Thursday, 26 September 2024

Online Gaming & AML - Recent Developments

A couple of days back an interesting news article made a headline, that India is pushing FATF to adopt stringent AML norms for Online Gaming Companies. The news report further quoted unnamed sources from Indian authorities stating that they wish to highlight the risks posed by the recent violations by online gaming apps like Mahadev App and is analyzing various options to bring online gaming within the ambit of strict AML KYC Norms and stringent reporting of suspicious transactions to the agencien.


In this article of “Quest to Learn (QTL)”, I try to unpack different aspects of what it means for the Online Gaming Industry (“OGI”) in India.


We are aware that through different industry bodies, the OGI has been making various efforts to get recognised and regulated. The OGI is also struggling with various allegations of tax evasion, uncontrolled expansion, lack of transparency etc. and lastly OGI has also been wary of over-regulation and has expressed that over-regulation may stifle innovation and negatively impact the growth prospects of the otherwise booming industry. 


So before we get into, the “impact” and “how” parts of this discussion let us try and understand a few basic details about FATF and its functions.


The Financial Action Task Force (FATF) is an independent inter-governmental body that develops and promotes policies to protect the global financial system against money laundering and terrorist  financing. Recommendations issued by FATF define criminal justice and regulatory measures that should be implemented by countries to counter the problems of money laundering and terrorist financing. FATF recommendations are recognised as the global anti-money laundering (AML) and counter-terrorist-financing (CTF) standard.


India was admitted as the 34th Country Member of FATF on 25th June 2010. India is also a member of the Asia/Pacific Group on Money Laundering (APG) and the Eurasian Group (EAG), which means that over the years India has consistently been making efforts to strengthen its internal laws, policies and practices against AML and CFT. India has also worked a great deal towards increasing cooperation on information sharing on these issues including taxation with multiple countries by becoming signatory of treaties under Foreign Accounts Tax Compliance Act (FATCA) with the United States of America and Multilateral Competent Authority Agreement (MCAA) on Common Reporting Standard (CRS). 


What all this has meant for the India from a legal and regulatory standpoint is as follows:


  1. Amend existing laws to create a framework for:

  1. Clear identification of Reporting Entities;

  2. Prescribe requirements around

    1. KYC Norms

    2. Mandatory collection of information and documents; and

    3. Reporting of information

  1. Form a specialized body which is responsible for

    1. Collection of reports from reporting entities

    2. Monitor and seek information from entities; and

    3. Cooperate with international bodies to fulfill reporting obligations under different treaties.

  2. Keep upgrading the reporting entities list based on current global and internal developments.


As a result of all these efforts Financial Intelligence Unit – India (FIU-IND) was set by the Government of India vide O.M. dated 18th November 2004 as the central national agency responsible for receiving, processing, analyzing and disseminating information relating to suspect financial transactions. FIU-IND is also responsible for coordinating and strengthening efforts of national and international intelligence, investigation and enforcement agencies in pursuing the global efforts against money laundering and financing of terrorism. FIU-IND is an independent body reporting directly to the Economic Intelligence Council (EIC) headed by the Finance Minister.


India further introduced a two tear (statutory and regulatory) mechanism to introduce certain provisions under the Prevention of Money Laundering Act, 2002 (PMLA) and the Rules framed under the PMLA. Also, the guidelines prescribed by various sectoral regulators like Reserve Bank of India (RBI), Insurance Regulatory and Development Authority of India (IRDAI), PF Regulatory and Development Authority of India (PFRDA) etc. have prescribed various KYC guidelines for the entities regulated under their aegis.    


The provisions of PMLA introduced the concept of Reporting Entity (RE) and also introduced the requirements for maintaining certain records, monitoring of transactions and reporting of suspicious and cash transactions (as prescribed) by these reporting entities to FIU on a regular basis. The Act also introduced the concept of Principal Officer (PO) and Designated Officer (DO) known as Money Laundering Reporting Officer (MLRO) globally.


Under PMLA, every reporting entity (banking company, financial institution, intermediary or person carrying on designated business and profession) is required to appoint a Principal Officer and a Designated Director and communicate their names, designations and addresses to FIU-IND. The reporting entity is also obligated to client due diligence, maintain record of specified transactions for the prescribed period and furnish report of the prescribed transactions to FIU-IND.


Reporting Entities:

Following entities have been recognised as reporting entities under the PMLA:

  1. Banking Companies

  2. Nationalized banks  State Bank of India and its Associates

  3. Private Indian Banks and Private Foreign Banks 

  4. Primary District and State Co-operative Banks  

  5. Regional Rural Banks

Financial Institutions

  •  Financial I institutions as defined in Section 45-1 of the RBI Act

  •  Insurance Companies

  •  Hire-Purchase Companies

  •  Chit Fund Companies

  •  Housing Finance Companies

  •  Non-Banking Financial Companies

  •  Payment System Operators (Credit Cards)

  •  Authorized persons (Money changers)

  •  India Post


Intermediaries

  • All entities registered under section 12 of the SEBI Act including:

  •  Stock Brokers and Sub-brokers

  •  Share Transfer Agents and Registrars to issue

  • Bankers to an Issue and Merchant Bankers

  • Underwriters

  • Trustees to Trust Deed

  • Portfolio Managers and Investment

  • Advisers

  • Depositories and Depository Participants

  • Custodians of Securities

  • Foreign Institutional Investors

  • Credit Rating Agencies

  • Venture Capital Funds

  • Collective Investment Schemes including Mutual Funds

  • Intermediaries regulated by Forward Market

  • Commission (FMC)

  • Intermediaries regulated by Pension Fund Regulatory and Development Authority (PFRDA)


Maintenance of records and furnishing of reports to FIU: 


The following transactions have been specified under the PML Rules for which records have to be maintained and reports are to be furnished to FIU-IND: 


  1. All cash transactions of the value of more than rupees 10 lakh or its equivalent in foreign currency. 

  2. All series of cash transactions integrally connected to each other which have been individually valued below rupees ten lakhs or its equivalent in foreign currency where such series of transactions have taken place within a month and the monthly aggregate exceeds an amount of ten lakh rupees or its equivalent in foreign currency; 

  3. All transactions involving receipts by non - profit organizations of value more than rupees ten lakh, or its equivalent in foreign currency; 

  4. All cash transactions where forged or counterfeit currency notes or bank notes have been used as genuine or where any forgery of a valuable security or a document has taken place facilitating the transactions; 

  5. All suspicious transactions, whether or not made in cash, including attempted transactions. 

  6. All cross border wire transfers of the value of more than five lakh rupees or its equivalent in foreign currency where either the origin or destination of fund is in India; 

  7. All purchase and sale by any person of immovable property valued at fifty lakh rupees or more that is registered by the reporting entity. 


Reporting Timelines:

The Suspicious Transaction Report mentioned at para (e) above should be furnished within seven working days on being satisfied that the transaction is suspicious. The information in respect of immovable property transactions referred to in (g) above should be furnished to FIU-IND every quarter by the 15th day of the month succeeding the quarter. All other reports need to be furnished on a monthly basis by the 15th day of the succeeding month. 


Suspicious Transaction: 

Suspicious Transaction means a transaction (including an attempted transaction) whether or not made in cash which, to a person acting in good faith:

  1. gives rise to a reasonable ground of suspicion that it may involve the proceeds of crime; or 

  2. appears to be made in circumstances of unusual or unjustified complexity; or 

  3. appears to have no economic rationale or bona fide purpose; or 

  4. gives rise to a reasonable ground of suspicion that it may involve financing of activities relating to terrorism.


Based on the above provisions various sectoral regulators like RBI have prescribed detailed master directions for KYC and the entities falling within these regulators have to put in place the systems for (a) Customer Identification Procedure (CIP) (b) Customer Due Diligence Procedure (CDD) (C) On-going Due Diligence; and (d) Advanced and simplified due diligence. It is important to note that these procedures are prescribed for natural as well as artificial persons independently.


These directions typically need the RE to do the following:

  1. Carry out customer identification by:

    1. Collect self declared information from the customer [name, age, address, etc]

    2. Collect supporting documents for the above info

    3. Verify the documents submitted

    4. Run checks on the individuals, entities based on various sanction lists and OFAC list

  2. Carry out enhanced due diligence on certain specified entities/individuals such as Politically Exposed Persons

  3. Monitor transactions carried out by individuals and entities on regular basis and create suspicious transaction reports and cash transaction reports

  4. File reports with the FIU and the sectoral regulator

  5. Engage and provide additional information as may be required by FIU


While there are other amendments under Income Tax Act, which are introduced under different treaties that we discussed above (FATCA and CRS), but since the focus of those is more on tax evasion related information sharing, I am not discussing those here.


Where does the issue relating to AML/KYC norms for OGI, stand as of today ?

 

Admittedly, the OGI lacks any standard or in fact lacks even a basic level of CIP or CDD implementation. It certainly does not have any statutory requirement to do any KYC, CIP, CDD and thus there isn’t any question of monitoring and reporting of transactions.


In the past 3-4 years, however, the Indian Government (GoI) has made it apparent that it strongly feels the need to bring an appropriate AML/KYC regime for the online gaming industry. Several industry interactions, arguments extended by the counsels in various gaming matters before different High Courts, views expressed in different forums and industry interactions and views expressed by certain Online Gaming Authorities like TNOGA have time and again indicated that Government feels the dire need to bring in AML/KYC Guidelines for the OGI. 


The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 were the first piece of subordinate legislation which introduced the requirement of KYC for users as per RBI prescribed norms.


(12) An online gaming intermediary shall, before accepting any deposit in cash or kind from any user for a permissible online real money game, identify such user and verify his identity: 

Provided that the procedure required to be followed by an entity regulated by the Reserve Bank of India for identification and verification of a customer at the commencement of an account-based relationship shall apply, mutatis mutandis, in identification and verification of the users of such online gaming intermediary.


While these discussions were still on, the public policy enthusiasts, the GoI and the online gaming industry were still debating the larger issue of regulation of the industry as a whole and AML/KYC compliance was just a smaller subset of a much larger bucket of issues involving legality, governance, social impact, taxation etc. 


It however, appears that the GoI has been keenly considering various options to not only bring in the OGI under the strict AML/KYC regime, it also has started discussing the issue at a global level to bring focus on AML risks that the OGI industry poses globally necessitating the need to have international cooperation on standard AML/KYC norms, reporting requirements and sharing of information across jurisdiction. 


This positioning of the GoI seems to have stemmed from certain online betting and money laundering frauds like Mahadev App where law enforcement agencies in the absence of information and data faced various challenges in investigating and bringing culprits to book. 


It however, appears that the GoI in its effort to rein in on illegal businesses like Online Betting and Gambling, is pursuing OGI, which stands differentiated from the illegal betting and gambling operators. 


Does that mean that the OGI has a case for being excluded from the discussions about bringing in AML/KYC norms? 


In my opinion, the OGI may not have a very strong case to be fully excluded from any proposal to bring in stringent AML/KYC compliances for the OGI as a whole including betting and gambling. As per various hearsay the key issues enforcement and investigating agencies have quoted the following issues necessitating the AML/KYC compliances: 


  1. Massive scale at which OGI operates (millions of users) 

  2. Billions of small transactions increasing the possibility of large hoards of money slipping without being tracked or monitored

  3. No user standard identification and diligence protocols increasing the risks of misuse of OGI platforms  


In this scenario, it appears that the GoI will continue to use the examples of Online Betting/Gambling to push the agenda for the entire OGI. It also works well internationally as unlike India, various other jurisdictions do not differentiate OGI and Online Betting/Gambling as two separate classes of businesses.


What does it mean for OGI to be considered and brought under strict KYC requirements?

If the OGI were to be brought under the FATF’s AML/KYC regime globally, then the same may inter alia have following implications:


  1. The platforms will have to undergo changes in terms of how a new user is onboarded and how and what information gets collected will have to improve

  2. Integration of platforms with third party AML tools for OFAC checks etc will have to be put in place 

  3. Appoint PO and DO/MLRO

  4. Platforms will have to put monitoring mechanisms in place and start preparing report

  5. Start submitting reports to FIU and sectoral regulator (if deputed)

  6. Get a CIP and CDD done for existing users in a time bound manner 

 

What is the way forward:


To my mind, so far the OGI has been avoiding any open discussions on this issue. The reasons for this seem to be twofold:

  • It fears that these norms will negatively impact the user onboarding and hence the growth of the business will stagnate or be negative.

  • It fears extremely high costs of compliances and putting the systems in place.

  • For an industry reeling under several tax disputes, this may be a wrong time to have added complication of AML/KYC compliance burden.

  • A general resistance to change emanating out of a fear of the unknown.


But to my mind it’s time for the industry to start openly engaging with the GoI on the issue of AML/KYC for OGI and start making suggestions revolving around the following unique key issues:

 

  • Risks posed by betting and gambling are different as traceability is the key issue there

  • For OGI traceability isn’t an issue as it only allows online transactions which originate from REs

  • Average Ticket size for casual, fantasy and similar games is too small to be used as a bridge to launder money

  • The flow of money in OGI is through three key steps (1) participation (2) winning (3) disbursal of winning. Since, the ultimate receipt of money is contingent on “winning” its not a sure way to launder money and hence reduces the risk of OGI being used as a bridge to launder.

  • Most OGIs have upfront platform fees going as high as 25% and for a typical launderer it may not be a lucrative option


I am sure, enough education and engagement will help clear a lot of doubts for GoI to take appropriate and differentiated actions for different classes of online games. 


The OGI as a whole (all federations) will have to come to a common ground on this issue and have an active engagement on the issue with the GoI. This is the only way forward. Avoiding the discussion will result in GoI moving forward with its agenda at FATF and the same may not yield good results and will be even more difficult to reverse once implemented at FATF level.


I will be happy to engage in discussions with anyone interested in the subject. Do write into me on amol.apte@lawknit.co for any queries, suggestions, feedback on the note and/or this important subject as a whole.



Amol Apte  

26.09.2024

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)