Share
Share
Share
Share
When Commercial Lobbying Begins to Sound Like Regulation
There is an old principle in investigative journalism: before examining the message, examine the messenger. Institutions, no less than individuals, have interests, incentives and objectives of their own. Understanding them is often as important as understanding the allegations they make.
That principle matters more than ever. Increasingly, regulatory debates begin not with regulators, prosecutors or courts, but with commissioned research, lobbying campaigns, media briefings and carefully timed public disclosures. By the time supervisory authorities speak, the public narrative has often been written already.
Across Europe, lobbying organisations have become remarkably effective at shaping those narratives. They no longer simply advocate policy behind closed doors. They commission research, generate statistics, brief journalists and increasingly frame regulatory debates long before the competent authorities have reached any public conclusions. The recent public campaign surrounding the Lithuanian payment institution Walletto provides an unusually clear illustration of that process.
Bloomberg described the initiative launched by the European Gaming and Betting Association (EGBA) as part of a “new strategy” by Europe’s licensed gambling industry— one that shifts attention away from illegal operators themselves and towards the payment infrastructure through which those operators receive customer funds.
That observation may ultimately prove more significant than the individual allegations themselves. The strategic logic is not difficult to understand. For years, regulators attempted to combat illegal online gambling primarily by pursuing operators. Yet websites disappear, companies relocate, domains change and ownership structures evolve faster than legislation can keep pace. Payment institutions, by contrast, remain regulated entities operating under identifiable supervisory authorities. Unsurprisingly, they have become the next focus of attention.
To understand that challenge, it is useful to clarify what acquiring involves. An acquirer is a regulated financial institution that enables business clients to accept card payments, conducts due diligence before onboarding and monitors transactions thereafter. It is only one participant in a wider chain connecting the cardholder, merchant, payment provider, card network and issuing bank, with each participant exercising different controls and seeing different parts of the transaction.
Dishonest merchants rarely present themselves as such. They may provide apparently legitimate documents, operate compliant websites during onboarding or subsequently change their business model, domains, payment descriptors or transaction flows in order to retain access to regulated payment infrastructure. The financial institution may therefore itself be the party whose controls the client is attempting to deceive or circumvent.
Walletto states that this is not a theoretical risk but a recurring feature of the acquiring business. Throughout its nine years of operation, the company says that, together with the monitoring and compliance systems operated by Visa and Mastercard, it has identified several clients each year that had allegedly concealed, misrepresented or subsequently changed the true nature of their activities. According to Walletto, these cases were detected through ongoing monitoring, investigated and addressed in accordance with the applicable compliance, reporting and termination procedures. The company argues that such cases demonstrate not a failure unique to one institution, but the practical reality of modern acquiring, where continuous monitoring exists precisely because some clients deliberately attempt to circumvent regulatory controls after onboarding.
For that reason, regulation does not assume that every fraudulent client can be identified before the first transaction. The relevant questions are whether appropriate due diligence and monitoring were in place, whether warning signs were detected within a reasonable period and whether the institution acted once sufficient information became available. The presence of a dishonest client in a portfolio is not, by itself, evidence that the institution knowingly supported its conduct.
The same challenge has repeatedly confronted major participants in the European payments industry, irrespective of their size or the sophistication of their compliance systems. Large payment
institutions and banks have, on numerous occasions, discovered that clients had concealed or subsequently changed the nature of their activities after onboarding. In such cases, regulatory attention has focused not on the mere existence of fraudulent clients within a portfolio, but on whether the institution’s monitoring systems identified the misconduct within a reasonable period and whether appropriate remedial measures followed.
Worldline, one of Europe’s largest payment processors, faced intense scrutiny after the publication of the multinational Dirty Payments investigation. In July 2026, Investigate Europe reported that services associated with several payment companies, including Paysafe and its Skrill business, had appeared on websites linked by the publication to a network of allegedly unlicensed online casinos. Again, the existence of a payment method on a website does not, without further evidence, establish that the payment providers intentionally facilitated unlawful gambling or possessed contemporaneous knowledge of every aspect of the merchant’s conduct. It does, however, illustrate how rapidly merchant networks can adapt, migrate between technical providers and present themselves differently across jurisdictions.
Separate from the conduct of any individual client, it is also useful to consider the overall scale of the European online acquiring market. According to European Central Bank statistics, remote card payments accounted for approximately 28–30% of the total value of card payments in the euro area during 2024– 2025. With total annual card payment volumes estimated at approximately €3.2–3.5 trillion, this corresponds to an online card-acquiring market of roughly €1 trillion per year.
Against that background, Walletto processed €968,265,197.11 in acquiring transactions during 2025, representing 19,418,117 card transactions. Its total acquiring volume therefore accounted for approximately 0.1% of the euro area’s online card-acquiring market. Those figures provide important context. They neither determine the outcome of any regulatory assessment nor answer questions that properly belong to the competent authorities. They do, however, make it difficult to reconcile the scale of certain public narratives with the institution’s actual position within the European payments ecosystem. Walletto represents only a very small fraction of the euro area’s online acquiring market. It is therefore legitimate to ask whether the scale of the public narrative remains proportionate to the objective scale of the institution itself.
Walletto conducts client due diligence, ongoing transaction monitoring and periodic risk reassessment, and reports suspicious activity to Lithuania’s Financial Crime Investigation Service in accordance with its regulatory obligations. The company also says that it received no customer complaints concerning the specific matters raised in the recent publications. That context inevitably raises another question. If EGBA’s objective was to draw attention to what it describes as a systemic industry problem, why was an institution representing approximately 0.1% of the euro area’s online acquiring market selected as the case through which that broader narrative would be presented? The available public material offers no explanation for that choice.
The more interesting question, however, concerns not the allegations themselves, but the chronology through which they entered the public domain.
An internationally respected financial publication approached the company for comment before EGBA had publicly announced its own complaint. Some channels of communication, it appears, are capable of moving considerably faster than official ones. The Bank of Lithuania subsequently declined to confirm whether any supervisory process existed, citing legal restrictions. Walletto, meanwhile, stated that it had received no formal notification from its home regulator.
Whether EGBA’s concerns ultimately prove justified is for regulators to determine. The public narrative, however, had already been established. That inevitably brings attention to EGBA itself. Outside specialist circles, relatively few readers are likely to appreciate what EGBA actually is. Despite the institutional authority its name may suggest, it is not a regulator, supervisory authority or public body established under European law. It is a Brussels-based trade association representing the commercial interests of some of Europe’s largest licensed online gambling companies. It commissions research, produces policy papers, engages with European institutions and advocates positions on behalf of its members.
There is nothing improper about that. Every major industry seeks to influence public policy. Lobbying organisations exist precisely to advance the interests of those they represent. The distinction becomes important only when advocacy begins to resemble regulation, and when a body representing private commercial interests starts occupying the public space normally reserved for independent supervisory authorities.
A closer look at EGBA’s membership provides useful context. Several of the association’s leading members have spent significant parts of the past decade on the receiving end of anti-money laundering, anti-bribery and financial crime enforcement. Entain entered into a Deferred Prosecution Agreement with the United Kingdom’s Crown Prosecution Service in 2023 involving a settlement worth approximately £615 million overfailures to prevent bribery connected with its former Turkish-facing business. The agreement became one of the largest corporate criminal settlements in British history. Less than two years later, British prosecutors announced criminal charges against several former senior executives.
Flutter Entertainment previously reached a settlement with the United States Securities and Exchange Commission concerning violations of the Foreign Corrupt Practices Act arising from payments made through consultants operating in Russia. Kindred Group entities have been sanctioned by Swedish regulators for deficiencies in anti-money laundering controls. In Lithuania, Olympic Casino Group Baltija received one of the country’s largest administrative penalties linked to AML failures, while Baltic Bet received two separate sanctions within a matter of weeks. None of this determines whether EGBA’s present concerns are right or wrong. Regulators will decide that. It does, however, create an unusual spectacle: an association representing companies with some of Europe’s more eventful compliance histories has increasingly assumed the role of public lecturer on regulatory standards.
There is nothing improper about that either. Experience, after all, can be an excellent teacher. Modern lobbying also depends on more than meetings with policymakers. It increasingly relies on research, public reports, media briefings and advocacy campaigns. Individually, each activity is
legitimate. Industry associations are entitled to commission studies. Researchers are entitled to publish findings. Journalists are entitled to report them. Policymakers are entitled to consider them. Collectively, however, they can create a remarkably efficient ecosystem. Advocacy generates research; research generates headlines; headlines create political pressure; political pressure encourages further regulatory initiatives; and those initiatives are then cited as proof that the original advocacy was necessary. The system has the admirable quality of being largely self reinforcing. This is why independent verification remains one of the defining obligations of journalism.
Numerical claims should be examined before they become headlines. Commissioned research should be read together with its methodology and funding. Allegations should be distinguished from findings. Trade associations should not be mistaken for public authorities merely because their language resembles that of regulators. The question extends well beyond Walletto, EGBA or the gambling industry. Across finance, technology, pharmaceuticals and other heavily regulated sectors, commercial organisations have become sophisticated producers of public-policy narratives. They do not merely participate in regulatory debate. Increasingly, they help determine the language in which that debate begins. There is nothing inherently wrong with commercial advocacy. The difficulty arises when private interests are presented as neutral public judgment, or when the allegations of an industry lobby are reported with the institutional weight normally reserved for a regulator. History has never been particularly inventive: thieves steal, bribe-takers take bribes, and lobbyists lobby.
Lobbying organisations exist to represent commercial interests. Regulators exist to protect the public interest through independent supervision, legal procedure and objective assessment. Those are fundamentally different institutional functions, however similar they may occasionally sound in a headline. Problems begin when the distinction is forgotten.
Perhaps that is the enduring lesson of this episode. Before examining a claim, it is worth asking who produced it, whose interests they represent and whether those interests are the same as the public interest they claim to defend.
Who watches the watchdogs?

