Gambling with AMLD IV compliance

Gambling with AMLD IV compliance
How ready are RBACs for the new reality of anti-money laundering legislation in the EU and US?

Here we are. Exactly one year out from the Fourth EU Anti-Money Laundering Directive (AMLD IV) June 2017 deadline. This directive requires online gambling entities across the entire gambling sector (online included) to conduct customer due diligence (CDD) for customers on all transactions over £2,000. Member states are required to have new legislation in place by June 2017 that will force obliged entities to prepare for these changes and have measures in place to train staff, update policies and procedures, implement new controls, and make sure they have everything they need to implement and remediate all of the required measures.

How are you doing? If you’re like many online gambling organizations, you’re not even close, and it’s not surprising due to the complexity and scope of this challenge. The legislative frameworks require Risk Based Approach Companies (RBACs) to onboard a totally new CDD based risk strategy and identify, assess, understand and mitigate AML risk. They are being directed to construct their AML compliance procedures to counter any possible threats. RBAC companies will need to decide, and soon, whether and how to beef up their policies and internal controls.

And it’s not just the EU. Many gaming companies in the US are taking note of the need for more robust AML countermeasures as part of a proactive risk management strategy and bringing their existing AML programs into conformance with AMLD IV in the most efficient way.

Customer Due Diligence

First of all, we need to understand what CDD entails. Article 11 of the AMLD IV clearly stipulates that gambling entities must identify the customer’s identity based on real data that is collected from a reliable independent source, and among other things, conduct ongoing monitoring over the lifetime of the relationship. This monitoring must include the risk profile of the customer and determine if the transactions being made are consistent with that customer’s previous record.

Clearly, the gaming industry needs to understand players, and it’s a tough industry to do that in. A player can be running multiple legitimate accounts, a gaming addict returns, players transfer funds for valid reasons, and chargebacks can be legitimate. While these challenges are unique to online gaming, organizations can steal a popular move from the playbooks of e-commerce and banks – namely, how to tell if the user is a flesh and blood game player or not, and, also, the right flesh and blood user. In other words, how do you find the Jacks from the Kings?

A Royal Flush: Identify a genuine user with behavioral biometrics.

Identifying a customer early on in the account creation process (and even before) is where passive BB shines. By understanding a users’ behavior, you recognize automated or individual account takeover attempts in real-time. Using continuous behavioral authentication, we identify anomalous user activity at any point in the session and our clients have the option to introduce friction, or reward a good customer with a VIP experience depending on the behavior the user.

Using BB to verify the genuine user with unprecedented trust, online gaming companies won’t need to think about adding manual reviews to become compliant because they’ll already know who is behind the device.

Building a risk profile of the user and lifetime monitoring are baked in.

BB can assist companies with compliance and transitioning into the new AMLD framework by compiling hundreds of biometric signals over the lifetime of the customer. These signals can include how they hold their device, how many devices they use, how they type, their browsing behavior and hundreds of other signals to build a profile of the user. In this way the software “learns” this entity and can apply predictive modeling to determine and reduce risk.

Functioning like a “good user detector” BB filters out the bad user organically in the process of learning about good users, because the bad user is not able to mimic the hundreds of biometric signals collected over the account lifetime. They simply will not achieve a passing score when challenged.

Online gaming companies can leverage these capabilities to align perfectly with the AMLD IV because monitoring and customer profiling, without collecting PII, is baked into the architecture of a good BB solution.

Recognize the patterns

Our solution, NuDetect, uses entity linking within our cloud consortium of billions of biometric events that we process every year on behalf of all our customers. With a high degree of confidence, we determine if users are behaving like other users, or like networks, and even predict their behavior based on past behavior of others.

Scripted behavior

Creating disposable user accounts, repeating in-game actions or guessing passwords are all scripted behavior that leads to fairly efficient account based fraud. Understanding previous attacks and real-time learning from new attempts is core to user protection and minimizing support costs. NuDetect has advanced bot and script recognition. Machine learning and new pattern recognition enhances detection, perpetually improving fraud protection.

Despite efforts to thwart criminal activities such as fraudulent deposits, chargebacks, cheating, collusion and money laundering, today’s sophisticated fraud rings pose a greater threat to online gambling providers than ever before.

But the question is, will RBACs be complying with the new laws? Maybe the more important question should be “Why Wouldn’t They?” Especially when BB tools not only bring companies into compliance organically just by virtue of their architecture, but greatly enhance their ability to prevent money laundering, and reduce risk – a win-win for customers too.

Want to read more posts like this? See our full blog here.