Skip to main content

Prevention of money laundering and the financing of terrorism


6.88 A casino operator may rely on certain third parties to apply the required CDD measures, however, the operator remains liable for any failure to apply such measures (regulation 39(1)). 

6.89 The third parties which may be relied on are:

  • other persons who are subject to the requirements of the Regulations (financial institutions, credit institutions, auditors, insolvency practitioners, external accountants, tax advisers, independent legal professionals, trust or company service providers, estate agents, high value dealers, and other casinos)
  • persons who carry on business in another EEA state (other than the UK) who is subject to requirements in national legislation implementing the Directive as an obliged entity, and is supervised for compliance with the requirements in the Directive
  • persons who carry on business in a third country who are subject to requirements inrelation to CDD and record keeping which are equivalent to those in the Directive,and are supervised for compliance with those requirements (regulation 39(3)).  

6.90 A casino operator may not rely on a third party established in a country which has been identified by the EC as a high risk third country (regulation 39(4)). 

6.91 When a casino operator relies on a third party to apply CDD measures, it:

  • must immediately obtain from the third party all the information needed to satisfy the requirements for the identification and verification of the customer, any beneficial owner and any person acting on behalf of the customer
  • must have an arrangement with the third party that:
    • enables the operator to obtain from the third party immediately on request copies of any identification and verification data and other relevant documentation on the identity of the customer, beneficial owner or any person acting on behalf of the customer
    • requires the third party to retain copies of such data and documents for a period of five years beginning on the date that the business relationship with the customer ended (regulation 39(6)). 

6.92 A casino operator will be treated as having complied with the requirements listed in the previous paragraph if:

  • the operator is relying on information provided by a third party which is a member of the same group as the operator (for example, in the case of group companies with overseas casinos)
  • that group applies CDD measures, rules on record keeping and programmes against money laundering and terrorist financing in accordance with the Regulations, the Directive or rules having equivalent effect
  • the effective implementation of these requirements is supervised at group level by an authority of an EEA state with responsibility for implementation of the Directive or by an equivalent authority of a third country (regulation 39(6)). 

6.93 A casino operator is permitted to apply CDD measures by means of an agent or an outsourcing service provider, provided that the arrangements between the operator and the agent or service provider make clear that the operator remains liable for any failure to apply the CDD measures (regulation 39(7)).

6.94 In this context, an outsourcing service provider is a person who performs a process, service or activity on behalf of the casino operator and is not an employee of the operator (regulation 39(8)). 

6.95 Your attention is also drawn to paragraph 1.44 which highlights the need for operators to consider the risks posed by third parties they contract with.

Next chapter: Requirement to cease transactions or terminate relationship