Anti-Money Laundering and Counter Terrorist Financing Policy (AML/CTF)

1. PURPOSE, STATUS AND REGULATORY CONTEXT

This Anti-Money Laundering and Counter-Terrorist Financing Policy (the "Policy") sets out the internal governance framework, risk controls, and compliance procedures adopted by WASTEIT LTD (the "Company") in connection with the operation of the Skinwaste.com platform (the "Platform").

This Policy is intended to:

• •mitigate the risk of money laundering, terrorist financing, fraud, and other financial crime;
• •support compliance with applicable European Union anti-money laundering legislation, Cyprus law, international standards, and payment service provider requirements; and
• •align the Company's internal controls with the Platform's social gaming and promotional sweepstakes structure.

This Policy is an internal compliance document. It does not constitute a representation to users and does not create rights in favour of any third party.

2. APPLICABLE LEGAL AND REGULATORY FRAMEWORK

The Company adopts this Policy with reference to, inter alia:

• •Directive (EU) 2015/849 and Directive (EU) 2018/843 (as amended);
• •The Prevention and Suppression of Money Laundering and Terrorist Financing Law of Cyprus;
• •Financial Action Task Force (FATF) Recommendations;
• •International sanctions regimes administered by the European Union, United Nations, OFAC, and HM Treasury;
• •Payment services compliance standards and industry best practices.

3. RISK-BASED APPROACH

The Company applies a documented, risk-based approach to AML/CTF. Risk assessments are conducted having regard to factors including, without limitation:

• •user jurisdiction and geolocation;
• •transactional and redemption behaviour;
• •frequency and aggregate value of redemptions;
• •use of promotional entry mechanisms, including alternative methods of entry (AMOE);
• •technical indicators of automation, collusion, or abuse; and
• •historical compliance or enforcement considerations.

Where elevated risk is identified, enhanced controls and review procedures are applied.

4. CUSTOMER DUE DILIGENCE (CDD)

4.1 Standard Due Diligence

The Company may require users to complete identity verification prior to permitting:

• •any redemption activity;
• •cumulative redemptions exceeding internal thresholds;
• •access to certain promotional or prize-bearing features; or
• •continued account access where risk indicators arise.

Standard CDD may include collection and verification of:

• •full legal name;
• •date of birth;
• •residential address;
• •government-issued photo identification;
• •proof of address;
• •IP address, device identifiers, and geolocation data.

4.2 Enhanced Due Diligence (EDD)

Enhanced due diligence may be applied where higher risk is identified, including but not limited to:

• •high-frequency or high-value redemptions;
• •inconsistent or anomalous activity patterns;
• •users located in higher-risk jurisdictions;
• •repeated or structured AMOE submissions;
• •indicators of multi-accounting, collusion, or automation; or
• •potential sanctions or politically exposed person (PEP) exposure.

EDD measures may include additional documentation requests, source-of-funds explanations, manual compliance review, and senior management approval.

5. VIRTUAL CURRENCY AND WALLET CONTROLS

The Platform operates segregated, platform-specific virtual currencies. Controls include:

• •prohibition of peer-to-peer transfers;
• •prohibition of off-platform trading or monetisation;
• •segregation of wallets by gameplay environment;
• •automated and manual monitoring of balance movements; and
• •audit logging of all wallet activity.

Virtual currencies may not be sold, gifted, transferred, or exchanged except as expressly permitted within the Platform's rules.

6. TRANSACTION MONITORING AND ANALYTICS

The Company maintains transaction monitoring mechanisms designed to identify activity that may warrant further review, including:

• •rapid accumulation and redemption patterns;
• •behaviour inconsistent with stated usage patterns;
• •repeated low-effort AMOE submissions followed by immediate redemption;
• •patterns indicative of automated or coordinated activity; and
• •circumvention of geolocation or technical safeguards.

Monitoring may be conducted using automated tools, manual review, or a combination thereof.

7. ANTI-ABUSE AND FAIR USE CONTROLS

The Company implements anti-abuse measures to prevent exploitation of promotional mechanisms, including:

• •limits on redemption frequency and velocity;
• •monitoring of device, IP, and behavioural fingerprints;
• •controls against multi-accounting and collusion;
• •review of XP, progression, and promotional participation patterns.

Where abuse is identified or suspected, the Company may restrict accounts, void balances, or terminate access.

8. SUSPICIOUS ACTIVITY ESCALATION AND REPORTING

Where activity raises suspicion of money laundering, fraud, or other financial crime, the Company may:

• •conduct internal investigation;
• •restrict or suspend account activity;
• •delay or refuse redemptions; and
• •report activity to competent authorities where legally required.

The Company is not obligated to inform users of any such review or report.

9. SANCTIONS, PEPs AND RESTRICTED JURISDICTIONS

The Platform is not available to persons:

• •located in sanctioned or embargoed jurisdictions;
• •listed on applicable sanctions or watchlists; or
• •located in jurisdictions where Platform operation is restricted.

Sanctions screening and geolocation controls are applied on a risk-based basis.

10. RECORD KEEPING AND AUDIT TRAIL

The Company maintains records relating to:

• •identity verification;
• •transactional activity;
• •compliance reviews;
• •AML/CTF decisions and escalations.

Records are retained for a minimum of five (5) years or such longer period as required by law or contractual obligations.

11. GOVERNANCE, OVERSIGHT AND TRAINING

Responsibility for AML/CTF oversight is assigned to senior management. Personnel involved in compliance functions receive training appropriate to their role and responsibilities.

12. REVIEW, AMENDMENT AND DISCRETION

This Policy is reviewed periodically and may be amended to reflect changes in law, regulation, risk profile, or business operations. The Company reserves discretion in the application of this Policy.

Effective Date: January 1st, 2026

Approved by: Board of Directors, WASTEIT LTD