What should you, as a game provider, be aware of?

As a licensed game provider in Denmark, you play an important role in the overall efforts to combat money laundering and terrorist financing. The Anti‑Money Laundering Act therefore imposes a number of obligations on game providers.

One of these obligations is that you, as a game provider, must identify and assess the risk that your business may be misused for money laundering or terrorist financing. You must therefore prepare a written risk assessment based on your business model.

In addition, you must have adequate written policies, procedures, and controls to effectively prevent, limit, and manage risks of money laundering and terrorist financing.
These must be operational and usable by relevant employees. The procedures must be developed on the basis of the risk assessment and therefore reflect the risks relevant to you as a game provider.

At a minimum, the procedures must cover:

Risk management
Customer due‑diligence procedures
Obligations to investigate, record, and report
Storage of information
Employee screening
Internal controls

The game provider must ensure that management and employees receive training in the requirements of the Anti‑Money Laundering Act. The game provider must ensure that management and employees actually participate in the training and acquire sufficient knowledge relevant to their tasks. Training must be repeated and updated regularly, for example when the risk assessment or procedures are updated.

Customer due‑diligence procedures

Customer due‑diligence procedures mean that you, as a game provider, know who your customers are and understand their purpose for gambling with you.

This is important to ensure that a customer’s purpose is not to launder money or finance terrorism. You must carry out customer due‑diligence procedures when a person is registered as a customer, for example when creating a gaming account, or when the customer’s relevant circumstances change.

You must investigate the background and purpose of all transactions that are:

Complex
Unusually large
Conducted in an unusual pattern
Lacking an obvious economic or lawful purpose

It may also be relevant to increase monitoring of the customer to determine whether the transactions appear suspicious.

You must record information about the customer, the transaction or activity, and the conclusion of your investigation. The obligation to record applies both to cases that lead to a report and to cases that do not.

As a game provider, you must store various types of information, such as information obtained through customer due‑diligence procedures.
This information must be stored for at least five years after the customer has ended their relationship with you or after a one‑off transaction has been completed.

However, personal data must be deleted five years after the customer has ended their relationship with you or after a one‑off transaction has been completed.

You are obligated, as a game provider, to notify the Money Laundering Secretariat if you become aware of, suspect, or have reasonable grounds to believe that a transaction, funds, or activity is or has been linked to money laundering or terrorist financing. The notification must be made immediately and via the GoAML portal.