Skip to main content

Anti-money laundering – compliance advice

All gambling businesses are subject to the Proceeds of Crime Act (POCA) and have a responsibility to keep crime, including money-laundering, out of gambling. Non-remote and remote casinos have additional responsibilities under the Money Laundering Regulations.

Our ongoing compliance work continues to identify weaknesses in the ability of gambling businesses to meet their responsibilities, leading to the publication of a number of public statements which set out details of anti-money laundering failings together with the steps taken by the businesses to address them.

We’ve gathered some of the key themes, along with a summary of actions and questions you should be considering to mitigate the risks of non-compliance for your business.

Identification and verification of customers

When establishing a business relationship with a customer, you should give due consideration to the following:

  • the potential risk posed by the customer
  • whether it is necessary to do 'Know Your Customer' or due diligence checks
  • whether it is known or suspected that the customer may launder money (including criminal spend).

For casino operators, a key requirement of the Money Laundering Regulations is to make checks on customers. Two approaches can be adopted by casino operators:

  • identifying and verifying the identity of all customers on entry to the premises
  • undertaking identification and verification when a customer approaches a deposit, spend or win of €2000.

Casino operators should also apply enhanced due diligence measures where:

  • the customer is a politically exposed person (PEP)
  • the customer comes from a high risk jurisdiction
  • there is any other situation which can present a higher risk of money laundering such as an increase in frequency or spend by a customer, or their inclusion on a sanctions list.

We encourage businesses across the industry to ensure the sources of information used to carry out due diligence checks are suitable to mitigate the full range of risks to which you might be exposed.

Questions for you to consider:

  • Are you confident you can evidence all of the information you rely on when assessing a customer’s risk?
  • Is there over-reliance on checks made by third parties?
  • Is your enhanced due diligence applied to customers on a risk-sensitive basis? 
  • Are customers’ source of funds and source of wealth adequately investigated? 
  • Do you know where customer money is coming from? 
  • How frequently are you asking questions about established customers?

Ongoing monitoring, record keeping and training

Casino operators must carry out ongoing monitoring of a business relationship, keep records of customers (including evidence of the customers’ identity and supporting records of the customer relationship) and ensure staff receive appropriate training in respect of the Money Laundering Regulations.

Casino operators should also be mindful that the offence of money laundering includes criminal spend (the use of criminal proceeds to fund gambling as a leisure activity), and ensure staff are trained to recognise this.

Questions for you to consider:

  • Are you conducting appropriate ongoing monitoring and how can you evidence this? 
  • Can you demonstrate that all relevant members of staff understand their duties in relation to the licensing objective of keeping crime out of gambling, including the reporting of suspicions, and that staff in key positions have sufficiently broad, up-to-date and accurate knowledge? 
  • Are decisions being recorded, and are they being kept for 5 years?

Policies and procedures

You must ensure that policies and procedures are up to date and reflect what is known about indicators of money laundering and problem gambling.

For example, we expect your business to maintain policies that factor in the use of multiple debit/credit cards and multiple third party online e-money accounts to deposit to and withdraw from gambling accounts in assessing potentially suspicious or problematic behaviour.

You must ensure that the arrangements in place to monitor customers (including sources of information, the accounts they hold and patterns of transactions) are sufficient to manage the risks to which your business is exposed.

Questions for you to consider:

  • Can you demonstrate that the policies and procedures in place for obtaining information about customers’ sources of funds are appropriately risk-based, fit-for-purpose and, crucially, that they are being implemented effectively? 
  • Are you effective at managing your anti-money laundering controls, including in connection with criminal investigations, and responsible gambling obligations?

Reporting suspicion

Whilst only casinos need to appoint nominated officers, we recommend that all gambling businesses consider appointing a nominated officer, as this will help meet your obligations under POCA more effectively.

You must ensure that any employee reports to the nominated officer where they have grounds for knowledge or suspicion that a person or customer is engaged in money laundering or terrorist financing. 

Your nominated officer must consider each report, and determine whether it gives grounds for knowledge or suspicion. If the nominated officer determines that a report does give rise to grounds for knowledge or suspicion, they must report the matter to the National Crime Agency (NCA).

Under POCA, the nominated officer is required to make a report to the NCA as soon as is practicable where there are grounds for suspicion that another person, whether or not a customer, is engaged in money laundering.

If patterns of gambling lead to a steadily increasing level of suspicion of money laundering, or even to actual knowledge of money laundering, you should seriously consider whether to allow the customer to continue using your gambling facilities.  

Questions for you to consider: 

  • Are you submitting information about suspicious transactions to law enforcement agencies as only one aspect of effectively managing risks to your company, or on the basis that it provides ‘cover’ to continue with a business relationship? 
  • Are you focusing on the risk of committing the criminal offence of 'tipping off' at the expense of the risks of committing criminal offences by accepting money where you have knowledge or suspicion of money laundering? 
  • Are decisions being recorded?

Management of regulatory risk 

You should apply the rigour of your commercial management systems to the regulatory risks involved, and ask the right questions at the right time. Commercial and business information should be considered for anti-money laundering and social responsibility purposes when transacting with customers. 

You should review your own arrangements in the light of recent compliance cases. You should also be particularly careful to ensure that, in managing your trading room operations, you do not put at risk your regulatory obligations. 

Make sure your arrangements for the effective governance of trading room functions do not expose you to unnecessary and unacceptable risk to your ability to deliver the licensing objectives and comply with the conditions and codes attached to your licence. 

Questions for you to consider:

  • Have you reviewed your own arrangements in relation to management of regulatory risk within the commercial environment?
  • Do you ensure commercial imperatives do not crowd out management of regulatory risk?
  • Are you managing trading and the competitive nature of the trading room in combination with meeting regulatory obligations? 

Risk-based approach 

As a condition of your licence, you must conduct and keep up to date an assessment of money-laundering risks to your business and manage them with appropriate policies, procedures and controls. 

The risk-based approach involves a number of discrete steps in assessing the most proportionate way to manage and mitigate the money laundering and terrorist financing risks faced by your business. These steps are: 

  • identify the money laundering and terrorist financing risks that are relevant to your business
  • design and implement policies and procedures to manage and mitigate these assessed risks
  • monitor and improve the effective operation of these controls
  • record what has been done, and why.

Casino operators should also apply a risk-based approach to due diligence and should therefore consider whether it is appropriate to: 

  • seek further verification from the customer
  • request information on the source of the funds
  • conduct enhanced ongoing monitoring
  • cease the business relationship.

Questions for you to consider: 

  • Can you demonstrate that the level of due diligence and ongoing monitoring applied to customers has been determined on the basis of an informed risk assessment?
  • Have you established and do you maintain written risk-based policies and procedures?