Ever-evolving technology, revamped gaming floors, and increased regulatory oversight are all causing a boost in demand for testing and certification. In this Face-to-Face interview, the CEO of Gaming Laboratories International Australia, Ian Hughes, breaks down what operators and regulators are seeking out more – with each jurisdiction having its own specific requirements.
We’re joined today by Ian Hughes, the CEO of GLI, Australia. Thank you for being with us.
My pleasure. Thank you very much.
I want to start off first with compliance. So how are clients’ needs changing in regards to compliance technology and training?
So obviously, technology is continuing to grow. The advent of AI and using cameras and trying to identify players around requirements and KYC etc. have put a lot of extra requirements in terms of the technology. And so methods of evaluation to satisfy those requirements continue to evolve. So we’ve seen lots of growth in KYC and tech requirements around there in that space.
In regards to the products themselves, what are clients procuring most? I know that you have RNG testing, AML cybersecurity, etc. What are the clients looking for now?
Coming out of COVID, there was a lot of issues and manufacturers were still facing issues on supply chain. So a lot of the components were being changed, because they could no longer sources components, or they’re coming from new new suppliers. And so we saw a lot of evaluation around newer hardware to meet some of those supply chain issues. So that was certainly something. I think we’re at the end of that now. But for the last two years coming out of COVID, that’s exactly what we saw.
So what has been the level of interest by regulators in GLI’s testing services? Are they focused on one particular area?
In terms of a global perspective, different regulators in different regions are saying different things. So in the US, it’s been very predominant around sports wagering as the growth state-by-state in terms of the growth of sports wagering.
So GLI has been very fortunate to be well-trusted by regulators as they roll out those products in their jurisdictions. So that’s been a big area that regulators have been working on as they’re creating new requirements and standards around sports wagering.
Here in Asia, we’ve seen growth in the Philippines, for example, with changing online requirements. And in Australia, the focus has been on KYC and AML requirements. So depending on where you are, you’re looking at different things.
In the UK, in Europe, we’ve seen requirements around affordability, and how you can assess whether a player has the means to be able to wager; and responsible gaming and safer gaming.
So the great thing about GLI is that we have a very good local presence. We have very good local presences in Europe, EMEA, Africa, Australia, the US, and obviously, Latin and South America. And so, those teams are able to work with those regions to understand their requirements that they have.
Is it possible to see what percentage of GLI’s clients are regulators versus operators?
So that’s a great question. So in terms of regulators, obviously, the certification and testing that we do for the regulators, we do on behalf of the regulators, but we’re testing the manufacturers’ product. And that’s probably 80 to 90 percent of what we do. So we’re testing manufacturers’ products for regulated markets for the regulator.
And about 10 percent we would do work directly for operators in the Asia region, excluding Australia, where we’re working directly for the operators doing training or testing or requirements around that space. So certainly the majority of it is product compliant for the regulator’s themselves but testing manufacturer product.
I want to shift focus now towards iGaming, what are the primary hardships that iGaming companies are finding in in terms of being compliant?
So the biggest area around iGaming is first of all, geolocation. It’s probably the biggest risk to ensure that iGaming suppliers are not taking wagering or engaging with clients that are outside their jurisdiction where they’re not supposed to. Say that could either be within a country or only taking bets from outside the country. So certainly using geolocation technology to ensure that they’re complying to those geolocation requirements.
Risk around security and fraud is the other area and so obviously, cybersecurity threats and making sure that the online operators are compliant to their cybersecurity requirements.
Regarding the iGaming companies that are operating in multiple jurisdictions, are they facing the same challenges?
Exactly. Whether they operate within one jurisdiction or market or many. It’s probably a little bit more complicated because they may have distributed equipment. And so sometimes there’s requirements about where the equipment and the data is actually hosted. Some jurisdictions have requirements that it has to be within a certain region or not in other regions.
So it’s not only the location of where the players are but also the location of where the systems and the servers are. And we’re seeing more and more interfacing between different companies. And those servers and equipment are becoming more distributed. And so that’s becoming, you know, more complex. And regulators are coming to us and asking, can this operator move their equipment to another jurisdiction? How do we still have control over that information, player protection, security, etc. So, a lot of our work is around the cybersecurity and geolocation.
AML practices have come into increasing focus with the numerous fines which have been leveled recently. So how can GLI’s tools help operators to achieve their AML goals?
GLI really doesn’t offer specific training around AML, or Bank Secrecy Act. Our involvement in that space is really evaluating the technology that manufacturers and tech providers are putting into place to comply to those requirements, particularly around how to identify suspicious activity and technology around KYC. And making sure that those systems are able to help operators meet their compliance.
I think it’s important to know that those requirements are not gaming requirements, their FIU (financial intelligence unit) requirements through AUSTRAC, or the US Department of Treasury, etc. And so they have to comply to those requirements. And they’re implementing technology. And we’re evaluating that technology.
Now, GLI has previously noted that ‘if you can create it, we can test it’. But how does that pan out in regards to AI, testing AI?
In fact, I gave a speech on this – about how GLI actually evaluates AI. So particularly around machine learning models, there’s some testing around how we test the machine, how we test the algorithms, making sure the algorithms are doing what they’re supposed to do, defining what those requirements are. And we’ve already evaluated quite a few algorithms for specific purposes: around fraud detection, and identifying problem gambling and identifying AML suspicious activity and flagging those.
We’ve done AI around image recognition to identify what chips are on the table, the values of those chips, etc. So we work very closely with the manufacturers themselves to understand what core technology is being developed. And we work out a test regime that would meet those requirements. And so we have a team of engineers, mathematicians, data scientists that look through that, and then they come out with that testing program. And then we deploy that through to meet those requirements. L
Looking at cybersecurity, there have been a spate of recent attacks, which have drawn a lot of eyeballs. What are the primary concerns that GLI’s cybersecurity clients are expressing when they’re procuring your services?
So cybersecurity we divide into two areas. So we have the application security and infrastructure security. So we’ll work with manufacturers on the application to make sure that they are hardened, that they have good practices in place to be robust against a cybersecurity attack.
We have a whole division within GLI called Bulletproof (Solutions). And our Bulletproof engineers work through with manufacturers and scan their software, to make sure that it meets the requirements to be robust.
And then on the infrastructure side, we work a lot with the operators directly, looking at making sure that their networks are secure, etc, so that they are robust against attacks. And then a big part of that is their training, their employee training, because a majority of these attacks come down to employees not following best practices. And so all these sorts of things have to come together to build up a robust environment that’s not susceptible to cyber-attack.
They are the weakest link when it comes down to it. Let’s look at land-based casinos. Has there been any uptick in interest in GLI’s services by operators within a certain market within Asia recently?
I think the operators are certainly spending their money on bringing in new cabinets and new equipment and new machines. And so they’re revamping their floors. And so most of our work has been the evaluating of the new product going on to those casino floors.
But we have had a lot of interest from operators of when they’re using AI, for instance, how those AI systems will meet their needs. And so doing testing directly for operators of how those systems comes together, around AI testing and algorithmic testing is something that we’re seeing a lot of interest in.
So let’s look at these new markets. We’ve got Osaka, which is hopefully pushing forward, the UAE is an exciting new development, and Thailand is kind of stutter-starting along. So what do these markets need to do to prepare?
We work heavily with these regulatory markets. If we look at it Japan and Osaka, I think that’s a way out, we’re looking probably 2031/2030. We work very closely with the JCRC, the regulator in Japan, we help create the technical standards and requirements and that testing methodology. But that one is probably further than most people anticipated.
The closer to the timeline now, we’re obviously working very closely with the UAE, as, as we start to see casino development happening within Emirates. And Thailand and those other markets, Cambodia, the Philippines, etc, we continue to work with those gaming control boards or the different regulatory bodies.
And it’s about when those markets open up, that they have technical standards and requirements that meet their needs. And every jurisdiction is different. And so understanding that from the regulator is key to ensure that the product then goes in and helps form part of an ecosystem, which the regulator, intends and meets with their vision moving forward.
And of course, with technology moving so rapidly, what we put into place now can be very quickly outdated. So keeping the requirements future-proof and nonspecific around the technology is very important. That’s why we use terms like biometric recognition, and we don’t specify whether it will be facial recognition or any other thing because we don’t know what those future technologies are. So talking to regulators to try to make sure that those requirements are future-proof, but at the same time, not so divergent that it’s very difficult for a manufacturer to put the product into that market, especially if that market might be relatively small.
Well, exciting times ahead. GLI should have its hands full, wishing you all the best. Thanks again for being with us.
My pleasure. Thanks very much, Kelsey.
