Anti-corruption policy

1) Purpose, principle of zero tolerance and scope

We prohibit any form of corruption: bribes, kickbacks, "gifts for a solution," facilitation payments ("simplifying payments"), hidden commissions, fictitious contracts/acts. The policy is mandatory for employees, managers, contractors, affiliates, agents, resellers, consultants and joint ventures in all markets of presence.

2) Definitions (brief)

Bribe: Providing/promising value to influence the decision.
State official: employee of the regulator, state-owned enterprises, polyexposed person (PEP), their relatives/proxies.
Gifts and hospitality (G&H): items, services, tickets, meals, travel.
Conflict of interest (CoI): Personal gain affecting service decisions.
Intermediary/Agent: A third party acting on our behalf.

3) Roles and RACI

Owner: Head of Compliance/Legal - policy, exceptions, investigations. (A)

Managers: prevention, expense/gift approvals, initial CoI assessment. (R)

Procurement/Finance: contracts, verification of counterparties, control of payments/item codes. (R)

Affiliate/Marketing Leads: control of creatives, bonuses, rewards to partners. (R)

HR/L & D: training, recording confirmations. (R)

InfoSec/DPO: data protection in cases, access on a need-to-know basis. (C)

Internal Audit: independent checks, control tests, follow-up CAPA. (C)

All employees and affiliates: policy compliance, reporting violations. (R)

4) General requirements

1. No bribes/kickbacks/" facilitation payments" regardless of amount.
2. Gifts/hospitality are only permissible as a moderate business courtesy that does not influence decisions.
3. Any payments/benefits to state employees - only after written approval by Legal/Compliance.
4. Political contributions - prohibited on behalf of the company; personal - outside of work and without using company assets.
5. Charity/sponsorship - acceptable with beneficiary transparency, no conflict, prior due diligence and approval.
6. Third parties (agents, affiliates, PSP intermediaries) - only after KYB/due diligence and contractual anti-corruption clauses.
7. All operations are reflected correctly and fully in books and records (books & records).

5) Gifts, hospitality and expenses (G&H)

Prohibited: cash/equivalents, luxury gifts/travel, gifts in tenders/negotiations, "account splitting" to bypass limits.

• Up to €50 - possible without prior approval, entry into the register.
• €50- €200 - manager approval required.
💡 €200 - Legal/Compliance approval.
• Any spending for goslitsy is always Legal/Compliance approval.
• Hospitality: business lunches/events of moderate value, associated with a business agenda, participation of the sender is mandatory (without "ticket transfer").
• Expenses: only for approved items; checks/justification; prohibition of "gray" schemes through affiliates.

6) Conflicts of Interest (CoI)

Required to disclose: family/personal ties with suppliers/affiliates; external employment; investments that create the appearance of influence.
The CoI form is submitted prior to the commencement of the engagement/transaction; possible withdrawal from solutions.

7) Interaction with government officials and regulators

Contacts pass through designated representatives.
Any payments/hospitality are prohibited without the approval of Legal/Compliance.
Documents/data - only true and complete; prohibition of "acceleration" through intermediaries.

8) Charity, sponsorship, grants

Beneficiary verification (KYB, sanctions/PEP), purpose and business connection; no hidden benefits for officials.
Contract, transparent payment to the organization's account, public reporting.
Political/party events - not funded.

9) Third parties: suppliers, agents, affiliates, PSP partners

• Registration/Owners (UBO), Beneficiaries, Sanctions/PEP, Litigation/Media Risks.
• iGaming market reputation, codes and past violations.
• Compensation models (CPA/RevShare/CPL): lack of motives for "grey" practices.
• Agreements include: anti-corruption and sanctions clauses, audit rights, prohibition of sub-agents without consent, termination for cause.
• Affiliate risks: aggressive creatives, traffic substitution, "opaque" rewards - lead to blocking and clawback.

10) Books & Records and internal controls

Incorrect coding of articles ("marketing" instead of "gifts") is prohibited.
All payments are confirmed by contracts/acts/invoices; double approval for "sensitive" articles.
Separation of functions (SoD): initiator ≠ coordinating ≠ payment controller.
Separate codes for G & H/sponsorship/donations; G&H and CoI registries.

11) Training and confirmation

Onboarding + annual recertification (85% threshold).
Special modules for sales departments/affiliates/government interactions.
Confirmation of familiarization with the policy and limit register.

12) Whistleblowing

Channels: anonymous line/mail, form on the intranet, direct contact with Compliance/Internal Audit.
Protection against repression; Feedback SLA; public statistics of appeals (without personalities).

13) Investigations and disciplinary actions

Case registration, fact collection, data protection, conclusion.
Measures: from reprimand/reassignment to termination/transfer of materials to regulators/law enforcement officers.
CAPA: root cause management (processes/controls/training).

14) Red flags (examples)

Requests "to make payment without a contract/act/exact description of services."

Payments to offshore/personal accounts/cash/crypto without policy justification.
Consultant "with special ties" to the regulator; "success commission" requirements as a percentage.
Too high affiliate commissions vs market; split invoices to bypass limits.
Gifts/tickets during the tender or regulator inspection period.
Unusual speed of approvals with the participation of a specific employee.

15) Control procedures (minimum set)

Pre-approval: all G&H above limit; any spending for goslings; charity/sponsorship; politically sensitive markets.
Dual-control: double coordination of "sensitive" payments and changes in beneficiaries/details.
Vendor/Affiliate Due Diligence: KYB checklists, annual risk reassessment.
Spend Analytics: dashboard of G&H articles/sponsorships, search for anomalies (growth, concentration, seasonality).
Gifts & CoI Registers: required records and periodic revision.
Audit Trail: immutable logs of approvals/payments in ERP.
Marketing/Affiliates Controls: white lists of creatives, prohibition of "gray" geo/target audiences, post-beck reconciliations.

16) Metrics and SLO

Coverage of training ≥ 98%; On-time ≥ 95%.
G&H no registration = 0 cases.
Abnormal spending (analytics flags) - investigated ≤ 15 working days.

Due Diligence SLA: base ≤ 5 days, recessed ≤ 15 days

Repeat findings by IA <10% sq.

Whistleblowing TTR: primary response ≤ 3 days, closure ≤ 30 days

17) Templates and forms (quick inserts)

Application for a gift/hospitality: who/to/what/cost/agenda/business connection/goslitso ?/date/approvers.
CoI form: description of the situation, parties involved, proposed measures (withdrawal/control).
Due Diligence Checklist (KYB): registration/UBO/PEP/sanctions/reputation/fin. reporting/contracts/payment channels.
Clawback application for affiliate: terms of retention in case of violations (creatives, fraud traffic, fines of regulators).
Charity/sponsorship report: purpose, KPI, beneficiary, supporting documents.

18) Stop-Payment procedure

1. freeze payment → 2) notify Compliance/Legal → 3) collect documents → 4) decision to proceed/cancel/escalate → 5) record in incident register and CAPA.

19) Embedding in processes

Procurement/ERP: built-in approval routes, coding of articles, prohibition of "bypasses."

CRM/Affiliates: whitelists, payment limits, automatic stop on "toxic" creatives.
Finance: reconciliation of bank details, confirmation of the beneficiary through an independent channel.
Legal: a centralized repository of contracts with the AS-clause and the right to audit.

20) Checklists

Before G&H approval

• No tender/negotiation.
• Cost in limits; business purpose; donor involvement.
• Not goslico (or there is written approval from Legal).
• Writes to the registry.

Before payment to counterparty

• Contract/Act/Service Description; correlated KPIs/results.
• UBO/Sanctions/PEP reviewed; bank details confirmed.
• Approvals in ERP/two controllers; the article code is correct.

Affiliates

• KYB and traffic checking; creatives on the whitelist.
• The payout model is transparent; close conditions and audit rights.
• Monitoring of "toxic" geo/groups.

21) Frequent mistakes and how to avoid them

The "market tradition" of giving expensive souvenirs → politics is more important than "traditions."

"Marking" gifts as marketing → separate codes and revisions.
Verbal agreements with the "assisting" consultant → only written contracts.
Ignoring CoI "for the sake of speed" → a mandatory declaration before the transaction.
Unaccounted affiliate bonuses → a single register and cap on payments.

22) 30-day implementation plan

Week 1

1. Appoint policy owner and exception committee.
2. Approve G&H limits and sensitive item list.
3. Launch Gifts/CoI registers + request templates.

Week 2

4. Include approval routes in ERP/Procurement; individual article codes.
5. Implement minimum due diligence for new counterparties/affiliates.
6. Prepare a course and test (RU/EN + locales of key markets).

Week 3

7. Conduct training sessions for managers, Affiliate/Marketing, Procurement/Finance.
8. Run Spend-dashboard and anomaly alerts.
9. Conduct an audit scan of the past 90 days for incorrect codes/expenses.

Week 4

10. Start an anonymous message channel and communication campaign.
11. Release v1. 0 policies; collecting acknowledgements of familiarization.
12. Prepare IA spot-checks for the quarter and KPI reporting to MR.

• Code of Ethics and Conduct
• Staff compliance awareness
• AML training and employee training
• Internal Audit and External Audit/Audit Checklists and Reviews
• Regulatory reports and data formats
• License renewals and inspections
• Regulatory changes by region
• Compliance dashboard and monitoring