Spelinspektionen launched an investigation into Bayton and its registration and identification methods in April 2020, to ensure it was operating in line with new regulations introduced in Sweden in January 2019.
Malta-based Bayton, which holds a Swedish online gaming licence for its Jackpot City Casino, Ruby Fortune and Spin Casino brands, said it had been using BankID, alongside SPAR, a register of all people living in Sweden, to identify customers and ensure they were resident in the country.
Players who registered without BankID could only use a temporary account for up to 30 days without verifying their account with an ID document like a driving license or passport, as well as household bill or account statement that showed their registered residential address.
If a player had not verified themselves by this date, their temporary account with Bayton would be shut down.
However, Spelinspektionen said the existing setup potentially left the door open for players living outside Sweden to register and gamble with Bayton.
Spelinspektionen said while correspondence with SPAR and the use of BankID was in line with regulations, it raised concerns over the use of domestic bills and account statement to identify players. It said that these documents were not sufficient proof the customers were resident in Sweden.
Instead, the regulator said Bayton should request customer provide an identity card issued by the Swedish Tax Agency, as this would provide proof of their permanent residence in the country.
“It is not possible to assess whether one person is registered or has resided in Sweden for at least six months based on one documentation that only consists of a single invoice, bank statement,” Spelinspektionen said.
“Against this background, the Spelinspektionen considers that Bayton’s routines for ITS KYC process is deficient because there is a risk that the company will register customers who are not resident or permanently residing in Sweden within the meaning of the Gaming Act.”
Spelinspektionen ordered Bayton’s to undertake a review of its KYC procedures and make the required changes before reporting back to the regulator by 1 June this year.