Anti-Money Laundering (AML) Compliance and fighting Transaction Frauds

AML and KYC Policy – SINICH CO S. A. DE C. V.

www.crasher.mx

Introduction

www.crasher.mx (hereinafter, website) SINICH CO S. A. DE C.V. (hereinafter, Company) having its main headquarters at Cerrada de San Borja 33, int. 1, Del Valle, Benito Juárez, 03100, Ciudad de México.

SINICH CO S. A. DE C.V. is licensed and authorized by the Government of Mexico and conducts its operations under the name of information service provider comply with applicable law on the matter..

Purpose of the policy

The Company is committed to high standards of anti-money laundering (AML) and counter-financing of terrorism (CFT) in accordance with with Mexican regulations (LFPIORPI) to regulate economic acts or operations considered vulnerate and with EU directive.

This Policy is designed to comply with:

• EU: “Directive 2015/849 of the European Parliament and of the Council, of May 20, 2015, regarding the prevention of the use of the financial system for the purposes of money laundering”;

• EU: “Regulation 2015/847 on information accompanying transfers of funds”;

• EU Directive 2015/849 (AMLD 4) as amended by Directive (EU) 2018/843 (AMLD 5);

• EU: Various regulations imposing sanctions or restrictive measures against persons and seizure of certain goods and technology, including all dual-use goods;

• BE: “Law of September 18, 2017 on the prevention of money laundering and conditioning of the use of cash;

• CY: Directive DΙ144-2007-08 of 2012 of the Cyprus Securities and Exchange Commission for the prevention of money laundering and the financing of terrorism.

This Policy applies to all officers, employees, designated contractors, agents, products and services offered by the Company. All business units within the Company will collaborate in order to make a joint effort in the fight against money laundering. Each business department has implemented risk-based procedures that are reasonably expected to detect and prevent the reporting of transactions. All work carried out will be documented and preserved.

The Compliance Officer is responsible for initiating Suspicious Activity Reports ("SARs") or other required information to the appropriate regulatory or law enforcement agencies. All contacts from regulatory or law enforcement agencies regarding the Policy will be directed to the designated Compliance Officer.

Definitions

Money laundering means:

• The conversion or transfer of property, especially money, knowing that said property comes from criminal activity or participation in such activity, with the objective of hiding or disguising the illicit origin of the property or collaborating with any person involved in the commission of such activity to evade the legal consequences of the action of that person or companies;

• The masking or disguise of the true origin, source, location, disposition, movement, rights with respect to, or ownership of property, knowing that such property is originated by criminal activity or an act of participation in such activity;

• The purchase, possession or use of property, knowing, at the time of receipt, that such property originated from criminal activity or from assisting in such activity;

• Collaboration, association to commit, attempt to commit and help, instigate, facilitate and advise the commission of any of the properties referred to in the previous points.

Money laundering is a process intended to conceal the benefits derived from serious infractions or criminal conduct described in current legislation, so that they appear to have come from a legitimate source. This includes all procedures to alter, obscure or hide the beneficial ownership or audit report of illegally obtained money or valuables.

Money laundering is also used to conceal the link between those who finance terrorism and those who commit terrorist acts.

Terrorist financing can be defined as the deliberate provision or collection by any means, directly or indirectly, of funds with the intention that such funds will be used, or with the knowledge that they will be used, to facilitate or carry out terrorist acts.

Generally, the money laundering process has 3 stages during which there may be numerous operations that could alarm the Company about the money laundering activity:

• Placement: the physical disposal of cash deposits from illegal activities. The purpose is to extract the cash from the place of acquisition so that its detection is avoided. Smurfing is a form of placement in which the launderer makes many small cash deposits instead of making one large deposit to avoid local regulatory reporting requirements that apply to cash transactions.

• Layering: separation of illegal income from its source by creating complex layers of financial transactions (various transfers of funds between financial institutions, early repayment of an annuity without taking into account penalties, etc.) Designed to hide the trail of audit and provide anonymity.

• Integration is the provision of apparent legitimacy to criminally obtained wealth. If the Layering process is successful, the integration schemes return the laundered income to the economic system appearing to be normal commercial funds. This is the final stage and process in which money is integrated into the legitimate economic and financial system and assimilated with all other assets in the system. Integrating laundered money into the economy is achieved by making it appear that it was earned legally.

Compliance officer

The Company will appoint a compliance and reporting officer who will be responsible for ensuring the Company's compliance with AML provisions;

The obligations of the compliance and reporting officer will be the following:

• Be a senior officer with the necessary qualifications and experience and capable of adequately responding to queries related to the Company and the management of its activities;

• Be responsible for establishing and maintaining said compliance manual;

• Be responsible for ensuring that Company personnel comply with the

• provisions of the Act and any other law relating to money laundering or terrorist financing and the directives of any established compliance procedures manual; and

• Act as a liaison between the Company and the control authority and the FIU in matters related to compliance with the directives of the Law and any other law regarding money laundering or terrorist financing.

Changes to this policy

Any material change to this policy is subject to approval by the Company's general management and the Compliance Officer.

Risk-based approach

Before proceeding with withdrawal requests, KYC and due diligence procedures are followed by evaluating factors such as customer history, country of origin, public or prominent position, linked accounts, trading activity or others. risk indicators.

Each client is assigned a risk score based on the following criteria (complementary factors may be applied):

• Nationality;

• Home;

• Source of funds/wealth;

• High risk transactions;

• PEP status and international sanctions.

After calculating the risk score, the client is placed in one of the following groups:

• High risk;

• Medium risk;

• Low risk.

Know Your Customer (KYC) and Due Diligence

Before verifying the account and withdrawing funds, the Company must ensure that it obtains satisfactory and competent proof of the identity of its clients and that there are efficient procedures for such verification, especially with respect to new clients. The Customer Account Information Form (CAIF) is stored for customers.

Due diligence must be exercised to prevent the Company from being used as a vehicle for money laundering. The Company applies the following procedures to know when it is requested to launder money:

• Client Identification: The Company will take all appropriate measures (exercise "due diligence") to establish, to its satisfaction, the true and complete identity of each client, as well as the source of wealth, financial position and investment of each client. Due diligence is necessary for a high net worth individual whose source of funds is unclear. We will take care to always be able to "know" the identities of the people we deal with;

• Suspicious client activity: If there are suspicions about the activities (deals, money transfers, etc.) of an existing or potential client, they must be immediately reported to the Compliance Officer, who will: receive suspicious activity reports from the company's staff. Company, will coordinate necessary AML reviews/meetings with relevant personnel, gather all information necessary to evaluate and investigate suspicious activity, determine whether the activity requires reporting to senior management, and develop and implement training programs in accordance with the requirements of this Policy.

Employees are prohibited from disclosing to a customer or any other person that information has been shared with the Compliance Officer, management or regulatory authorities.

To ensure compliance with this requirement, all personnel must sign a declaration regarding non-compliance with the AML confidentiality provision.

The Company may be exposed to reputational risks and should therefore exercise increased diligence in connection with such transactions.

All new customers and new accounts are approved by at least one Compliance Officer. In the case of a new high-risk client, the final decision is made by the CEO.

Special security measures have been taken internally in order to protect the privacy of customers, the Company ensures that equivalent verification and monitoring of these customers is carried out, e.g. is available for review by the Compliance Officer and auditors.

The following security measures are implemented to protect customer privacy:

• Employees must sign confidentiality agreements.

• The Company will comply with data protection laws

• There will be a division of responsibilities between staff and departments and information will be made available to different people as required;

• The organization has implemented strict IT controls to ensure data security.

Know Your Client (KYC) and account verification

The formal identification of clients at the time of making a withdrawal is a vital element, both for the regulations in relation to Money Laundering and for this Policy.

For this reason, we require that the client provide a copy of their identification document, such as a passport or national identity card. In high-risk cases, we will ask the client to provide the document certified by a local notary.

The four corners of the document must be visible in the same image as well as all the details of the document.

In high-risk cases, proof of address will be required, which can be provided in the form of a recent bank statement, utility bill, gas bill, and other documents that openly show the client's current address. These documents must not be more than 6 months old.

In cases where the client deposits and withdraws an amount that is not typical of the client's usual and previous deposit and withdrawal history, a verification of the origin of the funds will be carried out. Until the origin of the funds is confirmed, the operation will be frozen.

The following are examples of proof of origin of funds:

• Business ownership (corporate documents, proof of dividend payment);

• Employment (payrolls);

• Inheritance (inheritance letters);

• Investments (proof of investment return);

It is very important that the origin and legitimacy of that wealth be clearly understood.

Payment method verification

To proceed with withdrawal requests, the Company must verify the payment methods carried out by the client. It is essential that the payment methods used by the client are not used for the purposes of money laundering and terrorist financing.

Customers can make a deposit using one of the following methods: bank cards, e-wallets and cryptocurrencies.

To proceed with the withdrawal of funds by any of the above methods, the Company must ensure that the payment method belongs to the client. Proof can be provided in the form of a card account statement, a screenshot of the e-wallet provider account, a screenshot of the cryptocurrency payment method account.

In the case of bank cards, the easiest way to prove ownership is to request a photo of the card (with CVV code). If the customer's name is not on the card, a card statement indicating the card number must be provided.

Compliance with laws

The Company ensures that laws and regulations are complied with in a business environment with high ethical standards and will not provide services to any client where there are good reasons to understand that money laundering activities are involved.

Cooperation with law enforcement agencies

If there are reasonable grounds to suspect money laundering, we will fully cooperate with relevant law enforcement authorities within the legal limits regarding customer privacy.

Dissemination of policies and procedures

The policies and procedures to avoid possible money laundering activities are adequately communicated to our officers and employees.

Improved customer diligence

The Company will conduct enhanced customer due diligence:

• When an increased risk of money laundering or terrorist financing has been identified;

• Where a high risk of money laundering or terrorist financing has been identified through the supervisory guidance;

• When the client is located in a foreign country that, according to reliable sources, has serious deficiencies in the regime for the prevention of money laundering or financing of terrorism or corruption.;

• If the client is a politically exposed person; either

• In case of any unusual or suspicious activity.

Industry-accepted standards that always result in improved due diligence (the requirement for additional identity and address verification)

High Risk Clients/Politically Exposed Persons

A PPE is a person who has been entrusted with a prominent public function within the last three (3) years and includes any member of the immediate family or close associate of such person. Both local and foreign PPEs are categorized by this definition.

The Company will have a risk management system to establish whether potential clients and potential or existing clients are PPE and will carry out regular searches and checks for this purpose.

The Company will seek information from reliable sources, including https://www.world-check.com and Google Search. The Company will also rely on public information permitted by anti-money laundering and anti-terrorist financing directives to establish whether individuals fall within the definition of "close associates" (e.g., partners or joint ventures) and will conduct periodic searches and verifications for this purpose.

Enhanced CDD and enhanced ongoing monitoring (risk-based) are required whenever a client, or any beneficial owner of a client, is or becomes a politically exposed person (PPE). “Customer” for this purpose includes any person who enters into a business relationship or conducts a single transaction with the reporting entity.

If the client is high risk or a politically exposed person, the Company will follow these procedures:

• properly identify the individual and verify his or her identity as set forth in this section;

• have appropriate risk management systems in place to determine whether the client is a politically exposed person;

• obtain approval from senior management before entering into a business relationship with a customer;

• take reasonable steps to establish the source of the person's wealth and the source of his or her property; and

• Carry out regular and improved monitoring of business relationships.

Procedures for dealing with “Politically Exposed Persons”

When working with politically exposed people, the Company will carry out the following procedures:

In addition to meeting the customer due diligence requirement, the following will be done:

• implement risk management systems to determine whether a person or beneficial owner with whom that person has a business relationship is a politically exposed person, a family member or a close associate;

• ensure that risk management procedures:

• contain as a component procedures that require senior management approval before establishing or continuing a business relationship with a politically exposed person, family member or close associate

• take appropriate measures to establish the source of wealth and origin of funds of a person involved in the business relationship and a beneficial owner identified as a politically exposed person, family member or close associate; and

• contain as a component the monitoring of the business relationship with the politically exposed person, family member or close associate.

International sanctions

The Company will check the presence of each client on the sanctions lists through web search and automated system.

PEP and sanctions list are continually monitored and updated.

The PPE and the sanctions list are continually monitored and updated.

Changes in Customer Status and Operations

The Company immediately takes all corresponding actions, applying the procedures and identification measures to provide due diligence, with the objective of collecting the corresponding evidence in cases of:

• a significant change to the way you work with an account, for example:

• change of persons authorized to maintain your account;

• a major transaction that appears to be unusual and/or significant in the usual type of gambling and customer profile.

Advanced control and rejection of clients

Depending on the risk, we will analyze logical inconsistencies in the information or behavior of our clients. If a potential or existing customer refuses to provide the information described in the previous chapters or appears to have intentionally provided misleading information, a new account will not be opened and, after assessment of associated risks, any existing account will be considered for closure. We will also reject any account that the Compliance Officer identifies as "high risk."

Tracking customer activity

The Company carefully monitors suspicious and revenue-intensive transactions, immediately takes appropriate action related to these transactions and informs the relevant authorities without undue delay.

The monitoring system implemented by the Company is based on both automatic monitoring and, where appropriate, manual monitoring by staff. Various status fields have been implemented in customer accounts to display their profile in the system, facilitating automatic follow-up. We have implemented a regulatory and legally compliant reporting process that will provide the ability for all employees to report to a Compliance Officer if they know or suspect that a client is involved in money laundering or terrorist financing.

Our staff is trained to monitor a sufficient number of account activity to allow identification of patterns of size, volume, type of unusual transactions, geographic factors, such as whether jurisdictions designated as "non-cooperative" or any of the "flags" are involved. red" identified below.

The Company will consider transactions, including deposit and payment requests, in the context of other account activity to determine whether the transaction does not make financial sense or is suspicious because it is an unusual transaction by this customer. The Compliance Officer, who will be responsible for supervision, will take note of when and how the transaction is carried out and will report any suspicious activity to the appropriate authorities.

Examples of Red Flags are:

• - The сlient shows unusual concerns about the Company's compliance with government reporting requirements and the AML Policy, especially in relation to its identity, assets, or refuses to provide any information, or provides suspicious identity documents;

• - The client wants to participate in transactions that lack commercial sense or obvious game strategy, or that are inconsistent with the client's normal playing style;

• - Information provided by the client that identifies a legal source of funds is false, misleading or materially incorrect

• - Upon request, the client refuses to identify or fails to identify any legal origin of his or her funds and other assets.

• - The client has a questionable past or is the subject of news stories revealing possible criminal, civil or regulatory violations;

• - The client shows a lack of concern regarding risks, commissions or other transaction costs;

• - The client tries to make frequent or large deposits, requests to make exceptions to the Company's policy regarding deposits of cash and cash equivalents;

• - The сlient is from or has accounts in a country classified as non-cooperative by the Financial Action Task Force.

• - The customer's account reveals an unexplained high level of account activity with very low levels of transactions;

• - The customer uses the casino account as a savings account.

When a Company employee detects any red flag, he will conduct a complementary investigation based on the supervision of a Compliance Officer. This may include collecting additional information internally or from third-party sources, contacting appropriate authorities, or freezing an account.

Deposit and withdrawal requirements The Company tracks the funding of various bank accounts outside the account holder's country of residence. In the case of a bank transfer or transfer from a bank card, the name specified during registration must match the name of the bank account/card holder.

The Company does not accept cash deposits or disburse cash under any situation.

The withdrawal process described below is based on strict rules to ensure that funds are safely sent to their original source and recipient:

• - Our clients must submit a withdrawal request containing correct information about their account;

• - All withdrawal forms are sent to our accounting department for processing. Our accounting department confirms the account balance, verifies that the account has no holds or withdrawal restrictions, and then approves the withdrawal request, pending compliance approval;

• - Our accounting department reviews all withdrawal requests, verifying that the initial funds are withdrawn using the same deposit method in the name of the registered account holder. Our accounting department checks the withdrawal request against the client's deposit history to ensure there is no suspicious activity and verifies the bank account on file.

• - Accepted withdrawal requests are processed by the accounting department and the funds are delivered to the client;

• In the event that a withdrawal is flagged for suspicious activity, the withdrawal is placed on hold, pending further investigation by our compliance department; and

• - Our management will work with the Compliance Department to determine if further action is needed and if it is necessary to contact the appropriate regulatory authorities.

SAR reporting requirements

The Company must establish a mandatory reporting system for suspicious transactions through the designation of a Compliance Officer. Reporting of covered and suspicious transactions must be made by the Compliance Officer within five (5) business days.

Employees, the Compliance Officer and/or directors must not notify their clients when information related to them is being reported to the Authorities. The Company shall record or maintain a complete file of all covered and suspicious transactions brought to the attention of the Compliance Officer. The record must contain information about:

• the date on which the report is made

• the person who submitted the report to the compliance inspector; and

• sufficient information to identify relevant documents associated with such reports.

•

The Compliance Officer must submit SARs through the Curaçao Financial Intelligence Unit (FIU) goAML system, where and when applicable, and inform the Master License Holder of such reports.

Internal Control and Procedures

As a general internal control procedure, the Company's directors, officers, agents and personnel must report any knowledge or suspicion of money laundering activity to the Compliance Officer.

The report must be transmitted formally either in printed form, memos or notes, or by electronic means (internal email). The use of external email addresses to send the report is prohibited. Make sure no one else receives a copy (including blind copies).

Failure to comply with the aforementioned requirements exposes reporting personnel to the risk of breaching confidentiality in violation of the Money Laundering Law.

In accordance with this requirement, all personnel will be required to sign a statement regarding non-compliance with the confidentiality provision of the AML Act. A copy of this signed statement will be maintained with the personnel file.

After a meticulous assessment and the reasonable belief that there are truly grounds for suspicion of money laundering, the Compliance Officer will maintain a record of all reports sent to the authorities, as well as all reports made by the personnel of the Company related to suspicious transactions, whether or not they have been reported to the Authorities.

Without prejudice to the functions of the Compliance Officer as Reporting Officer, the final responsibility for the adequate supervision, information and compliance with the Money Laundering Law and the Rules and Regulations for its Application rests with the Company and its Board of Directors.

Staff training

The Company provides the necessary training, as well as advice to its staff and the Compliance Officer.

The Company informs employees of the new procedures and instructions necessary to combat money laundering. Officials and staff are sent to briefings, training and seminars offered by regulatory authorities.

The company also trains staff in “Know Your Customer” requirements with the goal of preventing and detecting money laundering. Thus, employees will be trained on the true identity of the clients and the type of commercial relationship that is established. The Company must determine the level of training/orientation of its personnel, giving priority to the Compliance Officer who will directly attend to situations involving money laundering. The scope of training includes the following:

• - Provisions of the AML Law;

• - The Company's AML policy;

• - Internal Supervision, Control and Compliance Procedures of the Company;

• - Updates and changes to the AML Law; and

• - Updates and changes in Internal Supervision, Control and Compliance.

Refresher training courses or briefings should be conducted from time to time to continually remind key personnel of their obligations or in the event of changes in laws and regulations linked to money laundering.

Registry mantenance

Records will be maintained of all documents obtained for the purpose of identifying the client and all data of each transaction, as well as other information related to money laundering issues, in accordance with applicable anti-money laundering laws/regulations. This includes suspicious activity reporting documents, AML account monitoring documentation, etc.

Transactions carried out through the Company may be subject to reverse engineering from which authorities may prepare an audit trail for suspected money laundering when such report is sent to them. The Company may, within a reasonable time, comply with any request or order from authorities regarding the disclosure of information, including, without limitation, whether a particular person is the customer or beneficial owner of the transactions carried out. carried out through the Company. The following document storage periods will apply:

• All customer account opening documents and records of all customer transactions, especially customer identification records, must be kept and stored securely for 5 (five) years from the date of transactions;

• In relation to closed accounts, customer identification records, account files and business correspondence must be retained and stored securely for at least five (5) years from the date they were closed.

The following records must be kept stored:

• Copies of evidentiary materials that prove the client's identity;

• Any non-documentary verification methods or additional methods used to verify;

• Relevant evidence and details of all business relationships and transactions;

• Relevant documents from correspondence with clients;

• A description of how the Company resolved all significant nonconformities observed.

Document verification and review is carried out by personnel assigned to verify the accuracy and completeness of the records maintained by the Company. It is important that any significant violations or missing documents be noted and reported for immediate correction.

Transaction documents may be maintained in original or copies, on microfilm or in electronic format, provided such forms are admissible in court.

If the records are involved in ongoing investigations or transactions that were the subject of disclosure, they must be retained beyond the prescribed retention period until the case is confirmed to be closed and dismissed.

Independent Third Party Verification

The Company will regularly engage an independent qualified party to conduct an annual independent audit of our AML policies and procedures, as well as compliance with these procedures. The Company will conduct written follow-up to ensure that any deficiencies noted during its annual review are addressed and corrected.

The Company will confirm with its AML/CFT audit firm that its audit program includes the following:

• The objectives of the audit and the scope of the examination;

• Any recommendations to improve the AML program;

• Discussion of any observed deficiencies and an action plan to be implemented by management to address these deficiencies;

• and general opinion regarding the adequacy of the Company's anti-money laundering program.

The independent verification report must be sent to senior management and the Company's Compliance Officer must retain a copy