MeitY Regulations for Online Gaming The Way Forward

MeitY Regulations for Online Gaming: The Way Forward

Introduction

The online gaming industry in India grew at a CAGR of 38% between 2017 – 2020, and the same is expected to stay around 15% reaching about Rs. 154 billion in revenue by 2024, as per a report by Sequoia and BCG.

As the space is mostly unregulated with little government insight, it has turned into a hotspot for miscreants. Instances of fraud have been reported to increase over the past years, forcing some states to pass individual bills on regulation.

Paving the way for the online gaming industry to grow and expand, in a balanced manner, the Ministry of Electronics and IT(MeitY) recently announced rules to regulate the online gaming industry to curb fraudulent activities.

Numerous discussions by MeitY with stakeholders, including gaming companies, industry groups, players, and lawyers, among others, as well as a public consultation it held in January 2023 culminated into these regulations.

Let’s understand what these rules are and how can the online gaming space benefit from their implementation.

 

Key Takeaways from the New Regulations

Approving Regulatory Body – The online games will have to register with a self-regulatory body, and only those with approval from the body, will be allowed legally function in India. As for the self-regulatory bodies, there can be more than one in number, and they will have to provide the ministry with a list of games they have registered and the criteria followed for registration.

Mandatory Player Verification through KYC Norms – An online gaming company will have to undertake due diligence in the form of Know-your-Customer norms (as per the norms laid by RBI). The companies will also have to inform the users of the manner of determination and distribution, withdrawal, and refund of the winnings. Additionally, the company will have to secure a Random Number Generation(RNG),  an algorithm to ensure that outcomes are statistically random and unpredictable.

Curtailing Wagering –  As per the rules, Self-regulatory bodies do not allow wagering i.e. no bidding on the outcomes of the game. The rules also prohibit the advertising of games involving betting and gambling on social media platforms. Social media platforms must confirm with the self-regulatory body if the online gaming company has been registered before agreeing to host their advertisements.

Displaying Verification Mark – Online gaming platforms are required to publish a verification mark (watermark) as proof of verification from a self-regulatory body for any permissible online real money game.

Ensuring Compliance – Similar to what’s followed in social media and e-commerce companies, the rules propose the appointment of a compliance officer to ensure that the platform follows the norms, a nodal officer to act as a liaison with the government, and a grievance officer to resolve complaints.

 

Ensuring Due Diligence is in Line with the New Rules

The online gaming space, mostly unregulated at present, has become a breeding ground for fraudsters. There have been increasing reports of referral bonus frauds, underage playing, and a lot more, since the time the online gaming industry took its wings. Due diligence of the users with appropriate KYC procedures has thus become a must-have.

Here are some must-have checks that we recommend to gaming companies to keep speed with the new MeitY rules for the online gaming industry:

 

  1. Optical Character Recognition(OCR): OCR technology catches document forgery and tampering easily, sieves fake applications from the real ones, and enables ease of onboarding with automated data capturing. This results in a seamless player onboarding experience and lower account abandonment rates.
  2. Digital Address Verification: Digital Address Verification captures the location of a user through geo-coordinates and helps in preventing location spoofing, allowing gaming businesses to stay compliant. 
  3. Database-Driven Document Verification: NID verification against PAN or Aadhaar databases allows for quick verification of documents, establishing the identity of a player in real-time.
  4. Bank Account Verification: Validation of bank details is crucial to prevent money laundering and financial crimes. Our API-based penny drop method validates bank details along with the beneficiary’s name.
  5. Biometric Identification: Biometric identification technology matches a player to their documents through an image-based face match and validates that a player accessing the platform is the same one who registered in the first place.
  6. Risk Scoring: Get an updated risk score of a user based on the checks executed. As per the scorecard, you can decide whether to onboard a particular user or not.
  7. Real-Time Verification: Video KYC journey combined with state-of-the-art technologies for document tampering, liveness check, and real-time verification of users at scale for fastest onboarding – in 2 minutes or even less.

Interested in knowing more about how AuthBridge can help you safeguard your business against fraudulent users and suspicious transactions while meeting the requirements outlined in the new regulations? 

Read Case Study: How Dream11 Verified 1Cr+ Users with AuthBridge’s Authenticating Platform

Talk to our expert today!

What is due diligence Process, Audits, and Reports

What is due diligence? Process, Audits, and Reports

What is Due Diligence?

According to Investopedia, the term due diligence refers to an investigation, audit, or review performed to confirm facts or details of a matter under consideration.

In the context of a business, due diligence means employing KYC/KYB procedures to ensure compliance, prevent fraud, and minimize risk exposure associated with various business processes. Its need arises in case of business transactions like acquisitions, customer & third-party onboarding, related party compliance, and even in the hiring process of employees.

The process can include reviewing financial statements, database checks, interviewing management, site visits, process audits, and assessing the company’s market position and competitive landscape.

Fortune Business Insight: Industry Update

 

To ensure a risk-free business ecosystem, you need to understand the key aspects of due diligence that your business needs to focus upon. Don’t worry we have got you covered. 

Here is what you can expect to learn from this article: 

  • What is due diligence?
  • Importance of Due Diligence in Today’s World
  • Types of Due Diligence
  • Rules, Regulations, and Penalties around Due Diligence
  • What are your due diligence needs?
  • Risk Score-Based Due Diligence Process 
  • Levels of Due Diligence
  • Implementing Measures of Due Diligence
  • Due Diligence Solutions and Reports

 

Importance of Due Diligence in Today’s World

The need for due diligence becomes all the more imminent with ever-evolving technology, and external factors like the pandemic. Trustable business partners and transparent business processes are key to resilience for business owners today. The abundance of digital footprints of customers, business partners and third parties has opened a world of possibilities for fraudulent activities and their associated risk exposure. Traditional due diligence methods are becoming redundant given the complexity of information and lack of appropriate due diligence frameworks.

Businesses are adopting new-age due diligence solutions to minimise their risk exposure, ensure compliance and prevent fraud. As a result, the global fraud detection and prevention industry is seeing a steep spike in demand with more and more innovative solutions coming in every day.

 

Types of Due Diligence

Types of due diligence can be broadly divided into 3 categories. Their use and application vary depending on the sector, area, or type of process in which it is implemented.

Types of due diligence

 

Business Due Diligence

It helps you with decision-making in business transactions like M&A, buying a business, and onboarding business partners as a part of the expansion into new geographies. It looks at various operational, strategic, technical, environmental, and human resource aspects of the business.

Financial Due Diligence

It helps you identify the value and risk exposure of a business or individual by looking into financials. It involves a detailed audit of accounting policies, audit practices and publically available like annual statements and MCA filing.

Legal Due Diligence

It helps you avoid legal pitfalls like penalties for non-compliance in one or more areas like Regulated KYC procedure, mandated data privacy and security norms and third-party compliance liabilities.

 

Rules, Regulations and Penalties around Due Diligence

Countries across the globe are continuously working towards making their business ecosystem safe by passing regulations to prohibit bribery, corruption, money laundering and prevent fraud. Companies operating within national boundaries are regulated only by national laws, however businesses with cross-border teams, subsidiaries and subcontractors are also regulated by international laws. Read more about country-wise due diligence regulations here. Here is how a heatmap looks like the location of improper payments, 2013-2022.

FCPA.edu Heatmap Location of Improper Payments

 

Laws to Adhere for Companies Operating Within India

  • The Companies Act, 2013 – All companies registered in India must comply with regulations stated by the Securities and Exchange Board of India (SEBI) to prevent money laundering.
  • Foreign Exchange Management Act (FEMA)– All companies with foreign direct investment (FDI)  are required to comply with FEMA.

Laws to Adhere for Companies Operating in International Markets

  • The UK Bribery Act – The Bribery Act covers transactions that take place in the UK or abroad, and both in the public and private sectors.
  • The US Foreign Corrupt Practices Act (FCPA) -The FCPA prohibits the payment of bribes to foreign officials to obtain and retain business. It applies to two broad categories of persons: those with formal ties to the United States and those who take action in furtherance of a violation while in the United States. U.S. “issuers” and “domestic concerns” must obey the FCPA, even when acting outside the country.

Key Stats from The Foreign Corrupt Practices Act Clearinghouse (FCPAC)

Total and Average Sanctions Imposed on Entity Groups

FCPA Sanctions imposed on entity groups

Types of Third-Party Intermediaries Disclosed in FCPA-related Enforcement Actions

Third Party Intermediaries types disclosed in FCPA related enforcement activites

Corporate Sanctions Timeline (2013-2022)

FCPA: Corporate Sanctions Timeline

 

Understanding Your Due Diligence Requirements

Understanding your due diligence requirements could be a challenging task. But, with a team of experts and commitment, you can plan a thorough audit of your internal/external processes, stakeholders and business partners and how much of a risk they are exposed to.

What is a due diligence audit?

In a general sense,  a due diligence audit examines a company’s standings, financial performance and exposure to different kinds of risks. The objective of the audit may vary based on one or more following business transactions. 

Business Transactions that require Due Diligence

A well-thought due diligence framework enables informed decision-making in various business transactions. Broadly, there are five categories of business transactions that require thorough due diligence. These are

Requirements for due diligence often help you identify the right type of due diligence solution for your business. A few questions you need to consider to find the right fit are:

  • Who are the stakeholders involved in the existing process?
  • Type of process- internal, external?
  • What level of competence is required from the stakeholders to conduct due diligence?
  • Collection process, formats and storage of existing data of the parties in the purview of this exercise.
  • Budget, the scope of process automation and target turnaround time.

Upon answering the above questions, the next step is to step up a due diligence process to Identify, screen, and minimise your risk exposure.

 

Risk Score-Based Due Diligence Process

The due diligence process typically involves several stages that may vary depending on your objective, industry, and your risk appetite. In a holistic sense, a typical due diligence process involves three major steps:

Risk Score based due diligence

Identification

The first step involves identifying the gaps and factoring their risk exposure

  1. People & Process: involves working closely with the business owners and identifying the gaps in existing processes to map the level of risk involved  
  2. Information Collection: involves what information needs to be collected. and from where will the information come?
    1. For businesses, the information required includes MCA registration, proof of address, compliance reports, shareholders, beneficiaries, stakeholding structure, and their political affiliations
    2. For individuals, the information required includes proof of identity, proof of address, financials, and political affiliations

Assessment

The second step is to assess the level of risk exposure based on the information collected

  1. Database Checks: This step involves cross-verifying the information collected and validating it against various national and international databases. 
  2. PEPs & Sanctions: Screening against politically exposed persons and sanction lists become business to minimize reputational risk exposure.
  3. Risk Mapping: This is a process of identifying the key areas prone to risk. The success factor for all the identified departments with KPIs to measure is defined

Risk Mapping Process in due diligence

Prevention

The third step involves implementing mechanisms to mitigate risk assessed in step two

  1. Risk Scoring: Based on the benchmarks identified in step one a risk score is assigned to the business or an individual. Very often businesses categorize their risk score in a color-coded fashion i.e. Red, Amber, and Green. 
  2. Corrective Actions: Based on the sensitivity of the case levels of risk are defined corrective courses of action are defined in the form of levels of due diligence i.e. Simplified, Standard, and Enhanced Due Diligence. More on this is below.

 

Three Levels of Due Diligence

Three levels of due diligence

Keeping risk-based due diligence in consideration, you can segment your customers into three risk categories i.e low, medium, and high in order to select the right level of due diligence for them. A clear delineation of the due diligence level will help you offer a pleasant onboarding experience with no unnecessary blockades.

 

Simplified Due Diligence for low-risk profiles

Simplified due diligence is the easiest risk assessment framework, ideal for a low-risk profile with negligible risk exposure. They generally include well-known public enterprises and individuals with impeccable financial records contributing to the lower ticket size of the overall revenue stream. While taking the route, you may only need to know the identity of the entity or the individual. However, storing the proof of qualification for simplified due diligence can ensure compliance and visibility if any corrective action is required in the future.

 

Standard Due Diligence for medium-risk profiles

Standard due diligence is the most commonly used risk assessment framework, the right fit for a medium-risk profile. This involves not just only knowing the identity but also verifying it to ensure they are who they claim to be. Verifying basic information like full name, date of birth, and address against a government-issued ID and other databases will help you filter potential threats preemptively.

 

Enhanced Due Diligence for high-risk profiles

Enhanced due diligence is the most detailed risk assessment framework, best suited for high-risk profiles. The high-risk profiles comprise your employees, customers, and business partners who need comprehensive screening and monitoring to keep a tight eye on identity thefts and credibility throughout the lifecycle and minimize risk exposure. 

Below mentioned are some measures worth considering for both businesses and individuals 

  • Enhanced screening and identity verification
  • Intended nature of the business partnership
  • Financial of Entity & Individuals
  • Third-party risk and compliance measures
  • Process assessments and mystery audits
  • Adverse media, Sanctions & Watch lists 
  • Ongoing Monitoring

 

Implementing Measures of Due Diligence

Depending on the budget and requirements you can choose between two types of due diligence services i.e. Offline and Online

  • Offline Due Diligence – Organisations who are still going by the manual routes often require a due diligence report to onboard and verify individuals or entities. 
  • Online Due Diligence:  Organisations either leverage a platform to onboard, verify & monitor their business partners or integrate verification APIs to collect due diligence reports directly into their ERPs.

AuthBridge Due Diligence Solutions

With all the information at hand with the help of a due diligence solution you can now put the pieces of the whole puzzle together. A comprehensive due diligence solution will give access to all the requisite information and help you drive informed business decisions with data-driven insights. You may want to look at the offerings of the service providers and gauge them against your business needs. 

From a bird’s eye view, your requirements may fall into three major categories. At AuthBridge business solutions, we call them

  • Screening, Onboarding, and Verification: Know your Customer/Employee/Partner journeys at the time of first or repeated interactions with your business. You can choose from eKYC, DKYC, Video KYC or other types of KYC based on your needs.
  • Risk Mitigation: Process assessments, Compliance Audits, and Business intelligence reports of your customers, partners, and third parties during all interactions with your business. You can choose from various Standard and Comprehensive due diligence reports.
  • Fraud Prevention: Red flag fraudulent profiles for identity, customer, and financial fraud along with other suspicious transactions with the help of setting up an ongoing monitoring process at defined intervals.

 

AuthBridge has 17+ years of experience in providing digital solutions for background verification and due diligence to small, medium, and large enterprises across 20+ industries.

Have any questions about due diligence? Reach out to a team of experts to understand your due diligence needs.

Talk to an expert

Want to Check More Udyam Registration/Reference Numbers?

Want to Verify More GST Numbers?