Guidance
The prevention of money laundering and combating the financing of terrorism
Gambling Commission guidance for remote and non-remote casinos: Fifth edition (Revision 3).
2 - Risk-based customer due diligence and risk profiling
Customer risk assessments or customer risk profiling will be informed by the operator’s money laundering or terrorist financing or proliferation financing risk assessment. The operator should assess the extent to which a particular customer triggers the risk factors considered in the risk assessment and graduate the risk profile of the customer accordingly.
This allows operators to take a risk-based approach to customer due diligence, with measures being proportionate to their risk rating. The information that is collected at the commencement of the business relationship with the customer will enable the operator to determine the level of risk associated with the customer and, in turn, the initial and ongoing customer due diligence and monitoring that is required.
Operators will need to consider:
- who the customer is
- what they do, where they live and do business
- the nature of the product or service they require.
Full details of the source of funds to be used in the relationship will also need to be established using a risk-based approach.
The objective of risk-based customer due diligence is to ensure that, as the risks within the business relationship increase, so the level of information obtained and verified increases proportionally.
Risk profiling
The operator should have a policy that is graduated to reflect the risk of the customer. Any risk profiling should also include screening for politically exposed persons (PEPs) and sanctioned persons.
Operators are reminded that sanctions legislation prohibits doing business with sanctioned persons, and PEPs are considered high risk under UK AML legislation72.
Higher-risk customers
The authority for signing off new customers should be graduated according to risk. Higher-risk customers should always be escalated to senior management. There is also an expectation that firms will have systems in place to monitor customer behaviours and amend customer risk ratings accordingly. For example, a customer may initially be assessed as low risk but may later display activity which moves them to a high risk category.
For those customers rated as high risk, either initially or later in the business relationship, the firm will need to conduct mandatory enhanced customer due diligence73. This means employing additional measures, including approval from senior management for the business relationship, and conducting enhanced ongoing monitoring.
For some types of higher-risk accounts and relationships the customer’s source of wealth will also need to be established
Source of wealth checks are mandatory for PEPs74 and in the case of business relationships with customers situated in high-risk third countries or transactions where either of the parties to the transaction are resident in a high-risk third country75.
Lower-risk customers
For those customers assessed as low risk, the firm can conduct simplified customer due diligence. Those customers who are medium risk should undergo standard customer due diligence.
References
72Regulation 35.
73Regulation 35.
74Regulation 35(5).
75Regulation 33(3A).
Introduction Next section
Customer due diligence requirements
Last updated: 30 May 2023
Show updates to this content
Updated in line with version 3 of the guidance. References to 'proliferation financing' added.