Guidance
The prevention of money laundering and combating the financing of terrorism
Gambling Commission guidance for remote and non-remote casinos: Fifth edition (Revision 3).
3 - Policies, procedures and controls
Casino operators must establish and maintain policies, procedures and controls to mitigate and manage effectively the risks identified in the operator's risk assessment of money laundering, terrorist financing and proliferation financing.
The policies, procedures and controls must be:
- proportionate with regard to the size and nature of the operator's business
- approved by its senior management.43
In determining what is appropriate or proportionate with regard to the size and nature of their business, casino operators may take into account any guidance issued by the Commission or appropriate body, and approved by HM Treasury.44. An appropriate body is a body which regulates or is representative of any trade, profession, business or employment carried on by a casino operator45 (and includes trades bodies such as the Betting and Gaming Council).
Internal controls
Casino operators must maintain a record in writing of:
- their policies, procedures and controls
- any changes to those policies, procedures and controls
- the steps they have taken to communicate the policies, procedures and controls or any changes to them, within the operator's business.46
The policies, procedures and controls must include:
- risk management practices
- internal controls
- CDD measures and ongoing monitoring, including enhanced measures for high risk customers
- reliance and record keeping
- the monitoring and management of compliance with, and the internal communication of, such policies, procedures and controls.47
The policies, procedures and controls must also include specific policies, procedures and controls that provide for the identification and scrutiny of any case where:
- a transaction is complex or unusually large, or there is an unusual pattern of transactions, or the transaction or transactions have no apparent economic or legal purpose
- and other activity or situation that the casino operator regards as particularly likely, by its nature, to be related to money laundering, terrorist financing or proliferation financing.
The policies, procedures and controls must also include specific policies, procedures and controls:
- that specify the undertaking of additional measures, where appropriate, to prevent the use for money laundering, terrorist financing or proliferation financing of products or transactions that might favour anonymity
- which ensure that, when new products, business practices or technology are adopted by the casino operator, appropriate measures are taken in preparation for, and during, the adoption of such products, business practices or technology to assess and, if necessary, mitigate any money laundering, terrorist financing or proliferation financing risks this new product, business practice or technology may cause
- under which anyone in the operator's business who knows or suspects, or has reasonable grounds for knowing or suspecting, money laundering, terrorist financing or proliferation financing must report such knowledge or suspicion to the operator's nominated officer.48
The casino operator’s policies, procedures and controls should also cover:
- the arrangements for nominated officer reports to senior management
- the systems for customer identification and verification, including enhanced arrangements for high risk customers, including PEPs
- the circumstances in which additional information in respect of customers will be sought in the light of their activity
- the procedures for handling SARs, covering both reporting by employees and submission to the NCA
- the mechanisms for contact between the nominated officer and law enforcement or the NCA, including the circumstances in which a defence (appropriate consent) should be sought
- the arrangements for recording information not acted upon by the nominated officer, with reasoning why no further action was taken
- the monitoring and management of compliance with internal policies, procedures and controls
- the communication of such policies, procedures and controls, including details of how compliance is monitored by the nominated officer, and the arrangements for communicating the policies, procedures and controls to all relevant employees; employee training records, supporting records in respect of business relationships, and the retention period for the records.
Casino operators must, where relevant, communicate the policies, procedures and controls they establish and maintain to their branches and subsidiary undertakings which are located outside the UK.49
References
43Regulations 19(1) and (2), and 19A.
44 Regulation 19(5).
45Regulation 3(1).
46Regulation 19(1)(c) and 19A.
47Regulation 19(3). In relation to proliferation financing, only the following apply: (a) risk management; (b) internal controls; and (c) the monitoring and management of compliance with, and the internal communication of, the policies, procedures and controls.
48Regulation 19(4) and 19A.
49Regulation 19(6) and 19A.
Obligations on all casino operators Next section
Internal controls
Last updated: 30 May 2023
Show updates to this content
Updated in line with version 3 of the guidance. References to 'proliferation financing' added.