Kyc

Scope and regulatory basis

Yy123 operates under the authority of the Curaçao Gaming Control Board. This policy governs Know Your Customer and anti‑money laundering controls for all players and all gaming transactions conducted on the platform, including deposits, bets, and withdrawals. The policy aligns with applicable Curaçao statutory instruments and international best practices for customer due diligence and suspicious activity reporting.

Definitions

• Money Laundering (ML): the process of concealing the illicit origin of funds to integrate them into legitimate financial activity.
• Terrorist Financing (TF): the provision or collection of funds for the execution of terrorist acts, regardless of fund origin.
• Proliferation Financing (PF): funding or financial services used to acquire or transfer weapons of mass destruction.
• Customer Due Diligence (CDD): the set of verification measures applied to identify, verify, and understand the customer and the purpose of the relationship.
• Enhanced Due Diligence (EDD): intensified verification and monitoring applied to higher‑risk customers or transactions.
• Politically Exposed Person (PEP): an individual who holds or has held a prominent public function or a close associate or family member, presenting elevated risk for ML/TF.
• Sanctions Screening: verification of customers and transactions against applicable sanctions lists and reliable sources.
• Unusual Transaction Report (UTR): a report to the competent authority when a transaction or pattern raises ML/TF concerns.

Governance and oversight

The Company appoints a Compliance Officer responsible for implementing this policy, maintaining records, and coordinating regulatory reporting. The Board conducts an annual review of the policy and facilitates relevant governance processes. Records of decisions made under this policy are retained and available to the Curaçao Gaming Control Board upon request. All regulatory reporting is performed in accordance with applicable law and protection of personal data.

Customer Risk Assessment (CRA)

During onboarding, each player is assigned a risk rating based on factors including source of funds, geographic origin, product usage patterns, and channel of onboarding. Risk levels are designated as low, medium, or high. The outcome of the CRA dictates the level of CDD and ongoing monitoring required for the relationship. CRA documentation is maintained by the Compliance Department and subject to regular audit.

Customer Acceptance Policy (CAP)

• Risk‑based acceptance criteria: on‑board only those customers whose risk rating falls within the approved appetite. Higher‑risk profiles trigger enhanced controls and ongoing monitoring.
• Sanctions and PEP screening: all customers are screened against UN/EU sanctions lists, Curaçao authorities lists, and reputable PEP databases. If a customer is identified as a PEP or sanctioned, senior management approval and source of funds verification are required, with enhanced monitoring applied.
• Grounds for declining or terminating relationships: inability to complete CDD within the required timeframe; submission of fraudulent or unverifiable documents; confirmed or suspected link to sanctions or illicit activity; any suspicion of money laundering or terrorist financing.
• Documentation and governance: CAP decisions are documented with rationale and data, reviewed annually or upon material regulatory change, and overseen by the Compliance Officer.

Customer Due Diligence (CDD)

CDD is implemented on a risk‑based basis. Triggers for CDD include: a player engaging in transactions equal to or above NAf 4,000; an occasional transaction exceeding NAf 4,000 (individually or as linked transactions); suspicion of ML/TF; doubts about previously obtained information. CDD comprises:

• Identification and verification of the customer’s full name, permanent residential address, date and place of birth, nationality, and identity number.
• Verification through valid government‑issued documents containing a photograph (e.g., passport, national ID) with the document presented in full.
• Verification of residential address through secondary evidence (utility bill or bank statement not older than six months).
• Verification of source of funds and, where required, source of wealth; assessment of the purpose and expected nature of the relationship.
• Ongoing monitoring of the account and transactions, with updates to the customer profile when material information changes.

Documents are submitted by players via the Documents tab within the My Account section. Verification timelines are as follows: standard review of submitted documents is completed within three (3) business days after receipt, subject to clarifications or requests for additional information. If withdrawal is requested prior to verification, updated documentation must be provided within 30 days to avoid suspension of the payout request.

Proof of documentation by method

• Card payments: copies of all debit/credit cards used on the account must display the cardholder’s signature and the first six and last four digits. To protect security, the CVV and the middle digits must be redacted.
• eWallets: a screenshot of the eWallet account showing the registered email, account number, and visible personal information.
• Bank statements: a statement from the last three months showing the bank name, account number, IBAN, and BIC; all four corners must be visible; statement may be hardcopy or PDF; a corresponding PDF/screenshot showing a deposit to the platform is also requested.
• Crypto currencies: a screenshot of the wallet profile and a transaction screenshot showing the associated email and user ID.
• Pre‑paid vouchers: not eligible for verification or KYC substantiation.

Onboarding and document submission flow

On onboarding, players are prompted to upload required documents from the Documents tab. The Compliance team may request additional information if any document is unclear or inconsistent. The process aims to prevent the use of the platform for illicit purposes and to protect players and the operator alike.

Sanctions, PEP screening and ongoing monitoring

All customers undergo ongoing sanctions and PEP screening on onboarding and at regular intervals. If a customer is identified as a PEP or appears on sanctions lists, higher level review and ongoing monitoring are applied. The platform maintains ongoing surveillance of activity patterns to detect unusual or suspicious behavior and to identify potential ML/TF risk throughout the relationship.

Enhanced Due Diligence (EDD)

EDD is applied where the assessed risk exceeds the institution’s baseline. Measures include: heightened source of funds validation, enhanced review of transaction patterns, increased monitoring frequency, and management approval for continued activity. EDD may involve additional data collection, geo‑fencing, device fingerprinting, or location verification where appropriate and permissible under law.

Ongoing monitoring and reporting

The Company maintains ongoing monitoring of all active accounts to detect and report suspicious activity. Suspected ML/TF activity is reported to the appropriate authority in accordance with applicable law. The Company will file a UTR where required and will preserve client confidentiality in line with regulatory obligations.

Recordkeeping and data retention

All records generated under this policy, including identities, verification documents, risk assessments, and transaction records, are retained for a minimum of five years following account closure or as otherwise required by law. Access to records is restricted to authorized personnel and regulatory authorities in accordance with data protection provisions.

Cash handling and transaction controls

The operator restricts cash‑based transactions in accordance with applicable law. Cash transfers between individuals in amounts equal to or greater than EUR 12,500 are prohibited; such transactions must be conducted via regulated banking channels, such as bank transfers or electronic payments, where available and compliant with policy rules.

Roles, responsibilities and escalation

The Compliance Officer is responsible for day‑to‑day AML/KYC operations, including maintaining records, enforcing controls, and coordinating regulatory reporting. Any concerns or requests for information from regulators should be escalated through the formal channels outlined in the governance framework.

Contact information

Players may contact the Compliance team through the designated secure channels for questions about identity verification, data retention, or requests to review or rectify personal data in accordance with applicable data protection laws.