Anti-Money Laundering & Counter-Terrorism Financing Policy

Robocat Casino operates under a Malta Gaming Authority (MGA) licence. MGA-licensed operators are subject to some of the strictest AML and counter-terrorism financing obligations in regulated gaming. We comply with these obligations in full, and we invest in the people and systems needed to keep that compliance current as rules evolve.

In practical terms: we will not process transactions that look like money laundering, we will verify your identity before paying out winnings, and we will cooperate with financial intelligence units and law enforcement when required by law. If those requirements conflict with a player's convenience in the short term, our legal obligations take priority.

This policy is written for players. A more detailed internal version, covering procedures for our staff and compliance team, is maintained separately and is available to regulators on request.

Our AML/CFT obligations come from several overlapping sources. The four most relevant to players are:

• Financial Action Task Force (FATF) Recommendations. The 40 FATF Recommendations are the international standard for AML/CFT. Casinos are explicitly classified as Designated Non-Financial Businesses and Professions (DNFBPs) and must implement equivalent controls to financial institutions.
• EU Anti-Money Laundering Directives. The Fifth (5AMLD) and Sixth (6AMLD) AML Directives are in force across the European Union. They tighten beneficial ownership rules, extend reporting to virtual assets, and criminalise money laundering consistently across member states.
• Malta's Prevention of Money Laundering Act (PMLA) and the Prevention of Money Laundering and Funding of Terrorism Regulations (PMLFTR). These are the domestic statutes that transpose the EU Directives into Maltese law.
• FIAU Implementing Procedures — Part II: Remote Gaming. The Financial Intelligence Analysis Unit (FIAU) publishes sector-specific implementing procedures for remote gaming operators. Compliance with Part II is mandatory for all MGA B2C licensees.

Additional obligations apply in respect of sanctions regimes (UN, EU, OFAC), the MGA Player Protection Directive, and — for Australian players specifically — information-sharing frameworks with AUSTRAC where lawful.

We follow a risk-based approach as required by FATF and the EU AML Directives. In plain language, this means we apply checks proportionate to the risk each player, transaction or relationship represents. Low-risk activity receives standard monitoring; higher-risk activity triggers enhanced scrutiny.

Factors that may elevate risk include: large deposits or withdrawals, rapid deposit-then-withdraw patterns with minimal play, payment methods that obscure the source of funds, residence in or transactions involving higher-risk jurisdictions on the FATF list, status as a Politically Exposed Person (PEP), adverse media findings, or behaviour inconsistent with the account's stated profile.

The risk assessment is dynamic. An account that starts in a low-risk band can move to a higher band — and we can apply additional checks — based on how it behaves. This is not a punishment; it is the mechanism that prevents criminals from slowly establishing themselves in a low-scrutiny tier.

Every player account at Robocat Casino goes through identity verification. The depth of verification depends on the risk tier of the account and the transactions involved.

FATF describes money laundering as a three-stage process. Understanding these stages explains why our controls target the specific behaviours they do.

This matters to honest players because: the single biggest source of withdrawal delay at any licensed casino is the interaction between legitimate player behaviour and patterns that resemble layering. Playing minimally after a large deposit, then requesting a withdrawal, genuinely looks suspicious to an automated system. Completing KYC promptly and using payment methods clearly in your own name is the fastest way to avoid triggering reviews on honest activity.

All deposits and withdrawals are logged and screened in real time. Our monitoring systems check each transaction against multiple risk indicators, including but not limited to:

• Transaction size relative to the account's historical activity
• Velocity — the number and total value of transactions over defined windows
• Payment-method consistency — deposits and withdrawals flowing through the same verified instrument
• Play-to-deposit ratio — whether gameplay matches the amount deposited, or whether funds appear to pass through the account with minimal wagering
• Geolocation consistency — whether the IP address and declared residence match
• Sanctions and PEP screening, re-run on an ongoing basis rather than only at onboarding
• Adverse-media alerts against the player profile

Alerts are categorised by severity. Low-severity alerts are reviewed in the normal operational cycle; high-severity alerts pause the relevant transaction and are reviewed by a compliance analyst within defined service levels. Where the investigation concludes that the activity is consistent with legitimate play, the transaction proceeds and monitoring continues. Where it is not, further steps are taken (see section 7).

Where activity on an account cannot be reconciled with legitimate play after investigation, we are legally required to:

1. File a Suspicious Activity Report (SAR) with the Financial Intelligence Analysis Unit (FIAU) in Malta, or with the relevant authority in other jurisdictions where required
2. Suspend the affected account pending further investigation — we cannot legally forewarn the player that a SAR is being filed ("tipping off" is a criminal offence under the PMLA)
3. Preserve all records, transaction data, communications and supporting evidence for potential law-enforcement use
4. Cooperate fully with FIAU, MGA, law-enforcement and equivalent bodies when they request information through lawful channels

These obligations supersede any other contractual duty to the player, including the obligation to process withdrawals. This is a feature of the regulated framework, not a discretionary choice.

Players have their own role in the AML framework. By opening an account at Robocat Casino you agree to the following:

The following activities are prohibited and will result in account closure, forfeiture of balance, and — where applicable — reporting to authorities:

• Depositing funds known or suspected to be proceeds of crime
• Using Robocat Casino as a conduit for moving funds with minimal wagering intent
• Structuring deposits or withdrawals to avoid the €2,000 monitoring threshold
• Providing false identity documentation or impersonating another person
• Operating multiple accounts
• Depositing via or withdrawing to payment instruments not legally owned by the account holder
• Collusion with other players to obscure transaction trails
• Any transaction involving a person or entity subject to international sanctions

We retain all player identification records, transaction logs, CDD/EDD documentation, SARs filings and compliance correspondence for a minimum of five (5) years after the closure of the player account or the completion of the relevant transaction, whichever is later. In some jurisdictions the mandatory period is longer; we default to the longer of the applicable requirements.

Records are stored in encrypted form with access restricted to compliance staff, the MLRO and — on lawful request — to regulators and law-enforcement bodies. For full detail on how we handle personal information during this period, see our Privacy Policy.

Every employee with access to player data or transaction systems completes AML/CFT training before granted access, and refreshes that training at least annually. The compliance team receives additional sector-specific training on FIAU updates, FATF typologies for remote gaming, and emerging money-laundering methodologies.

Oversight of the AML programme rests with our Money Laundering Reporting Officer (MLRO), an MGA-approved person with direct reporting lines to senior management and, where necessary, to the regulator. The MLRO is responsible for evaluating internal alerts, filing SARs where appropriate, and advising management on policy updates.

This policy is reviewed at least annually, and sooner when there is a material change in the regulatory landscape (new FIAU guidance, new EU directive, change to FATF methodology). Updated versions are published at this URL with a revised "Last updated" date.

We screen all accounts against the following sanctions and risk lists, both at onboarding and on an ongoing basis:

• United Nations Consolidated Sanctions List
• European Union Consolidated Financial Sanctions List
• United States OFAC Specially Designated Nationals list
• UK His Majesty's Treasury (HMT) Consolidated List of Financial Sanctions Targets
• Australian Department of Foreign Affairs and Trade (DFAT) Consolidated Sanctions List
• Politically Exposed Persons (PEP) lists
• Adverse-media sources covering financial crime

Any positive screen results in immediate transaction suspension pending review. Confirmed matches against sanctions lists result in account closure and mandatory reporting to the relevant financial intelligence unit.

If you have questions about how this policy applies to your account, you can reach our compliance team through live chat inside your account or via email. General questions about account verification — what documents are required, why a particular request is being made, how to speed up the review — are best asked at the point a request is made; our support team has context on your specific case.

If you believe we have made an error in the application of this policy, the first step is to raise the matter with our compliance team. If the matter cannot be resolved internally, the Malta Gaming Authority Player Hub provides an independent escalation channel, and alternative dispute resolution (ADR) services are available for eligible disputes. Details of the ADR provider and escalation process are included in our Terms of Service.

For matters relating to illegal activity you believe is occurring via our platform, you can also report directly to the Financial Intelligence Analysis Unit (FIAU) in Malta or, for Australian residents, to AUSTRAC. We do not require you to route such reports through us.

This document describes our AML/CFT framework in plain English for the benefit of players. It is not a substitute for the full internal policies and procedures maintained for staff, nor for the statutory and regulatory instruments referenced in Section 2. Where the plain- English wording of this document conflicts with our underlying legal obligations, the legal obligations apply.

This policy is governed by the laws of Malta and forms part of the broader set of policies — Terms of Service, Privacy Policy, Cookie Policy, Responsible Gaming Policy — that together constitute the agreement between Robocat Casino and the player.