Scope and purpose

This policy establishes Goagames AML & KYC controls, detailing customer identification, risk assessment, ongoing monitoring, and reporting obligations. It applies to all customers, employees, contractors, and systems that process eligibility, deposits, wagers, payouts, and account management on behalf of Goagames.

Regulatory framework and license acknowledgement

Goagames operates under a valid gaming license issued by a recognized regulatory authority. We implement anti‑money laundering and counter‑terrorism financing measures in accordance with applicable laws, including customer due diligence, record keeping, and reporting requirements. Where laws permit, we will exchange information with authorities to support enforcement and regulatory oversight.

Definitions

• AML: measures to detect, deter, and report money laundering and related predicate activities.
• KYC: processes to verify customer identity and assess risk before and during ongoing service use.
• CDD: standard customer due diligence performed on all customers.
• EDD: enhanced due diligence for higher risk customers or transactions.
• PEP: politically exposed persons and their immediate family and close associates.
• SAR: Suspicious Activity Report filed with the competent authority where required.

Risk-based approach

Goagames adopts a risk-based framework that assigns higher scrutiny to higher risk indicators, including high-value or rapid sequence deposits, non‑resident customers, unusual source of funds, and customers ordinarily engaging in high‑risk products or jurisdictions. Risk determinations guide the level of verification, monitoring, and reporting required.

Customer due diligence (CDD) and enhanced due diligence (EDD)

All accounts undergo CDD prior to enabling real‑money play. EDD is applied where any risk factor presents elevated risk, such as non‑residential status, complex ownership structures, or transactions that exceed predefined thresholds. When EDD is triggered, Goagames will obtain additional documentation and may request verification of sources of funds and wealth, business ownership details, and third‑party confirmations where appropriate.

Source of funds and source of wealth

Customers must provide legitimate sources of funds for deposits and wagering, including employer income, business receipts, investments, or inheritance. For deposits or transfers that exceed €2,000 within a 24‑hour period, customers must provide documentation showing the origin of funds. For cumulative deposits exceeding €10,000 within a 30‑day window, Goagames may request additional evidence of source of wealth and purpose of activity.

Onboarding and verification workflow

1. Account creation and initial data collection, including full legal name, date of birth, residential address, and contact details.
2. Identity verification with government‑issued documentation (passport, national ID, or equivalent) and a live selfie for identity confirmation.
3. Address verification with a recent utility bill, bank statement, or official government correspondence showing name and address.
4. Risk assessment and assignment of verification level (standard or enhanced) based on detected risk factors.
5. Authorization of real‑money activity and withdrawal capabilities only after successful verification; initial withdrawals may be subject to additional verification.

Ongoing monitoring and transaction screening

Goagames continuously monitors single‑ and multi‑session activity for consistency with declared profile data, risk rating, and source of funds. Triggers for intensified review include:

• Deposits or bets inconsistent with the customer’s declared income or expected patterns.
• Unusually large, rapid, or repetitive transactions that exceed internal thresholds.
• Transactions involving high‑risk jurisdictions or counterparties.

Suspicious activity is documented and, where required by law, reported to the competent authority as a SAR within the statutory timeline. Routine monitoring records are retained in accordance with data retention schedules.

Sanctions screening

Goagames screens customers, beneficiaries, and counterparties against applicable sanctions, embargo, and watchlists prior to onboarding and on an ongoing basis. Any match triggers immediate review, temporary hold of activity, and required escalation to compliance leadership and relevant authorities where appropriate.

Self‑exclusion, responsible gaming and customer protection

Goagames provides self‑exclusion tools and time‑bound cooling‑off periods. Customers may set daily, weekly, or monthly deposit, wager, and loss limits, or permanently self‑exclude in accordance with our policy. All requests are processed promptly and, where feasible, data is retained to enforce the exclusion and prevent re‑opening within the restricted period.

Data privacy, retention and disclosure

We collect and process personal data solely for AML/KYC compliance and gaming operations. Data is retained for a minimum period required by law and regulation, and for a period sufficient to fulfill the purposes described herein. Personal data may be disclosed to competent authorities or regulatory bodies in connection with AML/CTF investigations, court orders, or other lawful requests, subject to applicable privacy protections.

Record keeping and accessibility

All verification materials, transaction records, and internal decision logs are stored securely for a minimum retention period of five years from the end of the customer relationship or longer if required by law. Access to records is restricted to authorized personnel with a legitimate business need.

Customer rights and complaints

Customers may request confirmation of their verification status, access to their data, or rectification of inaccuracies. Complaints regarding AML/KYC handling are reviewed by Goagames’ compliance team in a timely manner, with clear timelines for response and escalation if necessary.

Governance and training

Goagames maintains an internal AML/KYC policy framework, with ongoing staff training on identification procedures, risk indicators, reporting obligations, and data handling practices. Policy updates are approved by senior management and communicated to all relevant personnel.