POLICIES & PROCEDURES
As authorities across the globe tighten their regulatory frameworks in a climate that is becoming increasingly regulated, businesses have needed to adapt and ensure specific measures and controls are in place.
We have assisted many clients with the drafting of various policies and procedures tailored to different jurisdictions depending on your local requirements, the specific requirements of your licensing body, and your company’s procedures.
Depending on the jurisdiction where you are located, you may be obliged to have specific policies prepared. Financial institutions and regulators require several procedures to be presented at the setup stage before they accept a client or application, making it increasingly necessary for a business to have these set up from the beginning.
We can help you draft your company’s Anti Money-Laundering (AML) and Combating the Financing of Terrorism (CFT) policies according to local regulatory requirements and internal procedures.
Nowadays, banks and financial organizations require this record as part of their onboarding process to open a bank or a merchant account, specifically if you are in the iGaming industry, but not necessarily only for licensed entities.
In general, having these corporate policies in order is good practice. They need to be kept up to date with the occasional changes in your country's local registration and licensing regulations. AML/CFT policies are often associated with the KYC / Onboarding policies as they go hand in hand but may be presented as one or two separate documents.
It is an internal document kept within the company's records and is sometimes requested by the regulator and financial organizations.
Terms and conditions, also called “Terms of Service” or “General Conditions,” should always be found on a website that provides a service to a third party.
It is the basics of the contractual relationship between the company offering the service and its client, whether a business or an individual.
It should contain quite a few standard and essential pieces of information, such as, amongst others, the regulations the clients must adhere to, data processing information, the limitation of liability clauses, cancellation, users’ rights, and many other elements.
It is also important to know that:
→ Not only licensed entities should have terms and conditions (T&Cs) on their website.
→ Terms & Conditions on the website should not be confused with policies and procedures, which is an internal document.
We can draft your terms and conditions tailored to your company and according to the local regulations in your country of registration and country of licensing (if applicable).
The primary role of policies and procedures is to set general guidelines and action points to determine what should be done when performing routine tasks and in case of an event outside of ordinary dealings.
Most regulators would ask for this record and usually request it includes technical (IT, equipment, software) and operational standpoints.
It is an essential document for any entity, regardless of size, as it helps everyday operations run smoothly and more efficiently.
These are often associated with the Anti-Money Laundering / Countering the Financing of Terrorism (AML/CFT) procedures as they complement each other.
KYC and onboarding procedures refer to the company’s policy for accepting and identifying new customers.
It usually results in a risk assessment to classify one’s customer under a low, medium, or high risk rating.
This is not limited to B2C oriented businesses and should also be in place for companies dealing with other corporate entities as their customers.
Responsible gaming procedures would mainly need to be in place for B2C licensed entities operating in the gaming industry, as such procedures aim to address problem gambling.
This would also be part of the mandatory training for employees working in customer related positions to help them identify behaviors and patterns of compulsive gambling.
Regarding players, it should also include the possibility to set time limits, website details and contact numbers for support, players’ complaints or self exclusion programs, temporary or permanent.
Concerning operators, it would also include advertising policies and restrictions plus measures to prevent underage gambling.
There are several different policies not mentioned above, such as the ones oriented explicitly to employees in the company (vacation time, working from home, employee benefits, code of conduct, confidentiality rules, etc.), but also other procedures such as data protection/GDPR or gaming-related policies that may be necessary to have in place depending on the country of licensing, such as sports betting integrity policies.
The list goes on, and this might be overwhelming, but don´t stress; we can take this off your hands so you can focus on your actual business!
Data Protection Policies are also referred to as “Privacy Policies” or “GDPR Policies” (General Data Protection Regulation – a requirement mainly for EU countries). These data policies apply to B2C and B2B oriented businesses.
Suppose data is kept on a corporate entity or individual. Be it your supplier or customer, measures for data protection must be looked at, both from a storage of information perspective and for security reasons, to avoid data breaches and the inappropriate use of such data. Rules on data protection also regulate the right to anonymity and the sharing of personal data with third parties. Usually, these principles are available on the company’s website for possible consultation by visitors.
Within the EU, the General Data Protection Regulation (GDPR) laws lay down a set of specific rules concerning the protection of data that must be abided by when dealing with a customer or supplier based in the EU, even if the business itself is not located in the EU. Reputational damage and hefty fines may apply to companies not following such rules.
With the introduction of the GDPR in the European Union, it is more important than ever for businesses to have robust data protection policies. This ensures that customers' personal data is protected and secure and that businesses comply with local regulations.
Our experts can help you draft a data protection policy tailored to your business, including GDPR and local privacy laws. The policy should outline how your business collects, processes, stores, and protects personal data and what rights customers have regarding their data.
Whether you are starting a new business or want to ensure your existing one is compliant, our compliance services can help you. We offer a range of services to help you understand and meet regulatory compliance, including drafting tailored policies and procedures, corporate governance, and support with data protection.
Our expert team has extensive experience working with a wide range of businesses and can help you navigate the complex landscape of financial business and regulatory compliance. We will work with you to ensure that your corporate structure, policies, and internal processes align with new directives and requirements, so you can focus on growing your business.
