Edited by Joseph Malvisini

In issue 20 of the Anti-Money Laundering Notebooks entitled “Anti-money laundering legislation: authorities, rules, and controls”, the Financial Intelligence Unit covered various regulatory areas in a broad and interesting way.

In this descriptive context there is a specific section for the gaming sector by Alessia Cassetta and Luca Baron.

The authors immediately point out that, in the latest 2018 update of the national money laundering risk analysis, the sector is considered high-risk, regardless of whether it is "legal" or outside of current regulatory frameworks, as it is a sector of great interest to criminals. Over the years, this sector has represented a source of "subsidy" for criminals.

Useful theexcursions historical with the progressive regulatory attention to the gaming sector, with the transition from Legislative Decree 56/2004, which included gaming houses among the subjects subject to the anti-money laundering legislation, to the reform of Legislative Decree 231/07, albeit with the difficulty of effective applicability in the online sector, as the lack of reference to the concession by the ADM made it difficult to implement in contexts that were too varied between the subjects authorised to operate in Italian territory and foreign concessionaires, the so-called ".com".

Legislative Decree 90/2017 marks the entry of the gaming sector, more or less fully, among the obligated entities, with the introduction of specific sector regulations.

The regulation made it possible to identify the first distinction between land-based gaming operators and online gaming operators, adding them to the operators of gaming houses.

The UIF finally reminds us, in the author's opinion, that the regulatory enforcement component is not tied to the operator's country of reference, but is subject to obtaining authorization to operate through a public concession. This is a very important, but not secondary, factor.

This aspect is relevant in connection with the recent introduction of the crime of illegal gambling, when those who operate do not have the appropriate public safety license (for land-based gambling), which presupposes the existence of a specific public concession. For the sake of completeness, this license is also mandatory for operating via a computer network.

In this case, just for the record, we note how the obligations of the online gaming license require a clear separation between online and retail operations, so much so that a series of prohibitions are foreseen (for example, the marketing of online gaming offerings in gaming shops), as reiterated by ADM in circular number 211248 of 18 May 2022.

But beyond the aforementioned issue, the UIF's report in its Notebooks is also relevant. In the gaming sector, compared to other areas involving other obligated entities, the legislator has reaffirmed the primacy of "Italian territoriality," taking the player's residence as the reference for compliance with anti-money laundering regulations. This requires gaming operators to comply with national regulations regardless of their registered office. This is an additional element compared to the authorization to operate through a public concession.

What is pleasing in reading Notebook number 20 is the UIF's improved technical knowledge of the sector, a vertical analysis that demonstrates its progressive understanding of the sector's operational areas.

The Licensees do not have, as represented by the UIF, a direct relationship with customers (it should be remembered that some Licensees directly manage points of sale and, in fact, we can consider that the relationship can be direct since the individuals who operate the gaming shop are employees of the licensee and that the legal representatives, or at most authorized attorneys, are the holders of the same public safety licenses).

Note the specific reference to operations through third parties, the operator, a private operator who operates through a contractual relationship with the concessionaire, and that "carries out the activities consisting of making gaming machines available and taking the actions necessary for their operation at the establishments in a manner compliant with the relevant regulatory requirements".

"Operators are the owners of the physical locations where gaming activities are conducted. They are responsible for providing the necessary spaces and everything needed to conduct gaming activities, in exchange for a fee. In the case of video terminals, the operator enters into a contract with the operator that supplies the equipment."

Interesting is the reference to "hall managers" and the specific authorization from the Police Headquarters in defining the names of those in charge within Public Safety licenses and how, in fact, "networks" exist between managers and different hall managers.

These aspects, with the presence of operators managing multiple gaming halls, are certainly factors that should be considered when assessing the risk of one's network. This risk is not only purely commercial and credit-related, but also involves the potential management of "parts of the network" through the use of front men. This is especially true where the presence of "mediators" is present or potentially evident (the reference here is to Chinese gaming hall managers who rely on the intermediation of individuals), and how important it is to correctly define the beneficial owner, or rather, the "real owner," of the gaming hall, regardless of the companies entrusted with the management of the gaming shops.

Another point of concern is the reference to the "operators" of gaming platforms. Unfortunately, it is highlighted that they are not direct interlocutors of the FIU and/or ADM and that, to date, they are not identified as obligated entities.

Unfortunately, this is a regulatory limitation. In fact, it would be very useful for the sector to subject them to the same anti-money laundering regulatory obligations. In particular, it would be very useful to make them "guarantors of the data" that is transmitted and managed. Indeed, the different implementation and development times for the components of the speaking ticket are well-known. The possibility of comprehensive data management is also useful, also for the purpose of agreeing with individual dealers (or even better, in an identical form for all entities using the same platforms) on common alert systems that allow for the identification of potential anomalous phenomena based on data analysis. This element would take on even greater value in the overall information capacity on operations across multiple dealers if the Platforms were also subject to the SOS reporting requirements. These considerations add to those already made by the Financial Intelligence Unit: "VLTs are managed by gaming platforms, which share all the data. These platforms are not among the obliged entities, but are considered a sort of service company and are not considered direct interlocutors of the FIU and the ADM, complicating the acquisition of comprehensive information for analyzing the proper management of gaming halls and physical locations. Including these platforms among the obliged entities, in addition to making data potentially relevant for further investigation, would allow for awareness of additional high-risk phenomena (for example, disconnection of VLT machines from the ADM's telematics network).".

The Quaderni issue recalls the rules for data retention, particularly on the physical network, differentiating between the obligation to transmit data to the licensee within the 10 days indicated by Legislative Decree 231/07 and the two-year retention period at the point of sale. On the other hand, the licensee's 10-year retention period obviously remains. The reference to the important role of the IP in identifying the operability of the gaming account is both interesting and useful: "The IP address is the information that allows us to determine whether the account holder is using different devices (PC, mobile phone, tablet) to access the account, and is widely used by all those requesting to create an account. Currently, however, its retention is only required for gaming operators. This is therefore an innovative provision regarding readily available information that could be extended to all financial transactions conducted electronically.".

With respect to identification requirements on the physical network, the role is correctly represented by the "room manager", an aspect that also allows the Authority to represent how this "first line of defense" is truly the main bulwark for identifying anomalous phenomena.

This is because not only is there a proper knowledge of the territory and customers (often also from a reputational perspective with a greater reliability than the compliance lists themselves), but also the true identification of gaming (and non-gaming) behavior.

We continue by recalling another major regulatory limitation, which I have repeatedly criticized: the lack of a Supervisory Authority in gaming. This leaves individual gaming operators free to choose the methods required to retain data, subject to compliance with the general retention provisions of the anti-money laundering legislation set out in Legislative Decree 231/01 and subsequent amendments.

The lack of specific rules regarding retention and due diligence is, in my opinion, the key factor requiring rapid intervention to date. This would allow for the adoption of common practices and approaches among operators, thus eliminating "competitive AML compliance" practices depending on the degree of rigidity of the verification systems adopted.

The analysis in the Notebooks concludes with references to customer due diligence requirements, the specific nature of online account operations (the ability to operate even without a valid document for 30 days, with the Licensee's obligation to close the account 60 days after its activation), and the reporting requirements for suspicious transactions.

This time, the UIF's focus is on the logic of identifying suspects. This is not merely associated with exceeding thresholds, but with a call for a broader analysis of the subjective (including criminal information) and objective profiles of the gambling transactions. These aspects, in conjunction with the recommendations made in the area of ​​due diligence, the collection of professional information and income, as well as risk profiling during the investigation phase, are crucial. , clearly demonstrate how the aspects of congruence between operations and economic capacity must necessarily be taken into consideration.

Of course, the final reminder is to take into consideration the behavioral patterns and indicators of anomaly issued by the UIF itself, specific to the gaming sector.

A good analysis, which highlights how technical knowledge of the gaming sector is constantly growing and encourages gaming operators to increase opportunities for information exchange and discussion with the Financial Intelligence Unit, which, to be fair, has always shown a broad openness to dialogue.