Login
Sign up

Anti‑Money Laundering & Know‑Your‑Customer Policy 

1. Purpose and scope

In order to prevent, identify, and handle financial offenses such as money laundering, terrorism funding, and similar crimes, BinoBet has implemented procedures for customer identification and verification (KYC). It includes all aspects of our virtual casino operation, including the website, mobile applications, payment solutions, customer support, and relationships with suppliers. If there is a contradiction between the rules, the stricter one will take precedence. It functions in tandem with the following policies: Terms & Conditions, Privacy, Risk Management, Sanctions, and Information Security.

2. Legal and regulatory framework

We operate under Dutch and EU requirements, including:

  • Wwft (Prevention of Money Laundering and Terrorist Financing Act);
  • Sanctions Act 1977 and associated decrees;
  • Remote Gambling Act and Kansspelautoriteit (KSA) licence conditions and guidance;
  • applicable EU AML directives/regulations; and
  • GDPR/AVG for personal data processing.

We monitor legal updates and adjust procedures, training, and tooling without delay.

3. Governance and accountability

  • Board of Directors — sets risk appetite, approves this Policy and the annual AML/KYC plan, and receives quarterly reports with metrics and notable cases.
  • MLRO — owns the programme, maintains procedures, investigates alerts, files reports to FIU‑Netherlands, and has the authority to pause gameplay or payments. Reports directly to the Board.
  • Deputy MLRO — provides continuity when the MLRO is unavailable.
  • First line (Payments, Support, VIP, Operations, Product) — run processes, collect documents, record decisions, and escalate on time.
  • Second line (Compliance & Risk) — design controls, advise, challenge, and run thematic reviews.
  • Third line (Internal Audit) — independently tests effectiveness at least annually.
  • All staff — complete training before system access and refresh yearly; report suspicions immediately.

4. Risk‑based approach (RBA)

We do not treat all customers or activities the same; controls scale with risk.

4.1 Enterprise‑wide risk assessment (EWRA)

At least annually, and on material change, we assess inherent risks across customers, products, channels, geography, and delivery. We evaluate control strength, determine residual risk, and set appetites. EWRA outcomes inform thresholds, staffing, and vendor choices.

4.2 Customer risk rating

Each customer receives a dynamic score at onboarding and throughout the lifecycle. Features include identity attributes, device signals, payment behaviour, product mix, velocity patterns, affordability indicators, sanctions/PEP/adverse‑media results, and prior compliance history. The score determines CDD depth, limits, and monitoring intensity.

4.3 Product and channel risk

Remote onboarding, instant deposits, and quick withdrawals carry heightened risk. BinoBet prohibit cash, anonymous vouchers without traceability, and crypto deposits. New features are launched only after a documented risk assessment.

5. Customer due diligence (CDD)

5.1 Triggers for CDD

  • before establishing a relationship or allowing play;
  • before first withdrawal;
  • when we suspect ML/TF;
  • when previous data appears false, inconsistent, or outdated;
  • when risk score or behaviour triggers re‑assessment.

5.2 Identification data we collect

Full legal name, date of birth, nationality, residential address, e‑mail, mobile number, and preferred language. For security we collect device identifiers and IP information.

5.3 Identity verification methods

  • Documents: valid passport or EU/EEA ID, Dutch driving licence, residence permit.
  • Biometrics: selfie or live video for liveness and likeness checks where appropriate.
  • Electronic sources: trusted databases and data‑matching services.
  • Address: document ≤3 months old (bank statement, utility bill, BRP extract) or reliable electronic verification.

5.4 Ownership of payment instruments

Deposits and withdrawals must use payment instruments in the player’s name. We may request a redacted bank statement (name + IBAN) or a masked card image (first 6 and last 4 digits). Third‑party payments and mule activity are prohibited.

5.5 Understanding purpose and intended nature

We record how the customer expects to use the Platform (product selection, estimated spend, funding sources) to establish a baseline for monitoring and affordability.

5.6 Failure to complete CDD

If CDD cannot be completed, we restrict the account, decline transactions, and, where lawful, return funds to source. If suspicion exists, the MLRO assesses whether to file an STR.

6. Enhanced due diligence (EDD)

Applied when higher risk is present, including:

  • PEPs, close associates, or relatives;
  • adverse media suggesting financial crime;
  • complex/large/unusual transactions inconsistent with profile;
  • links to higher‑risk geographies or industries;
  • non‑resident indicators or frequent device/IP changes.

EDD measures may include senior management approval, additional documents, independent verification, source of funds (SOF) and source of wealth (SOW) evidence, tighter limits, and more frequent reviews. If SOF/SOW cannot be reasonably evidenced, we restrict or end the relationship.

7. Screening (sanctions, PEP, adverse media)

  • We screen at onboarding and daily thereafter against EU, UN, Dutch, and—where relevant—UK/US sanctions lists. Positive or potential matches are escalated immediately; we freeze or refuse transactions where the law requires.
  • We identify PEPs and apply EDD with senior approval and tighter thresholds.
  • For higher‑risk customers we run adverse‑media checks using reputable sources; material hits trigger EDD or exit.

8. Ongoing monitoring and alerts

8.1 Principles

Monitoring blends automated scenarios with human review. Behaviour is compared to the customer’s baseline and peer groups. AML and Responsible Gambling insights are linked to provide a single view of risk.

8.2 Illustrative scenarios

  • rapid deposit → minimal play → withdrawal cycles;
  • round‑tripping value between accounts or payment instruments;
  • large or sudden spikes in deposits or withdrawals;
  • many failed deposits or card attempts;
  • structuring just below verification thresholds;
  • new devices, remote desktop tools, VPN/TOR, or distant IPs;
  • payout to a newly added bank account;
  • spend out of line with affordability signals.

8.3 Case triage and actions

Alerts are graded Low/Medium/High/Severe. Low risk can be cleared with notes. Medium and above move to investigation; withdrawals may be paused pending review. All actions are recorded with timestamps and rationale.

8.4 Periodic refresh

We refresh KYC on risk cycles (e.g., 12/24/36 months). Triggers include limit increases, new payment instruments, profile changes, and large withdrawals.

9. Investigations and reporting

9.1 Handling investigations

We follow a structured workflow: intake → scope → data collection → analysis → decision → closure. We maintain a full audit trail and retain evidence in the case system.

9.2 Customer information requests

We may request recent bank statements, payslips, tax returns, sale/inheritance documents, or proof of winnings elsewhere. We check provenance, consistency, and affordability.

9.3 Outcomes

Outcomes include: clear with no action; clear with conditions (limits/monitoring); request more documents; restrict features; suspend; exit; or recommend STR.

9.4 Suspicious transaction reports (STRs)

Where suspicion remains that funds are criminal property or linked to terrorist financing, the MLRO files an STR with FIU‑Netherlands without undue delay. Tipping‑off is prohibited; staff must not inform the customer that a report has been or may be made.

9.5 Cooperation

We respond promptly to lawful requests from FIU‑NL, police, prosecutors, KSA, or courts. Legal and the MLRO validate disclosures.

10. Payment controls

  • Accept deposits only from instruments in the account holder’s name; return withdrawals to source where possible (pay‑to‑source).
  • Apply velocity caps and cooling‑off to new instruments.
  • Prohibit cash, anonymous vouchers without traceability, and crypto unless and until permitted and approved by the Board.
  • Split large withdrawals where network or risk demands.
  • Monitor chargebacks; treat linked winnings as contingent until settled.

11. Records, retention, and auditability

We retain CDD/EDD packs, transaction histories, alerts, case notes, STRs, screening logs, training records, audits, and model change logs for periods required by Wwft, licence conditions, and tax law. Records must be complete, accurate, and retrievable in a reasonable time. Electronic records are protected against alteration and unauthorised access. Internal Audit tests samples at least annually.

12. Data protection and confidentiality

We process AML/KYC data under GDPR/AVG principles: lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limits, integrity, and confidentiality. Access is need‑to‑know and logged. Sensitive documents are encrypted in transit and at rest. When retention ends, we delete or anonymise data.

13. Technology, models, and change control

Identity verification, document authenticity, device intelligence, sanctions/PEP screening, monitoring, and case management systems require Compliance sign‑off. Rules and models follow change management: specification, testing, back‑testing where relevant, MLRO approval, and post‑deployment checks. Daily data quality reconciliations run with incident paths for failures.

14. Training and competency

  • Induction: AML/KYC fundamentals, red flags, escalation paths, and data‑handling rules before access is granted.
  • Annual refresher: policy updates, scenarios, test questions; completion is mandatory.
  • Role‑specific modules: Payments, Support, VIP, and Tech cover deeper topics (SOF/SOW, sanctions, device risk, case notes).
  • Assessment: minimum pass mark; failures lead to temporary access suspension.

15. Third parties and outsourcing

We vet KYC vendors, screening partners, payment processors, and hosting providers. Contracts include confidentiality, data‑processing terms, audit rights, service levels, incident notification, and sanctions compliance. Outsourcing never transfers our obligations; we remain accountable to the regulator.

16. Interaction with Responsible Gambling

Financial‑crime and safer‑gambling signals can overlap (e.g., rapid spend increase, night‑time play, payment distress). AML and RG teams coordinate on shared alerts, agree a single customer contact, and record outcomes consistently.

17. Metrics and reporting

The MLRO reports quarterly to the Board on: onboarding pass/refer rates; verification turnaround times; alert volumes and conversion to cases; case ageing; sanctions/PEP matches and clearance times; STR counts and time to file; withdrawal holds and outcomes; training completion; QA pass rates; and audit remediation status.

18. Breaches and incidents

When a control fails (e.g., missed screening, payment to a third‑party account), we: contain the issue; assess impact and obligations; notify KSA/FIU‑NL if required; remediate root causes (process, system, training); and document lessons learned.

19. Policy lifecycle

Owner: MLRO • Review: at least annually and on legal or business change • Approval: Board of Directors • Versioning: archived with change log.

Appendix A — Red flags

  • Multiple accounts tied to the same device/IP/payment instrument.
  • Frequent deposits with minimal play followed by withdrawals.
  • Structured amounts just below verification thresholds.
  • Use of many new cards/IBANs in short periods.
  • Third‑party funding; attempts to withdraw to a different name.
  • Refusal or inability to provide SOF/SOW.
  • Adverse media linking to fraud, corruption, or organised crime.
  • VPN/TOR/remote desktop usage or sudden IP jumps to distant regions.
  • Pressure on staff to skip checks.
  • Cross‑account patterns suggesting syndicates or money mules.

Appendix B — Acceptable KYC documents

Identity (valid & unexpired): Dutch passport, EU/EEA passport or ID, Dutch driving licence, residence permit.
Address (≤3 months): bank statement, utility bill, BRP extract, government letter.
Payment ownership: bank statement showing name and IBAN used to fund/withdraw; masked card image (first 6 and last 4 digits).
SOF/SOW: payslips; bank statements showing income/savings; annual tax statements; documents for sale of assets or inheritance.

Appendix C — Investigation workflow

  1. Alert created (rule, model, or staff referral).
  2. Triage risk level; apply interim controls (e.g., hold withdrawal).
  3. Gather data (KYC pack, payments, devices, gameplay, communications).
  4. Request docs if required (SOF/SOW, payment ownership).
  5. Analyse behaviour vs baseline; assess plausibility of funds.
  6. Decision (clear; conditions; restrict; suspend; exit; STR).
  7. Close & document rationale, evidence, and next review date.

Appendix D — Glossary

  • CDD: Customer Due Diligence.
  • EDD: Enhanced Due Diligence.
  • EWRA: Enterprise‑Wide Risk Assessment.
  • FIU‑NL: Financial Intelligence Unit–Netherlands.
  • KSA: Dutch Gambling Authority.
  • MLRO: Money Laundering Reporting Officer.
  • PEP: Politically Exposed Person.
  • SOF/SOW: Source of Funds / Source of Wealth.
  • STR: Suspicious Transaction Report.
  • Wwft: Dutch AML/CTF law.

ARE YOU SURE YOU WANT TO EXIT?

Sign-up takes only a minute and we'll welcome you with up to 1000€ on Casino and up to 300€ on Sport

Back to Sign up