Navigating Sanctions Compliance in the Gaming Industry
Russia’s war in Ukraine and other geopolitical events are making sanctions and a compliance officer’s duty around watchlist screening more relevant today than ever before. The US Treasury Department maintains 38 active sanctions programs with new sanctioned actors added to over 16 of these programs this year.1￼ In fact, 2,400 Russian individuals and entities have been added to US sanctions programs, including scores of high net-worth individuals and their family members around the world whose wealth is tied to the Russian state. 2￼
These developments are especially important news for gaming compliance officers because any business or individual in the US is prohibited from doing business transactions with these individuals or anything they own (directly or indirectly) 50% or more. Penalties for infractions range from 2-3X the amount of each transaction in fines to criminal liability and prison time of up to 10 years.
The Pervasive Use of Sanctions
Sanctions have become the warfare tool of choice for modern-day superpowers largely because much of the global economy relies on financials hubs like New York and London to conduct business. This creates an opportunity for global powers like the United States to attempt to choke the financial resources of actors they want to target and force a policy change, behavior change, or to simply make a statement.
In addition to the financial aspect of sanctions, sanctions are also commonly used as a political tool or are used to focus on a critical national security priority without having to deploy military assets or face the risk of lost lives. This may be one reason that over the last 20 years, sanctions designations have experienced a net increase of over 900%, signifying that regardless of their effectiveness, they have become the weapon of choice and are here to stay.3
Implications for Gaming Compliance Professionals
Gaming compliance practitioners should first understand that their sanctions program does not consist of a risk-based approach like their AML program does, whereas for the latter you focus on simply catching the riskiest activity. With OFAC sanctions, you are prohibited from doing any business transactions with the sanctioned entity or individual. This is a high standard that is quite different from AML where you detect patterns, focus your limited resources on the riskiest areas, and make reasonable judgements as risk events emerge. Furthermore, sanctions regulation is more black-and-white in that doing business with any individual or entity on a sanctions list is prohibited and the organization is liable for any violation.
This means that conducting initial screening and ongoing monitoring of all employees, active players, and third parties is essential. While the US government does not mandate any single practice or technology, it simply holds organizations liable for any transaction processed for a sanctioned individual or entity.
Additionally, gaming compliance professionals should understand that screening a sanctions list is not enough. In 2024, the US Treasury Department implemented the 50% rule, which states that anything a sanctioned actor owns directly or indirectly 50% or more is also sanctioned by-law. This also includes aggregating ownership among sanctioned actors. If two or more sanction actors are part-owners of a company, for example, and their combined ownership exceeds 50%, that entity is also sanctioned by law.
The 50% rule forces organizations to go beyond the sanctions lists provided by the government and to understand their customers and how they may be connected to a sanctioned actor. For example, if a gaming organization onboards a vendor and sanctioned actors indirectly own 50% or more of that entity, then it is sanctioned by law.
Components of an Effective Sanctions Program
In 2019, the US Treasury Department released “A framework for OFAC Compliance Commitments” that provides guidance to organizations on developing their sanctions compliance program. 4 The Treasury Department advised that any organization with a presence in the United States should incorporate the following five components into their sanctions compliance program:
- Management commitment
- Risk assessment
- Internal controls
- Testing and auditing
The framework emphasized the importance of a risk-based approach in terms of developing, implementing, and routinely updating its sanctions compliance program, which varies depending on the size and sophistication, products and services, customers and counterparties, and geographic locations.
For example, a casino far from an international travel hub with a small and stable base of local US players likely does not have significant sanctions risk and may decide not to screen or actively monitor all players. This is due to the fact that sanctions typically target foreign nationals deemed to be a national security risk to the US. These individuals are often on no-fly lists in the US and are not permitted to conduct business in the US, making it a low-risk probability that they will show up at a casino in rural America that typically hosts local players.
The framework, however, clearly states that any transaction with a sanctioned actor is a violation, but it will take into consideration organizations that follow this framework and that have a sanctions compliance program when it involves an egregious or non-egregious penalty. Therefore, this risk-based approach is not like AML where you are concentrating your limited resources on the highest risk matters, but rather it involves making a judgement call and assessment as an organization as to your willingness to pay a penalty should a transaction occur because the organization feels there is not sufficient exposure in certain areas where a violation could occur to dedicate resources. In short, you are saying that the risk is low that a transaction with a sanctioned actor could occur, and we are willing to pay a fine if it does.
Ways to Operationalize Sanctions Compliance within your Gaming Organization
The most common operational components of a sanctions compliance program in gaming are the following:
- Watchlist screening at account opening
- Ongoing watchlist monitoring of active players
- KYC/CDD/EDD investigations based on triggers that include sanctions-related research
- Staff training
Some other areas of consideration often overlooked:
- Sanctions policy adopted by senior leadership
- Sanctions screening and monitoring of 3rd party relationships including vendors
- Incorporating sanctions-related focus when conducting KYC/EDD investigations
- Testing your automated sanctions data-provider service (i.e., don’t assume it works well just because you’re paying for it)
Assessing Sanctions Screening Matches
Once you’re sure a positive match has occurred, the following applies:
- Identify your exposure often by opening a case to help you investigate/document
- How many transactions occurred? What is the organization’s exposure?
- Information around the incident / transactions, including dates, times, and amounts of money involved
- Notify management and follow your internal procedures
- File OFAC report on rejected and blocked transaction within 10 business days
- If detecting prior to account funding:
- Prohibit the incoming deposit at account opening
- If detected after account is established:
- Prevent any unprocessed, pending, and future transactions
- Place funds in a “blocked account”
- File annual blocked property reports to OFAC
Sanctions compliance is a critical component of your risk management program and often lumped together with AML compliance. The need for a dedicated sanctions compliance program has never been greater and there are a number of capable technology partners out there that can provide the support you need. Many modern AML platforms offer sanctions screening and monitoring as a feature set within the platform, greatly facilitating compliance with features such as automated workflows and case management. Even with these tools, however, it's imperative that every organization conduct a thorough sanctions risk assessment and determine their sanctions exposure, as well as ensure that there are appropriate tools and procedures that are aligned with their size, complexity, and risk tolerance.
Following this blog post, Kinectify will be issuing a checklist and an article on the elements of an effective sanctions risk assessment program for gaming organizations. To be notified when this checklist is launched, sign up for our email newsletter at www.kinectify.com.
Kinectify is an AML risk management technology company serving gaming operators both in the US and Canada. Our modern AML platform seamlessly integrates all of the organization's data into a single view and workflow empowering gaming companies to efficiently manage risk across their enterprise. In addition, Kinectify's advisory services enhance gaming operators' capacity with industry experts who can design and test programs, meet compliance deadlines, and even provide outsource services for the day-to-day administration of compliance programs.
To learn more about Kinectify and book a demo, click here.
Get the White Paper
Discover how Kinectify can clear the way for you to scale your business.