ContentsPurpose & Scope
Regulatory Framework
Governance & Roles
Risk-Based Approach
Customer Due Diligence (CDD)
Enhanced Due Diligence (EDD)
Screening (Sanctions & PEP)
Ongoing Monitoring & Triggers
Record-Keeping & Retention
Data Protection
Suspicion Reporting
Third-Party Reliance
Training & Awareness
Audit, Testing & Updates
This policy establishes how Fezuinteractive prevents fraud, account abuse, sanctions evasion, and security threats in connection with our entertainment-only online gaming services. Because the Services do not involve real‑money gambling, deposits, withdrawals, or prize payouts, traditional AML/TF obligations do not apply; however, we maintain aligned controls to prevent misuse of the platform.
All players and account holders using the Fortunes Veil entertainment platform operated by Fezuinteractive.
Employees, contractors, and service providers acting for Fezuinteractive.
Any interactions involving digital wallet linkage for optional non‑monetary rewards.
Although Fezuinteractive does not conduct real‑money gambling or financial transactions that trigger AML regulatory obligations, we align our fraud‑prevention and sanctions‑screening operations with industry best practices and relevant guidance (e.g., OFAC sanctions compliance expectations, FATF red‑flag indicators for digital services, and general consumer‑protection standards).
Board / Executive: approve policy, ensure adequate resources and independence for compliance.
MLRO: maintains this policy, oversees KYC/AML operations, approves EDD, handles SAR/STR, liaison with regulators.
Compliance Team: performs reviews, escalations, and quality assurance.
Engineering / Data: implement and maintain controls, logs, and data retention safeguards.
Customer Ops / Payments: follow SOPs for verification, transaction review, and escalation.
We assess risk across customer, geography, product, and channel and apply proportionate controls.
FactorExamplesTypical Controls
Geography
High-risk third countries, sanctions exposure
Block lists, step-up EDD, source-of-funds (SoF)
Customer
PEP, negative news, inconsistent identity
PEP/sanctions screening, adverse media checks, EDD
Product/Channel
Non‑face‑to‑face onboarding, optional wallet linkage for entertainment-only blockchain rewards
Reliable eKYC, liveness, transaction monitoring
Behavior
High velocity, circular flows, device anomalies
Automated risk scoring, manual review, limits
When: at onboarding or when fraud‑related concerns arise.
What we collect (individuals): full name, date of birth, residential address, nationality/country, and—when required—government ID (passport/ID card/driver’s license) and selfie/liveness. We verify via reliable, independent sources or certified vendors.
Outcome: verified / pending / failed. We can suspend or deny services/payouts until CDD is completed.
EDD is applied where risk is higher (e.g., PEP, high-risk geography, unusual flows, adverse media). Measures may include:
Stronger identity corroboration; second document; in-depth liveness or video KYC.
Tighter ongoing monitoring and limits; senior management/MLRO approval.
We screen customers against applicable sanctions lists (e.g., UN, EU, OFAC) and PEP lists at onboarding and periodically.
Positive or potential matches are reviewed by Compliance; account access may be limited while review is ongoing.
Hits are documented, decisioned, and retained per this policy.
We use automated and manual reviews to detect anomalies. Typical triggers include, but are not limited to:
Unusual velocity or volumes (e.g., rapid account activity inconsistent with normal entertainment use).
Patterns indicative of layering (e.g., rapid in-out with minimal gameplay).
Device or geolocation anomalies; multiple accounts; VPN/hosting IPs.
Sanctions/PEP updates and adverse media events.
Risk Metrics (examples): account velocity metrics, device consistency checks, location anomaly patterns, high-risk geo/device flags. Thresholds are tuned by Compliance and documented in internal runbooks/SOPs.
We retain verification records, risk assessments, screening logs, and transaction data for at least five (5) years after the end of the business relationship or the date of an occasional transaction, subject to local law.
Records must be retrievable promptly for competent authorities.
Lawful bases: legitimate interests (fraud prevention, account security) and, where applicable, legal obligations relating to sanctions compliance. See our Privacy Policy for details.
PII is encrypted at rest at the application layer (AES-256-GCM “sealed” records). Access is role-based and logged.
We use vetted processors for eKYC/screening; data transfer and sub-processing are governed by DPAs.
Employees must promptly escalate unusual or suspicious activity to the Compliance Lead using the internal incident‑reporting procedure. The Compliance Lead determines whether the activity represents fraud, sanctions risk, account compromise, or another security issue requiring action. Tipping‑off prohibitions apply where legally relevant.
Reliance on third parties for parts of CDD is permitted only where legally allowed and documented. Fezuinteractive remains ultimately responsible.
All relevant staff receive AML/KYC induction and annual refreshers; role-specific training is provided to high-risk teams.
Training completion is tracked; materials are reviewed annually.
This policy is reviewed at least annually and upon regulatory change, product change, or material risk events.
Independent testing and internal audits assess control effectiveness; findings are tracked to remediation.