Logo
App Logo

AML & KYC Policy

This Anti–Money Laundering (AML), Counter-Terrorist Financing (CTF), Sanctions, and Know Your Customer (KYC) Policy (“Policy”) sets out how Zishes (“we”, “us”, “our”) prevents the Platform from being used for illicit purposes. It applies to all users and sellers worldwide and must be read together with our Terms & Conditions, Privacy Policy, Prohibited & Restricted Items Policy, Seller Agreement, and Fair Play Policy. By using Zishes, you agree to comply with this Policy.

1) Purpose, Scope & Principles

  • Purpose: Detect, prevent and report money laundering, terrorist financing, fraud, sanctions violations, and other financial crime.
  • Scope: All users (members), sellers, ultimate beneficial owners (UBOs), authorized representatives, and relevant transactions/payouts.
  • Principles: Risk-based approach, proportionality, data minimization, confidentiality, regulatory cooperation, and continuous improvement.

2) Key Definitions

  • KYC: Identifying and verifying a customer’s identity.
  • KYB: Identifying and verifying a business, its officers, and UBOs (≥ 25% ownership or control, or lower threshold if required by law).
  • EDD: Enhanced Due Diligence for higher-risk customers, geographies, products, or behaviors.
  • PEP: Politically Exposed Person, including close associates and family members.
  • SAR/STR: Suspicious Activity/Transaction Report to competent authorities where legally mandated.
  • Sanctions Lists: UN, OFAC (US), HMT (UK), EU Consolidated, and local lists (including UAE, India) and any other applicable regime.

3) Risk-Based Approach

We categorize risk across customer, geographic, product, andbehavioral dimensions. Controls scale with risk:

  • Customer risk: individual vs. seller; PEP; adverse media; prior violations.
  • Geographic risk: sanctioned/embargoed countries; high-risk jurisdictions (per FATF or local regulators).
  • Product risk: large payouts, cross-border shipments, high-value prizes.
  • Behavioral risk: unusual transaction patterns, rapid cycles, third-party payments.

4) Customer Onboarding & Verification (KYC/KYB)

We use approved identity verification partners and internal checks. Access may be limited until KYC/KYB is complete. We may refuse, suspend, or terminate accounts that fail verification.

  • Members (Individuals): full name, date of birth, country, address, email/phone verification; government-issued photo ID; biometric liveness where required.
  • Sellers (Individuals): all the above plus proof of address, tax ID where applicable.
  • Businesses (KYB): legal name, registration number, incorporation documents, registered address, directors; identification of UBOs (≥ 25% or lower if required), KYC on UBOs/signatories; local tax/VAT/GST numbers; trade licenses where applicable.
  • Sanctions & PEP screening: at onboarding and periodically thereafter; adverse media checks for higher-risk profiles.

Timelines: Standard KYC is typically completed within 24–72 hours; EDD may require additional time. Access to payouts and high-value prize listings is restricted until verification is complete.

5) Enhanced Due Diligence (EDD)

EDD is triggered by any of the following (non-exhaustive):

  • PEP matches or adverse media related to financial crime.
  • High-risk jurisdictions or cross-border flows with opaque rationale.
  • Unusual activity (rapid funding, high velocity of prize wins, circular flows).
  • Inconsistent source of funds (SoF) or source of wealth (SoW).

EDD Measures: additional documentary evidence (bank statements, invoices, SoF/SoW declaration), independent verification, tighter limits, manual approval for payouts, and more frequent monitoring.

6) Source of Funds / Source of Wealth

We may request evidence of the origin of funds and overall wealth where risk indicates. Acceptable documents include recent bank statements, pay slips, sale contracts, audited accounts, tax returns, or other credible documentation linking funds to legitimate activities.

7) Ongoing Monitoring & Transaction Controls

We employ automated and manual monitoring. Examples of red flags include:

  • Multiple accounts controlled by the same person or device fingerprint.
  • Use of VPN/proxies to obfuscate location, especially from restricted regions.
  • Frequent payment failures, chargebacks, or identity mismatch.
  • Rapid accumulation or unusual spending patterns unrelated to normal platform use.
  • Attempts to convert Zish Credits into cash or off-platform value.

Thresholds & Limits (illustrative, jurisdiction-dependent): we may apply daily/monthly participation caps, payout review thresholds (e.g., AED 10,000 / ₹200,000 / £2,500 equivalents), and cumulative risk scoring to trigger EDD or freezes.

8) Sanctions, PEP & Adverse Media Screening

  • We screen customers, UBOs, counterparties, and (where relevant) payees against UN, OFAC, HMT (UK), EU and applicable local lists (e.g., UAE, India).
  • Positive/possible matches lead to denial, suspension, or EDD as legally required.
  • We also use adverse media checks to identify financial-crime exposure.

9) Geographic Restrictions & Prohibited Use

  • No access from sanctioned/embargoed countries or to sanctioned persons/entities.
  • No use for illegal activity, third-party payments, or cash-like withdrawals.
  • We may geoblock categories or features based on local law (see Prohibited & Restricted Items Policy).

10) Account Freezes, Holds & Termination

We may place temporary holds, suspend features, or terminate accounts if we suspect policy breaches, identity fraud, sanctions concerns, or financial crime risk. We may also withhold payouts while investigations are ongoing and reverse allocations obtained through fraud or chargeback abuse.

11) Reporting Suspicious Activity (SAR/STR)

Where required by law, we will file SAR/STR with competent authorities in relevant jurisdictions based on risk, location of the entity, and activity patterns. We are generally prohibited from “tipping off” users about such reports. Cooperation with lawful requests (e.g., subpoenas, court orders) is provided as required.

12) Recordkeeping & Retention

  • KYC/KYB, transactional, and monitoring records are retained for at least 5 years from the end of the relationship or longer if required by law.
  • Records include identity data, verification results, screening logs, risk assessments, transaction histories, and any SAR/STR filings (where allowed).

13) Data Protection & Security

  • KYC/KYB data is stored securely with access restricted to authorized personnel on a need-to-know basis.
  • We use encryption in transit, secure key management, vendor due diligence, and breach response procedures.
  • See our Privacy Policy and Data & Cookie Policy for details on processing, lawful bases, international transfers, and user rights.

14) Third-Party Vendors & Outsourcing

We may use reputable third-party providers for identity verification, sanctions/PEP screening, device intelligence, fraud prevention, payments, and analytics. Vendors are subject to due diligence, data-processing agreements, and ongoing oversight. We remain responsible for compliance outcomes.

15) Organization, Roles & Training

  • Compliance Lead / MLRO: Oversees AML/CTF program, approves EDD decisions, manages SAR/STR filings where required, and liaises with regulators/law enforcement.
  • Operations & Support: Frontline controls; escalate red flags promptly.
  • Engineering & Data: Maintain monitoring systems, alerting, logging, and secure storage.
  • Training: Mandatory annual AML/CTF training; role-based refreshers; updates following regulatory changes or audit findings.

16) Audits, Quality Assurance & Continuous Improvement

  • Periodic internal QA and independent audits of AML controls.
  • Model and rule tuning for monitoring effectiveness; false-positive reduction.
  • Remediation plans for identified gaps, tracked to closure.

17) Consequences of Non-Compliance & False Representation

  • Providing false or misleading information during KYC/KYB, SoF/SoW, or at any point may lead to immediate suspension or termination, forfeiture of benefits, withholding of payouts, recovery of losses, and notification to competent authorities.
  • Sellers listing counterfeit or misrepresented items face penalties set out in the Seller Agreement.

18) Jurisdictional Notes (Illustrative, Not Exhaustive)

  • UAE: Compliance with applicable UAE AML/CTF laws and Central Bank guidance. VAT (5%) and corporate tax rules apply to eligible entities. We may file reports via the competent UAE FIU systems where required by law.
  • India: Compliance with applicable AML/CTF requirements. Real-money gaming taxes do not apply to Zishes’ membership model; however, AML screening and suspicious activity reporting obligations are observed where applicable.
  • UK/EU: Compliance with UK Money Laundering Regulations and EU AMLDs as applicable, including sanctions (HMT/EU) and data protection (UK GDPR/GDPR).

We reserve the right to apply more stringent controls than the local minimum where our risk assessment indicates heightened exposure.

19) Member & Seller Responsibilities

  • Provide accurate, current information and promptly update changes (name, address, ownership).
  • Respond to KYC/KYB or EDD requests in a timely manner; failure may result in restrictions or closure.
  • Use your own payment methods; third-party payments are prohibited unless expressly approved.
  • Do not attempt to circumvent geoblocks, sanctions, or this Policy. Report suspected abuse to compliance@zishes.com.

20) Policy Governance, Updates & Contact

We review this Policy at least annually and after material regulatory or business changes. We may update it without prior notice; material updates will be highlighted on our site/app. Questions or requests relating to this Policy can be sent to compliance@zishes.com.

Effective date: [Insert Date]. This Policy is a global framework and may be supplemented by jurisdiction-specific addenda where required by local law.

← Back to Home