Skip to main content

The prevention of money laundering and the financing of terrorism

Retention period

7.26 Records of identification and verification of customers must be kept for a period of five years after the business relationship with the customer has ended, for example where the customer closes their gambling account with the operator or ceases to visit or use the casino (regulation 40(3)). 

7.27 Supporting records must be retained for a period of five years from the date the businessrelationship ended (regulation 40(3)). 

7.28 Upon expiry of the five year retention period, any personal data must be deleted unless:

  • the casino operator is required to retain records containing personal data by or under any law or the purposes of any court proceedings
  • the subject of the data has agreed to the retention of the data, or
  • the casino operator has reasonable grounds for believing that records containingthe personal data need to be retained for the purposes of legal proceedings (regulation 40(5)). 

7.29 Records of internal and external reports on suspicious activity should be retained for five years from when the report was made. 

Next chapter: Form in which records are to be kept