Over recent weeks it seems like several organisations within the gambling industry have been falling foul of anti-money laundering and know your customer responsibility, perhaps most prevalently in the UK.
Here, Andrew Sever, Co-Founder and CEO of Sumsub, dissects the prevalent issue by looking at the increasing rate of regulatory action, contributing factors and crucially what needs to be done to avoid such action moving forward and halt a potentially declining public perception.
CasinoBeats: A little over £20m in penalty packages have been issued in August alone by the UK Gambling Commission for social responsibility and anti-money laundering failings, with various other examples evident over recent months across other regions. Why do you believe that this is such a prevalent issue within the online gambling space?
Andrew Sever: We can definitely see a trend of increasing penalties in recent years. For instance, the total amount of fines issued in 2021 exceeded £40 million, and this year’s total has already passed £44m, with an enormous settlement of £17m issued by UKGC to British gambling platform Entain.
The primary reason for this is the government’s tendency to toughen regulation of the gaming industry, which has seen incredible growth over the past two years. Industry growth started in the pandemic and is now forecast to reach $140bn by 2026, with a compound annual growth rate (CAGR) of approximately 11 per cent over the forecast period. And with explosive growth comes greater exposure to different types of fraud attacks.
That’s why many governments intend to maintain stricter control over the industry’s compliance. So we can expect to see continuing regulatory focus on the sector’s compliance agenda and more scrutiny when it comes to monitoring the operations of industry players. All this leads to more penalties.
CB: What do you believe are the prime reasons for such a slew of similar regulatory actions taking place? Where are gambling incumbents seeming to fall foul at an increasing rate?
AS: The terms and implementation periods of regulatory changes are not always easy to follow for gaming industry players. While online casinos seek to onboard more users as fast as possible, they can also neglect or miss compliance and security requirements, which results in heavy fines or even suspended or revoked licences.
The key failures in online gambling can be divided into two categories: AML failures and social responsibility failures. The first is connected with the major industry problem of money laundering. This is when “dirty” money is deposited onto a gambling platform and the perpetrator then withdraws it as “winnings” after playing one or two games.
The problem is mostly connected with ineffective threshold triggers and inappropriate controls conducted by gambling operators, allowing players to spend big in a short period of time and not requiring solid proof of funds and transaction checks.
Social responsibility failures are based on recent regulatory changes, where states have been obliging online casinos to take responsibility in denying deposits, cancelling withdrawals, shortening gameplay sessions and more actions to protect those gamblers showing signs of harm.
Failure to do so has led to bigger and more frequent fines, such as one of the most severe penalties of 2022—a £9.4m fine issued by the UKGC to 888 UK Limited. The operator failed to implement the Gambling Commission’s formal guidance on customer interaction, allowing customers to gamble with large amounts of money in absence of adequate due diligence and source of funds checks.
CB: How much do you believe recent, or impending, changes will help when it comes to such issues?
AS: We see that changes in regulation aimed to fight money laundering and protect users from harmful behaviour and gambling addiction are becoming common even in less strictly regulated jurisdictions. For instance, in July, the Curaçao government confirmed its intention to tighten regulations for the gaming industry.
Any gaming or gambling platform registered in the country is therefore obliged to introduce proper KYC procedure by 2023 – and those who don’t will be at risk of paying fines.
That is why we can assume that AML-compliant KYC procedures will soon become the standard for any reputable gambling company anywhere in the world. This would mean greater attention and investment into compliance and security controls (both in-house and outsourced) by industry players.
Structured compliance regulation would help weed out unscrupulous players from the industry and protect users. Otherwise, platforms with little or no KYC expose clients to multiple risks. Users may lose their deposits and winnings. Even worse, their bank card or identity data may be compromised.
Conversely, robust KYC procedures normally ensure that users experience no trouble with withdrawals and rest assured knowing their accounts are safe. Hopefully, the current and incoming changes will lead to more efficient AML and KYC compliance procedures in the industry and higher user awareness of safety standards
CB: How much of an issue do you believe the rising cost of compliance is for companies? And how can this be combatted?
AS: Stricter regulations mean enrolment of more comprehensive (and therefore more expensive) compliance and anti-fraud services. There is no one-size-fits-all compliance regime, so each online casino must develop one in accordance with the specifics of their business.
To reduce the costs of KYC/AML checks, verification checks can be allocated throughout the player lifecycle. This means inserting different checks at the right time. For example, bank card verification and biometric checks can be requested after initial onboarding, at the first deposit stage or even the withdrawal stage.
This way, the onboarding flow at registration is as smooth as possible, containing only basic steps that do not require extra costs. We also can implement customised controls, like SSN checks in the US, or advanced solutions like Geo-based proof of address.
No matter how expensive a compliance program may seem, its costs cannot outweigh the risk of penalties from state regulators. One single failure in meeting regulatory standards may lead to millions spent on fines alone, not to mention the reputational damage and potential licence revocation. Still, we try to keep KYC/AML costs of our clients as optimized as possible, which includes only charging for successful checks.
CB: And, perhaps most importantly, what do companies need to do to avoid such penalties/fines and potentially worse for infractions which also cause damage to public perception?
AS: The only way to avoid fines and reputational risks is to stay compliant with regulations where you operate. This requires investment into strong in-house compliance and security teams, as well as a partnership with a trusted, all-in-one verification provider that fights money laundering and other types of fraud.
In practice, even one undetected case may lead to fines, unless the gambling operator has strong verification policies that prove that a specific case was just an exception within the margin of error. It’s also recommended that gaming businesses let regulators know that they have proper KYC checks in place for fraud protection and AML compliance, even if some of their requirements are not followed to the letter.
AML compliance programs should be tailored to the specifics of a given business and to the market it operates in. They should include steps that detect, analyze and report incidents of money laundering and fraud. Each operator is obliged to introduce a certain format for due diligence measures.
For online casinos, it’s enhanced due diligence with a wider spectrum of documents needed for verification of proof of funds, which may vary from country to country. Some regulators require biometric checks of online gamblers, as is done in the UK, whereas in Germany, video identification is sometimes requested.
Other things to keep in mind are annual employee trainings for in-house compliance officers, reporting procedures for instances of known or suspected money laundering and terrorist financing, and money lending prevention measures.
The biggest challenge for gambling operators remains in building effective KYC flows that meet the full range of regulatory requirements. Such flows should be secure and compliant, but also fast enough to avoid user drop-offs, especially during high-traffic events like the upcoming World Cup in Qatar. At Sumsub we work closely with gaming and gambling platforms to provide fast-paced onboarding with an average speed of 50 seconds or less.
Recently we published our first KYC guide for gaming companies in Europe, sharing detailed information on regulatory requirements and useful tips on how to build efficient user verification flows and keep onboarding rates high.