AML and Sanctions Compliance Policy & Procedures


Company Overview

Aim Games, LLC (“Aim Games” or the “Company”) operates a mobile app (the “App”) through which individuals, who are physically located in a permitted state, may play skill-based eSports games in two formats: (1) in a practice mode setting (“Single Player Mode”) in which no real money is wagered or won; and (2) in multi-player head-to-head competitions in which players may compete against one another to win real cash prizes (the “Competitions”). The App will be available for download on both Android (direct download and Samsung store) and iOS devices. The Company has structured the Competitions to remove all random elements and to synchronize all game elements for all players. Given these circumstances, the outcome of each Competition is determined by skill rather than chance.

Aim Games is not a financial institution as defined by the Bank Secrecy Act (“BSA”) and as such is not subject to the requirements of the BSA. Regardless, the Company has established this Compliance Program to protect Aim Games, its banking and payment partners, and its users against the risk of money laundering.

Policy Statement – Compliance Program

It is the policy of Aim Games to prohibit and actively seek to prevent money laundering and any activity that facilitates money laundering or the funding of terrorist or criminal activities and to confirm compliance with economic sanctions. Accordingly, the Company has designed and implemented risk-based policies and procedures to facilitate the Company’s compliance with any applicable provisions of the Bank Secrecy Act (“BSA”) and its implementing regulations, other applicable anti-money laundering laws and regulations, and economic sanctions including those administered by the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”).

This Policy will be reviewed and updated on a regular basis to confirm appropriate policies, procedures and internal controls are in place to account for both changes in regulations and changes in the Company’s business. Additionally, the Company will regularly assess the tools it is using to implement this policy and its related procedures to test the effectiveness of those procedures.

Overview of Program

The Company has assessed the risks in its business relating to money laundering, terrorist financing, and sanctions compliance. Certain users, third parties, and transactions naturally pose higher risks based on various factors including, but not limited to, the nature of the transaction, heightened sanctions, anti-money laundering, or corruption risks in the geographic region associated with the user or transaction, and other facts specific to the user or transaction.

Based on a consideration of these risks, the Company has developed this Anti-Money Laundering Compliance Policy and Procedures (the “Policy”) which outlines the Anti-Money Laundering Compliance Program (the “Program”) which is reasonably designed to prevent the Company’s platform from being used to facilitate money laundering and the financing of terrorist activities. The elements of the Program are outlined below:

1. Designation of an AML Compliance Officer

The Company will designate a qualified individual who is competent and knowledgeable of AML laws and regulations and economic sanctions to serve as the Company’s Anti-Money Laundering Compliance Officer (“AML Compliance Officer”). The AML Compliance Officer is responsible for coordinating and monitoring day-to-day AML compliance and overseeing all aspects of the AML Compliance Program. The AML Compliance Officer is also responsible for reporting the status of ongoing AML compliance matters to the Company’s Board. The AML Compliance Officer will have the authority and independence with no influence from business lines to communicate and report issues directly to management and the Company’s Board.

2. Internal Policies, Procedures and Controls

The AML Compliance Officer will monitor the Company implementation of the risk-based protocols outlined in this Policy and confirm that the Policy is updated regularly to take account of new or changed regulations or guidance and to address new or emerging compliance risks to the Company.

3. Implement Risk-Based Know Your Customer/Customer Due Diligence/Third Party Risk Management Procedures

The Company will utilize risk-based Know Your Customer (“KYC”)/Third Party Risk Management Procedures that are appropriate considering the Company’s business model and specific risks. The Company will use internal and third party tools to help assess, and mitigate these risks including, but not limited to GeoComply (www.geocomply.com) for identity verification and for geolocation purposes.

Additionally, Enhanced Due Diligence (“EDD”) Procedures will be utilized for certain users or third parties determined to present elevated compliance risks as outlined in the Policy.

4. Training and Education.

All Company employees will receive formal AML training. Training will be periodically updated to reflect changes in regulatory requirements or other important updates that will assist the Company in identifying and combating money laundering and other suspicious behaviors. All employees will be required to undergo this training at least once every calendar year. The AML Compliance Officer and compliance staff will also receive periodic training that is relevant and appropriate to remain informed of changes to regulatory requirements that may impact the company’s risk profile.

5. Independent Testing

The Company will conduct an independent review of the compliance program on an annual basis to assess the adequacy and effectiveness of the AML Program. The review will be completed by either an internal, qualified resource, or the Company may elect to engage an external party. In either case, the selected party will be independent of Aim Games’ AML Compliance Officer. The Company’s Board (or designated Board committee) will prepare and document appropriate action plans for any findings noted in the review and will monitor management’s timely completion of those action plans.

6. AML Compliance Officer

The Company has designated Sara Stapleton as its Chief Compliance Officer and Anti-Money Laundering Compliance Officer (“AML Compliance Officer”), with oversight for the Company’s AML Program and compliance. The AML Compliance Officer will report directly to the Board with respect to the implementation and execution of this Policy.

The duties of the AML Compliance Officer will include monitoring the Company’s compliance with its AML obligations, overseeing communication and training for employees, and all other assigned duties related to implementation of this Policy and the Company’s Program.

The AML Compliance Officer will also take actions necessary for the Company to maintain records necessary for the Company’s bank(s), payment provider(s) and/or payment gateway to fulfill their BSA obligations including the filing of Suspicious Activity Reports (“SARs”).

The AML Compliance Officer is vested with full responsibility and authority to enforce the firm’s AML Program and will report bi-annually to the Board of Directors the status of AML Compliance Program. This report is to provide an overall assessment of the Company’s compliance with AML requirements and the directives of this policy.

7. Know Your Customer and Third-Party Risk Mitigation Procedures

The Company utilizes risk-based procedures to mitigate compliance risks arising from user and third-party relationships to the extent reasonable and practicable through risk-based procedures as outlined below. The information collected by the Company will be used to confirm compliance with economic sanctions administered by OFAC, anti-money laundering laws and regulations, and other applicable laws.

a. Collection of Information

i. User Information

1. Notice to Users

Each user will be notified that the Company may collect information to verify their identity as required for the Company to comply with applicable laws and the requirements of its banking partners. Each user will be required to certify that the information is accurate. User’s will be asked to recertify information periodically. The Company will only allow account creation by individual users. Entities are not permitted to create user accounts or use the Company’s platform. Notice is provided in the Company’s Terms of Service.

2. Information Required

Free-to-play games do not give the player the opportunity to win cash prizes. Players who have not made a deposit and only engage in free-to-play games may register an account by providing the information below. Email verification will not be required for these players and the location of these users will be verified using geolocation services.

Prior to making a deposit in a pay-to-play user account, the Company will require each individual user to provide:

• Full Legal Name;

• Country of residence and zip code;

• Date of Birth;

• Email Address (verified);

• Phone Number (verified); and

• Verified geolocation

Users may also be required to verify their phone number prior to making subsequent deposits.Users may also be required to provide additional information, including a photo of their government-issued identification document (both front and back if appropriate) and complete a real-time selfie during the lifetime of the account. The Company may also do identity verification without requiring a government-issued identification, using third-party partner to verify self-reported information. Note that the additional information may be requested for any user, and a user does not have to be identified as “high risk” to trigger additional information requests. These additional risk-based measures may be triggered for a variety of reasons, including, but not limited to:

• Withdrawal request

• Account red flags, suspicious activity

• Geolocation anomalies

• Account balance

• Size or frequency of deposits/purchases

• Suspicious payments

3.Failure to Provide Information

Any prospective or current Aim Games user who declines to provide complete identifying information, or to respond to inquiries by the Company for additional information, will be denied access to the Company’s platform.

ii. Collection of Third Party Information

With respect to vendors and third parties with which the Company transacts, the Company will also collect the following information:

• Full Legal Name of the Individual or Entity

• Residential or Business Address

• Country of Residence or Location of Headquarters

• Date of Birth (individual)

• Email Address

• Phone Number

b. Compliance Screening

With respect to all prospective accounts and third-party partners and vendors, the Company will screen the identifying information of the individual or entity to identify potential matches with the U.S. Department of the Treasury’s Office of Foreign Assets Control’s list of Specially Designated Nationals (“OFAC List”), and additional lists of restricted parties as outlined in Section V of this Policy. This screening will be conducted using an internally developed process with data made available by OFAC and other lists, including internal ban/deny lists, which may be created to support player self-exclusion, to prevent accounts being opened by individuals previously banned for fraud, suspicious activity, or other reasons.

Paying users will be cleared within three (3) business days of an initial deposit and, in any case, prior to a withdrawal. If a potential match to the OFAC List is identified, the prospective account will be referred to the AML Compliance Officer or their delegate for further review. During this process a reviewer will compare the information relating to the prospective account with the information on the OFAC List to determine whether it is an actual match. The same process will be conducted for matches to any other restricted lists used by the Company.

If the reviewer can determine that it is not a match, the account can be cleared for activation. The information used to clear the match shall be retained in the file associated with the user for a period of five years in a case management system or secure database, with appropriate user and password controls.

If the Company confirms a positive match of the user’s information with the SDN list, it shall take steps to: (1) block the user account so that it can no longer be utilized; (2) notify its bank, payment processor, or payment gateway provider immediately; (3) confirm any balance in the account so that funds can be blocked and segregated with the assistance (if needed) of the bank, payment processor, or payment gateway provider; and (4) make the appropriate filing with OFAC.

c. Risk Assessment

i. Users

Additionally, the Company will implement procedures to identify user accounts determined to be “high-risk” as outlined below. Such user accounts shall be subject to enhanced due diligence. The Company has conducted a risk assessment of its user base. Based on that assessment, the Company has concluded that user accounts that meet the parameters below warrant enhanced due diligence.

Accordingly, the Company will implement steps to identify accounts that pose heightened risks both at onboarding and during periodic reviews. For purposes of this Policy, high risk accounts will be identified as:

• Accounts of individuals located outside the United States;

• Accounts with an initial deposit in excess of $500 or multiple deposits in a one-week period in excess of $500;

• Withdrawals in excess of $250 or multiple withdrawal in one-week period in excess of $250;

• Discrepancies in information provided by user;

• Failure by a user to provide required/requested information;

• Accounts subject to any law enforcement inquiries, subpoenas;

• Accounts with significant or multiple chargebacks;

• Accounts exhibiting unusual play, payment or other suspicious activity;

• Unusual geolocation, device ID, or login behavior;

• Information received from a third party (payment processor, bank partner, etc.);

Any user account identified as “high risk” shall be subject to the enhanced due diligence procedures below.

ii. Third Parties

The Company has also conducted a similar risk assessment with respect to certain third party vendor and partner relationships. For purposes of this Policy, a high-risk relationship will be defined as:

• A third party with which the Company does in excess of $250,000 annually with the exception of regulated banks; in each case other than advertising and user acquisition partners and professional services firms (e.g., legal, financial, tax and accounting services); or

• A third party based outside the United that the Company engaged in $100,000 or more annually in transactions; in each case other than advertising and user acquisition partners and professional services firms (e.g., legal, financial, tax and accounting services);

• A third party based in any location that provides advertising or user acquisitions services for which the Company pays a commission or similar service fee (excluding funds used for advertising or user acquisition) in excess of $500,000 annually;

The Company has determined that its current third-party vendors and service providers pose a low risk of money laundering.

d. Enhanced Due Diligence for Users and Third Parties

i. Overview

The Company will utilize enhanced due diligence steps at onboarding and through ongoing monitoring with respect to users or third parties identified as “high risk,” including the following steps. For the avoidance of doubt, the AML Compliance Officer will have the discretion to determine which steps are necessary depending on the partner and the services provided.

• Collecting additional identifying information regarding the individual or entity (e.g., Social Security Number, Passport Information, Tax Identification Number);

• Collecting documents verifying the identity of an individual (e.g., copies of a government issued identification, e.g. driver’s license, passport);

• Collecting information regarding the source of funds solicited from the user;

• For entities, collecting additional information to verify the identity of officers, directors, and beneficial owners;

• Utilizing public source and database research to identify any adverse information in the public domain or government enforcement actions; and

• Requesting additional information or explanation at the discretion of the AML Compliance Officer.

The results of this additional diligence shall be collected and stored in a file. If any user is subject to the enhanced due diligence process, the results of this enhanced due diligence will be reviewed and approved in writing by the AML Compliance Officer within five (5) business days after the user is flagged as high risk.

Users identified as high risk that are ultimately onboarded should also be prioritized in the Company’s ongoing monitoring protocols for any unusual activities or “red flags” as outlined below. The Company shall maintain records of users and third parties that it determines not to work with.

ii. Assessment of Red Flags

In conducting either an initial review of a high-risk client or a periodic review of an existing client or a third party, the Company’s compliance team shall utilize the following non-exhaustive list of red flags, which could indicate potential compliance risks:

• Individual user’s account is identified as exhibiting signs of fraud;

• Individual provides unusual or suspicious identification documents that contain discrepancies and/or cannot be readily verified;

• Individual or entity asks to have funds transferred to or from the bank account for a different individual or entity;

• Individual or entity utilizes bank accounts in a different jurisdiction from where they reside or are based;

• Individual or entity appears to be acting as an agent of an undisclosed principal;

• Individual or entity appears to “structure” deposits, withdrawals, below a certain amount to avoid reporting or recordkeeping requirements;

• Individual or entity expresses concern with the Company’s reporting of information to banking partners or government entities and record-keeping practices;

• Individual attempts to create multiple separate accounts on the Company’s platform;

• Individual or entity is reluctant to provide complete information requested by the compliance team;

• Individual begins engaging in transactions that differ substantially from their normal activities, or from a typical Aim Games user;

• Individual does not identify a legitimate source for the funds, or the information provided is false, misleading, or substantially incorrect;

• Individual engages in an unusually large number of transactions by dollar value or volume compared to other users;

• Individual or entity is identified in a government enforcement action or the Company receives a government subpoena requesting information on the individual or entity.

When a member of the compliance team detects any red flag, or other activity that may be suspicious, he or she should notify the AML Compliance Officer. Under the direction of the AML Compliance Officer, the Company will determine whether or not to investigate the matter further. This may include gathering additional information internally or from third-party sources, freezing the account and/or notifying the Company’s banking partner.

This list of red flags is not meant to be exhaustive. The Compliance team should identify any set of facts that it reasonably believes poses a heightened compliance risk. However, the existence of one or more of the red flags above does not necessarily indicate improper activity. There may be reasonable explanations and the Compliance team should take reasonable steps to investigate those facts.

e. Multiple Account Restrictions

The Company restricts each user to only one account. The Company will flag and review accounts where users engage in Competitions if accounts have the same name, date of birth and/or device ID to determine whether there might be an attempt to violate this restriction.

In addition to the items listed above, accounts with users engaged in Competitions with matching physical or IP addresses and phone numbers will also be flagged and reviewed. If a potential multiple account violation is identified, all such accounts will be reviewed under this policy to enable the strongest possible AML controls. Users who have created a second account, are attempting to create a second account or are under suspicion of creating a second account may cause the Company, after internal consultation with the firm’s AML Compliance Officer, to report the situation to its bank(s), payment processor(s) and/or payment gateway provider for further SAR filing with FinCEN.

8. Office of Foreign Assets Control (OFAC) Sanctions Compliance

As outlined above, within three (3) business days after making a deposit and prior to approving a withdrawal, and on an ongoing basis, the Company will check to confirm that a user does not appear on the SDN list or is not engaging in transactions that are prohibited by the economic sanctions and embargoes administered and enforced by OFAC. Because the SDN list and listings of economic sanctions and embargoes are updated frequently, the Company will consult them on a regular basis and subscribe to receive any available updates when they occur. With respect to the SDN list, the Company may also access that list through various software programs to enhance speed and accuracy as determined at the discretion of the AML Compliance Officer. The Company will also review existing accounts against the SDN list and listings of current sanctions and embargoes when they are updated and the AML Compliance Officer will document the review.

a. Screening

All funded accounts (except for free-to-play) will be compared against the OFAC list. No withdrawals shall occur until a user has been screened and, where applicable, all information has been collected and verifiedin accordance with the procedures identified in Section IV of this Policy. The information must be reviewed against the OFAC list at the time of activation and periodically thereafter.

If a possible OFAC Match is identified, the applicable account will be immediately disabled until further research can be done. The designated parties in the Compliance Department will review all possible matches. Review for possible OFAC Match includes:

• The information will be compared to the SDN list on the treasury website http://www.treasury.gov/resource-center/sanctions/SDN-List/Pages/default.aspx

• If there is a name match, the reviewer will compare the entire SDN information (if available) with the user:

  • Date of Birth

  • Address

  • Nationality

  • Place of Birth

  • Other details made available on the SDN entry

• If the information does not match beyond name, the item is cleared and follow up documentation will be included in the file, identifying when the possible match occurred, the reason for the possible match, and the supporting information for clearing the possible match.

• Managing a True OFAC Match

If the Company confirms a positive match of the user’s information with the SDN list, it will take action to block the applicable user’s account and notify the Company’s bank(s), payment processor(s) and/or payment gateway provider so that these partners may report all relevant information to the appropriate authority(ies), as required.

c. OFAC List Updates

The Company will update and utilize the OFAC list at least monthly.

d. Blocked Transactions

All assets and accounts of an OFAC-specified country, entity, or individual are prohibited by law and must be blocked when such property is located in the U.S., is held by U.S. individuals or entities, or comes into the possession or control of U.S. individuals or entities. Assets and property include anything of direct, indirect, present, future or contingent value. The Company shall immediately notify its bank(s), payment processor(s) and/or payment gateway provider if it determines an account should be blocked.

If a user calls regarding the account freeze, they can be advised that their account has been blocked in accordance with government-mandated sanctions administered by OFAC. The user may be informed of their right to apply to OFAC for the unblocking and release of funds.

e. Prohibited Countries

The Company restricts business in countries sanctioned by OFAC, as well as countries deemed to pose a high risk to the Company and those with deficient AML controls as reported by organizations such as the Financial Action Task Force (FATF). The AML Compliance Officer maintains a list of prohibited countries which will be regularly reviewed and updated.

A prohibition on new user accounts will be placed on the countries listed and all transactions of any type are prohibited involving these countries. The Company will not open accounts for persons with addresses in these countries, or contract with a third-party organized or located in a prohibited country. Additional IP blocking protocols will be implemented and regularly reviewed so that users in the prohibited countries cannot access the Company’s platform.

9. Suspicious Activity Reporting (SAR)

The AML Compliance Officer is responsible for continuously monitoring and overseeing the Program to confirm its ongoing effectiveness. This includes both identifying if false positive reviews are unnecessarily detracting from the efforts in reviewing suspicious activity as well as identifying potential gaps in the monitoring process that are allowing for potentially suspicious activity to go undetected. The AML Officer is the only person with the authority to change the review thresholds to better align the Program’s efforts with the required results.

Suspicious activity can be identified in a variety of methods that may indicate money laundering or other illicit activities. When a transaction is identified, it may only require further review or it may require additional reporting and actions by the Company.

In assessing whether activity is suspicious the Company will consider the red flags outlined above in this Policy.

If the Company identifies potentially suspicious activity, it shall be reported to the Company’s bank(s), payment processor(s) and/or payment gateway provider according to the relevant protocols established with those parties. The bank(s), payment processor(s) and/or payment gateway provider will then determine if a SAR will be prepared and submitted by them. Under certain circumstances, Aim Games may choose to voluntarily file a SAR with FinCEN.

10. Currency Transaction Reporting, Form 8300

The Company does not currently have arrangements in place to accept cash or cash equivalents for deposit into customer accounts. Should this change, the Company will update this policy to appropriately address transaction monitoring and cash transaction reporting requirements.

11. Record Retention

Records created in connection with the Company’s AML Program shall be retained for a minimum of 5 years. These records can be maintained in many forms including original, electronic copy, or a reproduction, and the Company will maintain all records in a way that makes them accessible in a reasonable period of time.

12. Training

The Company will develop ongoing employee training under the leadership of the AML Compliance Officer and senior management. Aim Games employees will receive AML training on at least an annual basis.

All employees and managers will receive a minimum training and additional training will be provided as appropriate depending on their responsibilities.

The Company’s training will include, at a minimum:

• The requirements of this Policy;

• The importance of AML compliance, policies and procedures, and employee responsibilities;

• Basics of how money laundering works and what terrorist financing is;

• An overview of anti-money laundering laws and regulations, including the Bank Secrecy;

• An overview of economic sanctions;

• Suspicious activity red flags; and

• Procedures for reporting suspicious activity.

The Company will develop training internally or through a third-party subject matter expert, such as a lawyer or consultant. Delivery of the training may include educational pamphlets, videos, intranet systems, in-person lectures, training classes, webinars, other online methods, and explanatory memos. The Company will review its operations to see if certain employees require specialized additional training. The Company’s written procedures will be updated to reflect any such changes.

13. Independent Testing

The Company shall commission an independent audit of its implementation and execution of this Policy to cofnirm it conforms to the Policy, the requirements imposed by its bank(s), payment processor(s) and/or payment gateway provider, and applicable law. The audit will review the policies to cofnirm the activities covered in the policies and procedures represent appropriate controls and demonstrate operations consistent with this Policy. The audit will be completed on a periodic basis, but at least every 18 months.

All audit exceptions will be identified and tracked, including identifying the exception, the proposed course of action, the risk rating of the exception, the employees, managers and/or departments responsible for the corrective action, the current status of the corrective action, and the date completed/proposed date of completion.

The records for each audit shall be maintained for five years from the date of the audit.

APPROVAL AND REVISION HISTORY

Approved on: 6/19/2025

Approved by: PB Media Group, Inc. the sole member of Aim Games, LLC