Report
Raising Standards for consumers - Compliance and Enforcement report 2020 to 2021
The Gambling Commission's report on Compliance and Enforcement action 2020 to 2021
Common poor practices
Inadequate due diligence measures:
Repeated instances of inadequate customer due diligence (CDD) and enhanced due diligence (EDD) measures in place, along with insufficient KYC (Know Your Customer) checks.
Failure to fully consider the full range of circumstances in which EDD is to be applied:
For example, wherever there is a higher risk of ML/TF as required under Regulation 33 of The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (opens in new tab). Examples include failing to apply EDD on Politically Exposed Persons (PEPs) and customers residing in high risk jurisdictions . The Commission’s casino and non-casino guidance states that:
higher risk customers should be subjected to a frequency and depth of scrutiny greater than may be appropriate for lower risk customers.
Failure to take account of:
- money laundering and terrorist financing risks within the British gambling industry
- guidance for non-remote and remote casino operators on anti-money laundering
- duties and responsibilities under the Proceeds of Crime Act 2002 (POCA) (guidance for non-casino operators)
- High Value Customers: Industry guidance
- Licence Condition 12.1.1.(3) of the Licence Conditions and Codes of Practice (LCCP) which requires operators to take into account any applicable learning or guidelines published by the Commission
- risks identified in the Commissions’ risk assessment of the money laundering and terrorist financing risks in Great Britain’s gambling industry.
Operators referencing out-of-date Commission-issued guidance and or advice: We expect operators to keep up to date with any guidance and or advice we provide and to then update their ML and or TF risk assessment(along with policies, procedures, and controls accordingly) based on this guidance and or advice.
Over reliance on third party providers to conduct due diligence checks:
One remote casino operator had no controls in place to oversee third party activities. The Commission’s casino anti-money laundering guidance and non-casino anti-money laundering guidance states that:
operators should give due consideration to the money laundering risks posed by their business-to-business relationships, including any third parties they contract with.
Social Responsibility Code Provision 1.1.2 of the LCCP states:
Licensees are responsible for the actions of third parties with whom they contract for the provision of any aspect of the licensee’s business related to licensed activities.
Delayed customer identification checks:
There is continued evidence of remote operators carrying out identity checks after the customer has been permitted to gamble. This is a breach of Licence Condition 17.1.1(1) which requires that:
Licensees must obtain and verify information in order to establish the identity of a customer before that customer is permitted to gamble.
Commercial considerations overriding the need to comply with AML and CTF provisions:
As part of ongoing compliance and enforcement activity the Commission has come across operator ML and TF risk assessments that place more importance on areas such as adverse media coverage and reputational damage to their business. There have been instances of operators stating that failure to comply with social responsibility and or AML/CTF requirements will draw negative press, whereas the operator’s primary concern should be concentrating on how to mitigate the risks of ML and TF.
Operators having no clear methodology in place in their ML and TF risk assessments:
By having an inadequate risk assessment methodology in place, operators will not be able to fully gauge the extent of the ML and TF risks relevant to their business (leading to weak policies, procedures, and controls).
Vague references made in operator ML and TF risk assessments:
These have included passing statements made in risk assessments such as, ‘customer monitoring’ or ‘KYC checks’ taking place with no details provided on what these measures actually consist of. Other issues include statements such as ‘pre-paid cards and or cryptoassets not accepted’, but again no details have been provided on how the operator prevents such payments and or payment methods.
Problem gambling, ML, and TF:
Repeated examples of operators not considering how problem gambling can be linked to ML and TF. The Commission’s casino and non-casino anti-money laundering guidance states that:
a pattern of increasing spend or spend inconsistent with apparent source of income could be indicative of money laundering, but also equally of problem gambling or both.
High financial thresholds in place before CDD or EDD measures take place:
Repeated instances whereby high and arbitrary financial threshold trigger limits have been set by operators with no underpinning rationale. Such high financial thresholds have repeatedly resulted in CDD and EDD being delayed, which led to financial crime occurring where it should have been identified at a much earlier stage in the customer’s journey.
High financial thresholds based on losses, deposits, or winnings only:
One remote operator only carried out EDD measures once a customer incurred a loss of £12k in a year. The Commission’s casino and non-casino anti-money laundering guidance states that:
in order to be able to detect customer activity that may be suspicious, it is necessary to monitor all transactions or activity.
Furthermore, Regulation 27(5) of the Regulations states that a
transaction’ consists of ‘the deposit of funds…or the collection of winnings, including the withdrawal of funds.
The ML/TF risk assessment not being fully used to inform policies, procedures and controls:
Licence Condition 12.1.1 requires operators to develop and implement a ML/TF risk assessment which should then be used to develop and implement policies, procedures, and controls to prevent financial crime.
Previous sectionIssues identified through casework Next section
Our requirements
Last updated: 26 October 2023
Show updates to this content
Formatting issues corrected only.