Regulation in gaming - a client interview with Kira Mendelsohn from Playtech
We spoke to Kira Mendelsohn, the Social Responsibility and Compliance Attorney at Playtech, the world's largest online gaming software supplier. Kira has pioneered Playtech's adoption of Arachnys' D3 product to enhance their Anti-Money Laundering and Counter Financing Terrorism processes - Playtech may be in the gaming industry, but it certainly does not gamble with its own reputation, compliance and responsibility-based risk.
Playtech is the largest online gaming software supplier traded on the London Stock Exchange Main Market, offering cutting-edge, value-added solutions to the industry's leading operators. Since Playtech's inception in 1999, its approach has focused on the continual development of best-of-breed gaming products and content, and its success was built on strong partnerships with licensees.
State of the industry
Arachnys: What's your opinion on the development of AML practice in the gaming industry?
Kira Mendelsohn: "The industry has in the whole had solid and effective procedures in place for AML and CFT. There is a lot of work and gap-analysis to be done within companies to make sure that everything is adhered to for the EU's Fourth Anti-Money Laundering Directive but the contents of the regulation are not surprising and are not something that is new and unusual. What is changing is that the industry is now beginning to work closer together to ensure that we align, find best practice together and that we mitigate AML or CFT collectively and not in silos."
On the importance of this work, why do you think gaming is potentially a very attractive place for money launders?
"Recent reports have shown that online gambling is a lower risk compared to other sectors. Due to the fact that transactions are not face-to-face, however, this makes our industry high risk. The ability for potential launderers to move money internationally at a fast pace within a regulated market and into the financial sector makes the industry attractive to them."
On challenges and solutions
Could you describe your AML process?
"I can't provide any specific details, as it's commercially sensitive. But do we have in place procedures for robust checks on players, carried out both internally and using external tools such as Arachnys. Furthermore, we base triggers in our systems on what has been identified as potential behaviour for concern and then take action accordingly."
It seems to me that there must be significant challenges as an online operator complying with laws across international borders. Is this the case? What are the biggest pain points of day-to-day compliance issues in this space?
"One large challenge we face is that each country has, and can provide, varied forms of information and documentation on individuals and companies that may not include the information that is required. The ability to use open source information therefore limits what an organization can use and therefore the requirement to use a third party tool to assist in this is essential."
The Fourth EU Anti-Money Laundering Directive has named, for the first time, gambling operators as being within its remit. How much will this affect the industry? Could you give some hypothetical examples of how you see people changing their organisations?
"Although this is the case, most organizations in the industry already have a robust and effective policy and procedure for AML or CFT. These have been required under the majority of the jurisdictions where an entity is licensed. With the Fourth EU Anti-Money Laundering Directive, organizations will need to ensure they utilize the most robust tools and have in place stringent policies and procedures that are understood and embraced by all members in the company at every level. The consequences of not having this in place will be more far reaching."
Do you think this is the start of more legislation to cover these issues in gaming specifically? What should companies that know they don't currently have good enough processes in place do?
"There is a general trend internationally in better and more robust regulation in combatting crime, not just in the industry. The UK Gambling Commission are currently reviewing the legislation regarding crime in gambling and this is currently out for consultation. For operators who do not have in place policies and procedures that are sufficient to meet AML or CFT regulation, they need to engage with the board and stakeholders and ensure they are all aligned as a first step. They need to then begin a risk assessment of their business and services and do a gap analysis of what they have. Following that, they need to begin building a strong policy and procedure whilst ensuring that good solid training is rolled out to the company."
The view from Arachnys
We're glad to see that the regulation is getting more specific with the Fourth Anti-Money Laundering Directive - where there are potentially grey areas in regulation in terms of coverage as well as potentially grey areas in terms of requirements, it is much more likely that firms will waste time and resource carry out potentially pointless or inefficient processes beyond what is needed from a risk-reduction perspective. It's nice to hear Kira's inside view from the gaming industry that already many firms have set processes before the regulation has specifically detailed this area as high risk.
An example search with Arachnys D3
We thought it may be useful to run through a hypothetical example of how we would tackle onboarding new customers in a way that minimizes risk through a simple workflow. This may not be the only workflow you use - for example, if you were to see a very high value or unusual transaction go through, it may be worth running a check at that stage too.
Important to note - this is just an example search to illustrate the general idea of how it's possible to use Arachnys' technology to improve the compliance and risk reduction process in the gaming industry specifically.
Step 1 - Design the workflow to include the particular steps to satisfy regulatory requirements
First, you set up a workflow to screen your inquiry subjects against. Here is an example workflow you might choose - it thoroughly covers many areas of potential risk for an initial entity check. Here we choose to check PEPs, watchlists, most wanted, sanctions lists, an adverse media search and litigation records as a basic check on a new example customer signing up to a gaming website:
Step 2 - Set up reports for the specific entities that need checking, and assign this to someone in your team
Here we use an example - imagine that Altaf Khanani has just signed up to gamble on your site. We've chosen him as an example because of this arrest. Make sure you pick the workflow that you just set up, so this person will get checked against the list of curated sources you selected in the steps above.
Step 3 - Now an analyst will run through the workflow:
Firstly, there are no PEP results:
Next, we see there are no results in the watchlists:
Phew! The International most wanted step also finds no mention of him:
However, very importantly, we pick up that the OFAC sanctions list and OFAC SDN list bring up data that we can flag up as an analyst and put a comment:
An adverse media search brings up many relevant hits in Afghanistan, Pakistan, UAE and Bangladesh media sources with the various stages of Altaf's arrest, details about his license revocation and the offence itself - which an analyst may well want to flag up, star or leave a comment on:
The automatic side of the litigation check brings up no results, but you can inspect some sources manually (ie a few seconds of work to grab more data, potentially - you can get us to do this for you via our data concierge service, or you can choose to do it yourself - in either case, Arachnys' technology will keep it within the audit trail for this report):
The final section gives a chance to write an executive summary for the audit trail:
Step 4 - Automatic audit trail and report output
As is so important, all of the quick steps above have been captured into a neat audit trail. You may never look at it, you may review it from time to time - the point is that it's always there should you need it. It stores a snapshot of the individual pages that our technology discovered so even if the websites change you have a permanent record of the original information. The report then goes on to include snapshots of the sections of websites or sources where the entity was mentioned.
We hope this gives a lot more insight into our technology and how it can help in the gaming industry specifically - if you'd like to speak to us you can book a date and time here; we're always more than happy to work out if we could be a good fit for your organization.