Anti-Money Laundering and Combating Financing of Terrorism Policy

“PAYPLAYSOFT LIMITED / GAMUSOFT LP AML-CFT POLICY”

Last updated on 10.11.2024

1. Introduction

PAYPLAYSOFT LIMITED - PAYPLAYSOFT LIMITED, a company duly registered and existing under the laws of the Republic of Cyprus, with registration number HE 454356, registered office at Boumpoulinas, 1-3, BOUBOULINA BUILDING, Flat/Office 42, 1060, Nicosia, Cyprus; and GAMUSOFT LP - GAMUSOFT LP, a company duly registered and existing under the laws of the United Kingdom, with registration number LP23754, registered office at 50 Princes Street, Ipswich, Suffolk, IP1 1RJ, England, ZIP 3542. Hereinafter each may be referred to as the “Company” and together as the “Companies”. The Companies place great emphasis on integrity and good governance and are committed to the highest standards of anti-money laundering (“AML”) and combating the financing of terrorism (“CFT”) and, together with AML, “AML-CFT”, in line with the principles and standards of applicable legislation, best banking practices and applicable market standards including, where relevant, other international financial institutions’ standards.

This “Anti-Money Laundering and Combating Financing of Terrorism Policy” (“The AML-CFT Policy”) establishes the key principles regulating AML-CFT and related integrity aspects in the Companies’ activities and is complemented by detailed operational procedures implemented by the Companies for their respective daily operations.

Adherence to the AML-CFT Policy and its implementing procedures is the shared responsibility of all staff and members of governing bodies of the Companies.

Unless the context requires otherwise, references in this AML-CFT Policy to the Company, the Companies, We, Us or Our shall mean PAYPLAYSOFT LIMITED and/or GAMUSOFT LP, depending on the relevant service, payment flow, transaction, counterparty, region or operation.

2. Scope

2.1. Objectives

This AML-CFT Policy and its implementing procedures are intended to establish principles designed to prevent the Companies, their governing bodies, staff and counterparties from being used for, or connected with, Money Laundering, Financing of Terrorism or other criminal activities.

Adherence to the AML-CFT Policy also aims at preventing the Companies from being exposed to reputational damage and financial loss in relation to non-compliance with applicable AML-CFT standards. The Companies’ goals require compliance with applicable AML-CFT legislation, including Directive (EU) 2015/849 where applicable, applicable laws and regulations of the Republic of Cyprus in respect of PAYPLAYSOFT LIMITED, and applicable laws and regulations of the United Kingdom in respect of GAMUSOFT LP.

2.2. Applicability

This AML-CFT Policy is applicable to the operations and activities of PAYPLAYSOFT LIMITED and GAMUSOFT LP, as detailed in the applicable implementing procedures from time to time in force.

2.3. Definition of “Money Laundering”

“Money Laundering” is the conversion or transfer of property, knowing that such property is derived from criminal activity or from an act of participation in such activity, for the purpose of concealing or disguising the illicit origin of the property or of assisting any person who is involved in the commission of such an activity to evade the legal consequences of that person’s action;

the concealment or disguise of the true nature, source, location, disposition, movement, rights with respect to, or ownership of, property, knowing that such property is derived from criminal activity or from an act of participation in such an activity;

the acquisition, possession or use of property, knowing, at the time of receipt, that such property was derived from criminal activity or from an act of participation in such an activity;

participation in, association to commit, attempts to commit and aiding, abetting, facilitating and counselling the commission of any of the actions referred to in foregoing points, as defined in Directive (EU) 2015/849, as amended and supplemented from time to time.

2.4. Definition of “Financing of Terrorism”

“Financing of Terrorism” is the provision or collection of funds, by any means, directly or indirectly, with the intention that they be used or in the knowledge that they are to be used, in full or in part, to commit, or to contribute to the commission of, any of the offences referred to in Articles 3 to 10 of Directive (EU) 2017/541 of 15 March 2017 on combating terrorism.

Where the Financing of Terrorism concerns any of the offences laid down in Articles 3, 4 and 9 of Directive (EU) 2017/541, it shall not be necessary that the funds be in fact used, in full or in part, to commit, or to contribute to the commission of, any of those offences, nor shall it be required that the offender knows for which specific offence or offences the funds are to be used.

3. Counterparty Due Diligence – Risk-Based Approach

The Companies apply the following counterparty due diligence measures, as determined on a risk-sensitive basis taking into account, where relevant, the type of counterparty, business relationship, product or transaction and country of operation, in accordance with applicable AML-CFT requirements, including EU, Cyprus and United Kingdom requirements where applicable.

3.1. Identification and Verification of Identity of Counterparty

The relevant Company identifies and verifies the identity of the counterparties with which it enters into business relationships on the basis of documents, data or information obtained from reliable independent sources.

3.2. Identification and Verification of Identity of Beneficial Owner(s)

Whenever the relevant Company is required to identify a counterparty, it identifies and takes reasonable measures to verify the identity of the beneficial owner(s), i.e. the individual(s):

Who ultimately own(s) or control(s) the counterparty or its assets;

Or on whose behalf the transaction is carried out or the business relationship with the relevant Company is established.

3.3. Establishment of Purpose of Business Relationship

The relevant Company takes reasonable measures to duly assess the purpose, intended nature, economic rationale and overall AML-CFT and related integrity aspects of the business relationship in order to avoid being involved in business relationships structured for the purposes of criminal activities or co-financed through funds of possibly illicit origin.

3.4. On-going Monitoring

On-going monitoring, including monitoring of transactions, is implemented on a risk-sensitive basis to detect possible Money Laundering, Financing of Terrorism or related integrity risks arising throughout the life of the business relationship.

4. Reporting Obligations

Any employee or member of the governing bodies of the Companies is required to report any suspected incidents of illegal behaviour in the activities of the Companies’ counterparties, serious misconduct or serious infringement of the rules, policies or guidelines, or any action which is, or could be, harmful to the mission or reputation of the Companies, immediately after becoming aware of the matter.

Suspicious activity may include situations when the counterparty:
a) shows unusual attention regarding the Companies’ AML-CFT Policy, or refuses to submit any information related to its business activities, or provides incorrect information;
b) submits misleading information;
c) has a dubious reputation;
d) has difficulty in explaining the detailed explanation of its business, financial and economic activities;
e) asks to provide preferences in relation to other clients concerning the implementation of the AML-CFT Policy.

Suspicions that funds, regardless of the amount involved, are the proceeds of criminal activities or related to Money Laundering or Financing of Terrorism in the activities of the Companies must be reported for assessment and investigation, as appropriate, to the Compliance Officer.

The Companies must ensure confidentiality for members of staff and governing bodies who make bona fide reports of suspicions of Money Laundering or Financing of Terrorism and that such members of staff and governing bodies will enjoy the assistance and protection of the relevant Company against any acts of retaliation.

5. Roles and Responsibilities of the Companies’ Governing Bodies and Staff

The Companies have designated the Compliance Officer as the Anti-Money Laundering Program Compliance Person / AML Compliance Person, with full responsibility for this AML/CFT Policy.

The Compliance Officer has a working knowledge of compliance requirements and its implementing regulations and is qualified by experience, knowledge and training. The duties of the AML Compliance Person will include monitoring the firm’s compliance with AML obligations, overseeing communication and training for employees.

The AML Compliance Person will also ensure that the firm keeps and maintains all of the required AML records. The AML Compliance Person is vested with full responsibility and authority to enforce this Policy. Informing the counterparty(ies), or other third parties, that a suspicious transaction is being, will be or has been reported or investigated is prohibited (“no-tipping off”).

All members of staff and governing bodies of the Companies are under an obligation to implement the principles established in this AML-CFT Policy in accordance with the operational terms established in the implementing procedures.

Staff of the Companies with counterparty-facing transaction execution/monitoring responsibilities are the first-line of defence and first-line detectors for:
i) identifying suspicions of criminal activities in relation to counterparties, operations or transactions; and
ii) reporting them immediately in accordance with Article 4.

6. Record Retention

Records must be kept of all transaction data and data obtained for the purposes of identification, as well as of all documents related to AML-CFT, in accordance with applicable EU, Cyprus and United Kingdom legal requirements, as applicable.

7. Data Protection

Personal data submitted to the Companies under the AML-CFT Policy and its implementing procedures are processed under the supervision of the Compliance Officer for the sole purpose of AML-CFT, in accordance with Regulation (EU) 2016/679 (“General Data Protection Regulation” / “GDPR”), applicable Cyprus data protection laws and applicable United Kingdom data protection laws, as applicable.

The processing of personal data for the purposes of AML-CFT is considered to be necessary for compliance with legal obligations and/or for the performance of a task carried out in the public interest, where applicable under the General Data Protection Regulation.

Data subjects are entitled to access, rectify and, for duly justified reasons, block and erase these data (“Rights of the Data Subject”), and may exercise their rights by contacting the Companies by contact form at the website csgofastx.com, or by email support@csgofast.com.

Data subjects also have the right of recourse to the competent data protection authority in the applicable jurisdiction at any time.

8. Training

Adequate AML-CFT training, including on the processing of personal data, is provided as appropriate to the Companies’ governing bodies and staff.

Such AML-CFT training is provided to all staff, and, in addition, specific training, as available from time to time, may be provided to staff responsible for carrying out transactions received or initiated by the Companies and/or for initiating and/or establishing business relationships.

9. Review

The Companies keep this AML-CFT Policy under review in cooperation with the relevant internal services and propose for approval by the relevant management body any appropriate updating in line with Cyprus, United Kingdom, EU and international legal and regulatory developments and best banking practices or applicable market standards including, where relevant, other international financial institutions’ standards.

Annex 1

Data Protection Statement for The Company AML-CFT Requirements under the PAYPLAYSOFT LIMITED / GAMUSOFT LP AML-CFT Policy

Dated: 10.11.2024

All terms defined in this statement have the same meaning as terms defined in the PAYPLAYSOFT LIMITED / GAMUSOFT LP AML-CFT Policy.

Personal data submitted to the Companies under the PAYPLAYSOFT LIMITED / GAMUSOFT LP AML-CFT Policy and its implementing procedures are processed under the supervision of the Compliance Officer in accordance with Regulation (EU) 2016/679 (“General Data Protection Regulation” / “GDPR”), applicable Cyprus data protection laws and applicable United Kingdom data protection laws, as applicable.

The data categories which may be collected by the Companies in this context are mainly limited to identification data, sources of funds, data related to criminal activities and/or other miscellaneous business information, and will be collected exclusively for AML-CFT purposes.

The processing of personal data for the purpose of AML-CFT is considered to be a matter of public interest and, as such, the processing is lawful for the purposes of the General Data Protection Regulation.

Data subjects include persons who directly or indirectly own counterparties, or potential counterparties, of the Companies, as well as persons entrusted with control and management of such legal entities, including beneficial owners, shareholders, chairpersons, chief executive officers, boards of directors, management committees, supervisory boards, local authority councils or equivalent, or any natural persons-counterparties.

Personal data are collected from the data subject directly or via other publicly available sources (“Open Sources”) such as newspapers, specialised databases operated by the private sector, specialised external service providers or websites, and all reasonable steps are taken to keep such data accurate and up to date.

When data are requested for the purposes of AML-CFT, supply by the data subject is mandatory. Failure to provide the requested data may cause the data subject, and if applicable the counterparty linked to such data subject, to delay the operational processes of the Companies or, as the case may be, to become ineligible to enter into a business relationship with the relevant Company.

In accordance with applicable EU AML-CFT legislation, controls on data subjects include controls relating to due diligence requirements for counterparties, including identity of the beneficial owner(s), ownership and control structure and purpose of the business relationship, as well as the assessment relating to the Risk Based Approach, including, when applicable, qualification of the data subject as a politically exposed person or possible administrative and criminal records or proceedings in connection with criminal activities.

Such data subjects are entitled to access, rectify and, for duly justified reasons, block and erase these data (“Rights of the Data Subject”), and may exercise their rights by contacting the Companies by email support@csgofast.com.

Restrictions to such Rights of the Data Subject may be imposed in accordance with the provisions of the General Data Protection Regulation and applicable law, particularly for the prevention, investigation, detection or prosecution of criminal offences. Such restrictions, if applicable, are dealt with by the Compliance Officer on a case-by-case basis and will only be applicable for as long as necessary.

The data subject, to the extent possible under the General Data Protection Regulation, will be informed of the reason why his/her rights are restricted.

Where applicable, the recipients of the data so collected are limited to members of the Companies’ governing bodies, internal services, EU institutions and bodies, as well as, on the basis of a case-by-case analysis, competent national authorities.

AML Policy was last updated on 10.11.2024.