FinCEN’s new AML/CFT proposal matters to every BSA-covered financial institution, but for the gaming industry, the most important point is simple: It is a signal that regulators want AML programs judged less by process and more by whether they actually work.

That shift matters because modern gaming no longer fits inside a static compliance model. Risk now moves across casinos, sportsbooks, iGaming platforms, payments, remote onboarding, and loyalty programs. A program built for periodic review and manual workflows will always struggle to keep up with a business where customers, products, channels, and transaction patterns change constantly.

FinCEN intends to push the industry toward a more dynamic, risk-based model that expects organizations to identify risk across verticals, and to update their risk assessment processes when there are material changes. For gaming organizations, that is a much better fit for reality than the legacy model many teams are still working around.

The real change is not policy. It is operating model.

The easiest way to misread this proposal is to think that it is simply about rewriting and updating AML policies and documentation. It’s bigger than that. FinCEN is effectively saying that a defensible AML program should be able to adapt as the business changes, direct resources toward higher-risk activity, and show that controls are aligned to actual financial crime exposure.

In gaming, that is a major shift. Gaming organizations launch new products, enter new jurisdictions or open new properties, add payment methods, expand mobile features, and adjust player acquisition strategies all the time. If the risk assessment remains a static annual exercise, compliance will always lag behind the business.

The technology angle is the real story

While the proposal is not a direct mandate to buy new software or technology, it makes one thing increasingly hard to ignore: Manual, disconnected compliance programs are becoming harder to defend. If gaming organizations are expected to understand risk across channels, then they need systems that can connect those channels. If they are expected to update their risk view when the business changes, then they need technology that can detect those changes and translate them into workflow. If they are expected to focus more attention on higher-risk activity, then they need tools that can separate meaningful risk from operational noise.

That is why the proposal’s discussion of innovation matters. FinCEN explicitly points to tools such as machine learning, generative AI, digital identity, blockchain analytics, and APIs as examples of technology that may improve financial crime detection and response. For gaming organizations, that is a strong signal that technology isn’t just a way to make compliance more efficient; it is becoming central to what an effective AML program looks like.

Why this lands differently in gaming

Gaming organizations know better than most that risk rarely shows up in one clean workflow. A player may appear low-risk in one part of the business and much higher-risk when player behavior, transaction activity, visitation patterns, account linkages, or cross-channel activity are viewed holistically.

A fragmented compliance stack cannot see that clearly. One team may see payments, another may see account or transaction behavior, another may see KYC and diligence reviews, and none may have a complete view of the player. Under a more effectiveness-focused rule, that kind of fragmentation becomes harder to explain. The issue is no longer whether required components exist on paper but whether the program can actually connect the dots.

Casinos should pay attention to what FinCEN removed

One of the more interesting parts of the proposal is that FinCEN would remove older casino-specific language about using automated programs where automated data processing systems exist. That does not mean technology matters less. It simply means FinCEN seems less interested in whether a gaming organization can point to a narrow form of automation, and more interested in whether the overall AML program is designed appropriately for the organization’s real risk.

The right question is not whether a casino has an automated tool somewhere in the process, but whether its data, workflows, governance, and investigative processes work together to identify and respond to financial crime risk across the business it runs today.

The winners will be the ones who can explain their program

Another important signal in the proposal is that risk-based judgment matters. For gaming organizations, that means the strongest programs will be the ones that can explain why they monitor what they monitor, why they escalate what they escalate, and why their resources are focused where the real risk sits.

That is where technology becomes essential. A modern gaming AML program should do more than create work. It should create context. It should help give compliance teams the necessary sightlines across verticals, identify meaningful risk faster, and make defendable decisions.

Effective compliance now depends on visibility, integration, and intelligent workflow design. For casinos, sportsbooks, and iGaming operators, that is the real message of this rule. Technology is no longer adjacent to AML effectiveness. It is a core part of it.

‍

ABOUT THE AUTHOR

Derek Ramm, Global Head of Advisory Services

Derek has extensive experience in the compliance and financial intelligence fields, and has brought his expertise to both the public and private sectors, providing him with a unique and well-rounded perspective to business challenges. Prior to joining Kinectify, Derek served as the Director of Anti-Money Laundering at the Alcohol and Gaming Commission of Ontario, where he led the agency's AML regulatory oversight initiatives in the gaming, horse racing, liquor and cannabis industries. Derek was previously the Managing Principal at MT>Play, an advisory venture of McCarthy Tetrault that provided strategic advice to gaming organizations and governments around the world. He has also held senior roles at Canada's federal financial intelligence unit (FINTRAC), the Ontario Lottery and Gaming Corporation, and was the chief anti-money laundering officer at one of North America's largest independent investment management firms. He was also appointed by the Government of Bermuda to serve as a Commissioner on the Bermuda Casino Gaming Commission.

ABOUT KINECTIFY

Kinectify is an intelligence and risk management technology company serving gaming operators. Kinectify's modern AML platform empowers clients to efficiently manage risk with real-time intelligence so they can focus on growing their businesses instead of being bogged down by compliance. In addition, Kinectify's advisory services enhance gaming operators' capacity with industry experts who can design and test programs, meet compliance deadlines, and even provide outsource services for the day-to-day administration of compliance programs.

To learn more about Kinectify and book a demo, click here.

‍