KYC and AML Policy

WK888 maintains a risk‑based Know Your Customer (KYC) and Anti‑Money Laundering (AML) program to prevent money laundering, the financing of terrorism, and other financial crimes. The policy governs customer onboarding, ongoing monitoring, and all transactions conducted through WK888 platforms, in accordance with applicable licensing and regulatory requirements.

1. Scope and Objective

The objectives are to verify identity, assess and monitor risk, detect and report suspicious activity, and maintain adequate records to support regulatory investigations and audits. This policy applies to all WK888 customers, employees, agents, and trusted third‑party service providers involved in customer onboarding, payment processing, gaming operations, or data handling related to AML compliance.

2. Definitions

  • KYC: Know Your Customer obligations to establish and verify customer identity and assess risk.
  • CDD: Customer Due Diligence, the standard verification and screening procedures applied to low‑to‑moderate risk customers.
  • EDD: Enhanced Due Diligence, heightened verification and monitoring applied to high‑risk customers or transactions.
  • PEP: Politically Exposed Person or similarly high‑risk associates requiring enhanced scrutiny.
  • MLRO: Money Laundering Reporting Officer, the designated officer responsible for AML governance and reporting.
  • DPO: Data Protection Officer, responsible for data protection and privacy compliance related to AML processing.
  • SAR: Suspicious Activity Report, a report to law enforcement or regulatory authorities when suspicious activity is identified.
  • CTF: Countering Terrorism Financing.
  • SOF: Source of Funds, documentation demonstrating the origin of funds used in transactions.

3. Customer Due Diligence and Identity Verification

Onboarded customers must undergo identity verification before real‑money play or withdrawals are enabled. WK888 shall collect and verify core identifying data, including but not limited to full legal name, date of birth, current address, contact details, and government‑issued identification.

  • Documentation: Acceptable forms include government‑issued photo ID (passport, national ID, or driving license) and proof of address (recent utility bill, bank statement, or official correspondence).
  • Verification: Verification may be conducted through automated identity‑checking services and cross‑checks against reliable data sources. If automatic verification is not possible, manual review will be performed.
  • Age and eligibility: Verification confirms the applicant is not under the minimum age for gaming and that the account is opened by a legitimate real‑money participant.
  • Account activation: Real‑money features, including deposits and withdrawals, require completed verification. In certain cases, additional documentation or in‑person verification may be requested.

4. Enhanced Due Diligence (EDD) and Source of Funds

EDD applies where the customer presents elevated AML risk, including but not limited to PEP status, complex ownership structures, high‑risk jurisdictions, large or unusual transaction patterns, or rapid growth in activity without clear commercial purpose.

  • SOF/SOW documentation: Where required, customers must provide evidence of funds origin and wealth, such as bank statements, employer letters, tax records, or other credible sources consistent with the customer’s profile.
  • Ongoing verification: For high‑risk categories, WK888 will implement ongoing monitoring, periodic re‑verification, and review of account activity at defined intervals or when triggering events occur.
  • Documentation retention: All EDDis documentation must be retained and reviewed at least annually or as regulatory requirements dictate.

5. Ongoing Monitoring and Risk Assessment

WK888 operates a risk‑based approach to ongoing monitoring. Customer risk profiles are assigned at onboarding and updated as activity changes. Automated surveillance analyzes deposits, withdrawals, bets, and turnover relative to the customer’s profile, with manual review by the MLRO or designated compliance staff for flagged patterns.

  • Risk scoring: Profiles incorporate factors such as geography, identity verification status, device and IP data, transaction patterns, and marketing preferences.
  • Trigger events: Large or rapid transactions, unusual betting activity, or inconsistency between declared source of funds and activity trigger enhanced review.
  • Ongoing checks: Sanctions lists, adverse media, and PEP databases are refreshed at defined intervals and when material changes occur.

6. Suspicious Activity Reporting and Escalation

Any WK888 employee who knows, suspects, or has reasonable grounds to suspect that a customer is engaged in money laundering, terrorist financing, or related wrongdoing must report the information to the MLRO promptly. SARs are confidential; disclosure to the customer or other parties that could prejudice an investigation is prohibited.

  • Escalation: Suspicions are escalated through established internal channels to the MLRO, who may coordinate with external regulators or law enforcement as required by law.
  • Documentation: All suspicion indicators, supporting data, and actions taken are recorded in the customer file and AML case logs.

7. High Risk Jurisdictions and PEPs

Customers from high‑risk jurisdictions or those identified as PEPs are subject to Enhanced Due Diligence. WK888 maintains a current list of high‑risk regions and PEP indicators, applying proportionate monitoring, and restricting or delaying certain transactions when justified by risk assessment.

  • Prohibited or restricted activity: In certain cases, WK888 may refuse service or require additional information before approval of transactions.
  • Review cadence: High‑risk classifications are reviewed regularly and updated in response to regulatory guidance.

8. Transaction Controls and Funds Handling

WK888 conducts controls to ensure funds originate from legitimate sources and are used for authorized gaming activities. Before approving withdrawals, the following steps are performed where applicable:

  • Deposit history is reviewed to confirm consistency with the customer’s profile and expected activity.
  • Turnover checks verify that wagering activity aligns with declared purposes and is not a vehicle for fund movement.
  • Funds are returned to the original payment method when feasible and legally permissible; otherwise, funds are transferred in accordance with applicable regulations and internal policy.

9. Data Retention and Records

WK888 retains all AML and KYC records for a minimum period of five years from the date of the last transaction or account closure, whichever is later, to support regulatory inquiries and potential investigations. Records include identity verification documentation, risk assessments, transaction histories, SARs, internal AML communications, and training records.

10. Roles and Responsibilities

The following roles govern the AML program:

  • Senior Management: Provide overall governance, allocate resources, and approve material AML policies.
  • MLRO: Receives disclosures, reviews SARs, coordinates reporting to regulators, and ensures independent operation of AML activities.
  • Compliance Officer/DPO: Oversees data protection in AML processing and ensures alignment with privacy requirements.
  • Operational staff: Conduct CDD/EDD, monitor transactions, and escalate findings as required.

11. Training and Awareness

All applicable staff receive AML training at onboarding and at least annually thereafter, addressing CDD/EDD, SAR filing, escalation procedures, and privacy considerations. Training records are maintained and reviewed by the MLRO.

12. Sanctions Screening and Customer Screening

WK888 screens customers and counterparties against applicable sanctions, watchlists, and high‑risk indicators. If a match or elevated risk is identified, the customer relationship may be restricted, suspended, or terminated, and matters may be reported to the relevant authorities in accordance with law.

13. Privacy, Data Protection, and Cross‑Border Processing

AML processing requires the collection and sharing of personal data as described in WK888’s data protection policies. The Data Protection Officer oversees AML data handling, with access restricted to authorized personnel. Personal data may be shared with regulators, payment processors, and other service providers in support of AML obligations, subject to appropriate safeguards and legal bases. Individuals retain rights to access, rectify, or erase personal data where permitted by law, and to object to processing in specified circumstances. Cross‑border transfers will be conducted in accordance with applicable data protection law and safeguards.

14. Governance, Auditing, and Compliance Oversight

WK888 maintains a Compliance and Risk Committee responsible for oversight of the AML program. The committee includes the MLRO, the Compliance Officer, and independent members and meets at least quarterly to review risk assessments, policy effectiveness, and regulatory changes.

15. Policy Review and Updates

This policy is reviewed at least annually or whenever regulatory guidance requires revision. Material changes are approved by Senior Management and communicated to relevant staff. The MLRO and DPO coordinate updates to reflect operational and legal developments.

16. Contact Points

For questions about this policy or requests for data rights under applicable law, customers may contact the Data Protection Officer or the MLRO through the official channels disclosed in WK888’s privacy and compliance documentation.