A German player’s GDPR request, reviewed by FinTelegram, has exposed a critical compliance issue: the Cyprus-regulated EMI Payabl processed multiple credit card deposits to Santeda International Limited, the payment agent behind offshore casino GoldenBet, which operates without an EU license. Despite being alerted to the illegality and the player’s gambling addiction, Payabl refused refunds, citing lack of a direct contractual relationship. The case raises serious questions about AML, gambling compliance, and the effectiveness of regulatory oversight — especially in light of the Central Bank of Cyprus’ major penalty against Payabl in 2025.
Key Findings
- Confirmed transaction processing: Payabl (payabl.com) provided a transaction list (reviewed by FinTelegram) showing multiple successful payments to Santeda International Limited totaling €565.00
- Merchant identification is clear: All transactions carry the descriptor SantedaInternationalLimited, eliminating ambiguity about the merchant.
- Payabl acknowledges role as PSP: The company confirms it provides payment services to its “clients” (i.e. merchants like Santeda).
- Refund refusal: Payabl declined to process refunds because the player is “not a direct contractual client.”
- Legal notice given: The player explicitly informed Payabl that Santeda operates illegal gambling services in Germany and referenced the Glücksspielstaatsvertrag (GlüStV 2021).
- MiFinity simulation confirms payment agent: Deposits are routed to Santeda International Limited as beneficiary (screenshot evidence).
- Responsible gambling failure: Player had prior self-exclusion history and declared gambling addiction, yet deposits were processed.
Transaction Evidence: Direct Link To Santeda
The transaction file provided by Payabl is the strongest possible evidentiary element.
It shows:
- Merchant: Santeda International Limited
- Card payments: Multiple Mastercard transactions
- Dates: August 2025
- Status: All marked “Successful”
👉 There is no intermediary masking in the descriptor.
This is critical: Payabl processed payments directly attributable to Santeda — not an unknown gateway or disguised merchant.
GoldenBet & Santeda: The Illegal Gambling Context
The whistleblower’s statement — supported by the transaction data — establishes:
- GoldenBet is operated by Santeda Group
- No EU / German license exists
- German law (GlüStV 2021) explicitly:
- prohibits unlicensed gambling
- prohibits facilitating payments for such operators
The player explicitly notified Payabl:
- the operator is unlicensed
- contracts are legally void
- refunds are legally required (unjust enrichment doctrine)
- prior court rulings exist against related Santeda brands
👉 This transforms the case from a “possible compliance issue” into a “known-risk scenario explicitly escalated to the PSP.”
Payabl’s Response: The Critical Compliance Position
Payabl’s official response is revealing: “As you do not have a direct contractual relationship… we are unable to… execute a refund.”
Interpretation:
Payabl is asserting:
- It serves merchants (Santeda)
- Not end users (players)
👉 This is technically correct under payment-services structure — but compliance-relevant incomplete.
Compliance Analysis: Where The Problem Lies
1. Knowledge Threshold Is Met
Payabl was informed that:
- Santeda operates illegally in Germany
- The player is a gambling addict
- The transactions are legally void
- litigation history exists
👉 From that point onward: Payabl cannot be considered unaware of the risk.
2. Merchant Risk Is Not Hypothetical — It Is Identified
The transaction list:
- names Santeda explicitly
- shows repeated payments
- confirms ongoing merchant activity
👉 This is not a hidden merchant scenario
👉 This is direct merchant exposure
3. Payment Facilitation Risk Under EU Law
Under EU AML and national gambling laws:
Payment institutions must:
- assess merchant legality
- monitor transaction purpose
- detect illegal activity patterns
- file SARs where appropriate
In Germany (GlüStV):
👉 Payment facilitation for illegal gambling is prohibited
4. Responsible Gambling Failure
The player states:
- prior self-exclusion (2022)
- gambling addiction disclosed
- operator ignored safeguards
👉 If true, this creates:
- enhanced duty of care
- heightened transaction risk
For a PSP:
- repeated deposits under such conditions are a red flag
- potential indicator of exploitation / harmful use
The 2025 Central Bank of Cyprus Penalty
The Central Bank of Cyprus (CBC) imposed a major AML-related penalty on Payabl in 2025. Note: On 12 December 2025, Payabl. Cy Ltd registered Appeal no.1405/2025 before the Administrative Court against the decision of the CBC.
What the penalty indicates:
Although framed as AML deficiencies, such penalties typically relate to:
- inadequate transaction monitoring
- weak merchant due diligence
- insufficient risk classification
- failure to detect high-risk flows
Interpretation in the GoldenBet context
The GoldenBet/Santeda case fits exactly into the risk category highlighted by such penalties:
| CBC Risk Category | GoldenBet Case |
|---|---|
| High-risk merchant exposure | Santeda (offshore casino) |
| AML monitoring gaps | repeated gambling deposits |
| Legal/regulatory mismatch | illegal in Germany |
| consumer harm indicators | gambling addiction disclosed |
| transaction pattern risk | multiple small deposits |
👉 Therefore: The GoldenBet case can be interpreted as a real-world manifestation of the systemic weaknesses that led to the CBC penalty.
Conclusion
This case is not speculative. It is documented, traceable, and acknowledged by the PSP itself.
- Payabl processed payments to Santeda
- Santeda operates GoldenBet
- GoldenBet operates without EU license
- Payabl was informed of this
- Payabl declined intervention
👉 This creates a clear compliance tension between contractual PSP structure
vs. regulatory obligations (AML + gambling law)
Whistle42 Call
FinTelegram invites insiders from:
- Payabl
- Santeda Group
- MiFinity
- acquiring banks
- compliance teams
to submit:
- merchant onboarding files
- risk assessments
- SAR filings
- internal alerts
- transaction monitoring logs
via Whistle42.
