The government has redoubled its efforts to bring online gaming platforms within the ambit of the Prevention of Money Laundering Act, 2002 (PMLA). This follows concerns about unaccounted for funds flowing through real-money gaming platforms as money laundering. The move seeks to classify gaming firms as reporting entities under section 2(wa) of the PMLA, thereby imposing stringent know-your-customer (KYC) norms and transaction monitoring obligations under the Prevention of Money Laundering (Maintenance of Records) Rules, 2005 (rules).
The shift of regulatory focus to online gaming stems from a widescale crackdown by the Enforcement Directorate (ED) on betting networks thought to be acting as conduits for laundering proceeds of crime. Many of the cases were against online betting apps, the most prominent being Mahadev Online Betting. In that probe, the ED seized assets worth INR3.88 billion (USD45.35 million) in 2024. The investigation uncovered complex networks of layered transactions, bypassing conventional banking channels and highlighting the vulnerability of online gaming platforms to illicit fund flows.
Prior to this pivot, the Ministry of Electronics and Information Technology (MeitY) introduced amendments in April 2023 to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2023, (intermediary rules), bringing online gaming intermediaries within its ambit. These amendments extend the due diligence obligations applying to other intermediaries to online gaming intermediaries. Additional obligations apply to significant social media intermediaries. These include user identity verification before accepting deposits, prohibitions on financing users and the creation of self-regulating bodies. These amendments are, however, not yet in force, because the MeitY has not yet designated any self-regulatory body under rule 4B.
Although the intermediary rules focus on adopting ethical practices and self-governance, the obligations under the PMLA are intended to check and counter money laundering activities and are more stringent. This is not the first time an activity has been brought within the ambit of the PMLA. Section 2(1)(wa) of the PMLA defines a reporting entity as a banking company, financial institution, intermediary or person carrying on a designated business or profession. The government in March 2023 made activities undertaken by virtual digital assets service providers, they being crypto, NFT and other digital asset providers, as activities under section 2(1)(sa) of the PMLA. This made them activities undertaken by persons carrying on a designated business or profession, and therefore within the purview of the PMLA. Something similar can be expected for online gaming companies.
Once designated as reporting entities, gaming companies will have to comply with the provisions of the PMLA rules. These include establishing processes for user due diligence, internal control procedures, conducting enhanced due diligence for high-value transactions and identifying politically exposed persons. They will have to retain transaction records for a minimum of five years, giving details of deposits, withdrawals and transfers in accordance with the FIU-IND Guidelines, 2023. They must notify the Financial Intelligence Unit of any large or suspicious transactions, particularly those showing money laundering patterns as set out in the PMLA Rules, 2023.
The changes raise many legal and operational concerns. Gaming firms will need to upgrade infrastructure for KYC verification, transaction monitoring and data storage at significant cost. This compliance burden is particularly onerous for smaller firms that may lack robust anti-money laundering (AML) frameworks, leading to increased operational costs and sector consolidation. Mandating KYC and data retention may impose additional obligations under the Digital Personal Data Protection Act, 2023, particularly regarding consent and data minimisation. Questions also arise regarding jurisdictional overlap. Online gaming regulation is a matter for individual states. This may lead to conflict between state gambling laws and central AML directives. Contracts between gaming operators and payment gateways will have to be renegotiated because intermediaries will be required to scrutinise transaction patterns and user data more closely.
Originally published by Law.asia Limited
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
