Written by Andrew Tait
Regulation and compliance is becoming increasingly holistic in the gaming industry. Both in the UK and across Europe, new regulations are bringing the industry together in terms of process and protection for its players and operators. European jurisdictions are aligning their focus and in particular on three key issues; the General Data Protection Regulation (“GDPR”) Money Laundering and Problem Gambling. What we’re currently witnessing is the convergence of compliance in the gaming industry at an international level.
As we sit in the midst of the Fourth Industrial Revolution, the power of data could not be more prominent and the vulnerability which comes with it for both individuals and organisations, should not be taken lightly. With revenues of EUR 84.9 billion per annum, growing at 3% a year and made up of 6.8 million online customers in Europe alone, a powerful and valuable industry has been created.
The growth of the gaming industry and the speed of technology means that consumers can access greater choice in types of gaming and where they play. Consumers can find competitive rates for online gambling across-borders, which consequently means that they are subject to different jurisdictions’ legislation, regulation and risks. These are somewhat minimized by the European Commission which has been working to enhance cooperation between EEA states on all areas from administration and regulation to safeguarding and protection, but the risks are far from mitigated.
Whilst the European Commission and individual member states work hard to monitor their local gambling industries, there is no overarching European gambling specific regulation. However, with broader regulations coming in across Europe, such as GDPR, and the aligned aspirations to prevent money laundering, the industry is converging to reduce risks for the consumer and operators on a far broader scale than ever seen before in both online and land-based gambling.
The incoming GDPR promises to protect individuals to a greater degree but, it has the potential to cause a massive headache for firms across many industries, not just gambling. GDPR will require operators to be able to share the data that they hold on individuals at their request within 40 hours and, consequently, it requires a competent and efficient data centre to be able to perform these tasks. The GDPR regulation comes in to force from May 2018 and operators that have not yet developed a system for dealing with player data will need to create a manageable and consolidated central system in time or face a considerable fine if they fail to be ready for data requests or the regulator’s test.
The GDPR will introduce a mandatory notification process in the case of data breaches and will require that Data Protection Officers alert their supervisory authority and, in some cases the affected individuals, within 72 hours. The portability of this data is something which operators need to find a solution to and quickly in order to be compliant. Data may be requested for transfer either to an individual or to another gaming company and these requests must be adhered to by the firm.
How firms process this data in a portable format will be the initial challenge. It will be impossible to manage such vast quantities of customer information manually so it will require the data from across all areas of the business including customer services, finance teams, marketing and any notes made about customers (such as problem gambling and risk assessments) to be consolidated into one central data file. Whilst there may need to be an element of manual processing, an automated central database will inevitably become an integral part of the business for firms in all industries, and not just gaming.
A significant silver lining to the implementation of GDPR is its potential to highlight cases of money laundering. Operators have a duty to monitor and prevent money laundering, which in such a large industry, spanning international online and in-store activity, is a huge task. Through storing large amounts of data on players, operators will have a greater overview of what players are spending their money on: how much, how frequently and where.
The gambling industry faces a significant reputational issue according to the UK Gambling Commission’s report which found that 41% of people think that gambling is associated with crime (39% in year to December 2016) and whilst this may not be the case, regulations need to test and be seen to test gambling operators. Regulations across Europe are reflecting such attitudes as jurisdictions crack down on illegal activity and tighten security on cross-border gambling.
On 26th June 2017, the UK introduced The Money Laundering [MLR] Terrorist Financing and Transfer of Funds (Information on the Player) Regulations 2017 on the British land-based casino and remote gambling industry and transposed the EU’s Money Laundering Directive 2015 into UK law. This gave the UK the legislative structure to implement AML controls having regard to their own national risk assessment. Consequently, following a risk assessment conducted by HM Treasury, only casinos (land-based and remote) were determined to be high risk as opposed to all forms of betting and remote bingo as had previously been proposed by the Gambling Commission’s assessment published to inform the Treasury’s assessment.
The last year has seen the Gambling Commission crack down on betting firms which have been found to be lax in identifying and reporting cases of Money Laundering mostly linked to problem gambling, for example William Hill was fined £6.2m and 888 was fined £7.8m for failing to protect vulnerable customers. Firms need to be well staffed and transparent in their approach to spotting illegal activity. Informed databases like those required for the GDPR will help to illuminate not only money laundering but also problem gambling through evidence of consumer behaviour.
Regulators across the world are placing greater emphasis on the prevention of money laundering and greater obligations on operators to intervene and pre-empt problem gambling issues. There is also a long-term benefit for operators in exercising greater oversight over customer spend and behaviour If they can highlight when customers are overspending and have a gambling problem, they may well be able to moderate how much and how often a customer gambles with the result that the operator does protect such customers from harm. This will keep loyal players for longer meaning a greater lifetime value per player.
Another benefit to greater player protection and informed data on players is for marketing purposes. Greater insight on how players are spending their money can inform an operator’s approach to marketing and the most appealing offers to customers. Whilst firms must be seen to be fair in their marketing tactics, this can be a huge business benefit in understanding and promoting their market.
Tracking customers behaviour and spending is most difficult is in land-based betting shops. It is a challenge to monitor how many times a customer has placed a bet in a particular shop or how many shops they have been to within a particular time frame. Perhaps the next step is to introduce ID verification in all shops so that profiles can be monitored. Alternatively, loyalty card systems enable operators to track spending although they also have the potential to encourage gambling which may exacerbate problem gamblers.
Ultimately, there is a clear movement across the gambling industry to regulate and monitor players and their data more closely. Increasing regulation in areas such as data, money laundering, problem gaming, advertising and marketing mean that operators have a greater obligation to protect their customers. Failure to comply with regulation will come at a significant cost to operators and now is the time to get onboard. This convergence in regulation and compliance is evidence of a more united front in terms of ideals in the industry and whilst there is still more to do, this is really a significant move towards a safer and more secure industry.
Contact the Author
I have over 20 years of experience in betting & gaming, regulation & compliance, intellectual property and commercial contracts. Prior to joining Gordon Dadds regulatory solutions team in 2017, I was General Counsel & Chief Compliance Officer at Mansion Group for 10 years. My key specialisms are gambling law and regulation, compliance, governance and risk management, AML policies and procedures, IT contracts and technology licensing, entertainment and media contracts and copyright licensing, sports sponsorship agreements, ecommerce and internet law. I am a member of IMGL (International Masters of Gaming Law), GBGA (Gibraltar Betting & Gaming Association) and ICA (International Compliance Association).