Here's a little summary (in 2 parts) of my wonderful day @Rizk/GIG in Malta.
As Captain Rizk has already answered many questions asked in this thread, I'd like to give my personal input from a player's side of things.
First of all, I was pleasantly surprised by the fact that I was presented with a load of information behind the doors. Anything I asked, I was given a genuine answer, truly in spirit of no bullshit like the Rizk slogan says. I believe they really are and want to be as transparent as is possible.
I'll try to go through some of the main points we discussed in a way that is both informative and respective of proprietary information.
The day started @GIG Beach after we managed to have some coffee from GIG's barista at the lounge (the coffee is served how he wants to serve it, not how you want it
).
Compliance Matters
First thing was a meeting with the Head of Compliance of GIG. We discussed on a general level mainly about anti-money laundering, responsible gambling and data protection and how these transform into specific actions from the company side. The pressure from recent and upcoming legislative/regulatory changes have caused a lot of work in the back office.
The AML/RG and DP issues seem to have a top priority at the moment. So much so, that Rizk for example has had to delay some their own changes and developments because of the importance and time frame associated with the compliance matters. For example, the General Data Protection Regulation (GDPR) has a definitive date (25th of May) when every company effected by it needs to be compliant. The max fines for failure to meet the compliance are not small, up to 4% of annual turnover or 20 MEUR (which ever is greater). Both AML/RG and DP have a similar, risk based approach to compliance. The companies need to prove they are compliant.
I also learned, like Captain Rizk mentioned, that the UKGC has been and seems to be very strict with their guidance. In respect to AML/RG for example, the UKGC issues information and guidelines, but many times these have more weight behind them than them being just mere guidelines. With either an express or implied effect on the validity of the gaming licence attached to them. So the companies have little or no possibilities to exercise discretion on some of the matters. Malta is probably heading this way too, the MGA recently setup a
and Malta published their first
.
The relation between AML/RG and DP on the face of it is not a conflicting one. But there are questions that are not as clear cut as they seem. Issues like data portability, data retention and the principle of proportionality come to mind. I'm sure we will see in the upcoming months some overreactions in these issues and most certainly some smaller operators failing miserably in their compliance.
Like in many other areas, the UKGC has once again issued a guidance regarding AML/RG responsibilities and how the licensees should
.
We briefly touched the subject of SoW requests as well. Naturally, I was not shown specific information about the triggers on their system. It's totally understandable since this is proprietary information and could be used for all kinds of shenanigans if the information would be openly available. Much of this information can be obtained from public documents anyway, so everyone interested is able to do their research on the subject. One thing became very clear: The casinos don't like to do these since it's very intrusive. But it's a necessary evil we as players need to live with these days. No casino will put their license in risk in this regard. The way these are done, will separate the good ones from the bad ones. I believe transparent reasoning with the players is the key here.
These are big issues in general and it was not possible to go over them in detail in a meeting lasting a few hours. Overall, I was left with the impression that GIG is very well prepared in these matters. And players' data is in good hands.