Anti-Money Laundering & Countering the Financing of Terrorism (AMLA/AML-CFT) Policy
Rex gaming — rexgamingshop.com
Last updated: 10 December 2025
1) Purpose & scope
This policy sets out rexgamingshop.com’s controls to prevent our platform being used for money laundering (ML), terrorism financing (TF), or proliferation financing (PF). We operate in Malaysia and align our practices with the Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLA, Act 613) and Bank Negara Malaysia (BNM) AML/CFT & Targeted Financial Sanctions (TFS) requirements, as applicable to our business model.
Note: Certain obligations apply only to “Reporting Institutions” as defined by AMLA and BNM policy documents (e.g., licensed financial institutions, DNFBPs/NBFIs). Where rexgamingshop.com falls within those categories, we will comply fully; otherwise, we voluntarily adopt equivalent safeguards appropriate to e-commerce.
2) Governance & responsibilities
Board/Founder accountability: Approves this policy, receives quarterly AML/CFT reports, and ensures adequate resources.
Compliance Officer (CO): Oversees AML/CFT program, risk assessment, screening, investigations, and (where applicable) submits Suspicious Transaction Reports (STRs) to BNM. Acts as liaison with authorities.
All staff: Must complete AML/CFT training on onboarding and annually; promptly escalate red flags to the CO.
3) Risk-based approach
We assess ML/TF/PF risks across customers, products, delivery channels, geography, and payment methods, and apply proportionate controls:
Higher-risk factors (examples): unusually large or rapid repeat purchases; mismatched payer names and accounts; excessive refunds or “refund to a different account”; obfuscation (proxy/VPN/TOR), third-party or anonymous payments; attempts to split transactions to avoid checks; customers from sanctioned jurisdictions or on sanctions lists.
Lower-risk factors (examples): small, routine purchases paid via Malaysian regulated payment rails with verified payer identity.
We review our risk assessment at least annually and after material business changes. (Aligned with BNM’s risk-based expectations.)
4) Customer due diligence (CDD) & onboarding
We apply CDD proportionate to risk, including:
Collect full name, email, mobile number, and billing details for all buyers.
For reseller/wholesale/programmatic/API accounts (higher risk), we may require enhanced CDD: government-issued ID, selfie/biometric check (eKYC provider), beneficial-owner declaration (if entity), and proof of address.
No anonymous accounts and no third-party payments: the payer must match the registered account holder.
Ongoing due diligence: periodic refresh and trigger events (profile changes, red flags).
5) Payments, refunds & credits
We accept only payment methods that allow us to identify the payer (e.g., card, FPX/online banking, approved payment gateways).
No cash, crypto, or privacy coins accepted directly.
Refunds are returned only to the original funding method/account.
Internal wallet/credit (if any) is non-transferable between users and subject to AML/CFT monitoring.
6) Sanctions & TFS screening
We screen users (and, where relevant, counterparties) against UN sanctions lists and applicable Malaysian TFS directions, and we will block or freeze activity/assets where required. We also monitor BNM/competent-authority updates.
Matches or potential matches are escalated to the CO immediately; accounts may be suspended pending review.
7) Transaction monitoring & red flags
We monitor for unusual or suspicious activity, including but not limited to:
High-value or high-velocity purchases inconsistent with the customer’s profile.
Multiple accounts or devices linked to the same payment credential.
Frequent reversals/chargebacks and refund requests to unrelated accounts.
Transactions involving sanctioned countries/persons or high-risk geographies.
Attempts to circumvent limits or verification.
Alerts are reviewed by the CO, documented, and dispositioned (clear, request info, freeze, file STR).
8) Suspicious Transaction Reports (STR)
Where we have knowledge, suspicion, or reasonable grounds to suspect ML/TF/PF activity, the CO will file an STR to BNM using the prescribed channel/form and timelines, regardless of transaction amount, and without tipping-off the customer.
We maintain supporting records for each STR and cooperate with competent authorities.
9) Record-keeping & data retention
We retain CDD and transaction records for at least six (6) years from the date the business relationship ends or the transaction is completed, and we can make these records available to authorities upon lawful request.
Records include customer identification data, payment proofs, order history, communications, and investigation files.
10) Third-party partners & vendors
Payment service providers, eKYC vendors, and logistics/fulfilment partners must meet AML/CFT standards consistent with Malaysian law; we conduct risk-based due diligence and include AML/CFT clauses in contracts.
We do not onboard or continue relationships with partners that fail to meet these expectations.
11) Training & awareness
All relevant staff receive AML/CFT training at onboarding and annually, covering Malaysian AMLA basics, BNM policy requirements, internal red flags, TFS screening, STR handling, and data protection. Training completion is recorded.
12) Data protection & confidentiality
Customer data collected for AML/CFT is used only for compliance and risk management, stored securely, and shared strictly on a need-to-know basis or where required by law. We prohibit “tipping off.”
13) Policy maintenance & audits
This policy is reviewed at least annually and after regulatory updates, audits, or significant business changes. We perform periodic independent reviews (internal audit or qualified external assessor) of our AML/CFT program’s effectiveness.