Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) Policy
Version 1.3
1.1. Kirgo is operated by Raining Games LLC (Reg. No. 4069), registered at Suite 35, Griffith Corporate Centre, Beachmont, Kingstown, St. Vincent and the Grenadines, and is licensed and regulated by the Government of the Autonomous Island of Anjouan, Union of Comoros, under License No. ALSI-202409050-F12.
1.2. This Policy sets out our framework to detect, deter, and report money laundering, terrorist financing, and sanctions evasion in a crypto-only environment.
2.1. We adhere to applicable AML/CFT laws and regulations of Anjouan (including the 2016 AML/CFT Regulations, as applicable) and to relevant FATF recommendations.
2.2. We follow guidance/instructions from the Gaming Board of Anjouan and other competent Anjouan AML/CFT authorities.
2.3. We apply a Risk-Based Approach (RBA) across onboarding, activity monitoring, investigations, and offboarding.
2.4. We appoint a Chief Compliance Officer (CCO) and a Money Laundering Reporting Officer (MLRO) responsible for implementation, oversight, and liaison with authorities. Independent reviews periodically test program effectiveness.
3.1 Money Laundering. The process of making illicit proceeds appear legitimate through placement, layering, and integration.
3.2 Suspicious Activity. Transactions/behaviour inconsistent with a customer’s profile or lacking a legitimate purpose, indicating potential ML/TF or sanctions evasion.
3.3 Sanctions. Measures imposed by competent authorities (e.g., UN, OFAC, EU, HMT) restricting dealings with designated persons, entities, or countries.
4.1 Policies, Procedures, Controls. We maintain documented AML/CFT policies, procedures, and internal controls proportionate to risk.
4.2 Training. Mandatory AML/CFT and sanctions training at onboarding and at least annually, tailored to roles and evolving typologies.
4.3 Independent Review. Periodic independent testing evaluates design and operating effectiveness; remediation is tracked to closure.
5.1 Data Collected. Wallet address(es), email, full name, date of birth, country, residential address and postal code, and other identifiers as needed to form a well-informed belief of identity.
5.2 Verification Methods. Documentary and non-documentary checks via reputable third-party providers; age and geography verification; sanctions/PEP/adverse-media screening; wallet-risk assessment (on-chain analysis).
5.3 No Corporate Accounts. Registration is limited to natural persons; corporate/non-natural persons are not permitted.
5.4 Records. KYC/CIP records are retained for at least five (5) years or longer if required by law.
6.1 Geo-Controls. We enforce IP geo-blocking, device/network checks, and evasion-detection (e.g., VPN/proxy/time-zone inconsistencies).
6.2 Prohibited Jurisdictions. Access is denied where prohibited in Kirgo Terms (including Australia, Austria, France and its territories, Germany, Netherlands and its territories, Spain, the Union of the Comoros, the UK, the USA and its territories, all FATF-blacklisted countries, and any other jurisdictions prohibited by the Anjouan authority).
6.3 Sanctions Screening. Customers, transactions, and wallets are screened against relevant sanctions lists. Potential/positive matches are blocked and escalated.
7.1 Initial Rating. New customers are rated Low risk by default, subject to change based on behaviour and findings.
7.2 Risk Factors. PEP status, sanctions/adverse media, high-risk geographies, product/channel risk, transactional patterns (velocity, structuring), device/IP anomalies, wallet provenance.
7.3 Re-Assessment Triggers. Material changes, unusual activity, alert escalations, SAR/STR considerations.
8.1 When Required. Medium/High-risk cases (e.g., PEPs, high-risk geographies, adverse media, complex on-chain flows, large/rapid movements).
8.2 Measures. Management approval, expanded verification, repeated sanctions/PEP checks, Source of Funds/Source of Wealth evidence, detailed wallet provenance, heightened monitoring.
8.3 Outcomes. Maintain with controls, restrict, or terminate; High-risk customers may be declined. Decisions and rationale are recorded.
9.1 Controls. Automated and manual monitoring detect unusual/suspicious behaviour (e.g., layering-like flows, bonus abuse, chip-dumping/collusion, evasion, device/network anomalies, on-chain exposure to illicit sources/mixers/marketplaces/ransomware).
9.2 Actions. Delay/block/refuse transactions, freeze balances, suspend or close accounts, and file reports as required.
9.3 SAR/STR. Where suspicion arises (or cannot be reasonably dismissed), the MLRO files suspicious activity reports with the competent AML/CFT authorities of Anjouan (which may include the Gaming Board of Anjouan), observing confidentiality and anti-tipping-off rules.
Kirgo may block, suspend, or close accounts where customers:
- Fail to provide requested identification/verification information;
- Submit fraudulent or altered documents;
- Attempt to misrepresent location or evade controls;
- Are from prohibited/sanctioned jurisdictions or appear on sanctions/watch lists;
- Present unacceptable AML/CTF risk based on wallet provenance/behaviour;
- Are self-excluded or identified through responsible-gaming processes as requiring blocking from gambling.
11.1. Real-time and ongoing monitoring via automated rules, risk scores, and analyst review.
11.2. Historic-pattern analysis informs model tuning and scenario thresholds; alerts are triaged, investigated, and dispositioned with auditable records.
11.3. Controls are periodically recalibrated to address emerging typologies and regulatory guidance.
12.1. Kirgo engages reputable identity, screening, and blockchain-analytics vendors, assessed initially and periodically. Underperformance triggers remediation or replacement.
12.2. We may pilot non-documentary and blockchain-native compliance tools (e.g., on-chain risk scoring) subject to risk assessment and privacy safeguards.
13.1 Records. CDD/EDD files, screening results, alerts, investigations, SAR/STR submissions, and training logs are retained for at least five (5) years or longer where law requires.
13.2 Confidentiality. AML/CFT information is confidential and disclosed only to competent authorities or as required by law. Tipping-off is prohibited.
13.3 Data Use. KYC/monitoring data are used solely for AML/CFT, sanctions, and fraud-prevention purposes with least-privilege access controls.
14.1. We review this Policy and the AML/CFT program periodically and upon material regulatory or risk changes.
14.2. Findings from audits, testing, and supervisory feedback drive targeted enhancements with accountable owners and timelines.