- Policy Framework And Objectives
- Three-Step Verification (KYC)
- Customer Identification Standards
- Source Of Funds And Wealth
- Risk-Based Approach
- Sanctions And Restricted Locations
- Ongoing Transaction Monitoring
- Payments And Same-Method Rule
- Data Protection And Retention
- Politically Exposed Persons (PEP)
- Reporting Suspicious Activity
- Enterprise-Wide Risk Assessment
- Training And Awareness
- Auditing And Oversight
- Player Responsibilities
- Support And Escalation
- FAQ
Policy Framework And Objectives
The AML framework is structured around prevention, detection, and reporting.
Its objectives are to:
- Prevent the casino’s systems from being used for money laundering or terrorism financing.
- Ensure transparency in financial operations and player identity verification.
- Protect legitimate customers through strict compliance procedures.
- Maintain accountability through auditable records and regulatory reporting.
Regulatory Alignment
Heats Casino’s AML framework adheres to:
- EU Directive 2015/849 (Fourth AML Directive) – outlining customer due diligence and beneficial ownership checks.
- EU Regulation 2015/847 – addressing fund transfers and traceability requirements.
- Anjouan Financial Authority rules – under the Computer Gaming Licensing Act 007 of 2005, governing AML practices for licensed operators.
Additionally, the casino enforces OFAC, UK, and EU sanctions, ensuring that restricted countries and individuals are denied access.
Governance And Responsibility
The AML system operates under direct supervision of the Heats Casino Board.
Key roles include:
| Position | Responsibility |
|---|---|
| AML Compliance Officer (AMLO) | Oversees compliance with AML laws, conducts internal audits, and reports suspicious activities. |
| Senior Management | Approves AML policies, provides oversight, and ensures adequate resourcing. |
| Operations Staff | Applies AML procedures during customer interaction and transaction monitoring. |
The AMLO updates internal controls regularly and ensures all staff receive proper AML and KYC training.
Three-Step Verification (KYC)
Verification applies before withdrawals and at defined activity thresholds. Additional checks can occur based on risk indicators or unusual account behaviour.
Step One — Identity And Address
Provide a valid photo ID and a proof of address when requested. A selfie may be required to match the ID and confirm liveness.
Step Two — Enhanced ID Check
Higher deposit or withdrawal activity can trigger extra checks. The team may request an additional selfie aligned with your payment method to confirm ownership.
Step Three — Source Of Funds
For larger or frequent transactions, you may be asked to provide source-of-wealth/funds evidence. Examples include employment income, business revenue, or investment statements.
Customer Identification Standards
Formal identification is required when you start a relationship with the casino. Staff can request additional details where needed to complete due diligence.
Accepted Documents
Use a passport, national ID card, or driving licence for identity verification. Ensure all four corners are visible and the data is clearly readable.
Proof Of Address
Submit a recent utility bill or an official government notice. The document must show your full name, address, and issue date, with text that is clear and fully visible.
KYC Verification Summary
| Step | What’s required | When it applies | Purpose |
|---|---|---|---|
| Step 1 – ID & Address | Passport/ID/Driving licence + proof of address; selfie may be requested | Account creation and before first withdrawal | Confirms identity and residence |
| Step 2 – Enhanced Check | Additional selfie aligned with payment method; extra ID review | Triggered by higher deposit/withdrawal activity | Confirms payment ownership; reduces fraud risk |
| Step 3 – Source of Funds | Evidence of income, business, or investments | High or unusual activity; risk-based triggers | Meets AML requirements; establishes fund origin |
Source Of Funds And Wealth
The team can request documents that show where your funds come from. If the origin is unclear, your account may be paused until review is complete.
Examples of acceptable evidence:
- Recent bank statements or pay slips.
- Business income records or tax returns.
- Investment statements or dividend notices.
- Inheritance or gift documentation.
Provide clear copies with names, dates, and amounts visible. Extra details may be requested if figures do not match activity.
Risk-Based Approach
Countries are grouped into three risk regions. Verification measures scale with the assessed risk to protect customers and the platform.
Region One — Standard Measures
Standard three-step verification applies. Usual thresholds and routine checks are followed for deposits and withdrawals.
Region Two — Lower Thresholds
Triggers occur at lower amounts than usual. Currency changes and payment ownership may receive extra scrutiny before approval.
Region Three — Access Blocked
High-risk regions are not accepted. The internal lists are reviewed and updated by the team on an ongoing basis.
Sanctions And Restricted Locations
Access from sanctioned locations is blocked. Examples include Iran, Cuba, North Korea, Syria, and Crimea. The block is enforced with geo-tools and provider rules to prevent account creation or payments from restricted areas.
UK And OFAC Screening
Customer data is screened against UK and US (OFAC) sanctions lists. Records are refreshed on an ongoing basis so matches can be detected and escalated without delay.
Ongoing Transaction Monitoring
Transactions are reviewed against each customer’s risk profile. Unusual patterns—such as rapid cycling of funds or mismatched payment ownership—are flagged for escalation and may result in temporary holds while checks are completed.
First Line Of Control
Trusted payment providers conduct their own KYC and risk checks, blocking many suspicious deposits at source.
Second Line Of Control
Support and compliance staff apply due diligence during customer contact. Specific requests (e.g., currency changes, large-limit increases) can be routed for additional review.
Third Line Of Control
Manual investigations follow automated alerts. High-risk cases receive a full review that can include enhanced identity verification and source-of-funds requests.
Payments And Same-Method Rule
Where possible, withdrawals must use the same method as the original deposit. This maintains a clear audit trail and reduces the risk of third-party payments. Exceptions may require extra verification.
Crypto And Fiat Considerations
Mixing fiat deposits with crypto withdrawals (or vice versa) can trigger checks. The team may request additional documents—such as wallet ownership proof or exchange statements—before approving the payout.
Data Protection And Retention
Records are stored securely. Identification and transaction data are retained for at least ten years for compliance purposes.
Security Measures
Information is encrypted in transit and at rest, with access controls limiting who can view sensitive data. Where required by law, data may be shared with authorities following formal requests.
Politically Exposed Persons (PEP)
PEPs and their close associates are subject to enhanced due diligence. Screening is global, not limited to local lists, and runs on an ongoing basis.
EDD Measures
For PEP relationships, the team may gather:
- Additional background and funding details;
- Source-of-funds/wealth documentation;
- Evidence of ownership of payment methods.
Ongoing monitoring applies for the duration of the relationship.
Reporting Suspicious Activity
Staff are required to escalate atypical transactions to the AML team. Where the review meets reporting thresholds, the AML team can file reports with the relevant authority. Accounts may be paused during checks.
Enterprise-Wide Risk Assessment
The programme includes an annual risk assessment covering services, user profiles, payment channels, and operating geographies. Findings inform updates to controls, thresholds, and training across the business.
Training And Awareness
Staff complete mandatory AML training on a regular schedule. New hires receive structured onboarding with academic learning sessions and guided practice.
What training covers
- Identifying red flags and suspicious patterns
- KYC document standards and liveness checks
- PEP screening and risk categorisation
- Data handling, retention, and escalation flows
Auditing And Oversight
Internal audits review AML activity, controls, and staff adherence. Findings drive updates to policy, thresholds, and tooling.
Audit focus
- Sampling of KYC files and transaction alerts
- Timeliness of escalations and SAR decisions
- Accuracy of record keeping and access logs
Player Responsibilities
Players must provide accurate information and cooperate with checks. Using consistent payment methods speeds up verification.
What we ask from players
- Submit valid ID and address documents on request
- Use the same method for deposits and withdrawals
- Respond promptly to source-of-funds requests
- Keep contact details current in the account profile
Support And Escalation
Live chat operates around the clock for verification help. Tickets handle complex cases, document uploads, or lengthy reviews.
When to use each channel
- Live chat: quick KYC questions, document guidance, payment ownership checks
- Ticket: large uploads, compliance queries, or issues needing a case review
AML Contacts
For general AML or verification queries, email [email protected]. Include your account email, a short summary, and any reference numbers.