Anti-Money Laundering (AML) Policy

SquiBet is firmly committed to the prevention of money laundering, terrorist financing, and all forms of financial crime. This Anti-Money Laundering (AML) Policy sets forth the principles, procedures, and controls that SquiBet employs to detect, prevent, and report activities that may involve the proceeds of crime or the financing of terrorism.

As a cryptocurrency-based sports betting and casino platform, SquiBet recognizes the unique risks associated with digital asset transactions and has implemented enhanced measures specifically designed to address these risks. Our commitment extends beyond mere regulatory compliance — we strive to foster a safe, transparent, and responsible gaming environment for all users.

This policy applies to all employees, contractors, officers, directors, and agents of SquiBet, as well as all users of the platform. Failure to comply with this policy may result in disciplinary action, account termination, and referral to law enforcement authorities.

SquiBet operates in accordance with applicable anti-money laundering legislation and regulatory guidance, including but not limited to:

• The Financial Action Task Force (FATF) Recommendations, including the updated guidance on virtual assets and virtual asset service providers (VASPs)
• The EU Anti-Money Laundering Directives (AMLD5 / AMLD6) and the Markets in Crypto-Assets Regulation (MiCA)
• The United States Bank Secrecy Act (BSA) and its implementing regulations, as applicable
• The United Kingdom Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 (as amended)
• Jurisdiction-specific gambling and financial regulations applicable to our licensed operations
• The Travel Rule requirements for virtual asset transfers as recommended by FATF Recommendation 16

SquiBet continuously monitors legislative and regulatory developments to ensure that its AML program remains current and effective. Our compliance team actively engages with industry bodies and regulatory authorities to stay informed of emerging best practices.

SquiBet adopts a risk-based approach (RBA) to AML compliance, allocating resources proportionally to the level of risk identified. Our risk assessment methodology considers the following factors:

Risk Assessment Methodology

• Customer Risk: Geography, transaction behavior, source of funds, PEP status, adverse media, and industry/occupation
• Product Risk: Anonymity features of specific cryptocurrencies, privacy coins, cross-chain bridges, and decentralized exchange usage
• Geographic Risk: Jurisdictions identified as high-risk by FATF, jurisdictions under sanctions, and countries with weak AML regimes
• Channel Risk: Non-face-to-face onboarding, VPN and proxy usage, Tor network access, and anonymized connections

Customer Risk Categories

• Low Risk: Users from low-risk jurisdictions with verified identity, consistent transaction patterns, and no adverse indicators
• Medium Risk: Users with moderate transaction volumes, limited verification, or from medium-risk jurisdictions
• High Risk: PEPs, users from high-risk jurisdictions, customers with large or unusual transaction patterns, or those with adverse media findings

SquiBet implements a tiered Know Your Customer (KYC) verification system designed to balance user experience with regulatory compliance. All users must complete identity verification proportional to their activity level on the platform.

SquiBet screens all customers against international PEP databases during onboarding and on an ongoing basis. PEPs include:

• Domestic and Foreign PEPs: Heads of state, senior government officials, senior executives of state-owned enterprises, senior political party officials, senior military officials, and senior judicial officials
• International Organization PEPs: Senior management of international organizations such as the UN, IMF, World Bank, and similar bodies
• Family Members and Close Associates: Immediate family members, known close associates, and persons who are known beneficiaries of PEPs

Where a customer is identified as a PEP, Enhanced Due Diligence measures are automatically applied. This includes senior management approval, enhanced source of funds and wealth verification, and ongoing enhanced monitoring. PEP status does not automatically preclude a customer from using the platform, but heightened scrutiny is maintained throughout the relationship.

Automated Monitoring Systems

SquiBet employs automated transaction monitoring systems that analyze all platform activity in real time. These systems utilize rule-based triggers, behavioral analytics, and machine learning models to identify potentially suspicious activity.

Monitoring Triggers

The following patterns and behaviors are flagged for review:

• Rapid Deposit/Withdrawal: Deposits followed by immediate or near-immediate withdrawal with minimal or no gaming activity (pass-through transactions)
• Structured Transactions: Multiple transactions just below reporting thresholds that appear designed to avoid triggering alerts (structuring or smurfing)
• High-Value Single Transactions: Individual deposits or withdrawals exceeding $10,000 equivalent, or cumulative daily transactions exceeding $25,000
• Inconsistent Patterns: Activity that is inconsistent with the customer's known profile, declared source of funds, or historical behavior
• Round-Trip Transactions: Funds deposited and withdrawn in the same cryptocurrency without meaningful platform engagement
• Multi-Account Patterns: Evidence of multiple accounts controlled by the same individual or coordinated group
• Unusual Betting Patterns: Opposite-side betting, guaranteed-loss strategies, or collusion patterns that suggest money laundering through wagering

Manual Review Process

Alerts generated by the automated monitoring system are escalated to the Compliance team for manual review. Analysts investigate flagged activity, gather additional context, and determine whether a Suspicious Activity Report (SAR) is warranted. All investigations are documented with a full audit trail, including the analyst's findings and decision rationale.

Given the nature of cryptocurrency transactions, SquiBet implements specialized controls to mitigate the risks inherent in digital asset operations:

Blockchain Analytics & Chain Analysis

SquiBet integrates with leading blockchain analytics providers to trace the origin and destination of cryptocurrency transactions. All incoming and outgoing transactions are analyzed for exposure to illicit activity, including darknet markets, ransomware, fraud, theft, and sanctioned entities.

Wallet Screening

All deposit and withdrawal wallet addresses are screened against sanctioned address databases maintained by OFAC, the EU, and other relevant authorities. Transactions involving sanctioned addresses are automatically blocked and escalated for investigation. SquiBet maintains an internal blocklist of addresses associated with known illicit activity.

Mixer & Tumbler Detection

Transactions originating from or destined for known cryptocurrency mixing or tumbling services are flagged for enhanced review. SquiBet reserves the right to refuse or delay transactions where the origin of funds has been deliberately obscured through mixing services, CoinJoin transactions, or similar obfuscation techniques.

Cross-Chain Monitoring

SquiBet monitors cross-chain bridge transactions and multi-chain activity patterns that may indicate attempts to obscure the source of funds through chain-hopping. Deposits received from recently bridged or swapped assets may be subject to additional holding periods and verification requirements.

Privacy Coin Restrictions

SquiBet may restrict or decline transactions involving privacy-focused cryptocurrencies (such as Monero, Zcash shielded transactions, or Dash PrivateSend) where adequate chain analysis is not possible. The list of restricted assets is reviewed periodically based on evolving analytical capabilities and regulatory guidance.

When suspicious activity is identified through monitoring or investigation, SquiBet files Suspicious Activity Reports (SARs) with the relevant Financial Intelligence Unit (FIU) or equivalent authority in accordance with applicable law.

• SARs are filed promptly when there is a reasonable basis to suspect that funds are derived from illegal activity, a transaction is designed to evade reporting requirements, or the transaction has no apparent lawful purpose
• The Compliance Officer is responsible for the decision to file a SAR and for ensuring the report is accurate and complete
• SquiBet does not inform the customer (tipping off) that a SAR has been or will be filed, in accordance with legal prohibitions
• Where necessary, accounts may be frozen or restricted pending investigation and resolution

Cooperation with Authorities

SquiBet cooperates fully with law enforcement agencies, regulatory bodies, and judicial authorities in the investigation and prosecution of financial crimes. We respond to lawful information requests, subpoenas, and court orders in a timely manner. Our Compliance team maintains working relationships with relevant regulatory bodies to facilitate efficient communication.

SquiBet maintains a comprehensive sanctions screening program to ensure compliance with international sanctions regimes:

• OFAC: U.S. Office of Foreign Assets Control — Specially Designated Nationals and Blocked Persons List (SDN List)
• EU Sanctions: European Union Consolidated Financial Sanctions List
• UN Sanctions: United Nations Security Council Consolidated List
• UK Sanctions: HM Treasury Office of Financial Sanctions Implementation (OFSI) Consolidated List
• Other Jurisdictions: Additional national sanctions lists as applicable to our operations

Real-Time Screening

All customers are screened at onboarding, at each KYC tier upgrade, and on an ongoing basis as sanctions lists are updated. Cryptocurrency wallet addresses are screened against OFAC's sanctioned digital currency addresses. Matches or potential matches result in immediate account restriction and escalation to the Compliance Officer for investigation and determination.

SquiBet maintains comprehensive records in accordance with regulatory requirements. All records are stored securely with appropriate access controls and encryption.

Retention Periods

• Customer Identification Records: Retained for a minimum of 5 years after the end of the business relationship or the date of the last transaction, whichever is later
• Transaction Records: All deposit, withdrawal, bet, and internal transfer records retained for a minimum of 5 years
• SAR and Investigation Records: Retained for a minimum of 7 years from the date of the report or investigation closure
• Communication Records: Customer correspondence related to AML inquiries retained for a minimum of 5 years

Digital Records & Audit Trail

All records are maintained in digital format with tamper-proof audit trails. Every action taken on a customer account — including identity verification decisions, risk assessments, transaction reviews, and SAR filings — is logged with timestamps, the responsible officer, and the rationale for the decision. Records are available for inspection by regulatory authorities upon lawful request.

SquiBet maintains a comprehensive AML training program to ensure that all personnel understand their obligations and can effectively identify and report suspicious activity.

AML Awareness Training

• All new employees receive mandatory AML training within 30 days of joining, covering the fundamentals of money laundering, terrorist financing, and SquiBet's AML policies and procedures
• Training includes real-world case studies, cryptocurrency- specific red flags, and platform-specific scenarios relevant to online gambling
• Employees must pass an assessment to demonstrate understanding before being granted access to customer data or compliance systems

Ongoing Training Program

• All staff receive annual refresher training on AML policies, regulatory updates, and emerging typologies
• Compliance team members receive specialized training on blockchain analytics tools, sanctions screening, and investigation techniques
• Ad-hoc training is provided when significant regulatory changes occur or new risk scenarios are identified

Compliance Culture

SquiBet fosters a culture of compliance at all levels of the organization. Compliance is embedded into performance evaluations, and all staff are encouraged to raise concerns and report suspicious observations without fear of retaliation.

SquiBet has appointed a designated Compliance Officer (also referred to as the Money Laundering Reporting Officer, or MLRO) with overall responsibility for the AML program.

Responsibilities

• Overseeing the implementation and effectiveness of the AML program
• Receiving and reviewing internal suspicious activity reports from staff
• Making the determination to file SARs with relevant authorities
• Ensuring customer due diligence procedures are properly implemented and maintained
• Managing relationships with regulatory authorities and law enforcement
• Overseeing the AML training program and ensuring adequate staff knowledge
• Conducting periodic risk assessments and updating the AML program accordingly
• Reporting to senior management and the Board on AML compliance matters

Reporting Line

The Compliance Officer reports directly to the Board of Directors and has unrestricted access to all customer records, transaction data, and system logs necessary to fulfill their duties. The Compliance Officer operates independently from business units to ensure objectivity and is empowered to escalate concerns to the Board without prior management approval.

Annual Review

SquiBet conducts a comprehensive review of its AML program at least annually. This review evaluates the effectiveness of existing policies, procedures, and controls, and identifies areas for improvement. The annual review considers changes in regulatory requirements, evolving risk landscapes, findings from internal and external audits, and emerging money laundering typologies specific to cryptocurrency and online gambling.

Independent Assessment

In addition to internal reviews, SquiBet engages qualified independent third parties to conduct periodic assessments of the AML program. These assessments evaluate the adequacy of policies and procedures, the effectiveness of transaction monitoring systems, the quality of SAR filings, staff training adequacy, and overall compliance with applicable laws and regulations. Findings from independent assessments are reported to the Board of Directors and addressed through a formal remediation plan with defined timelines.

Continuous Improvement

SquiBet is committed to continuously improving its AML program. Insights from audits, investigations, regulatory interactions, and industry best practices are incorporated into updated policies and enhanced controls on an ongoing basis.

SquiBet maintains a confidential whistleblowing channel that enables employees, contractors, and third parties to report concerns about potential money laundering, fraud, or non-compliance with this policy.

Anonymous Reporting

Reports can be made anonymously through a dedicated, confidential reporting channel. All reports are treated with the utmost confidentiality and investigated promptly by the Compliance Officer or their designated representative. Reports can be submitted via secure email or through the internal reporting system accessible to all staff.

Protection for Reporters

SquiBet strictly prohibits retaliation against any individual who reports concerns in good faith. Whistleblowers are protected from dismissal, demotion, harassment, or any other form of adverse treatment as a result of making a report. Any employee found to have retaliated against a whistleblower will be subject to disciplinary action, up to and including termination. SquiBet complies with all applicable whistleblower protection legislation.

For questions, concerns, or reports related to anti-money laundering compliance, please contact our Compliance team:

If you believe you have identified suspicious activity on the platform, please report it immediately. You do not need to prove that money laundering is occurring — a reasonable suspicion is sufficient for us to initiate an investigation.