The financial-crime perimeter around every licensed operator
AML is the most externally-driven dimension, iGaming regulators implement AML rules that originate in broader financial-crime legislation (the EU\'s AMLD, the US Bank Secrecy Act, FATF guidance). The UK\'s LCCP SRCP 2 mirrors the MLR 2017; Malta\'s GACD 27 applies PMLFTR-derived rules; the US-state rulebooks incorporate BSA / FinCEN reporting. The result is a high degree of technical convergence around SARs, currency-transaction reporting, politically-exposed-person screening and risk-based customer due diligence.
Each chip is one indexed rulebook. Green = we have a directly matched standard on this topic; dim = the topic may be covered under different wording, explore the framework to verify.
Best-match standard per framework. Scored against titles, requirements and editorial tags, click through for the full text.
| Market | Standard | Excerpt | Source |
|---|---|---|---|
| AGCO S 6.03 | Source of funds and suspicious activity | Reasonable measures shall be in place to identify and prevent suspected money laundering activities in the gaming site. | Open ↗ |
| AGLC AGLC 5.8.3 | Suspicious Transaction Reporting (STR) - Registered Operators and registered Goods or Service Suppliers must, … | Suspicious Transaction Reporting (STR) - Registered Operators and registered Goods or Service Suppliers must, at a minimum | Open ↗ |
| DGA AML — Monitoring / STR | Transaction monitoring and STR reporting | Operators must investigate the background and purpose of complex, unusually large or patterned transactions and of any unusual activity lacking an obvious economic or lawful purpose, and must note and retain the results… | Open ↗ |
| DGOJ RD 958/2020 art. 21 | Registered User Account (cuenta de usuario registrado) | Article 21 of Royal Decree 958/2020 introduced the cuenta de usuario registrado — a mandatory pre-contract account that must be created and fully identified before the operator may send any personalised commercial comm… | Open ↗ |
| GGL § 2(1) no. 15 / § 43 GwG | Suspicious transaction reporting to the FIU under the Geldwäschegesetz | Under § 2(1) no. 15 Geldwäschegesetz (GwG), organisers and intermediaries of public gambling are designated Verpflichtete (obliged entities). Under § 16 GwG gambling-specific customer due diligence and player-account… | Open ↗ |
| MGA PPD 12-13 | Pre-registration exclusion and record retention | Individuals not previously registered who contact the licensee to be excluded from future gaming must not be allowed to register or play until they revoke the request in writing. Circumvention attempts by an already-excl… | Open ↗ |
| MGCB R 432.665 | AML program and SAR filings | An MGCB-licensed operator is a casino for federal BSA purposes, with CTR and SAR filing obligations. Internal AML programs must be risk-based, include designated responsible officers, and be tested annually by internal a… | Open ↗ |
| NJ DGE § 69O-1.3(b) | Account registration, KYC, and encryption | To open an Internet/mobile account the licensee must create an encrypted patron file, verify identity (via N.J.A.C. 13:69D-1.5A plus recorded credential number or an approved remote multi-source method), confirm age 21 a… | Open ↗ |
| OCCC OAC 3.3 | Campus Advertising Restriction | A sports gaming proprietor shall not target advertisements to the campus of any Ohio college or university, provided that generally available broadcast, print, or digital media that incidentally reach a campus audience a… | Open ↗ |
| PA PGCB 58 Pa. Code § 813.4 | Anti-money laundering and KYC | Operators must implement an AML and KYC program consistent with federal law and PGCB rules, including enhanced due diligence on high-volume players, transaction monitoring, and appropriate regulatory filings. | Open ↗ |
| SGA AML Act Ch 4 | Suspicious transaction reporting | The licence holder must report to the Financial Intelligence Unit (Finanspolisen) any transaction or activity that cannot be ruled out as connected to money laundering or terrorist financing. Reporting must not be disclo… | Open ↗ |
| UKGC LCCP LCCP 12.1.1 | AML risk assessment & controls | Licensees must conduct a money-laundering and terrorist-financing risk assessment, reviewed at least annually and whenever circumstances change, and must have appropriate policies, procedures, and controls, implemented e… | Open ↗ |
| UKGC RTS RTS RTS 12A | Accessible limit-setting and registration prompts | The gambling system must provide easily accessible facilities for customers to set their own financial limits at any time from the point of registration, and must prompt customers to set a limit as part of registration o… | Open ↗ |
Every indexed market uses a risk-based approach: standard CDD for normal customers, enhanced CDD for high-risk customers (PEPs, high activity, high-risk jurisdictions). The specific thresholds differ but the framework is shared. Source-of-funds review above activity thresholds is universal.
Every indexed regulator requires a nominated officer (MLRO in the UK / MGA model) and internal SAR procedures with direct reporting to the national FIU. Ontario integrates with FINTRAC; UK with the NCA; Malta with the FIAU; US states with FinCEN via their respective internal-control systems.
Ohio is sports-only under ORC 3775 and does not codify a dedicated state anti-money-laundering programme for sports gaming, so our index contains no Ohio AML/CDD rule equivalent to LCCP SRCP 2 or MGA GACD 27. Federal Bank Secrecy Act obligations apply where applicable, and state-level suspicious-activity escalation is channelled through the incident-reporting rule at OAC 3775-16-17.
Open questions and imminent changes that will shift the cells above. Each item is traceable to a regulator publication or indexed statute.
The financial intelligence unit (FIU) in each jurisdiction. UK operators file to the NCA. Ontario operators file to FINTRAC. Malta operators file to the FIAU. Denmark files to SØIK, Sweden to Finanspolisen, Germany to FIU Deutschland, Spain to SEPBLAC. US-state operators file to FinCEN.
Documentary evidence that a customer's gambling funds come from a legitimate source. Payslips, bank statements, inheritance documents, business accounts. Triggered above activity thresholds that each regulator sets on a risk-based standard; the UK's LCCP SRCP 3.9 is representative.
Every claim above traces to one of these citations. Matched standards link straight into the framework explorer; overlay facts link to the RG Observatory card with its audit note.
Built 2026-05-11 from the same datasets that power the framework explorers. Not legal advice; verify against the issuing regulator.