How can we help?
Answers to common questions, plus the terms, privacy, AML, and responsible-gambling policies in one place.
Anti-Money Laundering and Counter-Terrorist Financing (AML/CFT) Policy
topbit Protocol Interface
Effective Date: This policy takes effect on the day the casino opens for real-money play.
Last Updated: 19 June 2026
About this draft. topbit is an early-stage, pre-licence protocol. This policy describes the controls we operate today and marks the ones we are still building as Planned. We do not claim to run a control that is not yet live. A qualified AML professional will review it before the casino opens for licensed operation.
1. About the Protocol
topbit is a decentralised, non-custodial gambling protocol on the Solana blockchain. Players hold their own funds in their own wallets and in on-chain escrow; the Protocol never takes custody.
The Protocol is at an early stage. It is not yet incorporated and not yet licensed by any gaming authority. Until a company is formed and a licence is obtained, the compliance functions described in this policy are carried out internally.
We apply a risk-based approach across the player lifecycle, consistent with the Financial Action Task Force (FATF) Recommendations and applicable international AML standards.
2. Compliance Framework
Our framework is built to keep the Protocol from being used for money laundering, terrorist financing, or sanctions breaches. We operate in a risk-elevated environment: pseudonymous cryptocurrency, global reach, and the historical use of gambling for layering all create inherent money-laundering risk, and our controls are calibrated to that profile. In practice this means:
- •maintaining written policies and controls against financial crime
- •blocking restricted and sanctioned jurisdictions at the network edge
- •monitoring betting activity in real time with an explainable risk score
- •holding funds in non-custodial on-chain escrow, where every transaction is publicly visible on Solana
During the pre-company phase, we perform these compliance, review, and decision functions internally. A nominated compliance officer, an AML team, staff training, and independent reviews will follow incorporation and a licence application; we do not claim to have them today.
3. What Is Money Laundering?
Money laundering makes the proceeds of crime look legitimate. It usually moves through three stages:
- •Placement: putting criminal funds into the financial system.
- •Layering: moving funds through many transactions to hide their origin.
- •Integration: returning the funds to the criminal as apparently clean assets.
Two related terms used in this policy:
- •Suspicious activity: transactions or patterns that suggest fraud, financial crime, or evasion of these controls.
- •Sanctions: restrictions imposed by governments or international bodies on dealing with named people, entities, or jurisdictions.
A gambling service can be misused at the placement and layering stages. The controls below are how we work to prevent that.
4. Customer Due Diligence
A user is pseudonymously tied to their Solana wallet address. That gives us:
- •proof of control of the wallet (a signature is required to bet), though not proof of real-world identity
- •a transparent, immutable transaction history for that address on the public blockchain
- •a persistent pseudonymous identifier, noting that one person may control several wallets
On that basis we block restricted and sanctioned jurisdictions, monitor activity for suspicious patterns (Section 9), and apply enhanced scrutiny when the indicators in Section 7 are triggered.
5. Identity Verification and KYC
A non-custodial protocol handles identity differently from a traditional custodial casino.
During normal play, the Protocol does not collect identity documents. We do not ask for your name, date of birth, address, passport, or government ID to let you play. Your wallet address is your identity on the Protocol.
In practice:
- •We rely on jurisdiction (IP) blocking and behavioural monitoring rather than identity KYC.
- •We may request identity verification only in the enhanced-due-diligence situations in Section 7, for example a sanctions or fraud concern.
Planned control (not yet live): automated screening of each wallet address against the OFAC, UN, and EU sanctions lists and against known illicit addresses identified by a blockchain-analytics provider. Until that screening is live, our sanctions control operates at the jurisdiction (IP) level plus behavioural monitoring, not at the individual wallet-address level. We do not claim otherwise.
6. Geo-Blocking: Restricted and Sanctioned Jurisdictions
When the casino opens, the Protocol blocks access from the United States, United Kingdom, and Australia at the network edge, and re-checks the visitor's country at wallet connect and on every partner-game request using IP geolocation.
It also blocks, unconditionally, the comprehensively sanctioned jurisdictions: Iran, North Korea, Cuba, and Syria. This floor cannot be overridden.
Our Terms of Service list further restricted territories that players must certify they are not playing from, whether or not a network-level block is in place. Geo-blocking is a country-level control; it is not the same as wallet-address screening (Section 5).
7. Enhanced Due Diligence
We apply enhanced scrutiny to a wallet when it shows any of:
- •an automated risk score above a defined internal threshold (the score runs from 0 to 100; the trigger level is set internally and not published, to prevent gaming)
- •single-day betting volume above a defined internal threshold
- •patterns consistent with wash-trading (coordinated wallet clusters)
- •a VPN or known-proxy connection
- •(Planned) a blockchain-analytics flag for association with illicit activity, once that integration is live
In those cases, play may be suspended pending review, a manual compliance review is carried out within 24 hours, and we may request identity verification (government ID, source of funds) by email. Where identity cannot be satisfactorily established, the wallet is permanently blocked.
Politically Exposed Persons (PEPs), meaning senior government officials, their family members, and close associates, are not accepted without prior written approval; a PEP seeking approval should contact [email protected] before using the Interface. Users self-declare PEP status in the Terms of Service, and a PEP identified through self-declaration or reported intelligence is subject to immediate enhanced due diligence.
8. Restrictions
The Protocol blocks a wallet that we identify, through jurisdiction blocking, behavioural monitoring, or reporting (and in future through the Planned automated wallet-address screening), as one that:
- •matches a sanctions designation or a known illicit address
- •connects from a restricted or sanctioned jurisdiction
- •shows wash-trading or coordinated-wallet behaviour
- •refuses or fails identity verification when it is requested in an enhanced-due-diligence case, or provides false information
- •holds funds with a known illicit source
We may also suspend or block a wallet for any other reason reasonably necessary to protect the Protocol and meet our obligations.
9. Transaction Monitoring
Our automated monitoring system reviews betting activity in real time. Among other things, it looks for:
- •automated or bot-like betting patterns
- •coordinated activity across multiple wallets
- •rapid increases in stake following losses
- •a large withdrawal immediately after a net win
Flagged activity raises a wallet's risk score. Scores decay over time for wallets that behave normally, and a sufficiently high score blocks further betting pending manual review. We keep the specific detection parameters confidential so they cannot be gamed.
10. Suspicious Activity and Reporting
We treat the following as suspicious: rapid cycling of funds through the Protocol with minimal play; coordinated funding across multiple wallets; activity or addresses associated with illicit funds; attempts to obscure the origin, destination, or structure of funds; geographic or network anomalies inconsistent with normal use; and requests to redirect payouts to a wallet other than the originating address.
When we detect suspicious activity, betting access is suspended (we cannot seize on-chain funds, but new bets are blocked at the API layer), a compliance review begins within 24 hours, and a decision follows within 72 hours: clear, request enhanced due diligence, or permanently block. Where the law requires, the activity is reported to the relevant Financial Intelligence Unit. Until a formal reporting relationship is in place, we retain and escalate suspicious-activity records internally.
We cooperate with law enforcement and regulators. We respond to valid legal process, such as court orders and subpoenas, within the required time, and provide transaction records and account information when legally required. We do not disclose to the subject of a suspicious-activity report or investigation that a report has been filed or that an investigation is under way, where the law prohibits such disclosure.
Affiliate commissions are held for 7 days before payment. If the referred wallet triggers AML flags in that window, the commission is clawed back, and commissions earned through wash-trading are forfeited permanently.
11. Record Keeping
We keep the following for at least 5 years: session records (wallet, IP, timestamps); risk scores and flag events; enhanced-due-diligence decisions and supporting documents; sanctions-screening results; suspicious-activity reports; and affiliate-commission records. On-chain transactions are permanent and public by nature. Records are held in encrypted cloud storage with daily backups; the provider and region are disclosed to relevant authorities on request.
12. Limitations of a Non-Custodial Protocol
Because the Protocol runs on public blockchains and never takes custody of funds, there are things it cannot do. We can block new bet placement at the API layer, block affiliate payments, and report activity to the relevant authorities. We cannot freeze or seize on-chain wallet balances, reverse completed blockchain transactions, or access or control your wallet in any way. This is inherent to the technology. We disclose it to relevant authorities as part of our risk profile, and it does not relieve us of our reporting obligations.
13. Governance and Review
Until the company is formed, we carry out AML oversight internally. After a gaming-licence application, a nominated AML Compliance Officer will be appointed and registered with the relevant authority, staff training will be implemented, and this section updated.
We review this policy at least annually, and also after any material change in the Protocol's risk profile or any relevant regulatory guidance.
Legal and compliance enquiries: [email protected]
This AML Policy was last reviewed on 19 June 2026.
Questions about this document?
Contact us