementation of other functions provided by the Law, bylaws.
- Examination of the Company’s compliance with AML/CFT requirementsr
- The Internal Control Directorate conducts inspections at least once a year to ensure that the Executive body and the Internal Compliance Unit ensure the full compliance of the Company with the requirements set by the Law, other legal acts, the Rules, and the internal legal acts.
- The Internal Control directorate regularly reports on its assessments and findings, including its conclusion on the adequacy and effectiveness of staff training on combatting ML/CFT.
- The Internal Control Directorate carries out the inspections mentioned in sub-clause 3.10.1 of this clause in accordance with the procedure and conditions defined by the Company's internal legal acts.
- The Company convenes an external audit in accordance with the rules established by the Authorized body, at the request of the Authorized body or on its own initiative, to review the implementation and effectiveness legislation on combatting money laundering and terrorism financing.
- The Process of Revision of the Rules
- The Rules are approved and amended by the director of the Company.
- In case of approval of the Rules, as well as in case amendments and additions, the Company submits a copy of the Rules to the Authorized body within one week.
- Based on the remarks and recommendations submitted by the Authorized body, the Rule is reviewed within twenty days, and the amended (edited) Rules are again submitted to the Authorized body within one week.
- All the matters that are not regulated by this Rules, are resolved in accordance with the requirements and provisions of the Law and other legal acts adopted on the basis of the Law.
- Before making appropriate amendments to the Company's internal legal in line with the Rules, the provisions of the Rule's shall prevail when conducting transactions.
- The Rules enter into force on the date of approval by the decision of the Director of the Company, in the absence of remarks and recommendations on the Rules by the Authorized body.
- Related Documents, Appendices
Appendix 1
ML/TF Suspicious Transaction Indicators
- Lack of ability to properly identify the customer/for example, provides a copy/.
- The Customer splits the deposit of the game account funds or the transfer from the game account to his/her account not to exceed threshold.
- When opening an account, the customer refuses or tries to avoid providing the required information or provides misleading, uncertain data.
- There are discrepancies in the identification documents or various identifiers provided by the customer, such as an address, date of birth, or telephone number.
- The customer provides ostensibly false information or identification data that is falsified, altered, or inaccurate.
- There matches in general identification data used by a group of customers (for example, addresses, phone numbers, etc.).
- The customer shows nervous behavior.
- The customer avoids contact with the company's service staff.
- The customer refuses to provide information about its source of revenue or provides misleading information.
- The size or type of transactions made by the customer is not typical of the previous behavior.
- The customer requests winnings/references on behalf of a third party.
- The customer avoids submitting information, closes his account, and transfers the money from the game account to his account.
- Funds are credited to the account from the accounts of various individuals.
- The customer makes a transaction while accompanied, controlled, or led by another party.
- Customers whose transactions exceed 10.000 Euro in 24 hours, but those were made in several transactions so as to not exceed the threshold.