top of page

The AML and financial crime risks at the core of the gambling business, and how to address them

The European Gaming and Betting Association (EGBA) has just produced guidelines for the European online gambling industry on combating money laundering and terrorist financing.

This is not only a very welcome development, but also an indication that things are changing for the gaming and gambling business.

In many jurisdictions, regulators are beginning to scrutinize controls in a manner that was once exclusive to financial services institutions.

In essence, they are ordering remediation and prescribing audits on it as a means of compelling businesses to do more than just pay for noncompliance.

In several regions of the globe, gaming businesses face legal action for misrepresenting their regulatory compliance efforts. And it is becoming increasingly usual for banks to check the AML controls of gaming businesses before opening bank accounts.

Below there is a brief analysis of the AML and financial crime hazards of the gaming industry, as well as ways to fix them.

Financial crime in the gaming industry is not a myth

Financial crime occurs through gaming and gambling. It is a reality. The Italian Mafia, the North Korean Lazarus Group, Eastern European and Russian organized crime have all been known to use online gambling accounts for money laundering. It can take many different shapes and need not entail intricate strategies.

Frequently, criminal funds are deposited through accounts that appear entirely legitimate and have complete KYC. The account "plays" for a short time and then transfers the monies to reputable banks as totally clean and legitimate earnings.

There is also the purchase of accounts by organized crime, chip dumping, the use of transactions as a form of payment, and the ownership and control of gaming operators by criminals whose sole aim is to facilitate financial crimes. Recent years have also witnessed the growth of online gaming economies and their use to transfer and legitimize criminal gains.

So why the current emphasis on the industry?

Among other things, it is believed that the industry's lack of oversight for a while was a contributing factor. Controlling and regulating an industry from the perspective of financial crime involves scarce talents and resources. In the meantime, criminals have a knack for identifying weak backdoors into systems and exploiting them on a massive scale, before anyone notices and begins constructing defenses.

In order to make a difference in this industry, regulatory capacity and expertise must be strengthened.

Not only what we do, but also how we do it, matters.

The reoccurrence of failures across institutions is a source of irritation for those who work in anti-financial crime; the gaming business is no exception. A global examination of recent fines reveals a striking homogeneity in the low quality of key controls.

Poor customer risk assessments and lack of due diligence come first. Although it is impossible to disagree that they are a vulnerability for the sector, it is worthwhile to explore the proposed solutions. The guidelines' recommendation that operators employ a risk-based approach is positive. But what exactly does risk-based mean?

When a customer is initially onboarded, they may appear to pose a low level of risk, which is often the case with the accounts who provide the greatest concern. Nonetheless, their playing and transactional past provides cause for caution. Customer risk assessment is basically worthless without continuous monitoring and a feedback loop between the two.

And "robust transaction monitoring" does not imply, as I have observed in some instances, an attempt to expand an anti-fraud or responsible gaming situation to encompass financial crime.

Ultimately, government. Common failures include relegating anti-financial crime measures and the MLRO to a minor position, disconnected from decision-making and subordinate to commercial imperatives.

In the United Kingdom and many other jurisdictions, the ultimate responsibility for overseeing the installation of robust controls in their firm rests with senior managers. Inadequate engagement and oversight by senior management continue to be an everyday occurrence, as do disparities between policy and practice.

Such examples include operators that claim they do not permit consumers to play without proper due diligence, but who habitually do so because the playing platform is administered by a third party over whom they have no authority and which disregards the operator's requirements.

This goes to the heart of one of the most significant challenges gaming operators face: their reliance on a complex network of platforms, providers, distributors, and third-party service providers (including providers of outsourced AML checks). This increases the potential of financial crime and necessitates thorough control, to a degree that it appears some industry players have not yet come to grasp.

In a manner analogous to the banking industry, one has to worry that the gaming industry will go from a lack of controls to check-box, tokenistic procedures. It is a stage that it is better ommited , if for no other reason than that it is a waste of financial and human resources.

The all-too-common problem of inconsistent implementation

The moment has come for those operators who seek to enjoy the benefits of more mainstream countries to take financial crime control seriously.

Inconsistent implementation across countries poses a significant risk to the security of our systems. Certainly not a phenomenon unique to the gaming industry, the crypto industry sees a similar situation.

From political pressures to a shortage of resources, certain countries are more stringent than others when it comes to how they supervise the industry and address deficiencies. Inevitably, this provides the chance for a little regulatory arbitrage, as operators with a lower appetite for being regulated choose to be licensed in more permissive jurisdictions.

Once again, however, we are all as susceptible to financial crime as our weakest link. Jurisdictions  have little to no significance, and the best defense is to strengthen across borders. We can only hope that the pressure exerted by international organizations such as FATF will result in a more fair playing field and widespread uniformity.



bottom of page