Integrated third party risk and contract management in an international gaming operator
Challenge
A gaming operator with a presence in Europe and Latin America managed an extensive network of technology providers, payment methods, marketing, support, hosting, cyber security, customer care, etc.
It is a highly regulated sector, subject to stringent requirements in terms of
- Prevention of fraud and money laundering.
- Personal data protection and information security.
- Responsible gambling and user protection.
- Contractual compliance with regulators and strategic partners.
- Consistently assess and rate your suppliers in different risk domains (privacy, cybersecurity, criminal compliance, contractual, etc.).
- Manage an international supply chain, with suppliers in several countries and documentation in multiple languages.
- Review and improve contracts with its suppliers to ensure that identified risks were reflected in sufficient clauses, obligations and guarantees.
Approach
ECIX Tech deployed a service Legal Operations supply chain, combining the platform with an integrated eTPC with the specialised artificial intelligence of MIA Enterprise.
The approach was articulated along two main lines:
-
Automated supplier evaluation and qualification (eTPC + MIA)
- Centralisation of all suppliers and service lines at eTPCwith impact levels defined according to the criticality of the service (gaming platform, payments, support, etc.).
- Design of evaluation forms advanced for different compliance domains (privacy, cybersecurity, legal person criminal, sectoral regulatory).
-
Use of MIA Enterprise to automatically analyse the responses and evidence provided by suppliers, even in multiple languages, generating:
- A risk rating by domain.
- A overall level of reliability per supplier.
- Visualisation of the entire process in the rating panel eTPC, allowing for prioritisation of higher-risk suppliers and informed decision-making.
-
Review and improvement of supplier contracts through AI
-
Application of the algorithms of MINE for the mass analysis of supplier contracts:
- Identification of critical clauses (security, privacy, outsourcing, audits, responsibilities, incident reporting, jurisdiction, etc.).
- Detection of contractual shortcomings or weaknesses based on the risks identified at each supplier and the applicable regulatory requirements.
-
Drawing up proposals for contractual improvement, aligning:
- The actual supplier risk.
- The compliance obligations arising from the gambling sector and international regulations.
- Integration of the result into internal procurement and legal advice processes, facilitating improved model contracts and standard clauses by type of service and level of risk.
-
Application of the algorithms of MINE for the mass analysis of supplier contracts:
Results
The joint implementation of eTPC and MIA Enterpriseintegrated into an ongoing Legal Operations service, enabled the gambling operator:
- Standardise supplier evaluation throughout its international supply chain, with homogeneous risk criteria by domain (privacy, cyber, criminal, regulatory).
- Significantly reduce manual effort dedicated to reviewing questionnaires, evidence and documentation, and being able to manage a much larger number of suppliers with the same resources.
- Detecting and correcting contractual weaknesses systematically, aligning each contract with the risk profile of the supplier and the regulatory requirements of the gaming sector in the different jurisdictions.
- To have a consolidated and updated view of third party riskswith clear and traceable reporting for internal audits, regulators and strategic partners.
