The fact you have successfully acquainted a gaming license in one jurisdiction does not mean the operator is compliant to provide its gaming services across the globe, even if the issued license does not provide any restrictions in terms of jurisdictions. For example, the Curaçao gaming license stipulates prohibited countries, such as Curaçao itself, France, the Netherlands, Singapore, the United States, etc.), while the Maltese gaming license does not constitute such a list of the prohibited jurisdictions. Though, it's not as simple as it seems.
Worldwide gambling markets are governed on the level of sovereign countries through legislation enacted by the local legislature, for example, multi-licensing has been adopted in 25 out of 29 European countries, with 21 countries having introduced full multi-licensing for all regulated online gambling products. The national regulations' scope and reach vary from country to country. They can stipulate either monopoly (for example, a single government-backed monopoly) or ban, or they regulate gambling heavily, moderately, lightly, and in some instances, not at all. Therefore, even if the operator has a license, which does not provide a list of the prohibited jurisdictions (like the Maltese gaming license), the operator still is challenged to be well aware of each particular jurisdiction it intends to provide or provides its gaming services. This means that in the real world the operator must balance licensing risk against revenue generation and have the ability to act according to an order, set of rules, or a request from any such jurisdiction having local licensing or government monopoly or ban of online gaming. And here we come to the so-called "risk-based" approach.
What is a "risk-based" approach and what does it involve? It means that the company must perform an analysis of each jurisdiction on several aspects–compliance, business, payments, marketing, e.g., it is cross-operational research and decision-making by several teams of the company.
The compliance team's aim in such investigation is to explore the online gaming regulations of each such jurisdiction – is it regulated at all or not, is it allowed to provide online gaming services or not (so-called "ban" of gaming in general or only online gaming), is it allowed to provide the gaming services by the operator licensed in another jurisdiction, if there is a local licensing requirement – what are the possible business risks (for example, finance-related risks like penalties, reputational, etc.) in case the company provides its gaming services in the particular jurisdiction, what steps can be taken to avoid possible business risks (for example, exclude the jurisdiction from direct targeting by the marketing team and affiliates team, excluding local currency on the websites, etc.), and what are residual risks.
While payments team has two main aims in such investigation – the possibility to generate revenue in the respective jurisdiction as per the experience and data on the particular market, which directly guides as well as to the second aim–the payment options for the players. The fact the company could generate particular revenue in a specific jurisdiction, for example, due to the number of the population, but no possibility to provide the most popular payment methods to the players, might decrease the company's possibility to generate profit, or as per the experience and research data by the payments team citizens of the particular country usually do not involve in online gaming. Again, these findings must be reviewed and cross-teams-decided in complex with the compliance findings – is it worth providing the gaming services in the country in such case if the potential compliance risks are higher than the possible profit generated.
Considering a global shift towards tighter regulations with a more localized focus, this is becoming challenging for the compliance team to follow up on the latest regulations and tendencies in each country, especially, if the focus and aim of the company considering the business needs are to provide its gaming services as much as possible countries. The compliance team's evaluation might collide with the business needs and financial targets of the company, and sometimes compliance findings can be considered as business "disablers". Though compliance does not produce revenue, at its best, it both enables and safeguards it. Therefore, the compliance team's guidance in the cross-operation risk evaluation is essential in the business operations.