KYC Policy

Last Updated: January 02, 2026

1. Purpose of the KYC Policy

Megapot is committed to allocating and using its resources to detect, report, and block any activity that may be considered as money laundering or the financing of any criminal or terrorist act within any jurisdiction in which we operate.

To facilitate this objective, Megapot has adopted and implemented designated processes and procedures, covering all activities performed by Megapot.

This Know Your Customer (KYC) Policy sets out procedures and standards that:

• Verify the identity of their players.

• Prevent fraudulent activities.

• Comply with Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) regulations.

• Maintain a safe, transparent, and secure gaming environment.

The procedures outlined in this KYC Policy are all adopted so that Megapot achieves the above stated objectives. Megapot is committed to the highest standards of AML and CTF compliance. Megapot adheres to all applicable laws, including legal and regulatory requirements to obtain, verify, and record information that identifies each person connecting their digital Wallet and using Megapot Services.

2. Objectives of KYC

1. Compliance with Regulations: Ensure adherence to local and international AML/CTF laws and FATF recommendations.

2. Player Integrity: Verify the identity of players to prevent underage gambling, fraud, and financial crime.

3. Risk Mitigation: Minimize risks associated with high-risk jurisdictions, Politically Exposed Persons (PEPs), and suspicious transactions.

4. Transparency: Promote responsible gaming and safeguard player funds.

3. Scope

This policy applies to:

• All players connecting their digital Wallet for Services.

• Business relationships established with third-party service providers.

• Transactions exceeding designated thresholds or identified as high-risk.

4. Key KYC Principles

1. Customer Identification: Verify the identity of players when the total value of aggregate lifetime deposits reaches $10,000 USD or a withdrawal request of any amount, and refresh verification information for players at least every 12 months, or more frequently as determined by applicable law, regulatory guidance, or internal risk assessment.

“Withdrawal” means any transaction in which a user transfers funds or assets from their embedded digital wallet on the platform to an external wallet, centralized exchange, or any destination outside the platform’s ecosystem, thereby removing the assets from the platform’s direct environment or control. Notwithstanding the above, due to the open and decentralized nature of blockchain technology and its other limitations, it may be technically possible for a miniscule number of very sophisticated users to access their embedded wallet outside the platform’s standard withdrawal process. The platform requires KYC for all withdrawals initiated through its interface, however, certain such external uses may not be fully detectable or subject to monitoring.

1. Risk-Based Approach: Apply varying levels of due diligence based on the player’s risk profile.

2. Record Retention: Maintain all KYC-related documents and transaction records for at least five (5) years.

3. Ongoing Monitoring: Monitor player behavior and transactions on an ongoing basis to identify suspicious activity.

5. Customer Identification and Verification Process

5.1 Information Collection

Collect from all players:

• Full legal name.

• Date of birth (to confirm minimum legal age).

• Nationality.

• Residential address.

• Contact information (email and phone number).

• Payment information (e.g., bank account or e-wallet details).

5.2 Document Verification

Obtain and verify the following documents:

1. Proof of Identity

   • Valid government-issued ID, such as:

     • Passport.

     • National ID card.

     • Driver’s license.

   • The ID must contain the player’s photo, name, and date of birth.

2. Proof of Address

   • Recent utility bill, bank statement, or government correspondence (not older than three months).

3. Payment Verification

   • Proof of employment (such as a recent paystub) and self-reported annual income to verify the source of funds being used to fund the player’s digital Wallet.

5.3 Enhanced Due Diligence (EDD)

Megapot does not permit users from high-risk jurisdictions to access its Services. Adverse media checks will be performed on all customers at the time of KYC and periodically thereafter. Enhanced Due Diligence (EDD) may be conducted if Megapot deems it necessary in compliance with applicable law or regulation.

6. Risk-Based Approach

Megapot’s risk-based approach focuses on identifying and flagging suspicious activity.

• Transactions of $3,000 USD or more, or activity that deviates from typical player transaction patterns, will be flagged for further review.

• Users from high-risk countries will be blocked from accessing Megapot’s services.

• Risk classification is based on the presence of suspicious activity or transactions exceeding the specified threshold.

7. Ongoing Monitoring

Monitoring transactions for unusual activity, such as:

1. Transactions of around USD 3,000.

2. Multiple small transactions in a 24 hour period designed to evade reporting thresholds.

3. Transaction monitoring for anti-money laundering (AML) and anti-terrorist financing (ATF) will be conducted using TRM Labs or a similar third-party provider.

8. Politically Exposed Persons (PEPs)

8.1 Identification

PEPs include individuals who hold or have held prominent public functions, as well as their family members or close associates.

8.2 Enhanced Measures

• Conduct comprehensive checks using third-party databases.

• Obtain approval from senior management before establishing a business relationship.

9. Record Keeping and Confidentiality

1. Retention Period

   • Retain all KYC documents, transaction records, and communication logs for a minimum of five (5) years after the business relationship ends.

2. Data Protection

   • Securely store player data in compliance with applicable laws and international privacy laws.

   • Ensure player data is used solely for verification and compliance purposes.

3. Accessibility

   • Ensure that KYC records are accessible to regulatory authorities upon request.

10. Reporting Obligations

1. Suspicious Activity Reporting (SARs)

   • Report suspicious activities within 7 calendar days of detection.

   • Include detailed information on the player, transaction, and reasons for suspicion.

2. Threshold Reporting

   • Report all transactions exceeding $10,000 USD, even if no suspicion arises.

11. Compliance Oversight

1. Appointment of a Compliance Officer

   • Appoint a Compliance Officer responsible for:

     • Overseeing KYC implementation.

     • Liaising with regulatory authorities.

     • Ensuring the submission of SARs and transaction reports.

     • Developing, implementing, and updating compliance policies and procedures.

2. Internal Audits

   • Conduct periodic internal audits to evaluate the effectiveness of KYC measures.

3. Training Programs

   • Train employees on KYC procedures, including:

     • Identifying fraudulent documentation.

     • Recognizing red flags for ML/TF activities.

     • Reporting obligations under Anjouan’s regulatory framework.

12. Continuous Improvement

Megapot continuously improves its KYC processes and procedures, and does the following:

• Regularly review and update KYC policies to align with changes in AML/CTF regulations.

• Adopt advanced technologies, such as AI and blockchain, to enhance verification processes and reduce fraud.

13. Contact Information

For assistance or inquiries regarding its KYC compliance, contact Megapot at Email: [email protected]