Shutterstock

Sweden’s Spelinspektionen has told operators to increase due diligence for high risk customers, as it outlines new guidelines for online operators. 

Central to the guidance is the strengthening of protections against money laundering and terrorist financing.

Spelinspektionen’s Director General, Camilla Rosenberg, stated: “The gambling industry is a risk area for money laundering, and we have seen a need for further clarification and guidance in this area. We have therefore revised our guidance and are also conducting a new risk assessment.”

Operators have been told to increase checks around the source of funds for large deposits and determine whether the customer is a Politically Exposed Person (PEP). 

Further requirements stipulate enhanced due diligence (EDD) for high-risk customers, which includes additional verification of income sources and bank statements.

To improve customer due diligence, operators are urged to implement ‘routine internal controls’ to ensure that thorough KYC checks are conducted by staff, with records kept for oversight purposes.

Furthermore at the heart of the guidelines is an enhanced approach to KYC for operators, with them now being required to verify each customer using a valid identification document, such as a passport, SIS National ID card, driver’s licence or tax ID.

Data collection also features as a key part to the new guidelines, with operators being told to ensure they collect data to gain a deeper understanding of a player’s gambling background. 

One of the other major elements supporting a safer gambling ecosystem in Sweden is around staff information and training. 

Internal controls should focus on customer background checks, risk management, account monitoring, and staff training, ensuring frontline employees can identify potential threats.

Staff training is viewed as a key compliance measure, as customer care employees play a crucial role in identifying suspicious behaviour and AML infringements.

To assist regulatory agencies, operators must retain customer identification data, transaction records, and risk assessments for five years. Documentation should be dated and easily retrievable for regulatory audits.