Diamond Card Limited, operating the GhScratch.com platform under exclusive license by LaPalm Casino (Gaming Commission License Number: GCRO20A7314H), is unequivocally committed to maintaining the highest standards of integrity in combating money laundering, terrorist financing, and proliferation financing activities.

This Anti-Money Laundering, Counter-Terrorist Financing, and Counter-Proliferation Financing Policy ("AML/CFT/CPF Policy") establishes our comprehensive framework for preventing the misuse of our gaming platform and payment systems for illicit financial activities.

1.1 Zero Tolerance Commitment

We maintain a zero-tolerance approach to money laundering and terrorist financing. We will:

• Refuse to knowingly accept or facilitate proceeds of crime;
• Not enter into or maintain business relationships with persons involved in money laundering or terrorist financing;
• Immediately terminate relationships with customers suspected of such activities;
• Fully cooperate with law enforcement and regulatory authorities;
• Report all suspicious activities as required by law;
• Maintain robust systems for detecting and preventing financial crimes;
• Continuously train our staff on AML/CFT/CPF obligations;
• Regularly review and update our policies and procedures.

1.2 Regulatory Framework

This Policy is implemented in compliance with:

• Anti-Money Laundering Act, 2020 (Act 1044) - Ghana's primary AML legislation;
• Anti-Terrorism Act, 2008 (Act 762) - Counter-terrorism financing framework;
• Anti-Terrorism (Amendment) Act, 2012 (Act 842);
• Gaming Act, 2006 (Act 721) - Gaming industry regulations;
• Financial Intelligence Centre Act, 2020 (Act 1039) - FIC reporting requirements;
• Regulations issued by the Gaming Commission of Ghana;
• Financial Action Task Force (FATF) Recommendations - International standards;
• Ghana's National Risk Assessment - Sector-specific risk identification;
• Other applicable laws and regulations.

1.3 Scope and Application

This Policy applies to:

• All employees, officers, and directors of Diamond Card Limited;
• All contractors, consultants, and service providers;
• All business partners and affiliates (LaPalm Casino, Sky Margins Limited);
• All customers and users of the GhScratch.com platform;
• All financial transactions conducted through the platform;
• All jurisdictions where we operate or maintain business relationships.

1.4 Governing Body and Oversight

The Board of Directors of Diamond Card Limited has ultimate responsibility for AML/CFT/CPF compliance. Day-to-day implementation is overseen by:

• Money Laundering Reporting Officer (MLRO): [Name and Title]
• Deputy MLRO: [Name and Title]
• Compliance Department: compliance@ghscratch.com
• AML Compliance Committee: Meets quarterly to review implementation

For the purposes of this Policy, the following terms have the meanings set forth below:

2.1 Money Laundering

Money Laundering means the process by which the proceeds of crime are transformed into ostensibly legitimate assets. It involves concealing the source, ownership, or control of illegally obtained funds and converting them into assets that appear to have a legitimate origin.

Three Stages of Money Laundering:

2.2 Terrorist Financing

Terrorist Financing means the provision or collection of funds, by any means, directly or indirectly, with the intention or knowledge that they will be used, in full or in part:

• To carry out terrorist acts;
• By terrorist organizations;
• By individual terrorists;
• To facilitate terrorist activities.

Key Distinction: Unlike money laundering, terrorist financing may involve funds from legitimate sources. The focus is on the intended use of funds rather than their origin.

2.3 Proliferation Financing

Proliferation Financing means the act of providing funds or financial services for use, in whole or in part, for the manufacture, acquisition, possession, development, export, transshipment, brokering, transport, transfer, stockpiling, or use of nuclear, chemical, or biological weapons and their means of delivery and related materials (including technologies and dual-use goods used for non-legitimate purposes).

2.4 Predicate Offences

Predicate Offences (also called "underlying crimes") are the crimes that generate proceeds which may subsequently be laundered. These include but are not limited to:

• Drug trafficking and narcotics offenses;
• Fraud, embezzlement, and corruption;
• Tax evasion and tax fraud;
• Organized crime activities;
• Human trafficking and smuggling;
• Arms trafficking;
• Kidnapping, extortion, and robbery;
• Counterfeiting and forgery;
• Environmental crimes;
• Cybercrime and computer fraud;
• Securities fraud and insider trading;
• Bribery and corruption of public officials.

2.5 Key Persons and Entities

Politically Exposed Persons (PEPs):

Individuals who are or have been entrusted with prominent public functions, either domestically or internationally, including:

• Domestic PEPs: Heads of state/government, senior politicians, senior government/judicial/military officials, senior executives of state-owned enterprises, important political party officials;
• Foreign PEPs: Individuals with similar roles in foreign countries;
• International Organization PEPs: Senior officials of international organizations (UN, World Bank, etc.);
• Family Members and Close Associates: Immediate family members and persons known to be close associates of PEPs.

Beneficial Owner:

The natural person(s) who ultimately owns, controls, or benefits from a legal entity or arrangement, or on whose behalf a transaction is conducted. This includes:

• Persons who own or control 25% or more of a legal entity;
• Persons who exercise control through other means;
• Senior managing officials (if no qualifying beneficial owner can be identified).

Shell Company:

A company without active business operations or significant assets, often used to conceal beneficial ownership.

2.6 Due Diligence Terms

Customer Due Diligence (CDD):

The process of identifying and verifying the identity of customers and assessing the risks they pose.

Enhanced Due Diligence (EDD):

Additional due diligence measures applied to higher-risk customers, transactions, or business relationships.

Simplified Due Diligence (SDD):

Reduced due diligence measures permitted for lower-risk situations (rarely applicable in gaming).

Know Your Customer (KYC):

The process of verifying the identity of customers and understanding their financial activities.

2.7 Reporting and Compliance Terms

Suspicious Transaction Report (STR):

A report filed with the Financial Intelligence Centre (FIC) when there are reasonable grounds to suspect that a transaction involves proceeds of crime or terrorist financing.

Currency Transaction Report (CTR):

A report filed for cash transactions exceeding specified thresholds.

Threshold Transaction Report (TTR):

Reports required for transactions exceeding specified monetary limits.

Tipping Off:

The prohibited act of disclosing to any person that a STR has been made, or that an investigation is being or may be conducted.

2.8 Risk-Based Approach

A systematic methodology whereby resources are allocated according to identified risks, with higher-risk areas receiving more intensive controls and lower-risk areas receiving proportionate controls.

2.9 Financial Intelligence Centre (FIC)

Ghana's financial intelligence unit responsible for receiving, analyzing, and disseminating suspicious transaction reports and other financial intelligence to law enforcement and regulatory authorities.

3.1 CDD Requirements

We conduct Customer Due Diligence on all customers before establishing a business relationship or conducting occasional transactions above specified thresholds. CDD consists of four core elements:

Element 1: Customer Identification

We collect the following information from all customers during registration:

Information Type	Required Data	Purpose
Personal Identity	Full legal name, Date of birth, Gender, Nationality	Establish identity and verify age (18+)
Contact Details	Residential address, Email address, Mobile phone number	Enable communication and verification
Financial Information	Mobile money account number, Payment method details	Process transactions and verify ownership
Identification Documents	Government-issued ID (Ghana Card, Passport, Driver's License)	Verify identity (required for enhanced verification)
Photographic Verification	Selfie photograph, Liveness detection	Match against ID document (when required)

Element 2: Customer Verification

We verify customer identity through a multi-layered approach:

Element 3: Understanding Purpose and Nature of Business Relationship

We assess and document:

• The customer's intended use of our services;
• Expected transaction patterns and volumes;
• Source of funds for gaming activity;
• Customer's occupation and financial profile;
• Reasonableness of anticipated activity relative to the customer's profile.

Element 4: Ongoing Monitoring

CDD is not a one-time process. We continuously monitor customer relationships to:

• Ensure transactions are consistent with our knowledge of the customer;
• Identify unusual or suspicious patterns;
• Keep customer information and documentation up to date;
• Respond to changes in risk profile;
• Review high-risk accounts at least quarterly;
• Review standard-risk accounts at least annually.

3.2 Timing of CDD

CDD must be completed:

• Before establishing a business relationship (account registration);
• Before processing the first deposit;
• When there is a suspicion of money laundering or terrorist financing;
• When we doubt the veracity or adequacy of previously obtained customer identification data;
• At regular intervals as part of ongoing monitoring.

3.3 Failure to Complete CDD

If we cannot complete CDD to a satisfactory standard, we will:

• Not establish the business relationship;
• Not process the transaction;
• Terminate any existing relationship;
• Consider whether the circumstances warrant filing a Suspicious Transaction Report;
• Refund any deposits (subject to source verification and AML clearance).

4.1 Risk-Based Approach Methodology

We implement a comprehensive risk-based approach that allocates resources and applies controls proportionate to identified risks. Our methodology involves:

1. Risk Identification: Identifying ML/TF/PF risks inherent in our business;
2. Risk Assessment: Analyzing and evaluating identified risks;
3. Risk Mitigation: Implementing appropriate controls to manage risks;
4. Risk Monitoring: Continuously monitoring and reviewing risk controls;
5. Risk Review: Periodically reassessing risks and controls.

4.2 Customer Risk Categorization

All customers are assigned a risk rating based on multiple risk factors. Risk categories are:

Risk Level	Description	Controls Applied	Review Frequency
LOW RISK	Customers presenting minimal ML/TF/PF risk based on comprehensive assessment	Standard CDD, Automated monitoring	Annual review
MEDIUM RISK	Customers presenting moderate ML/TF/PF risk requiring enhanced attention	Enhanced monitoring, Periodic manual reviews	Semi-annual review
HIGH RISK	Customers presenting significant ML/TF/PF risk requiring intensive oversight	Enhanced Due Diligence, Senior management approval, Continuous monitoring	Quarterly review (minimum)
PROHIBITED	Customers we cannot do business with due to unacceptable risk or legal restrictions	Account blocked, No transactions permitted	N/A - Relationship terminated

4.3 Risk Assessment Factors

Customer risk is determined by evaluating the following factors:

Factor 1: Customer Type Risk

Factor 2: Geographic Risk

Factor 3: Product/Service Risk

Factor 4: Transaction Pattern Risk

Factor 5: Delivery Channel Risk

4.4 Automated Risk Scoring

Our systems automatically calculate a composite risk score (0-100) based on weighted factors:

• 0-30: Low Risk → Standard monitoring
• 31-60: Medium Risk → Enhanced monitoring
• 61-80: High Risk → Enhanced Due Diligence + Senior review
• 81-100: Prohibited → Account blocked pending investigation

5.1 When EDD is Required

Enhanced Due Diligence must be applied to all high-risk customers and in the following circumstances:

• Customer is identified as a Politically Exposed Person (PEP);
• Customer is from or conducting transactions involving high-risk jurisdictions;
• Customer exhibits suspicious behavior or transaction patterns;
• Customer's risk score exceeds 60 on our automated system;
• Cumulative deposits exceed GH₵ 10,000 in any 30-day period;
• Customer requests to withdraw more than GH₵ 5,000 in a single transaction;
• Customer provides conflicting or suspicious information;
• At the discretion of the MLRO for any other reason.

5.2 EDD Measures

Enhanced Due Diligence includes, but is not limited to, the following additional measures:

Enhanced Information Collection:

• Detailed source of wealth questionnaire;
• Source of funds for specific transactions;
• Occupation and employment details (employer name, position, salary range);
• Business activities and ownership interests;
• Expected account activity and transaction volumes;
• Purpose of account and anticipated usage;
• Relationship with any PEPs or high-risk individuals;
• Beneficial ownership information (if applicable).

Enhanced Verification:

• Multiple government-issued identification documents;
• Proof of address from at least two independent sources;
• Video verification interview with compliance officer;
• Employment verification letter or payslips;
• Bank statements showing source of funds;
• Tax returns or income documentation;
• Professional reference checks;
• Enhanced background screening (adverse media, sanctions, PEP databases).

Enhanced Monitoring:

• Real-time transaction alerts for all activities;
• Daily review of account activity by compliance team;
• Mandatory manual review of all withdrawals;
• Quarterly in-depth account reviews;
• Continuous monitoring for changes in customer profile or behavior;
• Regular reassessment of risk rating (at least quarterly).

5.3 Senior Management Approval

All high-risk customer relationships require approval from senior management before:

• Establishing the business relationship;
• Processing withdrawals exceeding GH₵ 5,000;
• Continuing the relationship following a significant change in risk profile;
• Overriding any automated compliance controls.

5.4 EDD Decision Outcomes

Following EDD assessment, one of the following decisions will be made:

• Accept with Enhanced Monitoring: Relationship approved subject to intensive ongoing monitoring;
• Conditional Accept: Relationship approved subject to specific conditions (e.g., transaction limits);
• Reject: Relationship declined due to unacceptable risk;
• Terminate: Existing relationship closed due to elevated risk;
• Report: Suspicious Transaction Report filed with FIC regardless of relationship status.

6.1 Monitoring Systems

We deploy automated transaction monitoring systems that:

• Monitor all transactions in real-time;
• Apply rules-based scenarios to detect suspicious patterns;
• Generate alerts for manual review;
• Track customer behavior over time;
• Identify deviations from expected activity;
• Flag structuring and other evasion techniques;
• Correlate activity across multiple customers;
• Maintain comprehensive audit trails.

6.2 Monitoring Scenarios

Our systems are programmed to detect the following suspicious patterns:

Scenario 1: Rapid Turnover

• Deposit followed by immediate withdrawal with minimal gaming
• Multiple small deposits followed by large withdrawal
• Converting deposits without proportionate card purchases

Scenario 2: Structuring (Smurfing)

• Multiple transactions just below reporting thresholds
• Breaking large amounts into smaller transactions
• Pattern of regular transactions at consistent amounts
• Multiple accounts used to avoid detection

Scenario 3: Unusual Patterns

• Sudden significant increase in transaction volumes
• Dormant account suddenly active
• Transaction patterns inconsistent with customer profile
• Unusual gaming behavior (e.g., buying but not scratching cards)

Scenario 4: Third-Party Involvement

• Deposits from mobile money accounts not in customer's name
• Requests to withdraw to different mobile money account
• Multiple customers using same payment method
• Evidence of account sharing or proxy playing

Scenario 5: Geographic Anomalies

• Login from multiple countries in short timeframe
• Use of VPN or anonymizing technologies
• IP address inconsistent with stated location
• Transactions from high-risk jurisdictions

Scenario 6: Behavioral Red Flags

• Customer shows unusual lack of concern about losses
• Customer unusually secretive about source of funds
• Customer provides evasive or inconsistent answers
• Customer reluctant to provide required information
• Customer makes threats when questioned about transactions

6.3 Alert Generation and Investigation

When monitoring systems generate alerts:

1. Alert Queue (Automated): System generates alert and assigns to compliance officer;
2. Initial Review (Within 24 hours): Officer reviews alert and customer profile;
3. Investigation (Within 48 hours): If warranted, detailed investigation conducted including:
   • Review of complete transaction history;
   • Analysis of gaming behavior;
   • Review of customer communications;
   • Enhanced background checks;
   • Contact with customer for clarification (if appropriate);
4. Decision (Within 72 hours): Determine whether to:
   • Close alert as false positive;
   • Continue monitoring;
   • File Suspicious Transaction Report;
   • Escalate to senior management;
   • Restrict or terminate account;
5. Documentation (Immediate): All decisions and rationale fully documented in compliance system.

6.4 Transaction Thresholds

We have established the following transaction thresholds:

Threshold Type	Amount (GH₵)	Action Required
Single Deposit	2,000	Automated alert for review
Single Withdrawal	2,000	Manual approval required
Daily Cumulative	5,000	Enhanced monitoring activated
Monthly Cumulative	10,000	Enhanced Due Diligence required
Cash Equivalent	15,000	Currency Transaction Report to FIC

7.1 Obligation to Report

Under the Anti-Money Laundering Act, 2020 (Act 1044), we are legally obligated to file a Suspicious Transaction Report (STR) with the Financial Intelligence Centre (FIC) when we know, suspect, or have reasonable grounds to suspect that:

• A transaction or attempted transaction involves proceeds of crime;
• Funds are linked to or may be used for terrorist financing;
• A transaction has no apparent economic or lawful purpose;
• A customer is engaging in suspicious activity;
• A transaction appears designed to evade reporting requirements;
• Information previously provided is false or materially misleading.

7.2 Indicators of Suspicious Activity

The following are red flag indicators that may warrant filing an STR:

Customer Behavior Indicators:

• Customer provides false, misleading, or contradictory information
• Customer refuses to provide information without reasonable explanation
• Customer is evasive or reluctant to discuss their transactions
• Customer appears to be acting on behalf of undisclosed third party
• Customer threatens legal action or intimidation when questioned
• Customer shows unusual lack of concern about high losses
• Customer exhibits nervous behavior or appears coached

Transaction Pattern Indicators:

• Deposit-withdraw cycles with minimal gaming ("churning")
• Transactions inconsistent with customer's stated occupation/income
• Sudden change in transaction patterns without explanation
• Round-number transactions (e.g., exactly GH₵ 5,000)
• Multiple small transactions just below reporting thresholds
• Purchasing cards but not scratching them
• Scratching cards but not redeeming winnings
• Requesting withdrawal to different mobile money account

Account Activity Indicators:

• Dormant account suddenly becomes very active
• Multiple accounts linked to same person or device
• Accounts funded from multiple mobile money accounts
• Account activity inconsistent with customer profile
• Login from multiple geographic locations
• Use of anonymizing technologies (VPN, TOR)

Gaming-Specific Indicators:

• Winning patterns that are statistically improbable
• No interest in challenge participation despite high activity
• Unusual card selection patterns
• Collusion with other players
• Attempts to manipulate gaming systems

7.3 STR Filing Process

Step 1: Identification of Suspicion

Any employee who suspects suspicious activity must immediately report to the MLRO.

Step 2: Initial Assessment

MLRO conducts preliminary assessment within 4 hours:

• Review all available information;
• Examine transaction history;
• Check customer profile and CDD documentation;
• Consult internal records and databases;
• Determine whether suspicion is reasonable.

Step 3: Investigation

If preliminary assessment confirms suspicion, conduct detailed investigation:

• Comprehensive transaction analysis;
• Review of all customer communications;
• Enhanced background checks;
• Correlation with other customers or accounts;
• Consultation with relevant departments;
• Documentation of all findings.

Step 4: STR Decision

MLRO determines whether to file STR based on:

• Strength of suspicion;
• Quality and quantity of evidence;
• Customer's explanations (if obtained);
• Comparison with known typologies;
• Professional judgment and experience.

Step 5: STR Preparation and Filing

If decision is to file, STR must include:

• Complete customer identification information;
• Detailed description of suspicious activity;
• Transaction details (dates, amounts, payment methods);
• Reasons for suspicion;
• Supporting documentation;
• Any known or suspected links to other persons;
• Actions taken by the institution;
• Name and contact of reporting officer.

Filing Method: STRs are filed electronically through FIC's secure goAML portal within 24 hours of suspicion.

Step 6: Post-Filing Actions

• Continue monitoring the account;
• Do NOT disclose filing to customer (tipping off is a crime);
• Retain all documentation;
• Cooperate with any FIC or law enforcement follow-up;
• Consider whether to continue or terminate relationship;
• Update customer risk rating.

7.4 Tipping Off - Strictly Prohibited

7.5 Protection from Liability

Under Ghana law, we and our employees are protected from civil and criminal liability when filing STRs in good faith:

• No breach of confidentiality;
• No breach of contract;
• No defamation;
• No civil liability;
• Protection even if suspicion ultimately unfounded.

Conversely: Failure to file STRs when required can result in severe penalties for both the institution and individuals.

7.6 Currency Transaction Reports

In addition to STRs, we file Currency Transaction Reports (CTRs) for:

• Cash transactions exceeding GH₵ 15,000 (or currency equivalent);
• Multiple cash transactions totaling GH₵ 15,000 or more in a 24-hour period;
• Any transaction where structuring is suspected, regardless of amount.

Note: While our platform uses mobile money (not physical cash), mobile money transactions may be treated as cash equivalents for reporting purposes.

8.1 Legal Requirements

Under the Anti-Money Laundering Act and Gaming Commission regulations, we must maintain comprehensive records for:

• Customer Due Diligence Records: Minimum 7 years after relationship ends;
• Transaction Records: Minimum 7 years after transaction;
• STR Documentation: Minimum 7 years after filing;
• Investigation Records: Minimum 7 years;
• Training Records: Minimum 7 years;
• Compliance Documents: Permanently or as required by law.

8.2 Types of Records Maintained

Customer Records:

• All customer identification documents;
• Verification records and results;
• Source of funds/wealth documentation;
• Risk assessment documentation;
• Account opening forms and agreements;
• Correspondence with customers;
• Account closure documentation.

Transaction Records:

• All deposits and withdrawals;
• All gaming transactions (card purchases, scratches, redemptions);
• Payment method details;
• IP addresses and device information;
• Timestamps and geographic data;
• Transaction confirmation records;
• Declined or cancelled transaction records.

Compliance Records:

• Monitoring alerts and investigations;
• Suspicious Transaction Reports and supporting documentation;
• Currency Transaction Reports;
• Account review documentation;
• Risk assessment reviews;
• Management decisions and approvals;
• Communication with FIC and regulators;
• Audit reports and findings.

8.3 Record Storage and Security

All records are:

• Stored in secure electronic format with encrypted backup;
• Protected against unauthorized access, alteration, or deletion;
• Accessible to authorized personnel only;
• Retrievable within 24 hours upon request by authorities;
• Maintained in both active and archive systems;
• Subject to disaster recovery and business continuity plans;
• Auditable with complete audit trails.

8.4 Record Retrieval

We can retrieve records:

• By customer name, account number, or ID number;
• By transaction date, amount, or type;
• By payment method or mobile money account;
• By any combination of search criteria;
• In formats required by authorities (PDF, Excel, database extract).

8.5 Destruction of Records

Records are destroyed only:

• After the required retention period has expired;
• Following senior management authorization;
• Using secure destruction methods (electronic shredding);
• With destruction documented and certified;
• Never if subject to investigation or legal hold.

Money Laundering Reporting Officer (MLRO)

[Name and Title]
Diamond Card Limited
Accra, Ghana
Email: mlro@ghscratch.com
Phone: [To be provided]
24/7 Emergency Hotline: [To be provided]

Compliance Department

Email: compliance@ghscratch.com
Phone: [To be provided]

Financial Intelligence Centre (FIC)

Head Office
Accra, Ghana
Email: info@fic.gov.gh
Website: www.fic.gov.gh
goAML Portal: [Secure login required]

Gaming Commission of Ghana

Accra, Ghana
Email: info@gamingcommission.gov.gh
Phone: [To be provided]

THIS POLICY WAS LAST UPDATED ON DECEMBER 22, 2024