The Compliance Paradox: Aligning AML Objectives With Digital Gaming Realities in India

[Vedik and Awaneesh are students at Gujarat National Law University.]

According to the notification issued by the Ministry of Finance, a recommendation has been made to bring both domestic and international real money gaming (RMG) platforms within the purview of the Prevention of Money Laundering Act 2002 (PMLA) under the category of “reporting entities”. The main objective behind this move is to mitigate financial opacity within these high-risk digital environments which, till now, have remain largely unchecked. As a result, the Indian online RMG sector, which is valued at over INR 22,000 crore, is now facing a significant regulatory overhaul. 

The move also aligns with Financial Action Task Force’s (FATF) long-standing directive that all services managing assets with “convertible value”, including digital currencies and gaming tokens, should fall under anti-money laundering (AML) frameworks. Domestically, the Indian government’s approach comes out as an active measure to address prevalent high-profile laundering schemes like, the INR 6,000 crore Mahadev betting scandal, and the Fiewin scam of INR 400 crore. These scams showed that gaming platforms can be used for money laundering. Under the new discussion, online gaming platforms would be required to register with the Financial Intelligence Unit-India (FIU-IND). They also have to report suspicious transactions and follow strict Know Your Customer (KYC) policy. 

Compliance Mechanics: The Operational Earthquake

The PMLA rules are more than ordinary compliance measures because they demand sophisticated systems to detect and document suspicious financial operations. Indian companies will need to upgrade their registration procedures to complete identity validation checks through official government identification documents such as Aadhaar, passports and voter IDs. The requirement to connect with the Central KYC Registry makes user verification more complex by introducing additional stages that may slow down the process. This transition would disincentivize engagement from casual users, particularly those in semi-urban or underbanked populations.

Moreover, via Rule 3 and Rule 9, firms would be required to implement continuous behavioral monitoring to identify red flags such as rapid fund transfers or anomalous gaming behaviour. Further statutory obligations under Rule 3, sub-rule (1), clauses (A) and (D) include filing cash transaction reports for any transaction exceeding INR 10 lakh and submitting suspicious transaction reports within a 7-day window. In addition, under Section 12, firms also face the supplementary burden of appointing designated Principal Officers, conducting mandatory staff training, and performing periodic internal audits.

The Upside: Why this Reform is Non-Negotiable

Though there are valid concerns, there exist strong case for this reform. In-game assets and platform wallets are frequently used to trade or move money into laundering schemes. Bringing them under the regulatory scope of the PMLA is not only logical but long overdue. The absence of mandatory KYC and AML regulations for online gaming have created an unregulated space which is vulnerable to fraud, identity theft, and unauthorized transfers of funds. 

Incorporating online gaming under PMLA norms, would allow authorities trace transactions better, strengthen evidences in court cases, and hold people accountable. With these steps, India complies with global standard of the FATF’s Recommendation 15, which requires platforms to follow stringent AML rules, aiming to prevent the misuse of virtual assets for money laundering and terrorist financing.

Criticisms: The Compliance-Evasion Paradox

Given that gaming platforms rely on accessibility and low-friction user interfaces, banking-level KYC requirements may adversely impact conversion rates and monetization. Gaming, rather than fintech, relies on uninterrupted experiences. Therefore, if entry is made difficult, conversion and growth rates might get down further. 

The proposed inclusion of online gaming framework under the PMLA reveals a stern misapplication of legal principles. Despite clear judicial guidance in KR Lakshmanan, where the Supreme Court held horse racing to be a skill-based activity, and Varun Gumber Case, where fantasy sports were judicially affirmed as skill-based, yet the law throws everyone into the same compliance bucket. Moreover, patchy state-level rules create another level of sophistication e.g., Tamil Nadu’s restrictions on online real money games and Karnataka’s support for fantasy sports, create an ambiguous regulatory landscape and operators have to contend with central AML guidelines as well as rules at a state level.

Amidst this vacuum and overlapping mandates, the latest Madras High Court verdict in Play Games 24x7 v. State of Tamil Nadu offered a judicial clarification in aspects of the permissible scope of  state intervention in online gaming regulation. The judgement translates judicial deference into constitutional validation for targeted state intervention. It also validated two key measures, Aadhar-based KYC and a night time gaming ban from 12 AM to 5 AM. Grounding its rationale in public health concerns, these were proportionate safeguards to prevent minors from RMG.

Global Lesson: Regional Strategies and Insights

The United Kingdom (UK) has notably adopted a proactive stance in mitigating the emergent risks associated with AI in the online gaming landscape. The UK Gambling Commission (UKGC) has identified deepfake technologies and synthetic identities as emergent vectors for regulatory evasion, especially after the compromise of casinos through fraudulent documents and face-swapped visual identification, as casinos whether remove or non-remote, both  are required to follow guideline released by UKGC to prevent money laundering and curb terror financing. 

Some of the prevalent case studies to this scenario would be; Corbett Bookmakers Ltd, a UK-based retail betting operator was penalized for breaching License Condition 12.1.1 and SRCP 3.4.1. The company repeatedly failed to implement effective AML controls, relied on delayed manual reviews, and did not impose timely hard stops after financial thresholds were triggered. It also fell short on social responsibility obligations, with inadequate customer monitoring and late interventions. Despite a prior penalty in 2022, and later in 2025, leading to a significantly higher fine and stricter regulatory scrutiny. This repeat non-compliance led to a harsher penalty of £686,070 in 2025.

Similarly, Football Pools Ltd. a remote gambling operator providing football pools and online betting was penalized for breaching License Condition 12.1.1 and SRCP 3.4.3, due to poor AML controls, as they relied much on financial triggers and lacked timely behavioral risk assessments. Some of the other issues which were found include customer risk profiles often being delayed or missing, and signs of risky gambling not being properly identified. System flaws also meant customers who opted out of marketing did not get harm-prevention messages. These weaknesses led to a £375,000 settlement.

Legal Suggestions

Risk weighted compliance tiers could be introduced under the aspect of game of skill and chance, as recognized in the Lakshmanan and Varun Gumber case, as applying PMLA uniformly onto these platforms would create be over boarding these precedents. High risk models like crash games may be treated differently, while other formats like fantasy sprots or rummy, which are already judicially recognized as skill based, could be given a lighter compliance aspect. The reasoning behind this suggestion, that as resources are limited, a priority scale could be drawn upon. 

Similar to how the GST framework is built on a clear division of roles between Centre and states which has reduced duplicity for the compliance aspects, regulating online gaming can be conducted in the same manner via applying the pith and substance doctrine, as done in Play games 24x7 precedent, which clarified that gambling regulation falls within the State List of the Constitution of India, giving states the primary mandate over matters such as game classification and player safeguards. Consequently, the Centre’s role under the PMLA should be restricted to financial oversight with obligations such as suspicious transaction reporting, record management, and coordination with FIU-IND. To operationalize this, the PMLA rules should be amended to identify states as “co-reporting entities,” in the same way GST is jointly administered.

To address non-compliant offshore gaming platforms that violate PMLA norms, effective coordination between CERT-In and FIU-IND is essential for domain blocking. While Telecom Regulatory Authority of India lacks jurisdiction in this matter, CERT-In can exercise its powers under Section 69A of the Information Technology Act 2000 to block such platforms. To strengthen this mechanism, the IT rules could be amended to explicitly include “PMLA non-compliance” as a valid ground for blocking. A coordinated directive issued jointly by CERT-In and FIU-IND, following a formal notice, would provide a clear and enforceable framework for domain blocking of these platforms.

Conclusion 

India’s decision to include RMG under PMLA supervision was long due, but without distinguishing between skill and chance and ignoring judicial pronouncements, it introduces a compliance dilemma that threatens the growth of India’s digital economy. This one size fits all model, further complicated by conflicting state regulations like Tamil Nadu’s ban on rummy and Karnataka’s support for fantasy sports, breeds uncertainty for both investors and operators. Harmonizing central anti-money laundering obligations with state-level gaming laws, drawing from the GST’s cooperative federalism framework, can address jurisdictional disarray. Moreover, regulators need to craft a smarter, risk-calibrated framework, recognize the legitimacy of skill-based gaming, and decentralize some enforcement to states.