Pld Ft Policy

Anti-Money Laundering and Counter-Terrorist Financing Policy (AML/CTF)

1. APPLICATION

This Policy for the Prevention of Money Laundering, Terrorist Financing, and the Proliferation of Weapons of Mass Destruction applies to the Board of Directors, Officers, Executives, Employees, and persons associated with Sabiá Administração Ltda. ("Sabiá") and its brands (Br4bet, Gol de Bet, and Lotogreen) to ensure ongoing compliance with legal and regulatory obligations in the fulfillment of their responsibilities.

Violations of these procedures can cause significant risks to our reputation, including threats to our existing fixed-odds betting operating and marketing license, loss of trust, users, business partners, suppliers, and staff.

2. OBJECTIVE

The primary objective of this Policy is to establish Sabiá's unwavering institutional commitment to preventing and combating Money Laundering (ML), Terrorist Financing (TF), and Proliferation Financing (P).

Everyone must recognize that ML/TF/P poses a significant threat to the integrity of the fixed-odds betting industry and the national financial system. To proactively mitigate this risk and ensure that the platform is not used for illicit purposes, the company has established a robust, risk-based AML/CFT Program that is strictly aligned with applicable Brazilian laws and regulations. This includes, but is not limited to, Law No. 9,613 of 1998 (Money Laundering Law), Law No. 13,260 of 2016 (Anti-Terrorism Law), Law No. 14,597 of 2023 (General Sports Law), Law No. 14,790 of 2023 (Fixed Odds Betting Law), and Law No. 13,810/2019 (Compliance with International Sanctions).

The Program fully complies with the guidelines of the Secretariat of Prizes and Betting (SPA/MF), including the obligations defined by SPA/MF Ordinance No. 1,143, of 2024 (specific rule on PLD/FTP), as well as the provisions of Ordinances No. 827, 1,207, 1,212, 1,225, and 1,231, all from 2024.

The ultimate goal is to ensure that LD/FTP risks are identified, assessed, and mitigated on an ongoing basis, adopting an approach based on risk proportional to the company's risk appetite and the profile of its bettors, suppliers, and partners.

3. GOVERNANCE

3.1 Governance and Accountability
Structure With regard to the governance of the ML/TF Policy, Sabiá adopts a clear and integrated organizational structure that ensures commitment at all levels of the company.

Senior Management
Senior Management plays a strategic and decision-making role and is responsible for:
● Formally approving the guidelines of this Policy and ensuring adequate resources.
● Supervising and monitoring overall compliance with the AML/CFT Program.
● Analyzing and approving customers and partners classified as high risk, ensuring that such decisions are based on technical criteria and duly recorded.

Integrity and Compliance Department
The Integrity and Compliance Department acts with autonomy and technical independence, being the central unit responsible for managing, monitoring, and updating the Policy. Its responsibilities include:
● Promoting the continuous training of employees.
● Managing the relationship and communication with the competent regulatory bodies (COAF and SPA/MF).
● Supporting business units in implementing controls appropriate to their risk profile.
● Ensuring that all reports and records on the prevention of money laundering, terrorist financing, and related crimes are properly filed and kept for a minimum period of five (5) years, in accordance with current regulations.
● Submit, by the last business day of January of each year, an annual report to SPA/MF with information on risk assessment, best practices adopted in the previous year, and the internal assessment of the PLD/FTP program, in compliance with SPA/MF Ordinance No. 1,143/2024.

Active Collaboration of Business Units
The effectiveness of governance is complemented by the active collaboration of all other areas of the Company. Departments such as Human Resources, Legal, Customer Service, Commercial, Operations, and Information Technology perform operational controls, carry out initial due diligence, and immediately report any anomalies or suspicions to the Integrity and Compliance area. All sectors act in a coordinated manner, respecting the guidelines of this policy and ensuring compliance with legal and regulatory obligations.

3.2 Three Lines of Defense Model
As part of its Risk Management Structure, Sabiá adopts the Three Lines of Defense Model, ensuring a clear segregation of duties and the effectiveness of PLD/FTP controls:

First Line of Defense: Operational Risk Management
● Responsibility: Execution and ownership of risks.
● Action in PLD: The Operations Risk department and business teams (such as Customer Service) are responsible for implementing and operating PLD/FTP controls on a daily basis. They monitor the registration of bettors (onboarding), initial due diligence, and ongoing transaction monitoring.
Second Line of Defense: Compliance and Risk Management
● Responsibility: Supervision, monitoring, and challenge.
● Action in PLD: The Financial Crime Prevention/Compliance team is responsible for developing and maintaining the PLD/FTP Program, defining policies, conducting risk assessments, and ensuring that first-line controls are adequate and effective.
Third Line of Defense: Audit
● Responsibility: Independent assessment and assurance.
● Action in AML: Audit will conduct independent, risk-based audits to assess whether the first two lines of defense are functioning as expected. They provide senior management and the Board of Directors with objective assurance regarding the effectiveness of governance, risk management processes, and internal AML/CFT controls.

Using the three lines of defense system, we continuously monitor activities carried out by the Compliance Department as reported by the PLD program, as follows:

3.3 Assessment and Profiling (ABR)
● Assess and profile betting patterns, economic and financial compatibility, amounts transacted, frequency, and general user behavior, with the aim of identifying deviations from the registered risk profile (Suspicious and Atypical Profiles).
3.4 Detection of Risk Indicators
● Detect signs of suspicious activity, such as bets with amounts incompatible with the bettor's economic and financial capacity, high-volume sequential transactions, use of multiple accounts, attempts to move balances for non-gaming purposes (unjustified cash in/cash out), or the use of third parties to make deposits.
3.5 Analysis of Networks and Coordinated Activities
● Correlate transactions and activities between accounts and devices to identify coordinated networks that may be used to mask money laundering or terrorist financing practices, using data analytics tools and identifying network patterns (mirrored games, arbitrage, among others), generating automatic alerts for the AML sector.
3.6 Investigation and Communication (Report)
● Conduct immediate internal investigations based on alerts generated by monitoring tools. This step includes promoting additional measures with the user, preventive blocking of accounts and amounts, and, when applicable, reporting suspicious transactions to COAF or notifying the Ministry of Finance's Secretariat of Prizes and Bets (SPA/MF), in strict accordance with SPA/MF Ordinance No. 1,143/2024.
3.7 Effectiveness Assessment Report (RAE)
● Sabiá will prepare the Effectiveness Assessment Report (RAE - 019.2025) annually, with the objective of analyzing the effectiveness of the Policy, internal controls, and procedures applied. The RAE must be sent to SPA/MF by February 1 of the year following the base year, as required by Art. 11 of SPA/MF Ordinance No. 1,143/2024.

4. COMPLIANCE CULTURE

Sabiá's Culture of Compliance is the pillar that underpins its integrity, transparency, and business ethics. The policies, procedures, and behaviors demonstrated in the prevention of ML/TF are proof of Senior Management's commitment to operating in a lawful and transparent manner, establishing the minimum standard against which all other internal procedures and processes are developed, implemented, and monitored, covering all of the company's activities, its bettors/users, and relationships with third parties.

Sabiá recognizes that the fixed-odds betting sector is a complex regulatory environment, with an inherent ML/TF risk classified as Medium-High. Therefore, strict compliance with legal and regulatory obligations is imperative. Failure to comply with this Policy or current legislation may result in administrative liability (fines and sanctions from the SPA/MF), criminal and civil liability for the company, its directors and executives, as well as the employees responsible for the ML/TF/P process.

The continuous development of risk-based control environments, supported by robust technological solutions, is a priority supported and supervised by Senior Management, ensuring that:

● The First and Second Line of Defense functions are adequately staffed with professionals with proven knowledge and experience in risk management and LD/FTP practices.
● All employees and third parties receive mandatory and ongoing training, ensuring the necessary level of awareness of their obligations to identify and report suspicious activities.
● Legal and regulatory obligations—in particular those defined in Law No. 9,613/98 and in the SPA/MF regulations—are fully understood and complied with across the entire spectrum of the Company's activities and services.

The topic of PLD/FTP is an integral and permanent part of the agenda of all Executive Board meetings, ensuring that risk management is a fundamental component of Sabiá's governance. Business relationships that present a higher risk of LD/FTP are closely monitored and may be terminated at any time, according to the Company's risk criteria.

5. ESSENTIAL REQUIREMENTS OF THE POLICY

Sabiá's ML/TF Policy is based on the following mandatory requirements to ensure full compliance with Brazilian law, in particular Law No. 9,613/98 and the rules of the SPA/MF and COAF:

● Full Compliance: Statutory and regulatory obligations for ML/TF/P prevention are the minimum standard and must be fully complied with in all Sabiá operations
. ● Risk Management and Communication: The Company will continuously identify, assess, mitigate, and document ML/TF/P risks. Sabiá will promptly report suspicious activities and the possession of funds linked to terrorist activities or proliferation to COAF, in accordance with regulatory obligations
. ● Cooperation with Authorities: Sabiá will cooperate fully and provide prompt responses to all inquiries, requests, or requests for assistance from competent police, judicial, tax, and regulatory authorities.
● Risk-Based Controls: Regulatory license requirements, internal risk assessments, and analysis of ML/TF typologies and trends will serve as the basis for the implementation of robust and proportionate internal controls, which will be periodically reviewed and communicated to all.
● Governance Monitoring: Continuous monitoring of control structures will be carried out to ensure that Senior Management (Directors, Committees, and the Integrity and Compliance Department) and regulatory bodies (SPA/MF) are duly informed about compliance with PLD/FTP obligations.
● Second Line Supervision: Supervision of Sabiá's compliance with legal and regulatory obligations is carried out by qualified and properly trained professionals who make up the Second Line of Defense.
● Product and Service Analysis: Proactive analyses will be conducted between the head of the Compliance Department and the business development areas, aiming to mitigate the risk that new products, services, or technologies will be used to facilitate ML/FTP/P crimes.
● Customer Due Diligence (CDD) /EDD (Enhanced Due Diligence)]: Assessments of the bettor/user will be carried out in relation to ML/TF risks throughout the commercial relationship, using appropriate screening, identification, and verification methods.
● Proportionality of Due Diligence: The level of inherent or residual risk presented by a bettor (classified in Sabiá's Risk Matrices) will determine the proportional application of Due Diligence (CDD) or Enhanced Due Diligence (EDD), as well as the intensity of ongoing monitoring.
● Termination of Relationships: The Company may terminate, based on risk, relationships with bettors, suppliers, or third parties whose conduct raises suspicions of involvement in illegal activities or who are classified outside the established risk appetite.
● Enterprise Risk Assessment (ERA): Sabiá will conduct periodic corporate risk assessments (at least annually or whenever there are relevant changes in the business model, new payment methods, entry of strategic partners, or significant regulatory changes) to identify, measure, and formally document the risks that its products and services may be used for ML/TF practices.

6. AML/CFT PROGRAM

The Anti-Money Laundering, Counter-Terrorist Financing, and Proliferation of Weapons of Mass Destruction Prevention Program (AML/CFT) is the instrument through which Sabiá implements the guidelines of this Policy.

The Program is managed by the Compliance Department and supervised by the Integrity and Compliance Directorate, and is subject to ongoing compliance monitoring and independent reviews, if necessary.

Main Components of the Program

Sabiá's PLD/FTP Program is composed of the following pillars, in strict compliance with Brazilian law (Law No. 9,613/98) and the rules of SPA/MF and COAF:
1. Compliance Department:
Responsible for the strategic and daily management of PLD/FT incidents.

2. Risk-Based Approach and Matrices:
o Implementation and ongoing maintenance of a Risk-Based Approach for the assessment and management of ML/FTP risks.
o Use of specific ML/TF Risk Matrices, covering bettors, suppliers, and employees, based on the risks identified in Sabiá's Business Risk Assessment (ARE).

3. Customer Due Diligence (CDD/EDD):
o Implementation and ongoing maintenance of Customer/Bettor Due Diligence (CDD) procedures, identification, verification, and Know Your Customer (KYC).
o Mandatory application of Enhanced Due Diligence (EDD) for bettors who present a higher risk, in particular the assessment of economic and financial compatibility between the bettor's profile and their operations.

4. Sanctions and Politically Exposed Persons (PEPs):
o Identification and ongoing monitoring provisions for Politically Exposed Persons (PEPs), including obtaining approval from Senior Management for the relationship.
o Integrated screening of new and existing bettors against national and international sanctions lists, in strict compliance with Law No. 13,810/2019 and United Nations Security Council resolutions, including continuous screening and verification and the obligation to immediately freeze the assets of the sanctioned individual or entity, without prior notice, immediately communicating this to the SPA/MF and COAF.

5. Transaction and Communication Monitoring:
o Implementation and ongoing maintenance of risk-based systems and procedures to monitor bettor account behavior and transactions, with a view to detecting suspicious or atypical activities.

6. Communication to COAF: Procedures defined for the Integrity, Compliance, and Relationship with the Ministry of Finance Department to carry out mandatory external communications of confirmed suspicious activities to COAF within 24 (twenty-four) hours, counted from the conclusion of the analysis and in the manner determined by the regulations.

6.1. Compulsory Monitoring of Typologies - Sabiá's PLD/FTP Program establishes the compulsory and continuous monitoring of all 22 (twenty-two) risk typologies of Money Laundering, Terrorist Financing, and related crimes, as detailed in Articles 24 and 25 of SPA/MF Ordinance No. 1,143/2024. The operational criteria (triggers) for detecting these typologies are detailed in the document - Rules and Frameworks - PLD-FT.

7. Training and Awareness:
Provision of mandatory and ongoing training on AML/CFT for all employees, senior management, and the Board of Directors. Training should include legal obligations, the consequences of non-compliance, and clarity about the risks for everyone.

8. Product Assessment and Management:
o Formal risk assessment of new products or services and relevant changes to existing products to mitigate PLD/FTP risk prior to market launch.

9. Third-Party and Personnel Management:
o Supervision and risk management of employees, partners, and third-party service providers, including due diligence procedures and ongoing monitoring.
o Monitoring of limits and unusual transactions.

7. RISK ACCEPTANCE AND MANAGEMENT

Sabiá adopts a zero-tolerance policy for the entry of individuals or entities that represent a high risk of ML/TF. All customer acceptance and maintenance processes are conducted under a risk-based approach, in accordance with the guidelines of SPA/MF Ordinance No. 1,143/2024.
ML/TF risk is identified and measured through Internal Risk Assessment (IRA). The Risk Matrix used for management is defined annually and linked to a set of operational alert triggers based on the 22 SPA/MF Typologies, ensuring adherence to the Risk-Based Approach (RBA).

Fundamental Principles

● Mandatory Due Diligence: All bettors/users are subject, at the time of registration and on an ongoing basis, to the following due diligence processes:
o Identification and Verification (KYC/CDD);
o Screening of Politically Exposed Persons (PEP);
o Verification against Sanctions and Adverse Media lists;
o Risk Assessments (static and dynamic); and
o Monitoring of transactions and behavior.
● Risk Management: The Compliance Department, in coordination with the risk teams and PLD analyst, is responsible for assessing, documenting, and monitoring the PLD/FTP risk associated with each bettor.
● Enhanced Approval (PEPs and High Risk): Users classified as high risk, and specifically PEPs, will be subject to Enhanced Due Diligence (EDD) and require prior and ongoing approval from Senior Management (Integrity, Compliance, and Ministry of Finance Relations Department or Risk Committee) to establish and maintain a business relationship.

Conditions for Refusal or Termination of the Relationship
The relationship will not be established or will be immediately terminated when the bettor falls into one or more of the following categories:
● Individuals legally prohibited from using Sabiá's services.
● Individuals or entities that insist on anonymity or refuse to provide mandatory information and documentation for registration.
● Users who appear to be a straw or ghost account.
● Individuals or entities that appear on national or international sanctions lists.
● Individuals convicted of money laundering, terrorist financing, or related crimes.
● Users/bettors with significant geographic risk.
● Users associated with high-risk criminal activities, such as drug trafficking or illegal arms trade.

8. DUE DILIGENCE WITH SUPPLIERS, PARTNERS, AND THIRD PARTIES

The Company adopts a Risk-Based Approach (RBA) for the due diligence, qualification, and classification of all third parties that have a relationship with Sabiá, including suppliers, partners, and service providers.

1. Due Diligence and Risk Classification
All suppliers, partners, and service providers are subject to identification, qualification, and risk classification for ML/TF (Money Laundering, Terrorist Financing, and Proliferation of Weapons of Mass Destruction), in accordance with Art. 14 of SPA/MF Ordinance No. 1,143/2024.

The level of due diligence is proportional to the identified risk:

● Standard Screening: Includes verification of national and international sanctions (in accordance with Law No. 13,810/2019) and the history of involvement in ML/TF crimes by third parties and their directors or executives.
● Enhanced Due Diligence (EDD): Will be applied to third parties classified as high risk, including investors, shareholders with significant holdings, and partners in large transactions, mergers, acquisitions, or sponsorships. This diligence includes a detailed analysis of the origin of funds and the purpose of the business relationship.

If the screening identifies alerts for sanctions or involvement in ML/TF crimes, the Integrity and Compliance Area will review the relationship for compliance and may determine its immediate termination.

2. Monitoring and Communication
Sabiá will take reasonable measures to monitor third-party transactions or activities that may raise suspicions of ML/TF. This includes monitoring large transactions or atypical activities, ensuring compliance with COAF reporting requirements, when applicable.

3. Training and Awareness
When appropriate, higher-risk third parties may be subject to periodic mandatory training on topics related to ML/TF (Art. 7, IV of the Ordinance). The training will provide context, guidance on compliance with legal obligations, the possible consequences of non-compliance, and clarity on the risks associated with the misuse of Sabiá's products and services.
4. Banking Partners and Investors
The principles of this policy and program detailed in this document are intended to provide assurance to the Company's banking partners and investors regarding the robustness of the control environment and senior management's commitment to its global obligations to comply with PLD/FTP guidelines.

5. Record Retention
Data and documents collected from third parties for due diligence and screening procedures will be stored in internal systems for a period of at least five (5) years after the end of the contract or business relationship, in compliance with Law No. 9,613/98, Art. 10.

9. RESPONSIBILITIES

9.1. PLD/FTP STRUCTURE AND GOVERNANCE

Sabiá establishes a Money Laundering and Terrorist Financing Prevention (PLD/FTP) Governance structure based on the segregation of responsibilities between Senior Management and Operational Management, in accordance with the guidelines of Ordinance SPA/MF No. 1,143/2024.

A. Integrity, Compliance, and Ministry of Finance Relations Department

The Integrity, Compliance, and Relations with the Ministry of Finance Department is responsible for complying with Sabiá's AML/CFT obligations, with the autonomy and authority necessary to perform its duties, and is responsible for:
1. Ensuring the continuous updating and improvement of this Policy.
2. Ensuring that records and documents relating to PLD/FTP measures and transactions are filed and kept for at least five (5) years after the end of the relationship, in compliance with Article 10, paragraph 2, of Law No. 9,613/98.
3. Ensuring that the Annual Report is sent to SPA/MF by February 1 of the following year, certifying compliance with policies, procedures, and controls (SPA/MF Ordinance No. 1,143/2024, Art. 11).
4. Ensuring adequate and ongoing training for managers, employees, partners, and contractors.

B. Compliance Department

Sabiá designates the Compliance Department to fulfill operational obligations and exchange information with the Financial Activities Control Council (COAF), in accordance with Art. 9 of SPA/MF Ordinance No. 1,143/2024. The Compliance Coordinator has autonomy and is required to make the final decision on the need to report suspicious or non-occurring transactions to COAF, without the need for approval by the Executive Board and Board of Directors. He is ultimately responsible for ensuring strict compliance with regulatory deadlines for analysis and reporting, including: a) The maximum period of thirty (30) days for completing the analysis of an atypical transaction, from the date of occurrence (Article 26, paragraph 2). b) The maximum period of 24 (twenty-four) hours for reporting suspicious transactions to COAF, from the conclusion of the analysis (Art. 27).
9.2. HUMAN RESOURCES (KYE)

 Responsible for applying Know Your Employee (KYE) procedures, reporting situations that require further analysis to the Compliance Department. Supports the assessment of risks and necessary measures for handling incidents of transactions or operations suspected of money laundering and related crimes, in line with the duty to assess employee risk (Art. 14 of Ordinance SPA/MF No. 1143/2024).

Ensure that employees complete mandatory training.

9.3. MANAGEMENT, EMPLOYEES, PARTNERS, AND CONTRACTORS

Are familiar with and follow the guidelines of this Policy, including completing mandatory training.

They immediately report any situation, operation, or proposal suspected of involvement in any illegal act to the Compliance Department and respond in a timely and objective manner to requests regarding issues related to the Prevention of Money Laundering and Terrorist Financing.

10. COMMITMENT OF SENIOR MANAGEMENT

The Senior Management of Sabiá Administração LTDA fully supports the implementation of this Policy and ensures the human, technological, and operational resources necessary for its effective execution. All sensitive cases, such as atypical transactions or customers classified as PEP, must be submitted to the Executive Board for approval.