Sumsub Co-Founder & CEO Andrew Sever tells Gambling Insider how companies can avoid fines for KYC/AML violations amid an increase in regulatory focus on the sector’s compliance agenda.
Can you tell us about Sumsub, and its connections with gaming?
Sumsub is a global tech company that builds identity orchestration solutions for businesses. We are proven leaders in KYC/AML compliance across many industries, and operate in 220+ countries and territories. In the gaming and gambling industry in particular, Sumsub handles compliance with international regulations and fraud protection, enabling platforms to focus on what matters most: business development and global expansion.
Sumsub provides custom solutions for different markets. For instance, a US-based platform can perform SSN (Social Security Number) verification, conducting background checks to uncover criminal records, bankruptcies to ensure strict anti-fraud protection. Sumsub also tailors its onboarding flow to specific industries. Accordingly, Sumsub provides Proof of Address checks, with options for geo-based checks and document subtypes recognition – something especially valued by gaming & gambling clients, as it allows them to not only spot the types of documents their customers use as PoA, but also decide which document types they are willing to accept depending on their regulator’s requirements.
We work closely with gaming and gambling platforms to provide fast-paced onboarding with an average speed of 50 seconds or less. We also secure the highest conversion rates in the industry; for instance, the pass rates of our clients in the US, UK and Japan are 91.64%, 95.86% and 96.46% respectively. We also don’t charge for unsuccessful customer checks, which helps with client-side cost reduction. Sumsub currently has 2,000+ clients worldwide across different industries, including Upgaming, Rivalry, Copybet, Kaizen Gaming, Mercuryo, Moonpay, Transfergo and Binance.
What have been the most notable fines for KYC/AML violations in the gambling industry?
In recent years, European regulators, including the Gambling Commission (GC) and Swedish Gambling Authority (Spelinspektionen), have strictly supervised the AML compliance of gaming and gambling platforms. The total amount of fines issued in 2021 exceeded £40m ($46.5m). As of August, this year’s total has already exceeded £23m, indicating continuing regulatory focus on the sector’s compliance agenda.
This year’s most severe penalties include a £9.4m fine issued by the GC to 888 UK Limited – an online gambling operator with 78 websites that failed to identify players at risk of harm. 888 also failed to implement the Gambling Commission’s formal guidance on customer interaction, allowing customers to gamble with large amounts of money in absence of adequate due diligence and source of funds checks. Another example is Swedish platform Snabbare Ltd, fined £5,568,000 by the Swedish Gaming Inspectorate and issued a warning for repeatedly offering bonuses in breach of local gaming laws.
On 17 August, the GC issued a record penalty of £17m to British gambling firm Entain. Technically it wasn’t a fine, but rather a settlement that will be paid by Entain to social responsibility causes to avoid legal proceedings. The penalty was a result of the operator’s multiple “completely unacceptable” incidents and its inaction on individual customers spending hundreds of thousands of pounds. Enormous fines can permanently disrupt a gaming platform’s ability to operate, but they’re not the harshest consequence of non-compliance. Regulators can also suspend or even revoke a platform’s licence to operate, which can be an existential blow.
Why are gambling companies receiving such fines?
We’re now seeing multiple jurisdictions take the fight against irresponsible gaming, money laundering and gambling addiction more seriously. For instance, in July, the Curaçao Government confirmed its intention to tighten up regulations for the gaming industry. This means any gaming or gambling platform registered in the country is obliged to introduce proper KYC procedures by 2023 – and those who don’t will be at risk of paying fines. Such reviews of gambling laws have already taken place in several countries.
Also, the gaming industry is experiencing explosive growth and is forecast to reach €140.05bn ($139.91bn) between 2021 and 2026. And with rapid growth comes greater exposure to different types of fraud attacks.
Since gambling platforms aim to onboard more users as fast as possible, they can also neglect compliance and security requirements. The most common AML failures are connected with ineffective threshold triggers and inappropriate controls, allowing gamblers to spend big in a short period of time (without knowing anything about their financial background). We’re also seeing bigger fines due to social responsibility failures, such as companies being unresponsive to customers exhibiting indicators of harm, when they should be denying deposits, cancelling withdrawals, shortening gameplay sessions and more.
Enormous fines can permanently disrupt a gaming platform’s ability to operate, but they’re not the harshest consequence of non-compliance. Regulators can also suspend or even revoke a platform’s licence to operate, which can be an existential blow
How have compliance standards evolved over the years?
Over the past two years, the industry has evolved rapidly. For example, regulators have been advancing and expanding gaming verticals to attract new sources of income, investment and employment, while toughening up laws at the same time.
We’ve also been seeing a trend towards KYC automation, but there is still much work to be done in this direction. One obstacle to automation lies in regulator concerns over their accuracy and security, especially when such solutions don’t rely on government-managed data sources. Consequently, many gaming platforms have to perform identity checks manually – for instance, by conducting video interviews with applicants, which is costly and time consuming.
Responsible gaming is another trend that poses challenges for KYC. To evaluate the risk profile of an applicant, gaming platforms (or their KYC providers) might apply AI-based behaviour analysis solutions or collect additional customer data – which, in turn, may raise users’ concerns over privacy rights violations.
How can gambling companies avoid fines for law violations?
There is only one way to avoid fines, and that’s to stay compliant with regulations in your operating markets. This requires a strong in-house compliance and security team, as well as a partnership with a trusted, all-in-one verification provider that prevents money laundering and other fraud. In practice, even one undetected case leads to fines, unless you have robust verification policies and are able to prove that his specific case was just an exception within the margin of error.
Overall, it’s recommended that gaming businesses let regulators know that they have proper KYC checks in place for fraud protection and AML compliance, even if some of their requirements are not followed to the letter.
How common is fraud in gambling?
The prevalence of fraud in gambling depends on its type. The most common is multi-accounting (when one person owns two and more accounts, registered for fake/stolen IDs), which is used for gnoming (betting on the most probable outcomes of one game through different accounts), chip dumping (joining games from multiple accounts and deliberately losing money to one of those accounts) and bonus abuse (exploiting the bonus policy of the gambling company), which can lead to more than 50% revenue loss (Marketline, 2021).
Credit card fraud and chargeback fraud also happen quite frequently in the gambling industry. Nearly 90% of all chargebacks are considered friendly fraud, which is when fraudsters falsely claim that a purchase was made as a result of stolen payment information, initiating a chargeback. This results in direct revenue loss and payment processor fees, not to mention the reputational consequences.
Money laundering is also a problem for the industry, and the perpetrators can use the same methods mentioned above. “Dirty” money is deposited on the gambling platform, the fraudster plays one or two games and then withdraws the money, claiming it to be gambling “winnings.”
Overall, it’s recommended that gaming businesses let regulators know that they have proper KYC checks in place for fraud protection and AML compliance, even if some of their requirements are not followed to the letter
How can gambling companies protect their reputation without losing users when it comes to fraud?
Building effective KYC flows that meet the full range of regulatory requirements is a big challenge for gaming platforms. Each platform must develop a program in accordance with their gaming and market specifics. Such programs should be secure and compliant, but also fast enough to keep user conversion high.
To reduce pressure on the user, verification checks should be allocated throughout the player lifecycle. This means inserting them at the right time without hurting the onboarding process. For example, bank card verification and biometric checks can be asked after initial onboarding, at the first deposit stage or even the withdrawal stage. This way, the onboarding flow at registration is as smooth as possible, containing only basic steps that the player completes in less than a minute.
However, regulations vary country by country, and sometimes certain checks cannot be skipped. In this case, we offer advanced solutions like Geo-based Proof of Address to help speed up the verification process while ensuring compliance and a high level of security. Recently we published our first KYC guide for gaming companies in Europe, sharing detailed information on regulatory requirements and useful tips on how to build efficient user verification flow and keep onboarding rates high.
Andrew Sever has been CEO at Sumsub since he co-founded the company in 2015. He leads the company's operations, business development, sales, and global expansion. Under his leadership, Sumsub has grown from a small startup to a leading identity orchestration platform with 400+ employees, five international offices and 2,000+ clients across 220 countries and territories. The industries adopting Sumsub’s solutions include fintech, crypto, gaming, trading and transportation.
Before launching Sumsub, Andrew worked as a C-suite manager at leading IT and automotive firms. He holds a degree in theoretical physics and has previous entrepreneurial experience building neural networks.