Cookies on the Gambling Commission website

The Gambling Commission website uses cookies to make the site work better for you. Some of these cookies are essential to how the site functions and others are optional. Optional cookies help us remember your settings, measure your use of the site and personalise how we communicate with you. Any data collected is anonymised and we do not set optional cookies unless you consent.

Set cookie preferences

You've accepted all cookies. You can change your cookie settings at any time.

Skip to main content
  1. Home
  2. Licensees and businesses
  3. The prevention of money laundering and combating the financing of terrorism

Guidance

The prevention of money laundering and combating the financing of terrorism

Gambling Commission guidance for remote and non-remote casinos: Fifth edition (Revision 3).

Published
13 November 2020

Last updated
30 May 2023 - Changes

Document actions
Print or save

  1. Contents
  2. Part 2 - Risk-based approach
  3. 1 - Introduction

1 - Introduction

The Regulations impose compulsory requirements and a breach can constitute a criminal offence28. However, within this legal framework of requirements, casinos have flexibility to devise policies, procedures and controls which best suit their assessment of the money laundering, terrorist financing and proliferation financing risks faced by their business. The Regulations require the identification and assessment of money laundering, terrorist financing and proliferation financing risks, and the establishment and maintenance of proportionate policies, procedures and controls to mitigate and manage effectively the risks identified.29

Operators are already expected to manage their operations with regard to the risks posed to the licensing objectives in the Act, and measure the effectiveness of the policies, procedures and controls they have put in place to manage the risks to the licensing objectives. The approach to managing the risks of the operator being used for money laundering, terrorist financing or proliferation financing is consistent with the regulatory requirements.

Most operators manage their commercial or business risks and measure the effectiveness of the policies, procedures and controls they have put in place to manage those risks. A similar approach is appropriate to managing the operator’s regulatory risks, including money laundering, terrorist financing and proliferation financing risks. Existing risk management systems should, therefore, address the regulatory and money laundering and terrorist financing risks, or a separate system should be in place for that purpose. The detail and complexity of these systems will depend on the operator’s size and the complexity of their business.

Risk-based approach

The risk-based approach involves a number of discrete steps in assessing the most proportionate way to manage and mitigate the money laundering and terrorist financing risks faced by the operator.

These steps require the operator to:

  • identify the money laundering, terrorist financing and proliferation financing risks that are relevant to the operator
  • design and implement appropriate policies, procedures and controls to manage and mitigate the identified and assessed risks
  • monitor and improve the effective operation of these policies, procedures and controls
  • record what has been done and why.

The possibility of gambling facilities being used by criminals to assist in money laundering, terrorist financing or proliferation financing poses many risks for casino operators. These include criminal and regulatory sanctions for operators and their employees, civil action against the operator and damage to the reputation of the operator, leading to a potential loss of business.

Casino operators can offset any burden of taking a risk-based approach with the benefits of having a realistic assessment of the threat of the operator being misused in connection with money laundering, terrorist financing or proliferation financing. It focuses the effort where it is most needed and will have most impact. It is not a blanket one size fits all approach, and therefore operators have a degree of flexibility in their methods of compliance.

A risk-based approach requires the full commitment and support of senior management, and the active co-operation of all employees. It should be part of the casino operator’s philosophy and be reflected in the operator’s policies, procedures and controls. There needs to be a clear communication of the policies, procedures and controls to all employees, along with robust mechanisms to ensure that they are carried out effectively, weaknesses are identified, and improvements are made wherever necessary. Where the casino operator forms part of a larger group of companies, there needs to be sufficient senior management oversight of the management of risk.

The figures in this guidance include a proposed architecture for the risk-based process which operators can adopt as good practice within their businesses. While this architecture represents a suggested approach, it does nonetheless contain elements which are requirements under the Regulations or other financial crime legislation. These requirements are detailed throughout the guidance.

References

28 Regulation 86.
29 Regulations 18, 18A, 19 and 19A.

Next section
Identifying and assessing the risks
Is this page useful?
Back to top