GH GambleHub

AML and KYC Reporting

1) Purpose and coverage

Objective: to provide reproducible, verifiable and timely AML/KYC reporting for all jurisdictions and partners (banks, PSPs, KYC/KYB providers), reduce the risk of penalties/blockages and strengthen control functions.
Coverage: Player and Partner Onboarding (KYC/KYB), Sanctions/PEP, Transaction Monitoring, EDD, SAR/STR, Funding Sources (SoF/SoW), RG Signals, PII Storage and Access, Incidents and Notifications.

2) Classification of reports and frequency

1. Regulatory: reports on onboarding, sanctions/PEP alerts, SAR/STR, complaints, measures taken.

Frequencies: monthly/quarterly; Incident reports - on time (e.g. ≤72 hours)

2. Banks/PSP: transaction volumes, chargebacks, suspicious patterns, EDD cases.

Frequencies: weekly/monthly, ad hoc on request.

3. Internal: KRIs/KPIs, KYC funnels, FPR/FNR, SLA providers, AML case statuses.

Frequencies: daytime dashboards, weekly committees, monthly retrospectives.

4. Vendors/outsourcing: quality and SLA of CUS/sanction providers, fault tolerance, false positive.

Frequencies: monthly, quarterly reviews.

3) Single data structure (minimum fields)

Cubject (player/partner): subject_id, type (player/partner), country, age status (18+), risk_score, kyc_level, pep_flag, sanctions_flag, soe/sow_status.
Документы KYC: doc_type, doc_number_hash, issuer_country, expiry_date, liveness_passed, verification_provider, verification_result, confidence_score.
Транзакции: tx_id, ts, amount, currency, method, psp, device_id, ip_geo, velocity_flags, rule_hits[].
Алерты AML: alert_id, rule_id, severity, reason_codes[], owner, status, opened_at, closed_at, action_taken (EDD/SAR/STR/block/none).
Санкции/PEP: list_version, hit_type (sanctions/pep/adverse media), match_score, disposition (true/false positive), reviewer_id.
PII access log: actor, action (view/export/delete), dataset, ts, purpose, ticket_id.

💡 Requirement: data_lineage field for each reporting set (source → transformation → consumer), schema versioning.

4) KRIs/KPIs for reporting

KYC:
  • KYC pass rate, KYC fail%, Liveness dropout%, Avg TAT (min/hr), FPR/FNR models.
Sanctions/PEP:
  • Hit-rate for 1k onboarding, FPR%, Dispo TAT, share of secondary checks.
AML/Transactions:
  • Alerts per 10k tx,% escalation in EDD, SAR/STR per 10k active, Conversion alert→action.
Vendors and SLAs:
  • Provider uptime, average latency API,% retrays, share of unavailability> X min.
Data quality:
  • % of required fields skipped, duplicates, otchet↔bukhuchet discrepancies, success rate of daily ETL.

5) Quality control and reconciliation

DQ rules: not null/format/ranges/references; SLA by correction.

Reconciliation:
  • Onboarding registers vs KYC provider,
  • Transactions DWH vs PSP reports/bank,
  • SAR/STR registry vs sent messages,
  • Sanctions lists version N vs N-1 (deltas).
  • Provability: download hash sums, clearing logs, immutable logs (WORM/object storage).

6) Standard report forms (templates)

6. 1 AML/KYC Regulatory Summary (monthly)

IndicatorValueΔ to last monthThresholdStatus
New onboarding48,210+7%
KYC fail %11. 2%+1. 3 p.p.12%
Sanctions/PEP hit-rate2. 1%+0. 4 p.p.3%
Alerts per 10k tx37−5≤50
EDD share of alerts14%+ 2 p.p.≤20%
SAR/STR filed28+6
Avg TAT (KYC)9. 6 min−1. 1≤12

Violations/incidents: 0 critical, 1 average (KYC provider latency 18 min).
Action taken: fallback activated, velocity rules updated.

6. 2 Report to Bank/PSP (monthly)

Volume of deposits/withdrawals through payment channels, chargeback rate, suspicious patterns, list of blocked accounts/devices (hashes), EDD/hold measures.

6. 3 Internal Sanctions Report/PEP (weekly)

WeekOnboardingHit-rate %FPR %Dispo TAT (м)List version
2025-W4311,9822. 09. 142OFAC 2025. 10. 21 / EU 2025. 10. 18

7) Workflow (SOP) and RACI

7. 1 SOP: Monthly Regulatory Report

1. Start ETL T + 1 02:00 → 2) DQ Validation → 3) PSP/DWH Reconciliation → 4) PDF/CSV/JSON Preparation → 5) Legal Review → 6) Signature/Submission → 7) Archive/Hash/Journal.
RACI: Responsible — Compliance Analyst; Accountable — Head of Compliance; Consulted — Legal, DPO, Payments, Security; Informed — C-level.

7. 2 SOP: SAR/STR

Triggers (rule/machine-learning/manual), EDD check, solution (file/not), file, receipt confirmation, registry update, follow-up (hold/block/message to bank/regulator).

7. 3 SOP: ICC/Sanctions Incident

FPR> threshold or SLA degradation → incident bridge → inclusion of second provider → rule calibration → incident report (TTR/cause/measures).

8) Automation: architectural circuit

Collection: CDC/stream with prod-DB, webhooks CUS/sanctions, PSP-SFTP, log-collectors.
Хранилище: Data Lake (RAW → CURATED), DWH (reporting marts: aml_alerts, kyc_events, sanctions_hits, psp_recon).
Processing: orchestrator (Airflow/Argo) with SLA/Retras, policy-as-code for aggregates.
SOAR: playbooks for SAR/EDD, auto-escalation at thresholds, tickets and notifications.
Data directory/lineage: automatic generation of diagrams and dependencies, report versions.

9) Aggregations and example implementations

9. 1 SQL example (pseudo)

sql
-- Sanctions/PEP weekly hit-rate with FPR
SELECT date_trunc('week', screening_ts) AS week,
COUNT() FILTER (WHERE hit = true) 100.0 / COUNT() AS hit_rate_pct,
COUNT() FILTER (WHERE hit = true AND disposition = 'false_positive') 100.0
/ NULLIF(COUNT() FILTER (WHERE hit = true),0) AS fpr_pct
FROM sanctions_screenings
WHERE screening_ts >= current_date - interval '90 day'
GROUP BY 1
ORDER BY 1 DESC;

9. 2 JSON-diagram of SAR/STR unloading (simplified)

json
{
"report_id": "SAR-2025-000128",
"filed_at": "2025-11-01T10:42:12Z",
"subject": {"id":"player_9f4a", "country":"EE", "risk_score":82},
"transactions": [{"tx_id":"T123", "amount":950.00, "currency":"EUR", "ts":"2025-10-28T21:10:00Z"}],
"reasons": ["velocity_withdrawals", "device_cluster"],
"actions": ["hold","EDD","bank_notification"],
"attachments": ["/evidence/aml/SAR-2025-000128.pdf"],
"confidentiality":"restricted"
}

10) Thresholds and escalations (benchmarks)

Sanctions/PEP hit-rate:> 3% - escalation; FPR%:> 12% - calibration incident.
KYC fail%:> 15% day - enable fallback/VIP manual flow.
Dispo TAT:> 48 h - redistribution of cases and prioritization of high-value.
SAR/STR per 10k active: jump> × 2 to the median - urgent revision of rules/campaigns.
ETL success: <99% - cause analysis, SRE/Compliance report.

11) Storage, access and audit

Retention: reports and registers - at least X years (set by policy); SAR/STR - as per jurisdiction (usually longer).
PII control: minimization of fields, pseudonymization of subject_id, access according to the principle of least privileges, mandatory audit logs of views/exports.
Export: recipient whitelists; all uploads are signed and hashed; WORM storage for final versions.

12) Change Management (Change/CAB)

Changes in reporting metrics/rules pass CAB: business description, impact on KRIs, test samples, A/B on sandbox, inclusion date, rollback plan.
Versioning of reports: report_version, changelog, comparative tabs (v-1 vs v).

13) Vendors and contractual obligations

Before onboarding: due diligence (sanctions/PEP on beneficiaries, ISO/SOC2, DPIA/DTIA, DPA/SCCs).
In operation: quarterly SLA checks, test alerts, log reconciliation, fixing sub-processors.
Offboarding: revocation of keys/accesses, deletion/return of data, closing act and report on the completeness of deletion.

14) Roles and interactions

Head of Compliance (A): approval of reports, risk appetite.
Compliance Analyst (R): collecting/validation/verification/formation of reports.
DPO/Legal (C): legality of processing, notifications.
Payments/FRM (C): transactions, chargebacks, anti-fraud.
Security/SRE (C): incidents, accesses, logging, ETL stability.
Data/BI (R): models, showcases, dashboards.

Support/VIP (I) RG/EDD Case Communication

15) Dashboards and visualization (minimum widgets)

KYC Funnel: registration → KYC init → pass/fail → SoF/SoW passed.
Sanctions/PEP: hit-rate/FPR/TAT, list version, proportion of secondary checks.
AML Alerts: By Rules/Segments/Regions; conversion alert→action; EDD share.
SAR/STR: dynamics of filings, reasons, share by payment methods.
SLA providers: uptime, latency, retrai, incidents.

DQ&ETL: errors, omissions, pipeline successes, quality "traffic light."

16) Report completion checklist

  • Generated dataset with lineage and schema versions
  • DQ validations and reconciliations completed
  • Confirmed KRIs/KPIs and thresholds
  • Legal/DPO Review Complete
  • Signed/cached/archived
  • Sent to addressees, delivery logs saved

17) Applications (templates)

17. 1 SAR/STR card (register)

ID, date, subject, countries/methods, amount, reasons (rule_ids), EDD measures, decision, file date, confirmation, responsible, links to evidence.

17. 2 KYC Monthly Report Template (CSV)


month;country;onboardings;kyc_pass;kyc_fail;avg_tat_min;liveness_dropout_pct;provider_sla_uptime;notes
2025-10;EE;14320;12688;1632;9.6;3.1;99.92;fallback activated 10/21

17. 3 Sanctions Report Template/PEP (CSV)


week;onboardings;screened;hits;fpr_pct;dispo_tat_min;list_ofac;list_eu;list_uk
2025-W43;11982;11982;252;9.1;42;2025-10-21;2025-10-18;2025-10-19

TL; DR

Stable AML/KYC reporting = standardized data schema + rigorous DQ/reconciliations + understandable KRIs/KPIs and thresholds + ETL/SOAR automation + transparent RACI and storage/audit. This reduces regulatory risks, accelerates responses to threats and maintains the sustainability of the iGaming business.

Contact

Get in Touch

Reach out with any questions or support needs.We are always ready to help!

Start Integration

Email is required. Telegram or WhatsApp — optional.

Your Name optional
Email optional
Subject optional
Message optional
Telegram optional
@
If you include Telegram — we will reply there as well, in addition to Email.
WhatsApp optional
Format: +country code and number (e.g., +380XXXXXXXXX).

By clicking this button, you agree to data processing.