September 2009 – Money-laundering risks and online gaming: time to dispel the myth?

In his latest report, Prof Michael Levi, Professor of Criminology at Cardiff University looks at the extent of money laundering risks in the online gaming industry


While it’s not a realistic policy goal for governments in a free society to eliminate money laundering risks altogether, there are ways to reduce them to a tolerable level. Regulation is one of them, ensuring operators undergo a ‘fit and proper person’ test before receiving a licence, and preventing people with links to organised crime and terrorist groups from owning what could be vehicles for laundering.

It has also encouraged online gaming companies to develop a set of procedures approved by regulators to reduce integrity risks. This begs the question, how plausible it is that a significant amount of laundering would occur via online gaming in a regulated sector?

This report argues that in a regulated sector, the risks and amounts associated with online gaming are modest in comparison to other sectors. This is due to the high traceability and transparency of online gaming transactions, as well as the customer identification controls that make money laundering unattractive. Online gaming companies licensed and regulated in the EU have chosen to comply with the Third EU Directive for the prevention of money-laundering and, in addition, apply complementary codes of conduct.

A review of recent literature shows that online gaming does not significantly feature directly in the recent published threat assessments of Europol and other European policing organisations, or in their policing priorities. To date, generalised and understandable expressions of concerns by Europol and by the Financial Action Task Force about money laundering risks posed by the Internet have not been accompanied by evidence of significant laundering via online gaming.

Potential areas of risk are mitigated by the deployment of a suite of tools by regulated online gaming companies:

  • Online gaming firms can credit winnings or unused funds back to an account other than the one on which the original bet was made:  an issue which gaming firms share with other business areas.
  • The use of ‘front people’ through whom to run gaming transactions.3. Peer to peer games, where value transfers can occur between both electronic and human players as a result of deliberate losses, at a relatively low cost to the players.
  • Payment in (and out) via other financial intermediaries which are regulated for anti money laundering (AML) purposes ,but where Know Your Customer tools are of modest or variable quality.
  • Know Your Customer Checks (KYC) — Proving that the information provided in an application or transaction is correct, namely that a person actually exists and resides where they say they do.
  • Location mismatches — rules looking at a customer’s physical location (and from wherthey are logging in) and their telephone number to identify any anomalies.
  • Hotlists — Referencing information (devices, IP addresses, credit cards, debit cards, etc) to both internal and external databases of stolen cards or compromised data (though the latter depends on the depth of coverage of those databases); and checking against EU and other Politically Exposed Person and nominated terrorist lists.
  • Transaction Limits — Use of limits to minimise the attractiveness of a business to fraudsters, thus reducing the value they can derive from one unique set of compromised information.
  • Unusual Data and betting patterns — Looking for unusual changes of personal information on accounts or betting patterns
  • Associations — Looking for links between cards, bank accounts, IP addresses, devices and personal data.

These tools may vary over time in order to combat any risks in a proportionate manner. There is no doubt that there is scope for improvement in controls over fraud and laundering. Regulators need to be vigilant: (i) about the levels of private sector resourcing of anti-fraud/AML efforts, without which risks would rise; and (ii) achieve consistency between themselves in terms of AML requirements.

Please see link to the full study.