Anti-Money Laundering (AML) Policy of BDMbet
1. Introduction
1.1. Objectives and Purpose of AML
The primary objective of BDMbet’s AML policy is to prevent the use of its services for money laundering, financing of terrorism, or other criminal activities. This is achieved by implementing robust controls to monitor, detect, and report suspicious activities, ensuring compliance with international standards and regulatory obligations.
The purpose of this policy is to establish processes and procedures that allow the company to identify suspicious behavior and report such activities to the relevant authorities. It also emphasizes the need to maintain the integrity of the financial system, protect BDMbet from being exploited for unlawful purposes, and safeguard the company’s reputation.
1.2. Regulation and Licensing
BDMbet operates under the gaming license issued by Curaçao Interactive Licensing N.V. (CIL). As a company incorporated in Curaçao, BDMbet complies with local and international AML regulations, including those set forth by the Financial Action Task Force (FATF) and European Union AML Directives (AMLD4 and AMLD5). The company’s AML procedures align with international frameworks, such as the FATF’s 40 Recommendations, which are aimed at combating money laundering and terrorist financing.
2. Know Your Client (KYC) Policy
2.1. Simplified Due Diligence (SDD)
Simplified Due Diligence applies to low-risk clients who engage in smaller, infrequent transactions. For these clients, the company collects basic identification information such as full name, date of birth, and nationality. Transactions that fall below predefined thresholds may also qualify for SDD. However, should the client’s risk profile change, enhanced verification methods will be triggered.
2.2. Customer Due Diligence (CDD)
Standard Customer Due Diligence is required for most customers engaging in regular transactions. CDD involves the collection of identifying documents such as passports, national identification cards, and proof of address (e.g., utility bills no older than six months). BDMbet employs automated KYC systems that integrate with national and international databases to streamline the verification process. This ensures that suspicious or incomplete data is flagged for further investigation.
2.3. Enhanced Due Diligence (EDD)
Enhanced Due Diligence applies to high-risk clients, such as politically exposed persons (PEPs) or individuals engaging in large transactions. In addition to standard identification documents, BDMbet may request documentation verifying the source of funds, including financial records, bank statements, and employment verification. EDD may also include face-to-face meetings, interviews, or additional third-party checks to ensure the legitimacy of the client’s financial background.
2.4. Politically Exposed Persons (PEP)
Politically Exposed Persons are individuals who hold or have held a prominent public office, as well as their close relatives and associates. BDMbet applies a higher level of scrutiny to PEPs due to the increased risk of corruption, bribery, and other financial crimes associated with their position. PEPs are subject to enhanced ongoing monitoring, including periodic reviews of their account activity and transactions to detect any unusual behavior.
2.5. Ultimate Beneficial Ownership (UBO)
BDMbet is committed to identifying and verifying the Ultimate Beneficial Owners (UBOs) of its clients, especially in cases where complex legal structures are involved. This ensures that individuals who hold a significant ownership stake or exercise control over the business are properly identified. UBO verification may require a thorough review of corporate documents, shareholder registers, and legal agreements to ensure transparency and accountability.
3. Transaction Monitoring and Financial Crime Prevention
3.1. Automated Transaction Monitoring
BDMbet employs advanced transaction monitoring systems that operate in real-time, flagging any suspicious activity for review. These systems analyze transaction patterns, including the frequency, size, and nature of deposits and withdrawals. Any transactions that deviate from a client’s normal behavior are subject to further investigation. The system also cross-checks transactions against global watchlists and sanctions databases to ensure compliance with AML and anti-terrorism laws.
3.2. Structuring Transactions (Smurfing)
Structuring, also known as smurfing, refers to the practice of breaking large transactions into smaller amounts to avoid detection by financial institutions or regulators. BDMbet’s systems are designed to identify patterns indicative of structuring, such as multiple small deposits over a short period of time. When structuring is suspected, the account is flagged, and a full review of the customer’s account history is initiated to determine whether the activity is lawful.
3.3. Prevention of International Transfers
All international transfers involving BDMbet are scrutinized to prevent the transfer of funds linked to money laundering, terrorist financing, or sanctioned individuals or entities. The company cross-references transactions with international sanctions lists, including those maintained by the United Nations, European Union, and the U.S. Office of Foreign Assets Control (OFAC). Any transactions linked to high-risk jurisdictions or individuals are subject to enhanced due diligence and may be blocked or reported to the relevant authorities.
4. Reporting and Interaction with Regulators
4.1. Suspicious Activity Reports (SAR)
Under anti-money laundering (AML) regulations, BDMbet is required to file Suspicious Activity Reports (SAR) when there is suspicion that a client’s transaction may be linked to money laundering, terrorist financing, or other illicit activities. The filing of a SAR is triggered by transactions that appear unusual or inconsistent with the customer’s normal profile. Examples include large, unexplained transfers, frequent deposits followed by quick withdrawals, or transfers involving high-risk jurisdictions.
- Confidentiality: The submission of a SAR must be done confidentially, and the client under suspicion must not be notified, in line with anti-tipping-off laws. Failure to comply with this regulation can result in significant penalties for the company.
- Timeframe: SARs are typically required to be submitted within a specific timeframe after the suspicious activity is detected. BDMbet adheres to a 24-72 hour window for SAR submission, depending on jurisdictional requirements.
- Content of SARs: SARs must include detailed information about the suspicious transaction, including the customer’s identity, the nature of the transaction, and the reasons for suspicion. This information is then transmitted to the appropriate regulatory authority for further investigation.
4.2. Reporting to Regulatory Authorities
In addition to filing SARs, BDMbet is subject to regular reporting obligations to demonstrate compliance with AML regulations. These reports are submitted to the relevant regulators, such as Curaçao eGaming, and include comprehensive data on the company’s anti-money laundering efforts.
- Regular AML Reports: BDMbet submits quarterly and annual AML reports outlining the number of SARs filed, results of due diligence procedures, and any identified high-risk transactions. These reports ensure transparency and allow regulators to assess the effectiveness of the company’s AML measures.
- Compliance Audits: Regulatory authorities may require BDMbet to undergo compliance audits. These audits assess whether the company’s internal controls, transaction monitoring systems, and reporting mechanisms meet the required standards. Non-compliance may result in fines, sanctions, or loss of the company’s license to operate.
4.3. Transaction Screening Against Sanctions Lists
All financial transactions processed by BDMbet are screened against international sanctions lists to ensure compliance with global regulations. This includes sanctions lists maintained by the United Nations, European Union, and the U.S. Office of Foreign Assets Control (OFAC).
- Sanctions Screening: BDMbet employs automated sanctions screening software that cross-checks client names and transaction details against the latest sanctions lists. If a match is detected, the transaction is flagged for further review, and the account may be temporarily suspended pending investigation.
- High-Risk Jurisdictions: Transactions involving countries considered high-risk for money laundering or terrorism financing are subject to enhanced due diligence procedures. This includes additional verification of the client’s identity and the source of funds.
5. Technological Security Measures
5.1. Data Encryption and Transaction Security
BDMbet employs robust encryption protocols to protect customer data and financial transactions. Data is encrypted both at rest and in transit, using industry-standard Secure Sockets Layer (SSL) encryption. This ensures that sensitive information, such as personal identification details and financial data, is protected from unauthorized access or cyberattacks.
- End-to-End Encryption: All data exchanged between the client and the platform is encrypted, ensuring confidentiality and preventing interception by malicious third parties.
- Tokenization of Financial Data: Payment information is tokenized, meaning actual card or bank details are replaced with unique tokens. This adds an extra layer of security and minimizes the risk of data breaches.
5.2. Multi-Factor Authentication (MFA)
To safeguard client accounts and internal systems, BDMbet uses Multi-Factor Authentication (MFA). MFA requires users to verify their identity using two or more independent methods, such as a password and a one-time code sent via SMS or email.
- Client Authentication: Clients are required to enable MFA when accessing their accounts, particularly when conducting financial transactions. This mitigates the risk of account hijacking and fraud, even if login credentials are compromised.
- Employee Authentication: All employees, particularly those with access to sensitive client data or financial systems, are required to use MFA to log into the company’s internal systems. This prevents unauthorized access to critical systems and reduces the risk of insider threats.
5.3. Data Backup and Recovery
BDMbet has implemented comprehensive data backup and recovery protocols to ensure business continuity and data integrity in the event of a system failure, cyberattack, or other disruptions.
- Regular Backups: Data is backed up daily, with copies stored in secure, geographically dispersed locations. This ensures that in the event of data corruption or loss, the company can quickly restore critical systems and minimize downtime.
- Disaster Recovery Plans: BDMbet has established a formal disaster recovery plan, which outlines the procedures for restoring operations following a major disruption. This includes predefined recovery time objectives (RTO) and recovery point objectives (RPO) to ensure minimal impact on business operations.
6. Responsible Client Relationships
6.1. Informing Clients About Risks
BDMbet is committed to transparency and ensures that all clients are fully informed of the risks associated with gambling and financial transactions on the platform. During registration, clients are provided with information regarding responsible gambling practices, security measures, and the company’s AML policies.
- Responsible Gambling Information: Clients are informed about the risks of gambling addiction and are provided with tools to manage their gambling habits, such as setting deposit limits or self-exclusion.
- Security Awareness: BDMbet educates clients on best practices for account security, including the use of strong passwords, enabling MFA, and recognizing phishing attempts.
6.2. Account Suspension and Closure
BDMbet reserves the right to suspend or close client accounts if there is a suspicion that the account is involved in illegal activities such as money laundering, fraud, or unauthorized use. When such suspicions arise, the account is reviewed, and all transactions are temporarily halted until the investigation is complete.
- Temporary Suspension: During the suspension, clients are unable to access their accounts or conduct financial transactions. The suspension ensures that no funds can be moved while the investigation is ongoing.
- Account Closure: If the investigation confirms illegal activity, the account is permanently closed, and relevant authorities are notified. BDMbet follows strict anti-tipping-off rules, ensuring that clients are not informed of the investigation while it is active.
6.3. Internal Investigations and Disciplinary Measures
BDMbet has established protocols for conducting internal investigations when there is suspicion of illegal activities, whether by clients or employees. The investigation process includes a review of all relevant transactions, interviews with involved parties, and the examination of system logs.
- Internal Fraud Investigations: If fraud, collusion, or other forms of misconduct are suspected within the company, an immediate internal investigation is launched. Employees involved in the investigation are subject to interviews and may face disciplinary measures, including termination.
- Disciplinary Actions: Employees found to be complicit in illegal activities may face severe disciplinary actions, including termination and legal action. BDMbet upholds a zero-tolerance policy towards misconduct, ensuring that the company’s integrity is maintained at all times.
7. Transaction Limits and Thresholds
7.1. Daily and Monthly Limits
BDMbet enforces strict daily and monthly transaction limits to mitigate the risk of money laundering and ensure compliance with anti-money laundering (AML) regulations. These limits are designed to prevent the structuring of transactions to avoid detection and to help identify suspicious patterns of activity. The limits apply to both deposits and withdrawals, and are set according to the risk profile of the client.
- Daily Limits: Clients are allowed to withdraw up to a maximum of €9,000 per day. Exceeding this threshold triggers enhanced scrutiny under the company’s monitoring systems, and additional documentation may be required to verify the source of funds.
- Monthly Limits: BDMbet also imposes a cumulative monthly withdrawal limit, which is set at €30,000 for most clients. This limit helps ensure that the client’s financial activity remains within reasonable parameters, based on their profile and the information provided during the onboarding process.
- Adjustable Limits: BDMbet reserves the right to adjust daily and monthly limits for clients based on risk assessments, changes in the client’s transactional behavior, or other factors such as changes in the client’s financial circumstances.
7.2. Withdrawal Limit Policies
Withdrawal limits are set to control the flow of funds and to ensure that suspicious activities are flagged and investigated. BDMbet’s withdrawal policies are based on AML best practices and include automatic reviews when certain thresholds are met. These policies are designed to safeguard both the client and the company from financial crimes, including money laundering and fraud.
- Single Transaction Limit: The maximum withdrawal amount per single transaction is capped at €3,000. Any withdrawal exceeding this amount triggers an internal review to ensure that the transaction is legitimate and complies with regulatory requirements.
- Enhanced Due Diligence (EDD) on Large Withdrawals: Clients attempting to withdraw sums exceeding €3,000 in a single transaction or €9,000 over a 24-hour period are subject to Enhanced Due Diligence (EDD). This process requires additional verification steps, such as the submission of supporting documentation to confirm the source of funds.
7.3. Conditions for Applying Enhanced Due Diligence (EDD)
Enhanced Due Diligence (EDD) is applied to clients whose transactions exceed specific thresholds or who are classified as high-risk based on BDMbet’s internal risk assessment criteria. The purpose of EDD is to obtain a deeper understanding of the client’s activities and to ensure that the source of funds is legitimate.
- EDD Triggers: EDD is mandatory for clients conducting transactions over €3,000 in a single withdrawal or accumulating €9,000 in withdrawals within a 24-hour period. It also applies to clients with irregular transactional patterns, transactions involving high-risk jurisdictions, or clients identified as Politically Exposed Persons (PEPs).
- Additional Documentation: During EDD, clients may be required to submit additional documentation, including financial statements, bank records, or employment information, to verify the legitimacy of the funds being transacted. In certain cases, face-to-face meetings or interviews may also be conducted.
8. Client Screening Against Sanctions Lists
8.1. OFAC, EU, and UN Sanctions Screening Policy
BDMbet conducts thorough screening of all clients against global sanctions lists maintained by the U.S. Office of Foreign Assets Control (OFAC), the European Union (EU), and the United Nations (UN). This screening is designed to ensure that no financial transactions are conducted with individuals, entities, or countries subject to international sanctions, which could expose the company to significant legal and financial risks.
- OFAC Compliance: BDMbet is committed to complying with OFAC regulations, which prohibit business transactions with individuals or entities that are listed on the Specially Designated Nationals (SDN) List. This includes individuals associated with terrorism, narcotics trafficking, and other illicit activities. All new clients are screened during the onboarding process, and ongoing checks are performed to ensure compliance.
- EU Sanctions: The European Union sanctions regime applies to a broad range of activities, including restrictions on transactions with countries or individuals linked to terrorism, human rights violations, or other criminal activities. BDMbet screens all transactions to ensure compliance with EU sanctions regulations, and any matches are reported to the appropriate authorities.
- UN Sanctions: BDMbet adheres to the United Nations sanctions framework, which targets entities and individuals involved in the proliferation of weapons of mass destruction, terrorism financing, and violations of human rights. All transactions involving high-risk jurisdictions identified by the UN are subject to additional scrutiny and may be blocked pending further investigation.
8.2. Transaction Blocking Procedures
When a client or transaction matches a name or entity listed on any of the sanctions lists (OFAC, EU, or UN), BDMbet immediately takes action to block the transaction and initiate a compliance review. The following procedures are in place to handle such situations:
- Immediate Blocking: Once a transaction is flagged as potentially involving a sanctioned individual or entity, the transaction is blocked in real-time, and the client’s account is frozen pending further investigation.
- Internal Investigation: BDMbet’s compliance team conducts a thorough review of the flagged transaction, including verifying the client’s identity and any other pertinent information. If the investigation confirms a match with a sanctioned entity, the transaction remains permanently blocked.
- Reporting to Authorities: In the event that a blocked transaction is confirmed to involve a sanctioned individual or entity, BDMbet is required to report the transaction to the relevant regulatory authorities, including OFAC, the EU, or the UN, as applicable. The client may be subject to further legal action based on the findings of the investigation.
9. Data Management and Encryption
9.1. “Encrypt Whatever Can Be Encrypted” Policy
BDMbet adheres to the principle of “Encrypt Whatever Can Be Encrypted” to ensure the highest levels of data security. This policy mandates that all sensitive data, including personal information, financial records, and transactional data, must be encrypted both at rest and in transit. Encryption serves as a critical defense mechanism against unauthorized access, ensuring that even if data is intercepted, it remains unreadable without the proper decryption keys.
- Encryption Protocols: BDMbet uses industry-standard encryption protocols such as AES-256 and SSL/TLS to secure data. AES-256, with its 256-bit key length, provides one of the strongest levels of encryption currently available, ensuring that data remains secure both on internal servers and during transmission over public networks.
- Key Management: Secure key management practices are employed to ensure that encryption keys are stored and used in a protected environment. Keys are rotated regularly, and access to keys is restricted to authorized personnel only, reducing the risk of key compromise.
- Full Disk Encryption: All hard drives and storage devices containing client data are encrypted to ensure that even if physical storage is stolen or lost, the data remains protected. This ensures compliance with international data protection regulations, including GDPR.
9.2. Restricting Access to Client Data
BDMbet implements strict access control measures to limit access to client data based on the “need-to-know” principle. This ensures that only authorized personnel who require access to perform their job functions are granted permissions. By limiting access, BDMbet reduces the risk of internal data breaches and unauthorized data handling.
- Role-Based Access Control (RBAC): Access to client data is determined by the role and responsibilities of employees. Each role within the company is assigned specific permissions that dictate the level of access to client information. Regular audits are conducted to ensure that these permissions are appropriately assigned and maintained.
- Multi-Factor Authentication (MFA): All employees with access to sensitive client data are required to use multi-factor authentication (MFA) for added security. This ensures that access is only granted after successful verification through multiple layers, such as passwords and time-based one-time passwords (TOTP).
- Data Access Logs: Every access attempt to client data is logged, including the date, time, and identity of the user accessing the data. These logs are regularly reviewed for anomalies and unauthorized access attempts, ensuring that any suspicious activity is identified and mitigated promptly.
10. Social Responsibility and Gambling Addiction
10.1. Setting Limits for Clients
As part of its commitment to responsible gambling, BDMbet offers clients the ability to set personal limits on their gambling activities. These limits help clients maintain control over their spending and time spent on the platform, reducing the risk of gambling addiction.
- Deposit Limits: Clients can set daily, weekly, or monthly limits on the amount they can deposit into their accounts. Once the limit is reached, further deposits are restricted until the specified period has passed. This measure prevents clients from overspending or making impulsive financial decisions.
- Loss Limits: Loss limits allow clients to restrict the total amount of money they are willing to lose within a certain time frame. When the loss limit is reached, clients are automatically restricted from placing further bets until the period resets.
- Session Time Limits: Clients can set time limits on how long they can stay logged in to their accounts and gamble. Once the limit is reached, they are automatically logged out, promoting a healthier balance between leisure and responsibility.
10.2. Monitoring for Signs of Gambling Addiction
BDMbet actively monitors client behavior for signs of gambling addiction. This is achieved through data analysis and behavioral tracking, which helps identify clients who may be exhibiting problematic gambling patterns. Early detection allows BDMbet to take proactive steps to address the issue and offer support to affected clients.
- Behavioral Indicators: Indicators of potential gambling addiction include frequent deposits followed by significant losses, extended gambling sessions, and signs of financial distress. When these behaviors are detected, BDMbet reaches out to the client to offer assistance and may recommend setting limits or participating in self-exclusion programs.
- Self-Exclusion Programs: Clients who feel they are losing control over their gambling can voluntarily participate in self-exclusion programs, which block their access to the platform for a defined period. BDMbet ensures that clients are aware of this option and provides resources for additional support.
- Collaboration with Addiction Support Services: BDMbet partners with external organizations specializing in gambling addiction treatment and prevention. Clients showing signs of addiction are provided with contact information for these organizations and are encouraged to seek professional help.
11. Responsible Relationships with Partners
11.1. Verification of Beneficial Owners
As part of its anti-money laundering (AML) obligations, BDMbet requires that all partners and businesses it works with disclose their Ultimate Beneficial Owners (UBOs). This process ensures transparency and prevents any hidden ownership structures that could facilitate money laundering or other illegal activities.
- Due Diligence on Partners: BDMbet conducts thorough due diligence on all business partners, including verification of UBOs, to ensure that the partners operate in compliance with international AML standards. This includes reviewing ownership structures, financial statements, and any potential links to criminal activities.
- Disclosure Requirements: Business partners must provide full documentation verifying their UBOs, including shareholder registers and incorporation documents. BDMbet reserves the right to terminate any partnership if the provided information is found to be incomplete or inaccurate.
11.2. Non-Disclosure Agreements (NDA) and Conflict of Interest Prevention
BDMbet requires all partners to sign Non-Disclosure Agreements (NDAs) to protect sensitive business information and ensure that proprietary data is not shared with unauthorized parties. In addition, strict conflict of interest policies are enforced to maintain ethical business relationships.
- Non-Disclosure Agreements (NDA): NDAs are a standard part of BDMbet’s contractual relationships with third parties. These agreements ensure that confidential information, including business strategies, client data, and financial details, is protected from unauthorized disclosure.
- Conflict of Interest Policy: BDMbet actively monitors its partnerships to prevent conflicts of interest. Employees and partners are required to disclose any personal or financial interests that may conflict with the company’s business activities. Any potential conflicts are evaluated, and appropriate measures are taken to mitigate the risks.
- Regular Audits: BDMbet conducts regular audits of its business relationships to ensure compliance with NDAs and conflict of interest policies. Any violations are addressed promptly, with potential legal actions taken against violators.