Winner Island Casino — AML Policy

Every customer relationship is risk-rated using a documented framework that weighs customer profile, country of residence, product mix, transaction patterns and how the relationship was opened. Each player is sorted into a low, medium or high risk band, and the depth of due diligence applied scales with that band.

The assessment itself is reviewed at least once a year by our Money Laundering Reporting Officer (MLRO), and re-run from scratch whenever there is a material change to our products, customer base or the surrounding regulation.

You must complete identity verification before any withdrawal can be released and, in any case, before reaching the regulatory trigger of €2,000 in cumulative deposits or wagers (whichever lands first). Verification needs a valid government-issued photo ID — passport, driving licence or national ID — plus a proof of address dated inside the last three months (utility bill, bank statement or council-tax bill).

We rely on regulated electronic identity-verification providers and may cross-check credit-reference data, mobile-network signals and database lookups. Where electronic checks fail to confirm a result, our analyst team performs a manual document review.

Anonymous accounts, accounts in fake names and accounts opened on behalf of an undisclosed third party are not accepted under any circumstances.

EDD kicks in for any customer that scores as higher risk: politically exposed persons (PEPs) and their close associates; residents of high-risk third countries listed by the FATF or HM Treasury; customers whose source of funds or wealth is unclear; and customers whose live transaction profile diverges meaningfully from the picture they provided at onboarding.

EDD measures can include additional ID, payslips, tax returns, sale-of-property contracts or letters from regulated professionals (accountants, solicitors), plus explicit senior-management sign-off to keep the relationship open.

We may ask you to evidence the source of the specific funds you are depositing (salary credits, savings transfers, sale proceeds) and your overall source of wealth (employment, business income, inheritance, investments). We will tell you exactly which document types we can accept up front so you don't have to guess.

If the requested evidence isn't provided inside a reasonable window, we may suspend deposits and gameplay and, in some cases, return funds to source after deducting any losses or applicable fees, in line with our regulatory obligations.

Every customer, beneficial owner and connected party is screened on day one and continuously thereafter against the consolidated UK sanctions list (OFSI), the EU consolidated list, the UN Security Council list, the US OFAC SDN list, and global PEP and adverse-media databases.

A confirmed match triggers immediate account suspension, an asset freeze and a report to OFSI. We will not unfreeze funds or process payments without explicit OFSI authorisation.

Real-time and post-event monitoring covers deposits, withdrawals, transfers and gameplay. Automated rules look for rapid deposit-withdrawal cycles with little or no actual play, deliberate structuring below thresholds, unusual peer-to-peer flows, sharp jumps in stake size and cycling between several payment instruments.

Every alert is triaged by a trained analyst and escalated to the MLRO when the pattern warrants it.

Where we know, suspect or have reasonable grounds to suspect that funds are the proceeds of crime or are heading towards terrorism, our MLRO files a SAR with the National Crime Agency through the SAR Online portal. We will not tell the customer that a SAR has been raised — doing so is a criminal offence under section 333A of the Proceeds of Crime Act.

Staff are barred by law from disclosing the existence of any internal investigation, SAR or AML enquiry to the customer or to any third party other than authorised regulators and law enforcement.

Every Winner Island employee completes AML, counter-terrorist financing, sanctions and bribery training on induction, then refresher modules at least annually. Customer-facing and risk-team staff get an enhanced curriculum tailored to their role. Training records are kept for five years and audited internally.

Customer due-diligence documents, transaction records and internal AML reports are retained for at least five years from the end of the business relationship or the date of the relevant transaction, whichever falls later. Records are stored on encrypted, access-controlled systems and made available to regulators on request.

Our nominated officer (MLRO) is registered with our regulator, Anjouan Gaming (licence ALSI-202411081-FI2), and reports straight into the Board. The MLRO produces an annual AML report covering policy effectiveness, training metrics, SAR statistics and any remediation actions completed during the year. The Board reviews and re-approves this AML Policy at least once a year.