Definition of Money Laundering

For the purposes of this policy, money laundering means the act of concealing or disguising the origin, movement, ownership or control of funds or assets derived from criminal activity. This includes converting, transferring, acquiring, or using such assets to evade detection or legal consequences, and facilitating the execution of any of the above acts. The scope extends to operations conducted, directly or indirectly, within or outside the jurisdiction in which Bk99 holds its license where applicable law requires such measures.

AML Governance and Oversight

The Board of Directors of Bk99 bears ultimate responsibility for compliance with AML obligations. An Anti-Money-Laundering Compliance Officer (AMLCO) is appointed to oversee day-to-day implementation, report to senior management, and provide independent oversight of risk controls. The AMLCO shall have adequate resources and authority to perform duties without undue influence from business lines.

Policy Amendments

Material amendments to this policy require approval by the Board and the AMLCO prior to implementation. Changes take effect on a date specified by the approving authority and are communicated to relevant personnel with sufficient time for compliance.

Know Your Customer (KYC) Framework

Bk99 applies a risk-based approach to customer due diligence, comprising three levels of verification and corresponding controls. Verification activities scale with risk and cumulative activity.

  • SDD — Simplified Due Diligence: Applied to extremely low‑risk users and transactions. Documentation and checks may be minimal, and ongoing monitoring remains in place.
  • CDD — Customer Due Diligence: Standard verification for the majority of customers. Initiated when a customer engages in routine activity or when identity requires confirmation under applicable rules.
  • EDD — Enhanced Due Diligence: Implemented for high‑risk customers, large, unusual, or complex transactions, or when triggered by risk indicators identified through monitoring systems.

Triggers for escalation to higher tiers include, but are not limited to, aggregate lifetime deposits or withdrawals reaching defined thresholds, or any activity deemed suspicious by automated screening or internal review.

Tiered KYC Verification and Thresholds

Bk99 maintains a tiered verification model to govern deposit and withdrawal capabilities. The tiers and limits are described below. Documentation and data collection are kept strictly to the minimum required to comply with regulatory obligations and to protect customer privacy.

  • Level 0 — No Verification: Customers may initiate deposits up to a cumulative amount of EUR 2,000. Withdrawals are not permitted until Level 1 identity verification is completed.
  • Level 1 — Basic Identity: Mandatory before the first withdrawal. Customers must provide full name, date of birth, residential address, country, and a valid email address. Data must match payment-processor records. Deposits up to EUR 2,000; withdrawals up to EUR 2,000 once verified.
  • Level 2 — Identity Verification: Triggered when cumulative deposits or withdrawals exceed EUR 2,000 or when a customer’s activity reaches predefined thresholds. Required documentation: government-issued photo ID (front and back), a selfie with the ID, and proof of address. Deposits up to EUR 50,000; withdrawals up to EUR 50,000.
  • Level 3 — Source of Funds Verification: Required when cumulative deposits or withdrawals exceed EUR 50,000 or in cases presenting elevated risk. Customers provide source-of-funds documentation and related information. Deposits and withdrawals are unlimited subject to ongoing verification and compliance checks.

Identification and Verification (KYC Procedures)

Accurate identification is essential to AML compliance and customer protection. At a minimum, Bk99 requires:

  • A clear, valid government-issued document (passport, national ID, or driving licence) with all corners visible and legible data; documents should be in Latin characters where possible.
  • A selfie of the customer holding the same document alongside their face.
  • Data must be consistent with information provided for payments and must be up to date.
  • Additional information may be requested at Bk99’s discretion or by payment processors to complete verification tasks.

Proof of Address

Proof of address is normally established through at least one independent electronic database check. If checks fail, acceptable documents dated within the past three months may be requested, including: utility bills (electricity, water, gas; not mobile); bank or credit-card statements; government correspondence. Documents must clearly show the customer’s name and current address and be legible in high resolution.

Source of Funds

Bk99 may request evidence that funds originate from legitimate sources. Acceptable evidence includes, but is not limited to: payslips or employment income statements, bank or investment statements, inheritance documentation, business ownership records, and other documentation demonstrating lawful wealth. If a satisfactory explanation cannot be provided, Bk99 may suspend or terminate the business relationship or deny transactions.

Risk Management

Risk management is conducted on an enterprise-wide basis in line with regulatory expectations. Key components include:

  • EWRA — Enterprise-Wide Risk Assessment: An annual assessment of inherent AML risks across products, customer types, transaction patterns, delivery channels, and geographic reach.
  • Ongoing Transaction Monitoring: A two‑line control framework. First Line: payment processors applying AML controls to screen deposits at source. Second Line: internal KYC rules and transaction monitoring to flag unusual activity. If fraud or money laundering is suspected, funds may be frozen, and regulators notified as required by law.

Record-Keeping

Bk99 shall retain records for the periods specified below from the date of the last customer interaction or transaction:

  • Customer-identification data: at least six (6) years.
  • Transaction records: at least ten (10) years.

All records are stored securely in encrypted form and retained in accordance with applicable law and regulatory obligations.

Data Security and Privacy

Customer data is protected through robust technical and organizational measures designed to prevent unauthorized access, disclosure, alteration, or destruction. Data may be shared with consent, as required by law, or to fulfill Bk99’s AML obligations. Bk99 complies with applicable data protection laws and maintains a designated data protection officer to oversee inquiries related to this policy.

Data Recipients and Cross-Border Transfers

Personal data may be accessed by employees and service providers within Bk99’s group and by third-party processors that support platform operations, including hosting, payments, analytics, and communications. Transfers to countries outside the local regulatory area are conducted under appropriate safeguards to ensure adequate protection of personal data. In the event of corporate restructuring or sale, customer data may be transferred to the acquiring entity with prior notice where required by law.

Data Retention and Erasure

In addition to statutory retention requirements, customers may request access to, correction of, or restrictions on processing of their data. Erasure requests are subject to statutory exemptions and compliance needs, including AML and accounting obligations. Retained data remains accessible to competent authorities as required by law.

Contact and Compliance Inquiries

For questions or concerns regarding this AML & KYC Policy, please contact: [email protected]