As FINTRAC scrutiny intensifies and payment ecosystems grow more complex, Steve Armstrong discusses why Canadian gaming operators are being pushed to embed AML into daily operations
Anti-money laundering (AML) in gaming is often approached through the lens of audit preparation. Policies, reporting frameworks, and transaction monitoring systems were designed largely around demonstrating compliance during regulatory reviews. In Canada, this approach is increasingly being tested.
Recent scrutiny from FINTRAC has placed greater attention on how operators monitor customer activity in real time, particularly across deposits, withdrawals, and payment flows. At the same time, the growing role of payment service providers and increasingly fragmented transaction ecosystems have complicated long-standing questions around who ultimately owns AML risk.
The result is an industry being pushed towards a more operational model of compliance, one where AML controls sit closer to day-to-day decision making rather than existing solely as a reporting function.
Ahead of SBC Summit Canada, Payment Expert spoke with Steve Armstrong, Chief Compliance Officer & Money Laundering Reporting Officer at FRL Compliance Solutions, about the shift towards embedded AML compliance, the growing importance of payments oversight, and why he believes strong compliance frameworks should be viewed as a commercial advantage rather than a barrier to growth.
Read the full interview below.
Canada’s gaming sector is moving from audit preparation towards embedded AML compliance. Why is this shift significant, and what does it mean in practice for operators?
The shift is significant because Canadian gaming operators are moving from ‘audit readiness’ to embedded AML compliance. Regulators now expect AML controls to work in real time, not just appear effective during a FINTRAC review. In practice, that means embedding AML into daily operations through continuous monitoring, stronger governance, payments oversight, and a clearer view of customer risk.
Recent FINTRAC scrutiny has highlighted inconsistencies in payments-led AML controls. Where are the biggest gaps currently emerging?
The biggest gaps are in payments visibility, fragmented customer data, and unclear risk ownership across operators, PSPs, and banks. Many operators still cannot connect customer behaviour across payment methods and channels, weakening transaction monitoring. FINTRAC has also flagged inconsistent source-of-funds checks, escalation, and the identification and reporting of payment-related suspicious activity. As payment ecosystems grow more complex, AML controls must evolve beyond traditional banking models.
One of the major debates is around ownership of AML risk between operators, PSPs, and banks. Do you think the industry has clear enough accountability today?
No I think there is confusion where the underlying accountability sits today. It is a fine line between operators, PSPs and banks. It is important we get this right.
How important are payment providers in shaping the effectiveness of an operator’s AML framework, particularly around transaction monitoring and suspicious activity detection?
Payment providers are critical to an operator’s AML framework because they sit closest to transaction flows and customer payment behaviour. Strong PSP partnerships improve transaction monitoring, fraud detection, and suspicious activity identification through better data sharing and real-time insight. However, AML accountability cannot be outsourced and remains with the operator.
Canada’s federal and provincial frameworks can create operational complexity. Is regulatory fragmentation becoming a wider challenge for payment businesses globally?
Yes, regulatory fragmentation is a growing global challenge for payment businesses. Differences across federal, provincial, and state requirements add complexity, especially in AML, licensing, reporting, and consumer protection. For firms operating across jurisdictions, success depends on flexible, scalable compliance frameworks that adapt to varying expectations without adding unnecessary friction.
There’s often tension between compliance requirements and customer experience. How can firms reduce friction without weakening AML safeguards?
This has been a common theme across the industry forever. It all comes down to how the customer journey is built, with a blend of great technology, clear data and good decision making. The better the quality of data, combined with great technology, enable compliance requirements to be managed as a commercial advantage. A good customer journey (experience can still be compliant) so good compliance done right, means good commercials.
What lessons can the broader payments and fintech sectors learn from the scrutiny currently facing gaming operators in Canada?
The key lesson is that AML compliance cannot be reactive or siloed. The scrutiny of gaming operators shows the need to embed financial crime controls into daily operations, especially across payments, customer risk, and transaction monitoring. Payments and fintech firms should prioritise better data integration, clearer accountability, and proactive risk management, as regulators increasingly expect proven outcomes, not just documented policies.
Do you believe the industry needs greater collaboration around AML intelligence-sharing, or does competitive sensitivity still limit meaningful cooperation?
I am on the fence here, I think there is an element where there needs to be a better intelligence sharing, from operator, PSP and banks. I am not sure the sharing between operators is the way forward. We all still want a competitive market place.
As payment ecosystems become more real-time and data-driven, how must AML programs evolve to remain effective?
As payment ecosystems become more real-time and data-driven, AML programmes must shift from reactive reviews to continuous, intelligence-led monitoring. That requires better data integration, real-time monitoring, behavioural analytics, and risk-based automation to detect suspicious activity earlier. The goal is a more holistic customer view that strengthens controls without adding friction to the customer experience.
You’ll be discussing these themes at SBC Canada. What is the one misconception about AML compliance that you think the payments industry still gets wrong?
This is easy for me… the single biggest misconception is that AML and Compliance prevent a business from being commercially viable. This is nonsense – good AML and good compliance are the biggest commercial advantages, and ensure a business can be sustainable in the long term.
VIP Event and Expo+ Pass holders can join Steven Armstrong for a panel discussion on AML After Audits, taking place on Thursday, May 21.
Operators and Affiliates are eligible for a complimentary VIP Event Pass, simply apply here.
