Mobile Gaming is Now Mobile

By James Trusty

In late October, the Financial Crimes Enforcement Network (FinCEN) issued guidance that removes a significant hurdle from the daily operations of the mobile betting industry.  FinCEN specifically lightened the burden of customer identity verification for online customers, which historically had been an unnecessarily cumbersome aspect of brick-and-mortar regulations. Under[MC1] [JT2]  a regulatory component of the USA Patriot Act,[1] casinos are required to use documentary evidence (such as a driver’s license or passport) to verify their customer’s identity in establishing accounts.  With the emergence of mobile sports betting in recent years, FinCEN had been applying the same verification standard to iGaming and mobile sports betting, which means in-person registration was needed for new accounts regardless of the type of gaming platform.  The industry has been pushing back on this particularly cumbersome requirement in the mobile gaming context, and the FinCEN opinion [2] is a major victory for both common sense and the industry.

The applicable regulations make it clear that prior to opening an account and accepting a deposit, a casino “must obtain the name, permanent address, and social security number of a customer.” The verification specifically calls for the “examination of a document,” and those documents are further defined by statute (essentially, government-created identification documents). FinCEN cannot re-write the statute, but the agency can do the next best thing—announce that casinos can join other financial institutions, like banks and commodity brokers, in implementing a Customer Identification Program (“CIP”) that eliminates the need for the physical presentation of government documents at the casino. If they establish a CIP, then, the casinos and mobile game operators are given an exception from the physical documentation requirement.

What comprises a sufficient CIP?

FinCEN establishes that the casino’s anti-money laundering (AML) program needs to particularize whether identity verification will be done through documentary methods, non-documentary methods, or a combination of the two. The opinion advises the casinos to set forth their minimal threshold for acceptable documentation and to characterize the criteria they use in opting for documentary or non-documentary verification methods.

What non-documentary methods of identity verification are acceptable to FinCEN?

FinCEN’s memo specifically approves of non-documentary methods of identity verification, such as:

  • contacting the customer,
  • independently verifying the identity through comparison of the customer’s provided information and a consumer reporting agency, public database, or other source,
  • checking references with other financial institutions, and
  • obtaining a financial statement.

At its heart, the new carve-out for mobile gaming is based on the recognition of an emerging, reliable tool—third party databases “which pull information from a multitude of publicly available resources.” FinCEN acknowledges that these web-based credit reports, for example, “can provide more comprehensive verification of an online patron’s identity than the documentary methods currently required by FinCEN’s regulations.” Whether this important concession is based on the web’s unparalleled (and perhaps, invasive) tracking of personal identifying information or the prevalence of fake identification documents of flawless quality, the bottom line is the same—mobile betting is no longer hindered by in-person registration processes.

Unshackling new customers from brick-and-mortar casinos will almost certainly open the floodgates for increased participation in igaming, mobile sports betting, and on-line casino play. FinCEN deserves credit for taking a practical and clear-eyed position that does not harm AML compliance or the ability of regulators and law enforcement to protect security interests, customers, and industry.

[1] 31 CFR § 1021.410(a)

[2] FIN-2021-R001, “Exceptive Relief for Casinos from Certain Customer Identity Verification Requirements.”

 [MC1]Jim – after first sentence can you say a little more about the opinion – as I read this article I don’t see where the opinion addresses mobile specifically – you get into it but it feels like we are missing a step?

 [JT2]See what you think – the guidance specifically says “online customers” so maybe the new sentence gives better transition.  Also, changed “last month” to “late October” in the first sentence.