AgeChecked Update on the Netherlands Gaming Market
It has been six months since AgeChecked last reported on the Age Verification, AML and KYC requirements to which operators must adhere if they wish to enter the Dutch market. Since then, there have been a number of changes, while more details have also been published concerning operators’ specific obligations.
The licensing window opened on 1 April, one month later than planned. This will see the launch of the Dutch regulated market delayed by one month too, having been pushed back to 1 October. This followed an intervention from the Dutch Minister for Legal Protections Sander Dekker back in January, who requested the delay to finetune the technical requirements related to the launch.
With around 35 operator applications expected in the coming months, now is the perfect time to get up to speed with the latest developments in the Dutch market.
The Dutch regulator, Kansspelautoriteit (KSA), has regularly warned operators looking to be licensed in the Netherlands about their responsibilities ahead of entry, highlighting that due diligence will be strict. Back in March, the final draft decree concerning remote gambling was published, along with the specific ministerial regulations and policy notes containing the application forms relating to the licensing process. This included the previously announced requirement that age verification should be confirmed at the point of registration and that this should have been in place no later than 1 January 2020.
The KSA will thoroughly review an operator’s standards in relation to corporate conduct, compliance and social responsibility, with safer gambling and consumer protection the top priorities. Having robust KYC and AML proceduresin place will form part of this, with the Dutch government saying operators will need to employ an identity check through the iDIN system, or something similar to it, as part of the onboarding process.
This will see operators having to conduct four ID checks on their customers:
- An iDIN check
- An IBAN check
- A CRUKS check
- An ID scan
The first three are required at the point of registration, with the CRUKS check also necessary every time a player logs in. CRUKS is the national self-exclusion database, which will be managed and controlled by the KSA. Its aim is to stop vulnerable gamblers from registering and playing at both land-based and licensed online gambling operators.
Regarding age verification in particular, the KSA have said that “preventing minors from taking part in gambling is an important priority” and that age verification must be conducted before the completion of the registration process. This should involve an objective means of proof rather than a simple declaration, while it also must be made clear to the player just how their age is being verified.
The iDIN system is one way to do this, having been developed through a partnership with Betaalvereniging Nederland (the Dutch Payments Association) and the Dutch government. It enables the reliable verification of someone’s identity through their Dutch bank account. AgeChecked, the global provider of secure and anonymised online age verification services, supports iDIN for age verification services of customers in the Netherlands.
Over the last six months, the KSA have added further appended guidelines to the ‘Remote Gaming Act’ (KOA Act) including approved ‘Wwft guidelines’ back in February. These focus on preventing money laundering and the financing of terrorism. The Wwft guidelines see the adoption of the EU’s fourth anti-money laundering directive into Dutch gambling law, with the EU directive having already been approved in the Netherlands in 2017.
Recently, two inconsistencies have been discovered when it comes to the interplay between the Remote Gaming Act and the AML law though. One relates to the reporting of match fixing, whereas the second relates to identification. The Remote Gaming Act says that you must positively identify a customer before they are allowed to play. However, the AML law goes further, saying you should also have a copy of their valid ID before they can wager. Discussion is ongoing as to how to resolve the discrepancy, but the KSA are of the opinion you must have a copy of a valid ID on file before a customer can play. This is why it is recommended to conduct an ID scan at the point of registration.
In early March, the KSA also revealed the licensed trademark that operators must display on their website and mobile apps. The ‘Vergunninghouder Kansspelautoriteit’ (‘Licensed by Kansspelautoriteit’) logo should enable users to click through to the KSA licensing page, where there is more detail about the full licensing provisions of the KOA Act.
When publishing their annual report later in March, KSA Chairman René Jansen stressed that “ultimately, our work revolves around the interests of the player, of the consumer. A fair market remains an important objective but is above all a means to allow consumers to play safely.”
Over the last few weeks, the KSA have updated their website regularly and it is recommended that operators check it on a daily basis. As well as adding more detail on policy, they have also added more to their FAQ sections on the various KSA website pages.
The Dutch market may have huge rewards, but the barrier of entry is incredibly high. Back in December 2019, Jansen said: “For example, we will be evaluating your reliability, your integrity policies, the financial continuity of your business, the separation of player credits, your age verification procedures and so on. We want to know exactly who we’re dealing with before we issue an online gambling license; promises and words alone simply won’t cut it.”
The importance of high levels of due diligence is therefore clear. It is also clear that age verification, KYC and AML provisions in the Netherlands are amongst the most robust in the world.
If you would like to speak with AgeChecked about how we can work with your business to integrate a fully compliant Dutch gaming solution, please do not hesitate to contact us at https://www.agechecked.com/contact/ or email firstname.lastname@example.org.