Latest News

Who Watches the Watchdogs? 

Who Watches the Watchdogs? 

When Commercial Lobbying Begins to Sound Like Regulation 

There is an old principle in investigative journalism: before examining the message, examine the messenger. Institutions, no less than individuals, have interests, incentives and objectives of their own. Understanding them is often as important as understanding the allegations they make. 

That principle matters more than ever. Increasingly, regulatory debates begin not with regulators,  prosecutors or courts, but with commissioned research, lobbying campaigns, media briefings and  carefully timed public disclosures. By the time supervisory authorities speak, the public narrative  has often been written already. 

Across Europe, lobbying organisations have become remarkably effective at shaping those  narratives. They no longer simply advocate policy behind closed doors. They commission  research, generate statistics, brief journalists and increasingly frame regulatory debates long  before the competent authorities have reached any public conclusions. The recent public  campaign surrounding the Lithuanian payment institution Walletto provides an unusually  clear illustration of that process. 

Bloomberg described the initiative launched by the European Gaming and Betting Association  (EGBA) as part of a “new strategy” by Europe’s licensed gambling industry— one that shifts  attention away from illegal operators themselves and towards the payment infrastructure through  which those operators receive customer funds. 

That observation may ultimately prove more significant than the individual allegations themselves. The strategic logic is not difficult to understand. For years, regulators attempted to combat illegal  online gambling primarily by pursuing operators. Yet websites disappear, companies relocate,  domains change and ownership structures evolve faster than legislation can keep pace. Payment  institutions, by contrast, remain regulated entities operating under identifiable supervisory  authorities. Unsurprisingly, they have become the next focus of attention. 

To understand that challenge, it is useful to clarify what acquiring involves. An acquirer is a  regulated financial institution that enables business clients to accept card payments, conducts due  diligence before onboarding and monitors transactions thereafter. It is only one participant in a  wider chain connecting the cardholder, merchant, payment provider, card network and issuing  bank, with each participant exercising different controls and seeing different parts of the  transaction.

Dishonest merchants rarely present themselves as such. They may provide apparently legitimate  documents, operate compliant websites during onboarding or subsequently change their business  model, domains, payment descriptors or transaction flows in order to retain access to regulated  payment infrastructure. The financial institution may therefore itself be the party whose controls  the client is attempting to deceive or circumvent. 

Walletto states that this is not a theoretical risk but a recurring feature of the acquiring business.  Throughout its nine years of operation, the company says that, together with the monitoring and  compliance systems operated by Visa and Mastercard, it has identified several clients each year  that had allegedly concealed, misrepresented or subsequently changed the true nature of their  activities. According to Walletto, these cases were detected through ongoing monitoring,  investigated and addressed in accordance with the applicable compliance, reporting and  termination procedures. The company argues that such cases demonstrate not a failure unique  to one institution, but the practical reality of modern acquiring, where continuous  monitoring exists precisely because some clients deliberately attempt to circumvent  regulatory controls after onboarding. 

For that reason, regulation does not assume that every fraudulent client can be identified before  the first transaction. The relevant questions are whether appropriate due diligence and monitoring  were in place, whether warning signs were detected within a reasonable period and whether the  institution acted once sufficient information became available. The presence of a dishonest client  in a portfolio is not, by itself, evidence that the institution knowingly supported its conduct. 

The same challenge has repeatedly confronted major participants in the European payments  industry, irrespective of their size or the sophistication of their compliance systems. Large payment 

institutions and banks have, on numerous occasions, discovered that clients had concealed or  subsequently changed the nature of their activities after onboarding. In such cases, regulatory  attention has focused not on the mere existence of fraudulent clients within a portfolio, but on  whether the institution’s monitoring systems identified the misconduct within a reasonable period  and whether appropriate remedial measures followed. 

Worldline, one of Europe’s largest payment processors, faced intense scrutiny after the publication  of the multinational Dirty Payments investigation. In July 2026, Investigate Europe reported that  services associated with several payment companies, including Paysafe and its Skrill business, had  appeared on websites linked by the publication to a network of allegedly unlicensed online casinos.  Again, the existence of a payment method on a website does not, without further evidence,  establish that the payment providers intentionally facilitated unlawful gambling or possessed  contemporaneous knowledge of every aspect of the merchant’s conduct. It does, however, illustrate  how rapidly merchant networks can adapt, migrate between technical providers and present  themselves differently across jurisdictions. 

Separate from the conduct of any individual client, it is also useful to consider the overall scale of  the European online acquiring market. According to European Central Bank statistics, remote card  payments accounted for approximately 28–30% of the total value of card payments in the euro  area during 2024– 2025. With total annual card payment volumes estimated at approximately  €3.2–3.5 trillion, this corresponds to an online card-acquiring market of roughly €1 trillion per  year. 

Against that background, Walletto processed €968,265,197.11 in acquiring transactions during  2025, representing 19,418,117 card transactions. Its total acquiring volume therefore accounted  for approximately 0.1% of the euro area’s online card-acquiring market. Those figures provide  important context. They neither determine the outcome of any regulatory assessment nor answer  questions that properly belong to the competent authorities. They do, however, make it difficult to  reconcile the scale of certain public narratives with the institution’s actual position within the  European payments ecosystem. Walletto represents only a very small fraction of the euro area’s  online acquiring market. It is therefore legitimate to ask whether the scale of the public narrative  remains proportionate to the objective scale of the institution itself. 

Walletto conducts client due diligence, ongoing transaction monitoring and periodic risk  reassessment, and reports suspicious activity to Lithuania’s Financial Crime Investigation Service  in accordance with its regulatory obligations. The company also says that it received no customer  complaints concerning the specific matters raised in the recent publications. That context  inevitably raises another question. If EGBA’s objective was to draw attention to what it  describes as a systemic industry problem, why was an institution representing approximately  0.1% of the euro area’s online acquiring market selected as the case through which that  broader narrative would be presented? The available public material offers no explanation  for that choice. 

The more interesting question, however, concerns not the allegations themselves, but the  chronology through which they entered the public domain.

An internationally respected financial publication approached the company for comment  before EGBA had publicly announced its own complaint. Some channels of communication,  it appears, are capable of moving considerably faster than official ones. The Bank of  Lithuania subsequently declined to confirm whether any supervisory process existed, citing  legal restrictions. Walletto, meanwhile, stated that it had received no formal notification  from its home regulator. 

Whether EGBA’s concerns ultimately prove justified is for regulators to determine. The public  narrative, however, had already been established. That inevitably brings attention to EGBA itself.  Outside specialist circles, relatively few readers are likely to appreciate what EGBA actually is.  Despite the institutional authority its name may suggest, it is not a regulator, supervisory authority  or public body established under European law. It is a Brussels-based trade association  representing the commercial interests of some of Europe’s largest licensed online gambling  companies. It commissions research, produces policy papers, engages with European institutions  and advocates positions on behalf of its members. 

There is nothing improper about that. Every major industry seeks to influence public policy.  Lobbying organisations exist precisely to advance the interests of those they represent. The  distinction becomes important only when advocacy begins to resemble regulation, and when a  body representing private commercial interests starts occupying the public space normally  reserved for independent supervisory authorities. 

A closer look at EGBA’s membership provides useful context. Several of the association’s leading  members have spent significant parts of the past decade on the receiving end of anti-money  laundering, anti-bribery and financial crime enforcement. Entain entered into a Deferred  Prosecution Agreement with the United Kingdom’s Crown Prosecution Service in 2023 involving  a settlement worth approximately £615 million overfailures to prevent bribery connected with its  former Turkish-facing business. The agreement became one of the largest corporate criminal  settlements in British history. Less than two years later, British prosecutors announced criminal  charges against several former senior executives. 

Flutter Entertainment previously reached a settlement with the United States Securities and  Exchange Commission concerning violations of the Foreign Corrupt Practices Act arising from  payments made through consultants operating in Russia. Kindred Group entities have been  sanctioned by Swedish regulators for deficiencies in anti-money laundering controls. In Lithuania,  Olympic Casino Group Baltija received one of the country’s largest administrative penalties linked  to AML failures, while Baltic Bet received two separate sanctions within a matter of weeks. None  of this determines whether EGBA’s present concerns are right or wrong. Regulators will decide  that. It does, however, create an unusual spectacle: an association representing companies with  some of Europe’s more eventful compliance histories has increasingly assumed the role of public  lecturer on regulatory standards. 

There is nothing improper about that either. Experience, after all, can be an excellent teacher.  Modern lobbying also depends on more than meetings with policymakers. It increasingly relies on  research, public reports, media briefings and advocacy campaigns. Individually, each activity is 

legitimate. Industry associations are entitled to commission studies. Researchers are entitled to  publish findings. Journalists are entitled to report them. Policymakers are entitled to consider them. Collectively, however, they can create a remarkably efficient ecosystem. Advocacy generates  research; research generates headlines; headlines create political pressure; political pressure  encourages further regulatory initiatives; and those initiatives are then cited as proof that the  original advocacy was necessary. The system has the admirable quality of being largely self reinforcing. This is why independent verification remains one of the defining obligations of  journalism. 

Numerical claims should be examined before they become headlines. Commissioned  research should be read together with its methodology and funding. Allegations should be  distinguished from findings. Trade associations should not be mistaken for public authorities  merely because their language resembles that of regulators. The question extends well beyond  Walletto, EGBA or the gambling industry. Across finance, technology, pharmaceuticals and other  heavily regulated sectors, commercial organisations have become sophisticated producers of  public-policy narratives. They do not merely participate in regulatory debate. Increasingly, they  help determine the language in which that debate begins. There is nothing inherently wrong with  commercial advocacy. The difficulty arises when private interests are presented as neutral public  judgment, or when the allegations of an industry lobby are reported with the institutional weight  normally reserved for a regulator. History has never been particularly inventive: thieves steal,  bribe-takers take bribes, and lobbyists lobby. 

Lobbying organisations exist to represent commercial interests. Regulators exist to protect  the public interest through independent supervision, legal procedure and objective  assessment. Those are fundamentally different institutional functions, however similar they  may occasionally sound in a headline. Problems begin when the distinction is forgotten. 

Perhaps that is the enduring lesson of this episode. Before examining a claim, it is worth asking  who produced it, whose interests they represent and whether those interests are the same as the  public interest they claim to defend. 

Who watches the watchdogs?

Comments

TechBullion

FinTech News and Information

Copyright © 2026 TechBullion. All Rights Reserved.

To Top

Pin It on Pinterest

Share This