Why treating crypto as cash broke compliance for a Nordic operator
In 2019 a Stockholm-based startup, NordGate Payments, launched a crypto payment gateway aimed at online gambling operators across Asia. The company processed roughly $25 million in crypto volume annually, worked with 18 operators, and ran lean with 22 employees. The team assumed crypto behaved like cash: fast settlements, borderless flow, low fees. That assumption collided with two realities. First, Swedish authorities had clarified that many crypto tokens meet the definition of financial instruments, not legal tender. Second, China's aggressive policy changes that began in 2021 pushed Chinese gamblers toward offshore crypto platforms and increased regulatory scrutiny across Asia.
The immediate fallout was operational and legal. Banks and PSPs in Sweden began flagging NordGate’s accounts. Finansinspektionen-style inquiries sought clarity on whether NordGate should be registered, report under anti-money laundering rules, and hold certain capital buffers. Meanwhile, migration of Chinese online gamblers to crypto platforms increased transactional volume by 60 percent in one quarter. That spike magnified AML risks: larger deposits from opaque sources, unusual on-chain patterns, and pressure to process high-volume withdrawals quickly to satisfy frustrated players.
The compliance gap: When financial instrument status met high-risk gambling flows
NordGate’s core problem was a mismatch between legal classification and operational controls. Sweden’s treatment of many crypto assets as financial instruments brings obligations similar to those for securities or derivatives: registration requirements for trading venues, stricter client onboarding, and sometimes reporting under financial services frameworks. NordGate had none of those in place. Their KYC was lightweight, their custody model mixed hot and cold wallets across jurisdictions, and AML monitoring relied on generic heuristics tuned for fiat PSP flows, not token transfers.
Compounding that, China’s escalation against crypto and online gambling produced a migration of Chinese users to Asian crypto gambling sites. Those markets are fragmented: some jurisdictions had clear licensing (Philippines, Isle of Man), many did not. Chinese regulators increased cross-border enforcement and asked banks to freeze transactions linked to gambling. Crypto offered an alternative path for gamblers, but it also concentrated risk in channels that regulators could now view as facilitating illegal activity.
The stakes included fines, forced registration, suspended banking relationships, and potential criminal exposure for senior staff. NordGate faced a choice: continue treating tokens like cash and risk enforcement, or rework operations to meet the expectations that follow from being treated as a financial instrument.
A dual-track compliance strategy: Separating custody, gateway, and gambling flows
NordGate adopted a dual-track approach that treated compliance as a product requirement and a risk control imperative. The strategy had three pillars:
- Reclassify product lines internally to reflect legal obligations. Token custody and trading services were treated as financial services, while simple payment processing was scoped and restricted. Segregate customer segments and flows. Gambling operator clients were placed under stricter onboarding and transaction limits, with dedicated accounts and separate liquidity pools. Strengthen on-chain and off-chain monitoring, and commit to regulatory engagement in Sweden and key Asian jurisdictions.
This approach moved beyond pure legal defense. It established protective walls: operationally distinct services, clear audit trails, and a compliance-first product roadmap. NordGate decided to accept short-term revenue impact in exchange for sustainable access to banking and the Swedish market.
Contrarian view considered
Some team members argued for doubling down on offshore anonymity: migrate operations off Sweden, rely on permissive jurisdictions, and ignore Swedish classification. That path promised faster growth and lower immediate compliance costs. The leadership rejected it. They calculated the long-term value of regulated market access, more stable banking relationships, and reduced tail risk from enforcement. That calculation shaped the dual-track strategy.
Implementing dual-track compliance: A 120-day roadmap
Implementation followed a strict, measurable schedule. NordGate broke work into 12 weekly sprints across legal, product, operations, and engineering. Key steps included:
Day 0-14: Legal audit and product mapping. External counsel in Stockholm and an AML specialist assessed each token, labeling them as likely financial instruments or utility tokens for Swedish regulators' purposes. The audit identified six high-risk tokens accounting for 72 percent of volume. Day 15-30: New corporate structure and service separation. NordGate created two business units: NordGate Custody (subject to financial instrument rules) and NordGate Payments (restricted PSP for lower-risk tokens and fiat rails). Separate bank accounts, ledgers, and corporate records were established. Day 31-60: Hardened KYC and operator onboarding. For gambling clients, NordGate introduced enhanced due diligence: company ownership checks, source-of-funds documentation, and beneficial owner verification. On-chain analytics vendors were onboarded to flag high-risk addresses and pattern anomalies. Day 61-90: Transaction controls and limits. Withdrawal limits were introduced for new Chinese-linked accounts: maximum daily withdrawals of $10,000 and mandatory 72-hour cooling periods for transfers exceeding $25,000. Automated rules blocked transfers between known gambling hot wallets without pre-approval. Day 91-120: Regulatory engagement and reporting readiness. NordGate proactively filed a registration memo with Swedish authorities describing the new split, capital posture, AML controls, and third-party audits. A record retention and SAR reporting pipeline was implemented with a 24-hour alert SLA for suspicious flows.Operational changes required engineering deliverables: segregated wallet management, tagging systems to track operator flows, and dashboards for compliance officers to review alerts. Training programs were rolled out to customer success teams to explain the new onboarding and withdrawal rules to clients.
From high-risk exposure to stable operations: measurable outcomes in 12 months
Results were quantifiable and occurred within a year. NordGate’s metrics shifted across compliance, revenue, and client retention:
Metric Baseline 12 Months Post-Implementation Monthly processed volume $2.1M $1.6M High-risk token share of volume 72% 28% Bank account closures 2 in prior year 0 Regulatory notices 1 formal inquiry 0 unresolved inquiries Client churn among gambling operators 16% 6% AML false positives (monthly) 1,400 320Revenue temporarily declined by about 24 percent because highest-volume gambling flows were restricted until operators complied with new onboarding. However, banking stability improved. Two primary correspondent banks restored full services within five months. NordGate avoided fines in Sweden and gained a slot to consult with regulatory staff, which further reduced enforcement risk.
On the operational side, alert quality improved. False positives fell by 77 percent, allowing compliance analysts to focus on high-fidelity cases. The firm also reduced average SAR closure time from 13 days to 3 days. Those improvements mattered to banking partners and reduced the likelihood of account freezes that had previously threatened the business.
5 essential lessons every crypto gambling operator in Asia must heed
Lesson 1 - Classification matters. Regulators treat tokens differently. When an asset functions like a financial instrument, obligations can include registration, capital requirements, custody standards, and more. Assume classification can change with policy updates and prepare to adapt.
Lesson 2 - Don’t mix functions that attract different rules. Custody and pure payments belong in separate legal wrappers. Mixing them invites unclear regulatory expectations and higher compliance costs. Segregation makes audits clearer and operations more defensible.
Lesson 3 - Know your player geography. Chinese policy shifts forcibly re-route user behavior. Operators with heavy Chinese player bases should anticipate stricter AML rules and bank scrutiny. Implement geo-aware controls and stricter onboarding for at-risk jurisdictions.
Lesson 4 - Instrument your on-chain signals. Raw transaction volume is not a risk signal. Tagging wallets, clustering addresses, and monitoring spending patterns separate legitimate flows from orchestrated gambling or money movement schemes. Invest in signal quality before scaling.
Lesson 5 - Engage regulators proactively. Waiting for an inquiry increases tail risk. NordGate’s decision to brief Swedish regulators early reduced friction, produced clearer expectations, and ultimately created a path for continued operations within regulated markets.
How operators, banks, and investors should act now
For operators: perform a product audit. Map which tokens you accept, how they behave economically, and whether they act like debt, equity, or derivative instruments. Introduce tiered onboarding for high-risk segments, and align https://blockchainreporter.net/regulatory-landscapes-how-different-jurisdictions-are-approaching-crypto-gambling-in-2025/ withdrawal controls with your bank partners’ risk appetites. Prepare to accept lower short-term volume for greater long-term access to regulated financial rails.
For banks and PSPs: require clear segregation of services and demonstrable on-chain monitoring. Accept that some operators will choose offshore anonymity, but prioritize relationships with entities that can show the operational separation and reporting that a financial instrument classification requires.
For investors: pressure portfolio companies to disclose token acceptance policies and AML controls. The value of a growth story can evaporate quickly if banking relationships are fragile. Demand evidence of regulatory engagement, on-chain surveillance, and a tested migration plan in case national policies shift.
Final contrarian note
Some argue regulation will kill crypto-driven gambling markets, pushing all activity deeper underground. History suggests otherwise. Markets adapt. Operators that adapt early by aligning product design with legal expectations preserve access to better payment rails and attract institutional capital. Those that do not will either operate in higher-risk pockets or fold when exposure becomes unbearable. The practical path is clear: treat classification seriously, segment services, and build controls that scale with volume.
NordGate’s turnaround didn’t make the business risk-free. It did something more valuable: it converted an existential legal threat into an operational discipline that sustained growth under tougher conditions. For any operator trading in the uncertain space between Swedish regulation and China-driven demand, that discipline is the difference between temporary expansion and long-term survival.