Gaming's XP Quest: Level Up AML Compliance
14 Feb 2024

As usual, criminals exploit anonymity and global reach to move illicit funds. A recent study by KPMG found that 30% of gaming companies in the EU have been subject to money laundering investigations in the past five years. And, in 2023, the European Commission's report on Money Laundering and Terrorist Financing (ML/TF) identified the gaming industry as a high-risk sector for money laundering.

Specific Vulnerabilities Within the Gaming Industry

The gaming industry's high volume of transactions, coupled with the ease of transferring virtual currencies and in-game items, makes it a particularly attractive target for money launderers. Below are some specific reasons for those vulnerabilities.

  • In-Game Items - such as virtual weapons, avatars, and skins, to launder money. These items can be purchased with real money and then sold on third-party marketplaces for a profit. The anonymity of these marketplaces makes it difficult to trace the proceeds of these transactions.

  • Mobile Gaming - is becoming increasingly popular and the apps used in mobile gaming are often store payment information on the device itself, which is very susceptible to data breaches and theft. If hackers gain access to a device, they can steal the payment information and use it to conduct fraudulent transactions or launder money.

  • Virtual Currencies - such as Bitcoin and Ethereum, have provided criminals with a new avenue for laundering money since there is a lack of transparency. They’re not regulated by traditional financial institutions, making their movements difficult to track and identify as suspicious transactions.

Strengthening AML Regulations with the Gaming Industry In Mind

The EU is taking a number of steps to address money laundering in the gaming industry.The European Commission has:

  • Proposed a number of amendments to the Anti-Money Laundering Directives, which would further tighten restrictions on the gaming industry.

  • Enhanced due diligence so that gaming companies are being required to implement stricter due diligence procedures.

  • Increased collaboration so that The European Commission, national authorities, and industry bodies are sharing more information and best practices on AML in the gaming industry.

European Gaming Companies Fined for AML Breaches

These examples below demonstrate the growing scrutiny on AML compliance in the gaming sector, beyond traditional gambling activities. Gaming companies must prioritize AML compliance to protect their business, the integrity of the industry, and the safety of players. And, as gaming companies expand their offerings and engage in cross-border transactions, the risk of money laundering increases.

It’s that simple.

Mobile gaming companies

Supercell: In 2022, the Finnish Financial Supervisory Authority (Finanssivalvonta) fined Supercell Oy €662,000.

 The regulator found that the company had failed to conduct adequate customer due diligence (CDD) checks on its players, failed to monitor transactions for suspicious activity, and failed to report suspicious transactions to the authorities.

Tencent Mobile Entertainment: In 2021, the Malta Gaming Authority (MGA) fined Tencent Mobile Entertainment International (Europe) Limited €3.5 million. 

The regulator found that the company had failed to implement adequate AML procedures, failed to conduct adequate CDD checks on its players, and failed to monitor transactions for suspicious activity.

Virtual reality gaming companies

Epic Games: In 2022, the Dutch Kansspelautoriteit (KSA) fined Epic Games IP BV €2.7 million.

 The regulator found that the company had failed to conduct adequate due diligence checks on its players, failed to monitor transactions for suspicious activity, and failed to report suspicious transactions to the authorities.

Meta Quest LLC (formerly Oculus): In 2023, the Italian AAMS fined Meta Quest LLC €1 million. 

The regulator found that the company had failed to implement adequate AML procedures and had not adequately monitored suspicious transactions.

Video game companies

CD Projekt Red: In 2023, the Polish Financial Supervision Authority (Komisja Nadzoru Finansowego) fined CD Projekt SA €2.5 million.

The regulator found that the company had failed to implement adequate AML procedures, failed to conduct adequate CDD checks on its players, and failed to monitor transactions for suspicious activity.

Electronic Arts: In 2022, the French Autorité de contrôle prudentiel et de résolution (ACPR) fined Electronic Arts Ireland Limited €2.3 million.

The regulator found that the company had failed to implement adequate AML procedures, failed to conduct adequate CDD checks on its players, and failed to monitor transactions for suspicious activity.

Ready to get started?

Explore Pliance solutions, or contact sales to create a custom-made package for your business.

Contact sales
Pricing that works for you

No hidden fees, pay as you go or commit to a monthly plan.

Price Plans
Start your integration

Get up and running with Pliance in 1-2 days.

API Reference