Know Your Customer (KYC) Policy for Costa Rica Internet Gaming Operators

TIGA.Game does not require identity verification to register, play, deposit, or withdraw. You sign up with an email and start playing instantly. We request verification (KYC) only where we have a specific, reasonable suspicion of fraud, money laundering, or a breach of these Terms, or where we are required to by law. If that happens we will tell you exactly what we need, and withdrawals are paused only until verification is complete. No documents at signup. No documents to cash out. No questions, unless something looks wrong.

The English version prevails.

Operator

Tiga.game is owned and operated by 3-102-899757 SRLA, registration number 4062001319112, registered address: Plaza Luperon, Oficina Nueve, Playas Del Coco, Distrito Tercero, Sardinal, Carrillo, Guanacaste, COSTA RICA.

1. Purpose of the KYC Policy

The Know Your Customer (KYC) Policy establishes mandatory procedures and standards to ensure that Internet Gaming Operators licensed in Costa Rica:

• Verify the identity of players where there is a reasonable suspicion of fraud, money laundering, or where required by law.
• Prevent fraudulent activities.
• Comply with Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) regulations.
• Maintain a safe, transparent, and secure gaming environment.

2. Objectives of KYC

1. Compliance with Regulations: Ensure adherence to local and international AML/CTF laws and FATF recommendations.
2. Player Integrity: Verify the identity of players to prevent underage gambling, fraud, and financial crime.
3. Risk Mitigation: Minimize risks associated with high-risk jurisdictions, Politically Exposed Persons (PEPs), and suspicious transactions.
4. Transparency: Promote responsible gaming and safeguard player funds.

3. Scope

This policy applies to all players registering for gaming services, business relationships established with third-party service providers, and transactions exceeding designated thresholds or identified as high-risk.

4. Key KYC Principles

1. Customer Identification: TIGA.Game does not verify identity based on any deposit or transaction threshold. Identity verification is requested only when there is a reasonable suspicion of fraud, money laundering, or terrorist financing, when an automated risk flag is raised by our payment processor, or where required by law.
2. Risk-Based Approach: Apply varying levels of due diligence based on the player's risk profile.
3. Record Retention: Maintain all KYC-related documents and transaction records for at least five (5) years.
4. Continuous Monitoring: Monitor player behavior and transactions to identify suspicious activity.

5. Customer Identification and Verification Process

5.1 Information Collection. Where identity verification is triggered (see Key KYC Principles below), the following information may be requested: full legal name; date of birth (to confirm minimum legal age); nationality; residential address; contact information (email and phone number); and proof of the payment method used. No documents are collected at registration.

5.2 Document Verification. When verification is triggered, the following documents may be requested and verified:

1. Proof of Identity: valid government-issued ID (passport, national ID card, or driver's licence) containing the player's photo, name, and date of birth.
2. Proof of Address: recent utility bill, bank statement, or government correspondence (not older than three months).
3. Payment Verification: bank statements or screenshots showing ownership of payment methods used.

5.3 Enhanced Due Diligence (EDD). EDD is required for players with high-risk profiles (e.g., PEPs or players from high-risk jurisdictions), transactions exceeding $10,000 USD or groups of linked transactions exceeding $10,000 USD, and unusual or complex transaction patterns. EDD measures include verifying source of funds and source of wealth, conducting additional identity checks, monitoring transactions more frequently, and screening customers against global sanctions and watchlists including the United Nations (UN), European Union (EU), Australian Government, U.S. Treasury Department (OFAC), and UK HM Treasury.

6. Risk-Based Approach

Operators classify players into risk categories based on geographic location, player activity, and player type. Based on the classification, low-risk players receive Standard Due Diligence (SDD); high-risk players receive Enhanced Due Diligence (EDD).

7. Ongoing Monitoring

7.1 Transaction Monitoring: Automated tools monitor transactions for unusual activity such as large deposits or withdrawals, rapid movements between accounts, and multiple small transactions designed to evade reporting thresholds.

7.2 Behavioral Monitoring: Identify patterns indicative of problem gambling, fraud, or potential ML/TF activities.

7.3 Trigger Events: Periodic reviews of player accounts triggered by account inactivity followed by large transactions, player profile updates (e.g., changes in address or payment method), or notifications from third-party monitoring services.

8. Politically Exposed Persons (PEPs)

8.1 Identification: PEPs include individuals who hold or have held prominent public functions, as well as their family members or close associates.

8.2 Enhanced Measures: Conduct comprehensive checks using third-party databases. Obtain approval from senior management before establishing a business relationship. Regularly review the account and transactions for unusual activity.

8.3 Sanctions and Watchlist Screening: The Company screens customers against a consolidated set of global sanctions and watchlists, including but not limited to the UN Sanctions List, EU Consolidated List, Australian Sanctions List, U.S. Treasury (OFAC) SDN List, and UK HM Treasury Financial Sanctions List.

9. Record Keeping and Confidentiality

9.1 Retention Period: Retain all KYC documents, transaction records, and communication logs for a minimum of five (5) years after the business relationship ends.

9.2 Data Protection: Securely store player data in compliance with applicable data protection laws and international privacy laws such as GDPR. Ensure player data is used solely for verification and compliance purposes.

9.3 Accessibility: KYC records are accessible to regulatory authorities upon request.

10. Reporting Obligations

10.1 Suspicious Activity Reporting (SARs): Report suspicious activities within 7 days of detection, including detailed information on the player, transaction, and reasons for suspicion.

10.2 Threshold Reporting: Report all transactions exceeding $10,000 USD, even if no suspicion arises.

11. Compliance Oversight

11.1 Appointment of a Compliance Officer: The Operator appoints a Compliance Officer responsible for overseeing KYC implementation, liaising with regulatory authorities, and ensuring the submission of SARs and transaction reports.

11.2 Internal Audits: Periodic internal audits evaluate the effectiveness of KYC measures.

11.3 Training Programs: Train employees on KYC procedures, including identifying fraudulent documentation, recognizing red flags for ML/TF activities, and reporting obligations under Costa Rica's regulatory framework.

12. Penalties for Non-Compliance

Failure to comply with KYC requirements may result in administrative penalties (including fines), suspension or revocation of the Operator's gaming licence, or referral for criminal investigation, if applicable.

13. Continuous Improvement

The Operator regularly reviews and updates KYC policies to align with changes in AML/CTF regulations and adopts advanced technologies (such as AI and blockchain) to enhance verification processes and reduce fraud.

14. Contact Information

For assistance or inquiries regarding KYC compliance, contact [email protected].

Disclaimer: This KYC policy is a framework designed to meet the regulatory requirements of Costa Rica. The Operator adapts this policy to specific operational needs while ensuring full compliance with local laws and regulations.

Last updated: 2026-05-14