GH GambleHub

AML Audit and Reporting

1) Objectives and context

The AML chain in iGaming covers: onboarding (KYC/KYB), sanctions/PEP/Adverse Media screening, transaction and behavior monitoring, case escalation and reporting to FIU (SAR/STR and other forms). The audit (external/internal) verifies the design and effectiveness of controls, the evidence base, and the timeliness of reporting.

2) Governorship and roles

Board/Risk Committee: annually approves EWRA (Enterprise-Wide Risk Assessment), policy and risk tolerance.
MLRO (and deputy): procedure owner, SAR/STR quality, FIU/regulator contact.
Compliance Ops/FinCrime: alert checking, case management, QA and training.
Internal Audit/External Independent Audit: independent review of the design/effectiveness of controls.
Data/Tech: Own TMS (Transaction Monitoring System), models and logs.

3) RBA (Risk-Based Approach) для iGaming

Risk factors:
  • Client: age/geo, POP/sanctions, SoF/SoW, behavioral patterns (dep/withdrawal rate, atypical amounts, multi-account).
  • Product/channel: casino/sports/live, crypto-on/off-ramp, anonymous wallets, instant payouts.
  • Geography: high risk of jurisdictions, corridors of funds transfer.
  • Providers/partners: PSPs/affiliates/aggregators.
  • Transactions: structuring (smurfing), circular flows, intermediaries (mule).

Bottom line: Client/transaction risk rate controls KYC depth, review frequency, and TMS rule sensitivity.

4) KYC/KYB, SoF/SoW and review

KYC: Identity/address verification, age, sanctions matching/PEP/Adverse Media.
KYB: beneficiaries (UBO), industry risks, sanctions on legal entities/UBO.
SoF/SoW: proof of source of funds/wealth for high-risk (statements, dividends, income, sale of asset).
Review: periodic (12-36 months) and trigger (jump in turnover, change in behavioral profile).

5) Sanctions/PEP/Adverse Media

Sanctions: initial onboarding screening and daily rescreening of all active customers and recipients of payments.
PEP: enhanced due diligence and increased frequency of reviews.
Adverse Media: negative publications on laundering, fraud, corruption; if coincidence → increased measures/escalation.

6) Transaction monitoring and behavioral control

Typical red flags are:
  • Series of small deposits → fast conversion to output (minimal gaming activity).
  • Multi-account: device/IP/payment instrument matches.
  • Rotation of funds between wallets/cards (circular routes).
  • Use of high-risk providers/jurisdictions/proxies.
  • Deposits from third parties, frequent chargeback/refusals, sharp drops/GGR growth by player.
  • For sports: betting on low-margin markets with suspicious synchronicity (match-fix red flags).

TMS rules: velocity (N transactions per X min), amount spikes, device/IP clustering, geovelocity, no-play withdrawals, split deposits, duplicate instruments.

7) Cases, Escalation and SAR/STR

Initial alert verification → data enrichment (KYC, payments, history, affiliate source, devices, geo, Adverse Media).
PR (Pre-SAR Review): MLRO solution - SAR/STR, monitor, close with a note.
SAR/STR: prepared according to local requirements (description of facts, amounts, participants, schemes, justification of suspicion, attached evidence, time line).
Deadlines: "no delay" according to local regulations; fix TAT and SLA in policy.
Tipping-off: prohibition to disclose to the client the fact of filing SAR/STR.

8) AML Audit: Coverage and Methods

Coverage: Policy/Procedures, EWRA, KYC/KYB, SoF/SoW, Sanctions/PEP/Adverse Media, TMS Models and Alerts, Case Management, SAR/STR Log, Training, Journaling, Storage, Third Parties (PSP/KYC), penetration/access tests.

Methods:
  • Walkthrough and interviews (MLRO, AML analytics, product, IT).
  • Dock review: politics, SOP, logs, reports, sampling cases (sampling).
  • Design/performance test: control tests (re-performance), backtesting TMS and calibration.
  • Model Governance: rule/threshold changes, documentation, A/B, periodic retune.
  • Data lineage - Trace fields in reports to primary systems.

Outputs: report with rating, finds (High/Medium/Low), remediation plan, timing and responsible.

9) Evidence base and storage

Journals: alerts, cases, decisions, who/when/what changed (immutability).
Artifacts: screenshots, extracts, SoF/SoW, file hashes, export from TMS, correspondence.
Retention periods: in accordance with local law (often 5 + years after the end of the relationship).
Privacy/DPA: PII minimization, legal grounds, DPIA for high-risk controls.

10) Reporting (external/internal)

External: SAR/STR in FIU; responses to requests from government agencies; periodic statistical forms (by jurisdiction).
Internal: MLRO report to board/committee - SAR dynamics, FPR (false positive rate) TMS, coverage sanctions/PEP, training, remediation status.

11) Risk Matrix (RAG)

ZoneR (critical)A (fixable)G (control)
Sanctions/PEPNo rescreeningIrregularlyDaily + after changes
TMSNo rules/tunnelingHigh FPR/dead alertsRBA model + retune + QA
SAR/STRMissing deadlines/qualityIncomplete dataSLA/TAT, checklists, QA
KYC/KYBBreaks/no SoF/SoWSpot-deficienciesRisk Stratification + Review
ProofsNo immutabilitySeparatelyCentralized Case Manager
TrainingDisposableNereg. updatingAnnual + by Role/Test

12) Checklists

Before External Audit/Audit

  • Up-to-date EWRA and risk matrix.
  • Policies/SOPs: KYC/KYB, SoF/SoW, Sanctions/PEP/Adverse Media, TMS, SAR/STR.
  • Alert/case/SAR registers, TMS change logs.
  • Case sample evidence (scans/extracts/screenshots).
  • Employee training/tests, access logs.
  • PSP/KYC vendor contracts, SLA reports.

Operational shift (daily/weekly)

  • Sanctions/PEP/Adverse Media rescreening.
  • QA 10% closed cases.
  • FPR/TPR monitoring, drift retune.
  • Monitor SAR/STR dates and deviations from SLAs.

13) Recommended registries (YAML)

13. 1 SAR/STR Register

yaml sar_id: "SAR-2025-118"
customer_id: "C-774102"
trigger: ["rapid_withdrawals","no_play","high_risk_geo"]
amounts:
deposits_total: 18500 withdrawals_total: 17200 timeline:
first_alert_at: "2025-10-21T14:22Z"
escalated_at: "2025-10-22T10:05Z"
filed_at: "2025-10-23T16:40Z"
fiU_ack_ref: "FIU-ACK-5529"
attachments: ["kyc.pdf","flows.png","device_cluster.csv"]
mlro: "a.petrova"
status: "filed"

13. 2 Register of sanctions matches

yaml hit_id: "SAN-2025-311"
subject: { customer_id: "C-660901", name: "Ivan K." }
list: ["OFAC","EU"]
match_score: 92 decision: "false_positive"
analyst: "d.koval"
closed_at: "2025-11-03"
notes: "DOB mismatch; address not matching"

13. 3 Customer Risk Profile

yaml customer_id: "C-552201"
risk_score: 78 risk_factors:
geo: "high"
pep: false adverse_media: false product: ["casino","sports"]
payment_methods: ["cards","crypto_onramp"]
behaviour: ["velocity","no_play_withdrawals"]
kyc_level: "enhanced"
review_next: "2026-05-01"
owner: "FinCrimeOps"

13. 4 TMS Rule Changes

yaml change_id: "TMS-CH-2025-044"
rule: "no_play_withdrawal_v2"
old_threshold: "withdrawal>500 & play<5 spins"
new_threshold: "withdrawal>300 & play<3 spins"
reason: "trend increase; QA findings"
ab_test: true owner: "FinCrime Analytics"
approved_by: ["MLRO","RiskCom"]
effective_from: "2025-11-10"

14) Playbooks (incidents)

P-AML-01: Structuring deposits

Alert → aggregation by device/cards/IP → SoF request → limit/pause of payments → SAR if reasonably suspected → writing to the registry.

P-AML-02: Coincidence on sanctions

Autoblock → manual verification (DOB/address/bio) → at confirmation - account closure/message to FIU (if required) → documentation.

P-AML-03: No-game conclusions

Output freezing → checking the distance between dep/output, cross-wallets, connections with accounts → SoF/explanation → SAR/closure.

P-AML-04: Crypto on/off-ramp

Chain analysis (risk tags of exchangers/mixers) → SoF (source of crypto) → limits/blocking → SAR/reporting.

P-AML-05: Suspicion of "mules "/affiliate bundles

Clustering of devices/payments → communication with the source of traffic → pause of charges to the affiliate → SAR/legal steps.

15) KPI/Metrics

SAR Timeliness (average TAT) and SLA compliance.
FPR/TPR TMS, Precision @ Top-N on Priority Alerts.
Sanctions/PEP Coverage%, Daily Rescreen%.
QA Pass Rate on closed cases.
Training Completion% by role.
Model Change Control Compliance%.

16) Mini-FAQ

When to file SAR/STR? After the formation of reasonable suspicion and within the deadlines established by the local law/regulator.
Can I tell my customer about the SAR? No, there is a prohibition on tipping-off.
Do I always need to block an account? RBA decision: risk, sanctions, withdrawal threats and local law rules.
How to reduce FPR? Rules retune, behavioral features, risk segmentation, periodic backtesting/QA.

17) Disclaimer

AML/sanction requirements and reporting formats vary by country and are updated. This material is the operational framework; check the exact dates, forms and addressees with the local regulations and instructions of your regulator/FIU.

18) Conclusion

An effective AML circuit in iGaming is not only KYC ticks, but a bunch of RBA models, live monitoring, high-quality case management and reporting discipline. A regular independent audit, evidence base and clear playbooks turn compliance into a sustainable process that protects players, business and license.

Contact

Get in Touch

Reach out with any questions or support needs.We are always ready to help!

Start Integration

Email is required. Telegram or WhatsApp — optional.

Your Name optional
Email optional
Subject optional
Message optional
Telegram optional
@
If you include Telegram — we will reply there as well, in addition to Email.
WhatsApp optional
Format: +country code and number (e.g., +380XXXXXXXXX).

By clicking this button, you agree to data processing.