Purpose and Principles

Rp99 maintains an anti money laundering and countering the financing of terrorism program designed to prevent illicit funds from entering or circulating within its services. The policy establishes clear obligations for customer due diligence, ongoing monitoring, recordkeeping, and cooperation with competent authorities in all jurisdictions where Rp99 operates.

Scope

This policy applies to all Rp99 customers, employees, contractors, and third party service providers engaged in activities on Rp99 platforms. It governs all account openings, transactions, and service access, including deposits, withdrawals, and internal transfers.

Definitions

  • Money laundering refers to the process of concealing the origins of illegally obtained funds.
  • Financing of terrorism means providing funds or resources intended for a terrorist act or organization.
  • Know Your Customer and Customer Identification Program (KYC/CIP) encompasses identity verification, risk assessment, and ongoing monitoring.
  • Sanctions and geo-blocking involve screening against applicable sanctions lists and restricting access from restricted jurisdictions.
  • Enhanced Due Diligence (EDD) applies to higher risk customers and activities.
  • Suspicious Activity Reporting (STR) is the internal and regulatory obligation to report suspicious transactions.

Governance and Responsibilities

The senior management and the Compliance function hold primary responsibility for the design, implementation, and ongoing operation of the Rp99 AML program. Roles include a designated AML Compliance Officer, an internal AML committee, and independent audit functions. The board approves policy changes and oversees risk management related to money laundering and terrorist financing.

Enterprise-Wide Risk Assessment

Rp99 conducts an ongoing enterprise-wide risk assessment to identify, measure, and mitigate money laundering and terrorism financing risks. Risk factors include customer type, geography, products and services, delivery channels, and transaction patterns. Risk ratings determine the level of due diligence and monitoring applied to each customer and activity.

Know Your Customer and CIP Program

Rp99 applies customer due diligence commensurate with risk. The program includes identity verification, address verification, and assessment of source of funds for each account. Ongoing monitoring adapts to changes in risk profile and activity.

Identity Verification and Documentation Requirements

  • : Accepted forms include government issued photo IDs such as passports, national identity cards, or driver’s licenses. The document must be current and legible. Where a photo ID is not available, alternative evidence may be accepted in accordance with risk considerations as determined by Rp99.
  • Proof of Identity: Front and back copies of the primary identification document are required. If necessary, a supplementary document may be requested to establish identity.
  • Birth Information: In limited cases, a birth record with an image is acceptable where standard photo ID is unavailable, and a contemporary photograph of the applicant with the birth record may be requested.
  • Address Verification: A utility bill or bank statement bearing the applicant’s name and residential address, issued within the last three months, is required.
  • Authentication of Age: Rp99 verifies that applicants are not below legal age for gambling where applicable by confirming date of birth on submitted documents.

Source of Funds and Proof of Payment

Rp99 requires documentation to establish the source of funds for deposits and ongoing funding. Documentation is evaluated in light of the selected deposit method:

  • : Copies of all cards used, displaying the cardholder’s signature and the first six and last four digits. The middle digits and the CVV must be obscured. A cover page showing the card may be required if requested for verification.
  • E‑wallets: Screenshot of the e‑wallet screen showing registered email, account number, and user information sufficient to verify ownership.
  • Bank transfers: Recent bank statement showing bank name, account number, IBAN, and BIC; copies must display all four corners. A deposit confirmation or receipt may be requested.
  • Crypto currencies: Transaction receipts and wallet profile showing email, user ID, and associated account information necessary to verify ownership and history.
  • Prepaid vouchers: Documentation may be requested to confirm origin and apply appropriate due diligence; prepaid vouchers may not be used to satisfy source of funds verification in all cases.

Account Activation and Verification Timelines

Rp99 will complete verification of identity, address, and source of funds within three (3) business days of submission of complete documentation. Rp99 may request additional information if any submitted document is unclear or incomplete. In the event a payout withdrawal is requested, the user must furnish the required verification documents within forty-eight (48) hours of the payout request. Rp99 reserves the right to suspend or terminate a payout or account until verification is completed.

Sanctions Compliance and Geo-Blocking

Rp99 screens all customers and counterparties against applicable sanctions lists and political exposure indicators. Access is restricted or blocked for individuals, organizations, or jurisdictions identified as sanctioned or exposed in a manner inconsistent with applicable law. Where required, Rp99 will implement geo-blocking measures to prevent access from restricted regions.

Transaction Monitoring and Risk Based Approach

Rp99 employs automated real-time monitoring to identify unusual or potentially suspicious activity. Monitoring considers customer risk rating, transaction size, velocity, counterparties, and geographies. High risk indicators trigger enhanced due diligence or temporary account restrictions as appropriate.

Suspicious Transaction Reporting and Internal Escalation

Rp99 maintains procedures for the detection, investigation, and reporting of suspicious activities. When a transaction or pattern of activity appears inconsistent with known business, personal profile, or declared purpose, the activity is escalated to the Compliance Officer for review. If justified, Rp99 shall submit a STR to the competent authorities in accordance with applicable law, preserve anonymity where required, and document the rationale and actions taken.

Record Keeping and Data Storage

Rp99 retains all records relating to customer identification, due diligence, transaction monitoring, and investigations for a minimum period required by applicable law, but in no event less than five (5) years after account closure or the completion of the transaction. Records are stored securely with access restricted to authorized personnel and protected in accordance with data protection laws.

Vendor Management

Third party service providers supporting Rp99 AML functions are governed by written contracts that require adherence to equivalent AML controls, data protection, and incident reporting. Rp99 conducts due diligence and ongoing monitoring of vendors and maintains a mechanism for audit and remedy of deficiencies.

Training and Awareness

Rp99 provides AML/CFT training to all relevant staff at onboarding and at least annually thereafter. Training covers identification of suspicious activity, regulatory obligations, data handling, and reporting procedures. Staff must complete training within specified timelines and demonstrate competence.

Independent Audit and Testing

Rp99 subjects its AML program to independent internal and external audits and testing at regular intervals. Audit results are reported to the board and remedial actions are tracked until resolved.

Whistleblowing Channels

Rp99 maintains confidential channels for reporting concerns related to AML compliance. Whistleblowers are protected from retaliation, and information provided is handled on a need-to-know basis in accordance with applicable law and company policy.

Key Performance Indicators

Rp99 monitors AML performance through defined KPIs, including the time to verify customer identity, the proportion of accounts with ongoing due diligence, the number of STR filings, and the rate of compliance with data retention obligations. KPIs are reviewed by senior management on a periodic basis.

Business Continuity Plan

Rp99 maintains a business continuity plan to sustain AML functions during disruptions. The plan includes data backups, alternate channels for escalation, and recovery procedures to resume normal monitoring and reporting within defined timeframes.

Policy Updates and Version Control

Rp99 periodically reviews and updates this policy to reflect changes in law, regulation, and risk assessment. Each update includes an effective date, summary of changes, and distribution to relevant stakeholders.

Customer Rights and Data Protection

Rp99 respects customer privacy and provides access to personal data held on file in accordance with applicable data protection laws. Customers may request correction, restriction of processing, or deletion where legally permissible, subject to ongoing AML obligations.

Cooperation with Authorities

Rp99 cooperates with competent authorities and regulatory bodies, providing information and records as required by law, while preserving the confidentiality of ongoing investigations where appropriate.