The Fight to Comply: The Latest Tech Enabling Operators to Navigate Regulation

As igaming expands across the globe, operators need to ensure full compliance in order to establish their brand, build credibility and reap the rewards.

However, as regulation evolves so must the technology that helps operators to adhere to it. We speak to some of the sector’s leading platform providers about the latest compliance innovations and what professionals should know to navigate the challenges and opportunities that lie ahead. 

We speak with Paul Jerram, Head of Compliance at Sportingtech (PJ), Sergei Belikov, CEO of Mobinc (SB), and Chris Oltyan, CEO of Compliable (CO).

What are the most challenging aspects of compliance that the igaming sector faces today?

PJ: The word ‘uncertainty’ sums up the industry’s compliance issues aptly. This is evident if we look at UK-facing operators that are sometimes reliant on an uncertain approach to updating regulation, largely because of an outcomes-based regulation model and a hostile press that heavily scrutinises the industry’s every move. 

We’ve been told a white paper is circulating in Parliament that will provide some clarity, but this has been outstanding for far too long. Meanwhile, companies are struggling to change entire corporate cultures to deal with a minority of vulnerable customers. There’s an argument that the uncertainty caused by these regulations has actually served to harm the consumers it’s meant to protect, with operators working with multiple interpretations of unclear guidelines.

Further afield, it’s been suggested that Curaçao will introduce wide-ranging changes to its licencing regime at the end of 2022. Here, we see the same problem – operators being told about changes in regulation, but with little detail to help update processes and controls. Appropriate changes are welcome, but hopefully, Curaçao doesn’t follow a model that irreparably damages its economy and gaming sector.

SB: Combining all the factors necessary to not only be compliant but also to offer the best possible user experience in a safe environment is the single most challenging aspect of our industry. The key is identifying how certain factors affect others and working to mitigate that. For instance, Anti-Money Laundering (AML) measures should go hand-in-hand with responsible gambling controls and vice versa. In most cases, responsible gambling issues lead to AML concerns and the opposite is also true a great deal of the time. It’s impossible to be confident of the integrity of an AML system unless player safety is a priority and implemented at a high level, while also protecting sensitive data that the user provides.

Our expertise and real-time data analysis of gaming and financial transactions ensure we’re constantly on top of these challenges, but we strive to develop and improve even further as more technologies and new regulations are being applied. Automation and early risk detection tools also need to be improved upon consistently to stay ahead of threats. This enables human professionals to focus on difficult cases where their expertise is needed most.

CO: In the US, responsible gaming (RG) is, unsurprisingly, a hot topic right now and New Jersey has recently indicated that there will be changes in what they require from operators in terms of having systems that flag signs of harmful behaviour. If New Jersey is worried about something, other states are likely to follow suit and take their marching orders, so we expect to see additional requirements in the RG space.

Regulators have also recently increased their focus on cybersecurity and fraud, leading to heightened know-your-customer (KYC) requirements in some states.

When it comes to licensing, we are starting to see some markets that initially backed off affiliate licensing now revisiting it. In Ontario, for example, the regulator is now asking for industry input after seeing some infractions from affiliates where they had to go to operators to ask them to check on their partners. Where there had been a swing towards light touch regulation, the pendulum is now starting to come back, and regulators are basically saying they don’t trust the industry to police itself. Employee licensing will also remain an ongoing challenge as more states open up, as this will continue to be a requirement.

How has compliance technology evolved in recent years and how is this helping igaming businesses to navigate these challenges?

SB: The technology that allows us to make sure operators remain compliant has come along in leaps and bounds in recent years, including automatic fraud detection, geolocation services and affordability checks.

We’re also big fans of artificial intelligence, machine learning and data analysis. Recently we have been using these tools to enhance our offering significantly, enabling us to evaluate and predict risk levels with ease.

There is a great deal of companies that focus solely on these technologies, and at Mobinc we cooperate with several of them to better support our partners, increase the speed of the decision-making process, stay compliant, and save a great deal of time for human professionals.

CO: I would say it hasn’t been great, but we are finally seeing start-ups that saw an opportunity in this space gain some traction. It has been slow going and I think the regulatory environment in the US is a large reason for that. It’s hard to come into this space with new tech and not stomp on regulations that will get you to shut down or sued. We are also seeing bigger and more established companies that provide regulatory services starting to expand their offerings.

This creates an attractive value proposition for operators as it’s better to manage one contract with a company that offers a number of services rather than working with several suppliers. Similar to how I think the sports betting market will constrict over the years, vendors and suppliers that offer reg tech solutions are going to cater to more needs to tap into additional chunks of the compliance budgets. Tech can be very helpful to navigate the compliance minefield but the barrier to entry in the US is very high.  

PJ: Compliance-facing technology has evolved exponentially over the past several years in the licensed gaming industry, particularly in identifying a minority of vulnerable consumers. However, it often seems like this technology is doing more harm to the growth of the sector than good. The need for extensive ID verification, affordability checks, AML procedures, and safer gaming solutions has created a great deal of friction in the onboarding process.

Here, again, we see uncertainty caused by regulations harming the customers it’s designed to protect, with operators working to multiple interpretations. This creates unnecessary difficulties for consumers and locks out many that are incorrectly labelled as vulnerable.

In which parts of the world is a third-party compliance partner most necessary now? Why is that the case?

CO: I would say the US because we are 50 different countries with as many regulatory regimes and no significant federal overlay. We also still have new opportunities opening up which makes the US even more attractive as we have green fields for people to come into and get first mover advantage. When operators enter North America, they are not just looking to be active in one state, which makes it more complicated. The overall volume of regulations and items to keep track of is high in the US, which creates significant challenges with getting operations approved and in the ongoing running of the business. Every additional jurisdiction offers a new opportunity for revenue but also additional risk for missing one of many different regulatory reporting requirements and getting into trouble.

SB: The UK tends to be the most demanding market as far as compliance goes. The amount of details businesses are expected to know about their players is enormous and the compliance regime is very tough, setting quite a high bar for the industry. This is mostly due to affordability checks and a single customer view approach. But changes are apparently incoming via the UK’s Parliament, so hopefully, those will serve to make the market more hospitable. 

However, regardless of positive or negative changes, gaming companies that follow the rules, pay attention to AML procedures and invest in education and awareness campaigns promoted by regulators are invariably more trustworthy in the eyes of their players. It’s been our experience that the public is infinitely more likely to start an account with a well-regulated operator and it’s not difficult to see why – players naturally want to make sure that their funds are safe and not in the hands of an operator that might abuse or swindle them.

PJ: Some jurisdictions are more complex than others. This is especially the case in newly regulated markets where a company needs to be quick and agile to remain compliant. Businesses entering the online space in LatAm and Africa are good illustrations of this. Sportingtech recently supplied 888AFRICA with a platform solution in Tanzania, Mozambique, Kenya and Zambia, and all these territories come with their own different and diverse regulatory authorities. Each country has its own tax rate and differences in the way they need to be presented. For instance, the Tanzanian regulator insists upon software that tracks transactions as they are made so they can be verified later.

Details like these are not set in stone, they’re constantly shifting and evolving. This can be a lot to contend with for operators going it alone, so it is advisable to choose the right partner to help navigate peculiarities like these in order to remain compliant. 

The risk to personal data has increased exponentially in recent years, what additional steps need to be taken to ensure this information remains safe? 

CO: Without federal regulation on data security and privacy for individuals, this is a major concern in the US. There are consistent efforts to introduce data laws but passing any federal law is currently very difficult and a lot is left to the states, making this matter thornier and thornier. Just as with gaming regulations, if there end up being different data protection laws state-to-state, compliance will become extremely difficult, particularly for large online operators running a multinational business. 

These challenges will then require a significant investment of either manpower or technology, particularly where the goalposts keep moving. Recently, the UK suggested that GDPR was going to be replaced with another data protection standard, thus obviating the enormous effort undertaken to respond to the GDPR requirements to date. If there are similar personal data protection laws passed at the state level in the US, it will be challenging to say the least.  

SB: As we transition into the digital world, everything we do online creates a detailed footprint with the risk factor growing as this information can be used by criminals in an ever-growing number of ways. The steps to protect against this are similar to those in any other security or safety arena – education, self-control, regulation and enforcement.

We need to educate and teach businesses and people about the risks and the best ways to mitigate or minimise them. People and businesses should wield this education to exercise self-control and be aware of the threats and know how to avoid them. We don’t leave keys in our cars overnight and the same care needs to be taken in a digital landscape. Operators need to make sure that all regulations are up to date, and none of these safeguards works if this kind of crime and negligence isn’t punishable.

PJ: The operators that I’ve worked for have quite rightly always done their utmost to protect personal data. Achieving internationally recognised standards such as ISO27001, WLA SCS and GLI certification helps to demonstrate the lengths that operators go to in order to do so. This has helped operators to remain focused on the significance of cybersecurity within ever-changing regulatory environments. Crucially, businesses need to be nimble when it comes to adapting their practices to constant market and regulatory changes. An advisable step would be to partner with a flexible platform provider that has experience in operating within multiple regulatory landscapes.