GH GambleHub

AML Audit and Reporting

1) Objectives and context

The AML chain in iGaming covers: onboarding (KYC/KYB), sanctions/PEP/Adverse Media screening, transaction and behavior monitoring, case escalation and reporting to FIU (SAR/STR and other forms). The audit (external/internal) verifies the design and effectiveness of controls, the evidence base, and the timeliness of reporting.

2) Governorship and roles

Board/Risk Committee: annually approves EWRA (Enterprise-Wide Risk Assessment), policy and risk tolerance.
MLRO (and deputy): procedure owner, SAR/STR quality, FIU/regulator contact.
Compliance Ops/FinCrime: alert checking, case management, QA and training.
Internal Audit/External Independent Audit: independent review of the design/effectiveness of controls.
Data/Tech: Own TMS (Transaction Monitoring System), models and logs.

3) RBA (Risk-Based Approach) для iGaming

Risk factors:
  • Client: age/geo, POP/sanctions, SoF/SoW, behavioral patterns (dep/withdrawal rate, atypical amounts, multi-account).
  • Product/channel: casino/sports/live, crypto-on/off-ramp, anonymous wallets, instant payouts.
  • Geography: high risk of jurisdictions, corridors of funds transfer.
  • Providers/partners: PSPs/affiliates/aggregators.
  • Transactions: structuring (smurfing), circular flows, intermediaries (mule).

Bottom line: Client/transaction risk rate controls KYC depth, review frequency, and TMS rule sensitivity.

4) KYC/KYB, SoF/SoW and review

KYC: Identity/address verification, age, sanctions matching/PEP/Adverse Media.
KYB: beneficiaries (UBO), industry risks, sanctions on legal entities/UBO.
SoF/SoW: proof of source of funds/wealth for high-risk (statements, dividends, income, sale of asset).
Review: periodic (12-36 months) and trigger (jump in turnover, change in behavioral profile).

5) Sanctions/PEP/Adverse Media

Sanctions: initial onboarding screening and daily rescreening of all active customers and recipients of payments.
PEP: enhanced due diligence and increased frequency of reviews.
Adverse Media: negative publications on laundering, fraud, corruption; if coincidence → increased measures/escalation.

6) Transaction monitoring and behavioral control

Typical red flags are:
  • Series of small deposits → fast conversion to output (minimal gaming activity).
  • Multi-account: device/IP/payment instrument matches.
  • Rotation of funds between wallets/cards (circular routes).
  • Use of high-risk providers/jurisdictions/proxies.
  • Deposits from third parties, frequent chargeback/refusals, sharp drops/GGR growth by player.
  • For sports: betting on low-margin markets with suspicious synchronicity (match-fix red flags).

TMS rules: velocity (N transactions per X min), amount spikes, device/IP clustering, geovelocity, no-play withdrawals, split deposits, duplicate instruments.

7) Cases, Escalation and SAR/STR

Initial alert verification → data enrichment (KYC, payments, history, affiliate source, devices, geo, Adverse Media).
PR (Pre-SAR Review): MLRO solution - SAR/STR, monitor, close with a note.
SAR/STR: prepared according to local requirements (description of facts, amounts, participants, schemes, justification of suspicion, attached evidence, time line).
Deadlines: "no delay" according to local regulations; fix TAT and SLA in policy.
Tipping-off: prohibition to disclose to the client the fact of filing SAR/STR.

8) AML Audit: Coverage and Methods

Coverage: Policy/Procedures, EWRA, KYC/KYB, SoF/SoW, Sanctions/PEP/Adverse Media, TMS Models and Alerts, Case Management, SAR/STR Log, Training, Journaling, Storage, Third Parties (PSP/KYC), penetration/access tests.

Methods:
  • Walkthrough and interviews (MLRO, AML analytics, product, IT).
  • Dock review: politics, SOP, logs, reports, sampling cases (sampling).
  • Design/performance test: control tests (re-performance), backtesting TMS and calibration.
  • Model Governance: rule/threshold changes, documentation, A/B, periodic retune.
  • Data lineage - Trace fields in reports to primary systems.

Outputs: report with rating, finds (High/Medium/Low), remediation plan, timing and responsible.

9) Evidence base and storage

Journals: alerts, cases, decisions, who/when/what changed (immutability).
Artifacts: screenshots, extracts, SoF/SoW, file hashes, export from TMS, correspondence.
Retention periods: in accordance with local law (often 5 + years after the end of the relationship).
Privacy/DPA: PII minimization, legal grounds, DPIA for high-risk controls.

10) Reporting (external/internal)

External: SAR/STR in FIU; responses to requests from government agencies; periodic statistical forms (by jurisdiction).
Internal: MLRO report to board/committee - SAR dynamics, FPR (false positive rate) TMS, coverage sanctions/PEP, training, remediation status.

11) Risk Matrix (RAG)

ZoneR (critical)A (fixable)G (control)
Sanctions/PEPNo rescreeningIrregularlyDaily + after changes
TMSNo rules/tunnelingHigh FPR/dead alertsRBA model + retune + QA
SAR/STRMissing deadlines/qualityIncomplete dataSLA/TAT, checklists, QA
KYC/KYBBreaks/no SoF/SoWSpot-deficienciesRisk Stratification + Review
ProofsNo immutabilitySeparatelyCentralized Case Manager
TrainingDisposableNereg. updatingAnnual + by Role/Test

12) Checklists

Before External Audit/Audit

  • Up-to-date EWRA and risk matrix.
  • Policies/SOPs: KYC/KYB, SoF/SoW, Sanctions/PEP/Adverse Media, TMS, SAR/STR.
  • Alert/case/SAR registers, TMS change logs.
  • Case sample evidence (scans/extracts/screenshots).
  • Employee training/tests, access logs.
  • PSP/KYC vendor contracts, SLA reports.

Operational shift (daily/weekly)

  • Sanctions/PEP/Adverse Media rescreening.
  • QA 10% closed cases.
  • FPR/TPR monitoring, drift retune.
  • Monitor SAR/STR dates and deviations from SLAs.

13) Recommended registries (YAML)

13. 1 SAR/STR Register

yaml sar_id: "SAR-2025-118"
customer_id: "C-774102"
trigger: ["rapid_withdrawals","no_play","high_risk_geo"]
amounts:
deposits_total: 18500 withdrawals_total: 17200 timeline:
first_alert_at: "2025-10-21T14:22Z"
escalated_at: "2025-10-22T10:05Z"
filed_at: "2025-10-23T16:40Z"
fiU_ack_ref: "FIU-ACK-5529"
attachments: ["kyc. pdf","flows. png","device_cluster. csv"]
mlro: "a. petrova"
status: "filed"

13. 2 Register of sanctions matches

yaml hit_id: "SAN-2025-311"
subject: { customer_id: "C-660901", name: "Ivan K." }
list: ["OFAC","EU"]
match_score: 92 decision: "false_positive"
analyst: "d. koval"
closed_at: "2025-11-03"
notes: "DOB mismatch; address not matching"

13. 3 Customer Risk Profile

yaml customer_id: "C-552201"
risk_score: 78 risk_factors:
geo: "high"
pep: false adverse_media: false product: ["casino","sports"]
payment_methods: ["cards","crypto_onramp"]
behaviour: ["velocity","no_play_withdrawals"]
kyc_level: "enhanced"
review_next: "2026-05-01"
owner: "FinCrimeOps"

13. 4 TMS Rule Changes

yaml change_id: "TMS-CH-2025-044"
rule: "no_play_withdrawal_v2"
old_threshold: "withdrawal>500 & play<5 spins"
new_threshold: "withdrawal>300 & play<3 spins"
reason: "trend increase; QA findings"
ab_test: true owner: "FinCrime Analytics"
approved_by: ["MLRO","RiskCom"]
effective_from: "2025-11-10"

14) Playbooks (incidents)

P-AML-01: Structuring deposits

Alert → aggregation by device/cards/IP → SoF request → limit/pause of payments → SAR if reasonably suspected → writing to the registry.

P-AML-02: Coincidence on sanctions

Autoblock → manual verification (DOB/address/bio) → at confirmation - account closure/message to FIU (if required) → documentation.

P-AML-03: No-game conclusions

Output freezing → checking the distance between dep/output, cross-wallets, connections with accounts → SoF/explanation → SAR/closure.

P-AML-04: Crypto on/off-ramp

Chain analysis (risk tags of exchangers/mixers) → SoF (source of crypto) → limits/blocking → SAR/reporting.

P-AML-05: Suspicion of "mules "/affiliate bundles

Clustering of devices/payments → communication with the source of traffic → pause of charges to the affiliate → SAR/legal steps.

15) KPI/Metrics

SAR Timeliness (average TAT) and SLA compliance.
FPR/TPR TMS, Precision @ Top-N on Priority Alerts.
Sanctions/PEP Coverage%, Daily Rescreen%.
QA Pass Rate on closed cases.
Training Completion% by role.
Model Change Control Compliance%.

16) Mini-FAQ

When to file SAR/STR? After the formation of reasonable suspicion and within the deadlines established by the local law/regulator.
Can I tell my customer about the SAR? No, there is a prohibition on tipping-off.
Do I always need to block an account? RBA decision: risk, sanctions, withdrawal threats and local law rules.
How to reduce FPR? Rules retune, behavioral features, risk segmentation, periodic backtesting/QA.

17) Disclaimer

AML/sanction requirements and reporting formats vary by country and are updated. This material is the operational framework; check the exact dates, forms and addressees with the local regulations and instructions of your regulator/FIU.

18) Conclusion

An effective AML circuit in iGaming is not only KYC ticks, but a bunch of RBA models, live monitoring, high-quality case management and reporting discipline. A regular independent audit, evidence base and clear playbooks turn compliance into a sustainable process that protects players, business and license.

Contact

Get in Touch

Reach out with any questions or support needs.We are always ready to help!

Telegram
@Gamble_GC
Start Integration

Email is required. Telegram or WhatsApp — optional.

Your Name optional
Email optional
Subject optional
Message optional
Telegram optional
@
If you include Telegram — we will reply there as well, in addition to Email.
WhatsApp optional
Format: +country code and number (e.g., +380XXXXXXXXX).

By clicking this button, you agree to data processing.