Sumsub
The Sumsuber

Best practices for KYC/AML

Guides
2022-08-09
6 min read

Casino Compliance: 6 Common Mistakes and How to Avoid Them

Learn how to avoid painful fines and reputational risks brought by non-compliance with casino regulations.

Global online gambling and betting is predicted to surpass $172.23 billion by 2030. As the industry continues to grow, regulators will start taking an even closer look, raising the potential for huge fines. Just two years ago, online betting firm Betway was handed the biggest fine in UK gambling history—a record £11.6m ($14m)— for failing to fulfill obligations to prevent both money laundering and problem gambling.

This article considers the most common mistakes in casino compliance, as well as some unexpected issues that firms regularly face, with real-world examples.

Sumsub’s legal team has also included a casino compliance checklist to further help you avoid painful fines and reputational damage.

  1. Mistake #1: improper identity checks
  2. Mistake #2: failure to verify proof of source of funds
  3. Mistake #3: poor client monitoring
  4. Mistake #4: failure to conduct assessment of affordability
  5. Mistake #5: loose risk assessment
  6. Mistake #6: undetected problem gambling

Fraud has become a real menace for the gambling industry, with schemes like bonus hunting, multi-accounting, account takeovers and illicit chargebacks on the rise.

Sumsub is here to help. With this guide, you’ll be able to:

  • build a proper KYC process in the EU and UK,
  • screen customers for money laundering,
  • enforce age verification requirements without slowing down the onboarding process.

Mistake #1: improper identity checks

Casinos often neglect identity checks by failing to adequately automate the process. For example, Videoslots failed to perform an accurate identity check on a client, who managed to pass verification with a fraudulent driving license, resulting in a £1m ($1.2m) fine for the company.

Lessons to be learned

Identity verification is critical for singling out fraudsters and underaged users trying to access casinos. To stay up to date with regulatory requirements and properly conduct checks, companies require gambling operators to implement KYC—a legal requirement for complying with AML laws. To do this, companies should implement the following:

  • Proper AML policies
    A company’s AML policy is based on its risk assessment and includes different internal controls, such as know your customer (KYC) procedures  as well as  real-time screening. Compliance officers have to carefully follow the guidelines to thoroughly verify every client. Accordingly, it’s important to specify what is asked of a user, how the information should be processed to safely confirm its validity, what happens if the submitted document is rejected as invalid or fake, etc.
  • Automated checks
    Automating your document verification process helps identify fake applicants faster and more accurately while avoiding multi-accounting.

Mistake #2: failure to verify proof of source of funds

Inadequate proof of source of funds (PoSoF) checks can be a serious violation of AML requirements. Casinos often allow a customer to gamble while being led into the dark about the source of their money, which could easily have been obtained illegally. Casumo (fined £5.85m or $7.1m) and Betfred (fined £322k or $390k) both went down the same road.

Lessons to be learned

Determining a client’s source of funds must be the first item on the agenda for any casino. This way, businesses can block offenders who deposit illegally obtained funds, as well as addicts who steal from their family to place a bet.

  • Upfront PoSoF verification
    Don’t put it off until later. It’s better to verify proof of source of funds from the start. This way, the business will be aware of the gambler’s salary, blocking their account if losses exceed disposable income.
  • Proper PoSoF guidelines
    Casinos must ensure that they’re maintaining the right PoSoF standards, specifying when PoSoF will be requested, how it’s checked by compliance officers, and what happens if a submitted document is rejected as invalid or fake.
  • Automatic triggers
    Setting up automatic triggers for PoSoF verification helps ensure users actually go through the check. If a business implements these triggers, their system will block the user’s account until the appropriate document has been submitted and verified. An example of such, could be a losing streak trigger.
  • Employee training
    Staff training is crucial in the casino compliance procedure. Accordingly, compliance teams need to know when to request and how to verify PoSoF.

Mistake #3: poor client monitoring

Once a client has been onboarded and verified, some casinos lower their guard. Yet, failing to scrutinize sources of funds and transactions on an ongoing basis is another serious AML violation. Daub Alderney, a casino which runs aspers.com, kittybingo.com, luckypantsbingo.com, luckyvip.com, magicalvegas.com, regalwins.com, and spinandwin.com, was fined £7.1m or $8.6m for failing to conduct appropriate ongoing monitoring of a business relationship.

Lessons to be learned

A customer’s risk profile may change over time, which calls for

  • Non-stop monitoring
    The surveillance of an individual shouldn’t stop after the user has been onboarded.
  • Compliance reports on monitoring
    It’s crucial for businesses to continuously document their AML processes in order to report their actions to regulators if suspicious activity was detected on the platform. Without these reports, casinos are likely to receive even bigger fines.

Mistake #4: failure to conduct assessment of affordability

Assessment of affordability is now part of the customer interaction guidance of provision 3.4.3 of the UK Gambling Commission, which will come into effect on September 12, 2022. 

As the Gambling Commission advises, operators should identify clients experiencing or at risk of harm and intervene to earliest opportunity. Open source data can help operators assess affordability for their UK customer base and improve risk assessment.

There are many cases of casinos setting deposits at inappropriately high levels, compared to the average amount that most can spend on leisure activities.Online casino company 888 failed to carry out proper financial checks until their customers had deposited £40k ($48.5k). As a result, one vulnerable client lost £37k ($44.9k) in just six weeks during 2020. A £9.4m ($11.4m) fine followed, which is the third highest in the history of British gambling regulation.

Lessons to be learned

  • Customer base
    Consider your customer base and individual customer’s disposable income levels (keeping gross earnings in mind) as a starting point for setting benchmark triggers that flag vulnerable players.
  • Establish trigger groups and interact with customers
    Set adequate affordability triggers to protect clients from gambling-related harm. If a customer wishes to spend more than the national average, ask them to provide supporting information, such as three months’ payslips, P60s, tax returns or bank statements.
  • COVID-19
    The Pandemic dramatically influenced people’s gambling habits. According to data analysis conducted by the UK Gambling Commission, 40% of people saw a decrease in their disposable income, while 20% of the population reported a decrease to their mental health during lockdown, and may have sought additional forms of entertainment or betting activities unrelated to shuttered sporting events. Thus, close attention should be paid to possibly addicted clients.
  • Continue your monitoring
    Keep an eye on customers even if they’re in the profit trigger and their winnings show that they can be moved to a higher trigger. Such customers can also express signs of gambling addiction or gambling-related harm.

Mistake #5: loose risk assessment

Some casinos neglect proper risk assessment, failing to spot clients with a higher risk of money laundering and skipping over requests for proof of source of funds. The most high-profile example of this is online betting firm Betway, which was handed the biggest fine in UK gambling history—a record £11.6m ($14m). Betway was proven “inadequate” in its dealings with several clients, failing to fulfill their obligations to prevent both money laundering and problem gambling to allow £5.8m ($7m) to flow through the business, some of which was stolen money.

Lessons to be learned

Enhanced due diligence (EDD) is the ultimate defense against suspicious, high-risk and criminal users. EDD is a type of Customer Due Diligence for additional risk assessment, ranging from requests for more information to verification of sources of wealth and funds, as well as getting senior management approval before starting the business relationship.

  • EDD triggers
    Businesses use EDD triggers to help them quickly detect and thoroughly verify high-risk customers, such as PEPs.
  • Critical document assessment
    It’s important to critically assess the documents that prove source of funds and source of wealth in order to make confident decisions.
  • Clear, risk-based policies
    Another essential practice for casinos is to create clear and up-to-date risk-based policies that are tailored to their business. Casinos should control the implementation of these policies and thoroughly train their employees.
  • Compliance reports on EDD
    Again, if a business is documenting the entire EDD process, it will help them later on to prove their actions to regulators.

Mistake #6: undetected problem gambling

When gambling becomes more than just a hobby, things can go south. Customers can spend more than their income, selling property or even stealing money from  relatives to fund their next bet. And if casinos don’t monitor for signs of such behavior, they’ll be on the hook for it.

There are countless casinos who’ve failed to address addiction among their players, including: William Hill (fined £6.2m or $7.5m), Paddy Power Betfair (fined £280k or $340k), Sky Bet (fined £1m or $1.2m), Caesars Entertainment (fined £13m or $15.7m), and 32Red (fined £2m or $2.4m).

But is a fine enough to compensate for a human life? In 2017, a 24-year old English teacher committed suicide after years of severe gambling problems. His parents claim there is outrageously little public information raising awareness of the consequences of gambling addiction. Casinos can help by comprehensively informing gamers about the risks and closely monitoring their behavior for troubling signs.

Lessons to be learned

One of the biggest problems for casinos is detecting gambling addiction. Still, under UK regulations,  casinos must be able to recognize when a user spends erratically or beyond their means.

  • Upfront PoSoF verification
    Casinos must verify the source of funds of the customer upon onboarding. For all you know, a customer might be spending all of their savings.
  • Restrictions for the self-excluded
    All clients must be checked for self-exclusion. These are problem gamblers who registered themselves to avoid relapsing in moments of weakness, and casinos must prevent them from entering.
  • Addictive gambling triggers
    Casinos can set up triggers for addictive gambling patterns and other red flags. For example, this can be when users place high-outcome, high-risk  bets or chase losses.
  • Targeting the right audience
    Casinos should adjust their marketing campaigns to ensure they don’t promote to those on self-excluded lists.

For ages, casinos have been a highly popular form of entertainment with a problematic reputation. Today, we’re seeing an opportunity for things to change for the better. New legislation is promoting transparency and trustworthiness in gaming. This is evident in regulatory mechanisms preventing money laundering—a historic vulnerability of casinos—as well as responsible gaming principles that protect clients from serious losses and operators from ruined reputations and fines.

Share