Cookies on the Gambling Commission website

The Gambling Commission website uses cookies to make the site work better for you. Some of these cookies are essential to how the site functions and others are optional. Optional cookies help us remember your settings, measure your use of the site and personalise how we communicate with you. Any data collected is anonymised and we do not set optional cookies unless you consent.

Set cookie preferences

You've accepted all cookies. You can change your cookie settings at any time.

Skip to main content

Consultation response

Summer 2023 consultation – Proposed changes to LCCP and RTS: Consultation Response

This response sets out our position in relation to the consultation on the proposed changes to LCCP and Remote Gambling and Software Technical Standards.

Our position: Light-touch financial vulnerability checks

Frictionless, light-touch financial vulnerability checks – 2 stage implementation.

Overall decision

We confirm that we are introducing light-touch financial vulnerability checks following the consultation. These checks will identify financial vulnerability such as where a customer is subject to bankruptcy orders or has a history of unpaid debts. The checks will be introduced at a higher threshold from end August 2024, moving to a lower threshold in February 2025.

Some respondents to the consultation (particularly people with lived experience and academics), and some of the consumer research participants felt that the checks should simply apply to all customers at registration. This was due to the significant risk of harm to customers who may be bankrupt or have equivalent signs of financial vulnerability. We also note the view of some respondents who stated that gambling at these amounts could affect quality of life, given the low amounts of discretionary income for some customers and that in their view there is a higher risk of harm connected with gambling than some other activities. However, we did not think that it was necessary to introduce the check for all customers as we sought to target checks where they would be more relevant.

We also note that a significant number of responses considered that the thresholds proposed for the checks were too low and would as a result catch too many people. However, we consider that the light-touch nature of the check, the frictionless process without interruption of the customer journey unless there are risk flags, and the ability to tailor the response post a check all support the introduction of these checks.

Frictionless nature of the light-touch checks

We note that some respondents, such as gambling consumers, had concerns that the checks would not be frictionless. However, many gambling businesses responded to confirm that the checks they already conduct are currently frictionless. Many gambling businesses use third-party providers to conduct the checks. Responses received from these organisations who provide checks also indicated that they considered the process of conducting a check to be frictionless.

We have also supported this by maintaining the proposal that was in the consultation that checks would not prevent the continued gambling or making of deposits unless there were risk flags for that customer.

In the consultation, we set out that it may not be necessary to specify the timeframe during which a gambling business would have to complete a check and explored stakeholder views. Many gambling businesses and organisations who conduct checks confirmed that the checks can be carried out promptly, often in real-time. During the consultation process, some larger operators confirmed that they often conduct such checks alongside identity verification at the point of registration. We do not consider at this time that it is necessary to specify a timeframe for the check to be completed.

Action an operator may take post light-touch checks

The proposal was for light-touch checks that would be frictionless and we continue to consider this is an important consideration of the policy. We reiterate that the Gambling Commission does not consider that all flags connected with this check should result in one type of action. There remains a perception amongst some that the Commission expects a County Court Judgment (CCJ) for a parking ticket to be treated the same as bankruptcy and an assumption that we expect operators to default to ending the consumer relationship. This is not the case: customer interaction should involve actions which are tailored to the nature and severity of all the indicators of harm for that customer. A customer may be more effectively supported by the use of deposit limits or other tools rather than an end to the customer relationship, which could result in the customer moving to another operator.

We have clarified the wording following consultation on automated and manual processing. In the final light-touch vulnerability check provision, the requirement is that remote gambling businesses must consider the circumstances in which different forms of processing are appropriate in cases where a decision is taken for action following a check, and must also consider the circumstances in which immediate action is necessary to limit harm where significant risk is identified.

This wording is designed to articulate the position more clearly on data processing. Where there are no risk flags, the customer journey continues and there are no new requirements on gambling businesses, as was set out in the consultation. However, where there are decisions for action, the operator must have and implement policies and procedures on how the data processing will occur. This amendment responds to comments by gambling businesses who considered the original drafting confusing or misleading on the nature of data protection controls.

In some cases, as for other indicators of harm set out in Social Responsibility (SR) Code Provision 3.4.3, there may be circumstances where immediate action, such as pausing an account, is necessary to limit harm where significant risk is identified.

Guidance to support action following a check

The light-touch financial vulnerability check is designed to sit alongside existing requirements for customer interaction to identify customers at risk of harm and take action, set out in SR Code 3.4.3. The requirement following a light-touch check is to consider the financial vulnerability information the operator obtains, together with all the other information they know about the customer and are permitted to use, in order to assess risk, to take proportionate action when risk is identified, and record the rationale for the decision on proportionate action. This means that the operator should consider all the information they hold about the customer alongside the financial vulnerability check and tailor any action to the level of risk.

The Commission’s existing guidance for remote operators on customer interaction may assist operators in considering how to assess risk, how to take proportionate action and how to record rationale for decisions where action is taken.

Even where a light-touch check flags some level of risk, it is not assumed that the preferred action is to immediately take steps to prevent gambling or to cease the customer relationship entirely. It may be appropriate to consider steps to support the customer to gamble safely – for example through encouraging the use of deposit limits, or setting limits on behalf of the customer. In some cases, such as where a CCJ is flagged as part of a check and where there are no other indicators of harm, it may be that it is appropriate that no action is taken, subject to ongoing monitoring under customer interaction. In other cases, there may be signs of financial vulnerability as well as other indicators of harm, and moving to stronger action immediately is more appropriate. The following extracts of our customer interaction guidance for remote operators may be particularly relevant:

8.1. When a licensee is concerned that a customer may be experiencing harm, acting early and quickly is important to help stop or prevent the harm worsening. Identifying signs of harm and taking early action is a preventative measure, designed to enable a customer to gamble safely, or take action to reduce or prevent gambling where necessary.

8.3. As set out in requirement 9 [of SR Code 3.4.3], licensees must tailor the type of action they take based on the number and level of indicators of harm exhibited. Importantly, this may mean taking strong or stronger action straight away, rather than increasing action gradually. This will include giving consideration to refusing service or ending the business relationship where necessary.

Impact of the checks

We also can confirm that the checks do not affect a customer’s credit score. If the check is conducted via a third-party provider, the fact of the check may be visible to a customer when they check their own credit score. We will encourage providers to ensure that a check is accurately described when it appears in this way as we consider it could be confusing to customers to have this check described in terms that implies it uses anything other than publicly available data.

Data to be included in each check

As part of the government’s Review of the Gambling Act 2005, many operators shared examples of what they do for a light-touch financial check, and suggested that introducing such approaches consistently across operators would be suitable. Some operators shared that they already asked all customers to provide their postcode and employment status and job title at registration. This information is then used to estimate key factors, such as whether the customer lives in a deprived area and their likely salary, which may be used to inform an initial customer risk profile. In response to these suggestions, we set out proposals in our consultation that a financial vulnerability check would also combine aggregated data which may flag potential financial risk, to allow stakeholders to consider and comment.

As set out in the consultation, the use of postcode and job title may add some additional information that can support risk assessment by giving an indication of possible average salaries or the likelihood of deprivation. However, we also set out in the consultation that there were limitations and risks associated with such data, most notably that its use could give a false sense of reassurance. For example, customers who are financially vulnerable may still live in a postcode that is typically seen as wealthy and job titles and roles can also be misleading or have wide salary ranges associated. Similarly, the data could give a false sense of risk. Nevertheless, we felt it appropriate to include proposals in the consultation to allow stakeholders the opportunity to respond. Respondents generally (but not always) disagreed with the use of both postcode and job title, arguing that their use could be misleading. We note also that a small number of respondents considered that use of postcode could lead to discrimination and bias against some types of consumers from a particular postcode.

Our decision is that financial vulnerability checks will focus solely on publicly available data and, following feedback through the consultation, will not require gambling businesses to consider an individual’s personal details such as postcode or job title.

The consultation proposed that a financial vulnerability check was to include in the check publicly available data such as bankruptcies and Individual Voluntary Arrangements (IVAs) or equivalent. We did not specifically reference one relevant form of insolvency solution, which was nevertheless captured by the ‘or equivalent’ wording. These are Debt Relief Orders (DROs). They are another form of insolvency solution for personal debts one cannot pay, for those that owe less than £30,000 and who have less than £2,000 in savings. A respondent suggested that we clarified that DROs form part of the publicly available data. We have considered and amended the provision to explicitly state that DROs form part of the publicly available data which must be checked.

Threshold for a check

Consumer behaviours can change over time and the proportion of active gambling customers who have this light-touch check may therefore also change. Similarly, the evidence shows that average discretionary income can shift over time to a certain extent, indicating that the risk profile of customers spending at a set threshold will also vary over time. Nevertheless, in setting thresholds for the financial vulnerability check, we sought to support the principle set out in our consultation and in the government’s White Paper proposal that the checks are targeted at highest spending customers. Broadly speaking, we anticipate this to be in the region of 20 percent of active customer accounts.

We have therefore chosen a combination of threshold and net deposit definition that will continue to target these checks at the highest spending accounts. We estimate this combination would deliver checks in the region of 20 percent of active customer accounts, noting that the figure will change and fluctuate over time. We are comfortable with this fluctuation because of the light-touch nature of the check, which following consultation focuses on publicly available data.

The final decision following consultation is that financial vulnerability checks will be required to take place at £150 net deposits in a rolling 30-day period from 28 February 2025, after an initial higher threshold of £500 net deposits in a rolling 30-day period from 30 August 2024 until 27 February 2025.

The £500 introductory threshold to apply for the first 6 months has been set to allow for operators who are not already conducting such checks to have a period where they need to undertake less checks while they introduce the process into their overall customer interaction approach. This will be beneficial for consumers as it will help smooth implementation.

Following consultation, we have focused on the rolling 30-day threshold rather than also including an annual threshold as a minimum requirement. This is because we consider that the vast majority of those customers that would trigger an annual threshold would have previously triggered a 30-day threshold. This was informed by operator contributions to the Summer 2023 consultation as well as our open banking modelling which indicated that only a very small proportion of unique customers would trigger an annual threshold in isolation. We also consider that a customer with a smooth or consistent spend profile over the year is less likely to be experiencing significant or acute financial distress associated with gambling if there are no other indicators of harm.

We therefore consider that, at this time, the additional benefits of including an annual threshold, compared to the burden on the industry of including an annual threshold do not justify its inclusion as a requirement. As a result, we have decided not to include an annual threshold for the financial vulnerability check as a requirement.

We note respondents sometimes commented that the thresholds proposed were too high, and that checks should be carried out at lower levels or even for all customers. Some of the participants in the consumer research initially felt the thresholds were too low. Some of these changed their minds after further consideration and thought it would be simpler and more transparent to customers to have the check conducted for all. We have not taken this approach as a requirement as we consider it may be disproportionate as a minimum requirement that all customers are checked. We remain of the view that it is appropriate to target the requirement to conduct these checks at higher spending accounts. It is of course open to gambling businesses to use the publicly available information more frequently, at lower thresholds or even for all customers. Some operators currently take this approach. Those operators who choose to conduct the light-touch checks for all customers as part of their identity verification of the customer are free to continue to do so.

How long the data remains relevant

As proposed in the consultation, the check will not be required to be repeated within 12 months even if the customer account hits the threshold again during that time. The responses from the financial sector and the gambling industry generally confirmed that the light-touch check could be conducted very quickly and therefore it is not expected that there will be a delay in conducting the check. In line with the consultation proposal, we have not put in place a requirement for operators to prevent customer deposits or further gambling whilst a check is conducted, due to this quick response rate and the wish to support a frictionless system of checks.

There was some evidence from respondents with lived experience of gambling harms and from the financial sector that customer circumstances can change more frequently than this, for example over 3 months or 6 months because of events such as job loss, divorce, bereavement or retirement. However, this check is designed to be a light-touch check to identify customers who are particularly financially vulnerable, and these more extreme situations are less likely to lead to acute financial distress connected with the gambling over a short timeframe. The Commission’s existing guidance on customer interaction sets out examples of scenarios of how a licensee may become aware of a customer in a vulnerable situation, such as a life event like bereavement, divorce or job loss, and the actions they should take as a result.

In the proportions of customers we are discussing, we do not consider it proportionate at this time to seek for checks to be repeated on a more common timeframe. On balance therefore, we consider that (as consulted), the 12 months validity even if the threshold is met again, is a suitable timeframe for the introduction of these checks as a requirement.

Definition of net loss

We have considered the strong concerns from gambling businesses that they would not be able to implement the original definition of spend or loss within a reasonable timeframe. Operators explained that to apply the definition in the consultation, they would have to monitor the customer’s position after every micro transaction, adding significant complexity for all operators, and they argued that to be able to do so would require a significant delay in introduction of the check.

We consider it important to implement the checks quickly to ensure a minimum standard of identifying particularly financially vulnerable customers. Taking into account that this check is to be a light-touch check using only publicly available data, we have decided to use a definition of spend based on deposits minus withdrawals and over a rolling 30-day period. Deposits minus withdrawals considers the net position of transactions into and out of the account and rolling period means that at any point in time the operator needs to consider the position over the preceding 30 days.

Data processing and data protection

The consultation proposal was to allow some forms of automated processing. However, some respondents considered that the draft was not clear or did not allow forms of data processing that they considered to be appropriate – including when no action was being taken. Following consultation, we have clarified the wording on automated and manual processing. In the final light-touch vulnerability check provision, the requirement is that remote gambling businesses must consider the circumstances in which different forms of processing are appropriate in cases where a decision is taken for action following a check. They must also consider the circumstances in which immediate action is necessary to limit harm where significant risk is identified. This latter wording is similar to the existing requirement for customer interaction when there are other indicators of harm, set out in Licence Conditions and Codes of Practice (LCCP) SR Code 3.4.3.

This wording is designed to articulate the position more clearly on data processing. Where there are no risk flags, the customer journey continues and there are no new requirements on gambling businesses, as was set out in the consultation. However, where there are decisions for action, the operator must have and implement policies and procedures on how the data processing will occur. This amendment responds to comments by gambling businesses who considered the original drafting confusing or misleading on the nature of data protection controls.

In some cases, as for other indicators of harm set out in SR Code 3.4.3, there may be circumstances where immediate action, such as pausing an account, is necessary to limit harm where significant risk is identified.

We have not introduced any new requirements on the data protection principles or actions that must apply to the consideration of this publicly available data as we consider that existing processes for use of such data should already apply.

Equalities considerations

We are committed to giving consideration to potential equalities impacts, having regard to the need to eliminate discrimination, advance equality of opportunity and foster good relations between those who share a protected characteristic and those who do not. A small number of respondents raised the issue of potential discrimination in relation to those who live in deprived areas should the Commission adopt the consultation proposal of considering postcode as part of the risk assessment for the customer. However, following consultation, we are not proceeding with this proposal.

We set out in the consultation that we had not identified any adverse effects of the proposed light-touch financial vulnerability check on those who share a protected characteristic. Following consultation, this remains the same and we have not identified any adverse impacts.

The light-touch check is designed to identify customers who may be at risk of harm due to financial vulnerability and enable operators to take action (as part of customer interaction) to support those customers. We have therefore identified that this may have an overall positive impact on customers who share a protected characteristic, particularly where a customer may be in a vulnerable situation.

We also consider that the light-touch nature of the check using publicly available information without interrupting the customer journey where there are no risk flags, and the targeting of the check at higher spending accounts, mitigates against any risk that having to provide data directly would disproportionally affect and burden customers who share a protected characteristic.

Impact and evaluation

We will evaluate the impact of these checks and will continue to keep thresholds and other details under review. Evaluation of the measures we introduce is very important. Along with the Department for Culture, Media and Sport (DCMS) in consideration of Gambling Act Review measures more generally, we need to establish if they are being delivered effectively, understand if they are achieving their intended outcomes and impacts, identify any unintended consequences, and capture learning to inform the implementation of future policy changes. This evaluation process is important, and planning for the evaluations is already well underway. We have set out more information about the approach to evaluation on our website.

Implementation

We consider that the changes following consultation on this type of check implement the White Paper intentions and the approach set out in our Advice to Government and which we continue to consider appropriate. This is for light-touch financial vulnerability checks to be conducted in a frictionless manner. We have also taken into account the detailed implementation issues raised during this programme of work.

To ease the introduction of these checks, they will initially come into force at a higher threshold of £500 net deposits per 30-day rolling period from 30 August 2024 until 27 February 2025, before reducing to a lower threshold of £150 net deposits per 30-day rolling period on 28 February 2025.

The £500 introductory threshold to apply for the first 6 months has been set to allow for operators who are not already conducting such checks to have a period where they need to undertake less checks while they introduce the process into their overall customer interaction approach. This will be beneficial for consumers as it will help smooth implementation.

These checks will be frictionless, and where there are risk flags, operators will be required to assess and take proportionate action. We want to enable operators to deliver this proportionate action, and the two-staged implementation will help to smooth implementation for consumers by spreading the initial number of flagged customers following the implementation of this new requirement over a period of months.

Final wording

New Social Responsibility Code - 3.4.4 - Light-touch financial vulnerability check to inform customer interaction decision making

Applies to: All remote licences, except any remote lottery licence the holder of which does not provide facilities for participation in instant win or high frequency lotteries, remote gaming machine technical, gambling software, host, ancillary remote bingo, ancillary remote casino, ancillary remote betting, remote betting intermediary (trading rooms only) and remote general betting limited licences.

SR Code 3.4.4 is in force from 30 August 2024. Paragraph 7 is in force between 30 August 2024 to 27 February 2025.

  1. Licensees must undertake a financial vulnerability check for customers that meet the relevant threshold.

  2. A financial vulnerability check must include at a minimum a customer-specific public record information check for significant indicators of potential financial vulnerability. The check must include whether the customer is subject to any of the following:
    1. bankruptcy order, or equivalent, or
    2. county court judgment (CCJ); an individual voluntary arrangement (IVA); high court judgment (HCJ); administration order (AO) or decree; Debt Relief Order (DRO); or equivalent.
  3. Licensees must:
    1. consider the financial vulnerability information they obtain, together with all of the other information they know about the customer and are permitted to use, in order to assess risk,
    2. take proportionate action when risk is identified, and
    3. record the rationale for the decision on proportionate action.
  4. Licensees must have and put into effect policies and procedures on:
    1. whether, when taking decisions on proportionate action, it is appropriate for such a decision to be taken manually, in a fully automated manner (offering the customer the opportunity for manual review where decisions for action are taken), or through a combination of automated processing and subsequent manual review, and
    2. the circumstances in which immediate action is necessary to limit harm where significant risk is identified.
  5. The licensee is not required to conduct this financial vulnerability check at the point when the customer reaches a relevant threshold, if the operator has previously conducted a financial vulnerability check or a financial risk assessment within the previous 12 months.

  6. From 28 February 2025, the relevant threshold is where the customer’s deposits minus withdrawals exceeds £150 in a rolling 30-day period.

  7. Between 30 August 2024 and 27 February 2025, the relevant threshold is where the customer’s deposits minus withdrawals exceeds £500 in a rolling 30-day period.

Is this page useful?
Back to top