Operations and Compliance → Verification of Source of Funds

Verify funding source (SoF/SoW)

1) What SoF and SoW are and why it's needed

SoF (Source of Funds) - documentary evidence of where the money came from for the game/deposit/output.
SoW (Source of Wealth) - an explanation of how the player's general condition was formed (assets/liabilities/income).

Objectives: compliance with the requirements of licenses and payment partners, reducing the risks of laundering and fraud, protecting vulnerable players (RG) and building an evidence base.

2) SoF/SoW principles

1. Risk-Based Approach: Depth of verification depends on geo/payment method/amounts/patterns.
2. Proportionality: we request only the required set of documents.
3. Evidence-by-Design: Each solution is accompanied by artifacts and tracing.
4. Timeliness & Fairness: transparent deadlines (ETA), understandable requirements for documents, respectful tone.
5. Privacy-first: minimization of personal data, encryption, limited access and retention.

3) When to request SoF/SoW (triggers)

Financial thresholds: single withdrawal of ≥ X, total deposits/turnover for N days ≥ Y.
Risk patterns: velocity/structuring, multiple payment instruments, cash-like methods.
In-game behavior: high turnover on low income, "cashing in" (minimum risk/minimum time).
Profile events: VIP/raising limits, changing payment details, high-risk geo/POP/address media.
Payment incidents: chargeback/returns/discrepancies of the owner of the funds.

4) What is accepted as evidence (examples)

• Salary: employer's certificate/statement for 3-6 months/tax form.
• Self-employment/business: tax returns, contracts, bank statements on the business account.
• Investments: brokerage statements, dividends, coupons.
• Sale of assets: sales contract + receipt to the account.
• Inheritance/gift: notarial documents + bank confirmation.
• Crypto income: exchange/custodian reports, tx history, fiat cash out.

Requirements for documents: readability, completeness of details, date not older than N months, coincidence of full name/address, corresponding amounts with movement on the platform.

5) SoF/SoW policy (framework)

yaml policy_id: SOF-POL-001 scope: players rba:
low:  {geo: "trusted", methods: ["bank_transfer"], monthly_turnover_max: 1000}
medium:{geo: "mixed",  methods: ["cards","wallet"], monthly_turnover_max: 10000}
high: {geo: "high_risk" OR pep==true OR crypto_usage==true}
triggers:
- single_payout >= 3000
- rolling_deposits_30d >= 5000
- payout_destination_change == true
- aml_flags in {velocity, structuring, srcdst_mismatch}
required_evidence:
low:  [salary_stub OR bank_statement]
medium: [bank_statement_3m, employer_letter OR tax_return]
high:  [tax_return, bank_statement_6m, source_of_wealth_summary]
decisions:
approve:  sof_consistent==true request:  need_additional_docs==true decline:  inconsistencies OR unverifiable_sources review_sla_days: 180 owner: mlro

6) Controls-as-Code (fragments)

yaml control_id: SOF-PAYOUT-GATE scope: payouts trigger:
expr: (payout_amount >= sof_threshold[country]) OR risk_band>=high actions:
- block: payout
- request: "sof_package"
- notify: aml_ops evidence:
fields: [player_id, payout_amount, risk_band, country, thresholds_version]

yaml control_id: SOF-SRC-TO-SRC scope: payouts trigger:
expr: payout_destination!= last_successful_deposit_source actions:
- limit: payout "require_same_source"
- request: "proof_of_ownership_for_destination"
exceptions:
- condition: method_type=="bank_transfer" AND policy. allow_bank_payouts==true

yaml control_id: SOF-CRYPTO-CASHOUT scope: payouts trigger:
expr: crypto_usage==true AND fiat_payout>=crypto_threshold actions:
- request: ["exchange_account_statement","tx_history","proof_of_fiat_offramp"]
- flag: aml_review

yaml control_id: SOF-RISK-SCORE inputs: [velocity, structuring, srcdst_mismatch, sanctions, pep, adverse_media]
score:
expr: 0. 25velocity + 0. 2structuring + 0. 2srcdst + 0. 2pep + 0. 1adverse + 0. 05geo thresholds:
- high:  score>=0. 8 -> KYC3_EDD + full_SoW
- medium: score>=0. 5 -> targeted_SoF
- low:  auto_clear

7) Process (SOP) - Case Lifecycle

SOP: SoF Request

1. Autogate control → creating a case with reasons and a list of required documents.
2. Sending a letter to the player/in the chat: a list of documents, format, deadline, ETA response.
3. Reminders: T + 48h, T + 96h; if there is no answer - output restriction.

SOP: Document Analysis

1. Match name/address/IBAN and amounts to profile/transactions.
2. Check the time frame (period coverage), regularity of receipts, inconsistencies.
3. If necessary, request additional evidence/clarification.
4. Decide 'approve/ request_more/decline', document justification.

SOP: Solution and Communications

1. For'approve '- remove the lock, fix the link to evidence, audit log.
2. For 'decline' - fix cause/references, notify AML/Compliance, consider SAR/STR.
3. Update the risk profile and timeline of the case, close the case with the final status.

SOP: Re-checks

By event (new thresholds/change of details/VIP/PEP) or by SLA (for example, once every 12 months for high-risk).

8) Data integration

KYC/KYB: verification levels and matching details of the owner of the funds.
Payments: deposit/withdrawal histories, cards/IBAN/wallets, chargeback.
AML: velocity/structuring/sanctions/PEP/address media.
Case-tool: statuses, deadlines, communications, SLA and SAR/STR export.
DWH/BI: SoF cases, consistency control, reporting.

9) Privacy, security, retention

Minimization: request only relevant pages/fields.
RBAC/ABAC: only AML/Compliance has access to documents; watermarks/time references.
Encryption: at rest/in transit; keys - HSM/Vault.
Retention: retention by jurisdiction (usually ≥ 5 years after the last operation) and removal policy.
Audit - Each read/decision is logged.

10) Quality and Metrics (KPI/OKR)

• SoF Case Time-to-Triage (P95), Decision TAT (median), Hold Duration.
• Completion Rate (share of cases with a full package), Re-request Rate.

• Approval/Decline/Escalation Share, SAR/STR on SoF (for confirmed cases).
• Mismatch Rate, False Negative/Positive proxy.

• SoF Drop-off, CSAT on communications, complaints about timing/clarity of requirements.

• Chargeback/Fraud Loss ↓, MTTR payouts after SoF ↓, Evidence Completeness ≥ 98%.

11) Templates (fragments)

yaml case_id: SOF-2025-1042 player_id: P-887231 risk_band: high reason: ["payout>=3000","srcdst_mismatch"]
requested_docs: ["bank_statement_6m","tax_return","employment_letter"]
deadline: "2025-11-08T23:59:00Z"
status: awaiting_docs  # triage    awaiting_docs    review    approved    declined    sar_submitted analyst: aml. ops@domain notes: []
evidence_uri: s3://sof-evidence/P-887231/2025-11/

- Name/address/details match?
- Does the statement period cover turnover?
- Is the regularity of income confirmed?
- Do sums and frequencies correspond to dep/conclusions?
- No obvious edits/anomalies?
- Result: approve/ request_more/decline (justification)

Subject: Additional confirmation of the source of funds
Hello, <Name>! For a secure withdrawal, we need documents:
Bank statement for the last 3-6 months (PDF/scan)
Income confirmation (certificate/tax form)
Please upload files by <date>. Funds are reserved, the status of payments will be updated immediately after verification. If you have any questions, please reply to this email.

12) Special cases

Cryptocurrency: demand exchange/custodian reports, match on-chain and off-ramp, avoid self-reported screens from wallets without backing up.
Cash/cash: allowed only if there are legitimate documents (sale, gift, inheritance) and bank crediting.
Gifts/third parties: confirmation of the source from the sender + the right to dispose; increased risk.
PEP/RCA: always EDD and extended monitoring.

13) Anti-patterns

Universal "thick" package for all cases without RBA → high drop-off.
Locks "without time" and without clear communication.
Accept screenshots instead of originals/verifiable PDFs/statements.
Lack of docking with payments (source-to-source) and AML signals.
Two versions of the truth: decisions in the mail, data in DWH - without a common SSOT.
There is no re-evaluation of cases, thresholds are not revised.

14) 30/60/90 - implementation plan

• Approve SOF-POL-001 (triggers, thresholds, RBA), include'SOF-PAYOUT-GATE 'and'SOF-SRC-TO-SRC'.
• Connect case management, letter templates and checklists, evidence storage.
• Set up SoF Overview dashboards (volume/statuses/ETA).

• Add 'SOF-CRYPTO-CASHOUT' and aggregator 'SOF-RISK-SCORE', country-overrides.
• Integrate KYC/KYB/Payments (owner-match, IBAN/card/wallet) and autopause payments.
• Introduce quality sampling/audit cases, retro by FPs.

• Achieve Evidence ≥ 98%, reduce Decision TAT and Hold Duration to target,
• Link KPI SoF with OKR AML/Payments/Support, conduct internal audit of the design and effectiveness of controls.
• Prepare external/regulatory reports and periodic threshold review methodology.

15) FAQ

Q: When is SoF enough without SoW?
A: For one-time or moderate thresholds. SoW needs VIP/PEP/high-risk, with prolonged high turnover or obvious profile inconsistencies.

Q: Can I pay to another account?
A: Only with confirmed ownership and additional checks; preferably source-to-source.

Q: What to do if the amounts do not match?
A: Request extended statements/clarifications, in case of critical discrepancies - decline and consider SAR/STR.

Q: How to reduce the burden on the player?
A: Clear requirements, example of acceptable documents, secure upload, partial autocomplete and reasonable timeframe.