UPDATED AS OF DECEMBER 19, 2023
It is the policy of Lothian Road WRX, Inc., a Delaware corporation (the “firm,” “us” or “we”) to prohibit and actively prevent money laundering and any activity that facilitates money laundering or the funding of terrorist or criminal activities by working with its payment processors and banking partners (the “Service Providers”) and implementing a program that follows the applicable requirements under the United States Bank Secrecy Act (“BSA”) 31 USC 5311, et seq and its regulations. The firm is enacting this program at the request of one of such Service Providers for the purposes of a mutual business relationship. Enactment of this program is strictly voluntary and is not an admission, concession, or indication that the firm is a “financial institution” as defined in the BSA.
Money laundering is generally defined as engaging in acts designed to conceal or disguise the true origins of criminally derived proceeds so that the proceeds appear to have derived from legitimate origins or constitute legitimate assets. Generally, money laundering occurs in three stages. Cash first enters the financial system at the "placement" stage, where the cash generated from criminal activities is converted into monetary instruments, such as money orders or traveler's checks, or deposited into accounts at financial institutions. At the "layering" stage, the funds are transferred or moved into other accounts or other financial institutions to further separate the money from its criminal origin. At the "integration" stage, the funds are reintroduced into the economy and used to purchase legitimate assets or to fund other criminal activities or legitimate businesses.
We use the transfer of funds to allow players to pay entry fees into real-money skill-based competitions and to pay out funds won as prizes.
Terrorist financing may not involve the proceeds of criminal conduct, but rather an attempt to conceal either the origin of the funds or their intended use, which could be for criminal purposes. Legitimate sources of funds are a key difference between terrorist financiers and traditional criminal organizations. In addition to charitable donations, legitimate sources include foreign government sponsors, business ownership and personal employment. Although the motivation differs between traditional money launderers and terrorist financiers, the actual methods used to fund terrorist operations can be the same as or similar to methods used by other criminals to launder funds. Funding for terrorist attacks does not always require large sums of money and the associated transactions may not be complex.
Our policies, procedures, and internal controls are designed to be consistent with all applicable BSA regulations and Financial Industry Regulatory Authority (“FINRA”) rules and will be reviewed and updated on a regular basis to ensure appropriate policies, procedures and internal controls are in place to account for both changes in regulations and changes in our business.
The duties of the Compliance Officer will include monitoring the firm’s compliance with AML obligations, overseeing communication and training for employees, reporting to senior management, and otherwise ensuring compliance. The Compliance Officer will also ensure that the firm keeps and maintains all of the required AML records and will ensure that Suspicious Activity Reports (SARs) are prepared and filed with the Financial Crimes Enforcement Network (FinCEN) when appropriate. The Compliance Officer is vested with full responsibility and authority to enforce the firm’s AML program.
The firm will promptly notify its service providers if there are any changes to the Compliance Officer position, contact information, or to this program.
While the firm is not a financial institution as defined in the BSA, the firm’s policy is to respond to a Financial Crimes Enforcement Network (FinCEN) request concerning accounts and transactions (a section 314(a) Request) by immediately searching our records to determine whether we maintain or have maintained any account for, or have engaged in any transaction with, each individual, entity or organization named in the 314(a) Request as outlined in the Frequently Asked Questions (FAQ) located on FinCEN’s secure website (https://www.fincen.gov/answers-frequently-asked-bank-secrecy-act-bsa-questions). We understand that we have 14 days (unless otherwise specified by FinCEN) from the transmission date of the request to respond to a 314(a) Request. We will designate one or more persons to be the point of contact (POC) for 314(a) Requests and will promptly update the POC information following any change in such information. Unless otherwise stated in the 314(a) Request or specified by FinCEN, we are required to search those documents outlined in FinCEN’s FAQ. If we find a match, our Compliance Officer will report it to FinCEN via FinCEN’s Web-based 314(a) Secure Information Sharing System within 14 days or within the time requested by FinCEN in the request. If the search parameters differ from those mentioned above (for example, if FinCEN limits the search to a geographic location), our Compliance Officer will structure our search accordingly.
If our Compliance Officer searches our records and does not find a matching account or transaction, then our Compliance Officer will not reply to the 314(a) Request. We will maintain documentation that we have performed the required search by maintaining an internal log showing the date of the request, the number of accounts searched, the name of the individual conducting the search and a notation of whether or not a match was found.
We will not disclose the fact that FinCEN has requested or obtained information from us, except to the extent necessary to comply with the information request. Our Compliance Officer will review, maintain and implement procedures to protect the security and confidentiality of requests from FinCEN similar to those procedures established to satisfy the requirements of Section 501 of the Gramm-Leach-Bliley Act with regard to the protection of customers’ nonpublic information.
We will direct any questions we have about the 314(a) Request to the requesting federal law enforcement agency as designated in the request.
Unless otherwise stated in the 314(a) Request, we will not be required to treat the information request as continuing in nature, and we will not be required to treat the periodic 314(a) Requests as a government provided list of suspected terrorists for purposes of the customer identification and verification requirements.
We understand that the receipt of a National Security Letter (NSL) is highly confidential. We understand that none of our officers, employees or agents may directly or indirectly disclose to any person that the FBI or other federal government authority has sought or obtained access to any of our records. To maintain the confidentiality of any NSL we receive, we will process and maintain the NSL by our Compliance Officer in the strictest confidential manner, with the notation “highly confidential” on all relevant documents and correspondence. If we file a SAR after receiving an NSL, the SAR will not contain any reference to the receipt or existence of the NSL. The SAR will only contain detailed information about the facts and circumstances of the detected suspicious activity.
We understand that the receipt of a grand jury subpoena concerning a customer does not in itself require that we file a Suspicious Activity Report (SAR). When we receive a grand jury subpoena, we will conduct a risk assessment of the customer subject to the subpoena as well as review the customer’s account activity. If we uncover suspicious activity during our risk assessment and review, we will elevate that customer’s risk assessment and file a SAR in accordance with the SAR filing requirements. We understand that none of our officers, employees or agents may directly or indirectly disclose to the person who is the subject of the subpoena its existence, its contents or the information we used to respond to it. To maintain the confidentiality of any grand jury subpoena we receive, we will process and maintain the subpoena by our Compliance Officer contacting our legal team, including outside counsel based in the United States, as may be necessary. If we file a SAR after receiving a grand jury subpoena, the SAR will not contain any reference to the receipt or existence of the subpoena. The SAR will only contain detailed information about the facts and circumstances of the detected suspicious activity.
Before a user opens an account, and on an periodic and ongoing basis, we will automatically check to ensure the customer does not appear on the SDN list, which is available at https://www.treasury.gov/resource-center/sanctions/sdn-list/pages/default.aspx.* Because the SDN list and listings of economic sanctions and embargoes are updated frequently, we will consult them on a regular basis and subscribe to receive any available updates when they occur.
On a regular basis, no less than monthly, and prior to the expansion of any service areas our Compliance Officer will review OFAC list of countries with sanctions and ensure that no services are provided within such countries if not allowed.
If we determine that a player/user is on the SDN list or is engaging in transactions that are prohibited by the economic sanctions and embargoes administered and enforced by OFAC, we will reject the transaction and, if necessary, block their5. assets and file a blocked assets or rejected transaction form with OFAC within 10 days. We will also immediately call the OFAC Hotline at 800-540-6322.
We have established and maintain a written Customer Identification Program (CIP). We will collect certain minimum customer identification information from each customer who opens an account; utilize risk-based measures to verify the identity of each customer who opens an account; record customer identification information and the verification methods and results; provide the required adequate CIP notice to customers that we may seek identification information to verify their identities. See Section 5.f. (Notice to Customers) for additional information.
We will conduct the reviews of activity that our monitoring system detects. We will document our monitoring and reviews. The Compliance Officer or his or her designee will conduct an appropriate investigation and review relevant information from internal or third-party sources before a SAR is filed.
All of our customers will be asked to submit their email address associated with their Apple ID as part of the initial account set up and registration process. Apple maintains their own separate registration, KYC, and related identifying protocols, and by making our products available on the Apple App Store, we rely on Apple’s AML/CTF/KYC policies and protocols.
We also ask customers to verify their identity by submitting their mobile phone number.
Upon requesting a withdrawal from their account for any amount, customers must provide a copy of their government-issued ID showing their name and date of birth, as well as a selfie of the customer holding said ID.
In the event that any of our customers win $600 or more during a calendar year, we will collect additional information from them to enable us to make filings with the United States Internal Revenue Service or other taxing and financial authorities, as set forth in more detail in our Terms of Service.
We collect the following supplemental information for those accounts, as may be applicable:
(1) the name;
(2) date of birth (for an individual);
(3) an address, which will be a residential or business street address (for an individual), an Army Post Office (APO) or Fleet Post Office (FPO) box number, or residential or business street address of next of kin or another contact individual (for an individual who does not have a residential or business street address), or a principal place of business, local office, or other physical location (for a person other than an individual); and
(4) an identification number, which will be a taxpayer identification number (for U.S. persons), or social security number, or one or more of the following: a taxpayer identification number, passport number and country of issuance, alien identification card number, or number and country of issuance of any other government-issued document evidencing nationality or residence and bearing a photograph or other similar safeguard (for non-U.S. persons);
(5) all other information that may be required to issue and file the appropriate tax reports in the Customer’s jurisdiction.
In accordance with our Terms of Service, a customer either refuses to provide the information described above when requested, or appears to have intentionally provided misleading information, we have discretion to terminate the account and to otherwise take discretionary action. In either case, our Compliance Officer will be notified so that we can determine whether we should report the situation to FinCEN on a SAR. We will also block the customer’s withdrawal capabilities.
Based on the risk, and to the extent reasonable and practicable, we will ensure that we have a reasonable belief that we know the true identity of our customers by using risk-based procedures to verify and document the accuracy of the information we get about our customers. Our Compliance Officer will analyze (or delegate such analysis to the appropriate person) the information we obtain to determine whether the information is sufficient to form a reasonable belief that we know the true identity of the customer (e.g., whether the information is logical or contains inconsistencies).
We will verify customer identity through documentary means (documents requested from the customer), non-documentary means (as may be appropriate and practicable) or both. We will use documents to verify customer identity when appropriate documents are available. In light of the increased instances of identity fraud, we will supplement the use of documentary evidence by using the non-documentary means described below whenever necessary. We may also use non-documentary means, if we are still uncertain about whether we know the true identity of the customer. In verifying the information, we will consider whether the identifying information that we receive, such as the customer’s name, street address, zip code, telephone number (if provided), date of birth and Social Security number, allow us to determine that we have a reasonable belief that we know the true identity of the customer (e.g., whether the information is logical or contains inconsistencies).
Appropriate documents for verifying the identity of customers include the following:
We understand that we are not required to take steps to determine whether the document that the customer has provided to us for identity verification has been validly issued and that we may rely on a government-issued identification as verification of a customer’s identity. If, however, we note that the document shows some obvious form of fraud, we must consider that factor in determining whether we can form a reasonable belief that we know the customer’s true identity.
We will use the following non-documentary methods of verifying identity:
We will verify the information within a reasonable time before or after the account is opened. Depending on the nature of the account and requested transactions, we may refuse to complete a transaction before we have verified the information, or in some instances when we need more time, we may, pending verification, restrict the types of transactions or dollar amount of transactions. If we find suspicious information that indicates possible money laundering, terrorist financing activity, or other suspicious activity, we will, after internal consultation with the firm's Compliance Officer, file a SAR in accordance with applicable laws and regulations.
Our customers are individuals, and there is a reduced risk when dealing with individuals, as opposed to corporations or other business entities. Our $600 threshold for requesting additional verifying information for tax filing and compliance purposes is sufficiently low to make it impracticable for money-laundering or other illegal activity to use or attempt to use our apps, games, or other services or products that we may offer in the future.
Each customer must accept our Terms and Conditions before using our App and playing our games. We retain maximum discretion to close accounts, freeze funds, and take other measures against customers who refuse to provide additional information or identification upon request.
Our Compliance Officer is responsible for recordkeeping protocols and procedures. To the extent that is reasonable and practicable, we will document our verification, including all identifying information provided by a customer, the methods used and results of verification, and the resolution of any discrepancies identified in the verification process. We will keep records containing a description of any document that we relied on to verify a customer’s identity, noting the type of document, any identification number contained in the document, the place of issuance, and if any, the date of issuance and expiration date. With respect to non-documentary verification, we will retain documents that describe the methods and the results of any measures we took to verify the identity of a customer. We will also keep records containing a description of the resolution of each substantive discrepancy discovered when verifying the identifying information obtained. We will retain records of all identification information for five years after the account has been closed; we will retain records made about verification of the customer's identity for five years after the record is made.
We will provide notice to customers that the firm is requesting information from them to verify their identities, as required by federal law. We will use the email that we have on file for the customer to provide notice:
Important Information About Your Account
To help the government fight the funding of terrorism and money laundering activities, we may be required to obtain, verify, and record information that identifies each person who opens an account.
What this means for you: In accordance with our Terms of Service, when you reach certain prize winning thresholds, we will ask for your name, address, date of birth and other information that will allow us to identify you. We may also ask to see your driver’s license or other identifying documents.
a. We will understand the nature and purpose of customer relationships for the purpose of developing a customer risk profile through transaction monitoring, implementing certain heightened review triggers, and otherwise monitoring transactions for suspicious or unusual activity.
Depending on the facts and circumstances, a customer risk profile may include such information as:
b. Conducting Ongoing Monitoring to Identify and Report Suspicious Transactions
We will conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, maintain and update customer information, including information regarding the beneficial ownership of legal entity customers, using the customer risk profile as a baseline against which customer activity is assessed for suspicious transaction reporting.
We will monitor account activity for unusual size, volume, pattern or type of transactions, taking into account risk factors and red flags that are appropriate to our business. (Red flags are identified below.) Monitoring will be conducted through the methods that will be developed by our Compliance Officer and approved by management. The customer risk profile will serve as a baseline for assessing potentially suspicious activity. The Compliance Officer or his or her designee will be responsible for this monitoring, will review any activity that our monitoring system detects, will determine whether any additional steps are required, will document when and how this monitoring is carried out, and will report suspicious activities to the appropriate authorities.
Red flags that signal possible money laundering or terrorist financing include, but are not limited to:
When an employee of the firm detects any red flag, or other activity that may be suspicious, he or she will notify the appropriate senior manager. Under the direction of the Compliance Officer, the firm will determine whether or not and how to further investigate the matter. This may include gathering additional information internally or from third-party sources, contacting the government, freezing the account and/or filing a SAR.
We will file SARs with FinCEN for any transactions (including deposits and transfers) conducted or attempted by, at or through our firm involving $5,000 or more of funds or assets (either individually or in the aggregate) where we know, suspect or have reason to suspect:
We will also file a SAR and notify the appropriate law enforcement authority in situations involving violations that require immediate attention, such as terrorist financing or ongoing money laundering schemes. In addition, although we are not required to, we may contact that SEC in cases where a SAR we have filed may require immediate attention by the SEC. We also understand that, even if we notify a regulator of a violation, unless it is specifically covered by one of the exceptions in the SAR rule, we must file a SAR reporting the violation.
We may file a voluntary SAR for any suspicious transaction that we believe is relevant to the possible violation of any law or regulation but that is not required to be reported by us under the SAR rule. It is our policy that all SARs will be reported regularly to the Board of Directors and appropriate senior management, with a clear reminder of the need to maintain the confidentiality of the SAR.
We will report suspicious transactions by completing a SAR, and we will collect and maintain supporting documentation as required by the BSA regulations. We will file a SAR-SF no later than 30 calendar days after the date of the initial detection of the facts that constitute a basis for filing a SAR. If no suspect is identified on the date of initial detection, we may delay filing the SAR for an additional 30 calendar days pending identification of a suspect, but in no case will the reporting be delayed more than 60 calendar days after the date of initial detection. The phrase “initial detection” does not mean the moment a transaction is highlighted for review. The 30-day (or 60-day) period begins when an appropriate review is conducted and a determination is made that the transaction under review is “suspicious” within the meaning of the SAR requirements. A review must be initiated promptly upon identification of unusual activity that warrants investigation.
We will retain copies of any SAR filed and the original or business record equivalent of any supporting documentation for five years from the date of filing the SAR-SF. We will identify and maintain supporting documentation and make such information available to FinCEN, any other appropriate law enforcement agencies, federal or state securities regulators or SROs upon request.
We will not notify any person involved in the transaction that the transaction has been reported, except as permitted by the BSA regulations. We understand that anyone who is subpoenaed or required to disclose a SAR or the information contained in the SAR will, except where disclosure is requested by FinCEN, the SEC, or another appropriate law enforcement or regulatory agency, or an SRO registered with the SEC, decline to produce the SAR or to provide any information that would disclose that a SAR was prepared or filed. We will notify FinCEN of any such request and our response.
Our Compliance Officer and his or her designee will be responsible for ensuring that AML records are maintained properly and that SARs are filed as required.
In addition, as part of our AML program, our firm will create and maintain SARs, CTRs, CMIRs, FBARs, and relevant documentation on customer identity and verification (See above) and funds transmittals. We will maintain SARs and their accompanying documentation for at least five years.
We will hold SARs and any supporting documentation confidential. We will not inform anyone outside of FinCEN, the SEC, an SRO registered with the SEC or other appropriate law enforcement or regulatory agency about a SAR. We will refuse any subpoena requests for SARs or for information that would disclose that a SAR has been prepared or filed and immediately notify FinCEN of any such subpoena requests that we receive. See Section 11 for contact numbers. We will segregate SAR filings and copies of supporting documentation from other firm books and records to avoid disclosing SAR filings. Our Compliance Officer will handle all subpoenas or other requests for SARs.
We will develop ongoing employee training under the leadership of the Compliance Officer and senior management. Our training will occur on at least an annual basis. It will be based on our firm’s size, its customer base, and its resources and be updated as necessary to reflect any new developments in the law.
Our training will include, at a minimum: (1) how to identify red flags and signs of money laundering that arise during the course of the employees’ duties; (2) what to do once the risk is identified (including how, when and to whom to escalate unusual customer activity or other red flags for analysis and, where appropriate, the filing of SARs); (3) what employees' roles are in the firm's compliance efforts and how to perform them; (4) the firm's record retention policy; and (5) the disciplinary consequences (including civil and criminal penalties) for non-compliance with the BSA.
We will develop training in our firm, or contract for it. Delivery of the training may include educational pamphlets, videos, intranet systems, in-person lectures and explanatory memos. We will maintain records to show the persons trained, the dates of training and the subject matter of their training.
We will review our operations to see if certain employees, such as those in compliance, margin and corporate security, require specialized additional training. Our written procedures will be updated to reflect any such changes. This Policy is subject to annual updates.
The testing of our AML program will be performed at least every 2 years by the Compliance Officer. Alternatively, we may identify a qualified third party to independently review and test our policies, programs, and procedures if circumstances warrant. After we have completed internal review or independent testing, and the General Counsel (or his designee) will report the findings to senior management and the board of directors. We will promptly address each of the resulting recommendations and keep a record of how any noted deficiency was resolved.
Employees will promptly report any potential violations of the firm’s AML compliance program to the Compliance Officer, unless the violations implicate the Compliance Officer, in which case the employee shall report to the appropriate senior manager. Such reports will be confidential, and the employee will suffer no retaliation for making them.
We subject all player activity and transactions, including those by employees, to the same AML procedures as customer accounts under the Compliance Officer’s supervision.
Senior management has approved this program in writing as reasonably designed to achieve and monitor our firm’s ongoing compliance with the requirements of the BSA and the implementing regulations under it.