Artcade AML/CTF Policy
✅ WLG AML/CTF Policy (5/29/26 round). Tracked changes accepted + comment removed. The $5,000 enhanced-due-diligence threshold is WLG's current text; confirm it matches your final ops. Per Larry, some KYC/data specifics intentionally finalize after Persona + TestFlight. TO DO: set ⚑ TO FILL: Effective Date.
Last Updated: ⚑ TO FILL: Effective Date
The Creator Good, Inc. is the owner and operator of Artcade, (“Artcade”), a skills-based artmaking contest platform (“Services”). We provide our Services, conduct our business, and enforce our policies in accordance with applicable state and federal laws, as well as the international standards set by the Financial Action Task Force (“FATF”).
We recognize that money laundering, fraud, and the financing of terrorism are ever-growing threats for economies throughout the world, forcing all vulnerable sectors to have measures in place for the prevention of misuse of their services for these purposes.
This high-level policy outlines (i) our Anti-Money Laundering efforts to prevent the transformation of criminally obtained proceeds into funds which appear to be obtained legally (“AML”), and (ii) our Counter Terrorism Financing efforts to prevent the use of our Services by terrorists and terrorism organizations (“CTF”).
The primary objective of this Policy is to prevent, deter, and mitigate the risk of money laundering and terrorism financing inherent in our industry by properly identifying and verifying our users (“Users”), monitoring the activities of Users, and reporting unusual User activities. Further, this Policy (i) confirms the appointment and responsibilities of our Money Laundering Reporting Officer (“MLRO”); (ii) clarifies the roles and responsibilities of our AML/CTF moderators; (iii) ensures AML/CTF training is provided to our MLRO and moderators; and (iv) outlines our AML/CTF controls.
What is Money Laundering and Terrorism Financing?
Money laundering is generally defined as engaging in acts designed to conceal or disguise the nature, control, or true origin of criminally derived proceeds, so that those proceeds appear to be derived from legitimate activities or origins, or otherwise constitute legitimate assets. We have concluded that money laundering generally occurs in three stages:
Placement involves the introduction of unlawful proceeds into the financial system without attracting the attention of financial institutions or law enforcement. For example, opening User account and depositing funds, but not using the funds to play the games.
Layering involves the moving of funds around the financial system to create confusion and complicate or obfuscate the paper trail. For example, operating multiple User accounts funded with illegal funds and moving these funds quickly in order to elude detection.
Integration is the incorporation of unlawful proceeds into the financial system, completing the process of converting illicit funds into apparently legitimate earnings. For example, taking illegal funds, playing with those funds, and withdrawing the original funds and earnings.
Unlike money laundering, terrorism financing is typically motivated by ideological concerns, rather than an interest in profit-seeking. While money laundering can be an important component of terrorism financing, terrorism financing often may not involve the proceeds of criminal conduct, and the funds may come from otherwise lawful sources which become illegal when used to in the commitment of terrorist acts.
The signs of money laundering and terrorism financing may include, but are not limited to:
Providing unusual, suspicious, false, or unverifiable KYC Information
Being reluctant to provide complete KYC Information
Opening more than one account
Enquiring about transaction thresholds or other unusual concerns with AML/CTF compliance
Structuring transactions to avoid the transaction thresholds
Engaging in transactions that show a sudden change which is inconsistent with prior account activities
Acting as an agent of an undisclosed principle
Unexplained high levels of account activity with low levels of transactions
Exceptionally high dollar transactions
Exceptionally frequent low dollar transactions
No concern regarding the cost of transactions and related fees
Unusual chargeback activities
If any employee detects any of these signs or otherwise suspects that money laundering or terrorism financing may be occurring on Artcade, the employee is required to immediately report the matter to the MLRO or an appropriate moderator.
Regulatory Framework
International Regulations
On an international level, the FATF combats money laundering and terrorism financing by monitoring the progress of its members in implementing necessary measures, reviewing money laundering and terrorist financing techniques and countermeasures, and promoting the adoption and implementation of appropriate measures globally. In total 34 countries are direct members of the FATF and through regional organizations over 180 countries are connected to the FATF.
United States Federal Laws
As a member of the FATF, the United States meets international expectations by regularly implementing these standards in its national legislation. Money laundering and terrorist financing are criminal offenses pursuant to numerous federal laws in the United States, including, but not limited to:
Anti-Money Laundering Act of 2020
Intelligence Reform & Terrorism Prevention Act of 2004
USA PATRIOT Act of 2001
Money Laundering and Financial Crimes Strategy Act of 1998
Money Laundering Suppression Act of 1994
Annunzio-Wylie Anti-Money Laundering Act of 1992
Money Laundering Control Act of 1986
Bank Secrecy Act of 1970 (“BSA”)
Travel Act of 1961
As such, this Policy combines procedures put forth by the FATF and U.S. federal law.
We briefly note that the BSA applies to “casinos”. While we offer games that provide the users with an opportunity to win prizes, we are not a “casino” under the BSA, because Artcade is not (i) licensed as a casino, gambling casino, or gaming establishment under the laws of any state or political subdivision, nor (ii) an Indian gaming operation conducted under or pursuant to the Indian Gaming Regulatory Act.
We also briefly note that the BSA applies to “money transmitting businesses” which can apply to some websites that offer virtual tokens for use in transactions. In 2013, FinCEN explained that the term “money transmitting business” applies only (i) to individuals or entities that act as an “exchanger” or “administrator” in the transactions; (2) when the virtual tokens are “convertible virtual currency’; and (iii) when the individual or entity facilitates the movement of funds between different persons or locations. We are not a “money transmitting business” under the BSA, [because the virtual tokens cannot be used to transfer funds between persons or locations and/or because we do not act as an exchanger or an administrator and we only allow the virtual tokens to be used to purchase legitimate goods and services].
While the BSA does not apply to us directly, the BSA may apply to our financial service providers. We will make commercially reasonable efforts to work with financial service providers who are covered by the BSA to deter and report money laundering occurrences to the extent required by the relevant financial service provider.
Our approach ensures a solid, internationally accepted basis regarding AML/CFT. Where local laws and regulations require additional compliance duties, Artcade is free to develop additional procedures to comply with local regulations.
Due Diligence of Users
Risk Assessment
We are committed to imposing controls that identify and mitigate the risk of AML/CTF violations in a method and manner that is appropriate for the size, structure, risks, and complexity of our industry and business model. These controls are designed after identifying the applicable risks, assessing any mitigating or exacerbating factors for each risk, and allocating the proper mix of resources to reduce exposure for each risk.
We recognize that non-compliance with these controls and the other provisions of this Policy can expose us to substantial risk. The MLRO, the moderators, and all other relevant staff members are responsible for understanding and implementing the controls and the other provisions of this Policy, as well as otherwise taking all actions necessary to meet all applicable laws, rules, regulations, payment processing requirements, and industry standards. Willful blindness to a potential violation may expose us, as a company, and the individual employee to potential legal liability. Violations of this Policy by employees may result in (i) disciplinary action, including termination, (ii) reputation risk to the employee and us, as a company, and (iii) financial risk to us, as a company.
In an effort to comply with the applicable international standards and federal laws, we believe it is imperative that we know our Users. Therefore, we have put procedures in place to verify the identity of our Users and to monitor User activity. We determine the extent of our due diligence measures based on the risks of money laundering and terrorism financing associated with skills contests, and we also consider the specific behaviors and activities of the account of each individual user (“User Account”). Implementing sound KYC procedures is the critical first step in protecting the safety and soundness of the Services. Upon making their first transaction, all Users are automatically required to comply with the standard due diligence requirements detailed herein and are submitted to the regular and continuous monitoring of their activities. At the detection of irregular activities, or upon request to engage in certain activities such as requesting withdrawals in excess of $5,000, cumulatively, we implement higher due diligence measures.
Standard Due Diligence
In order to register a User Account, the User must attest that they are at least eighteen (18) years of age, and the User cannot use a Virtual Private Network or otherwise access the Services from a prohibited jurisdiction. We use state-of-the-art geo-blocking software to ensure compliance with this prohibition. We also collect technical information from all users which may be used for identity and location verification, including, but not limited to:
Username
IP address and other Internet network activity information such as browsing history, search history, and online interactions
Device ID
Geolocation data
The User must also provide certain information to Artcade and authorize us or our agents to use and disclose this information to third parties that assist us in validating such information and the identity of the User. This Know-Your-Customer or “KYC” is used to (i) evaluate the risks presented by that User, (ii) predict with relative certainty the types of transactions which that User is likely to engage in, and (iii) detect and report suspicious activities. This information includes, but is not limited to:
Full legal name
Social Security Number
Address
State of residence
Email address
Phone number
Date of birth
Government-issued picture identification (“ID”)
Selfie
Biometric information
Username
Password
At all times, we maintain and secure a confidential list of Users and their KYC information. Each User is permitted to create only one User Account. Users are prohibited from sharing the log-in credentials with any third party. If there is a suspected violation, the User will be required to create a new password. Repeated violations of this prohibition will result in a permanent ban from the Services. Artcade reserves the right to close any User Account at any point in time in its sole and absolute discretion for any reason.
Enhanced Due Diligence
We may demand additional KYC Information from the User to confirm the validity of the KYC Information or otherwise verify the User’s identity in certain limited circumstances including, but not limited to: (i) if the User requests to withdraw prizes which exceeds $5,000 over the lifetime of the account, (ii) if the User reaches a transaction volume threshold, (iii) if the User engages in irregular behavior, or (iv) at any time in our sole and absolute discretion. This additional KYC Information may include, but is not limited to,
Aliases
Social security number or taxpayer ID number
Banking information
Banking statements
Paystubs or other proof of source of funds
Utility bills, mortgage statements, rental leases, or other proof of residency
In order to request withdrawal of a prize, the User must provide either (a) a bank account owned by the User, or (b) an address validated by a recently issued utility bill showing the User as an owner or resident of said address. The name on the bank account or the address provided must be identical to the KYC Information or identify an entity that the User owns or controls. Any inconsistency in name details will be subject to further investigation. Before processing any withdrawals, Artcade will conduct additional review of the User Account for any irregular activity such as money laundering or suspicious play. Upon completion of the review of the User Account, withdrawal requests are typically processed promptly, provided there are no discrepancies in the withdrawal request and the KYC Information, nor any delays caused by verification of the User Account, public holidays, bank working hours, etc. If irregular activity is uncovered during the review of the User Account or some other problem occurs during the withdrawal request, Artcade will cancel the process and reinstate the amounts to the User Account.
Additional measures are taken whenever any irregular pattern or activity is detected including a review of (i) the User’s prior payouts, (ii) the size of the User’s current payout, (iii) the User’s current IP Address and geolocation in comparison to historical IP Address and geolocation data, (iv) the User’s log-in history, (v) other indicators which may reveal the User is committing fraud or attempting to launder money from criminal proceeds, (vi) the User’s gameplay history, and (vii) other indicators which may reveal that the User is cheating or is otherwise engaging in unfair gamesmanship, platform manipulation or suspicious play. In the event that such red flag activity is present, we may request additional information from the User to confirm or explain the discrepancies and to confirm the User’s identity or take action such as suspension or termination of the account.
In all instances, we will typically request whatever information is necessary to confirm the identity of the User. If the User is unwilling or unable to provide such information, or if we are unable to verify the identity of the User, we may suspend the User Account until such information is provided or until the User’s identity is verified.
Third-Party Services
In our sole and absolute discretion, we may share the KYC Information with a third-party service provider such as Persona, or authorize such third party to process the KYC Information, to confirm the authenticity of the KYC Information and the identity of the User using a variety of techniques, including, but not limited to:
Utilizing certain public or private databases
Cross-checking sanction lists
Verifying KYC Information in real time
Identifying holders of prepaid cards
Detecting liveness to ensure the Selfie is provided in real time
Comparing biometrics in the Selfie and IDs
Requiring the User to participate in live video session
All third-party services are subject to contractual confidentiality, security, and data protection obligations.
Reverification of Suspected Compromised Accounts
Even after the initial verification of a User has occurred, we reserve the right to request the User resubmit their KYC Information and/or submit additional KYC Information. If we suspend that the account of a verified User has been compromised, we will suspect the account and require the current operator of the account (who may be the User or the individual who compromised the account) to undergo verification again. If the current operator of the account is unable to pass our verification procedures, the account will be considered compromised. We will close the account, and we may report the matter to the appropriate law enforcement authorities.
Due Diligence of Service Providers
We contract with certain third-party service providers, such as marketers and payment processors. We conduct standard due diligence of all service providers to ensure that our service providers are financially stable, ethically sound, and (as applicable) have active corporate structures. All third-party service providers are required to agree, in writing, to comply with all applicable laws, rules, and regulations when providing the services to us. Further, we may collect and maintain various categories of KYC Information from our service providers, including, but not limited to:
Legal name
State of residence, if an individual
State of incorporation or other registration, if an entity
Current business license, if applicable
Postal, billing, and shipping addresses
Employee Identification Number
Telephone number
Email address
Website address
Negative news search
Senior Management and the Money Laundering Reporting Officer (MLRO)
The senior management of Artcade shall appoint an MLRO and aid the MLRO in creating a culture of compliance that detects and deters money laundering and terrorism financing. The senior management of Artcade shall also ensure that adequate resources are allocated and made available to the MLRO, the moderators, and all other relevant employees to detect and report suspected violations of this Policy. Finally, the senior management of Artcade shall hire Walters Law Group or another independent third party qualified to provide legal guidance on AML/CTF concerns to conduct a review and update of this Policy every 18-24 months.
Artcade has designated an MLRO who is responsible for:
Executing this Policy by implementing appropriate screening processes, reporting any AML/CTF issues to senior management, and overseeing day-to-day oversight
Developing a risk-based training program tailored to focus on Artcade’s specific risks
Training and managing moderators on (i) updates to this Policy implemented since the previous training, (ii) recent trends in the fight, prevention, control, and management of risks in relation to money laundering and terrorism financing, and (iii) mechanisms, procedures, and tools used by Artcade in relation to AML and CTF
Maintaining training records, training materials, and training attendance sheets for at least five (5) years
Remaining up-to-date on all application laws, rules, regulations, payment processor requirements, and industry standards related to AML/CTF
Updating this Policy in light of such changes to ensure its continued effectiveness
Serving as the primary contact for law enforcement inquiries related to AML/CTF
The MLRO should also work with Human Resources to institute and perform proper due diligence on all employees and independent contractors. Such due diligence will be performed as part of the recruitment and during the entire period of employment. All employees and relevant independent contractors are provided with a copy of this Policy. Moderators are required to receive training on this Policy at least once a year.
The goals of the training program are to ensure relevant staff members are (i) adequately trained on this AML Policy, our general procedures for managing and reporting suspicious activities to appropriate personnel, and their specific job functions related to AML and CTF, and (ii) provided with all necessary resources to identify suspicious activity.
Any suspected violation of this Policy must be promptly reported to the MLRO.
Moderators and Security Reviews
Under the oversight of the MLRO, our moderators are responsible for conducting security review, including, but not limited to:
Completing all assigned compliance training
Ensuring collection, inspection, and protection of KYC Information as is necessary to verify the User’s identity
Keeping a list of registered Users, purchases, winners, and payouts
Ensuring each User registers only one User Account
Ensuring Users do not share log-in credentials
Ensuring Users do not access other User Accounts without authorization
Monitoring User activity for suspicious behavior or violations of our Terms of Service
Deploying elevated monitoring strategies for high risk Users and geographic areas
Keeping a record of such violations in compliance with our retention schedules detailed herein
Reporting such violations to the MLRO and law enforcement authorities, where appropriate
Researching reports by employees, Users, and third parties that any User is publicly known or linked to any criminal or illicit activities, even where they have not been prosecuted or judged by competent authorities
Maintaining confidentiality of all investigations
Cooperating with law enforcement investigations, where appropriate
Otherwise ensuring that this Policy reasonably addresses current AML/CTF concerns, and is reasonably updated to address future AML/CTF concerns
Security reviews may be conducted at any time to validate a User’s identity, to monitor the financial transactions carried out via the Services, and to investigate potential breaches of our Terms of Service or any applicable laws. Artcade reserves the right to withhold payouts and suspend User Accounts if we suspect or become aware of a breach of our Terms of Service or any applicable law.
Abuse Reports
We also collect, research, and respond to reports by our Users and third parties that any User has or is planning to engage in any unusual transactions, activities, or circumstances.
Reports to Law Enforcement & Cooperation
If we have significant reason to believe that a criminal activity has occurred, we may report such information to payment processors, banks, or the appropriate law enforcement authorities, as warranted. The MLRO will hold a list of all instances in which it did not consider it necessary to report to the relevant authority. The decision not to report will need to be sufficiently supported.
We cooperate with law enforcement inquiries and disclose information to law enforcement agencies consistent with applicable law.
We do not inform Users or third parties of the reporting of or the intention to report an activity or transaction to law enforcement.
Recordkeeping
Artcade maintains a record of all relevant documentation on a separate database for at least five (5) years after each User Account is terminated, whether by us or by the User. We retain files in a way that enables investigating authorities to identify a satisfactory audit trail for individual transactions including the amounts, currencies, and type of transactions. In specific circumstances, if ordered and permitted by rule of law, we may provide copies of the records maintained.
Further, as discussed above, the MLRO is responsible for maintaining training records, content, and attendance sheets for at least five (5) years.
Limitation
Nothing in this Policy is intended to create obligations beyond those required by applicable law.