Anti-money Laundering, or AML, is a well-known term and one that applies to a number of industries. Due to the predominantly cash-based nature of the gaming industry, AML has long been an area that Regulatory Authorities focus on. Most, if not all, Regulatory Authorities would agree that AML detection procedures and processes need to be implemented by all gaming operators, be they land-based or online. However, the regulations that those operators must adhere to vary not just because of jurisdictional or legislative differences – they vary due to the regulatory style employed.
Regulatory style refers to the way in which the regulations are written. There are three commonly-used regulatory styles: Prescriptive, Risk-based and Objective-based. Each have their pros and cons, their detractors and proponents, and each have an impact on the overall effectiveness of regulated areas such as AML programs.
The Prescriptive regulatory style was, for a very long time, the way the majority of regulators crafted their regulations. The term Prescriptive means that the regulation explicitly states what is and what is not allowed. The speed limit posted on a highway is a form of Prescriptive regulation. A 60 KM/hr speed limit states that this is the maximum speed allowed. Go over this speed, and depending on the country, you risk getting caught by a camera, or a radar-wielding police officer, and paying a fine.
One of the major pros of using Prescriptive regulations is that they are specific. There’s little room for interpretation, and operators know exactly what they need to do to be in compliance with the regulations. One of the major cons is that they are too rigid. As technology changes and innovation occurs, Prescriptive regulations may inadvertently prohibit their use – not because they’re illegal, but because they just were never foreseen by regulators. Short-staffed and budget-challenged Regulatory Authorities cannot keep up with the pace of technology, and are then accused of slowing progress, prohibiting innovation, and stifling industry growth.
Some Regulatory Authorities, wanting to be good industry partners, determined that a new regulatory style was needed – one that was much more flexible than the Prescriptive style, and one that would remove the Regulatory Authorities as an obstacle. The result was the Risk-based approach to regulations. The term Risk-based means that the regulations describe generally what is and what is not allowed. Using the same speed limit analogy, the Risk-based approach to speed limits would state “Drivers must drive at a safe speed”. What that speed is depends on the amount of risk the driver wants to take. The slower the driver, the less risk while the faster the more risk. Since there is no prescribed speed limit, it is up to the traffic authority to determine if a motorist is going too fast, exhibiting risky behaviour and therefore issue them a fine.
One of the major pros of Risk-based regulations is that they are broadly worded and therefore much less likely to inadvertently prohibit new technologies or innovations. The flip-side is that operators are left to guess what will or won’t be deemed as acceptable by Regulators, as well as what will or not result in a fine. Exacerbating this uncertainty, Regulatory Authority leadership, and therefore the level of scrutiny towards regulations, changes. What operators believed was an acceptable amount of risk according to one Regulator may no longer be the case. Depending on the Regulator, this discovery may come in the form of a hefty fine. Operators also complain that they don’t know what the rules are – they just have a sense for what is loosely required, but the real rule-making is left to them. So too is the risk!
Objective-based regulations are seen by some regulators as a more pragmatic approach and one that eliminates the biggest cons of both Prescriptive and Risk-based regulations. Objective-based regulations define the outcome that is required, what some refer to as the ‘what’. Sticking with the speed limit analogy, the Objective-based approach to speed limits would be not to have limits, but to indicate that no speed-related traffic accidents are allowed. The objective is clearly stated – no speed-related traffic accidents – how fast the motorist drives or their risk tolerance is irrelevant. What matters is the outcome. If an accident were to occur and the motorist was deemed to have caused it due to excessive speed, then a fine, or worse, may be levied against them.
A major pro for Objective-based regulations is that regulatory objectives tend to remain more static and are minimally impacted by new technology or innovation. It provides clarity in terms of what the operators will be held accountable for, regardless of their or the current Regulatory Authority’s appetite for risk. However, Objective-based regulations are not as broad as Risk-based regulations and therefore will require vigilance on the Regulatory Authority’s side to ensure that the objectives remain valid in light of new technologies and innovations.
In October, the International Association of Gaming Regulators held its annual educational conference, this time in Melbourne, Australia. Regulatory delegates from North America, Europe, Africa, and Asia gathered to exchange ideas, discuss common issues, learn about new approaches, and identify solutions that other regulatory colleagues have implemented which may meet with success in their jurisdiction. The three regulatory styles were in full display at this event. The tone of the room, body language, and overall reaction of the attendees provided another point of insight as to which of these styles curries regulatory favour.
Without disclosing which jurisdiction’s delegate said what, I’ll paraphrase what was said relative to these styles.
One speaker sought to differentiate the regulatory approach they are going to take from that of their predecessor. They emphasized a need to be a strong activist as a regulator and to monitor the Operators, identifying areas and instances wherein the risk they took was more than the regulators believed was appropriate. The result would be swift and significant fines due to a legislative change that made the monetary fines higher, and therefore more impactful. Seemingly incongruous to their prior statements, the speaker also said that they wanted to partner with the operators and the industry.
Another speaker explained that they worked collaboratively with the operators and suppliers in their jurisdiction to enact regulations that met the legislative requirements without overburdening the industry. They explained that their regulations and requirements sought to be clear and achievable, regardless of volume, revenues, or other measures of size. In their view, the evidence that a licensee had crossed the line would be irrefutable based on the clarity they provided and that a fine would be easily justifiable. Their approach was not one or the other of the regulatory styles but a combination, depending on what they believed fit the area to which it was being applied the best.
The third speaker emphasised how they made a very conscious decision to move away from Prescriptive-based regulations to Objective-based ones. The reasons cited were what one would expect – for example, it took too long to change Prescriptive regulations if technology or innovation required such changes. They too spent time soliciting input from the industry and they found that clarity was what the industry truly wanted — in essence, a defined target, whether that was an objective or a rule. The speaker also explained that the move to Objective-based regulations was needed, as the size of the gaming market had grown substantially, while the regulatory budget had not kept up. Due to this, there was no way they could keep up both with providing oversight and keeping abreast of, let alone getting ahead of, new innovations.
These different approaches based on the broad definitions of these regulatory styles was discussed by a group of several regulators at a break-out session. The subject used to highlight the differences was Anti-Money Laundering. Specifically, they debated how these approaches would impact AML related policies, processes and procedures as operators looked to comply with the regulatory requirements.
In the world of Prescriptive regulation, the Regulatory Authority specifies transaction amounts that must be logged, the reporting that must be done as thresholds are met, the investigation that must be performed, and the documentation that must be kept. From an Operator’s perspective, these might be onerous requirements, but they are known, reasonable to understand, and operational steps can be implemented to comply. The downside is that the thresholds established may be out of date. They may be too low, generating useless hours of investigation and documentation with little real value added. This is the case in several jurisdictions where the monetary amounts have not been substantially changed in decades, even while the amounts of money wagered and the ways in which they are wagered have changed drastically. The result is that Regulators think that they have an AML program in place – which is true, but it’s just not a very effective one.
In the Risk-based model, the operator is free to determine the amount of risk they are willing to take, the amount of risk they are willing to tolerate related to monetary transactions, and to investigate and report only those transactions that exceed the boundaries of that tolerance. The downside of this type of model is that it segregates operators into those that can afford the risk and those that can’t. For those that can afford it, the money they can make by keeping the risk tolerance at the far end of the high scale is usually much more than the amount of the regulatory fine they might incur. They can also argue their case for what they believe is an appropriate amount of risk, potentially mitigating the fine amount. On the other hand, operators that cannot afford the risk are faced with taking a much more risk-averse approach. This uneven approach to AML does not deliver on what the Regulatory Authority was seeking to achieve.
The Objective-based approach, simply and clearly states that any money laundering event is unacceptable. This approach reduces the pressure on smaller operators who can now focus their efforts on preventing money laundering instead of modulating their risk based on the potential for regulatory fines. However, this approach does not address large operators or bad actors, who will continue to push the envelope and may accept that some money laundering may slip through the cracks, but are able to withstand the fines levied. The Objective-based approach eliminates any excuses or debates related to risk. If money laundering occurs, it is a clear violation and may result in a fine, legal proceedings, and in the most egregious of situations, potentially loss of license.
In our world, many actions taken have unintended consequences. The type of regulatory style used and the way in which regulations are implemented may not only reduce the overall effectiveness of the regulations, they may also incentivise behaviour that may be contrary to the expected results. In Georgia, the Regulatory Authority has taken a middle-of-the-road approach, balancing some prescriptive-based with some objective-based requirements. Their goal was to provide operational clarity – the ’what’ – while still allowing operational flexibility – the ‘how’ – as much as possible. The growth of the gaming industry in Georgia is potentially seen as a nod towards this pragmatic regulatory approach. However, as I’ve said in previous articles, the regulatory framework in Georgia is a journey, and one that has just begun. More gaming means more transactions and more opportunities for issues – inadvertent or intentional – to occur. The Regulatory Authority will need to balance the need for supporting this industry’s growth, with having robust protections for critical areas such as AML. As revisions to the regulations and technical requirements are contemplated, the success of one regulatory style versus the others will play a role in how those revisions are worded.