RECEIVED Pasrr lippine Arausement and Gaming Corporation ae Phi Ww ————s PAGCOR ANTLMONEY LAUNDERING [SUPERVISION AND ENFORCEMENT DEPARTMENT REGULATORY ORDER NO. RO-2018-02-003 February 21,2019 To [ALL PHILIPPINE OFFSHORE GAMING OPERATORS (POGOs) SUBJECT. (CUSTOMERS DUE DILINGENCE (CDD) GUIDE-INES FOR OFFSHORE GAMING VERSION 1.0 Section @ ofthe Casino Implementing Rules and Regulations (CIRR) mandates the Appropriate Goverment Agency (AGA) to issue their respective Ant-Money Laundering and Countering Terrorist Financing (AMLICFT) guidelines and ciculars for ‘tha guidance and compliance of casinos under their respective jursiction, to assist the Anti-Money Laundering Counc (ANLC) in effectively implementing the provisions of the AntiMoney Laundering Act (AMLA), the CIRR, and other AMLC fsuances, ‘The Customer Due Diligence Guideline for Offshore Gaming version 1.0 was approved by the Board of Directors on February 13, 2019 to guide all POGO licensees ‘on how to assess the MUTF risk associated with @ business relationship; comply with customer identification, verification and monitoring oblgstons under the CIRR; and adjust the extent oftheir customer due dlgence (CDD) measures cemmensurte with the MLITF risk they have identified Relative thereto, all Philippine Offshore Gaming Operators are hereby advised to sdopt COD Gui rs y/ Fr your guidance and strict compliance. vy fr pave (SEVILLA Peay seg abaPHILIPPINE AMUSEMENT AND GAMING CORPORATION CUSTOMER DUE DILIGENCE GUIDELINES FOR OFFSHORE GAMING JANUARY 2019 VERSION 1.0 ISION AND ENFORCEMENT DEPARTMENTCustomer Due Diligence for Offshore Gaming Version 1.0 This page intentionally left blank‘Customer Due Diligence for Offshore Gaming Version 1.0 Table of Contents Policies, Objective, and Scope. Section 1. Statement of Poley. Section 2. Guidance Objective. ‘Section 3. Scope Definition of Terms. Section 4, Definition of Terms Risk Assessment. Section 5. Identification of MLITF Risk Section 6. Source of Information Section 7. Relevant Risk Factors. Section 8. Weighing Risk Factors Section 8. _Categorizing the Services and Transactions Customer Due Diligence, Section 10. _Customer Due Diligence (CDD).... Section 12, Timing of Verification ‘Section 13._ Ongoing Monitoring Section 14. Risk Based Approach Section 18. Normal Customer Due Diligence (NCDD). Section 17. Enhanced Due Diligence (EDD) and Enhanced Ongoing Monitoring 8 6 6 ® 7 7 Section 18. _Transacton Thresholds for PAVE .scssesenll ee 2 ° 9 9 “Section 18, Where CDD Cannot be Came OUt sass Section 20. _CDD Third Party Reliance Section 21. CDD Outsourcing Section 22. Responsibilities ofthe Counter Paty. - Section 28, CDD by Group of Companies. Section 24. CDD on PEPs. Miscellaneous Provisions Section 25. Compliance Checking. Section 28. Separabilty Clause. Pare 1‘Customer Due Diligence for Offshore Gaming Version 1.0, Section 27. Effectivity et 10° “ANNEX A” ~ Source of Information 4 Guiding Principle in Assessing MLITF Risk Factor. 18 "ANNEX C"(Customer Due Diligence for Offshore Geming Version .0 Title Policies, Objective, and Scope Section 1. Statement of Policy ~ itis the policy of the State to ensure that the TREE aT TrTOMSErancing (METTFY ate Phipererste oH for the proceeds of any predicate offanse, Consistent with its foreign-policy, the Philippines shall extend cooperation in transnational investigations and prosecutions of persons involved in MLITF sctvties ‘wherever committed. Section 2. Guidance Objective ~ Section 9 of the Casino Implementing Rules and Regulation (CIRR) mandates PAGCOR to issue Anti-Money Laundering and Countering the Financing of Terrorism (AMLICFT) guidelines for the guidance and compliance of casinos under its jurisdiction to assist the Anti-Money Laundering Counell (MLC) in effectively implementing the provisions of the Anti-Money Laundering Act of 2001, as ‘amended (AMLA) and the CIRR. Thus, these guidelines are issued fo 2asinos how to y AsSeGs ie WILITF TK asscdlated with a business relationship or oocasional transaction; 5) Comply with customer identification, verification and monitoring obligations under the CIRR; and ©) Adjust the extent oftheir customer due dligence (CDD) measures commensurate. nt We WILT risk They Fave Kleniied Section 9. _ Scope ~ These guidelines shall apply to all Phifppine Offshore Gaming Operators (POGO) not heretofore authorized by exstng franchises or permited by Tite Definition of Terms Section 4. Definton of Terms ~ For purposes of these Guidelines, the following terms are hereby defined as followsCustomer Due Diligence for Ofshore Gaming Version 10 8) Aggregation - refers to the process of treating multiple or @ sefes of transactions, ‘5 "ar as practicable or #8 s00n as consolidated data becomes avaiable, 2s a single Casino cash transaction if done by or on behalf of a specific customer involving an ‘amount exceeding the desi By Business Relationship — reters Wa feguiar DusiraSe or professional Commercial relationship between a casino and a customer with an-expectation by the casino that it wil have an element of duration. ©) Customer Due Diligence - refers to the process of identifying @ customer and verifying his or her identity when # customer engages in financial tansaction. 4) Financial Transactions - refers to transactions involving the buy-in / pay-out Undertaken by the customer or by someone on his/her behalf ) Gaming Day - refers to the normal business day of an offshore gaming If offers 24-hour gaming, the term shall meen that 24-hour period from 6:00 am up to 5:59:59 am the following ¢ 7) Guidelines ~ refers to this document and ts annexes. identication care esved by a — ) Identifieation Document = refers to any foreign government, h) Offshore Gaming (0G) - refers to the offering by @ PAGCOR licensee of authorized online games of chance or sporting events via the intemet using & network and software or program, exclusively to offshore authorized players. I) Offshore Gaming Operations = refers to online games_of chance or-sporing ft players, and. whose. components.ace pincuced andlor provided by scoredited service providers. |) Outsourcing - a counterpartyintermediarylagenticontractorlservice provider who ‘conducts COD measures in behalf ofthe POGO licensee. I) Player — refers to @ customer who has successfully registered with a POGO Registration Program,Customer Due Diligence for Offshore Geming Version 1.0 Player Registration Program — refers to a registration program of the POGO Licensee where players are required to provide certain mandatory information through an electronie form as a prerequisite to become an eligibl player in a POGO. Treansaa’s website to register with a POGO Licensee's Player Registration Program lor reasons such as being- included in the ist of banned personalities issued by PAGCOR: Flipino citizens residing here or abroad; foreign nationals within the Phifppine terrtory and incividuals or entities designated by the United Nations Security Council, 1n) Risk-Based Approach ~ refers to the proportionate AML/CFT measures that are implemented in response to identied risks. An effective Risk Based Approach (REA) allows POGO licensees to exercise informed judgement when conducting CDD on customers, ©) Service Provider ~ refer to duly constituted business corporation organized in the Philippines who provides components of ofshare gaming operations to POGOs, »)- Third-Party Rellance-—-a-financial-insttuton or DNFBP-operating”ouIsicethe Tan Testo race requirements. 9) Verify ~ refers to the CDD procedure of verifying data on the besis of documents or information which, in elther case, have been obtained from a reliabls source which is ig stfication- documents ——— are to be regarded as being independent of a person even if they are provided oF ‘made availabe to the POGO licensee by, or on behalf of, that person, —Pefntions-of terms-under-the-CIRR-not otherwise mentioned nase Guidelines are—— ‘and deemed incorporated herein.Customer Due Diligence for Offshore Gaming Version L0 Title m Risk Assessment Section 6, Idenifenton of MUTE Risk - POGO loanoes shou have 2 tora Mt He tenterng into @ business relationship wth a player. Section 6. Source of Information - POGO licensees should endeavor to use available information of the potential player including any information obtained from the licensee's agent abrosc in the conduct of risk assessment, Examples of sources of information ae Iisted in Annex A of these Guidelines. Section 7. Relevant Risk Factors ~ POGO licensees should consider relevant risk factors including who their player i, the countries or geographical areas they are from, the particular products, services and transactions the player requires and the delivery channels these services and transactions are made available including service Providers; agents, suppliers anothers Examples of risk factors are given in Annex B of these Guidelines. Section 8. Weighing Risk Factors ~ POGO licensees should make an informed Logement about tne: teieverce-of cillerent-rab- fastens trovalver iy sk oF business relationship. POGO licensees may use an automated AML solution, to allocate risk scores to sa tegorize business relatinshios butt shouie-understand-how the ststent Warts Td tow it combines isk Tactors 10 achieve an overal risk score, The POGO licensees must to—satsly- themselves thal the scorae allocated reflect their derstanding_of theic ML.Z-E cick-and-tt-should-be-abie-to-demonstrate-tis ‘competent authority, Guiding principles for assessing risk are found in Annex C of these guidelines, Section 8. Categorizing the Services end Transections — The rsk shall be Categorized as high and normal considering the types of MLITF risk tis axposed foCustomer Due Diligence fr Offehore Gaming Version 1.0 Tige Customer Due Diligence Section 10. Customer Due Diligence (COD) ~ POGO licensees must apply CDD —measures.uinda: the folowing. @) Upon registration ofa customer, ') When it becomes aware of circumstances which alter the current MLITE risk profile of aplayer, including, but not limited to the following: i. When there is an indication thatthe dently of the player has changed. ji, When players transaction is not reasonably consistent with the POGO licensee's knowledge of the player. li, When there is a change in the purpose or Intended nature of the POGO licensee's relationship withthe player. |v. Any other circumstances wich could affect the POGO licensee's assessment of the MLATF risk in elation tothe player ——— ©) When the POGO licensee suspects money laundering or terrorist financing. ) When the POGO licensee doubts the veracity or adequacy of documents or informs Section 11. COD Measures — The following are CDD measures to be undertaken by POGO licensees: 4 ently the player unless the identity is etready known 10, and has been vedfed ston - ‘BY Verify the players ently, unless the players Identily has alrezdy been veriied by the POGO licensees; ©) POGO licensees may use reliable, independant source documents, data ot Information in verifying player's identiy ©) Assess MLITF player risk and, where appropriste, obtain infermation on the purpose and intended nature ofthe business relationship;‘customer Due Diligence for Offshore Gaming Version 1.0 ©) Check the watch list of individuals and entties engaged in ilegal or terrorist ‘elated activities es circularized by BSP, AMLC, and other intemational entties or organization such as the Office of Foreign Assets Control OFAC) of the U.S. 7) Any counterpartyintermedian/agenticontractoriservice provider acing for or in behalf of the POGO licensees in getting the player information should verily the player's identity and conduct CDD. ‘Section 12. Timing of Venfcation ~ POGO licensees should complete the verification of player's identity before the establishment ofa business relatinship, Section 13, Ongoing Monitoring ~ POGO licensees must conduct angoing monitoring of business relationship with the player on a risk-sensitve basis. POGO licensees ‘should monitor the business relationship withthe player including thsir transactions on the basis of materiality and risk and update player information and MLITF risk and Undertake commensurate customer dus diligence. Section 14. Risk Based Approach ~ In_performing-GOD-meastres,-a-risk-besed —— ——_ ch shall be undertaken dependh ness eat nature of the product, offshore gaming transaction or actvly. POGO leensees shall Undertake: 8} Simplified: CD for players: posing-lov-islc of LITE: ') Normal CDD for players posing narmalisk for MTF: PIEyars POSING S MG-TSK OT MUTE, ane 4) Refuse transaction for prohiited players, si = POGO Licensees.can.apply simplified. COD-measures-in——— ————releter—to-apartetlar-best 5 Tat the business — sola : TENSES Ta senits-eiow degree oF develop parameters which Indicate whather or nota player has_law Mudie These players, the folowing simplified CDD procedure may be performed: 2) Obtain the minimum information from players in accordance with Section 19 of the CIRR: 1) Obtain valid identiiation documents; ©} Ensure transactions of player are recorded in the POGO licensee's system to enable ‘monitoring or detection of possible suspicious transaction;customer Due Diligence for Offshore Gaming Version 1.0 4d) Review and update the COD information once every five (6) years, or if there is a substantial change in the player's profile, POGO licensees must discontinue applying simplified COD measires and elevate to normal or enhanced COD under the folowing circumstances: @) There is @ doubt to the veracity or accuracy of any documents or information obtained during COD; ») There are changes in the MLITF risk profile ofthe player; ©) There is suspicion of MLITF; 4) The presence of suspicious indicators is observed. Section 18. Normal Customer Due Diligence (NCDD) ~ For players whose MLITF risk is assessed as nether low nor high, POGO licensees shall perform the following: 2) Collect the minimum information required under the CIRR’. Verity the player's Identity using decuments from player ancl Tefernation Wom open —— ‘sources (@.g, Internet, gavamment database, etc). ©) Review and update CDD information once every three (8) years, or if there is & 4) Carry out business relationship or transaction monitoring to enable ft to detect suspicious transactions: 2 ) The player's aggregated transactions that exoeed Two Million (2,000,000.00) Pesos ‘of ts equivalent in foreign currency. Section 17._Enhanced-ue_Diligence-{ED}_and_Enhanced-OngcingMonitaning-———— ROG emEvEE TUE IEB GOO Toate WS ETS TOL TST TOR rT a 1) The player is'a Poltically-Exposed Person (PEP); * section 19, Customer Identoaton,Casin implementing Rules and Regulation, Pare 17Customer Due Diligence for Offshore Gaming Version 1.0 ) The player is a high risk player or whose transactions are attended by suspicious indicators; 01 The players aggregated transactions that exceed Five Mllion(6,000,000.00}-Pesos Cr its equivalent in foreign currency; {d)_The player is ftom a county identfied by the FATE as e high risk, ©) The player's transactions excged the POGO licensee's expected amount of transaction based on its understanding ofthe player customer's profle; 4) The player's transaction is unusual or unexpected compared to the player's normal activity, 9) The POGO licensee doubts the veracity of information provided by the player: hh) The player's transaction is considered as suspicious based on the AMLC Registration end Reporting Guidelines for Casinos (ARRGC). ‘The following ere EDD measures which POGO licensees could perform to manage and mitigate MLITF risks: __2) Obtain aditional player information suc close associates, payer’ past and presen Susiness actviles, adverse media report Searches, adaiional evidence of Mentfy, detailed source of funds and source of wealth; — ing_all_known_souroes_of_infarmation_incliding_third_party ‘commercially available COD tools such as but not limited to Worl Chect }_Apply enhanced ongoing transaction and MLITF risk monitoring of player: and ) Require senior manegement approval before opening an account for the player andlor before allowing a transaction, Section 18_Trensaction Thresholds for Players —In-adeltionto-the-LATF risk factors — provide theseguldetines, tie ot misecion threshols shall determine tl ——neyertype 2) Low Risk Customer players with aggregated financial traneaction n excess of Five Hundred Thousand (00,000.00) Pesos or ts equivalent in foreign currency. ) Normay Risk Customer ~ players with aggregated financial transaction in excess of ‘Two Millon (2,000,000.00) Pesos or its equivalent in foreign currency. ©) High Risk Customer~ players with aggregated financial transaction h excess of Five ‘Mion (6,000,000.00) Pesos or its equivalent in foreign currency.‘Customer Due Diligence for Offshore Gaming Version 1.0, Section 18. Where CDD Cannot be Canied Out - If a POGO licensee cannot satisfactorily obtain evidence of identity of it may not carryout transaction fo ‘the player, not astablish business relationship, or terminate business relationship, without prejudice tothe fling of a Suspicious Transaction Report. Section 20, COD Third Party Reliance - POGO licensees may rely on other covered persons such as banks, credit card companies and money service susinesses (MSBs) In terms of financial transactions Involving offshore gaming player wtlizing cred cards ‘and MSBs. However, the POGO licensee remains to be ultimately responsible for the appropriate conduct of CDD measures, Section 21. COD Outsourcing ~ POGO licensees may outsource “0 @ counter party, such as accredited service providers that handle the registration of offshore gaming Players, the conduct of CDD measures, Section 22. Responsibitties of the Counter Party ~ A counter party who applies CDD ‘measures for POGO licensees must: 2) Identily the player and venly player's identity using reliable, independent source documents, data or information am 8 appropriate, obtain information on the purpose and intended nature ofthe business reletionship, Feensee, elay, cop of all identification and verification data and other relevant docurnent on the entity ofthe player. 4) Retain copies of such data and documents for # period of five years beginning on ‘he date that the business felationship-with she player andes Yea eapivalent AMLIGET taining progrem.es.thatof ts emplovees-undedaking———— )_Undergo equivalent AMLICET training progam as. sinlar activi Section 23. COD by Group of Companies - POGO licensee may be teated as having complied with CDD under the folowing circumstances: @) The POGO licensee relied on the CDD conducted by any individual in the same group as the operetor (group of companies with overseas geming operations), ') That the group applies CDD measures, rules on record keeping end MLPP having equivalent effect.‘customer ue Dilgence for Offshore Gaming Version 1.0. ©} The effective implementation of the requirements is supervised at group level by a compliance group or by an authorty of a third country with equivalent authority that of the AMLC. @) That the AMUCFT laws, rules measure was conducted are, at the minimum, the same with the AMLA i PEP: ‘and regulations In the county where the CDD ts Section 24. CDD on PEPs~ POGO licensee in addition to performing CDD measures, they are also required to 2) putin place risk management systems to determine whether a player le a PEP; ») obtain. senior management approval before establishing (or continuing, for ‘existing players) such business relationships: ©) take reasonable measures to establish the source of wealth and the source of ‘funds of players identfied as PEPs; and 4) conduct enhanced ongoing monitoring on that relationship. Tite V Miscellaneous Provisions ‘Section 25.~_Compliance-Checking = PAGCOR and AMLCshal-have the power 15 conduct on-site and offsite compliance checking Section 26. Seperabilty Clouse — If any provision of this guidelnes is declared unconstitutional, the same shall not affect the valisty and effectivity of other provisions hereof. ‘Section 27. EffectCustomer Due Diligence for Offshore Gaming Version 1.0, “ANNEX A” ~ Source of Information he fallowing_are_useful source-of information for-POGO censees-whan- performing —— MLITF risk assessment. From the goverment such as those from the AMLICFT natioral rk assessment, notices. and alerts issued by regulators, and explanatory notes to relevent legislations; Database and information from regulators which may include publication of AMLICFT violations; ‘Those that are available from the AMLC and law enforcement agancies, such risk assessment reports, notices, typologies; ‘+ Information obtained as part ofthe inital COD process; ‘+ From the POGO licensee's own knowledge; ‘+ Information from industry bodies, such as typolagies and emerging risks; Information from intematonal montring bodies for eorupton ides and county reports; dering ane he Financ Action Task Force such es mutual evalustion reports, typologies, and blacklisting, ‘+ Information from credible and reliable open sources, such as reports in reputabl newspaper + Information from credible and reliable commercial érganizaton, such as risk and sok-conoe-ns ‘+ Information from statistical organization end the academe,customer Due Diligence fr Offshore Gaming Version 1.0 “ANNEX 8” — MLITF Risk Factors Roo tteersees stout enti thst METER TTS SE Torre OT Tie a TaN TAT THOTT Be CONATIRTEE BY POST licensees when conducting risk assessment: ‘Customer Risk Factors Risk factors that are associated withthe business: Does the player have links to sectors that are commonly associated with higher corruption risk, such as construction? Does the player have links to sectors that are rated as high risk fo- MLICFT, such as MSB, DPS, DPM? Does the player have links to sectors which involve significant amcunt of cash? + Isthe player @ PEP? player ef + Does the player hold another prominent position or enjoy a high public profile thet _ might enable them to abuse this position for private gain? Does the player have links to business that requires disclosure requirements? ‘+ Does the player have links to business in jurisdiction wth iow levels of corruption? Does the player’s background consistent with that of what they disclosed In relation to their previous, current, and planned gaming activity, source offurds and wealth? Ae tere zaerSe THI SPOTS OF ET TEISVERT SOUTCES OF TFSTATOR, WIEN a= reliable or credible, about the player's involvement in criminal or terrorist actvitias? Is the player or anyone publicly known to be closely associated wth him had theit assets frozen or subject of criminal proceedings or allegations of involvement in criminal orterorism related activity? Does the player subject of a previous suspicious transaction report?Customer Due Diligence for Offshore Gaming Version 1.0 Risk factors that are associated with nature and behavior: Does the player have a legitimate reason for not being able to provide evidence of = Cr i ete ae + Does the POGO licensee doubt the veracity or accuracy of the player's identity? i a financial transaction reporting threshold? + Does the player request unnecessary of unreasonable levels of s2crecy? ‘+ Can the player's source of funds and wealth be easily explained? Countries and Geographical Areas Risk Factor Risk factor that is associated with the jurisdiction where the player is based: + POGO licenses should consider the level of predicate offense to money laundering and the effectiveness ofthe countrys lagal system, Risk factor that is associated with the jurisdiction where the business of the player is located + Where the player's business is located in a jurisdiction with strategic deficiencies in its AMLICFT regime, enhance due dligence (EDD) should be undertaken, Risk factor that is associated with the jurisdiction where the known associates of the iayeristocated— + POGO licensee should consider the jurisdiction where the known associates of the player are primariy located, TRIER Taeiors that ate Sesociated with senices and Waneaction: + To what extent is the product or transaction allows the player to remain enonymous, or facilitate concealment of true identity? + To what extent is it possible for a third party that is not part of the business relationship to give instructions? + To what extent is the transaction complex end does it involve mutiple parties or ‘multiple jurisdiction? + To what extent do services alow payment from third parties?Customer Due Diligence for Ofishore Gaming Version 1.0 + Towhat extent are services cash intensive? ——bativery hammer Rist Factor sonar Fe F = transactions: ‘+ Is the player physicelly present during the identification process? + Has the player been subjected to CDD by ancther POGO licensee, belonging to the same group, and if so, to what extent can the POGO licensee rly that it will not be ‘exposed to excessive AMLICFT risk? ‘+ Has the player been introduced by third party / counterparty, $0, does the thie party / counterparty conduct CDD and keep records and that tis supervised for ‘compliance with comparable AMLICFT obligations under the AUILA and its CIRR standards, does the third party / counterparty provide, immediately upon request, relevant copies ofthe identification and verification data, and that the quality of the ‘COD can be relied upon by the POGO licensee? ‘+ Has the player been introduced by an agent, if so, to what extent can the POGO licensee be satisfied thet the agent has obtained enough information so that it knows the player and the level ot ssk associated with the business relations + Does the player uses a payment channel that is considered as high risk?customer Due Diligence for Offshore Gaming Version 1.0, “ANNEX C” ~ Guiding Principle In Assessing MLITF Risk Factor ing MLTR rose ake eH ss Fi that, together, will determine the level of MLITF risk associated with a business relationship. ‘As part of the assessment, POGO licensee may decide to weigh factors diferenty depending on theit relative importance. For example, player's personal links to @ Jurisdiction associated with higher MLITF risk is less relevant in relation to the features ofa service or transaction that they want o use Weighing Risk Factors Ultimately, the weight given to each of thase factors will vary from serzice to service and player to player When weighing risk factors, POGO licensees should ensure that: ‘+ Weight is not unduly infuenced by just one factor, ‘+ Eoonomi or proft consideration do not influence the risk rating; + Weighting wil not iead to a situation where it is impossible for any business relationship to be classified as high risk: nviess_oF Wansactions that are Wentiied as high risk for MUTF in the MLTF "National Risk Assessment are not over-ruled by the POGO licensee's weighting: + They can over-ride any automatically gonerated risk scores where necessary.