Consultation response
Customer interaction guidance for remote gambling operators: Consultation Response
This response sets out our position in relation to the consultation around the guidance on new, more prescriptive, customer interaction requirements for operators.
Contents
- Executive summary
- Introduction
- Summary of responses
- Topic 1: The overall format, structure and language of guidance
- Topic 2: Introduction and Section A of the guidance – overarching content
- Topic 3: Section B of the guidance – Identify customers at risk of harm
- Topic 4: Section B of the guidance continued – Identify vulnerability
- Topic 5: Section C of the guidance – Take action for customers at risk of harm
- Topic 6: Section D of the guidance – Evaluate
- Topic 7: Further consultation questions
Topic 4: Section B of the guidance continued – Identify vulnerability
Proposals
Customers who are vulnerable may be significantly less able to understand the risks of gambling and the terms and conditions, and they may be at higher risk of experiencing negative outcomes from gambling. This is why we considered it important that the guidance supports the requirements of Social Responsibility (SR) Code Provision 3.4.3 by providing more information about which factors may suggest that a customer is in a vulnerable situation, and the types of action that a gambling operator can take.
We proposed in the consultation to explain in the guidance that a customer in a vulnerable situation is ‘somebody who, due to their personal circumstances, is especially susceptible to harm, particularly when a firm is not acting with appropriate levels of care’. This general approach was adopted in the Gambling Commission’s first Corporate Strategy 2018 - 2021 (PDF), where the Commission discussed the importance of an approach which took account of both the personal circumstances of the consumer and the actions of firms, as well as consideration of vulnerability which may be temporary or intermittent. This more dynamic approach to vulnerability has underpinned our proposed approach in the guidance document which we set out for consultation.
The proposed guidance document also set out the factors which we considered might make an individual more vulnerable to experiencing gambling related harm. These are personal and demographic, situational, behavioural, market related, and access issues. These issues were identified following an assessment of the approaches to vulnerability adopted by other regulators and a range of international bodies.
Consultation questions
- Vulnerability: Do you have any comments on the factors which might make a customer more vulnerable to experiencing gambling related harms or examples of how operators should identify vulnerable customers and take action?
- Indicators: Do you have any comments on the extent to which the Commission should provide further guidance about the types of indicators that should lead to different levels of action?
- Strong indicators: To what extent do you consider that the Commission should set out good practice examples of ‘strong’ indicators of harm? Please explain what examples could be included in the guidance document about operator good practice in setting a level for ‘strong’ indicators of harm.
- Do you have any other comments on Section B of the proposed guidance document?
Respondents’ views
We received examples from consumers of the interactions they have had with gambling operators, and in some cases how these were perceived to be too little or too late, missing opportunities to identify and act on clear indicators of harm.
Other respondents (including those representing charities) shared relevant research and case studies about gambling and vulnerability.
We also received examples from gambling operators of how they are already identifying and monitoring vulnerability. These included developing a ‘vulnerability policy’ and training programme, automated systems and ongoing monitoring and more efficient communication channels.
A number of responses from gambling operators to the question relating to vulnerability suggested that the factors that might make a customer more vulnerable to gambling related harms were ‘too broad’. There were concerns that this could lead to a disproportionate amount of customer interactions taking place which would be inconvenient to customers, cause significant costs to gambling operators and impede the protection of genuinely vulnerable people. Industry respondents considered that this part of the guidance could be exploited to increase the risk of fraudulent claims being made.
Some respondents suggested additional factors that they felt should be added to the table. Some respondents requested further examples of vulnerability, including more information on intermittent, temporary and permanent vulnerabilities and how these might be monitored. Some asked for further information on factors such as age and vulnerability (particularly in reference to ‘young adults’ - those aged 18 to 24 years of age).
Some suggested that the approach indicated that gambling operators have a ‘duty of care’, which they do not believe exists in the Gambling Act 2005 (opens in new tab).
Some respondents requested that the guidance include a definition of ‘gambling related harms’.
Respondents from gambling operators also raised concerns here about the expectations that the guidance places on employees to have discussions with customers about their experiences of vulnerability, and the impact this could have on them. While many agreed that staff should be well trained in identifying obvious signs when a customer is vulnerable, they requested that the guidance acknowledge that they are not trained medical professionals and 'may not always make perfect decisions'. Some also asked for further guidance on whether the Commission expects gambling operators to actively seek out information from customers on vulnerability.
Our position
We consider it is absolutely right that remote gambling operators consider how consumers might be in a vulnerable situation and how they can support them if they are aware of this situation. This is why the requirements of Social Responsibility (SR) Code 3.4.3 include requirements relating to vulnerability.
There is no requirement to screen all customers for all these vulnerabilities - at this time, we consider this would represent a disproportionate burden on customers as well as gambling operators.
As set out in the consultation, the Gambling Commission does not require in Social Responsibility (SR) Code Provision 3.4.3, or set out in the guidance document that gambling operators should assess all of their customers for all forms of vulnerability - requiring all customers to provide detailed health information in order to assess any factors which may indicate that a customer is vulnerable to gambling related harm is likely to be disproportionate to the risks and may have a disproportionate negative impact on persons with certain protected characteristics. This was borne out in the responses where a number of respondents misunderstood the requirements and considered that screening all customers was a requirement, and that this would be an unnecessary intrusion into the private lives of customers. We can therefore reassure and reiterate that our requirements on vulnerability, and the proposed guidance associated with vulnerability, primarily focus on circumstances where gambling operators should identify indicators of vulnerability from information already available to them.
Following consultation, we have added additional wording to the 'Aim' section of the guidance associated with this requirement, reiterating our position that: 'It is not the aim of this requirement that licensees screen all customers for each of the factors of vulnerability which are listed in the guidance, but rather that they consider and act on information that they have available to them.' This reflects that there have been compliance and enforcement cases where a gambling operator was aware of a customer in a vulnerable situation but did not consider this vulnerability indicator of harm when considering appropriate customer interaction approaches.
Following consultation, we also consider it appropriate for the guidance to take the following approaches:
- include all the factors that were listed in the proposed guidance - whilst the factors of vulnerability are broad, the requirement in Social Responsibility (SR) Code Provision 3.4.3 relating to what action must be taken and the associated guidance about how this should be achieved are proportionate
- however, we have made some changes within the guidance relating to examples associated with these factors for clarity and to focus on the examples we considered would be most useful and relevant. For example, we have reordered some content to show the escalating nature of some of the actions that can be taken - showing lighter-touch actions first
- in the 'Access' subcategory, we removed the example of dyslexia, considering that the wording of 'poor literacy or numeracy skills' more accurately describes the key issue relating to Access which may indicate - but not necessarily will indicate - that a customer is more vulnerable. We have retained the example actions that a gambling operator might take in response to concerns about Access factors of vulnerability that they have been made aware which were ensuring easily digestible information is made available for all customers, and reviewing the customer account for other indicators of harm, and continuing to monitor closely
- emphasise the importance of temporary or intermittent vulnerable situations or factors - the guidance has been amended to show how some of the existing examples in the guidance set out for consultation related to temporary or intermittent situations
- reiterate the importance of gambling operators using all information available to them as part of their customer interaction approaches and taking action to reduce harm to consumers
- include further detail on the considerations relating to young adults, who we consider to be vulnerable to help explain the content of the guidance more fully
- include in the ‘additional information’ section links to research about gambling harms which gambling operators may wish to consider further over time. This additional information is not required to be taken into account. We did not consider it necessary to define gambling harms in this section of the guidance as the relevant research helps provide any additional information that may help gambling operators in their consideration of harms.
We do not consider it necessary or appropriate to include content in the guidance relating to staff wellbeing for those who may be handling customer interactions. This is a matter for gambling operators as employers to consider as is the case for businesses which handle sensitive matters in other sectors (for example customer service representatives in the financial or energy sectors dealing with sensitive issues such as challenges in paying bills). However, it is not necessary for us to specify this in the guidance as a matter which gambling operators would be required to take into account. We recognise that gambling staff are not trained medical professionals but note that there is nothing in the requirements themselves or the associated guidance that indicates a need for staff to be medical professionals or to diagnose medical conditions.
Further equalities considerations
In the consultation, we set out that the Commission has due regard to the need to eliminate discrimination, advance equality of opportunity and foster good relations. We explored two issues in particular in relation to potential equalities impacts associated with the guidance and asked for views.
In setting the requirements for customer interaction, and drafting the proposed guidance, the Commission considers that any decisions to cease a customer relationship or place restrictions on a customer should be tailored to the customer’s individual circumstances and not based solely on personal, demographic or other relevant factors for the customer. We flagged that we considered that the latter approach could have a disproportionate effect on persons with certain protected characteristics.
Not everyone who is in the different circumstances set out in the guidance is automatically vulnerable to gambling harm - the factors may not be a representation of vulnerability in any given situation. Importantly, our use of the factors within the guidance also does not mean that the Commission seeks for set responses to every customer in these same circumstances - vulnerabilities differ and the appropriate response will depend on the situation.
Following consultation, we reiterate that decisions for customer interaction should take account of the full information that is available to the gambling operator and not be based on any one vulnerability factor. This is because - as respondents rightly pointed out - a customer may be in vulnerable circumstances which do not affect their gambling and should not influence decisions on customer interaction.
The final guidance indicates that action must be tailored to the individual circumstances, depending on the number and severity of the indicators of harm, and it may most often be appropriate to offer support to customers who may be in a vulnerable situation, rather than impose any restriction on gambling.
Expanding on the position set out in the consultation document, we consider that the imposition of any restrictions that were not tailored to the individual circumstances of a customer could have a disproportionate effect on persons with certain protected characteristics. We therefore do not seek in the guidance to support any such one-size fits all approach.
Data protection considerations
We received some queries as part of the consultation responses concerning data protection considerations.
Some key points to take into account are as follows.
Gambling operators are already required to process personal data for the purposes of consumer protection. This includes for the purposes of self-exclusion and those gambling operators who are trialling the sharing of information about customers at risk of harm in the GamProtect model. Therefore gambling operators already have processes in place for the processing of personal data, which at times may include Special Category Data.
Customer interaction requirements have been in place for many years. This requires gambling operators to take account of indicators of harm and process that data in order to conduct customer interaction to minimise the risk of harm. Some gambling operators told us in their responses that they already process data in relation to vulnerability due to their introduction of vulnerability policies. These vulnerability policies should already be taking account of the processing of personal data, which at times may include Special Category Data.
The Information Commissioner’s Office (ICO) provides detailed guidance about the lawful bases for legal processing of data, including where relevant Special Category Data. However, please note the points in the previous paragraphs that reflect that the Commission is not suggesting that gambling operators routinely gather and process data about all the different factors of vulnerability for all customers as this would be unduly intrusive and disproportionate.
In compliance cases where vulnerability indicators of harm had not been acted on, the gambling operator was already collecting and processing data about the vulnerability. For example, in a case about a customer who had received a lump sum for ill-health retirement, the information about ill-health retirement was being processed in relation to source of funds, but was not acted on in relation to vulnerability. Therefore, gambling operators should already be considering how they are storing and processing such data.
Gambling operators may wish in particular to consider ICO guidance in relation to the legal obligation basis for data processing (opens in new tab) and the ICO guidance in relation to special category data (opens in new tab). This guidance includes information about how in order to lawfully process special category data, including that a gambling operator must identify both a lawful basis under Article 6 of the United Kingdom (UK) General Data Protection Regulation (GDPR) and a separate condition for processing under Article 9.
Particular attention is drawn to Paragraph 18 of Schedule 1 of the Data Protection Act 2018 (opens in new tab), which relates to Safeguarding of children and of individuals at risk, and to the ICO's information about an appropriate policy document. An appropriate policy document is a short document outlining your compliance measures and retention policies for special category data. The Data Protection Act 2018 says you must have one in place for almost all of the substantial public interest conditions (and also for the employment, social security and social protection condition), as a specific accountability and documentation measure.
Topic 3: Section B of the guidance – Identify customers at risk of harm Next section
Topic 5: Section C of the guidance – Take action for customers at risk of harm
Last updated: 26 October 2023
Show updates to this content
Formatting changes.