Practical AML Training Plan for a Small iGaming Team: A 30-60-90 Day Schedule

If you’re building or scaling iGaming business ideas, money laundering risk isn’t a “later” problem. It shows up early, often disguised as normal player behavior.

A practical iGaming AML training plan gives a small team one thing most startups lack: consistent judgment. When an alert fires at 9:30 pm, your staff shouldn’t guess. They should follow the same playbook every time.

Below is a 30-60-90 day schedule you can run with a lean team (as small as 5 to 15 people), plus ready-to-use training topics you can recycle all year.

The goal of a 30-60-90 iGaming AML training plan (and why small teams need it)

Small teams don’t fail AML because they “don’t care.” They fail because knowledge sits in one person’s head, and everyone else is busy shipping features, answering tickets, or fixing payments.

This AML training plan is built to help you:

• Create a shared AML baseline across Compliance, Payments, Customer Support, and Product/Engineering

• Reduce alert-handling chaos by using one workflow and one set of decision rules

• Prove to partners, banks, and regulators that training is real, tracked, and improving

30-60-90 day roadmap overview (what happens when)

Here’s the simple logic:

• Days 1 to 30: Learn the rules and your internal standards (shared language)

• Days 31 to 60: Practice decisions (repeatable workflow)

• Days 61 to 90: Measure quality and prepare for audits (proof and performance)

Before Day 1: set your training “rails” (so it doesn’t drift)

Spend 2 to 4 hours setting the basics. Otherwise, training becomes random slides and inconsistent interpretations.

Define roles and escalation

• Who can clear low-risk alerts?

• Who approves Enhanced Due Diligence (EDD)?

• Who makes the final SAR or STR call?

Pick one home for AML knowledge

Use a single wiki page (Notion, Confluence, or Google Drive) with:

• Policies and procedures

• Your risk appetite summary

• Alert-handling checklist

• Reporting decision guide

Set a baseline

Run a 15-minute pre-test and save the results. It’s your “before” photo.

If you need a structure prompt for policies and controls, a general AML template for small firms can help you outline core sections (even if you adapt it to gaming). See FINRA’s AML template for small firms.

Days 1-30: Build shared AML basics (minimum viable competence)

Your team needs the same basic map before they can take turns driving. Keep sessions short, 30 to 45 minutes, twice per week.

Week-by-week schedule (Days 1-30)

Week	Focus	Ready-to-use session topics	Output you should save
Week 1	AML fundamentals	What money laundering looks like in gaming, why KYC matters	Glossary of key terms
Week 2	Customer due diligence	CDD vs EDD, source of funds vs source of wealth, sanctions basics	CDD checklist and EDD trigger list
Week 3	Transaction risk	Deposits, withdrawals, reversals, and bonus abuse signals	“Red flags” page for your product
Week 4	Reporting and records	SAR/STR thresholds, narrative writing basics, retention rules	One-page workflow and evidence list

Ready-to-use micro-topics for Days 1-30 (plug and play)

• Red flags you actually see: rapid deposit and withdrawal cycles, multiple accounts, shared devices, failed KYC with continued play.

• KYC friction vs risk: where you accept drop-off, where you don’t.

• Third-party risk: PSP limits, chargebacks, and why “payments” is part of AML.

• Case mini-drill: “Player wins big, withdraws fast, refuses documents.” What do you do first?

If your team needs structured eLearning for the basics, you can borrow topic sequencing from an industry course outline like iGaming Academy’s AML and CTF training for online operators.

Days 31-60: turn knowledge into a repeatable workflow (and stop ad-hoc decisions)

Now your goal is consistency. The best analogy is a kitchen line. Anyone can cook one dish, but a restaurant survives on repeatable prep and clear stations.

The AML reporting workflow everyone should memorize

Run two tabletop drills per week using this flow:

1. Monitoring
2. Alert triage
3. Investigation
4. SAR or STR decision
5. Filing
6. Recordkeeping

Ready-to-use drills (simple, realistic, fast)

Drill 1: Alert triage in 10 minutes

• What data do you check first (device, IP, payment method, velocity)?

• What makes it “no action,” “monitor,” or “investigate”?

Drill 2: Write a clean case note. Have staff practice a 6-sentence format:

• What happened

• Time period

• Accounts involved

• Why is it unusual

• What you checked

• What did you decide and why

Drill 3: Cross-team handoff. Customer Support gets a document refusal. Payments show odd deposit patterns. Who owns the case, and how does it get logged?

Days 61-90: Risk assessment, quality checks, and audit-ready evidence

At this stage, training becomes performance. You’re not teaching terms anymore. You’re testing decisions.

Build a simple risk assessment matrix that your team can use

Use a 3×3 matrix (customer risk vs transaction risk) to standardize:

• When EDD is required

• When limits apply (withdrawal holds, manual review)

• When to escalate to the MLRO or compliance lead

Add QA so training sticks

Run a weekly 30-minute quality review:

• Review 5 closed alerts

• Score them on evidence quality, decision logic, and documentation

• Log fixes as “training moments” and update the playbook

Track a few metrics that prove improvement

Keep it tight:

• Training completion rate (by role)

• Pre-test vs post-test score change

• Median time to triage an alert

• Rework rate (cases reopened due to missing evidence)

Ready-to-use AML training topics you can reuse monthly

Use these as 20 to 30-minute refreshers after Day 90. Rotate by role so people stay engaged.

• KYC document basics: common forgeries, mismatch patterns, and what “good evidence” looks like.

• PEPs and high-risk customers: how to spot risk without profiling.

• Sanctions screening: false positives, match strength, and escalation steps.

• Source of funds vs source of wealth: simple explanations staff can repeat.

• Deposit and withdrawal velocity: what “normal” looks like for your product.

• Bonus abuse and AML overlap: where fraud signals become AML signals.

• Chargebacks and reversals: when payments risk becomes compliance risk.

• Multi-accounting indicators: device fingerprints, shared IPs, behavioral clues.

• Case notes that hold up: writing clear narratives and keeping opinions out.

• Recordkeeping: what to store, where, and how long (based on your rules).

• Escalation etiquette: what details to include so Compliance can act fast.

• One “case of the month”: anonymized, scored, and discussed as a team.

Make iGaming AML training part of how you operate

The easiest AML mistake is treating training like a one-time task. It’s not. It’s a habit, like backups or incident response. With this 30-60-90 schedule, your small team gets shared standards, a single workflow, and measurable improvement.

If you want faster onboarding and fewer bad calls, start with the pre-test this week, then run the first two sessions next week. Your iGaming AML training program will feel less like theory and more like how your business runs day to day.