FinTelegram Intelligence Report: The “Colors & Animals” Payment Laundering Network

A sophisticated money laundering network has been identified that systematically rotates disposable Cypriot payment processing entities to facilitate illegal online casinos targeting Dutch and German consumers. The operation employs a distinctive “Colors & Animals” naming convention for its payment shells, which are cycled through when individual entities face regulatory sanctions.

This report validates and expands upon whistleblower intelligence received by FinTelegram, revealing a calculated strategy of entity “phoenixing” designed to evade enforcement actions by the Dutch Kansspelautoriteit (KSA) while maintaining continuous payment rail access through complicit corporate service providers and regulated fintech intermediaries.

Network Architecture Analysis

The “Colors & Animals” Payment Shell Rotation System

The network operates through a deliberate pattern of disposable payment processing entities, each following a consistent naming convention that combines a color with an animal. This systematic approach enables rapid replacement of compromised entities while maintaining operational continuity for underlying casino brands.

Documented Payment Agent Evolution (2023–Present):

The rotation pattern demonstrates a responsive adaptation to regulatory pressure. When Sarah Eternal received a €900,000 penalty from Dutch authorities for operating Casinosky without proper player exclusion measures, the network seamlessly transferred processing volume to Red Raven Limited (Cyprus), which leveraged Yapily‘s open banking infrastructure throughout 2023. Following Red Raven’s identification, operations shifted to Brown Bear Limited and Moody Moose, both currently active and registered within Cyprus’s corporate ecosystem.​

The Infrastructure Hub: Emidala Business Services & Lokemor Ltd

All identified payment shells connect to a single administrative nexus in Cyprus, creating a centralized command structure that facilitates coordinated evasion efforts.

Corporate Registry Evidence:

• Emidala Business Centre Ltd (HE 443388) lists Georgia Katsampa as Director and Lokemor Limited as Secretary​
• Lokemor Limited (HE 283397) maintains active status and appears as secretary for multiple entities in the network​
• Georgia Katsampa serves as director across numerous Cyprus companies, including Emidala Business Centre Ltd, Nordam Invest Ltd, and Blue Triangle Limited​
• Giorgoulla Tsiakkirouappears as liquidator in British Virgin Islands corporate notices, suggesting involvement in cross-jurisdictional entity management​

The Hadjiyianni Building at 34 Makarios III, 3065 Limassol, Cyprus, serves as the physical locus for this network. Red Raven Limited and related entities register at this specific address, which functions as a shared operational base enabling centralized control while maintaining nominal corporate separation.​

So the “admin nexus” thesis is directionally supported: same secretary company, same director, same address, multiple shells.

Corporate Shuffling Mechanisms

The Deep Dive Tech B.V. Facade

The whistleblower report identifies a strategic corporate restructuring designed to obscure beneficial ownership and operator responsibility. Previously, brands including Bull Casino, Simple Casino, and Casino Sky maintained visible associations with Hero Gaming. Recent scrubbing of these connections from Hero Gaming‘s corporate website represents a deliberate distancing maneuver.

Deep Dive Tech B.V. has emerged as the new ostensible operator, registered in Curacao under license 365/JAZ (registration number 154314). However, this entity utilizes the identical payment laundering route (Emidala → Brown Bear/Moody Moose) as the previous structure, demonstrating operational continuity despite nominal ownership changes.​

Critical Finding: Deep Dive Tech B.V.’s PlayBoom.com brand explicitly names Red Raven Limited and Silver Swan Limited—both registered at the Hadjiyianni Building in Limassol—as “service providers”. This admission directly links the Curacao-licensed operator to the Cypriot payment shell network, confirming the whistleblower’s assertion of a unified laundering infrastructure.​

Hero Gaming Distancing Strategy

The removal of Bull Casino, Simple Casino, and Casino Sky from Hero Gaming‘s corporate disclosures follows a predictable pattern in illegal gambling operations. When regulatory scrutiny intensifies, parent entities attempt to sever visible connections to high-risk brands while maintaining underlying commercial relationships through opaque service agreements. This tactic creates plausible deniability while preserving revenue streams.

Payment Rail Analysis: The Yapily Connect UAB Facilitation

The network’s persistence depends critically on access to legitimate payment infrastructure. Yapily Connect UAB d/b/a Yapily (www.yapily.com), a regulated Lithuanian fintech provider, facilitated transaction traffic for Red Raven Limited throughout 2023 despite clear indicators of high-risk gambling activity targeting prohibited markets.​

The Bank of Lithuania lists Yapily Connect UAB with authorization code LB002045 as a Payment Institution (license valid from 2020-12-23). The UK FCA regulated Yapily Connect Ltd as a Payment Institution with the reference number 827001.

Yapily’s iGaming Positioning: The company actively markets its open banking solutions to gambling operators, emphasizing “fast, secure bank transfers with strong customer authentication” and claiming its infrastructure “supports AML and KYC frameworks”. However, the continued processing of transactions for Red Raven Limited—an unlicensed operator serving Dutch and German markets—demonstrates either willful blindness or inadequate due diligence.​

In our reviews and payment rails analyses over the past few months, we have already identified Yapily several times as an open banking facilitator for illegal offshore casinos. Read our reports here:

Read our Yapily Reports here.

Systemic Vulnerability: This case exemplifies a broader pattern where regulated fintechs become inadvertent (or complicit) enablers of illegal gambling. The network’s ability to shift volume from Sarah Eternal to Red Raven to Moody Moose without interruption indicates that payment processors prioritize transaction volume over compliance verification, creating systemic regulatory gaps.

Regulatory Evasion: The Phoenixing Strategy

The “Colors & Animals” methodology represents a refined version of entity phoenixing, where new corporate vehicles emerge as old ones face enforcement. Key characteristics include:

1. Rapid Entity Creation: Cyprus’s light-touch incorporation regime enables swift establishment of replacement shells
2. Shared Infrastructure: Common directors, addresses, and service providers maintain operational continuity while creating nominal separation
3. Jurisdictional Arbitrage: Costa Rica registration for Sarah Eternal, Curacao licensing for Deep Dive Tech B.V., and Cyprus domicile for payment processors exploit regulatory gaps between jurisdictions
4. Fintech Intermediation: Using regulated open banking providers like Yapily adds legitimacy layers that obscure ultimate beneficiary relationships

KSA Enforcement Limitations

The Dutch regulator’s actions against Sarah Eternal, while substantial, demonstrate enforcement challenges in cross-border gambling cases. The €900,000 fine—exceeding the standard €600,000 base penalty due to aggravating factors like cryptocurrency acceptance and lack of age verification—represents a significant sanction. However, the network’s immediate pivot to alternative payment shells illustrates the limitations of entity-specific enforcement without parallel action against infrastructure providers.​

Aggravating Factors Identified by KSA:

• No age verification mechanisms, enabling minor access​
• Cryptocurrency payment acceptance​
• Autoplay functionality​
• No geographic blocking for Dutch players​

These violations, while serious, triggered only entity-level sanctions rather than broader payment rail disruption.

Risk Assessment and Market Impact

Target Market Penetration

The network specifically targets Dutch and German consumers, exploiting these markets’ strict gambling regulations and high player value. The Netherlands’ regulated online gambling market, operational since October 2021, has intensified enforcement against illegal operators. However, the “Colors & Animals” network’s persistence indicates continued demand for unlicensed platforms, particularly among high-stakes players seeking to circumvent deposit limits and self-exclusion mechanisms.​

Consumer Protection Failures

The absence of age verification and responsible gambling measures—highlighted in KSA’s Sarah Eternal investigation—exposes vulnerable consumers to significant harm. The network’s cryptocurrency integration further complicates player protection, as crypto transactions bypass traditional banking safeguards and enable anonymous gambling.

Money Laundering Vulnerabilities

The rotation of payment shells through a centralized Cypriot hub creates ideal conditions for money laundering. The network’s structure—combining offshore licensing, opaque corporate ownership, and fintech-facilitated bank transfers—mirrors typologies identified in FATF guidance on casino-related money laundering. The use of open banking APIs may enable layering of illicit funds through seemingly legitimate transaction patterns.

Recommendations for Investigators

Immediate Actions

1. Enhanced Due diligence on Cyprus Corporate Service Providers: Regulatory authorities should scrutinize Emidala Business Services Ltd and Lokemor Limited for potential violations of AML obligations in facilitating payment shell creation for illegal gambling operators.
2. Fintech Supervision Review: Lithuanian regulators should examine Yapily Connect UAB’s merchant onboarding procedures and transaction monitoring systems to assess compliance with PSD2 and AMLD5 requirements regarding high-risk merchants.
3. Cross-Border Information Sharing: Dutch KSA, German GGL, and Cyprus Gaming and Casino Supervision Commission should establish joint investigation protocols targeting payment infrastructure rather than individual operators.

Long-Term Strategic Responses

1. Payment Rail Targeting: Instead of focusing solely on gambling operators, enforcement agencies should target the payment processors and corporate service providers that enable these networks. This includes potential sanctions against entities that repeatedly facilitate illegal gambling transactions.
2. Beneficial Ownership Transparency: Cyprus should be urged to implement stricter beneficial ownership disclosure requirements for companies providing services to licensed gambling operators, particularly those serving EU markets.
3. Fintech Liability Frameworks: EU regulators should clarify liability frameworks for open banking providers that process transactions for unlicensed gambling operators, potentially including administrative fines for repeated compliance failures.
4. Intelligence Sharing Platform: Establish a dedicated EU-wide intelligence sharing mechanism for illegal gambling payment patterns, enabling real-time identification of emerging shell entities before they achieve scale.

Conclusion

The “Colors & Animals” network represents a sophisticated adaptation to intensified EU gambling enforcement. By rotating disposable payment shells through a centralized Cypriot infrastructure hub while maintaining continuous access to regulated fintech payment rails, the operators have created a resilient system that neutralizes entity-specific sanctions. The whistleblower’s intelligence has been substantially validated through corporate registry analysis, regulatory filings, and payment processor documentation.

The network’s continued operation despite the KSA’s €900,000 sanction against Sarah Eternal demonstrates that current enforcement approaches—targeting individual operators rather than infrastructure—are insufficient. Effective disruption requires parallel action against corporate service providers, payment processors, and the jurisdictions that harbor them. The Emidala-Lokemor nexus in Cyprus and Yapily’s facilitation through Lithuania represent critical intervention points where regulatory action could achieve systemic impact rather than temporary disruption.

FinTelegram will continue monitoring this network’s evolution and coordinate with regulatory partners to support enforcement actions targeting the infrastructure enabling illegal cross-border gambling operations.