09 Aug RP Blog: regulatory risk – shifting (quick) sands
RP Blog: regulatory risk – shifting (quick) sands
Regulatory risk is an ever-present issue in gambling, but it is also constantly evolving. Most perceptions of regulatory risk are over-simplified, in our view, and are becoming more challenged by an increasingly painful reality. In this blog we look at four key areas of regulatory risk that we see as evolving faster than many stakeholders are effectively equipped to manage. The most visible (and probably best understood) is channel shift – customers are increasingly adopting remote options regardless of regulation, but this is creating a number of pressures beyond the obvious sector positioning ones. Second, the assumption that ‘regulated revenue’ was somehow ‘safer’ (vs. better quality) than ‘grey’ revenue was always dangerous and has been largely debunked by events – but what this really means for corporate risk management is quite complex. Third is grey market risk exposure: the name suggests the question is not ‘black and white’, but we are concerned that an over-focus on strategic/licensing risk underplays operational/change-management risks, especially as the visibility of compliance elsewhere grows. Finally, we believe that the most important and unifying lens for considering regulatory risk going forward is through harm minimisation (it is also a solution to the problems exposed in the other three areas, in our view) – but this is not always given the strategic and cross business / industry / jurisdiction attention it increasingly deserves. When the online world was free of control, choices were relatively simple; as more and more governments exert themselves in the ‘new’ economy these choices are evolving to become far more complex – and dangerous…
Channel shift: the internet is different (really)…
From a purely regulatory perspective, channel shift poses a number of challenges (we have discussed the strategic, operational and supply-chain impact elsewhere). At its most obvious, it creates a need to regulate online gambling as a growing mass-market imperative: a need that barely existed at all a generation ago (law-making is often generational, if not geological), and which can still appear relatively niche/low visibility in some places as remote markets emerge (typically driven by relative economic advancement and consumer technology adoption). However, this fairly simple problem tends to invite complex solutions. In part, this is because all jurisdictions inevitably see gambling differently, having different historical/cultural positions, and so frame their specific needs in different terms. However, fundamentally, the complexity tends to be driven by a more basic and common problem, in our view: the starting-point of the landbased gambling regulatory framework.
In the landbased environment, supply is visible, and products can be compartmentalised: having betting in a different place to gaming or lottery is a relatively easy thing to manage; as is the number / type of slot machines; the size of venue; entry requirements; or even the availability of alcohol. This logic does not apply in a remote environment and even where it is enforced from a legislative standpoint (directly in Belgium, indirectly in France and Australia, for example), it makes little consumer sense beyond the inconvenience of different accounts (legal or not), quite possibly open at the same time on the same device. It is an obvious point, but one missed by most legislation: product restrictions/separations are effective in a landbased environment, but are far less so online – where they at best distort the domestically regulated market and at worst (and more often) create a reason for a black market. There may be a moral argument (for some) to restrict or ban certain products (treating them like ‘recreational’ drugs are in most countries), but there is not a utilitarian one (and unlike drugs, gambling does not need a physical supply chain).
Landbased operators are also by default onshore (at least at subco level) and (mostly) easy to track down. By extension, that makes them easy to tell whether or not they are licensed, easy to prosecute and, in theory, easy to close down if sufficiently malfeasant. This does not apply online, meaning the difference between licensed and compliant can be a lot harder to police, making a much bigger gap between theory and practice which is potentially almost structural – as the recent raft of GB licensing breaches (overwhelmingly online) demonstrates. Further, a legislative/regulatory regime which reduces compliance to a formula of product and other restrictions can make this issue worse, since it provides competitive advantages to the non-compliant or downright illegal.
It is not too much to say that highly prescriptive, supply-driven legislation and regulation simply does not work online, where competition is a click away for the consumer but potentially thousands of miles away for the supplier (NB, this is not an endorsement of no restrictions at all – see below). Equally, a regulatory environment that appears lax can lead to very aggressive policing and/or legislative to change in order to make up political ground. What should give stakeholders pause for concern is that while this might appear to some market participants to be a statement of the painfully obvious, the trends of developing regulation globally seem to be flowing in completely the wrong direction. All other things being equal, this reduces operational choices to compliant or profitable – this is surely an outcome very few stakeholders actually want. However, the same trend evidence suggests that the same stakeholders seem to be very poor at getting better outcomes – more of this later…
Regulated revenue: they’ve all got it in for me…
Regulated revenue (by which we mean domestically regulated) is typically seen as the safer option and increasing it within the mix is the stated strategic aim of many gambling companies. It is perhaps perverse to seek out regulated revenue when that usually means a much higher cost of business – rarely do more than the top half dozen or so make any real money by market and the top half dozen tend to be different by market (ex bet365), driving fragmentation. This strategic aim has become even more perverse now that ‘regulated’ businesses are seeing such a fiscal-regulatory backlash in some of the world’s biggest online markets – UK, Italy and Australia, for example. If being regulated means being regularly beaten up en masse while also risking a direct (and sometimes very personal) enforcement skewering, then why even bother?
The answer is painfully simple, regulation happens to markets, not companies. If a company is not in a market then its regulation represents an opportunity if sufficiently attractive (hence all the excitement over the US, however small and fiddly). If a company is in the market, it has to accept regulatory change either by participating (at in ill-defined but hope-rich cost) or pulling out (at a clear but somewhat painful cost). The problem, as we see it, is that while companies present regulated revenue as either something they seek or something that happens to them (rather like an act of god), then the promise is always going to outstrip the reality – both internally and externally.
Domestic regulation is organic, shifting, and the product of wider socio-political concerns; sometimes with fiscal pressures thrown in. Gambling companies are key actors within this – they are also (or should be) the subject-matter experts. However, the standard playbook is to indulge in cross-sector infighting and either attempt protectionism or ask the impossible (or both). The inevitable storm of excrement is then presented as grossly unfair. What is unfair (or more importantly, unrealistic) is to expect lawmakers to understand a subject as complex and visceral as gambling and then attempt to legislate for it sensibly when the only time they are ever required to examine it is through the lens of crisis (manufactured or real). Added to this is the danger of gambling companies and their representatives seeing domestic governments / regulators as ‘the enemy’ (or at least ignorant / unreasonable): this is the very definition of a self-fulfilling prophecy and essentially is to start (or escalate) an unwinnable war (in other words a dumb strategy).
Domestic regulation will contain (at least) as many variations as there are jurisdictions, while some companies can also cherry-pick which jurisdictions to participate in (some of the time). However, this level of tactical engagement only works when a critical mass of landbased and/or .com revenues are robust (for the specific companies in question but increasingly for markets overall). When these revenues come under pressure, engagement with POC online legislation becomes a strategic imperative (if growth is to remain an objective), both domestically and internationally. In this context, the only way to stop the underlying crisis of fragmentation, politicisation and prohibitive business costs is to share some basic first principles of regulatory outcome that work for all stakeholders – and we do not think that this is necessarily as fanciful as it sounds…
Grey markets: what’s not to like?
It is perhaps unsurprising given the prescriptive pressures of many POC markets, that it has become increasingly fashionable to seek ‘regulated’ but tolerate ‘grey’. One gives respectability and the other cash flow – rather like the Collateralised Debt Obligations of 2004-7(!) In theory, there is no problem with this – indeed many very successful and responsible companies are built on it and, more philosophically, an argument against risk is an argument against growth, gambling at all, or even human endeavour. Recently, even a regulator as previously ‘black and white’ as New Jersey has given its blessing to the practice of accepting ‘grey’ revenue. Grey market risk, on its own terms, is no bad thing (in our view), and market realities, quite rightly, broadly accommodate this. The problem, as with CDOs, is when boards, senior management teams and other stakeholders (like regulators and shareholders) do not fully understand the nature of the risks being run.
Regulatory risk from a grey market perspective is usually seen through the lens of the vintage, application, and enforceability of any domestic gambling laws. This is an important primary lens through which to consider regulatory risk – but it should be seen as a starting point (at best), not a focal point, in our view. For example, if arcane regulation means it is ok to provide gambling if completely offshore, then this makes advertising almost impossible and other forms of marketing difficult, which in turn increases the potential reliance on affiliates, agents or other ‘go-betweens’. If a board relies for its defence (even to shareholders on adverse performance) that it has no knowledge of or control over how this critical leg of their own value chain operates, then any negative consequences (like orange jump suits) are probably deserved – if they genuinely didn’t even bother to ask then they are deserved all the more, in our view.
Equally, ‘grey’ often means different things for financial services institutions than for gambling stakeholders. If grey means ‘swerve’ for ordinary forms of payments (eg, mainstream debit and credit cards), then this can give rise to solutions that range from ‘expensively exotic’ to ‘completely’ illegal. This is a complex and murky world with operational activities often at odds with what most regulators (and other stakeholders) might consider ‘best practice’. It is also sufficiently ‘operational’ for most boards and even senior management to have little sight of. In a similar vein to the ‘marketing last leg’, if plausible deniability of third party payments behaviour (which sounds great in theory) actually looks like ill-disguised culpability and/or dereliction of fiduciary duties, then the damage done to the companies / individuals involved could be profound and long lasting (to say the least). Perhaps worse, any further worsening of mainstream financial services acceptance of gambling (which such scandals could reasonably cause) could represent a significant barrier to otherwise compliant operators doing business, adding further relative benefits to ‘less compliant’ / black market operators.
Another grey market risk not sufficiently factored in, in our view, is that operators tend to focus on what passes muster on existing licensing requirements. This is fine as far as it goes but given how quickly the legislative/regulatory framework is changing, it contains another ‘hidden’ risk: when a jurisdiction changes or ‘clarifies’ its regulatory position, this is likely to be a (theoretically) notifiable event to a growing number of POC regulators. Affected licensees can then make a choice: notify and comply; pull out of the regulated market in favour of ‘darker grey’ (or black) cash flow, or; hope to get away with it (by creating a ‘firewall’ structure or even just keeping mum) – these choices are not necessarily easy ones, especially if it represents the difference between profitability or not.
Finally, while many regulators do not necessarily see into the darker recesses of operations management now, especially in jurisdictions other than their own, a combination of education, press exposés, and enforcement actions, is likely to throw them up (as is greater collaboration between regulators, a growing theme). POC requirements have somewhat crept up on regulators as well as operators – this gives an opportunity to ensure houses are fully in order before scrutiny inevitably increases – and potentially highlights activities difficult to explain or justify (with US licensing being a key but by no means only driver of this potential trend).
We reiterate our view that grey markets can represent a logical risk exposure and that many operators manage them with appropriate diligence. However, the risks of generating revenue from ‘grey markets’ are far more complex and far reaching than whether or not a jurisdiction has up-to-date laws and/or the capacity to directly enforce them (a ‘nuance’ which also dangerously restricts capital markets’ perception of ‘grey market’ risk, in our view). This used to be well understood by operators (if routinely ignored) in the piratical days of .com’s heyday; but there is still a danger that POC licences are seen by some more as letters of marque (especially at the operational level) than fully signing up to government control.
Harm minimisation: all that matters?
What is gambling legislation and regulation for? Crime needs to be kept out of gambling, but crime needs to be kept out of all business and there are many at least as risky from a ‘gangster’ behaviour/operator perspective. Gambling also needs to be taxed, but what is remarkable is not the high rate of (online) taxation for most jurisdictions (there are some notable exceptions), but the frequency with which gambling duties broadly mirror wider consumer taxes at c. 15-25% (excluding the often-unintended consequence of treatment of input VAT/GST). Gambling is a consumer risk, especially to vulnerable citizens – and this is what really makes it different (there are plenty of other risky consumer activities and arguably these need a level of regulation too), requiring a level of specific regulation. We can debate the level, but to debate the requirement is, in our view, to invite government (and the wider public) to condone the most draconian of legislation.
Is consumer protection best served by heavily restricting/distorting products and so creating a price/amenity advantage for the black market? No. Is consumer protection best served by allowing operators to shop around for a Point of Supply regulator of choice? No (and yes, we do think it is that binary). Can operators which seek to dodge even reasonable levels of tax and swerve (or fail to understand) even basic compliance hope to influence government stakeholders? No (and this is also a key issues with POS regimes, which effectively keep the jobs and taxes benefits of gambling for themselves, but essentially leave the cost of harm with the ‘host’ country). That’s a lot of noes, but where is the positive?
We believe that there is a very simple answer to this: an intrinsically motivated, cross-business, cross-sector and cross-jurisdiction focus on preventing harm. Not paying lip service with advertisements and lobbying. Not doing what looks like might play well in one jurisdiction while carrying on as before in others. Not just complaining about the wrong sort of regulation, but trying to shape the right sort. This will require a real commitment to both qualitative and quantitative learning within companies as well as clear mechanisms for sharing findings between businesses and between regulators too. Further, this should not be the rarefied task of compliance and social responsibility personnel, but a clear (and properly rewarded) strategic imperative from the board down to the customer services representatives on the front line. Further, since gambling markets are only as strong as their weakest (visible) links, this approach would only work if a critical mass of operators sought not only to drive best practice, but also to drive its regulation and enforcement. We struggle to see how anything less will create the level of public trust necessary to mandate positive regulatory change.
Conclusions: putting the consumer first…
If government stakeholders in most jurisdictions felt that the industry was on top of, or even making tangible process toward, harm minimisation, it would be much easier to for them to regulate in a commercially viable way. There would also be an answer to concerned groups and an effective response to public/press worries, which would become far less sensationalised. We recognise that (parts of) the industry is only just starting to grapple with this question in a scientific and coherent way, but we see this as an advantage (a relatively blank canvas and no entrenched positions) if coordinated now. A key problem has been that geographical, supply-led and sector-led vested interests often stand in the way of cooperation. Historically, relative positioning seemed to be an end in itself in what appeared to be a nil-sum game. However, the onward march of channel shift, the inexorable (and eventually unavoidable) inevitability of POC legislation, and; the ‘hidden’ risks of .com revenue for increasingly compliant operators means that it is not a nil-sum game anymore, in our view.
There has been some recent commentary and concern about the ‘cost of responsibility’, and this is of course a short-term risk (albeit arguably often reducing revenue that should not have been generated in the first place). But in the longer term, if POC online legislation and regulation remains a random walk of potentially value destructive prescriptive practices, then the gambling market addressable to ‘compliant’ businesses will start to shrink – not just in enforced pockets, but structurally. If that is not seen wake-up call to re-write the regulatory rulebook then we don’t know what is. We believe that exclusively supply-driven regulation is no longer fit for purpose in an omnichannel world, pivoting customer-driven regulation solves substantially all of these issues. If this seems too complex, too difficult or too (short-term) expensive a task for gambling stakeholders to grasp and drive, then they will probably get the legislation and enforcement environment that they deserve…