What the AML4 Directive means to iGaming operators

The gaming industry, in particular the remote gaming industry, is undergoing a paradigm shift in the way it complies with EU regulations, after a comprehensive update to the regulatory framework.

EU Directive 2015/849, better known as the 4th Anti-money Laundering directive (AML4) came into force in June this year, and is intended to remove ambiguities relating to the legal position of the gaming industry. It also makes a number of recommendations to member states. As of 26 June, all EU member states were required to have implemented the new directive – a far more complex set of obligations than its predecessor.

Before AML4, iGaming operators weren’t explicitly dealt with under the AML directive, however most member state’s local authorities still made certain AML procedures obligatory to their licensees. In most cases these requirements were relatively simple, if expensive, to satisfy. Under AML4, however this has changed drastically. The risk assessments required of the Fourth Directive are of an entirely new intensity and could prove to be a step too far for some iGaming operators.

So what is changing?

In order to fulfill these new obligations, iGaming operators will need greater in-house expertise in order to compile a full risk profile for each of their customers, as well as to change their application of AML according to the various risk approaches identified, instead of a one-size-fits-all approach.

Operator’s reactions to the new Directive have been mixed, and initially some are even expected to cease operating in the EU as a result. However, the situation is expected to stabilise once AML4 becomes the norm.

Creating and implementing a company-wide anti-money laundering program has become a requirement which will demand advance planning to execute successfully. Taking a proactive approach to the planning and implementation of AML strategies, policies, and other requirements is advised.

Changes to Customer Due Diligence (CDD) include the following:

  • iGaming operators, as providers of gambling services are obliged entities and therefore subject to all requirements of obliged entities
  • As an obliged entity, an annual compliance report must be filed with the regulator
  • CDD is required by casinos where customers wish to bet or collect winnings of €2,000 and over, whether carried out in a single transaction or over several transactions
  • In the event where verifying the identity of the customer has not been conducted for other reasons previously, this will indicate the checkpoint at the lifetime total of €2,000 in the account
  • An AML program including policies, training, record keeping, on-going monitoring, and risk assessments to determine the level of due diligence is likely to become a factor for review by the relevant competent authority

Emphasis on a risk-based approach

The Directive emphasizes a risk-based approach to money laundering at every level, in particular the level of due diligence required on customers and business partners/suppliers. Each operator will need to thoroughly identify and assess which transactions and which geographical areas represent the highest risk.

Some other requirements that must be included in a complete AML strategy are as follows:

  • Assigning a qualified MLRO (Money Laundering Reporting Officer)
  • Staff training which covers an awareness of the provisions of the Directive, recognition of potential money laundering activities, and how to proceed in such a case
  • Having a suspicious action/transaction reporting procedure
  • Appropriate due diligence measures on the identification of customers, partners, suppliers,
  • A special emphasis on the identification of UBOs (Ultimate Beneficial Owners)
  • Having a clearly defined Customer Acceptance Policy

Reaching beyond EU borders

These requirements will need to form part of an Anti-Money laundering strategy, irrespective of whether the license jurisdiction of the company is Malta, UK, US, or any other EU member state. Companies with majority-owned subsidiaries located in other countries, where the minimum AML requirements are less strict than those of the Member State, must implement the requirements of the Member State at those subsidiaries.

Technological flexibility

AML4 allows operators to use technology in a more flexible manner in order to fulfill their obligations. One way it does this is by allowing the use of video conferencing as part of the Know Your Client (KYC) procedure, which was previously not permitted. This could have the effect of incentivizing operators to become fully compliant.

A step towards pan-EU iGaming regulation

Notwithstanding the clearly daunting challenges of initial implementation, AML4 will almost certainly end up a part and parcel of the regular operation of any iGaming company. Although there is still no clear central standard, nor a single application of these requirements for the iGaming industry, the promulgation and implementation AML4 may lead to a more uniform approach by the national regulators.