Purpose and Scope

The Policy establishes Xparibet's minimum standards for preventing money laundering and the financing of terrorism, and for maintaining the integrity of its gaming operations. It applies to all employees, contractors and agents, and to all customer onboarding, ongoing activity and transaction processing across Xparibet platforms.

Regulatory Framework

Xparibet adheres to applicable anti-money laundering and countering the financing of terrorism obligations, including international standards and local supervisory requirements relevant to its jurisdiction of operation. The Policy is risk‑based and scalable to the complexity of products and the risk profile of each customer.

Governance and Compliance Oversight

The Chief Compliance Officer (CCO) oversees the implementation of this Policy, with a direct, independent reporting line to the Board. The CCO has authority to:

• coordinate and monitor AML/CFT controls;
• receive, investigate and report suspicious activity;
• escalate concerns to the Board and, where required by law, file suspicious activity reports with the financial intelligence authority;
• approve material updates to policies, risk assessments and controls.

Roles and Responsibilities

All employees, directors and officers must comply with this Policy and promptly report any suspicious activity or discrepancies to the CCO. Failure to comply may result in disciplinary action. Management will ensure access to training on AML/CFT obligations and maintain an awareness of evolving risk indicators.

Know‑Your‑Customer and Customer Due Diligence

Xparibet applies a risk‑based approach to verify identity and assess risk. Onboarding and ongoing checks include:

• Identity collection to establish a reasonable belief of identity, including name, date of birth, residential address, country of residence, contact details and, where applicable, crypto wallet address information; information is collected before enabling access to services.
• Age verification: applicants must be at least 18 years old; underage applicants are prohibited from opening an account.
• Geolocation and device checks: IP address and device information are used to confirm location and detect spoofing or manipulation.
• Geoblocking and sanctions screening: onboarding includes declarations that the customer is not located in Prohibited Jurisdictions or Sanctioned Jurisdictions; ongoing monitoring includes periodic screening of customers against sanctions and watch lists.
• Third‑party data verification: Xparibet may employ trusted data‑verification providers to corroborate customer information.
• Simplified Due Diligence (SDD): low‑risk customers may be subject to reduced due diligence, while still collecting essential identity data and maintaining ongoing monitoring.

Ongoing Monitoring and Transaction Monitoring

Xparibet maintains ongoing monitoring to detect ML/TF risk, sanctions breaches or other illicit activity. Monitoring is proportionate to risk and includes:

• Transaction monitoring for red flags, including abnormal size, velocity, or pattern of transactions; high‑risk transactions may be blocked or require additional information.
• Sanctions and prohibited jurisdictions: periodic re‑screening of customers and relevant wallet addresses; access to services may be restricted if concerns arise.
• Unusual activity and behavioral analytics: thresholds and anomaly detection are used to identify deviations from established customer profiles.
• Anti‑mixing measures: anonymity‑enhancing technologies or mixers are not allowed; detection may trigger restrictions or account closure.
• Review of crypto deposits and withdrawals: transactions are screened by a compliant analytics vendor; high‑risk addresses may be blocked from withdrawals.
• Withdrawal controls: accounts may have withdrawal limits or suspension pending enhanced due diligence for high‑risk profiles or large payouts.

Enhanced Due Diligence

When red flags are identified or a customer profile is deemed high risk, Xparibet conducts Enhanced Due Diligence (EDD). EDD measures may include:

• Obtaining full legal name, country of citizenship, and permanent residential address;
• Government‑issued identification documents (e.g., passport or national ID) and independent verification;
• Source of funds and source of wealth documentation, including financial references or bank statements;
• Additional verification of information and closer scrutiny of large or unusual transactions;
• Temporary activity restrictions until verification is complete.

Blocking, Suspension and Termination of Accounts

Xparibet may block or suspend accounts where there is: failure to provide requested identification; use of falsified documents; concealment of location; presence in Prohibited or Sanctioned Jurisdictions; involvement in activities raising AML/CFT concerns; or other conduct that undermines the integrity of the platform.

Reporting

Where required by law, Xparibet will submit suspicious activity reports or other mandated notifications to the appropriate financial intelligence authority. Reporting will be limited to what is legally necessary and consistent with customer privacy protections.

Record Keeping and Data Retention

All records related to customer identification, due diligence, transaction monitoring and internal investigations are retained for the period required by applicable law and regulatory guidance. Records are maintained securely and access is restricted to authorized personnel.

Training and Awareness

Xparibet provides ongoing AML/CFT training to all staff, including red flag identification, escalation procedures and reporting obligations. Training materials are updated to reflect regulatory changes and are documented for audit purposes.

Data Privacy and Security

All personal data collected under this Policy is processed in accordance with applicable data protection laws. Access to personal data is restricted to authorized personnel and protected through appropriate security controls, including encryption for data at rest and in transit where feasible.

Audit, Review and Continuous Improvement

The AML/CFT framework undergoes regular internal and external reviews. The Board or its designated committee approves necessary updates in response to regulatory changes, risk assessments or findings from audits. Changes are communicated to all relevant personnel and documented.

Third‑Party Service Providers and Vendor Management

Xparibet engages third‑party providers for identity verification, risk scoring, transaction screening and related AML/CFT activities. Third parties must meet equivalent AML/CFT standards and provide audit rights and data protection assurances. Oversight includes periodic performance reviews and risk‑based contract management.

Change Management

Any amendments to this Policy require Board approval and execution through formal change management processes, including updates to procedures, training and communications to staff and customers.