It has become a rarity to get through a corporate earnings call without hearing about AI. It is also a rarity to hear about specific use cases for AI, which can lead to confusion, especially in regulated industries. Before anyone can speak usefully about what AI means for fraud and compliance in gaming payments, it helps to be clear about what we're talking about.
There are two types of AI in play. The first is the generative tool most people have used by now, the ChatGPT-style assistant you prompt to write a policy or draft a blog. It's built to be agreeable, it pulls from what's already available in the ether, and it speeds up the manual work we used to do. It's useful, and it genuinely cuts down the time it takes to perform research and create certain documents.
The second type is agentic AI, the decisioning and machine-learning tools you train on your processes so they can make calls based on how you've taught them. That's complex, and it's the type of AI that matters most in fraud mitigation efforts and FinCrime investigatory processes.
Right now, fraudsters are using AI to facilitate fraud against gaming operators much more frequently than operators are using it to defend themselves. What the bad actors are doing isn't particularly sophisticated—much of it is generative, not agentic. Someone prompts a tool to "make a selfie of me holding my ID" or feeds in a photo to fake a document, and the output comes out clean. If it isn't clean enough, they re-prompt until it is.
The industry must fight fire with fire. Spotting synthetic documentation, especially when created using sophisticated and ever-evolving generative AI, will be one of the defining capabilities over the next few years.
Where Agentic AI Earns Its Keep
Operators looking to augment and enhance their teams can lean on well-trained, well-orchestrated agentic AI. It can review enrollments and approve or reject them, and it also does more than that. It can watch for patterns and trends that don't fit a given clientele, and the activity that deviates from the anticipated business purpose of a product. It can support transaction monitoring, which is where money laundering, fraud, and terrorist financing get caught. It elevates a team, not necessarily replacing the team.
That capability lines up with where regulation is heading. FinCEN has proposed rule changes in the works, and New York's DFS Part 504 already pushes firms toward model validation and controls that fit their risks instead of merely complying with a regulation. AI can improve the models a program already runs. A gaming operator meeting its requirements today can use AI to build better risk assessments for requirements coming down the pipeline. Transaction monitoring rules can become less binary, less “if-this-then-that”, and can become more behavioral, so risk is managed with more nuance than a simple flag allows.
Sightline made a version of this case in an earlier post on compliance as an innovation engine, and the same logic applies here. Used well, AI lets compliance intervene earlier in the process instead of cleaning up after it.
It’s Not Magic, and It Can Make Your Life Easier
Two ideas about AI get more airtime than they deserve. The first is that AI turns compliance into a proactive function on its own. It helps, but the work is still reactive. A good enough tool can surface an emerging threat a team wasn't yet aware of and signal, in effect, "This is new, so you should probably write a rule for it." That's real value, but what it's doing is shaving reaction time, not eliminating the reaction.
The second idea is that AI will cause some massive job reduction, but that doesn't hold: Human decisioning is an important part of the agentic AI workflow and further, with the amount of suspicious inquiries the average operator faces, AI tools can help better spot that needle in the haystack. The model still needs training, the same way a couple of new analysts would and the same way we train on an ongoing basis to keep our teams sharp. It must understand the risk tolerance of the BSA officer and senior leadership, and it must recognize an outlier for the clientele. It can’t train itself, because it needs our feedback, that is the fundamental foundation of “machine learning”.
A set-it-and-forget-it approach to compliance is a mistake. Identifying fraud means discontinuing customer relationships and filing sensitive reports with sponsor banks, regulators, and ultimately FinCEN (the intake point for every SAR filed). No operator wants to be accused of robo-filing, and none want to be caught not understanding how its own system works. A human belongs somewhere in that flow.
The cost of forgetting that is already on record. Starbucks pulled back an AI inventory tool after it made costly mistakes, the kind that saw a store that normally needs 700 cups suddenly order 7,000. There's no substitute for the person who understands the work—a supervisor would have caught this discrepancy.
Where Sightline Fits
Staying trustworthy in an AI world comes down to layering. For example, a user can't enroll in the Sightline app until they've enrolled with the gaming operator first. That sequencing does real fraud mitigation work. From there, Sightline verifies identity with some of the best tools available, and its KYC protocols are deliberately strict. Sightline also deploys multiple layers of fraud detection throughout the account lifecycle providing a safe and secure environment from onboarding through to continued and ongoing use of the product.
The layered approach is the same philosophy behind the phishing-resistant authentication built into the platform, and it’s the same instinct that shapes how Sightline thinks about emerging payment rails such as crypto. The plan is to keep adding the best solutions available, AI or not, to give players a positive experience while keeping bad actors out.
The Fork in the Road
The realistic picture for the foreseeable future is a cat-and-mouse game that never fully resolves: The fraudsters get better, the banks and carriers and processors get better, and no one finds a catch-all fix. The industry will keep piecing systems together—the best fraud tool from one vendor, the best AML tool from another, the best KYC from a third—because no single product does it all.
Everyone in gaming & payments must decide whether to start folding in these tools now or wait until a fraud spike or a wave of synthetic enrollments forces a knee-jerk response. The best move for compliance and risk professionals is to keep up, stay close to how these systems evolve, talk with your peers about what systems they’re using, and know which tools are needed before actually needing them.