Guidance
The prevention of money laundering and combating the financing of terrorism
Gambling Commission guidance for remote and non-remote casinos: Fifth edition (Revision 3).
8 - Retention period
Records of identification and verification of customers must be kept for a period of five years after the business relationship with the customer has ended, for example where the customer closes their gambling account with the operator or ceases to visit or use the casino.148
Upon expiry of the five-year retention period, any personal data must be deleted unless:
- the casino operator is required to retain records containing personal data by or under any law or the purposes of any court proceedings
- the subject of the data has agreed to the retention of the data, or
- the casino operator has reasonable grounds for believing that records containing the personal data need to be retained for the purposes of legal proceedings.150
Records of internal and external reports on suspicious activity should be retained for five years from when the report was made.
References
148 Regulation 40(3).
149 Regulation 40(3).
150 Regulation 40(5).
Supporting records (gaming machines) Next section
Form in which records are to be kept
Last updated: 30 May 2023
Show updates to this content
Updated in line with version 3 of the guidance. References to 'proliferation financing' added.