Ksa Flags AML Deficiencies at Tulipa
De Kansspelautoriteit (Ksa) has issued an enforcement order to Tulipa Ent Limited after identifying several breaches of the Anti-Money Laundering and Counter-Terrorist Financing Act. Tulipa operates in the Dutch market under the brands ComeOn and GetLucky. The regulator has now set strict deadlines for the operator to fix the identified weaknesses.
Inadequate Client Due Diligence
The Ksa concluded that Tulipa did not carry out client due diligence in line with the requirements of the Act. The company did not apply risk classifications correctly, and its checks on transactions and the origins of player funds were not detailed enough. As a result, key controls designed to detect financial crime risks did not function as they should.
The regulator also identified issues with how Tulipa stored documentation related to reports of unusual transactions. Because this information was not recorded properly, the Ksa could not confirm whether the company met its reporting obligations to the Financial Intelligence Unit Netherlands.
In addition, the authority reminded the operator that after filing a report, it must obtain and store the official PDF record within 24 hours, as required by the Act.
- Read more: KSA Recognised for Gokstop Campaign
Training Not Aligned With Staff Responsibilities
Tulipa’s training programmes also fell short. The Ksa found that the company did not tailor its Anti-Money Laundering and Counter-Terrorist Financing Act training to different job levels. This applied especially to compliance staff and the Money Laundering Reporting Officer. Proper training is essential because it enables employees to recognise unusual activity and conduct complete and accurate client checks.
The regulator emphasised that gambling operators must monitor player behaviour continuously. They must act when a player shows unusual activity, such as sudden high deposits or signs that could indicate match-fixing. The Ksa has repeatedly stressed that high deposits remain a significant risk factor, even when they come from a customer’s own bank account.
Deadlines and Follow-Up Actions
The enforcement order requires Tulipa to correct the breaches within two to six months. According to the Ksa, the company cooperated during the investigation and began working on a recovery plan while the review was ongoing. Some issues were already resolved during the process.
However, once the deadlines expire, the Ksa will carry out a follow-up inspection to verify full compliance.