The Gambling Commission (“GC”) has written to online casino operators warning them that they risk losing their operating licences following a recent compliance assessment exercise. 5 operators could lose their businesses. The actions that the GC expects operators to take to rectify the failings it has discovered must be implemented immediately, it says, issuing a stark warning about the consequences if they fail to do so.
The assessment has flagged up what the GC calls “significant concerns” about the remote casino sector’s management and mitigation of risks to the licensing objectives, and has resulted in investigations into 17 operators, with the GC currently considering whether to review the licences of 5 of them.
The compliance assessment appears initially to have been aimed at analysing compliance with the requirements to have measures in place to prevent money laundering and terrorist financing, but has uncovered concerns surrounding social responsibility, specifically, customer interaction, along the way.
The assessment looked at compliance with Licence Condition 12.1 of the GC’s Licence Conditions and Codes of Practice (prevention of money laundering and terrorist financing), the Proceeds of Crime Act 2002 and the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 (“the 2017 Regulations”).
The GC found that operators are not carrying out regular risk assessments examining the likelihood of their business being used for money laundering and terrorist financing, or updating and refining these as necessary to take into account the introduction of new products and technology, new payment methods, changes in customer demographic and any other material changes. As a result, they are failing to drive any, or any adequate, improvements in financial crime risk management, to determine the general and specific money laundering risks they are facing, and to evaluate how effective their anti-money laundering measures are.
The GC’s concern is that these failings put the licensing objective of keeping crime out of gambling at risk. Some companies, it says, are hiring money laundering reporting officers (“MLROs”) without any formal qualifications and who are unable to provide any suitable explanation as to what constitutes money laundering, which is quite shocking. It also found a general lack of understanding of how criminal spend could affect online casino operators’ businesses, which is quite alarming. Operators, it said, are not providing enough information about suspicious transactions to law enforcement agencies such as the National Crime Agency and the Financial Intelligence Unit. The GC said: “MLROs had neither made nor kept any note of specific cases of referrals and there were no documented risk assessments. There was also lack of understanding as to what would constitute ‘tipping off’”.
The GC also found failings relating to customer due diligence (“CDD”) and enhanced due diligence (“EDD”), which the 2017 Regulations require operators to conduct whenever establishing a business relationship and in any case where money laundering is suspected or E2000 or more is being transacted, EDD being required in higher risk cases. The GC’s initial investigations found a lack of evidence of ongoing monitoring of customer accounts. This lack of proactivity could lead to money laundering and socially irresponsible gambling incidents going unreported, it says.
The GC also pulls online casino operators up on training for staff, saying that they are falling short on providing adequate training, particularly on money laundering, record keeping and reporting suspicious transactions. Equally, there was a failure to record training given – something that should not present a problem, surely?
On social responsibility, the GC found a lack of effective and documented customer interaction in cases where the player’s behaviour might exhibit signs of problem gambling, by reference to indicators such as time or money spent. Over “a large number of customer accounts”, the GC identified potential signs of problem gambling, based on consumers’ behaviour and spend, where this had not triggered an interaction, where interactions had not been recorded, or where the operator had concluded (incorrectly, in the GC’s view) that there was no cause for concern.
As a result of all of its findings, the GC has put online casino operators on notice regarding the measures it expects them to take – immediately – to put things right. Generally, these involve a comprehensive review of their anti-money laundering and counter-terrorism financing and social responsibility policies, but with the spotlight on the following aspects:
- Risk-assessing the business for anti-money laundering and counter-terrorism funding vulnerabilities and putting policies and procedures in place to manage these effectively;
- Introducing CDD and EDD procedures that are sufficiently risk-focused and effective, including better risk-profiling of customers;
- Ensuring adequate recording/evidencing of customer interactions;
- Providing appropriate staff training, particularly in relation to anti-money laundering, counter-terrorism financing and declaring suspicious transactions; and
- Making use of all relevant sources of information in cases where problem gambling might be suspected.
These findings are only the result of the first batch of the GC’s assessments of remote casino operators and it is certain that further investigations and actions will follow. As always, the GC report majors on what it expects and gives no detail on how its expectations may be met. This is understandable, coming from the regulator: it is for online operators and their legal advisers to get their house in order. We should not be surprised by this, or see it as something new – these standards were in place from the off and any non-compliance needs to be addressed if operators are to protect their position.