Prof. Michael Levi, Professor of Criminology at Cardiff University has written a report on his conclusions following a study of money laundering and its implications for the online gambling industry.
The report is available on the egba.eu website, and is worth reading due to its notes on prevention.
The professor observes that while it’s not a realistic policy goal for governments in a free society to eliminate money laundering risks altogether, there are ways to reduce them to a tolerable level.
He suggests that regulation is one of these, ensuring operators undergo a ‘fit and proper person’ test before receiving a licence, and preventing people with links to organised crime and terrorist groups from owning what could be vehicles for laundering.
Regulatory strategies have additionally encouraged online gaming companies to develop a set of procedures to reduce integrity risks.
Professor Levi argues that in a regulated sector, the risks and amounts associated with online gaming are modest in comparison to other sectors.
This is due to the high traceability and transparency of online gaming transactions, as well as the customer identification controls that make money laundering unattractive.
Online gaming companies licensed and regulated in the EU have chosen to comply with the Third EU Directive for the prevention of money-laundering and, in addition, apply complementary codes of conduct.
“A review of recent literature shows that online gaming does not significantly feature directly in the recent published threat assessments of Europol and other European policing organisations, or in their policing priorities,” the Professor notes.
“To date, generalised and understandable expressions of concerns by Europol and by the Financial Action Task Force about money laundering risks posed by the Internet have not been accompanied by evidence of significant laundering via online gaming.”
Potential areas of risk are mitigated by the deployment of a suite of tools by regulated online gaming companies. These tools may vary over time in order to combat any risks in a proportionate manner.
However, the report concludes that there is scope for improvement in controls over fraud and laundering. Regulators need to be vigilant:
(i) about the levels of private sector resourcing of anti-fraud/anti money laundering (AML) efforts, without which risks would rise; and
(ii) achieve consistency between themselves in terms of AML requirements.
Professor Levi lists the risks and responses around money laundering in the online gambling milieu as follows:
Risks
Online gaming firms can credit winnings or unused funds back to an account other than the one on which the original bet was made: an issue which gaming firms share with other business areas.
The use of ‘front people’ through whom to run gaming transactions.
Peer to peer games, where value transfers can occur between both electronic and human players as a result of deliberate losses, at a relatively low cost to the players.
Payment in (and out) via other financial intermediaries which are regulated for AML purposes, but where Know Your Customer tools are of modest or variable quality.
Responses
Know Your Customer Checks (KYC) — Proving that the information provided in an application or transaction is correct, namely that a person actually exists and resides where they say they do.
Location mismatches — rules looking at a customer’s physical location (and from where they are logging in) and their telephone number to identify any anomalies.
Hotlists — Referencing information (devices, IP addresses, credit cards, debit cards, etc) to both internal and external databases of stolen cards or compromised data (though the latter depends on the depth of coverage of those databases); and checking against EU and other Politically Exposed Person and nominated terrorist lists.
Transaction Limits — Use of limits to minimise the attractiveness of a business to fraudsters, thus reducing the value they can derive from one unique set of compromised information.
Unusual data and betting patterns — Looking for unusual changes of personal information on accounts or betting patterns.
Associations — Looking for links between cards, bank accounts, IP addresses, devices and personal
data.