KYC & AML Policy

Effective Date: June 1, 2025
Jurisdiction: Autonomous Island of Anjouan, Union of the Comoros

This Know Your Customer (“KYC”) and Anti-Money Laundering (“AML”) Policy outlines the standards, procedures, and controls applied by IOGr B.V. (“Company”, “we”, “our”, or “us”) in connection with the operation of cardiokitleisure.co.uk, including all related subdomains, systems, and services (collectively, the “Website”).

This Policy is designed to ensure compliance with applicable regulatory requirements and to prevent the use of our services for money laundering, terrorist financing, fraud, or other illicit activities.

1. Scope and Application

This Policy applies to all business-to-business (B2B) clients and partners engaging with the Company, including but not limited to:

  • Gaming operators
  • White-label partners
  • Distributors and resellers
  • Platform and technology providers
  • Other corporate or institutional counterparties

The Company does not provide services directly to individual end users, and this Policy does not apply to consumer-level players.

2. Risk-Based Compliance Framework

The Company applies a risk-based approach to KYC and AML compliance. Each client relationship is assessed during onboarding and reviewed throughout the duration of the business relationship.

Risk assessments may take into account the following factors:

  • Jurisdiction of incorporation and operation
  • Ownership and control structure, including Ultimate Beneficial Owners (“UBOs”)
  • Nature of the business, products, and services offered
  • Target markets and distribution channels
  • Licensing status and regulatory history
  • Reputational considerations and adverse media
  • Transaction behavior, where relevant

Based on the assessment, clients are categorized as standard risk or elevated risk, which determines the level of due diligence required.

Risk profiles are reviewed at least annually and whenever material changes occur.

3. Customer Due Diligence (CDD)

Prior to onboarding, all clients are required to complete Customer Due Diligence.

As part of the CDD process, clients must provide accurate and up-to-date documentation, which may include:

  • Certificate of Incorporation or equivalent registration document
  • Extract from a recognized commercial or trade register
  • Articles and/or Memorandum of Association
  • Proof of registered business address
  • Corporate structure and ownership chart
  • Identification details of directors and shareholders

For each Ultimate Beneficial Owner holding 25% or more ownership or control, the following documentation is required:

  • Valid government-issued photo identification
  • Proof of residential address

Documents should generally be issued within the last three (3) months, where applicable.

4. Enhanced Due Diligence (EDD)

Enhanced Due Diligence is applied where a higher level of risk is identified.

Factors that may trigger EDD include, but are not limited to:

  • Links to jurisdictions classified as high-risk or non-cooperative by the FATF
  • Complex or non-transparent ownership structures
  • Involvement of Politically Exposed Persons (PEPs), their close associates, or family members
  • Prior sanctions exposure, regulatory enforcement actions, or significant negative media

EDD measures may include:

  • Source of Funds (SoF) and Source of Wealth (SoW) documentation
  • Verification of applicable operating or gaming licenses
  • Independent compliance attestations or AML audit reports
  • Expanded sanctions, PEP, and reputational screening

The Company reserves the right to decline onboarding where risks cannot be adequately mitigated.

5. Ongoing Monitoring

All active client relationships are subject to ongoing monitoring to ensure continued compliance.

This includes:

  • Periodic KYC reviews
  • Event-driven reviews following changes in ownership, management, jurisdiction, or licensing
  • Monitoring for unusual or inconsistent activity

Where concerns arise, the Company may request additional information, impose restrictions, or temporarily suspend services pending review. Clients are required to notify the Company promptly of any material changes affecting their risk profile.

6. Sanctions and PEP Screening

The Company conducts screening of directors, shareholders, and UBOs against applicable sanctions and PEP lists, including those issued by the United Nations, European Union, and OFAC, as well as reputable third-party data providers.

Confirmed matches or material adverse findings may result in enhanced due diligence, refusal of onboarding, suspension of services, or reporting to relevant authorities, where required by law.

7. Recordkeeping

KYC and AML records are retained in secure physical or electronic form for a minimum of six (6) years following the termination of the business relationship, in accordance with applicable regulatory requirements.

8. Restricted Jurisdictions

The Company does not establish or maintain business relationships with entities that are:

  • Registered in, controlled by, or operating from FATF high-risk or non-cooperative jurisdictions
  • Subject to United Nations, European Union, or OFAC sanctions
  • Operating within the Union of the Comoros for white-label services targeting that jurisdiction
  • Otherwise restricted by the Anjouan Offshore Financial Authority

9. Non-Compliance Measures

Failure to provide complete, accurate, or timely KYC/AML information may result in:

  • Rejection or termination of onboarding
  • Temporary or permanent suspension of services
  • Termination of contractual agreements
  • Reporting to regulatory or law enforcement authorities, where legally required

10. Policy Updates

This Policy may be updated periodically to reflect changes in law, regulation, or internal procedures. The most current version will be published on the Website and becomes effective upon publication unless stated otherwise.

Where feasible, material changes will be communicated to affected clients in advance.