KYC Policy

This KYC Policy tells you how OneRed checks people’s identities, gets to know their customers, and keeps an eye on their activities to keep gamers and the community safe. It is based on the Dutch standards for games of chance, the European rules for privacy, and the rules in each country for fighting money laundering, terrorism financing, and sanctions. The goal is simple: maintain play safe, fair, and legal without making things more difficult than they need to be.

Purpose and scope

KYC at OneRed serves three goals. The first is to confirm that only eligible adults access gambling features in the Netherlands. The second is to prevent misuse of the platform for criminal or harmful activity. The third is to support safer play by ensuring that use of the service remains personal, transparent, and sustainable. This Policy applies to every account, every payment instrument presented for use, and every feature that touches real-money play. It also guides how we work with studios, payment providers, and other partners whose services touch customer data or funds.

Legal foundation

OneRed operates under Dutch law for games of chance and the European privacy framework. Obligations arise from rules that address gambling supervision, prevention of money laundering and terrorist financing, national sanctions, and the protection of personal data. Where binding law and this Policy point in different directions, the rule of law prevails. Nothing in this document limits rights that the law treats as non-negotiable.

Risk-based approach

We don’t utilize a one-size-fits-all process; instead, we use a risk-based model. That means tougher inspections when context suggests increased exposure and lighter touch where danger is low and clearly known. Some things that can make a customer risky are the type of customer, their behavior during onboarding and play, where their money comes from and goes, any exclusion or sanction flags, and patterns that suggest fraud, abuse, or injury. This method concentrates attention on the most important things while yet making things easy to utilize.

Eligibility and single-account rule

Gambling features are available only to adults who meet the Dutch legal standard and who act on their own behalf. Each natural person may maintain a single account. Use of location-hiding tools, anonymous proxies, or other methods that obscure identity or place is prohibited. During onboarding we confirm that the person is not listed in the national exclusion register known as CRUKS. If a match is returned, gambling is blocked and access is limited to information and safer-play resources.

Customer identification

Onboarding requires accurate identity information. We collect identifiers that allow us to confirm name, date of birth, and residence, along with signals that show the person is present and in control of the device being used. We may ask for documentary proof, digital identity assertions, or reliable database checks. Photographs or liveness checks may be requested to ensure the person behind the screen matches the provided identity. If data is incomplete, inconsistent, or cannot be verified with confidence, the account will remain restricted or may be declined.

Payment method verification

OneRed accepts only payment methods held in the customer’s own name. Ownership can be checked at any time. We may verify that an account at a bank or a similar provider belongs to the player, that deposits and withdrawals travel through compatible routes, and that refunds return to the same method when appropriate. Third-party payments, circular transfers, and unusual routing are not allowed. If a payment is reversed without valid basis, we may deduct the amount, pause features while the matter is reviewed, and seek recovery where needed.

Source of funds and source of wealth

When patterns suggest that additional context is warranted, we may ask for information about the origin of funds used on the platform and, in higher-risk cases, broader indicators of wealth. Examples include payslips or equivalent income confirmation, statements that connect deposits to a legitimate source, or other credible evidence appropriate to the situation. Refusal to cooperate, or provision of material that does not add confidence, may lead to stricter limits or closure.

Politically exposed persons and sanctions screening

As part of KYC, OneRed screens customers against lists of politically exposed persons and against national and international sanctions lists maintained by competent authorities. A match does not automatically prevent account creation, but it does trigger tailored checks, senior approval gates, and appropriate monitoring. Where a sanctions rule applies, OneRed will deny service and, where required, freeze transactions and report in line with legal duties.

Ongoing due diligence

KYC is not a single checkpoint. We perform continuous monitoring to ensure that the person who registered is the person who plays and that activity stays within lawful and sustainable boundaries. We evaluate velocity of deposits, patterns of withdrawals, session behaviour in live environments, device changes, geolocation signals, and other indicators that help us understand risk. If behaviour shifts sharply or crosses internal guardrails, we may request updated information, reduce limits, pause features, or close the account.

Enhanced due diligence

Certain situations call for deeper review. Triggers include adverse media involving financial crime, complex payment routes, frequent reversals, repeated attempts to bypass controls, or sustained play that appears inconsistent with available information. Enhanced steps may include expanded verification, additional proof of funds, closer transaction analysis, and more frequent reviews. We prefer clear dialogue with the customer and proportionate requests that address the specific risk at hand.

Prohibited activity

The platform may not be used for splitting or layering of funds, for transfers intended to conceal origin or destination, for acting on behalf of another person, or for any scheme that evades tax or sanctions. Attempts to manipulate promotions, chip-dumping, or other forms of unfair collaboration are also prohibited. Where evidence suggests misuse, OneRed will act quickly to protect players and comply with legal duties.

Record keeping

We document identification steps, risk assessments, screening outcomes, and decisions taken. Records are retained for the periods required by law and then deleted or anonymised in an orderly way. Backups and archives follow the same standards. Access to records is confined to staff who need it for lawful tasks and is governed by strict controls.

Data protection

KYC data is personal data and receives the same care as any other sensitive information on the platform. We apply privacy by design, minimise what we collect, and secure systems in layers. Legal bases for processing include the performance of the contract, legal obligation, and legitimate interests that support safety and integrity. Where consent is used for optional features, it remains separate from KYC obligations. You can read more in the OneRed Privacy Policy, which explains rights of access, rectification, erasure, restriction, portability, and objection, along with the route to human review where automated steps play a part.

Use of automation and human review

Automated checks help us act at speed. They include document analysis, biometric liveness signals, anomaly detection, device reputation, and rule engines that look for known patterns of abuse. Automation never replaces accountability. If a decision meaningfully affects a customer’s ability to use the platform, the customer may request human review, add context, and receive a reasoned outcome. We track false positives and improve models to reduce friction.

Training and oversight

Everyone who touches KYC receives training on their duties, including the legal framework, respectful communication, and escalation paths. We run periodic refreshers and keep a record of completion. Supervisors review samples of work for quality and fairness, while independent audit functions test whether controls are effective. Findings feed a continuous improvement plan with clear ownership.

Reporting obligations

When legal thresholds are met, OneRed files reports with the competent financial intelligence unit or other designated body. In certain cases we are not permitted to inform the customer that a report was filed. We cooperate with lawful requests for information from supervisory authorities and law enforcement and maintain strict confidentiality around investigations.

Cooperation with responsible-gaming measures

KYC and safer play reinforce each other. Verification of identity and payment ownership helps ensure that limits, breaks, and self-exclusion choices are applied to the right person. When risk indicators for harm rise, we may combine KYC reviews with responsible-gaming interventions such as tighter limits or a pause. The intent is protective rather than punitive.

Third-party providers and outsourcing

Where we rely on verification partners, screening services, or analytics providers, we do so under written agreements that set boundaries and require strong security. Providers must use information only to deliver the contracted service and must assist with data subject rights and supervisory inquiries. We reassess providers at sensible intervals and change course if standards are not met.

Corporate relationships and partners

OneRed accounts are personal. Even so, we conduct due diligence on affiliates, marketing partners, and suppliers whose conduct can affect the integrity of the platform. This can include identity checks on principals, adverse media review, sanctions screening, and confirmation of control and ownership. Relationships that do not meet our standards end.

Escalation and decision rights

Where the outcome is uncertain, staff escalate cases to specialists who balance risk, regulatory expectations, and fairness to the customer. Senior decision makers review higher-risk approvals and declines, ensuring that similar cases are handled in a similar way. We keep a clear audit trail of who decided what and why.

Customer communication

We explain KYC requests in plain language and ask only for what addresses the specific risk. If we restrict features, we say so clearly and describe what is needed for review. Where law limits what we can reveal, we still aim for a respectful tone and practical guidance. We prefer dialogue to silence.

Technology and security

KYC data moves through systems that are hardened against misuse. We rely on encryption, strict access controls, environment separation, continuous monitoring, and change management that prevents surprise. We test defences and learn from incidents. Security is shared: customers can help by keeping credentials private, using trusted devices, and reporting suspicious messages.

Reviews and updates

The legal landscape changes, as do criminal techniques and best practices. We review this Policy at regular intervals and update processes when new guidance appears or when experience shows a better way. Significant changes are reflected in staff training and surfaced in product where they affect customers.

Breach of this Policy

Deliberate or negligent failure to follow KYC rules can cause harm and damage trust. Staff are expected to follow this Policy and related procedures. Breaches trigger corrective action, which may include additional training, process change, or disciplinary steps according to internal standards and law.

Final statement

KYC is not about creating obstacles. It is about making sure that play remains personal, lawful, and safe. OneRed will continue to invest in clear communication, proportionate checks, and technology that protects without intruding. When in doubt, we favour the choice that keeps people safe and the market clean.