ZunaBet Anti-Money Laundering (AML) Policy

1. Policy Statement

Strathvale Group Ltd, operating ZunaBet, maintains zero tolerance toward money laundering, terrorist financing, and financial crimes. We implement comprehensive systems ensuring full compliance with Malta FIAU, EU AML Directives, FATF recommendations, and international sanctions.

2. Risk Assessment Framework

2.1 Risk Categories

• Geographic Risk: Country risk ratings based on FATF assessments, sanctions restrictions, and corruption indexes.
• Customer Risk: PEPs (high), corporate entities (medium), individual customers (low-medium)
• Product Risk: High-value transactions, cross-border activities, virtual currencies

2.2 Risk Scoring

Automated systems evaluate transaction patterns, behavioral anomalies, geographic correlations, and device fingerprinting for real-time risk assessment.

3. Customer Due Diligence

3.1 Standard CDD

• Government-issued photo ID
• Proof of address (90 days)
• Payment method verification
• Source of funds declarations (€5,000+)

3.2 Enhanced Due Diligence

Required for:

• High-risk jurisdiction customers
• PEPs and associates
• Complex ownership structures
• Transactions exceeding €15,000/month

Additional requirements: source of wealth documentation, senior management approval, and enhanced monitoring.

4. Transaction Monitoring

4.1 Automated Systems

Real-time screening includes:

• Sanctions matching
• PEP identification
• Velocity detection
• Behavioral analytics
• Structured transaction recognition

4.2 Red Flags

• Rapid deposit/withdrawal cycles without gaming
• Transactions below reporting thresholds
• Multiple funding sources to single accounts
• Minimal gaming relative to transaction volume
• Coordination between accounts

4.3 Reporting Timeline

• System alerts: Within minutes
• Initial review: 4 hours
• Investigation: 48 hours
• External reporting: Per legal requirements

5. Sanctions Compliance

5.1 Screening Lists

Real-time screening against OFAC, EU, UN, UK HM Treasury, and national sanctions lists plus Interpol databases.

5.2 Response Procedures

Immediate account freezing, regulatory notification, asset preservation, and internal incident response for violations.

6. Third-Party Management

Payment processors must demonstrate:

• Valid regulatory licenses
• AML compliance programs
• Regular auditing
• Sanctions screening capabilities
• Incident reporting procedures

7. Record Keeping

7.1 Retention Periods

• Customer records: 5 years after termination
• Transactions: 5 years from date
• SARs: 5 years from filing
• Training: 3 years

7.2 Security

• Encrypted data storage
• Role-based access
• Secure disposal procedures
• Business continuity planning

8. Training Requirements

8.1 All Staff

• Regulatory compliance
• ML/TF typologies
• CDD procedures
• Suspicious activity recognition
• Record-keeping standards

8.2 Specialized Training

Customer-facing staff receive interaction procedures; compliance personnel get advanced investigation techniques; management receives governance training.

9. Governance

9.1 MLRO Responsibilities

• Program implementation
• Regulatory relationships
• SAR preparation
• Staff training coordination
• Risk assessment management

9.2 Board Oversight

Annual program review, risk appetite setting, compliance accountability, and external auditor oversight.

10. Suspicious Activity Reporting

10.1 Triggers

• Money laundering transaction patterns
• Terrorist financing indicators
• Sanctioned party involvement
• Structuring attempts
• Customer evasion behavior

10.2 Process

Internal escalation within 24 hours, MLRO review within 72 hours, regulatory filing within 15 business days.

11. Incident Response

11.1 Classification Levels

• Level 1: Individual suspicious activity, routine alerts
• Level 2: Multiple related cases, system failures
• Level 3: Large-scale schemes, confirmed violations

11.2 Response Timeline

• Immediate (0-4 hours): Assessment, notifications, asset freezing
• Short-term (4-48 hours): Investigation, regulatory reporting
• Long-term (48+ hours): Documentation, process improvement

12. Technology Controls

Advanced systems include real-time monitoring, automated screening, risk scoring, case management, machine learning analytics, and secure infrastructure with multi-factor authentication.

13. Continuous Improvement

Regular policy reviews, best practice implementation, emerging risk assessment, performance metrics tracking, and technology advancement evaluation.

Key Performance Indicators

• Investigation completion times
• False positive reduction
• Regulatory examination ratings
• System efficiency metrics
• Training effectiveness measures