Exigence Blog

iGaming: Where Incident Management Meets Compliance

Written by Noam Morginstin | Aug 16, 2020 12:10:44 PM

At times when players have multiple online choices and competition is fierce, safe betting and social responsibility is at the forefront of brand integrity. In fact, social responsibility has become a competitive edge for leading operators. Enter the era of the regulator. Regulation is now defining both the operator’s brand integrity and the player experience.

Are online operators up to the regulation task? Some are, though some are not. The numbers are there to prove it, according to the latest data from Gambling Industry Fines, with Gambling operators having been fined more than £25 Million in Q1 2020 by national regulators, with the UKGC (UK Gambling Commission) chief among those slapping huge fines.

In fact, the UKGC said it has found multiple examples of players being allowed to gamble significant sums of money in short time frames, sums which were “way beyond their personal affordability and without any intervention from the operator.”.

 

Leading the change

Changing habits are tough, just ask a compulsive player. Operational habits are hard to break as well. That’s why gaming compliance officers and MLROs are leading the charge to enhance player safety and deter illicit actions. The challenge however remains, on how to ensure efficient collaboration between all relevant stakeholders in the organization, once a regulatory incident is triggered.

More than ever licensees and gaming operators are bound to stringent GDPR and compliance rules. Data has to be recorded and timelines needs to be carefully documented for audit trail and reporting purposes. Yet, often, operators simply don’t have the requisite tools and processes to keep up with all their needs.

 

Managing the incident or being managed?

Consider the following: A red flag comes in, signaling that a high-risk player has been identified and must be banned and reported, due to responsible gaming alerts that might lead to potential use of illicit funds. Immediately, a team of responders from compliance, customer support, tech ops and information security need to be assembled to address a possible regulator and GDPR breach. The stakes are high as the operator’s license might be on the line. If an operator has advanced processes and manual playbooks in place, then these will be handy to resolve the incident, albeit manual actions and tedious group collaboration that might hinder time to resolution. Major incidents are effectively orchestrated when automation is applied to in-house processes. That way, teams can proactively manage the incident instead of being managed by it.

 

Here comes the regulator

Even at times when incidents are resolved efficiently, lack of documentation of timeline activities and actions result in a documentation gap. Regulators are extremely sensitive to missing trails of investigation and resolution that may lead to suspension of license and heavy fines. That’s why postmortem report generation, as well as root cause analysis reports, are critical to ensuring compliance and maintaining brand integrity.

The UKGC, for example, is adamant on how operators constantly train their staff to stay vigilant with regard to social responsibility and anti-money laundering.

The UKGC’s License Condition 2.3.1, Technical standards chapter states that:
“Gambling systems must retain a record of relevant activities to facilitate investigation and be capable of suspending or disabling player accounts or player sessions. Operators must monitor the effectiveness of their policies and procedures.”

The only way to accomplish this feat is to rigorously conduct business process training as well as keep all incident data in one repository, for future audits and business monitoring.

With the recent surge in player data on one hand and regulatory actions on the other, the task of incident resolution, compliant documentation and postmortem reporting is becoming insurmountable. Operators that are up to the challenge will be looking to facilitate enhanced automation throughout the incident management cycle. This is the key not only for swift incident resolution but also for maintaining brand integrity and adhering to the ever-growing mandates of social responsibility.