Anti-Money Laundering

Anti-money laundering, counter financing of terrorism & know your customer procedures

aml procedures image
Welcome to the All The Best Lottos Anti-Money Laundering and Due Diligence Procedures. This document outlines the procedures followed regarding Anti-Money Laundering (AML), Counter Financing of Terrorism (CFT), and Know Your Customer (KYC) practices. Our procedures below describe how ATBL handles AML, CFT & KYC requirements applicable to the Company and in assisting and reminding all staff members of their obligations and personal responsibility under the legislation.

Purpose of the document

This document outlines the procedures to be followed to ensure that (“Holzman” or the “Company”) complies with the anti-money laundering/combating the funding of terrorism and know your customer due diligence (“AML/CFT”, “KYC”) requirements applicable to the Company and to assist all staff members in understanding their obligations and personal responsibility under the legislation.


The scope of this guide is to ensure that all our markets are compliant with regulations & internal procedures to ensure that fraud risks are mitigated and dealt with accordingly.


This policy applies to the Risk, Payments & Fraud Teams and any other supporting departments, as well as the key officials and other key staff. This policy will be reviewed annually and whenever there is any relevant change that might affect our AML/CFT/KYC policy.

Regulations and Bodies

Anti-money laundering laws in these European Union Member States are based on EU Anti-Money Laundering Legislation. On 19 June 2018, the European Commission adopted the Fifth EU Anti-Money Laundering Directive (2018/843) which amended the Fourth Anti-Money Laundering Directive and was published in the Official Journal of the European Union. The Member States had to transpose this Directive by 10 January 2020. These amendments introduced substantial improvements to better equip the Union to prevent the financial system from being used for money laundering and for funding terrorist activities.

The previous (fourth) EU Anti-Money Laundering Directive (2015/849) on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, was approved by the European Parliament on the 20th May 2015. This Directive repeals the provisions of the Third AML Directive 2005/60/EC of the 26th October 2005. The Fifth EU Anti-Money Laundering Directive is reflective of the international standards contemplated in the revised Financial Action Task Force (FATF) Forty Recommendations issued in 2012 and in certain instances goes beyond the standards mandated by the FATF.


This document is adapted for compliance with the following laws and amendments in The Republic of Cyprus and the EU.

  1. The Prevention and Suppression of the Money Laundering and Terrorist Financing Laws
  2. Updates:
    1. 188(I)/2007
    2. 58(I)/2010
    3. 80(I)/2012
    4. 192(I)/2012
    5. 101(I)/2013
    6. 184(I)/2014
    7. 18(I)/2016
    8. 13(I)/2018
    9. 158(I)/2018
    10. 81(I)/2019
    11. 13(I)/2021
    12. 22(I)/2021

The Unit for Combating Money Laundering (MOKAS) is the Financial Intelligence Unit (FIU) of Cyprus.

What is money laundering?

Money Laundering is the process by which criminals attempt to conceal the true origin and ownership of the proceeds of their criminal, illegal activities. If undertaken successfully, it allows them to maintain control over those proceeds and, ultimately, to provide a legitimate cover for their source of income. Failure to prevent the laundering of the proceeds of crime, permits criminals to benefit from their actions, thus making crime a more attractive proposition.

Traditionally, three stages were identified for the process of money laundering:

  1. Placement: illegally-obtained funds are placed into the financial system
  2. Layering: the funds are moved and ownership is changed (funds are often divided into multiple parts, so-called structuring) to obscure the origin
  3. Integration: the funds are used to purchase goods and services, invest in businesses or inancial services, and are therefore made to look legitimate

This three stages model is rather simplistic and does not accurately reflect every type of money laundering operation. In fact, a modern explanation of money laundering moves away from the traditional three-stage concept and focuses more on the concealment or disguise of the origin of illicit money.

All Company staff need to understand how money laundering may be carried out so that they can be as alert as possible to any signs of suspicious behavior. Staff must be vigilant not to commit any of the following offences:

  1. knowingly assisting in concealing, or entering into arrangements for the acquisition, use, and/or possession of, illegally obtained funds,
  2. failing to report knowledge, suspicion, or where there are reasonable grounds for knowing or suspecting, that another person is engaged in money laundering, financing of terrorism or that the funds are the proceeds of crime, and,
  3. tipping off, or prejudicing an investigation

What is terrorist financing?

Terrorist Financing is the process of making funds or other assets available to terrorist groups or individual terrorists to support them, even indirectly, in carrying out terrorist activities. Such process in fact comprises two separate types of financial activity:

  1. money and other assets generated by acts of terrorism; and
  2. money and other assets intended to fund acts of terrorism (including the promotion of terrorism, and the radicalization of individuals).

The funding of terrorist activity, terrorist organisations or individual terrorists may take place through funds deriving from legitimate sources or from a combination of lawful and unlawful sources. Indeed, funding from legal sources is a key difference between terrorist organisations and traditional criminal organisations involved in money laundering operations.

Another difference is that while the money launderer moves or conceals criminal proceeds to obscure the link between the crime and the generated funds and avails himself of the profits of crime, the terrorist’s ultimate aim is not to generate income from the fund-raising mechanisms but to obtain resources to support terrorist operations.

Although it would seem logical that funding from legitimate sources would not need to be laundered, there is nevertheless often a need for terrorists to obscure or disguise links between the organisation or the individual terrorist and the legitimate funding sources. Therefore, terrorists must similarly find ways to process these funds in order to be able to use them without drawing the attention of authorities.

Ongoing Monitoring

Our company is required to carry out constant monitoring of the business relationship. This requirement includes the following two actions:

  1. the scrutiny of transactions undertaken throughout the course of the relationship to ensure that the transactions are consistent with the subject person’s knowledge of the customer, his business and risk profile, including where necessary, the source of funds, and
  2. ensuring that the documents, data or information held by the subject person are kept up to date.

Monitoring of Transactions

Transactions are monitored and when certain events are triggered, the employee will investigate the relationship with the user and determine whether enhanced due diligence (EDD) or any other action is needed.

Other actions would include monitoring the account closely from a responsible gambling perspective, which is also in line with our social responsibilities and duty of care obligations for the well-being of its users. Some examples of trigger events are listed below:

  1. High deposit amounts
  2. Multiple cards used to fund the account
  3. Use of a 3rd party payment card
  4. Change in habits
  5. Change in level of deposits
  6. Deposits not turned over

The payments system is designed to effectively monitor and signal specific thresholds in withdrawal requests. Apart from aiming at being compliant with licence legal obligations and requirements, our company has also set up an internal practice to perform further checks on customer accounts. This practice places an obligation on employees to flag transactions of 15000€ or more. This applies mainly to suspicious activities on accounts especially when such activity is not commensurate with previous customer game-play or account history.

As part of its ongoing monitoring efforts, our company has a system in place which automatically generates reports:

  1. 2000€ deposits in the last 24 hours, this report is checked daily
  2. 10000€ deposits in the last 7 days, this report is checked weekly
  3. 30000€ deposits in the last 30 days, this report is checked monthly
  4. 3 or more new credit cards used by the same user within 7 days. (customers can use max 5 cards at the same time), this report twice a week
  5. users with low or no spending, this report is checked weekly
  6. monthly deposit growth, this report is checked monthly and compares the deposits from last and previous month

The reports that are generated by the system are checked manually on a daily, weekly and monthly basis. Single deposits or a series of linked deposits which reach or exceed the 2000€ thresholds are also checked regularly. During the review of these reports, the employee will need to evaluate whether there are any customers who are deliberately spreading their deposits and withdrawals over a number of transactions to avoid customer due diligence (CDD) requirements. Our company does not allow a credit card or any other account on a given payment method to be used by more than one user. Moreover, it also does not allow any use of company credit cards.

The employee carrying out the manual checks will analyse the customer’s behavior by assessing the deposit and game play patterns of the customer and determine whether the Company should request information and/or documentation to identify the customer’s source of wealth. If the employee deems that the manner in which the account is being operated by the user is bound to raise the risk of ML/FT, enhanced due diligence measures will be applied.

Record Keeping

In accordance with the relevant laws and internally established policy, our company shall retain:

  1. Customer account information, for a minimum of five (5) years from when the contractual relationship between the parties ceases, for example, 5 years after account closure.
  2. Company financial transactions and related accounting records, for a minimum of ten (10) years.
  3. Training records including the type and nature of training, the material presented during the training and the names of the staff who attended the training.

Our company will maintain a record in writing of any changes which will affect this document and how such changes were communicated to staff members.

Customer Acceptance Policy

There is an acceptance policy in place which restricts certain users from using our website These include:

  1. Users under the age of 18
  2. Users wishing to open more than one user account
  3. Sanctioned customers or individuals whose reputation in the media seems to be tainted due to connection with criminal activities

Risk Assessment

A risk assessment is carried out on all customers at the start of the business relationship and on an ongoing basis. If a customer has not reached the 2000€ deposits level, a basic risk assessment will be carried out. The risk assessment will be based on the information obtained at the registration stage such as the jurisdiction of the customer and on information obtained from searches and screening carried out on the customer. Once the 2000€ level is met, however, the customer will be re-assessed. The risk assessment that will be carried out at this second stage is more intensive.

Once the 2000€ deposit level is reached, our company would obtain information in relation to the purpose and intended nature of the business relationship for each customer. This information will be factored into the risk assessment. Furthermore, the information on the customer’s deposit method and game play will also be reflected in the risk assessment. Based on deposit amounts, two-tier levels have been established to trigger further checks on the accounts. Once a customer reaches 30000€ in total deposits, the account is flagged for further analysis to better assist in building the profile of that customer to determine if further investigation or documentation is required. This includes but is not limited to, seeking an EDD report from third party providers. Should any suspicion arise from the content of that report or from the analysis of the account, source of wealth and other supporting documentation may be requested. Should no suspicion be raised from the EDD report or from an analysis of the account, no further documentation is requested at that stage. Eventually, notwithstanding the risk profile of the customer, once the customer reaches the applicable pre-established deposit thresholds, EDD would be automatically triggered as the customer’s profile is switched to high-risk. On the basis of the business risk assessment, a thorough analysis of the effectiveness of the ongoing monitoring procedures in place and the risk appetite of the business, the second tier level pre-set is at 100000€ in total deposits. Thus at reaching such an amount, the customer would be required to provide his source of wealth/funds and any other supporting documentation as may be needed to verify the source of the deposits made on the account.

The company will seek the implementation of automatic risk assessment third-party tools in future enhancements of the proprietary software.

Business Risk Assessment

Our company is currently in the process of establishing a company-wide full risk assessment and management framework for different areas and exposures. Special weight is taking the operational areas related to customers and payments and all risks associated with these are being addressed with the implementation of relevant controls and described in this document. Such risks will be periodically reviewed to determine if the controls are adequate or have to be increased.

Relationship with Customers

When a customer reaches the 2000€ deposit level, information on the nature of the relationship is collected.

This information should be sufficient to identify the risk profile of the customer and subsequently to identify any suspicious activity. Where an employee identifies a mismatch between the profile and the activity of the client and has received no adequate response to explain the variance, that employee will consider whether an internal suspicious activity report is required to be submitted to the MLCO.

Information that is relevant for this purpose includes the following:

  1. the occupation of the customer
  2. the salary range
  3. other sources of income / wealth

This information is collected directly from the customer. In high-risk situations or when suspicious activity is identified, our company obtains supporting documents to prove the source of wealth and funds of the customer such as copies of recent and current financial statements and payslips. Documents that may be obtained for this purpose include the following:

  1. income from employment
  2. retirement income
  3. savings and investment
  4. insurance claims
  5. divorce or separation settlement
  6. compensation payment
  7. gift
  8. gambling or luck wins (lottery / betting / poker / casino)
  9. inheritance
  10. sale of property
  11. company sale
  12. maturity or redemption of a shareholder’s loan
  13. dividends or profits from a private company
  14. individual owns policy / company pays premium
  15. maturing investments or policy claim
  16. sale of securities or other investment
  17. other

Enhanced Due Diligence (EDD)

If during the risk assessment the customer has been classified as high risk, Enhanced Due Diligence (EDD) will be applied. Enhanced Due Diligence must also be applied when the customer is considered a Politically Exposed Person (PEP). EDD goes further beyond the regulatory requirements of CDD and additional measures will be taken in those cases.

Politically Exposed Persons (PEP)

Currently, all customers are screened for PEP against media datasets manually and third-party tools may be implemented in the near future. These checks are also carried out on an ongoing basis to ensure that none of the customers’ PEP status has changed.

When dealing with PEPs, the following EDD measures are taken:

  1. declaration signed by the client confirming his position or reason for the PEP status
  2. approval from senior management
  3. declaration of the source of wealth with supportive documentation
  4. declaration of the source of funds involved in the business relationship, and
  5. more frequent ongoing monitoring

PEP is defined as a person who has been entrusted with prominent public function. Examples of such functions are:

  1. Heads of State, Heads of Government, Ministers and Deputy and Assistant Ministers and Parliamentary Secretaries
  2. Members of Parliament or similar legislative bodies
  3. Members of the governing bodies of political parties
  4. Members of the judiciary or of other high-level judicial bodies whose decisions are not subject to further appeal, except in exceptional circumstances
  5. Members of courts of auditors, Audit Committees or of the boards of central banks
  6. Ambassadors, chargé d'affaires, and other high-ranking officers in the armed forces
  7. Members of the administrative, management or boards of State-owned enterprises, and
  8. Anyone exercising a function equivalent to those set out above within an institution of the European Union or any other international body.

The above list is not the exhaustive list and other persons occupying prominent public functions should be also flagged as PEP.

All described measures will also be applied to family members or to persons which are known to be close associates of a PEP.

Other potential high-risk situations

If upon carrying out the risk assessment, the customer is deemed to pose a high risk of money laundering or funding of terrorism, EDD will be applied. The EDD measure used will vary depending on the particular risk actors that have raised the risk of the customer. The measure used must be adequate to mitigate the particular risk factors that are present. As an example, if the customer has been risk-rated as high due to the payment method used, obtaining certified true copies of identification documents would not necessarily be a suitable measure. It might be more appropriate to mitigate such risk by obtaining more supporting documents to determine the source of wealth and funds of the customer. In high-risk situations, will consider carrying out the following EDD measures:

  1. increase the level of monitoring
  2. seek additional independent, reliable sources to verify the information that is available on the customer
  3. take additional measures to understand better the background and financial situation of the customer by obtaining supporting documents or obtaining EDD screening reports from third-party service providers

Screening of Customers

The UN and EU impose financial sanctions upon individuals or entities known to be involved or linked to terrorism or the financing of proliferation of weapons of mass destruction. In most cases, these financial sanctions impose a requirement on any person and entity to:

  1. freeze the funds, financial assets or economic resources owned or controlled, directly or indirectly by designated persons or entities, and
  2. ensure that any funds, financial assets or economic resources are not made available to or for the benefit of designated persons or entities

For the purposes of fulfilling these requirements, aimed to combat terrorism, the funding of terrorism and the financing of the proliferation of weapons of mass destruction, all customers are screened against the commercial database. This screening process is carried out on an ongoing basis and not just at the start of the business relationship so any changes to sanctions lists are captured.

Recognition and Reporting of Suspicious Activity (Accounts and Transactions or SARs / STRs)

  1. Obligations of All Employees

    When there is a suspicion or knowledge of money laundering or terrorist financing or that funds are the proceeds of crime, an internal suspicious report must be submitted immediately to the Senior Management. It is vital that the situation is not discussed with anyone else as an offence of tipping off might be committed.

    Employees are duty-bound to follow the following guidelines:

    1. examine with special attention the background and purpose of any complex or large transactions and any transactions which are particularly likely by their nature to be related to money laundering or the funding of terrorism.
    2. pay special attention to business relationships and transactions with persons, companies and undertakings from a non-reputable or high-risk jurisdiction.
    3. also conduct research on a customer suspected of money laundering via other channels.

    These channels should not be dependent on internal records only. This investigation may be exercised through the use of systems which provide publicly available information, such as social media and the internet, as well as any other tools that may be utilized for the collection of information or to provide insight on personal data. The employee should ensure that enough information and documentation, where necessary, has been obtained on the customer so as to be in a better position to identify suspicious activity.

    All information on the customer should be adequately documented and corroborated.

    If the employee is in possession of knowledge or information which gives rise to suspicion, he should immediately report that suspicion to his Team Leaders / Coach who are trained to analyse and gauge such suspicions. In case of doubt, the employee shall always be bound to report the potentially suspicious activity. The employee should open an issue in our private repository with the following information:

    1. the name, surname and position within the Company of the employee
    2. the date when the suspicion arose
    3. the reason for the suspicion, and
    4. a copy of any documentation or data related to the suspicion

    The internal suspicious report shall be notified to the Manager and to the MLCO. Once the issue is raised to the MLCO and the team leader, reasons for actions on the account under suspicion are recorded on the private repository for audit trail and ease of reference.

    A person who submits an internal report or a report to the Unit for a suspicious transaction is protected from being exposed to threats or hostile action, and in particular from adverse or discriminatory employment actions.

  2. Fraud and Payments Manager / Team Leader Obligations

    The manager / team lead who is notified about suspicious activity by a customer must analyse the account and make sure that the employee detecting such suspicion has duly followed the internal procedure thereon.

    All discussions shall be recorded on the private repository, any decisions must be backed up by solid reasons and any documentation requested and received must be duly verified. The manager / team lead, through his expertise, contributes to the MLCO’s decision on the actions to be taken on the suspicious account however, the final decisions shall always be made by the MLCO himself.

  3. Tipping Off

    The employee must not, under any circumstances disclose or discuss any AML concern, investigation, notice or filing of the Internal Suspicious Money Laundering Transaction Report with the person or persons subject of such report, or any other person. Disclosure of all or any part of such information is strictly prohibited.

    Disclosing or discussing any such AML concern or the fact that an Internal Suspicious Money Laundering Transaction Report has been filed is known as “tipping off” and carries with it very serious criminal sanctions.

  4. MLCO Obligations

    Upon receipt of a suspicious transaction report, the MLCO shall acknowledge such receipt in writing. The MLCO may also add further instructions in writing. All these instructions are to be followed and executed accurately and any alterations must be previously authorized by him. The MLCO shall determine whether the internal suspicious transaction report does give rise to knowledge or suspicion that a customer is, or could be, engaged in money laundering or funding of terrorism. In making this judgement, the MLCO must consider all other relevant information available concerning the person to whom the suspicious transaction report relates. It is the MLCO’s obligation to investigate and ultimately to escalate and report the matter to the competent authority if it cannot be excluded that the funds are the proceeds of criminal activity.

    After analyzing the suspicious transaction report, the MLCO shall draw up his own written report where he records his findings and his decision. The MLCO has to submit the suspicious transaction report as soon as the knowledge or suspicion is confirmed.

    The MLCO should insist that everyone within the company uses a standard format for internal reporting procedures. The MLCO shall provide feedback regarding reports to team leaders, managers or officers of the company and its senior management. To demonstrate the conclusions reached in relation to each suspicious transaction report, whether or not submitted to the FIU, the MLCO must retain records which show the internal report received, the assessment of the report and the decision reached. All records of reporting should be maintained on record. In order to fulfill these obligations, issues are raised in a private repository, to which access is only granted to relevant stakeholders. When the payment agent raises the concern, this is recorded in a spreadsheet and a repository issue with the details of the customer is opened. The MLCO, fraud and payments coach and the fraud and payments manager, and the legal and compliance team discuss the case. All discussions and information requested / received are recorded on this same issue and are kept strictly confidential. Decisions to either continue with the business relationship or terminated are also recorded thereon.

    In instances when the MLCO submits a suspicious transaction report to the FIU, the MLCO will receive an acknowledgement from the FIU of the report submitted which is to be retained in the file held by the MLCO. The FIU may require further information from the MLCO and, for this purpose, the Unit will liaise directly with the MLCO to obtain this information.

  5. Failure to Disclose

    The failure to disclose knowledge or suspicion of money laundering or terrorist financing, or the proceeds of crime, for those who work in financial services businesses and for designated non-financial businesses and professionals, which includes online gambling and lottery businesses, constitutes a serious breach of AML/CFT legislation.

    Under the Regulatory Laws, employees who do not make an internal report to the MLCO when knowledge or suspicion exists may face criminal sanctions which may include a prison term of up to five years.

    Employees should therefore be particularly vigilant to ensure that they are familiar with their obligations and that they have received sufficient training for them to be able to identify suspicious or unusual behavior, activity or transactions that would therefore warrant further attention by the MLCO.

  6. Money Laundering Compliance Officer (MLCO)

    The Unit for Combating Money Laundering Offences requires that a specific person is appointed to receive notifications of internal reports of knowledge or suspicion of money laundering or terrorist financing and any knowledge or suspicion that funds are the proceeds of crime. This person is referred to as the MLCO or Nominated Officer. The following rules apply to the appointment of a Money Laundering Reporting Officer:

    1. the Nominated Officer should be the person to whom employees report
    2. the Nominated Officer is required to make a report in respect of information where they know, suspect or have reasonable grounds for knowing or suspecting that a person is engaged in money laundering or terrorist financing, including criminal spending, or attempting to launder money or finance terrorism
    3. the Nominated Officer should have adequate authority and reasonable access in order to double-check those issues stated in the report
    4. a procedure for reporting suspicious transactions should be drawn up and maintained, and
    5. the Nominated Officer should provide an annual report covering the operation and effectiveness of the systems and controls to combat money laundering and terrorist financing, and take any action necessary to remedy deficiencies identified by the report in a timely manner.

    The responsibilities of the Nominated Officer are the same as those of company directors and other officers and employees under the laws relating to money laundering. It should be noted that our company and its employees may face criminal and regulatory sanctions for failure to adhere to their obligations.

    The Nominated Officer should be responsible for the implementation and maintenance of reporting procedures, both internally as well as externally if the report is elevated and sent to the competent supervisory authority.

    Given the high level of responsibility of the Nominated Officer, the appointed person should be sufficiently senior to command the necessary authority.

    The Nominated Officer is part of senior management and a member of the board (if available) will be overseeing all AML/CFT matters. The Deputy Officer will assist the Nominated Officer and assume the MLCO’s responsibilities in the Nominated Officer’s absence.

  7. Training

    Our company ensures that staff members are trained by qualified individuals in various aspects of the legal and regulatory environment and specifically in relation to the processes described in this document.

    Continuous training and education of the staff shall include:

    1. the provisions of the AML/CFT/KYC legislation
    2. the internal reporting procedures
    3. staff members’ personal liability for failure to report information in accordance with internal procedures
    4. policies and procedures to prevent money laundering and terrorist financing
    5. customer identification, record keeping and other procedures
    6. the recognition and handling of suspicious transactions
    7. new developments including information on current techniques, methods and trends in money laundering and the financing of terrorism.

    For new employees, induction training will be held on overall policies including AML/CFT/KYC. On-the-job training will also be conducted during the first 2 weeks after the new employee starts the job. Only after this training, a customer-facing employee will be allowed in dealing with customers. A record will be kept of all staff training.

    In addition, from time to time, additional information will be issued to all staff members if there are developments of which staff need to be aware or there has been a change in the legislation or regulation which impacts these procedures.

    Under Regulatory Laws, individual employees face criminal penalties if they are involved in money laundering or terrorist financing. If they do not make an internal report to their nominated officer when necessary, they may also face criminal sanctions. It is important, therefore, that employees are made aware of their legal obligations, and are given training in how to discharge them.

  8. Employee Integrity

    Our company is committed to establish and maintain procedures which enable the company to be satisfied with the integrity of all new staff members. To meet this requirement, currently, all employees are only hired after thorough checks and references. When available and possible, the following will be kept on record:

    1. obtain and confirm references if required,
    2. confirm employment history and qualifications,
    3. request a recent police conduct certificate if needed, and
    4. request details of any regulatory action taken against them.