Anti-Money Laundering and Keeping Online Gaming Crime Free26th February 2008Gambling Compliance: Executive Forum Leon ThomasHead of Regulatory Compliance and MLRO
Financial Risks • Cost of Investigations & Inefficiencies • Staff costs • Revolving door of new accounts • Reputation & Cost Impact • Player trust & attrition • Shrinking deposits and deposit amounts • Lower share price/valuation • Higher Payment Processing Costs • Chargeback losses
Legal Risks • Regulation: Comply or Die • Regulated by the Third Money Laundering Directive • Licence Conditions from UK, Alderney Gibraltar & Malta operators • Industry Association Best Practice Codes • Definition and Practicality • “Dirty money” being used to obviscate the source of funds • Money must already have been “laundered” • No cash is taken, only bank/credit card deposits Identity Theft Fraud Money Laundering Cheating Chip Dumping Tax evasion Credit Card Fraud
Anti-Fraud ToolBox Internal Tools & Settings Verification Solutions Analysis/Engaging with Stakeholders Trained & Dedicated Staff
eGaming AML Policy Systems and Controls • Appoint a trained MLRO independent from revenue generating departments • Senior Management take responsibility • Regular Reports of AML Compliance • Customer facing departments are trained in AML detection • Over 400 staff have mandatory online annual training • Risk based internal fraud/AML systems are implemented • Suspicious Activity Reporting procedures • Sanctions matching checks
The Framework of Prevention Processes/Policies Tools
Compliance Culture Risk/Fraud Investigations Payments Customer Service Marketing MLRO Compliance Legal Executive
Identity verification UK Player Submits Name Address, date of Birth, Telephone number Level 3 Manual Customer is not registered and is requested To submit copy of Govt issued ID No Level 1 URU Cross Checks a number of data sources to find a match Customer is Registered in Party Cashier Mortality Data Electoral Roll (Over 18) Directory Enquiries (Over 18) Credit Data (Over 18) Yes Level 2 URU Player Submits Driving Licence or Passport Number
Telephone Verification Establishing the customer exists by verifying telephone number and other non-biographical information magnifies the identity footprint of a customer
E-Verification Pros • Verification footprint is more accurate than a documentary snapshot • Triangulation of different methods can produce an identity risk score • Real time verification is consumer friendly • Financial Services industry trusts this methodology Current Limitations • Restrictive/Anti-competitive data protection practices • Banks & other Internet companies do not share data outside of their industry • Control of personal information • Parents must monitor their children’s access through ISP parental controls devices such as Cyberpatrol (http://www.cyberpatrol.com) • Documentary proof has a higher intelligence value
Risk Analysis • Ongoing Risk Assessment of Product Risk • Peer to Peer Games • Poker/Backgammon (high) • Betting Exchange (high) • House Games • Sports Betting (low) • Casino (low) • Review of Transactions • Payment Options • Chargebacks/Fraud • Audit • Compliance audits • Quarterly Payment Security Standards Compliance
Is e-gaming a real risk? Is e-gaming a real risk? • Lessons from instances where e-gaming firms have been victims • Cybercriminals are patient, persistent, intelligent and IT literate • A perfect audit trail is good intelligence value for the police • Trained staff are able to assist investigations • Other industries affected: Bank, IT and Credit Card companies • Anti-fraud systems make e-gaming sites unprofitable • No definitive quantum of the extent of laundering in our sector • Average bet size tend to be small • Perfect audit trail of all transactions • Enrolment occurs at financially regulated institutions eGaming is low risk and is already going further than most. How do we know?
Working to improve things further • Proactively engaging a leading criminologist to produce: • Typologies of online gaming fraudsters • Quantify approximate sums of criminal fraud • Produce industry analysis of reports made to authorities • Industry and Cross-Industry Forums • European Gaming Betting Association Compliance, RGA Anti-Crime • Anti-Money Laundering Europe • Financial Action Task Force Casino Working Group • European Sports Security Association • CyberCrime Arrest Policy • Close liaison with police to secure arrests • Fraud Database managed by regulators/authorities • Closed forum share ideas/SARS experiences with police, regulators
FATF recommendations Questions: 3rd MLD • No mention of e-Gaming within the 3rd MLD directive • Licensed e-Casinos are covered. Unlicensed? • What about e-poker? e-sports? • Definition of CDD for an e-gaming company • Entry: or • Deposit threshold of EUR 2000 • No mention of withdrawal • UK: when a customer hits the threshold in 24 hrs • Alderney: 48 hours
Questions: 3rd MLD • Why can’t we reasonably rely on the fact a customer has entered using a payment method from an institution which is regulated? (Article 14) • Will the 3rd MLD be uniformly adopted? • UK Guidance • Differs to Alderney guidance • Gibraltar Guidance • In the pipeline • Malta • Progress? • Italy • Different Suspicious Activity Reporting • FATF Casino working group guidance the last hope?
Governments need to engage with the industry • The industry is already leading the charge on fighting Cyber-crime • Governments can do more; • Use regulations as a stick to beat criminals • Urge ALL e-commerce firms to adopt to good standards and work with the authorities • Make third-party databases available to improve KYC procedures • Cyber-fraud is not an egaming issue: it is an e-commerce one • Regulations should be extended to cover all e-commerce transactions (ebay, amazon etc). • Third MLD formalises our position of compliance • eGaming has taken the lead in e-commerce and we continue to work with the right stakeholders to KEEP CRIME OUT!