Lotto.com cut gap assessment time in half, without adding a single hire

When Lotto.com launched in New Jersey in 2021, a patchwork of project management tools was enough to get by. Evidence collection happened in Jira. The risk register lived as a live Confluence article. Vendor assessments were tracked manually. With one state and a lean team, it was manageable. In 2024, the company was operating across eight states. By 2026, eleven, with Canada on the horizon. Each new jurisdiction brought its own regulatory footprint: labor and employment law, data privacy requirements, lottery-specific licensing, operational requirements, and general business regulations.

"Everything was very manual, we were using Jira and Confluence as best as we possibly could, but it was very labor intensive."

Evidence didn't live in the same place. Controls weren't connected to risks or vendors. The same person would upload the same evidence multiple times across different programs because nothing linked together. Gap assessments ballooned, sometimes extending beyond a full quarter to complete. The teams gathering evidence were feeling it too. The problem wasn't effort, it was that manual processes don't scale, and there was no roadmap to add headcount. Legal and compliance needed a way to grow its output without growing the team.

Lotto.com implemented Complyance and the change was felt immediately. Evidence could now be linked across controls once and applied wherever it was relevant, eliminating the duplicate submission burden that had fallen on teams across the organization. Gap assessments that had previously stretched past a full quarter now complete in six weeks.

"It was so manual and so disjointed. Now we have a process in place to upload new frameworks and programs very rapidly. And there's a lot of positive feedback from team members across marketing, product development, and elsewhere, reducing their labor on this as well."

For leadership, the shift is visibility. Custom roles can be created for executives so they can review the state of the program at any time, from high-level compliance health to specific frameworks and individual controls.

"It's one click to understand where we are at any given point in time. Whereas that may have taken us a couple of days to get back to them. Now they can just log in and take a look at it."

What's ahead is further automation, and then something more. Everything the team has unlocked so far runs on Complyance's workflow automations: rule-based, calendar-triggered processes that handle routing, reminders, and structured task flows without AI involved. The next layer is the AI agents: purpose-built for specific workflows, capable of running multi-step tasks autonomously.

The TPRM module's agents are first on the horizon: automating vendor questionnaires and analysis so the team doesn't have to process them by hand. The Evidence Review AI agent follows, designed to reduce the review burden on compliance associates who currently evaluate every piece of submitted evidence manually. The goal, in both cases, is the same as it's always been: free the team for judgment calls rather than process work.