Gambling With User Info – AGA doc reveals concerning practices

The American Gaming Association (AGA) recently released a Best Practices guide for AML/KYC compliance, which details a wide range of measures that are recommended for both online and brick-and-mortar establishments. The largest change from past versions is the expansion in both the scale and scope, most likely due to the recent spread of regulated gaming to many more states combined with the continuing shift towards online operations. Given the rather disturbing safety and privacy issues being raised in the more mature UK gaming industry, this should probably be more than a little concerning to anyone who plans to bet at these establishments. Just the sheer number of references to the Patriot Act alone are quite disturbing on their own.

Perhaps the single most worrisome part is when the AGA document states that “Casinos are encouraged to participate in the valuable voluntary information-sharing program with other entities defined as financial institutions under Section 314(b) of the USA PATRIOT Act”. It is essentially encouraging casinos to go overboard on how much personal information that they report.

To make things much worse, your information is shared across all of these other entities so the risks are multiplied by a large factor. Given that these third-parties also have their own partnerships, there will be second- and third-order effects. So it is more accurate to say that the risks will grow exponentially. It is not a matter of if your sensitive personal data will be mishandled, misused, leaked, or stolen – it is a matter of when.

It’s not just a one-way street either. If a casino participates in this voluntary information-sharing “…it may contact officials at other participating casinos or banks or other financial institutions for additional information concerning a patron’s business connections and other relevant matters.” That’s quite an incentive to participate in this “optional” scheme. The ‘other relevant matters’ is left very vague and this is likely by design. Not to mention that having a casino knowing if a patron has come into a large amount of money recently is almost certainly something that will be abused.

Credit reporting agencies are in this voluntary information-sharing loop too, as we have seen in the UK also. So a fun little punt could end up having a negative effect on your credit. Not only will people be misled into making bad bets and getting shorted on the promotions/comps they were promised, they could take an even larger loss later on due to the credit issue.

Then there is the major issue of false-positives. This is made clear multiple times throughout the AGA document such as “There are a variety of legitimate transactions that could raise a red flag simply because they are inconsistent with a patrons account activity”. Even players or groups who are merely trying to maximize incentives to get the most out of their money will be targeted, and note how they say aggressively. I’m including the entire paragraph due to how important it is.

“To maximize incentives (comps, promotional chips, airfare, discounts, and allowances) a player, or group of players working in concert, may often display a number of suspicious behaviors (e.g., passing chips, offsetting wagers, masking their activity, distorting their average wager, walking with chips). For commercial reasons, casinos may work aggressively to curtail these behaviors with the help of Surveillance, Operations and Casino Marketing. Casinos should exercise caution in assuming these behaviors are simple advantage play strategies that may not be illegal and remain attentive to the risk that these same behaviors may be employed for money laundering purposes. In some cases, this behavior should be escalated to Compliance as potential suspicious activity.”

This is essentially false advertising on their part, by luring in patrons with generous promotions and then presumably flagging them if they aren’t losing enough to the casino. Speaking of not losing enough, if a patron deposits a large amount of money then they are expected to gamble with most/all of it in a timely fashion. Otherwise they run the risk of being flagged for potential money laundering. Given that the vast majority of regulated sportsbooks are outright banning users for simply winning a bit too much, which we had just noted another here, successful bettors would be wise to avoid doing anything that could help legitimize any actions taken against them.

Another disturbing revelation is that “In some instances, a casino may learn information from any source about a specific patron which warrants further inquiry or examination of the patron’s transactions”. They go on to state that “public reports of negative information concerning the patron’s integrity” can be a cause for investigation. These are worded so vaguely that practically anything could be used as a valid pretext for launching an investigation.

Even just changing the method you use to deposit/withdraw funds, an increase in betting activity, hedging bets on both sides, or simply cashing out soon after winning a wager is cause for enhanced scrutiny or even flagging. Surely they don’t expect everyone to just keep betting until they’ve lost everything, but it truly seems like they will try as hard as they can to make that happen.

Also if you’re what they describe as a Politically Exposed Person (PEP) in the past or present, you can expect a very high level of scrutiny and voluntary information-sharing throughout the process. Even relatives or associates of PEPs will face the same scrutiny and hoops to jump through. If I were in this group, I honestly wouldn’t even bother setting foot in a casino or going to one of their websites/apps.

Just being from a country deemed as a concern for corruption/illicit activity or ‘high-risk’ is a cause for much higher scrutiny, or if you are a non-resident alien or foreign national. Not only just that, your funds can actually be seized. For foreign patrons this can be a serious concern given that these watchlists of countries/jurisdictions are constantly changing and most citizens have practically nothing to do with their country’s leadership or activities anyway.

Last, but certainly not least, are the recommendations for dealing with crypto. The AGA strongly suggests not even bothering to try to use it, and just to convert it to USD beforehand. Of course they recite the same old argument that crypto is a haven for money laundering and other illicit activity, even though many legitimate studies have proven otherwise. So expect casinos to be very unfriendly to crypto and don’t be surprised if you get flagged and subject to higher amounts of voluntary information-sharing for trying to use it.

Given all of this, crypto-based casinos seem like the obvious choice.  Particularly those that are sufficiently decentralized. They tend to have much lower friction overall, way better value for users, and are generally a greatly superior option for protecting your personal data. And perhaps your sanity too.

Stay tuned for the second part in this series where we examine the more mature UK market, which could also give a glimpse into where the AGA and the US market as a whole is heading.

Enter your keyword