Introduction

The Know Your Customer and Anti Money Laundering Policy for Bhalobet governs how we identify customers, verify identity, monitor activity and comply with applicable money laundering and countering the financing of terrorism laws. It applies to all user accounts on the Bhalobet platform and governs onboarding, ongoing monitoring and data handling.

Scope and applicability

This policy applies to all applicants and customers of Bhalobet who access our services. It covers identity verification, risk assessment, ongoing monitoring of activity, record keeping and disclosure to competent authorities where required by law. The policy applies worldwide except where local law restricts scope; in all cases, we comply with relevant licensing and regulatory requirements.

Risk-based approach

We implement a risk-based framework to identify and mitigate financial crime risk. Risk factors include geographic exposure, customer type, expected product usage and the nature of funds. Customer risk is categorized as low, standard or enhanced. The level of due diligence and ongoing monitoring is calibrated to the assessed risk level.

Customer due diligence and verification

  1. Onboarding triggers Standard Verification: when a customer registers an account and the total value of deposits and transactions reaches or exceeds USD 1,000, or when staff determine elevated risk. Verification may also be required before enabling withdrawals.
  2. What we require: a color copy of a government issued ID (passport, driver\'s license, national ID) for identity verification; a current document showing address (utility bill, bank statement). If the government ID contains address, a separate address document is not required.
  3. Documentation submission: customers provide scanned copies or high quality photos through our secure upload facility; documents are transmitted through encrypted channels and stored securely.
  4. Verification outcome: we notify the customer of approval or request for additional information. Where documents are missing or unclear, activity may be limited until verification is completed.

Enhanced due diligence

Additional verification is applied for Politically Exposed Persons and for customers from high risk jurisdictions. Requirements may include: evidence of source of wealth, source of funds, longer-term confirmation of income, and direct senior management review and approval before continuing certain activities. We may request video verification or additional documentation and may delay or restrict services until approval is granted.

Ongoing monitoring and suspicious activity

All customer activity is monitored for suspicious patterns. Indicators include: rapid or unusual deposit behavior, use of multiple payment cards or wallets, conflicting geolocation data, or inconsistent identity data. Any suspicious activity is escalated to our antifraud and compliance teams for review and appropriate action, including potential involvement of authorities where required by law.

Transactions monitoring and payment integrity

We require that funds originate from the account holder and match the registered name for card payments. For electronic wallets, the wallet account must be the same as the user\'s registration email. We do not accept anonymous payments or transfers from third-party sources. Withdrawals are made to the same instrument used for deposits where feasible, and we verify ownership prior to processing. In cases where a deposit instrument is unavailable for withdrawal, funds may be returned to the user\'s bank account or alternative registered instrument, subject to verification.

Record-keeping and data protection

Documents and data collected under this Policy are retained in accordance with applicable law and regulatory guidance. We retain identity verification records, transaction data and supporting evidence for a minimum of five years from account closure or from the date of the last activity when required. We store data in secure environments and protect it with appropriate technical and organizational measures in line with data protection laws, including applicable data protection regulations.

Data protection and privacy

We process personal data only to the extent necessary to fulfill our legal and regulatory obligations and to provide services. We implement technical and organizational safeguards to protect data, limit access, and ensure data accuracy and confidentiality. Requests to access, correct or limit processing are handled in accordance with applicable data protection laws.

Amendments and updates

We may amend this Policy at any time. Customers will be informed of material changes via in-app notifications and/or registered email. Continued use of the services after notice of changes shall constitute acceptance of the modified policy.

Roles and responsibilities

The compliance program is overseen by the Bhalobet compliance officer. All staff involved in customer onboarding and payments receive training on KYC/AML obligations and the identification of suspicious activity. Managers ensure ongoing adherence to the risk-based framework and document retention requirements.

Cooperation with authorities

We cooperate with competent authorities to the extent required by law. When required, we provide information about verified customers and suspicious activity in accordance with applicable legal processes and confidentiality protections.