2.1 Below is a list of all the relevant AML legislation and regulations pertaining:

• 2.1.1 Tobique gaming commission regulations concerning anti-money laundering and counter terrorism financing regulations.
• 2.1.2 Financial Action Task Force (FATF) and Asia/Pacific Group on Money Laundering (APG).

3.1 Money laundering is the process by which criminals attempt to hide and disguise the true origin and ownership of the proceeds or any other benefit of their criminal activities, thereby avoiding prosecution, conviction, and confiscation of the criminal funds. There are three stages in the process:

• 3.1.1 Placement: Cash first enters the financial system at the "placement" stage, where the cash generated from criminal activities is converted into monetary instrument


• 3.1.2 Layering: How the link between the funds and the criminal is concealed


• 3.1.3 Integration: Investing and/or recovering the funds in a way that looks legitimate.



3.2 As a Company policy we do not to accept cash as means of payment, Monkeytilt's AML Policy is focused to prevent the use of the Monkeytilt's activities and resources in the 2nd and in the 3rd stage.

4.1 Monkeytilt is mandated by the AML directives, as well as National Legislation and Regulations, to identify persons potentially carrying higher risk in order to prevent any misuse of its sites for criminal purposes. This procedure applies for all clients falling under the Tobique licence.

5.1 Monkeytilt carries out a risk assessment, taking into consideration all relevant money laundering and financing of terrorism risk factors. The assessment will consider the following factors:

• 5.1.1 Customer and Transaction Risk.
• 5.1.2 Product Risk.
• 5.1.3 Payment Risk.
• 5.1.4 Geographical Risk.
• 5.1.5 Delivery Risk.

5.2 The risk assessment and AML/CTF policy will be reviewed at least every 12 months or on the following basis:

• 5.2.1 In response to any changes in relevant regulation and/ or legislation.
• 5.2.2 In response to general guidance notes or best practice guidance issued by any relevant regulator.
• 5.2.3 in response to any regulatory action taken against any operator by any relevant regulator.
• 5.2.4 in response to findings of a relevant internal or external audit, or upon request of the management of the Monkeytilt.

6.1 Monkeytilt compliance officer/MLRO will monitor and manage compliance with internal communication of polices, controls and procedures adopted, and in particular:

• 6.1.1 Identify any situations at higher risk of money laundering or financing of terrorism.
• 6.1.2 Maintain a record of its risk assessment, changes to any assessment and its risk management policies, controls, and procedures.
• 6.1.3 Provide information to senior management about the operation and effectiveness of it policies, controls, and procedures.

7.1 Monkeytilt's KYC procedures will require prospective customers to create a full profile at point of registration (SDD). The mandatory information required at registration stage includes.

• 7.1.1 Full Name.
• 7.1.2 Residential address.
• 7.1.3 Country of residence.
• 7.1.4 Date of Birth.
• 7.1.5 E-mail address.

8.1 By following a risk-based approach, the appropriate due diligence can be applied to such a customer. This means that the higher the ML/FT risk is, the greater the level of due diligence will be applied.

8.2 Monkeytilt will complete the verification of identity and undertake such other CDD measures as are appropriate, and as reasonably practicable following the deposits of funds into the gaming account.

• 8.2.1 When money laundering and terrorist financing risks are effectively managed.
• 8.2.2 Upon first withdrawal request.
• 8.2.3 Within 30 days of the persons first deposit into the account.

8.3 A risk-based approach is applied in regards to obtaining up to date ID documents, when a customer is requested to provide new documents, any pending withdrawals will be held until satisfactory documents received.

Due Diligence documentation:

8.4 In order to verify the details on their player account, Monkeytilt will request the customer to provide a copy of one document from each of the categories listed below:

Personal identification

• 8.4.1 Valid Passport.
• 8.4.2 Valid driving License.
• 8.4.3 Valid National identification Document (Picture ID).

8.5 Where any such document does not allow verification of one’s residential address, the following documents will be requested.

Address verification

• 8.5.1 Utility Bill, which is less than 3 months old. Mobile phone bills are not sufficient. The bill provided must pertain to a service delivered to the address provided.
• 8.5.2 Tax Bill, which is less than 3 months old.
• 8.5.3 Copy of Bank Statement, which is less than 3 months old.

Source of Payment Verification

8.6 When we are unable to verify the ownership of the payment method, they customer will be required to provide:

• 8.6.1 Registered credit or debit card (Front only).
• 8.6.2 Account statement of payment registered with the account.

8.7 All documents received are vetted by employees and authenticity checks ensure the documentation is genuine and have not been tampered or are fake.

9.1 Customers are categorised based on their AML/CFT risk. The following risk factors are assessed:

• Customer and transaction Risk.
• Geographical Risk.
• Product Risk.
• Payment Risk.

Customers that are categorised as high risk are requested to provide enhance due diligence, all customers related as low or medium will be placed into internal monitoring.

10.1 Monkeytilt may initiate enhanced due diligence documentation as part of any account review.

• 10.1.1 Enhanced due diligence is requested from customers where we suspect, have knowledge,
• 10.1.2 Monkeytilt has doubts about the veracity or adequacy of previously obtained customer identification data.
• 10.1.3 The customers activity is not in line with the know profile of the person.
• 10.1.4 Where this is any indication that the identity of the customer is not correct or has changed.

10.2 When enhanced due diligence has been requested, the customer will be required to provide the following documentation:

Acceptable Enhanced due diligence documentation:

• 10.2.1 Payslips.
• 10.2.2 Bank statement showing salary being received.
• 10.2.3 Tax Return.
• 10.3.4 Company’s financials.
• 10.3.5 Savings.

10.3 Other type of documents may be requested depending on the persons occupation and activity on the account.

11.1 Internal control procedures have been designed to comply with the regulations, internal controls take the form of manual controls implemented on a daily basis by Company’s Operations Team.

11.2 Monkeytilt has a number of internal daily reports/controls which based on the customers certain activity will raise a flag to the operations team. Below is an example of transaction monitoring controls:

• 11.2.1 First time Deposit Report.
• 11.2.2 High Deposit Report.
• 11.2.3 High Balance Report.
• 11.2.4 Customers linked with the same device.
• 11.2.5 Customers linked by the same residential address.
• 11.2.6 Customers that are resident from high-risk countries.
• 11.2.7 Third Party funding.
• 11.2.8 Duplicate Account.

11.3 Monkeytilt will terminate the business relationship with the customer when notified by the game provider when the persons gameplay is deemed as suspicious.

12.1 As a company we monitor transactions which could be related to money laundering and terrorist financing. Special attention is given to complex or unusual trends or transactions. Daily reports are received to monitor and identify unusual patterns. All reports are handled by the Fraud Team who investigate customers and should suspicious activity they will escalate the matter to Compliance officer/MLRO via the Internal STR procedure.

12.2 The business shall conduct ongoing due diligence on the business relationship and scrutinize transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are consistent with the casino’s knowledge of the customer, their risk profile, including where necessary the source of funds.

12.3 As a company we shall ensure that documents, data, and information collected through the CDD, and EDD measures are kept up to date (ODD & OEDD).

12.4 Customers who request their personal information to be amended, will be required to provide suitable documentation to verify the change in information.

12.5 A risk-based approach is applied in regards to obtaining up to date ID documents, when a customer is requested to provide new documents, any pending withdrawals will be held until satisfactory documents received.

12.6 Customers that are rated as high risk and have provide enhanced due diligence documentation previously will be monitored regularly as part of on-going monitoring.

13.1 All new 3rd party’s/clients are vetted upon establishing a business relationship, and are requested to provide the below information and documents if appropriate:

• 13.1.1 Ownership and Control Structure (authenticated by one of the Directors).
• 13.1.2 Corporate structure chart.
• 13.1.3 CDD from Ultimate Beneficiary Owners (UBO’s) and Directors.
• 13.1.4 Corporate DD documents.
• 13.1.5 Company share register.
• 13.1.6 Certificate of incorporation.
• 13.1.7 Director register.
• 13.1.8 Certain Company policies.
• 13.1.9 Copy of Gaming License. (if applicable)

13.2 Once the documentation is provided the UBO, Directors, and signatories will be screened against adverse media, PEP’s sanctions list. Should any of the above persons be found linked to adverse media or identified as a PEP a decision will be made if the relationship should be terminated.

13.3 The business relationship will be terminated if any of the UBO. Directors or signatories are identified on the sanctions list.

13.4 All documentation must be satisfactorily completed and verified before the business relationship can be established.

13.5 As part of on-going monitoring, clients will be required to provide up to date documentation.

14.1 Monkeytilt checks all customers against the sanction list, if the customer is confirmed on this list their account will be closed and internal suspicious transaction report completed and escalated to the Compliance officer/MLRO.

14.2 All customers are re-screened are screened against the sanctions database as part of on-going monitoring.

15.1 The business checks all customers against the PEP database If the customer is confirmed as a PEP, the following process on politically exposed persons that a business relationship can continue:

• 15.1.1 Obtain approval from the money laundering reporting officer.
• 15.1.2 Establish the persons source of wealth and source of funds.
• 15.1.3 Conduct enhanced on-going monitoring.

15.2 All customers are re-screened against the PEP database as part of on-going monitoring.

16.1 Monkeytilt checks all customers against the adverse media list, if a customer is confirmed on this list, the person will be escalated to the Compliance officer/MLRO to investigate and determine if the business relationship should be terminated, enhanced due diligence documentation is required.

16.2 All customers are re-screened are screened against the Adverse Media list as part of on-going monitoring.

17.1 Monkeytilt risk management system, when possible will determine whether a customer, is a person, of family member or a close associate has connections to:

• 17.1.1 A sporting event, team, sporting association or organisation.
• 17.1.2 Monkeytilt accepts bets on that team, sport, or sporting event.

18.1 Monkeytilt will complete transaction report for amount of 10,000 CAD or more within 10 business days from the transaction taking place.

18.2 The report will contain the requirement information stipulated in the Tobique gaming commission regulations.

19.1 Geographical risk assessment is conducted on all countries that the Monkeytilt are accepting customers, the assessment will be completed using the below lists:

• 19.1.1 FATF/APG Jurisdictions under Increased Monitoring.
• 19.1.2 FATF/APG High Risk Jurisdictions subject to a Call for Action.
• 19.1.3 The US Department of State Money Laundering assessment (INCSR).
• 19.1.4 Basel AML Index.

19.2 Should Monkeytilt accept customers from high-risk countries identified on the above lists, the customer will be requested to provide customer due diligence upon making their first deposit attempt.

19.3 Monkeytilt may initiate enhanced due diligence when the persons nationality, country of birth, or transactions are from countries identified by the FATF and the APG.

20.1 Monkeytilt shall maintain records, containing the information and documentation necessary to decide whether the objective of the CDD measures referred for at least five years after the business relationship is ended, or after the date of the occasional transaction.

21.1 Monkeytilt has a legal responsibility to report an individual to the Commission if there is suspicion that the individual is laundering money, financing terrorist activities, or funding their gambling from the proceeds of crime.

21.2 If employees are in a position where they suspect that someone is laundering money or using the proceeds of crime, then they are required to report their suspicion using a pre-defined form called an Internal STR and submit it to the Compliance officer/MLRO. The internal Suspicious Money Laundering Transaction Report can be found in Appendix 1.

21.3 Once this information has been received, the Compliance officer/MLRO acknowledges and, as soon as practicable, reviews the information to determine if further profiling is appropriate.

21.4 Suspicions can also arise per investigation of an account, for example, finds adverse media, information received from law enforcements or a recent criminal judgement against the player. If this is the case the customer will be reviewed by the Compliance officer/MLRO.

21.5 A suspicious matter report concerning a suspected money laundering offence or other criminal offence will be submitted with 5 business days

21.6 A suspicious matter report concerning or in relation to possible financing of terrorism, will be submitted within 24 hours.

22.1 Monkeytilt will provide employees with an approved programme of training in relation to the topics and themes considered by the AML policy and procedures. Topics cover both money laundering and terrorist financing.

22.2 A written record will be retained of all training received by employees.

22.3 All employees are required to complete refresher training every 12 months.