Skip to main content

Prevention of money laundering and the financing of terrorism

Customer due diligence measures

6.8 CDD measures consist of:

  • identifying the customer, unless the identity of the customer is known to, and hasbeen verified by, the casino operator
  • verifying the customer's identity, unless the customer's identity has already beenverified by the casino operator
  • where there is a beneficial owner who is not the customer, identifying the beneficial owner and taking reasonable measures to verify the identity of the beneficial owner so that the casino operator is satisfied that it knows who the beneficial owner is 
  • assessing and, where appropriate, obtaining information on the purpose and intended nature of the business relationship (regulation 28). 

6.9 Where a person claims to act on behalf of a customer (such as an agent), the casino operator must:

  • verify that the person is authorised to act on the customer's behalf
  • identify the person
  • verify the person's identity on the basis of documents or information which, in eithercase, is obtained from a reliable source which is independent of both the personand the customer (regulation 28(10)). 

6.10 For the purposes of CDD, 'verify' means verifying on the basis of documents or informationwhich, in either case, have been obtained from a reliable source which is independent ofthe person whose identity is being verified. Documents issued or made available by anofficial body are to be regarded as being independent of a person even if they are providedor made available to the casino operator by, or on behalf of, that person (regulation 20(18)). 

6.11 These requirements apply to customers of both remote and non-remote casinos. Aside from these checks being a statutory requirement in the Regulations, they also help casino operators to avoid the commission of criminal offences under POCA. 

6.12 The Regulations define casino as 'the holder of a casino operating licence' (regulation 14(1)(b). The holder of a casino operating licence does not need to repeat CDD if a customer visits another casinooperated by that licensee. CDD records held by a casino operator will need to be available across the operator’s different casino premises and the policies and procedures must include details of how the operator will manage this. Casino operators should note that CDD is ongoing and may need updating for changes in the customer’s circumstances and personal details.

6.6 Casino operators must also apply CDD measures:

  • at other appropriate times to existing customers on a risk-based approach
  • when the operator becomes aware that the circumstances of an existing customer relevant to its risk assessment for that customer have changed (regulation 27(8)). 

6.13 The ways in which a casino operator meets the requirements for CDD and the extent of themeasures it takes must reflect the risk assessment it has carried out, and its assessment ofthe level of risk arising in any particular case. This may differ from case to case (regulation 28(12)). 

6.14 In assessing the level of risk arising in a particular case, casino operators must take account of factors including, among other things:

  • the purpose of a customer account, transaction or business relationship
  • the amount deposited by a customer or the size of the transactions undertaken by the customer
  • the regularity and duration of the business relationship (regulation 28(13)). 

6.15 A casino operator is not required to continue to apply CDD measures in respect of a customer where all of the following requirements are met:

  • the operator has taken CDD measures in relation to the customer
  • the operator has submitted a suspicious activity report under POCA or the Terrorism Act, and
  • continuing to apply CDD measures in relation to the customer would result in the operator committing tipping off offences under POCA or the Terrorism Act (regulation 28(15)). 

6.16 Casino operators should satisfy themselves that the sources of information employed to carry out CDD checks are suitable to mitigate the full range of risks to which they might be exposed, and these would include money laundering and social responsibility risks. For example, local or open source information, such as press reports, may be particularly helpful in carrying out these checks. However, operators should ensure that they are not placing an overreliance on one source of information to conduct these checks.

6.17  Casino operators must be able to demonstrate to the Commission that the extent of the

CDD measures they take are appropriate in view of the risks of money laundering and terrorist financing, including risks:

  • identified by the operator's risk assessment
  • identified by the Commission and in information made available by the Commission (regulation 28(16)). 

Next chapter: Timing of verification