MAGIC MOBI LIMITED AML POLICY
Effective October 1, 2024- 1. Overview of the Policy
-
1.1 Scope
This policy applies to all employees, directors, and contractors of the Company.
1.2 Understanding Money Laundering and Terrorist Financing
The management and board of directors of Magic Mobi Limited (“the Company”) are fully committed to addressing money laundering activities. Money laundering involves acts aimed at concealing or disguising the true source of funds obtained through illegal activities, making them appear legitimate.
Typically, the process of money laundering is divided into three main stages:
· Placement: Illegally obtained cash is converted into financial instruments such as money orders or traveler’s checks or deposited into financial accounts.
· Layering: Funds are moved between accounts or financial institutions to obscure their origin further.
· Integration: The funds are reintroduced into the economy, appearing as legitimate and used to acquire assets or support lawful businesses or activities.
Terrorist financing, on the other hand, may not always involve funds derived from illegal activities. It often entails efforts to hide the source or intended use of funds that will ultimately support criminal actions.
1.3 Components of the AML Policy
The Company has implemented a risk-based Anti-Money Laundering (AML) program tailored to its operations to prevent, detect, and report potential money laundering activities to relevant authorities or third parties.
The AML policy is supported by the following elements:
· Risk Assessment Methodology
· Staffing
· Information Sharing with Third Parties
· Sanctions Screening
· Know Your Customer (KYC) Processes, including:
Customer Identification Program (CIP)
Customer Due Diligence (CDD)
Customer Risk Rating (CRR)
Enhanced Due Diligence (EDD)
· Transaction Monitoring (TM) and Investigations
· Suspicious Transaction Reporting
· AML Record Keeping
· Training Programs
· Independent Testing Program - 2. Magic Mobi Operations
-
2.1 Limits on Funds and Transactions
Withdrawal Restrictions
To uphold corporate standards, the Company enforces a strict policy allowing only one account per customer device. Additionally, only individual customers (natural persons) are permitted to open accounts with the Company.
Deposit Restrictions
The Company has established the following deposit limits to ensure compliance and reduce financial risks:
a. No customer may deposit more than $1,000 daily.
b. A customer’s total deposits may not exceed $20,000 monthly.
c. Single tournament entry fees are capped at $100.
d. Customers are limited to five top-ups within a 30-minute timeframe, with a total value not exceeding $500.
e. Fund transfers between customer accounts are prohibited.
Payment Methods
All payouts to customers must be made using one of the following methods:
a. A check issued from the Company’s U.S. bank account, payable to the customer and sent to the registered address on file.
b. A refund issued to the credit card used by the customer for their initial deposit.
c. A payment processed through the customer’s PayPal account that was used for deposits.
d. Other methods the Company may adopt in the future.
2.2 Commitment to Skill-Based Gaming
The Company is dedicated exclusively to offering skill-based head-to-head and tournament gaming. It refrains from engaging in business activities associated with higher money laundering risks, including:
· Casino gaming or sports betting
· Check cashing services
· Currency exchange or dealing
· Sale of traveler’s checks or money orders
· Businesses in adult entertainment, liquor sales, or illicit drugs
· Rental services, such as apartments or hotel rooms - 3. Risk Assessment
-
3.1 Overview
The Company’s senior management and Compliance team have thoroughly analyzed the Company’s operations, seeking advice from external legal experts and relevant professionals to evaluate the potential risks of money laundering or involvement with sanctioned individuals or entities.
To assist senior management in effectively understanding risks associated with Bank Secrecy Act (BSA), Anti-Money Laundering (AML), and Office of Foreign Assets Control (OFAC) compliance, the Compliance team will conduct ongoing assessments of the Company’s risk profile and business activities. In cases of complexity, the Compliance team may engage external consultants with specialized expertise.
3.2 BSA/AML/OFAC Risk Assessment Process
The process for assessing risks related to BSA, AML, and OFAC compliance involves two primary steps:
a. Identifying specific risk categories unique to the Company’s operations, such as customer profiles, geographic regions, and product or service offerings.
b. Conducting a detailed analysis of the identified risks to better evaluate the exposure within each category.
Risk assessments will be conducted periodically, typically on an annual basis, unless extraordinary circumstances necessitate more frequent evaluations. The timing of these assessments will be determined by the Compliance Officer (CO).
Through this process, the Company aims to obtain a clear understanding of its risk profile, enabling the development of targeted policies and controls to mitigate potential threats. This analysis will consider factors such as:
· Connections between customer accounts and devices
· The actual or expected activity in accounts
· Customers’ geographic locations
· The types of products and services utilized by customers
3.3 Risk-Based AML Program
The Company has established an AML program tailored to its specific risk profiles, informed by continuous risk assessments. The program emphasizes effective monitoring and management of risks related to BSA, AML, and OFAC compliance. Monitoring systems will prioritize high-risk products, services, customer segments, and geographic areas identified through the risk assessment process.
The Company is committed to continually improving its risk assessment methodology to address evolving risks and regulatory requirements. - 4. Compliance Department Organization
-
4.1 Leadership in Anti-Money Laundering Compliance
In alignment with the USA PATRIOT Act of 2001, the Company has designated its Director of Legal, Cong Pan, as the Anti-Money Laundering Compliance Officer (CO). The CO is tasked with overseeing and ensuring the effective implementation of the Company’s AML program. Reporting directly to the CEO, the CO is well-versed in the requirements of the PATRIOT Act and the Bank Secrecy Act as they pertain to the Company’s operations.
The CO’s responsibilities include:
· Maintaining accurate AML records.
· Ensuring appropriate submission of Suspicious Activity Reports (SARs) to financial institutions for further reporting to authorities when illegal or suspicious activities are detected.
· Assigning cases to AML team members as needed and coordinating with the SAR Referral Committee for final determinations on SAR filings. The Committee includes the CO, the General Counsel, and other designated employees.
Upon a final decision from the SAR Referral Committee, the Company has 30 days to submit the SAR to the relevant financial institution.
4.2 Compliance Department Structure
Title Role Overview Responsibilities Legal Director (CO) Oversees overall compliance program performance Advises on new and existing laws impacting business functionality, manages legal risks, and oversees claims and litigation. Legal Manager Focuses on U.S. AML compliance and research Leads complex legal projects crossing jurisdictions, geographies, and business areas. AML Analyst Conducts KYC reviews and supports compliance operations Performs customer due diligence (CDD) and enhanced due diligence (EDD), monitors transactional activity, and assesses financial crime risks.
- 5. Sharing AML Information with Third Parties
-
The Company collaborates with its financial institution partners to identify and report potential money laundering and terrorist financing activities. This includes sharing information through Suspicious Activity Report (SAR) referral forms, as deemed appropriate by the SAR Referral Committee, to assist these institutions in fulfilling their reporting obligations.
To maintain the confidentiality and security of this information:
· The Company ensures that only relevant data is shared.
· AML-related records are segregated from other business documents.
· Strict procedures are followed to protect sensitive information.
In compliance with AML regulations, the Company monitors customer activity, including identification data, and shares necessary information with banking partners to support their decision-making regarding account management and transaction processing. - 6. Sanctions Screening
-
6.1 Risk Assessment for Sanctions Compliance
Based on its business model, low transaction limits, and typical customer profile, the Company has determined that its risk of involvement in money laundering or noncompliance with economic sanctions is minimal. The following measures have been established to mitigate this risk:
6.2 OFAC Sanctions List Screening
Before allowing customers to deposit or withdraw funds, the Company partners with Sumsub (or an equivalent future vendor) to screen customer information against the following sanctions lists, maintained by the United States Department of the Treasury’s Office of Foreign Assets Control (OFAC):
· Consolidated Sanctions List
· Specially Designated Nationals (SDN) List
· Sectoral Sanctions Identifications List
· Foreign Sanctions Evaders List
· Non-SDN Palestinian Legislative Council List
· Foreign Financial Institutions Subject to Sanctions List
· United Nations Security Council Sanctions List
· HM Treasury’s List
· European Union Consolidated Sanctions List
If a customer appears on these lists or originates from an embargoed country or region, their transaction will be blocked, their assets frozen, and a report submitted to OFAC.
6.3 Politically Exposed Persons (PEP) Screening
Sumsub also screens customers against global databases for politically exposed persons (PEPs) and individuals of economic, criminal, or political interest. Screening outcomes are reviewed regularly, and updates are implemented to ensure accurate list management.
If a customer is identified as a PEP, the Company will assess the associated risks and may close their account if necessary. Records of all sanctions and PEP screenings are maintained for at least five years. - 7. Know Your Customer (KYC) Policy
-
7.1 Customer Identification Program (CIP)
The Company maintains a comprehensive and documented Customer Identification Program (CIP) to verify the identity of all customers. This program applies to individuals signing up for accounts to participate in the Company’s games.
Key components of the CIP include:
· Collecting required identification details during a customer's first withdrawal attempt.
· Using Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) to verify identities for higher-risk accounts.
· Assigning unique customer IDs for account access secured by user-generated passwords.
· Comparing customer information with government-issued sanctions and watchlists.
For cases involving suspected unfair gameplay methods, such as customers hiring others to win tournament bonuses, additional verification (e.g., video evidence of gameplay) may be required.
7.2 Required Customer Information
Before allowing withdrawals from an account, customers must provide the following details:
a. Full name
b. Address (street address, APO, or FPO)
c. Date of birth
d. A photo ID when:
· Total withdrawals exceed $1,000.
· Deposits are less than $100, but lifetime earnings exceed $300.
Photo IDs must be valid, government-issued, and confirm nationality, residence, and include a photo. Without valid ID, withdrawals will be denied.
7.3 Refusal to Provide Information
If a customer refuses to supply the required information or provides misleading details, the Company will freeze their account until the Compliance Officer (CO) is satisfied with the verification. If necessary, the incident may be reported to financial institution partners.
7.4 Verification of Information
The Company ensures the authenticity of customer identities through both documentary (e.g., government-issued IDs) and non-documentary methods. In cases of fraud suspicion, non-documentary methods supplement initial verification. Logical inconsistencies in customer-provided data are thoroughly analyzed.
If customer identity cannot be reasonably verified:
a. Withdrawals will be blocked while attempts to verify continue.
b. The matter may be escalated to the SAR Referral Committee for potential reporting to financial institutions.
7.5 Recordkeeping
The verification process, including identifying information, verification methods, and discrepancies, is documented. Records are retained for at least five years after an account is closed, with the first two years accessible for immediate reference.
7.6 Notification to Customers
The Company informs customers, verbally or in writing, about the requirement to provide identification under federal law, emphasizing its role in combating terrorism and money laundering. - 8. Customer Due Diligence (CDD)
-
8.1 Overview
Customer Due Diligence (CDD) is essential for assessing and mitigating AML risks. It involves verifying customer-provided information and evaluating potential risks associated with their activities. This process ensures customers are who they claim to be and helps protect the Company from bad actors, fraud, and reputational harm. 8.2 Required Attributes for CDD
Customer profiles are automatically populated with data collected through the Customer Identification Program (CIP) and integrated third-party screening systems. Attributes include, but are not limited to:
· Number of accounts held by the customer
· Number of distinct IP addresses and devices used
· Deposit and withdrawal channels
· Cash flow patterns (e.g., deposits-to-withdrawals ratio)
· Account creation date
· Activity history, including deposits, withdrawals, and gameplay
8.3 Politically Exposed Persons (PEP) Screening
Customers are also screened for PEP status using Sumsub (or another vendor). If a customer is identified as a PEP, the Company evaluates whether their risk level warrants account closure. Records of these screenings are maintained for at least five years. - 9. Customer Risk Rating (CRR)
-
9.1 CRR Methodology
The Customer Risk Rating (CRR) process evaluates the potential AML risk posed by a customer. It considers factors such as demographics, geographic location, account details, and transactional activities to calculate a risk score. This score determines the level of scrutiny required, particularly for high-risk customers.
CRR can be recalculated at various stages of the customer lifecycle to reflect changes in risk exposure. Attributes influencing CRR include:
· Customer details (e.g., age, PEP status)
· Account information (e.g., balance, withdrawal history)
· Activity patterns (e.g., deposits, gameplay)
9.2 Enhanced Due Diligence (EDD)
High-risk customers or transactions identified through CRR undergo Enhanced Due Diligence (EDD). Trigger events for EDD include:
a. Significant increases in CRR scores.
b. High-risk CRR evaluations.
c. Identification as a PEP.
d. Other cases as determined by the Compliance Officer.
EDD involves deeper investigations such as negative news screening, detailed KYC profile reviews, and additional due diligence using external sources. These procedures are outlined in the Company’s KYC processes. - 10. Conducting Transaction Monitoring (TM) for Suspicious Activity
-
10.1 Overview
The Company employs both manual processes and automated systems to monitor customer transactions, ensuring unusual or potentially suspicious activity is identified. Patterns such as atypical transaction size, volume, frequency, or geographic locations are flagged for review. The Compliance Officer (CO) oversees monitoring activities and, in collaboration with the SAR Referral Committee, decides whether to file Suspicious Activity Reports (SARs).
10.2 Identifying Red Flags
Certain behaviors or transaction patterns may indicate money laundering or terrorist financing. Examples of red flags include:
· Customers exhibiting excessive concern about AML policies or providing suspicious identification documents.
· Providing false or misleading information about the source of funds.
· Lack of concern for transaction costs or frequent large transactions.
· Customers originating from or linked to high-risk jurisdictions identified by the Financial Action Task Force (FATF).
· Financial activity that lacks a clear purpose, such as repeated deposits and withdrawals without engaging in gameplay.
· Requests to process transactions in a manner that avoids documentation or involves third parties.
10.3 Transaction Monitoring Scenarios
Transaction monitoring uses predefined scenarios based on identified risks, such as AML red flags and the Company's risk assessments. These scenarios are designed to detect suspicious patterns in deposits, withdrawals, and account activity. Regular updates ensure alignment with evolving risks and business activities.
10.4 Responding to Red Flags
When suspicious activity or alerts are detected:
a. The Compliance team investigates according to established procedures.
b. Additional information may be requested from the customer or third-party sources.
c. Actions such as freezing accounts, contacting authorities, or filing SARs may be taken, depending on the findings.
10.5 Emergency Reporting
In urgent situations—such as when a customer is linked to a sanctioned region or suspected of funding terrorism—the Company immediately notifies federal authorities. Emergency contacts include the OFAC Hotline (1-800-540-6322) or its online portal. - 11. AML Record Keeping
-
11.1 Maintaining Financial Transaction Records
The Company is committed to maintaining detailed records of all customer transactions to ensure compliance with AML regulations and facilitate the reconstruction of customer activities if required. The following information will be recorded and preserved for at least five years
11.2 Customer Information
· Data provided during account registration, including identification details and verification methods.
· Records of communication between the customer and the Company regarding account activity.
11.3 Transaction Details
· Documentation of deposits and withdrawals, including methods used (e.g., credit card, PayPal, or checks).
· A complete ledger of all activity within a customer’s account.
11.4 Gameplay Records
· Sufficient data to recreate the gaming activity for each customer, ensuring transparency and traceability.
These records will be stored in a manner that ensures they are accessible for immediate review during the first two years and securely archived for the remaining retention period.
11.5 Confidentiality and Maintenance of SAR Referrals
SAR referrals and related documentation are treated with strict confidentiality. The Company adheres to the following principles:
· SAR-related records are segregated from other corporate documents to avoid accidental disclosure.
· Only financial institution partners, law enforcement, or regulatory agencies may access SAR information.
· The Company will refuse any subpoena requests for SARs unless explicitly required by law and will notify financial institution partners if such requests are received.
11.6 Responsibility for AML Records
The Compliance Officer (CO) and designated personnel are responsible for ensuring all AML-related records are properly maintained. This includes:
· Verifying that suspicious activity has been thoroughly investigated and accurately documented.
· Ensuring SAR referrals and supporting documents are retained for a minimum of five years.
· Coordinating reviews of suspicious activity by the SAR Referral Committee to confirm appropriate actions have been taken.
11.7 Periodic Review of Records
To ensure compliance and data integrity, the CEO, General Counsel, or an independent third party will periodically review the CO’s records of suspicious activity. The reviewer will:
· Verify that all reported activities were appropriately handled.
· Identify any missed suspicious activity that warrants further investigation.
By implementing these record-keeping policies, the Company aims to ensure full compliance with AML regulations, safeguard customer data, and maintain transparency in its financial activities. - 12. Training Programs
-
12.1 General Training for Employees
The Company has implemented a comprehensive AML training program designed to educate all employees about their roles in preventing and detecting money laundering activities. Under the leadership of the Compliance Officer (CO), this program ensures employees are equipped with the knowledge and tools to maintain compliance with federal laws, including the USA PATRIOT Act.
Key components of the training include:
Identifying Red Flags:
Employees are trained to recognize indicators of suspicious activity, such as unusual customer behavior, inconsistent documentation, or abnormal transaction patterns.
Responding to Risks:
Training provides clear guidelines on the steps employees should take when they identify potential risks, including reporting suspicious activities to the appropriate personnel.
Understanding Roles:
Employees learn their specific responsibilities within the Company’s AML framework, ensuring alignment with compliance efforts.
Record Retention Policies:
Employees are educated on the Company’s record-keeping requirements, emphasizing the importance of maintaining accurate and secure documentation.
Consequences of Non-Compliance:
Training highlights the disciplinary actions, including civil and criminal penalties, that may result from non-compliance with AML regulations.
12.2 Frequency and Documentation of Training
· Training sessions are conducted annually, or more frequently if necessary, to address updates in AML laws, industry standards, or Company policies.
· Records of training sessions, including attendee lists, training dates, and covered topics, are maintained to demonstrate compliance with training obligations.
12.3 Specialized Training for Compliance Personnel
Certain employees, particularly those involved in compliance activities, receive additional specialized training. This advanced training focuses on:
· Complex AML scenarios, such as enhanced due diligence (EDD) and transaction monitoring.
· Emerging risks and regulatory changes that may impact the Company’s operations.
· Effective use of AML tools and systems to identify and mitigate risks.
Written procedures are updated regularly to incorporate these specialized training requirements, ensuring that compliance personnel remain at the forefront of AML best practices.
12.4 Onboarding Training for New Employees
New hires undergo AML training during their onboarding process. This training introduces them to:
a. The fundamental principles of anti-money laundering.
b. The Company’s commitment to upholding AML standards.
c. Procedures for identifying and reporting suspicious transactions.
12.5 Ongoing Evaluation and Updates
The training program is regularly reviewed to incorporate lessons learned, regulatory changes, and emerging threats. Updates are made as needed to ensure that all employees remain informed and prepared to address evolving AML challenges. - 13. Program to Test AML Program
-
13.1 Periodic Testing Overview
To ensure the effectiveness of the Company’s Anti-Money Laundering (AML) program, regular testing is conducted. This process evaluates the adherence of the Company’s practices to AML regulations and internal policies, identifying areas for improvement.
Testing is performed at least annually or at a frequency determined by the Compliance Officer (CO) based on the Company’s size, risk exposure, and operational changes. The process involves a thorough review of all AML-related components to ensure ongoing compliance with the USA PATRIOT Act, the Bank Secrecy Act (BSA), and related laws.
13.2 Testing Methodology
The AML program testing follows a structured approach to ensure comprehensive evaluation. Key steps include:
Documentation Review:
The testing team examines all AML-related documentation, including policies, procedures, training records, and SAR filings, to verify compliance with regulatory requirements.
Transaction Analysis:
Customer transaction data is analyzed to identify patterns of potential money laundering, assess the adequacy of monitoring tools, and ensure suspicious activities are flagged appropriately.
System and Process Validation:
Automated and manual systems used for transaction monitoring, sanctions screening, and customer due diligence (CDD) are evaluated for accuracy, efficiency, and alignment with risk-based AML practices.
Employee Knowledge Assessment:
Employee understanding of AML procedures, their roles in compliance, and their ability to identify and report suspicious activities are assessed.
13.3 Roles and Responsibilities
· Internal Audit Team:
Primarily responsible for conducting the testing. Members are selected based on their expertise in compliance, legal standards, and operational processes.
· Compliance Officer (CO):
Oversees the testing process and ensures cooperation between departments. The CO also addresses gaps identified during testing and implements necessary improvements.
· Senior Management:
Receives detailed reports of testing findings and recommendations. Their role is to approve and oversee the execution of corrective actions.
13.4 Reporting and Follow-Up
Upon completing the testing process, the internal audit team provides a comprehensive report to senior management. The report includes:
a. Summary of findings and identified deficiencies.
b. Recommendations for addressing gaps or inefficiencies.
c. Updates on corrective measures implemented from previous assessments.
Senior management ensures timely resolution of all recommendations, with progress monitored by the Compliance Officer. Significant findings may also be shared with regulatory bodies, if applicable.
13.5 Continuous Improvement
The testing program is an integral part of the Company’s commitment to maintaining a robust and effective AML framework. By regularly evaluating and refining its practices, the Company ensures compliance with evolving regulatory requirements and mitigates emerging risks. - 14. Confidential Reporting of AML Non-Compliance
-
14.1 Reporting Mechanism
The Company encourages employees to report any violations or concerns related to its AML compliance program promptly. To facilitate this, a confidential reporting system has been established, ensuring employees feel secure when raising issues.
· Primary Contact:
Employees should report suspected violations directly to the Compliance Officer (CO).
· Alternative Contact:
If the violation implicates the CO, employees should escalate the matter to the Company’s General Counsel or another senior management member as deemed appropriate.
14.2 Protection for Whistleblowers
The Company strictly prohibits any form of retaliation against employees who report potential AML violations in good faith. To safeguard whistleblowers:
· All reports are handled with confidentiality, ensuring the identity of the reporting employee is protected.
· Employees are assured of immunity from adverse actions, such as demotions, dismissals, or discrimination, as a result of their reports.
14.3 Investigation Process
Initial Review:
Upon receiving a report, the CO or the designated senior management member will conduct a preliminary review to determine the validity and severity of the claim.
Detailed Investigation:
If the report warrants further action, the matter is escalated for a comprehensive investigation. This process may involve:
· Gathering relevant documentation.
· Conducting interviews with involved parties.
· Consulting legal or compliance experts if necessary.
Resolution and Action:
Based on the findings, appropriate corrective actions will be taken, which may include:
· Updating policies or procedures.
· Providing additional training to employees.
· Reporting the violation to external authorities if required.
14.4 Documentation and Record Keeping
The Company maintains detailed records of all reported violations, investigations conducted, and actions taken. These records are stored securely and reviewed periodically to ensure continuous improvement in the AML compliance program.
14.5 Encouraging a Culture of Compliance
By providing a secure and confidential reporting mechanism, the Company reinforces its commitment to fostering a culture of compliance. Employees are encouraged to play an active role in maintaining the integrity of the AML program by reporting issues without fear of retribution. - 15. Policy Framework
-
15.1 Responsibility for Policy Oversight
The responsibility for ensuring the effective application of this policy across the Company lies with the Chief Executive Officer (CEO). The CEO is tasked with promoting a culture of compliance and ensuring that the necessary resources and support are provided for the implementation and maintenance of the Anti-Money Laundering (AML) program.
15.2 Updating the Policy
To remain aligned with regulatory requirements and industry best practices, the Company’s AML policy will be periodically reviewed and updated. Changes may be initiated for several reasons:
· Regulatory Changes:
Updates to reflect amendments to existing laws or the introduction of new regulations impacting AML compliance.
· Industry Best Practices:
Adjustments to incorporate advancements in AML methodologies and technological tools.
· Operational Enhancements:
Revisions to account for new controls, processes, or functionalities adopted by the Company.
· Annual and Periodic Reviews:
Scheduled reviews are conducted to ensure the policy remains relevant and comprehensive, even in the absence of regulatory or operational changes.
15.3 Approval Process
Any proposed updates to this policy must be approved by:
· The Company’s General Counsel, who ensures legal compliance.
· The Legal Director, who oversees the policy’s integration into operational practices.
· The AML Analyst, who verifies that updates align with risk assessments and compliance needs.
15.4 Implementation of Updates
Once approved, policy updates are disseminated across the organization through:
· Employee Communication:
Notifications to all employees, directors, and contractors outlining the changes and their implications.
· Training Programs:
Revision of training materials to include updated policy elements, ensuring all employees understand their roles in maintaining compliance.
· Systems and Processes:
Integration of policy changes into existing systems, tools, and workflows.
15.5 Monitoring Policy Application
The CO, along with the Compliance team, regularly monitors the policy’s application to ensure consistent adherence across departments. Discrepancies or challenges identified during this process are addressed through targeted interventions, such as additional training or process refinements.