Shazam maintains an anti-money laundering (AML) program designed to prevent, detect, and report activities that facilitate money laundering, terrorist financing, or other illicit purposes in relation to its online gambling services. This policy applies to all customers and potential customers, as well as all employees, contractors, and affiliated entities operating on behalf of Shazam.
Shazam undertakes its AML obligations in accordance with applicable laws and regulations governing gambling, financial crime, and customer due diligence. The governance structure assigns responsibility for the AML program to a designated Compliance Officer, who reports to the board of directors and oversees the implementation, monitoring, and continuous improvement of AML controls. The Compliance Unit is supported by internal audit and data protection functions to ensure independent assurance and data security.
At onboarding, Shazam collects and verifies information sufficient to identify the customer and assess risk. Verification requires at least one government-issued document and supporting information for individuals, and corporate documentation for legal entities. Standard verification elements include:
Documentation is retained in secure form in accordance with data protection laws and internal retention schedules. Verification is completed prior to establishing a ongoing business relationship or prior to processing high-risk transactions.
Shazam applies a risk-based approach to CDD. Customers are classified into risk tiers (Low, Medium, High) based on factors including geography, customer type, product and service usage, channel, and anticipated volume. For each tier, tailored due diligence measures are applied. The risk assessment informs monitoring intensity, reporting thresholds, and escalation paths.
Customers must provide credible evidence of the source of funds and, where relevant, the source of wealth. Acceptable documentation includes, but is not limited to, recent bank statements, payslips, tax returns, business income records, or documentation demonstrating the provenance of assets. Where funds appear atypical or mismatch the customer profile, Shazam may request additional verification and suspend activity until satisfactory evidence is provided.
Shazam continuously monitors customer activity and transactions for consistency with the customer profile and risk rating. Automated and manual reviews are used to detect unusual patterns, structure, rapid movement of funds, or transactions inconsistent with stated source of funds. Thresholds for review include, but are not limited to:
All suspicious or anomalous activity is escalated to the Compliance Officer for investigation and potential SAR filing as required by law.
Shazam screens customers against sanctions, politically exposed persons (PEP) lists, and adverse media prior to onboarding and on an ongoing basis. Enhanced due diligence is applied to PEPs or individuals associated with heightened risk. Any match with a sanctioned or otherwise restricted party triggers immediate escalation, temporary account restriction, and, where applicable, reporting to the relevant authorities.
EDD is required for high-risk customers or heightened risk situations, including complex ownership structures, prominent public figures, or transactions involving unusual or large sums. EDD procedures include additional identity verification, validation of source of funds, more frequent monitoring, and consideration of additional information from independent sources. Decisions to continue, limit, or terminate the relationship are documented with supporting rationale.
Shazam maintains records of customer identification, due diligence, transaction data, and communications for a minimum of five (5) years from the date of account termination or the end of the business relationship, or longer as required by law. Records are stored securely with access restricted to authorized personnel and are protected in accordance with applicable data protection and privacy regulations. Data retention timelines may be extended to support regulatory audits or investigations.
Any reasonably suspicious activity identified through monitoring or due diligence must be documented and reported internally to the Compliance Officer. The Compliance Officer coordinates filing of Suspicious Activity Reports (SARs) or equivalent disclosures with the competent regulatory authorities within mandated timeframes. Shazam cooperates fully with law enforcement and regulatory inquiries, providing records, logs, and other information as permitted by law and internal policy.
All employees and relevant personnel receive AML training at initial onboarding and on a periodic basis. Refresher training is conducted whenever regulations shift or material policy changes occur. Training covers identification of suspicious activity, escalation procedures, data protection, and the role of each employee in maintaining a compliant environment.
The Compliance Officer is responsible for implementing the AML program, maintaining policies, and ensuring timely reporting. Management units implement controls aligned with risk assessments. The Board oversees the program through periodic reviews and approves material updates. All personnel must comply with this policy and assist in its implementation, including timely escalation of concerns.
This AML policy is reviewed at least annually or in response to material regulatory changes, new products, or significant risk events. Updates are approved by the Board and communicated to applicable personnel. Any material change to risk controls or reporting obligations takes effect on the date of board approval or as otherwise specified in the update.