NNSFlowNNSFlow
Zurück zu The LedgerBranche

Negative news screening for Swiss casinos: navigating AMLA and the Money Gaming Act

Swiss casinos sit under two laws and a different supervisor than banks. The AML expectations are not lighter and the documentation bar is just as high. Here is what gaming-board audits actually check.

Antoine Bedaton
Antoine Bedaton
04. Mai 202611 Min. Lesezeit
Negative news screening for Swiss casinos: navigating AMLA and the Money Gaming Act

Part of our complete guide to negative news screening for Swiss banks. This post is the deep dive on AML screening for Swiss casinos under AMLA and the Money Gaming Act; the guide covers the end-to-end picture.

Swiss casinos operate under a regulatory architecture that confuses people coming from the banking side. Two federal acts apply at the same time. The supervisor is not FINMA. The casino-specific obligations sit on top of the general AML framework, not in place of it. And since the 2019 entry into force of the Money Gaming Act, the same operator running a land-based casino in Lugano and an online concession serving the whole country has to satisfy two different operational risk profiles with one compliance file.

This post maps the framework, names the supervisor, and explains what casino AML audits actually check.

Two laws, one compliance burden

The two acts that bear on a Swiss casino's screening and AML documentation are:

  • The Anti-Money Laundering Act (AMLA / GwG, SR 955.0), which is the general Swiss AML statute. It defines who is a financial intermediary, who has to identify customers and beneficial owners, who has to keep records, and who has to report suspicious activity to the Money Laundering Reporting Office Switzerland (MROS).
  • The Money Gaming Act (BGS / LJAr / LGD, SR 935.51), in force since 1 January 2019, which replaced the old Gambling Act (Spielbankengesetz) and the old Lotteries Act and consolidated oversight of all money-gaming activities (casino games, lotteries, sports betting, skill games) into one framework. The act defines concession types, social-protection duties, integrity requirements, and casino-specific AML obligations.

A licensed casino is therefore a financial intermediary under AMLA Art. 2 para. 2, and a money-gaming operator under the Money Gaming Act. Both regimes apply to the same patron, the same transaction, and the same evidence file. They do not duplicate. They overlap.

AMLA applicability to casinos

For a casino, AMLA does the same things it does for a bank, with a few gaming-specific edges:

  • Identification. Casinos have to identify the contracting party when entering into a business relationship and at defined thresholds for cash transactions. The Federal Council's Anti-Money Laundering Ordinance (AMLO, SR 955.01) sets the operational thresholds; the casino-specific implementation is in the supervisor's regulation, discussed below.
  • Beneficial-ownership clarification. Where the contracting party is a legal entity or is acting for someone else, the beneficial owner has to be identified. For VIP host arrangements and junket operations this is non-trivial.
  • Ongoing monitoring. Once the relationship exists, transactions have to be monitored for plausibility. Unusual or large play has to be clarified and, where necessary, reported to MROS under AMLA Art. 9.
  • Record-keeping. AMLA Art. 7 sets the ten-year retention period. The 2023 revision of AMLA also added Art. 7 para. 1bis, requiring that records be periodically reviewed and updated on a risk basis. That review obligation applies to casinos as well.

The substance of these obligations, and how they interact with FINMA Circular 2023/1 on operational resilience, is covered for banks in our breakdown of Swiss AML evidence rules. The articles discussed there (AMLA Art. 7, AMLO-FINMA Art. 22) apply to banks. The casino equivalents live in the gaming-supervisor's regulation, not in AMLO-FINMA.

Money Gaming Act specifics

The Money Gaming Act adds obligations that are particular to gambling and that no bank regulation covers:

  • Concession types. The act distinguishes between A-licence and B-licence land-based casinos and online casino extensions of those licences. Online play is restricted to operators with a Swiss land-based concession and an online extension; access by patrons from offshore-licensed sites is blocked at the network level under the act.
  • Social protection. Casinos have to implement a social-protection plan, including detection of problem gambling, patron exclusions (self-exclusion and exclusion by the operator), and a national exclusion register shared across operators. These duties intersect with screening: the same patron file that holds the AML record holds the social-protection record.
  • Integrity of gaming. Game equipment, RTP, and supervision rules are in the act and its ordinance. Gaming-board audits cover this alongside AML.
  • Casino-specific AML obligations. The act explicitly preserves AMLA's application to casinos and adds gaming-specific identification and documentation duties enforced by the supervisor's casino AML ordinance. The text of the act and the implementing ordinances on fedlex.admin.ch is the primary reference; the operational specifics (thresholds, document formats, reporting cadence) are set by the supervisor and updated periodically.

A consequence is that the casino's AML file has to be readable from two angles. An MROS-facing or FINMA-style angle that asks "who is this patron, where did the money come from, why was play permitted?" And a gaming-board angle that asks the same questions plus "did the social-protection layer trigger when it should have, and is the exclusion list reflected?" One file, two examiners, both reading.

Supervisor structure: not FINMA

This is the point most often missed by people coming from banking. The AML supervisor for licensed casinos is not FINMA. Under AMLA Art. 12, each category of financial intermediary has a designated supervisory authority. For casinos, that authority is the Federal Gaming Board:

  • DE: Eidgenössische Spielbankenkommission (ESBK)
  • FR: Commission fédérale des maisons de jeu (CFMJ)
  • IT: Commissione federale delle case da gioco (CFCG)

The ESBK/CFMJ (esbk.admin.ch) supervises licensed casinos for both gaming-integrity and AML purposes. It issues its own ordinance on AML duties for casinos, conducts on-site audits, and applies sanctions for AML failings within its remit. Lotteries, sports betting, and large-scale games not covered by a casino licence fall under the Intercantonal Gambling Supervisory Authority (Gespa / CGCA), which is a separate body created by the cantons under the Money Gaming Act.

For an operator running both land-based and online casino services under one concession, the supervisory contact is the same. For a mixed group that runs a casino and operates lotteries through a separate vehicle, two supervisors are involved. The compliance team has to know which is which and which obligations report to which.

Why the FINMA habit travels badly

Compliance officers moving from a Swiss bank to a casino sometimes arrive expecting FINMA enforcement style and FINMA reporting templates. The substance of the AML obligations is largely the same (AMLA is AMLA), but the supervisor's documentation expectations, audit cadence, and ordinance text are different. Treat the casino ordinances on fedlex.admin.ch and the gaming board's published guidance as the primary references, not FINMA circulars by analogy.

Land-based versus online: different KYC moments

The two faces of a Swiss casino licence trigger AML obligations at different points in the patron journey, and produce different evidence trails.

Land-based. Identification happens at the door or at the cashier when a transaction crosses the relevant threshold. The patron's identity document is captured, the cashier records the transaction, the surveillance system records the visit. Negative-news screening typically happens once a patron crosses into VIP host territory, at credit-line issuance, or when a transaction triggers enhanced clarification under AMLA Art. 6. The evidence trail is hybrid: video, cashier records, KYC document copies, and any screening searches the compliance team ran.

Online. Identification happens at account opening, before any play. Video or online identification under FINMA Circular 2016/7 is the primary route, with the casino-specific adaptations the Federal Gaming Board recognises. Geolocation and IP checks confirm the patron is in Switzerland, since Money Gaming Act online play is restricted to Swiss-located patrons on Swiss-concessioned platforms. Negative-news and PEP screening can be run at account opening and re-run on a risk-based cadence. The evidence trail is digital end-to-end, which is good for reconstruction and bad if the system captured links rather than snapshots.

The risk profiles diverge. Land-based casinos see anonymous low-stake play (below threshold) plus identified high-stake play. Online casinos see no anonymous play but a much longer transactional history per patron, and the screening cadence has to keep up. The gaming-board examination will not accept "we only check at onboarding" for an online concession with a five-year-old patron file.

Documentation expectations: what gaming-board audits look for

The reconstruction obligation that lives in AMLO-FINMA Art. 22 for FINMA-supervised intermediaries has a casino equivalent in the gaming supervisor's AML ordinance. The exact article numbers differ; the operational expectation does not. A casino's AML file has to allow a knowledgeable third party (a gaming-board auditor, an external audit firm engaged by the supervisor) to reconstruct why a given patron was admitted, why a given transaction was permitted, and why a given clarification was closed without a MROS report.

In practice the audit will look for:

  • Snapshots, not links. A captured news article that informed a source-of-funds clarification has to render the same way it did when the analyst reviewed it. A bare link to an external site is not evidence; it is a pointer to whatever the site shows today. We have more on this in our hash-chained evidence post.
  • Identity frozen at write-time. The compliance officer who closed the clarification has to be identifiable as the person they were at that moment, with their then-role and authority, not as their current directory entry. People leave casinos. Roles change. The audit log has to stand without the original person available.
  • Tamper-evidence. Storage immutability alone does not satisfy a defensible-record test. The file has to be verifiable as unaltered since capture, ideally without trusting any single component of the storage stack.
  • Structured reasoning. "Cleared after discussion with shift manager" is not reconstructable. Structured reason codes plus an optional free-text supplement, with the manager named and their authority recorded, is.
  • A two-pair-of-eyes record. The four-eyes principle is a Swiss compliance baseline that gaming-board examiners read the same way bank examiners do. The submitter of a high-risk decision is not the approver. The system has to enforce that, not just expect it.

The audit-drill protocol we wrote up for banks (five-year reconstruction drill) is portable to casinos with one substitution: the supervisor in the "third party" role is the gaming board rather than FINMA. The selector, randomness, time-box, and written-output rules all apply.

An online casino's evidence file is digital end-to-end. That is an advantage if the system captured snapshots, hashed them, and froze identity at write-time. It is a liability if the system stored links to live URLs that have since changed or disappeared.

Common patterns we see

A few practical observations from talking to Swiss casino compliance teams:

  • The patron file is fragmented. AML records live in the KYC system. Self-exclusion records live in a separate gaming-management module. Surveillance footage lives on a video appliance. Negative news searches live in a screening tool or, more often, in the screenshots a compliance officer pasted into a Word document. Reconstructing a five-year-old decision means assembling four systems, two of which have changed vendors since.
  • Online and land-based are operated by the same legal entity but evidenced separately. That works until an audit asks for the combined patron view. The right architecture is one patron file with two channels, not two files.
  • Negative-news rerun on a cadence is rare. Most operators run a search at onboarding and at credit-line review. The Money Gaming Act's risk-based ongoing-monitoring expectation, in combination with AMLA Art. 7 para. 1bis (periodic record review), increasingly points toward a cadence-driven re-screen. The evidence trail for a re-screen has to be as defensible as the trail for the initial onboarding screen.
  • The retention regime interacts with the Swiss data-protection rules. The ten-year AML retention floor coexists with nFADP minimisation and retention-purpose principles. For casino patrons (consumer data, often sensitive), the legal-basis architecture has to be explicit.

Bottom line

The framework for a Swiss casino is not lighter than the banking framework. It is differently shaped. AMLA applies in full, with the ten-year record-keeping floor and the periodic-review duty. The Money Gaming Act adds gaming-specific obligations and a separate supervisor (the Federal Gaming Board, ESBK/CFMJ) that audits AML compliance with its own ordinance and its own examiner expectations. The documentation bar is the same as for FINMA-supervised intermediaries: snapshots not links, identity frozen at write-time, tamper-evident records, structured reasoning, four-eyes enforcement, and reconstruction defensible to a third party who was not in the room.

If your team is working through any of this and wants a second pair of eyes on the evidence architecture, we are easy to reach. NNSFlow was built around the documentation expectations that show up in Swiss compliance audits, including casino audits. The frame we work from is the same one a gaming-board examiner uses: an evidence file that defends the original decision, ten years later, without the people who made it.

#casinos#gambling-act#AMLA#swiss

Weiterlesen

FinIA expectations for Swiss asset managers: AML obligations under FINMA supervision
Branche

FinIA expectations for Swiss asset managers: AML obligations under FINMA supervision

Since FinIA came into force, Swiss asset managers and trustees report directly to FINMA. The AML obligations did not get lighter, the audit bar got more explicit. Here is what FINMA actually checks.

Antoine Bedaton
Antoine Bedaton
29. Apr. 202611 Min. Lesezeit
finia
Transaction monitoring vs negative news screening: where they meet, where they don't
Branche

Transaction monitoring vs negative news screening: where they meet, where they don't

Transaction monitoring watches payment flows; negative news screening investigates entities. Buyers conflate them. Here is what each system actually does and where they hand off to each other.

Antoine Bedaton
Antoine Bedaton
16. Apr. 202610 Min. Lesezeit
monitoring
Vendor due diligence: what a Swiss bank's procurement team should be asking
Branche

Vendor due diligence: what a Swiss bank's procurement team should be asking

A Swiss bank evaluating a software vendor is not running a generic procurement exercise. Specific FINMA circulars, the Banking Act's secrecy provisions, and SBA self-regulation set the floor for what has to be asked. Here is the version of the checklist that maps to the regulation.

Antoine Bedaton
Antoine Bedaton
18. März 202610 Min. Lesezeit
procurement