Note to self
Kalshi and Polymarket move to reassure on integrity
New frameworks attempt to put the case for predictions self-regulation.
In +More: Malta pitches itself as a predictions regulator.
Assessing the scale of the sector’s cybersecurity issues.
The new tobacco: public health advocates behind gambling class action.
Yaspa is an award-winning fintech delivering personal intelligence through instant payments. Powered by open banking and AI, Yaspa’s Intelligent Payments combine Pay by Bank transactions with verified customer insights to protect players and power safer gambling. The platform also provides a full suite of payment and account verification services, using pan-operator financial insights and bank-grade security to reduce friction and fraud, strengthen compliance and improve payments performance. Yaspa operates across the UK, Europe and the US, and is regulated by the UK’s Financial Conduct Authority.
Learn more at www.yaspa.com
In the frame
I’m beautiful in my way: Under pressure following various conflict-related trading scandals, the two leading prediction market operators moved to publish detailed integrity frameworks with the intention of arguing that the sector can govern itself.
Whether regulators and lawmakers find that argument persuasive is a question yet to be answered.
This is particularly the case given the growing suspicions surrounding mysterious trading on the oil price ahead of consequential Truth Social posts by President Trump.
Notably, a new bipartisan bill led by Reps. Nikki Budzinski and Adrian Smith would bar members of Congress from trading political event contracts.
The proposed PREDICT Act targets insider advantages in prediction markets and mirrors broader legislative efforts.
’Cause God makes no mistakes: Late last week, Polymarket published revised market integrity rules across both its DeFi platform and its CFTC-regulated US exchange. Three days later, Kalshi followed with its own announcement of expanded technological guardrails.
Taken together, the two announcements represent the most substantial public commitment to self-policing that the prediction markets sector has yet made.
They also represent a calculated political gambit at a particularly fraught moment for the industry.
I’m on the right track, baby: Kalshi’s announcement centers on preemptive screening technology with systems built to prevent political candidates from trading on their own campaigns, extending an existing block on elected members of Congress.
It has also implemented a new policy for individuals involved in college and professional sports.
Athletes, officials, referees and other personnel will be preemptively blocked from trading on markets associated with sports they are connected to.
The sports screening capability has been developed over several months in partnership with IC360.
Kalshi framed this as an upgrade from a reactive to a proactive posture.
The company is also adding a whistleblower function embedded directly on its market pages, enabling users to flag suspicious activity against Kalshi’s publicly visible trading data.
In crowdsourcing integrity monitoring from the user community, Kalshi implicitly acknowledged that no automated system catches everything.
Don’t hide yourself in regret: Separately, Polymarket said it was codifying the rules and clarifying three categories of prohibited insider trading: trading on stolen confidential information; trading on illegal tips passed from someone with a preexisting duty of confidence; and trading by those who hold positions of authority sufficient to influence the outcome of the underlying event.
Polymarket now explicitly prohibits spoofing, wash trading, fictitious transactions, self-dealing, front-running, information misuse and other practices that undermine orderly market operation.
Surveillance on the DeFi platform draws on the inherent transparency of the Polygon blockchain, where all trades are publicly visible on-chain and all contract holders can be identified.
On the regulated US exchange, oversight operates at three levels: partnerships with trade surveillance specialists; a real-time control desk; and a Regulatory Services Agreement with the National Futures Association to conduct trade practice surveillance, investigate violations and sanction rule-breakers.
Just love yourself, and you’re set: Both announcements can be viewed as a response to the growing awareness of the political environment in which prediction markets are currently operating.
Kalshi said that its new measures “proactively address the CFTC’s guidance and Congressional bill proposals to prevent insider trading.”
It expressed a desire to make these efforts “a standard across the industry.”
Polymarket’s CLO Neal Kumar said its rule enhancements “highlight the compliance infrastructure we have already built” and described them as foundational to the platform’s mission of surfacing truth.
Give yourself prudence and love your friends: The moves come against a backdrop of the bipartisan effort led by Sens. Adam Schiff and John Curtis to bar CFTC-regulated platforms from listing sports-related event contracts.
That is a sign that regulatory pressure is no longer confined to state enforcers and courts.
The bill would also prohibit casino-style games, including slots, blackjack and video poker, extending the fight beyond the sports integrity argument.
Until now, prediction markets have largely benefited from a favorable political climate in Washington under the current administration.
But the Schiff-Curtis bill suggests that congressional skepticism cuts across party lines when it comes to the specific question of sports contracts.
A different lover is not a sin: Last week, Polymarket signed a deal with Major League Baseball to become the exclusive prediction markets partner and, at the same time, MLB published a memorandum of understanding with the CFTC.
This has since been criticized by Benjamin Schiffrin, director of securities policy for financial markets lobby group Better Markets, who said there was “no reason” for such an understanding between a financial regulator and a sports body.
“The CFTC is supposed to ensure fair prices for things like food, gas and electricity,” he said.
“That has nothing to do with baseball, with betting on baseball, or with ensuring the integrity of the game of baseball.”
Increase Operator Margins with EDGE Boost Today!
EDGE Boost is the first dedicated bank account for bettors.
Increase Cash Access: On/Offline with $250k/day debit limits
No Integration or Costs: Compatible today with all operators via VISA debit rails
Incremental Non-Gaming Revenue: Up to 1% operator rebate on transactions
Lower Costs: Increase debit throughput to reduce costs against ACH/Wallets
Eliminate Chargebacks and Disputes
Eliminate Debit Declines
Built-in Responsible Gaming tools
To learn more, contact Matthew Cullen, chief strategy officer on Matthew@edgemarkets.io
+More
Malta is exploring a dedicated regulatory framework for prediction markets, according to Minister for the Economy Silvio Schembri. The government sees the vertical as a potential driver of digital economic growth, provided safeguards around market integrity and consumer protection are established. If implemented, Malta would become the first European jurisdiction to formally regulate prediction markets, positioning itself at the forefront of the emerging sector.
Maryland: Efforts to legalize online casino gaming in Maryland have stalled after Sen. Ron Watson withdrew SB 761, which sought to trigger a voter referendum on related bills. Without public approval, companion measures SB 884 (online poker) and SB 885 (iCasino) cannot proceed. The proposals also faced sustained opposition from state officials and land-based operators, ultimately halting momentum for online expansion this legislative session.
Alberta has set a July 13 deadline for operators to secure licenses, pay fees and cease unregulated betting ahead of its iGaming launch, with the Alberta Gaming, Liquor and Cannabis Commission warning that only a fraction of more than 50 interested parties have completed payments. Existing wagers with unlicensed operators must be settled or voided. Caesars plans to open pre-registration for its Caesars Palace, Horseshoe and Sportsbook brands this spring or summer.
Head of Compliance – Dublin
Safer Gambling Manager – Dublin
Chief Technology Officer – Montreal
Cyberattacks
Shin up: Cyberattacks are a continuing problem facing Nevada casinos, with Wynn Resorts added to a list of victims over the last three years that includes MGM Resorts, Caesars Entertainment and Boyd Gaming.
Wynn recently confirmed a February 20 cybersecurity incident involving the theft of employee data.
The Register reported the group ShinnyHunters carried out the attack, who are believed to be affiliated with Scattered Spider.
What tangled webs we weave: Scattered Spider conducted the cyberattacks on MGM and Caesars in 2023. In 2025, Boyd reported in a US SEC filing that it was attacked, although it never disclosed the extent of the incident or the cost of the breach.
The Wynn breach involved some 800,000 records that include sensitive employee information, such as names, emails, phone numbers and social security numbers.
The hackers had set a $1.5m ransom but reports confirmed the stolen data had been deleted.
The cyberattack on Wynn was reportedly the first incident following the approval of new protocols for gaming licensees.
No comment: The Nevada Gaming Control Board (NGCB) declined to comment, telling Compliance+More in a statement that it doesn’t “comment on active investigations.”
“The new cybersecurity regulation adopted at the January meeting of the Nevada Gaming Commission meeting is in effect and we expect licensees to fully comply with it,” the NGCB said.
Test case: The cyberattack on Wynn tested a series of recently approved amendments to Nevada Gaming Commission Regulation 5.260 designed to ensure transparency from licensees. The amendments require licensees to:
Notify the NGCB within 24 hours of a confirmed attack – a significant change from the previous 72-hour notification deadline.
The initial notification must then be followed by an Initial Cyber Incident Response report within five calendar days of the initial cyber incident. After the initial report, 30-day updates are required until the cyberattack is “fully resolved and documented.”
Alternatively, a licensee may meet with the board prior to putting anything in writing because they are still assessing the full scope of what has happened; though they would still be required to file a report 30 days after the meeting.
The amendments also allow the NGCB chair to move or modify the reporting requirement.
What the hell is going on? Nevada regulators believe the option of meeting with the board gives licensees enough time to figure out what is going on before submitting a report. “First and foremost, it was important for the board that the notification of the cyber security incident happens within 24 hours,” said NGCB chair Mike Dreitzer.
“Seventy-two hours, in practice, was just too long, so we had to change that to 24 hours.”
Dreitzer added that the reporting requirements for Nevada licensees now “comport with what we understand is now best practices.”
The new regulations also removed the term ‘cyberattack’ and replaced it with ‘cyber incident’.
Cyber worries: As the gaming industry continues to expand with new online offerings, businesses must bolster their cybersecurity policies to help to protect them from the latest methods of cyberattacks.
Regulators from Pennsylvania to New Jersey and Massachusetts have approved strict regulations designed to protect gaming companies, their employees and consumers.
Pennsylvania gaming cyber security rules, enforced by the Pennsylvania Gaming Control Board, mandate that operators adopt NIST Cybersecurity Framework-based information security policies, undergo annual audits and implement multi-factor authentication (MFA)
Licensees in New Jersey must also implement NIST-aligned programs and perform annual independent audits, but have 72 hours to report any breach to the state Division of Gaming Enforcement.
Key requirements include MFA for logins, and employee training to prevent phishing, along with secure procedures for password or PIN changes, including identity proofing.
The Massachusetts Gaming Commission (MGC) has implemented strict cybersecurity and data privacy regulations, requiring robust data protection, limiting data retention and mandating breach notification within five days of discovery.
Specifically, suspected data breaches must be reported to the MGC immediately, with investigations commencing within five-days of discovery.
The regulations mandate that personal data can only be kept as necessary for operating the platform or legal compliance.
The sharing of information with third-party vendors requires a written agreement ensuring data protection and security including encrypted transfers.
Elevate Your Data Security with Mindway AI
Mindway AI proudly announces SOC 2 Type 2 certification, reinforcing our robust security credentials alongside ISO 27001. We’re committed to surpassing industry standards in player protection, ensuring your data’s security, availability, and confidentiality.
Ready to enhance your player protection systems securely? Learn more
here.
The new tobacco
Smoking gun: The Public Health Advocacy Institute (PHAI), whose attorneys previously pursued the tobacco industry, has filed what it describes as a landmark product liability lawsuit against DraftKings, FanDuel, the NFL and Genius Sports.
The complaint alleges the defendants use sophisticated digital technology, including artificial intelligence and machine learning, to deliberately create addicted gamblers and encourage them to place ever more microbets.
Just as tobacco litigation argued that cigarette companies knowingly engineered a harmful and addictive product, the PHAI lawsuit frames online sports-betting platforms as defective and dangerous consumer products.
The complaint alleges the operators have “weaponized advancements in mobile technology and artificial intelligence” to push users toward microbetting.
No filter: The two plaintiffs, Pennsylvania residents Christopher Sage and Terry Thompson, said they were drawn deeper into betting through constant push notifications and personal “VIP hosts,” who contacted them directly on their mobile phones with promotional offers.
Between them they lost more than $2m, with Thompson alone losing approximately $1.83m and receiving perks including champagne and Super Bowl travel.
Kicking butt: The NFL is portrayed as uniquely implicated, not merely earning revenue through sponsorships and advertising with sportsbooks, but also holding a substantial equity stake in Genius Sports, the sole supplier of the NFL’s live data feed that makes microbetting possible.
A critical juncture will come if the case reaches pretrial discovery.
At that stage, the plaintiffs could seek internal emails and testimony about what company officials knew regarding the addictive qualities of their products.
This has echoes of the document battles that proved so damaging for the tobacco industry.
Calendar
Apr 28-29: Ethical Gambling Forum 2026, Leeds
May 26-28: Gambling & Risk Taking Conference, Las Vegas
Jun 4: Gaming in Holland, Amsterdam
GuardDog, powered by Underdog, is a pioneering investment fund dedicated to fostering innovation in responsible gaming.
GuardDog supports and accelerates early-stage startups focused on building new and creative solutions to address problem gaming and further responsible gaming.
Ready to be one of the underdogs of responsible gaming?
Visit to apply: https://underdogfantasy.com/guarddog
An +More Media publication.
For sponsorship inquiries email scott@andmore.media.
