(KYC) Know your client procedures

1. INTRO

Pari – Tech (CY) Limited (hereinafter referred to as “Company”), forming part of Parimatch Company (Company of companies) regards establishing proper Know Your Customer Policy in place as important integral part of Company operations. Due to non-face-to-face nature of remote betting services, properly establishing customer identity is one of the paramount objectives for Company to mitigate Anti Money Laundering, Terrorist Financing and Fraudulent Activity risks. The Company management, officers and employees liaising with customers must study and have proper working knowledge of the Policy set herein.

2. CUSTOMER REGISTRATION, VERIFICATION, BANKING AND MANAGEMENT

2.1 Terms Governing Customer Accounts

2.1.1 Agreement

Before registering, each Customer reads and accepts the Terms and Condition during the registration process.

2.1.2 Terms and Conditions

In case of any alterations, modifications or amendments to the currently valid Terms and Conditions, the Company):- On the website will be displayed a new version of rules as soon as they take effect and clearly shows the date from which the amended rules are effective

2.1.3 Privacy

All customer’s data are processed according to the Terms and Conditions, which are accepted by each Customer during the registration. No processing of data is done for unregistered users.

Registered users’ data are stored on servers in the premises of the Company with restricted access. Only authorized employees have access permissions to the data. Details of the equipment, network and software security are presented in Section 5 below.

Access and disclosure of the stored data to third parties is prohibited by internal rules and policies.

All data is stored with compliance of the General Data Protection Regulation (GDPR) EU 2016/679.

2.2 Customer Identification and Verification

2.2.1 Customer Identification

Each person who wishes to place bets and use the betting services of parimatch.com.cy website is required to register his or her personal account. The registration of the personal account includes the following identification fields:

- Confirmation that the customer has completed the age of 18 years’ old

- Name and surname: as specified in passport/ ID of the customer

- Place and date of birth

- Nationality

- Country, city, place of residence

- Number and series of the identification document

- E-mail address

- Secret question

- Mailing Address

- Phone number

If the customer didn’t fill all the necessary fields in the registration form, the system will not allow him or he to proceed with completing the registration process.

Information provided in the registration form are reviewed using the risk-based approach described in the AML Policy (ML & TF Risk assessment) – nature and complexity of the risk.

After confirming the registration by clicking on the verification link in the invitation sent to the email address of the Customer, you as the Customer can access the betting account by entering your account login and password created while registering on the website. This password can be changed by the Customer at any time on the website, after the authorization procedure.

2.2.2 Customer Verification

The Company within 30 days from the submission of the registration application will proceed with verifying the identity of the Customer and the information he/she has submitted during the registration.

Initial verification is carried out by the Company in order to confirm that the gaming account has been registered on real data and that the Customer had reached the age of 18 years old. For this purpose, the Customer may upload his or her civil passport, national identity card, residence permit and other relevant documents in the gaming account settings. Residential address may be proved by a utility bill, bank statement or credit card statement dated within the last 6 months. The proof of the residential address must correspond with the name and address as indicated in your registration application.

First name, last name, photo, date of birth, document number must be clearly visible on the document. Only color photos of documents can be accepted (black-and-white scans and copies of documents are not allowed). Document pages must be visible completely. Acceptable languages of documents are Greek, English, Russian, Ukrainian. Acceptable file formats: jpg, jpeg, gif, no larger than 5 MB.

At its discretion the Company may require additional proof of identity of the Customer at all times, regardless of that the Customer has passed the initial verification. The list of additional documents may include (but is not limited to): a digital photo of the Customer holding his or her passport, identity card, birth certificate, utility bill, bank statement for the account/card, etc. The Customer can provide these documents by sending an email to [email protected] Under normal circumstances, verification of the betting account holder identity is processed within 24 hours from the date of submission of the documents confirming the identity of the Customer.

Registration of the account on the website for any other than a physical individual is prohibited.

2.2.3 Customer Due Diligence

The full Due Diligence Procedures, include Verification, Identification procedures, AML & TF Policy are developed using the risk- based approach described in AML Policy.

In order to perform the due diligence controls, employees use automatic controls, manual reviews and electronic registers.

2.2.4 Enhanced Customer Due Diligence

Criteria’s used for the enhanced Customer verification are described in respective section ML & TF Risk Assessment.

Enhanced Customer verification could be done in any time of the customer’s activity, starting from the registration process and continuing through all further processes – deposits, bets, withdrawals.

Enhanced controls include full document verification plus any additional requirements until the employee of the special department standards are met. For example – at least two documents, which confirms the address, photo with his or her ID in hands etc.

If the employee from the relevant Department of the Company suspects that there is a PEP application, he notifies his Head, who communicates and agrees further actions with the Management of the Company.

2.2.5 Third Party Verification Providers

In certain cases, the Company’s employees responsible for the customers, use Third Party databases to check the customers.

Following databases could be used:

- United bookmakers’ databases which include list of fraudulent players

- Payment systems data – reconciliation to the records of the customers, Black lists of non-trustful customers. Payment systems have a good developed due diligence and customer identification procedure. That’s why Anti-fraud and Payment departments, who perform controls often refer to the data provided by the Payment systems in order to reconcile information provided by the customer in his registration form with the information recorded in Payment System database. In the blacklists employees who perform controls can find list of persons, which were blocked according to the certain reasons. And finally, Payment Systems send automatic or manual notifications, if they detect any suspicious transaction. All these notifications are checked and assessed by the responsible employees of the Company.

- Risk Intelligence database (for example, the World-Check)

- Any other public source of information and databases

2.2.6 Jurisdictional / Location Controls over Registration

The main language of the website is Greek. Other languages that are supported both in the website and on customers’ support services are English and Russian.

In case of a discrepancy between the Greek version and a version in any other language, then only the Greek version shall prevail.

2.2.7 Multiple Customer Accounts

According to the Company's Terms and Conditions one customer is allowed to have no more than one account.

2.2.8 Customer Account Access

i) After the successful filling of the Registration form, the customer receives an email on his registered address. The email contains an activation link. To complete the registration procedure, the customer should click on the link. After the activation of the account, the customer receives an automatic email with the password.

ii) Safety of the customers’ account relies firstly on the secret password, which no one knows except for the customer and also the unique ID number.

If the customer has any suspicious that the account was hacked, in any time of the day he must call or write to the support team and they will immediately block the account till proper investigation is done and the customer will be satisfied that his or her account is verified.

Also, the Anti-Fraud Department constantly reviews the activity of the customer – its IP addresses, his types of games and style of bets, Payment Systems that he uses. If any unusual behavior is identified by the employees of the Department, they will proceed with blocking the activity on the customer’s account for a short period of time in order to check whether the customer performs actions by himself or there are indications of fraud.

As for the internal controls, the Anti-Fraud Department on a daily basis generates the Manual adjustment report and review any manual changes that were done to the customer’s account.

iii) Each next access to the account of any customer includes filling in the following fields: USER ID and Password. User ID is a unique number of each customers according to which all the actions of the customer could be tracked.

iv) To confirm indirect access to his/her account, the customer should answer the secret question, which he/she selects during the registration stage.

v) If the customer forgets his/her Password, ID or is asking about some specific information through the Support chat, he/she is required to submit to the Support team his/her registered name and surname, have an access to his/her registered email and be ready to answer the secret question.

Restoring passwords can be done by:

- Website form of the password restoring includes the following fields: Account Number and date of birth. If any of the provided information is not correct, there is a second form which includes the following fields: Account Number, email, Name, Surname, Currency and City of residence.

After the successful restoring, the customer will receive an automatic email with new link for the activation of his/her account and new password.

Restoring of the User’s ID can be done by:

- E-mail to [email protected], including: Name and Surname, Registered e-mail, estimated date of registration (optional).

- Website form, which includes following fields: Registered email a date of birth. If any of the provided information is not correct, there is a second form which includes following fields: email, Name, Surname, Currency and City of residence.

2.2.9 Change in Details

The customer is responsible for the proper notification and update of any changes to his/her submitted registration data. The changes are re performed according to the following procedure:

1. The customer sends the request for update of his/her submitted data from his/her registered email. The customer must include his/her User ID number to the description.

2. The Support Department upon receiving the e-mail and after reviewing the request, forwards the email to the Anti-Fraud (Factoring and Monitoring) Department.

3. Anti-Fraud Department checks the correctness of the initial information and compares it to the registered customer’s data.

4. If everything is correct, the Anti-Fraud Department reviews the request for changes and requests for any additional supporting documents if needed.

5. Customer’s data is updated in the System.

6. Customer receives an email with the confirmation of changes.

The control includes also internal check of any manual changes done by the employees of the Company.

2.2.10 Ongoing Customer Due Diligence

1. All the customers are attentively monitored throughout any actions that they perform on the website controls on customers, controls on deposits, controls on bets, withdrawals by the fraud detection team.

2. An ongoing review is performed according to a Risk-based approach described in the AML policy.

3. Should a customer not be able to adequately complete customer due diligence (“CDD”) to the requirements of the Company the company will terminate its relationship with the customer.

4. On a case by case bases, the Company will review failed CDD to determine the need for the filing of a suspicious transaction report (“STR”) (with the relevant Governmental entity).

5. Enhanced CDD is required when unusual activity is discovered by the fraud team.

6. An annual audit of CDD cases is performed to ensure ongoing compliance with CDD

2.3 Customer Funds on Account

2.3.1 Currency Selection

All bets, transactions of the customer’s account are made only in one currency - EUR.

According to the internal rules, several payment systems may allow the customer to make deposits in other currencies other than the base currency. The conversion is done on the side of the payment system and only in accordance to the Payment System rules.

The registration is available in following currencies:

- Euro (EUR)

2.3.2 Deposits

i)The Company does not accept cash, checks by mail etc. from players

ii)The Company sets the limits on a player's deposits in accordance with its own internal risk management policies. Initial deposits above 10 EUR and large deposits above 100 EUR (one or several transactions within 24 hours) are checked.

iii)Should a player have an unusual activity that further warrants suspicion (unusual changes in address, deposits or gambling activity) as determined by the Anti- Fraud Department, then enhanced CDD will be performed.

iv)These are following accepted ways for deposit in the gaming account:

a. Through electronic systems (e-wallet, electronic money);

b. By credit card (VISA/MasterCard)

c. Prepaid cards

The customer visits www.parimatch.com.cy and after the successful log-in to his/her account, he can navigate to the web-page where he can make the deposit. The payment system list will appear for selection and the customer will choose the payment method to make his/her request. On the page with the payment method, the customer can also check the percentage of the commission for each payment type.

If the customer selects electronic system, he/she is redirected to the page of the said payment system. He/ She will make the payment on the webpage of the private wallet of the payment system. One payment system wallet can be used for deposits of only one customer's account. In addition, the Payment System checks the legality of the funds, according to the agreements with each Payment system.

When the customer makes the deposit by credit card - the customer's data are checked with the data submitted to his/her Payment System.

v) The company allows customers to have more than one active deposit mechanisms. Checks described above are performed for any type of deposit payment method. The risk of such customers is increased according to the risk-based approach concerning their withdrawals. The customer should select for withdrawal the payment system among those he had made the deposit. Further controls developed to mitigate higher risk for multiple deposit mechanisms are described further.

vi) When the customer fills the form in the redirected Payment system page (Iframe), the Payment system or Payment processor records the transaction in its system and sends the response to the Company’s software that the transaction was successful. If the Payment System or Payment Provider identifies any suspicious fraudulent operations, a notification will be sent to the Company’s software and e-mail informing on the reasons as to why the specific transaction wasn’t successful.

vii) There are no non-guaranteed funds accepted by the Company.

viii) The Company is not liable in case where the customer’s account will not be credited within a specified time by fault of third parties (banks, payment processors, communication channels, etc.) or due to force majeure.

2.3.3 Credit Extended to Customers

The Company doesn’t allow wagers based upon non-guaranteed funds. The system automatically does not give credits to customers.

2.3.4 Account Management

i) The Company provides to the customers two types of bets:

- bets placed by the customer before the event (pre-match);

- bets placed during the event (live).

*Detailed description on the types of bets offered by the Company is found in Section 9 of the Terms and Conditions.

After the customer has placed a bet, the system debits the amount of wager to the customer’s account.

Bookmakers review the results calculated after each match for their correctness, as their performance is linked to the result. The correctness of the match result is checked by the relevant Department. The system then credits the funds into the customer’s account after the event/match is completed.

ii) Customers’ funds are not transferred to any associates.

iii) All transactions on the account are recorded in the trading platform system.

Records are maintained on the Company’s servers and instantaneous back-up is performed.

iv) No recourses are made on the customer’s account except for specific AML procedures.

v) Bonuses are accrued to the customer’s account in accordance with the internal rules regarding the bonuses and with the Terms and Conditions of the Company. The Customer must meet all the conditions of the bonus offer in order to be able to receive it.

2.3.5. Withdrawals from a Customer’s Funds

i) The Company provides the following ways for withdrawing from the gaming accounts by the customer:

- Through electronic systems (e-wallet, electronic money) – processing time is up to 12 hours.

- By the credit card (VISA / MasterCard) – processing time (3 to 6 business days)

ii) The Customer can withdraw any sum from his/her account that does not exceed the available account balance. The withdrawal can be processed as follows:

- via bank transfer to the Customer's bank account within 5 working days from the date of the request;

- by transfer via one of the available electronic Payment Systems account within 1 working day from the date of the request. (more information on Section 4 of the Terms and Conditions)

iii) The Customer initiates the request for withdrawal in his personal account and fills a special form. Each withdrawal is done to the same source from which the payment was made.

iv) Withdrawal from the betting account is available only after verifying that the personal data of the owner of the gaming account also match and/or correspond to the personal data of the owner of the account of the payment method used for the deposit. Money transfers in favor of other persons are strictly prohibited regardless of the degree of kinship with the Customer.

v) All expenses for the transfer of funds are borne by the recipient and deducted from the transferred amount.

vi) The Customer is responsible for providing authentic information at registration and keeping them updated with any changes to avoid any delays with requests for withdrawal.

vii) To perform a withdrawal from his/her gaming account, the Customer must go through the verification process by the Company.

The Company will verify the Customer’s identity and residential address, carry out safety procedures in relation to the gaming account and ensure that there is compliance with the all the provisions of the Company’s Terms and Conditions in relation to the payment of winnings.

Verification will be done by uploading a good quality color photo of your passport and other identification documents and photo of the front of the credit / debit card that was used for the account deposit. Please note that all the data must be clearly visible. In case of refusal / to verification, for any reason, the Company will provide feedback as to what is needed to correct.

viii) Commission of the withdrawal is clearly stated for each type of withdrawal method in the personal account of each customer.

Additional detailed information regarding the deposit and withdrawal of funds is mentioned in the Terms and Conditions of the Company.

No customer to customer transfers are possible within the system.

2.3.6 Rejected Transactions

The Company may reject a transaction of deposit in following cases:

- In case of suspicion or detection of fraud or hacked account

- In case of suspicion or detection that the credit card doesn’t belong to the owner of account.

The Payment system may reject deposits for several reasons but not excluding: Insufficient Funds, Transaction not permitted by cardholder, expired card, Invalid CVV2, Restricted card, Acquirer validation, Invalid card number, Transaction is not permitted, Lost/Stolen card, Invalid amount.

In case of fraud suspicion (multi-accounting, using of any software for automated betting, arbitrage betting, if the player's account is not used for betting and other products offered by the Company, abuse of loyalty programs, etc.) the Company reserves the right to suspend operations and / or the payments to player account at the time of player activity verification until its completion.

The Payment System may reject a transaction of withdrawal if the bank didn’t accept the transfer. In such case, the Payment System will return the funds to the Company.

If the Anti-Fraud Department discovers any unusual transaction (ie a rejected transaction) they will notify the MLRO for appropriate measures to be undertaken. Replaces “a STR can be filed.”

2.3.7 Customer Activity Statement

Details regarding the Customer’s activity can be checked in his/her personal page.

2.4 Closing Accounts

2.4.1 Inactive Accounts

According to Company’s terms, the account is considered inactive if there was no activity within the specific account for the last 6 months. A betting account with available funds is deemed to be “inactive” if for a period of 24 consecutive months the Customer has not made any transaction in the account. This means there were no entries to the account, no bets placed, no deposits or withdrawals made during this period.

The Company and its departments monitor the inactive accounts. The relevant Department keeps a register of all the inactive accounts. After the register is generated a notification is sent via the registered email address to the Customer. In addition, it is possible to contact the account owner via phone if a valid phone number was submitted during the registration/verification process.

All inactive accounts that have a transaction history are note removed from the system.

2.4.2 Deactivating or Closing Accounts

All accounts with a transaction history are note removed from the system.

The funds remaining in such accounts are frozen on the Customer’s demand (for example self-exclusion customers) are processed according to the withdrawal procedure.

2.4.3 Seized Accounts

The Anti-Fraud Department permanently monitors the Customer’s transactions. If an employee of the relevant Department detects unusual and/or suspicious activity, then the customer’s account may be blocked for a limited period so as to investigate it. Moreover, the Company has the right to cancel bets, forfeit winnings, and deduct bonuses from all relevant betting accounts.

2.4.3.1. The Company considers the following activities as suspicious:

i) the Customer is opening more than one betting account (for example, using same or similar names, address, telephone, emails, same or similar dynamic IP address, computers or other devices, etc.); and/or

ii) the Customer is acting as a part of syndicate (using same or similar names, address, telephone, emails, same or similar IP address, computers or other devices, acting on same or similar pattern).

After suspending the account, a notification appears on the customer’s page and the Support Team requires information and/or documents in order to check the suspicious action. Also additional information may be requested from affiliates who are processing deposits and withdrawals from the betting account, in order to obtain information about the origin of the funds.

The customer still has the possibility to access his/her personal account during the investigation process but the funds will remain frozen and no transactions will be allowed until the investigation is completed.

All investigation steps are recorded in the system. If the investigation is completed successfully, the relevant Department will unblock the account and the customer will be able to manage his/her funds again. If there were no response to the notification or the customer did not provided enough data to complete the investigation - the account will remain blocked until the requested documents are received.

2.5 Customers at Risk

2.5.1 Minors

According to the KYC Policy and Terms and Conditions of the Company, individuals under age (less than 18 years old) are not permitted to register and play.

100% coverage automatic check is made during the registration on the web-site www.parimatch.com.cy

The Customer bares the personal responsibility for providing false information. If the Company discovers that the Customer has provided any false information, then the Company is entitled to take all necessary measures as described in the KYC Policy and Terms and Conditions of the Company.

If it is discovered that a minor is using the gaming account, then the said account will be blocked immediately and all transactions in processing will be cancelled. Any funds remaining in this account will be returned to the owner of the account.

Should it be discovered that an underage player has deposited funds, the balance of those funds will be returned to the minor.

2.5.2 Problem Gambling

There are 3 ways of identification of the gambling problems and the respective following steps for each type of it:

The customer informs the Support team by himself about his gambling problem through e-mail or live chat or telephone. The request is forwarded to the Anti-Fraud Department for evaluation and to take all necessary actions to limit temporarily or block the account. After the Anti-Fraud Department has proceeded with the request, the customer is notified about the changes done to his account via e-mail.

Support Team review. While communicating with the customers, the Support Team identifies the problematic gambling customers through the live chats or calls. Usually such customers are harassing the Support Team or other customers or exhibit compulsive gambling behavior. One of the main triggers of the compulsive gambling behavior is the constant request of credit to be issued by the Company. (no one can issue any credits to customers).

Mathematical review. Anti-fraud department performs constant anti-fraud and AML analysis of all the customers’ actions. One of the triggers that is monitored by the department is problem gambling trigger. It includes following algorithms: if a customer has losses, which were increasing 10 times during 3 months (90 days) or if a customer doubled his loss each month during the last 12 months then he is identified as a problematic gambling customer. According to this analyses, Anti-fraud department makes a request to the Support department to contact the customer. The Support department initiates the communication with the customer, where describes the situation, give links to the problem gambling websites and propose to make a request regarding self-limitation with the most comfortable and suitable conditions for the customer.

After identifying α problem gambling customer through the above described ways, the customer received the “Problem gambling” status in the Company’s system.

More information regarding the Player’s Protection and the Responsible Betting can be found in Section 6 of the Terms and Conditions.

2.5.3 Self Limitation

In order to adhere to the principles of Responsible Betting, the Company obliges to always accept and enact electronic requests for player self-limitation. The customer is entitled to limit their gambling spend, set time limits or even take a pause by sending respective request to the Company via electronic mail or through his/her gaming account including their User ID and specific type, amount and time period of limitation.

Customers can request for the following types of restrictions (Self Limitation):

i) Limitation of maximum amount of funds the Customer can wager over certain time period (day, week, month);

ii) Limitation of maximum amount of funds the Customer can lose over certain time period;

ii) Setting time limit for the Customer’s betting sessions;

iii) Customer self-exclusion from betting - for a certain time period or indefinitely.

2.5.3.1. In case the Customer seeks to change an active limitation, the following rules apply:

If the request for change seeks to decrease or shorten the limitation or to cancel it, such request does not come into effect until 7 calendar days have passed since the original limitation was initiated;

If the request for change seeks to increase or prolong the limitation, such request must come into effect immediately upon the receipt by the Support team.

2.5.3.2. Customers seeking better understanding of the types of limitations that can be enforced are encouraged to contact the Company’s Support Team at [email protected]

2.5.4 Player Protection Information

Each customer can access the Responsible Gambling website by following the below link - https://parimatch.com.cy/faq/responsiblegambling

The page includes advises on the responsible gambling, a self-review test and information regarding gambling advisory organizations.

Each customer after successful logging in to his/her account, gets access to his page (Customers are notified about the importance of keeping their ID and Password secure after they finish their registration on the website). After registration it is one of the customer’s responsibilities and/or requirements to keep his/her account number ID and the password to it secret.

The page includes:

1.The customer’s finance data:

-the account number, the account balance, withdrawal request – on the summary page

-history of all the movements that were done in the system (date, time, amount, type of operation and description of the source of payment)

2.Customer bets information:

-Date, time, amount, sport event, odd and result of each bet that was done

3.Customer’s unfinished bets

-Date, time, amount, sport event, odd of each bet that was done, but hasn’t played yet

4.Deposit/withdrawal page, where the customer can review all possible ways for the depositing and withdrawal of funds, check the commission and select the most convenient type.

5.Account set-up view, where the customer can update his information, add documents and change password etc. Also, the customer can see bonus program related to him.

As all the transactions in the customers’ page register time and date of the operation, the customer can track any changes and actions that were done. Also, if the customer has any doubts, he can easily access the support chat from his page and check the IP address and date of the last login.

At the bottom line of the website there is a link to the Gambling Therapy website (http://responsiblegaming.gov.cy/). The link is shown constantly on all the pages.

2.6 Accepting Wagers

2.6.1 Real Play

Wagers can only be accepted from registered customers, that have passed the Due Diligence process and have registered their personal account for the website. Wagers can be accepted in any circumstances, except were:

-There are not enough funds in the customer’s account

-The customer was required to perform enhanced additional due diligence, but hasn’t finish it yet

-The Anti-Fraud Department has shortly blocked the account based on unusual and/or suspicious actions until the customer confirms that everything is correct.

2.7 Customer Complaints

2.7.1. In the event of a dispute, it is advisable that the Customer lodges a written complaint to the Company through the Customer Support service ([email protected]).

The complaint must contain clear and unequivocal information about the complainant's identity and shall give all the relevant details that gave rise to the complaint, including the relevant financial documents confirming the payment of the placed bet(s).

2.7.2. The Customer and the Company should do their utmost to reach an amicable settlement within a reasonable time.

As a general rule, the Company will make a decision on the Customer’s complaint within 10 working days.

2.7.3. Any dispute or claim arising out of or in connection with the Terms and Conditions, KYC Policy or its subject matter, whether of a contractual or non-contractual nature, shall be governed by and construed in accordance with the laws of the Republic of Cyprus.

2.7.4. If for some reason the customer is not satisfied with the resolution of the complaint by the Company, he/she can lodge a complaint with the NBA:

NATIONAL BETTING AUTHORITY

Digeni Akrita 83,

1070 Nicosia

Call center: +357 22 881 800

Email: [email protected]

2.7.5. The complaint to the NBA must contain clear and unequivocal information about the complainant's identity and shall give all the relevant details that gave rise to the complaint.

The Customer’s complaint to the NBA will be governed by the procedure for submission and examination of complaints approved by the NBA and published on the NBA website.

2.7.6. It is expressly stated that for all unresolved complaints, the final judgement/decision is done by the National Betting Authority (NBA).

3. Registers

The Company maintains registers of essential gambling information. The system has the ability to generate an automated register on demand. All the data is saved in the Customer’s register, which includes but not limited to:

1) All registration data (name, surname, address etc)

2) All payment data (all movements and payment methods)

3) History of all bets

4) Status of the Anti-fraud and other responsible departments

5) Comments of Payment or Anti-fraud department

6) Limits placed for the customers