heaven-online
heaven-online
AML POLICY

Last Updated: May 19, 2026

1. Introduction

This Anti-Money Laundering ("AML") Policy sets out the framework, controls, and obligations adopted by HeavenOnline ("we", "us", "our", or the "Website") to prevent and detect money laundering, terrorist financing, and other financial crime in connection with the services offered through the website located at heavenonline.io (collectively, the "Services").

HeavenOnline is owned and operated by Lucifer Ltd., registration number: 000054043, registered address: San Victor Street, Orange Walk Town, Belize, licensed by Anjouan Licensing Services Inc. ("Anjouan Gaming") under License No. ALSI-202605018-FI1.

This Policy is issued in accordance with:

  • The AML & CTF Code of Conduct issued by Anjouan Licensing Services Inc.
  • The recommendations of the Financial Action Task Force (FATF)
  • Applicable AML / Counter-Terrorist Financing ("CTF") laws and international standards

Compliance with this Policy is mandatory for all employees, contractors, agents, and third-party service providers, as well as a binding condition of player participation in the Services.

2. Purpose

The purposes of this Policy are to:

  • Prevent the Services from being used for money laundering, terrorist financing, or other financial crime
  • Detect, investigate, and report suspicious activity
  • Comply with all applicable AML / CTF laws and licensing conditions
  • Protect the integrity of the Services, our employees, and our players
  • Maintain full cooperation with Anjouan Licensing Services Inc., Financial Intelligence Units, and law enforcement authorities

3. Scope of Application

This Policy applies to:

  • All players accessing or using the Services
  • All transactions, including deposits, wagers, withdrawals, and transfers
  • All employees, contractors, officers, directors, and Ultimate Beneficial Owners (UBOs)
  • All third-party service providers, including payment processors, KYC vendors, and game suppliers

We remain fully responsible for AML / CTF compliance, including where functions are outsourced.

4. Core AML / CTF Principles

Our AML programme is built on four core principles:

4.1 Risk-Based Approach

All controls are proportionate to the money laundering and terrorist financing risks identified through our risk assessment.

4.2 Transparency

All player funds and activity must be traceable. Anonymous accounts, accounts in fictitious names, and accounts where the beneficial owner cannot be identified are strictly prohibited.

4.3 Accountability

Clear responsibility for AML compliance is established at all levels of the organization, with executive oversight and a dedicated Compliance Officer.

4.4 Cooperation

We cooperate fully and promptly with Anjouan Licensing Services Inc., the Anjouan Offshore Finance Authority (AOFA), Financial Intelligence Units, and other competent authorities.

5. Risk Assessment

5.1 Risk Identification

We conduct a documented AML / CTF risk assessment that considers:

  • Player risk profiles — including geography, behavior, and funding sources
  • Product and service risks — types of games, betting limits, and product features
  • Payment method risks — including credit cards, e-wallets, bank transfers, and cryptocurrency
  • Jurisdictional risks — including exposure to FATF-identified high-risk and non-cooperative jurisdictions
  • Delivery channel risks — including non-face-to-face onboarding

5.2 Risk Mitigation

Based on the risk assessment, we:

  • Implement controls proportionate to the identified risks
  • Apply Enhanced Due Diligence (EDD) where elevated risk is identified
  • Review and update the risk assessment at least annually, or upon any material change in business, products, players, or regulation

6. Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD)

6.1 Customer Due Diligence at Registration

At account registration, every player must provide:

  • Full legal name
  • Valid email address
  • Date of birth
  • Residential address

No account will be activated unless this information has been provided.

6.2 Enhanced Due Diligence — Mandatory Triggers

EDD is automatically triggered in any of the following circumstances:

  • Upon the player's first withdrawal request, regardless of amount
  • When the player's aggregate lifetime deposits reach USD 10,000 (or equivalent in any other currency)
  • Where elevated risk indicators or suspicious activity are identified

6.3 Enhanced Due Diligence — Documentation

Where EDD is triggered, the player must provide:

  • Government-issued photo identification
  • Proof of residential address (utility bill or equivalent, issued within the last 3 months)
  • Proof of source of funds, where required based on risk assessment

6.4 Restrictions Pending Completion of EDD

Where EDD has been triggered but not completed:

  • Withdrawals will not be processed
  • Financial activity may be restricted where necessary to mitigate risk

For full procedural detail, refer to our KYC Policy.

7. Sanctions, PEP, and Adverse Media Screening

7.1 All players are screened at onboarding and on an ongoing basis against:

  • International sanctions lists (including UN, OFAC, EU, UK, and other applicable lists)
  • Politically Exposed Persons (PEP) databases
  • Adverse media sources

7.2 Where a sanctions match is confirmed, the account will be frozen immediately, no transactions will be processed, and the matter will be reported to relevant authorities in accordance with applicable law.

7.3 Where a player is identified as a PEP or a close associate of a PEP, EDD will be applied, and senior management approval will be required to onboard or maintain the account.

8. Ongoing Transaction Monitoring

8.1 Monitoring Systems

We operate systems and controls designed to detect:

  • Structuring or threshold avoidance (e.g., deposits deliberately kept below reporting thresholds)
  • Rapid movement of funds, including "deposit-and-withdraw" patterns with minimal gameplay
  • Unusual betting patterns, including patterns inconsistent with the player's profile
  • Activity involving high-risk jurisdictions identified by FATF
  • Mismatches between declared information and observed behavior
  • Multiple accounts linked by common identifiers (device, IP, payment method)
  • Use of third-party payment instruments not registered to the player

8.2 Risk Scoring

Players are assigned risk scores based on factors including geography, payment behavior, deposit velocity, withdrawal patterns, and KYC status. Higher-risk players are subject to more intensive monitoring and review.

8.3 Investigation

Alerts generated by monitoring systems are reviewed by the Compliance team. Where suspicion is established, internal Suspicious Activity Reports ("SARs") are filed and, where required, escalated externally.

9. Suspicious Activity Reports (SARs)

9.1 Where suspicious activity is detected, an internal SAR will be filed with the Compliance Officer immediately upon detection.

9.2 Where required, SARs will be reported to Anjouan Licensing Services Inc. within 24 hours of detection, with full supporting documentation.

9.3 Players are not entitled to be informed of internal or external suspicious activity reporting. "Tipping off" — disclosing to a player or third party that a SAR has been filed or is contemplated — is strictly prohibited under applicable law and may constitute a criminal offence.

10. Currency Transaction Reports (CTRs)

10.1 All transactions, or linked transactions, exceeding USD 10,000 (or equivalent in any other currency) will be reported as Currency Transaction Reports ("CTRs"), whether suspicious or not.

10.2 CTRs will be submitted to Anjouan Licensing Services Inc. in accordance with regulatory requirements, including weekly submission to [email protected] where applicable.

10.3 Linked transactions include multiple deposits, withdrawals, or wagers that, when aggregated over a defined period, exceed the reporting threshold.

11. Prohibited Activity

The following activities are strictly prohibited and will result in account suspension or termination, forfeiture of balances, and reporting to relevant authorities:

  • Use of false, stolen, or fraudulent identification documents
  • Use of payment instruments not registered in the player's own name
  • Third-party deposits or withdrawals
  • Structuring transactions to avoid reporting thresholds
  • Use of the Services to launder funds derived from criminal activity
  • Use of the Services to finance terrorism or proscribed organizations
  • Any conduct that constitutes a breach of applicable AML / CTF laws

12. Record Keeping

12.1 Retention Period

We retain AML-related records for a minimum of five (5) years, including:

  • CDD and EDD documentation
  • Transaction records (deposits, wagers, withdrawals)
  • SARs and internal investigation reports
  • Audit and compliance records
  • Records of staff training and certifications

12.2 Accessibility

Records are stored securely and are readily available to Anjouan Licensing Services Inc., regulators, and law enforcement upon request, in accordance with applicable law.

12.3 Format

Records may be retained in physical or electronic form, provided they are complete, accurate, and retrievable.

13. Internal Controls and Governance

13.1 Written Policies and Procedures

We maintain written AML / CTF policies and procedures covering:

  • Risk assessment
  • CDD and EDD
  • Transaction monitoring and reporting
  • Record keeping
  • Staff training
  • Independent audit

13.2 Compliance Officer

We have appointed a suitably qualified Compliance Officer responsible for:

  • Day-to-day oversight of AML / CTF compliance
  • Liaison with Anjouan Licensing Services Inc. and other regulators
  • Review and escalation of internal SARs
  • Timely external reporting of SARs and CTRs
  • Maintenance and periodic review of this Policy

13.3 Executive Oversight

The Board and senior management hold ultimate responsibility for AML / CTF compliance and receive regular reports from the Compliance Officer.

13.4 Independence and Authority

The Compliance Officer has direct access to senior management and the Board and operates with sufficient independence and resources to discharge their responsibilities effectively.

14. Staff Training

14.1 All relevant staff receive AML / CTF training:

  • Upon onboarding, before commencing duties
  • At minimum annually, with refresher training
  • Following any regulatory or policy change affecting their role

14.2 Training covers, at minimum:

  • The nature of money laundering and terrorist financing
  • The legal and regulatory framework
  • Internal policies and procedures
  • Identification of suspicious activity
  • Reporting obligations and the prohibition on tipping off

14.3 Records of all training are retained for a minimum of 5 years.

15. Cybersecurity and Data Protection

We protect the integrity and confidentiality of AML-related data by:

  • Storing sensitive data in encrypted form
  • Applying access controls on a strict need-to-know basis
  • Implementing technical and organizational security safeguards
  • Reporting cybersecurity incidents to Anjouan Licensing Services Inc. within 24 hours

For details, refer to our Privacy Policy.

16. Independent Audits and Inspections

16.1 Annual AML Audit

We undergo an independent AML audit annually, assessing:

  • Policy effectiveness
  • Regulatory compliance
  • Adequacy of internal controls
  • Effectiveness of monitoring systems
  • Staff training and awareness

16.2 Regulatory Inspections

Anjouan Licensing Services Inc. reserves the right to conduct inspections and audits at any time. We provide full cooperation and access as required.

17. Cooperation with Authorities

17.1 We cooperate fully and promptly with:

  • Anjouan Licensing Services Inc.
  • Anjouan Offshore Finance Authority (AOFA)
  • Financial Intelligence Units
  • Law enforcement authorities
  • Courts and other competent authorities

17.2 We respond to lawful requests for information, including production orders, subpoenas, and freezing orders, in accordance with applicable law.

18. Enforcement and Penalties

Non-compliance with this Policy, or with applicable AML / CTF laws, may result in:

  • Internal disciplinary action, including termination of employment
  • Financial penalties and regulatory enforcement action
  • Suspension or revocation of the gaming license
  • Public disclosure of violations
  • Referral to law enforcement authorities in cases of serious or willful misconduct

19. Continuous Improvement

We are committed to continuous improvement of our AML / CTF programme, including:

  • Monitoring regulatory and industry developments
  • Adopting approved technological solutions (e.g., AI-based monitoring)
  • Participating in industry compliance initiatives
  • Regularly reviewing and updating policies, procedures, and controls

20. Amendments

We reserve the right to amend this Policy at any time in response to regulatory changes, risk developments, or operational requirements. Material changes will be notified through the Website. Continued use of the Services constitutes acceptance of the revised Policy.

21. Contact

For any questions, concerns, or to report suspected money laundering or terrorist financing activity, please contact:

HeavenOnline — AML & Compliance
Operated by Lucifer Ltd.
Compliance/General support: [email protected]
Licensed by: Anjouan Licensing Services Inc.
License No.: ALSI-202605018-FI1

22. Acknowledgment

By accessing or using the Services, all players formally acknowledge and agree to comply with this AML Policy and the AML & CTF Code of Conduct issued by Anjouan Licensing Services Inc.


Heavenonline.io is owned and operated by Lucifer Ltd., registration number: 000054043, registered address: San Victor Street, Orange Walk Town, Belize.
Contact us at [email protected].
Heavenonline.io is licensed and regulated by the Government of the Autonomous Island of Anjouan, Union of Comoros and operates under License No. ALSI-202605018-FI1. Heavenonline.io has passed all regulatory compliance and is legally authorized to conduct gaming operations for any and all games of chance and wagering.


18+

© 2026 heavenonline.io | All Rights Reserved.