Raising Standards for consumers - Compliance and Enforcement report 2019 to 2020
4 - Anti-money laundering and counter terrorist ﬁnancing
Work to ensure gambling stays free from crime and the proceeds of criminal ﬁnance continues to be a major area of concern for the Commission. Signiﬁcant and substantial assessment continued for both land- based and online gambling businesses, including money service businesses activities offered by the casino sector.
Compliance activity and enforcement cases continue to show that some licensees’ money laundering (ML) and terrorist financing (TF) risk assessments, and policies, procedures and controls are not ﬁt for purpose.
We expect licensees to comply fully with the terms of their licence as relevant to anti-money laundering (AML) and counter terrorist ﬁnancing (CTF). Casino licensees must additionally comply with the requirements of The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (the Regulations), and pay close regard to the various guidance documents we publish which are available on the AML section of the Commission’s website. We provide regular updates on AML and CTF matters on our website and through industry newsletters.
There continues to be a lack of understanding of how to conduct a robust and appropriate risk assessment for the prevention of money laundering (ML) and terrorist ﬁnancing (TF) for gambling businesses.
Areas where operators fall down often include:
- Insufficient depth of knowledge demonstrated by Personal Management Licence holders which has led to concerns as to competency and integrity.
- Operators adopting a ‘one size ﬁts all’ approach to their Risk Assessment when it should be tailored to the speciﬁc ML and TF risks pertinent to their business
- Failure to adequately demonstrate their Risk Assessment has due regard to the Commission’s Risk Assessment and that they are keeping up to date with ﬂuctuating standards in alternative jurisdictions whilst rigorously meeting GB legislation and standards.
- Where the over-arching Risk Assessment is deﬁcient, this can naturally lead to ineffective policies, procedures and controls.
- Operators and PML holders failing to learn lessons from the Commission’s compliance and enforcement activity.
- Failure to provide regular, quality training to staff including Money Laundering Reporting Officers and Nominated Officers and possess sufficient ‘Know Your Employee’ data.
- Demonstrating a static and ineffective approach to customer risk proﬁling and enhanced customer due diligence when it should be dynamic and capable of identifying both current and developing risks.
We are encouraged to see positive examples where some operators have more closely integrated their VIP management teams with their AML and CTF teams. Integrating social responsibility and the prevention of ﬁnancial crime, which are frequently co-dependent issues, is a positive and encouraging improvement and we encourage other operators to consider embedding this approach into their existing practices. We have also been encouraged by signiﬁcant investment by some operators in systems and techniques to proﬁle customers. AML and CTF are areas where collaboration and evaluation of what works could be shared between operators to reap additional beneﬁt for themselves and consumers.
Our notable enforcement cases
Further failures at land-based casinos which resulted in Commission action include:
- Failures to carry out effective source of funds checks, including on one customer who was allowed to drop approximately £3,500,000 and lose £1,600,000 over three months.
- Failure to obtain adequate source of funds evidence for a politically exposed person (PEP) who lost £795,000 over 13 months.
- Failure to carry out enhanced customer due diligence on a customer who lost £240,000 over 13 months.
- A customer whose stated profession was a waitress who was allowed to buy in for £87,000 and lose £15,000 over 12 months.
Online licensees’ compliance and enforcement activity revealed:
- A customer who had been the subject of 18 risk and fraud team reviews being permitted to deposit more than £494,000 over 17 months. The customer was subsequently convicted of fraud.
- An operator failing to independently verify source of funds information originating from the customer and relying on only open source checks and representations by the VIP manager. The customer was able to deposit more than £8,000,000 in 4 years until the account was ultimately closed following police contact.
- An unemployed customer depositing £1,600,000 and losing in excess of £700,000 over three years. The operator failed to conduct independent checks and relied upon open source information and unveriﬁed information from the customer
- A customer being permitted to deposit over £1,000,000 and lose more than £270,000 despite their level of activity and spend not being supported by their stated income, their use of a business bank account, providing an address different to that linked to either bank account and the identiﬁed use of pay day loans.
During the year we published advice to operators through public statements. You should consider the following to ensure you are complying with the terms of your licence:
Is risk being ‘owned’ at an appropriately senior level within your business, and are conﬂicts of interest avoided? If a casino business, do you have a Senior Manager or a Board Director who has oversight of AML and CTF compliance? Have you notiﬁed the Commission who this is? Do you inform the Commission of changes to those positions within 14 days?
Are you conﬁdent commercial considerations do not outweigh your regulatory responsibilities and compliance with the conditions of your licence?
Is your money laundering and terrorist ﬁnancing risk assessment appropriate to your business? Have you taken into account the Commission’s Money Laundering and Terrorist Financing Risk Assessment, and the high-risk factors detailed in our guidance?
Have you ensured you have clear, up to date, and ﬁt for purpose AML and CTF policies, procedures and controls available to all who require guidance within your business?
Have you reviewed your risk assessment, and policies, procedures and controls in accordance with your licence requirements?
Have you ensured your policies, procedures and controls have been informed by our most up to date Commission guidance for AML and CTF? Are you assuming if you comply with the AML and CTF requirements of an overseas regulator that you are in compliance with the Commission’s requirements?
Are your policies, procedures and controls informed by the risks identiﬁed in your business’s money laundering and terrorist ﬁnancing risk assessment? Are they revised when the risks change? Are they revised when the Commission publishes information on emerging risks or revises its guidance?
Are your systems and controls appropriate for your business? Do you regularly assess the adequacy of your systems and controls and their effectiveness in mitigating your business’s identiﬁed money laundering and terrorist ﬁnancing risks?
Do you ‘Know Your Customer’ (KYC) and are you gaining a complete picture of the customer’s source of funds, particularly in relation to VIP customers and PEPs (casinos only)? Are you critically assessing assurances you receive as to your customer’s source of funds? Are your procedures triggered at an appropriate stage of the relationship with the customer?
Do you require customers to provide their occupation upon registration and then proﬁling their income for affordability? Are you considering whether a declared occupation poses an increased risk of money laundering or terrorist ﬁnancing?
Are your customer risk proﬁles informed by your money laundering and terrorist ﬁnancing risk assessment, or are they treated as separate exercises with a disconnection between the risk assessment and risk proﬁles? Is your ongoing monitoring of customers sufficiently risk sensitive and timely?
Are you placing an over-reliance on monetary thresholds for customers’ risk triggers and ignoring other risk factors, such as source of funds, affordability and jurisdictional risk? Are you sufficiently curious about your customers source of funds and, if a Politically Exposed Person (PEPs), their source of wealth (casinos only)?
Is the level of customer due diligence (CDD) you conduct on speciﬁc customers informed by their risk proﬁle? Do you scrutinise transactions to ensure they are consistent with the customer’s risk proﬁle?
When conducting enhanced customer due diligence (ECDD) upon your customers (casinos only), are you being sufficiently curious about their source of funds, jurisdictional risk, product choice, and payment method and channel used, and considering what that means to your business and how it increase ML and TF risks?
Have you allocated sufficient resources to AML and CTF compliance within your business? Do you have an identiﬁed Nominated Officer (casino only) and/or Money Laundering Reporting Officers (MLRO)? Does your business give adequate resources to the NO and/or MLRO to undertake their speciﬁc legal duties sufficiently?
Do you have an accessible policy for employees setting out the role of the NO and/or MLRO within your business, and how employees can submit internal reports of suspicion of ML and TF to the NO and/or MLRO, including what employees should or should not do following such an internal report?
Are you regularly training employees about their AML and CTF responsibilities? Are you retaining records of AML and CTF training for future scrutiny? Are emerging risks, lessons learned from enforcement action and known risks provided to employees, to ensure that their knowledge is current for ML and TF risks?
Are you supporting your nominated officer with the appropriate resources and training, and do they have the authority to operate objectively and independently?
Is your approach based on a framework to mitigate risk? Once an internal money laundering alert has been raised, do you have in place procedures to ensure the alert is properly reviewed in a timely manner? Are decisions appropriately recorded, retained and available for scrutiny?
Have you ensured your staff have, and continue to receive, adequate training on AML and CTF matters, including how to recognise and deal with unusual transactions, account behaviour and other activities which may indicate money laundering or terrorist ﬁnancing activity?
Are you making records of customer interactions and transactions where necessary? Are you making records of your decisions as a MLRO and/or a NO in respect of customers, and decisions to report or not to report suspicions to the United Kingdom Financial Intelligence Unit?
Do you have sufficient oversight of third-party partner’s compliance with your licence conditions when promoting gambling facilities on your behalf? Are customer interactions and source of funds records being maintained? Are third-party employees acting contrary to your licence conditions and exceeding the terms and conditions of the service agreed with them?
Customer Interaction and Social Responsibility failings Next section
Personal Management Licence Reviews