Live Sports Betting — Global Compliant (Event-Sourced + Jurisdiction Router)

The global compliant architecture for live sports betting exists because gambling is one of the most heavily regulated industries in the world, and operating across multiple jurisdictions adds extraordinary complexity. Each jurisdiction — US states (NJ, PA, MI, CO, etc.), UK (Gambling Commission), EU member states (varying regulations per country) — has its own licensing requirements, responsible gambling mandates, reporting obligations, and audit expectations. A sportsbook that operates globally must comply with all of them simultaneously.

The V1 stream processing variant provides excellent throughput and real-time odds delivery, but it lacks three critical capabilities for global compliance: (1) jurisdiction-aware routing that ensures each bet is processed according to the rules of the user's registered jurisdiction, (2) pre-bet compliance checks for KYC (Know Your Customer), AML (Anti-Money Laundering), deposit limits, and self-exclusion, and (3) an immutable, tamper-proof audit trail that can survive regulatory inspection.

Event sourcing is the foundation of the compliance architecture. Every bet, settlement, compliance decision, and balance change is an immutable event appended to a log — never updated, never deleted. This creates a complete, tamper-proof history that satisfies regulatory requirements across all jurisdictions. If the UK Gambling Commission audits the platform, every bet placed by UK users can be reconstructed from the event log: what odds were offered, what compliance checks were performed, when the bet was placed, how it was settled, and when the payout was processed.

The jurisdiction router is a critical component that does not exist in simpler architectures. When a user places a bet, the router inspects their registered jurisdiction (determined during KYC onboarding) and directs the bet to the appropriate acceptance pipeline. US users in New Jersey follow NJ Gaming Commission rules. UK users follow Gambling Commission rules. EU users follow their country's specific regulations. This routing happens before the KYC/AML gate, which applies jurisdiction-specific compliance rules (different deposit limits per jurisdiction, different self-exclusion databases, different AML thresholds).

The reconciliation service is the platform's financial safety net. It runs hourly, comparing the event log (source of truth) against the balance database (derived state) and payment provider records (external verification). Any discrepancy — a missing settlement, a double-credit, balance drift — is flagged for investigation. In a regulated industry where financial accuracy is legally required, catching discrepancies within an hour limits the blast radius of any bug or failure.

This architecture is relevant in interviews at DraftKings, FanDuel, Flutter Entertainment (Betfair/Paddy Power), and Sportradar. Interviewers expect candidates to discuss event sourcing for auditability, jurisdiction-aware routing for regulatory compliance, KYC/AML as a cross-cutting concern, and the trade-off between compliance overhead (additional latency per bet) and regulatory necessity. The comparison with simpler variants highlights that the added complexity is not over-engineering — it is a legal requirement for operating in regulated gambling markets.

The global compliant architecture uses eleven components organized into four logical layers: edge routing, compliance, bet processing, and audit/reconciliation.

The edge routing layer handles traffic ingestion and initial routing. BettorClient connects through RegionalLB (geo-aware Application Load Balancer) to OddsGateway (API Gateway with JWT auth, rate limiting, and path-based routing). Odds requests are served from the existing odds infrastructure (not fully modeled here to focus on the compliance pipeline). Bet placement requests are routed to the JurisdictionRouter.

The compliance layer is the key differentiator from the V1 architecture. JurisdictionRouter inspects the user's registered jurisdiction from their KYC profile and routes the bet to the appropriate acceptance path. It adds jurisdiction metadata (jurisdiction code, applicable regulations, limit thresholds) to the request. KycAmlGate performs four compliance checks on every bet: (1) KYC status — is the user's identity verified? (2) Self-exclusion — has the user opted out of gambling? (3) Deposit limits — does this bet exceed daily/weekly/monthly limits? (4) AML screening — are there suspicious patterns (unusual bet sizes, rapid deposits, structuring)? Each check is a sub-5ms Redis lookup against pre-loaded compliance data. The gate adds 10-30ms to every bet but is legally required in all regulated markets.

The bet processing layer is similar to V1 but enhanced with compliance context. BetAcceptanceService receives compliance-cleared bets, validates odds against the Redis cache, debits balances in BalanceDatabase (PostgreSQL), writes the bet as an immutable event to EventStore (DynamoDB), and publishes to BetStream (Kafka). Every event includes full regulatory context: jurisdiction, compliance decision ID, KYC status, applicable regulations. This context is essential for regulatory reporting and audit.

The audit/reconciliation layer provides financial integrity assurance. SettlementService consumes bet events from Kafka and processes settlements identically to V1 (batch per event, idempotent). ReconciliationService runs hourly: it reads the event log from EventStore, sums debits and credits per user, compares against BalanceDatabase balances, and verifies against payment provider records. Discrepancies are flagged and written to AuditBucket (S3 with Object Lock). AuditBucket receives a copy of every bet event and settlement event as immutable JSON objects — these cannot be modified or deleted and serve as the legal record for regulatory inspection.

The S3 audit trail uses Object Lock in compliance mode, which means objects cannot be deleted even by AWS root account until the retention period expires (typically 7 years for gambling records). This provides stronger immutability guarantees than the DynamoDB event store, which can theoretically be modified by administrators. The S3 trail is the system's legal backstop — the evidence that would be presented in a regulatory hearing or billing dispute.

Scaling follows the same patterns as V1 with additional considerations for the compliance layer. JurisdictionRouter is CPU-light (5ms per decision) and scales easily to 160K RPS. KycAmlGate is IO-bound (4 Redis lookups per bet) and scales based on bet volume. BetAcceptanceService scales identically to V1's BetService. ReconciliationService scales based on event volume per hour — larger time windows require more workers.

Horizontal scaling with jurisdiction-level granularity: (1) JurisdictionRouter scales on overall bet volume — auto-scale at 70% CPU. (2) KycAmlGate scales on bet volume — each Redis lookup is ~5ms, so 600 threads handle 120K bets/sec. (3) BetAcceptanceService scales identically to V1 BetService (CPU-based auto-scaling). (4) SettlementService scales on Kafka consumer lag — add workers during heavy settlement periods. (5) ReconciliationService scales on hourly event volume — 4 workers handle 100K events/hour; double for peak periods. Pre-scaling for major events: 2 hours before Super Bowl, scale all compliance-path services to 3x and settlement workers to 5x. Jurisdiction-specific scaling: if a new US state launches and generates spike traffic, only the affected jurisdiction's pods are scaled.

Key metrics: (1) KYC/AML gate pass rate by jurisdiction — alert if any jurisdiction's pass rate drops below 90% (may indicate misconfigured rules) or rises above 99.5% (may indicate bypassed checks). (2) Jurisdiction router latency — should be < 10ms; spikes indicate config loading issues. (3) Reconciliation discrepancy count — alert on any non-zero critical discrepancy. (4) S3 audit write success rate — must be 100%; alert on any failure. (5) Settlement idempotency hits — count of duplicate settlement attempts; non-zero indicates Kafka consumer rebalance or crash recovery. (6) Per-jurisdiction bet volume — monitor for regulatory reporting (some jurisdictions require daily volume reports). (7) Self-exclusion check latency — must be < 5ms; spikes indicate Redis issues. Dashboard: Grafana with jurisdiction-level drill-down showing per-jurisdiction bet volume, compliance pass rate, settlement throughput, and reconciliation status. SLIs: bet acceptance p99 < 250ms (including compliance), settlement p99 < 5 minutes, reconciliation discrepancy detection within 2 hours.

At 100K concurrent users across 3 jurisdictions: RegionalLB + OddsGateway (~$200/month), JurisdictionRouter 8 pods (~$300/month), KycAmlGate 6 pods (~$250/month), BetAcceptanceService 20 pods (~$800/month), DynamoDB EventStore on-demand (~$1,200/month at 100K events/day), MSK Kafka 3-broker (~$600/month), BalanceDatabase PostgreSQL db.r7g.2xlarge (~$700/month), S3 AuditBucket (~$50/month for 36 GB/year + Object Lock), SettlementService 20 workers (~$400/month), ReconciliationService 4 workers (~$150/month), Redis compliance data (~$200/month). Total: ~$4,850/month infrastructure + ~$3,000/month for compliance data providers (self-exclusion databases, AML screening services). Grand total: ~$8,000/month. This is 2.3x the V1 cost, but the compliance infrastructure is legally required — the alternative is not operating in regulated markets.

Authentication: JWT tokens with jurisdiction-scoped claims (user's jurisdiction encoded in the token). Rate limiting: per-user bet rate limiting with jurisdiction-specific thresholds (UK allows higher frequency for horse racing). Anti-fraud: KYC/AML gate screens for suspicious patterns — large bets immediately after account creation, structuring (splitting large bets to avoid reporting thresholds), correlated accounts (multiple accounts from the same household). Responsible gambling: self-exclusion lists checked on every bet (legally required), deposit limits enforced pre-bet, cooling-off periods (24-hour freeze after voluntary limit decrease), reality checks (session duration notifications pushed to client). Data protection: PII encrypted at rest and in transit, jurisdiction-specific data residency (EU user data stays in EU region), GDPR pseudonymization for audit records. Anti-money laundering: AML transaction monitoring integrated with compliance gate, suspicious activity reports (SARs) filed automatically when thresholds are exceeded.

Canary deployment for all compliance-path services (JurisdictionRouter, KycAmlGate, BetAcceptanceService) — route 5% of traffic to the new version, monitor compliance pass rates and latency for 30 minutes, then gradually increase to 100%. Compliance configuration changes (new jurisdiction rules, updated deposit limits) are deployed independently from code changes via a config management system. DynamoDB and S3 require no deployment — they are managed services. Kafka topics are not modified during deployments. Rollback: immediate traffic shift back to the previous version at the ALB level. Jurisdiction-specific deployments: when regulations change in one jurisdiction, only the affected pods are updated — other jurisdictions are not affected.