Over the last several years, regulatory expectations around customer due diligence in gaming have started changing in noticeable ways. Source-of-funds scrutiny is increasing. Regulators are placing greater emphasis on broader customer understanding, stronger investigative rationale, and more defensible decision-making around customer risk.  Compliance teams are also facing growing pressure to balance stronger AML controls against customer experience concerns, particularly in premium player environments where intrusive outreach or poorly timed escalation decisions can create meaningful commercial consequences.

Customer intelligence is becoming operationally necessary in ways that many legacy compliance workflows were never originally designed to support.

As a result, many gaming organizations are starting to rethink how investigations happen altogether. Investigators are increasingly conducting media checks, reviewing public records, analyzing gaming behavior, and assembling broader customer context earlier in the investigative lifecycle, often before formal escalation decisions even occur.

That shift reflects something larger happening across the industry. Customer intelligence is becoming operationally necessary in ways that many legacy compliance workflows were never originally designed to support.

Recent regulatory guidance reinforces that direction. FinCEN’s AML modernization proposals place increasing emphasis on whether programs are “reasonably designed,” a standard that goes beyond checkbox compliance and asks whether an organization can demonstrate that its risk assessment processes, investigative resources, and monitoring coverage are meaningfully calibrated to the actual risk profile of its customer base. That frame has real implications for how gaming organizations document their decisions. Nevada regulators have similarly emphasized stronger source-of-funds scrutiny and the need to move beyond superficial compliance reviews in higher-risk environments.

Most operators already understand where the industry is heading. The challenge is that the operational realities underneath many gaming compliance programs were built for a very different era of investigative scale.

The Scale Mismatch Inside Gaming Compliance

Across the gaming industry, the number of enhanced due diligence investigations being conducted annually is often remarkably small relative to the size of the customer populations being managed.

A regional gaming operator generating several hundred million dollars in annual gaming revenue may complete fewer than 100 formal EDD reviews in a year. Mid-sized operators may conduct a few hundred. Even some of the industry’s largest organizations, managing millions of active players annually, may only complete around 5,000 enhanced due diligence investigations across their entire customer base.

On its face, 5,000 investigations may sound substantial. Operationally, it is. But when measured against millions of active customers, increasingly complex source-of-funds expectations, recurring SAR activity, high-risk jurisdictions, transactional anomalies, and broader regulatory scrutiny, the scale mismatch becomes difficult to defend.

That challenge exists both externally and internally. Examiners expect programs to demonstrate that they are genuinely risk-based, while compliance leaders are increasingly expected to show that risk management extends beyond a small population of outlier high-spend players.

This does not mean gaming operators are ignoring AML obligations or intentionally under-investigating. In most cases, compliance teams are working within operating models shaped by very real constraints: limited staffing, fragmented systems, expensive investigative workflows, guest friction concerns, and historically limited investigative tooling. But it does raise a difficult question the industry is beginning to confront more directly: how can organizations operate genuinely risk-based AML programs if they only have the capacity to deeply investigate a very small percentage of the overall customer population?

The Economics Behind Investigative Scarcity

The answer becomes easier to understand once you look at how investigations are actually performed inside many gaming organizations.

A single enhanced due diligence review can consume several hours by the time investigators review gaming activity, transactional behavior, adverse media, public records, business affiliations, property ownership, prior alerts, source-of-funds indicators, and internal notes spread across multiple systems. In many environments, investigators are still manually assembling fragmented information into a coherent narrative before an escalation decision can even be finalized.

That workload becomes difficult to scale quickly, particularly when organizations may have only a handful of investigators responsible for reviewing large player populations across multiple properties or jurisdictions.

As a result, many gaming compliance programs evolved around what was operationally manageable. Organizations focused investigative resources on narrower customer segments, relied on more conservative escalation thresholds, and concentrated formal EDD efforts on the most obviously high-risk cases because broader investigative coverage was difficult to sustain economically.

In many organizations, "risk-based" gradually became capacity-based.

That operating model made practical sense for a long time. The problem is that operationally manageable and broadly risk-informed are not necessarily the same thing. Risk-informed would require something that traditional investigative models were never really built to deliver: consistent, scalable visibility across the full customer population, not just the subset that crossed a spend threshold or triggered a manual review. That gap is where the industry’s currently compliance challenge is taking shape.

When “Risk-Based” Becomes Capacity-Based

One of the more important dynamics emerging across the industry is that many organizations have historically interpreted “risk-based” programs through a heavily operational lens.

In practice, that often meant defining monitoring populations around thresholds the organization could realistically absorb from an investigative workload perspective. One operator, for example, monitored fewer than 10 percent of customers annually despite many millions of active players because of how its monitoring qualification thresholds were structured. On paper, those thresholds may have appeared reasonable. Operationally, they helped contain investigative volume. But they also significantly narrowed visibility into the broader customer population.

This is where the distinction between risk-based and capacity-based starts becoming important.

When investigation capacity becomes the constraint, risk visibility becomes the compromise.

If the number of alerts, escalations, and investigations an organization can realistically perform is heavily constrained by manpower and workflow limitations, then monitoring thresholds and escalation models inevitably become influenced by operational survivability rather than purely by comprehensive risk visibility. That does not mean organizations are acting irresponsibly. In many cases, teams are making rational decisions within the constraints they have historically been given. But it does create a situation where large portions of customer risk may remain only lightly assessed because the economics of deeper investigation work have historically been difficult to support at scale.

That tension becomes more significant as expectations around source-of-funds reviews, affordability assessments, and broader customer understanding continue to increase.

Customer Intelligence Is Moving Earlier Into the Workflow

One of the more noticeable operational changes happening across the industry is that investigators are increasingly trying to build customer context before formal escalation decisions occur.

In many environments, analysts now conduct media checks, review public records, examine related entities, analyze gaming behavior, and assess broader customer context while alerts are still in the triage phase. Historically, much of that work may not have started until after a formal escalation decision had already been made.

That shift is happening partly because organizations are trying to improve investigative prioritization, but also because unnecessary guest friction carries real operational and commercial consequences. Asking customers for source-of-funds documentation or escalating cases prematurely without sufficient context can damage player relationships, particularly in premium customer segments.

Unnecessary guest friction carries real operational and commercial consequences.

The result is that contextual customer intelligence is increasingly becoming part of frontline investigative decision-making rather than something reserved only for formal EDD workflows.

At the same time, the traditional investigative function remains critically important. Back-office diligence teams still carry responsibility for deeper investigations, source-of-funds reviews, escalation decisions, and regulatory defensibility. The challenge is that the scale of investigative expectations is beginning to outgrow what traditional manual workflows can realistically support.

Rethinking the Economics of Investigation

This is why the conversation around technology is becoming much broader than simple automation. The issue is no longer just how to complete investigations faster. It is whether organizations can realistically achieve the level of customer understanding regulators increasingly expect without fundamentally changing the economics and scalability of investigative work itself.

Regulatory expectations are outgrowing the economics of traditional investigation models.

There is probably no perfect operating model here, and most organizations are still trying to determine what the right balance looks like between customer experience, investigative depth, staffing realities, and regulatory expectations. But one thing is becoming increasingly difficult to ignore: many of the industry’s historical investigative models were built around investigative scarcity.

The next phase of gaming compliance will likely require something different. Organizations will need broader visibility into customer risk, more scalable investigative workflows, and stronger contextual understanding across a much larger portion of the customer population than many legacy operating models were originally designed to support.

The organizations that adapt successfully will not necessarily be the ones conducting the highest number of investigations, but the ones capable of understanding customer risk with far greater context, consistency, and scalability than the industry has historically been able to achieve.

Ready to start adapting your approach? Kinectify is currently enabling companies to reduce AML friction with 25 FREE checks.

‍

‍