1. Introduction

This Know Your Customer (KYC) Policy outlines the standards and practices required of all online gaming operators licensed in Anjouan. Its primary purpose is to establish robust mechanisms for verifying customer identities, deterring fraudulent activities, and ensuring full compliance with both local and international Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) regulations. This policy is an essential component in fostering a secure, transparent, and accountable gaming ecosystem.

2. Policy Objectives

The objectives of this KYC Policy are multifaceted. Firstly, it ensures that operators meet the legal requirements set by the authorities in Anjouan as well as global AML/CTF standards, including those issued by the Financial Action Task Force (FATF). Secondly, it is designed to uphold the integrity of the gaming environment by verifying the identities of all players, which helps prevent underage gambling, identity theft, and other forms of fraud. Additionally, the policy aims to minimize risks associated with politically exposed persons (PEPs), suspicious behavior, and customers from high-risk jurisdictions. Lastly, the policy contributes to responsible gaming and the safeguarding of player assets.

3. Scope of Application

This policy applies to all individuals registering for gaming services, as well as any third-party providers involved in transactional or operational relationships with licensed operators. It also extends to all transactions that exceed regulatory thresholds or are flagged as potentially high-risk by internal monitoring systems.

4. Principles of KYC

Compliance Licensed operators are required to verify the identity of customers once the total value of deposits across a player’s account reaches $10,000 USD or when a withdrawal is requested, regardless of the amount. A risk-based approach must be implemented, whereby the level of scrutiny applied corresponds to the perceived risk associated with a customer’s profile or activity. All KYC documentation and related transaction records must be retained for a minimum of five years. Continuous monitoring must be carried out to detect suspicious activity and ensure ongoing compliance.

5. Customer Identification and Verification

At the time of registration, players must provide essential personal information, including their full legal name, date of birth, nationality, residential address, contact details, and payment information. Operators must verify this information by collecting appropriate documentation. This includes a government-issued photo identification such as a passport, national ID, or driver’s license, as well as a recent proof of address, such as a utility bill or official bank correspondence dated within the last three months. Payment verification is also mandatory and may include the submission of bank statements or digital wallet screenshots demonstrating ownership of the payment method used. Enhanced Due Diligence (EDD) is required for individuals who present a higher level of risk. This may involve additional identity verification procedures, closer monitoring of financial transactions, and inquiries into the source of the player’s funds and overall wealth. EDD is particularly necessary for PEPs, players from high-risk jurisdictions, and those engaging in large or irregular transaction patterns.

6. Risk Assessment and Classification

Operators must assess and categorize player risk based on various factors, including their country of residence, transaction history, and public exposure. Players from jurisdictions deemed high-risk by the FATF, those frequently transacting in large sums, or individuals with adverse media coverage should be subject to heightened scrutiny. Based on these assessments, players are classified into low or high-risk categories, with appropriate due diligence measures applied accordingly.

7. Ongoing Monitoring

Continuous monitoring is a critical aspect of KYC compliance. Operators must employ automated systems capable of detecting transactional anomalies such as excessive deposits or withdrawals, frequent fund movements between accounts, or attempts to avoid reporting thresholds through structured transactions. Behavioral monitoring should also be conducted to identify potential signs of compulsive gambling, fraud, or criminal activity. Trigger events such as a long period of account inactivity followed by significant financial transactions, updates to personal details, or alerts from third-party monitoring services should prompt a comprehensive account review.

8. Politically Exposed Persons (PEPs)

PEPs include individuals who currently hold or have previously held prominent public positions, as well as their immediate family members and close associates. These individuals require additional scrutiny due to their heightened risk profile. Operators must conduct thorough screening using trusted third-party databases, obtain approval from senior management before establishing a business relationship, and continuously monitor the account for unusual behavior or transactions.

9. Record-Keeping and Data Security

All documentation collected during the KYC process must be securely stored for a period of at least five years following the termination of the player’s relationship with the operator. Operators must ensure full compliance with data protection regulations, including the Data Protection Act and the General Data Protection Regulation (GDPR). All personal data must be handled confidentially and used strictly for compliance purposes. Moreover, operators must ensure that all records are readily accessible to regulatory authorities upon request.

10. Reporting Requirements

Operators have a legal obligation to file Suspicious Activity Reports (SARs) within seven days of identifying potential AML or CTF violations. These reports must detail the involved player’s identity, the nature of the transaction, and the rationale behind the suspicion. Additionally, all single transactions or groups of linked transactions that exceed $10,000 USD must be reported to the relevant regulatory authority, even in the absence of suspicious indicators.

11. Compliance Governance

Each licensed operator must appoint a designated Compliance Officer tasked with overseeing the implementation of the KYC policy, maintaining communication with regulators, and ensuring timely and accurate reporting. Regular internal audits must be conducted to evaluate the effectiveness of compliance procedures. Employees must also be provided with adequate training, enabling them to detect forged documents, recognize AML/CTF red flags, and fulfill all regulatory reporting obligations.

12. Enforcement and Sanctions

Failure to comply with the provisions of this KYC Policy may result in serious consequences, including monetary fines, the suspension or revocation of the operator’s gaming license, and possible criminal prosecution where applicable.

13. Policy Maintenance and Technological Advancement

Operators are expected to regularly review and, if necessary, update their internal KYC policies to align with changes in regulatory standards. Adoption of advanced technologies such as artificial intelligence and blockchain-based identity verification tools is encouraged to streamline compliance procedures and enhance fraud prevention capabilities.