Notifications
Clear all
Topic starter
22/06/2026 9:53 am
TL;DR: New Zealand’s new online casino regime demands staged licensing, enhanced ownership disclosure, key-officer checks, and pre-launch KYC, AML, and age verification readiness before the December 2026 cutoff, according to SumSub. The compliance burden is really an identity governance problem, because operator access, customer verification, and fraud controls now have to stand up before go-live, not after.
NHIMG editorial — based on content published by SumSub: What iGaming operators need to know about licensing, compliance, and getting ready before New Zealand's December 2026 cutoff
Questions worth separating out
Q: How should iGaming operators prepare identity controls for a new licensing regime?
A: They should treat licensing as an identity governance exercise.
Q: Why do synthetic identities create a compliance risk for regulated gaming platforms?
A: Synthetic identities can pass weak onboarding checks and then use trusted access to commit fraud or evade monitoring.
Q: What breaks when KYC and age verification are left until after launch?
A: The platform becomes live before the identity controls needed to admit customers safely are in place.
Practitioner guidance
- Map licensing evidence to identity controls Create a licensing evidence register that ties ownership, key officer checks, capital proof, and prior licence history to named control owners and review dates.
- Separate onboarding approval from operational readiness Do not treat a successful application as proof that the platform is ready.
- Harden document and liveness checks against fabrication Add controls that challenge synthetic identity and deepfake attempts, including stronger document verification, anomaly review, and step-up checks for higher-risk cases.
What's in the full article
SumSub's full report covers the operational detail this post intentionally leaves for the source:
- Step-by-step explanation of New Zealand’s three-stage licensing process from EOI to full application
- Detailed breakdown of the DIA evidence expectations, including ownership disclosure and key officer checks
- Practical guidance on KYC, AML, and age verification design before platform launch
- Local execution pitfalls such as document acceptance, banking relationships, and data residency obligations
👉 Read SumSub’s analysis of New Zealand’s iGaming licensing and compliance requirements →
New Zealand iGaming licensing: what identity teams need to prep?
Explore further
22/06/2026 10:32 am
Licensing readiness is now a governance evidence problem, not a paperwork problem. New Zealand’s regime makes operators prove ownership, officer integrity, capital access, and prior licensing history before they are allowed into market. That is the same control philosophy identity teams already use for high-assurance access: who is allowed in, on what basis, and with what evidence trail. Practitioners should treat licensing preparation as governed identity documentation, not a legal side task.
A few things that frame the scale:
- 92% of organisations expose NHIs to third parties, raising concerns about supply chain security, according to Ultimate Guide to NHIs.
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them, according to NHI Mgmt Group research.
A question worth separating out:
Q: Who is accountable when compliance evidence is incomplete during market entry?
A: Accountability should sit with the operator’s named compliance and governance owners, but the practical burden is shared across legal, AML, fraud, and identity teams. If evidence is incomplete, the organisation does not have a defensible control story, and that is a governance failure, not a filing issue.
👉 Read our full editorial: New Zealand iGaming licensing raises the bar for identity controls
