The Gambling Commission website uses cookies to make the site work better for you. Some of these cookies are essential to how the site functions and others are optional. Optional cookies help us remember your settings, measure your use of the site and personalise how we communicate with you. Any data collected is anonymised and we do not set optional cookies unless you consent.

Set cookie preferences

You've accepted all cookies. You can change your cookie settings at any time.

Skip to main content

Guidance

The prevention of money laundering and combating the financing of terrorism

Guidance for remote and non-remote casinos: fifth edition

  1. Contents
  2. Part 4 - Senior management responsibility
  3. 3 - Policies, procedures and controls

3 - Policies, procedures and controls

Casino operators must establish and maintain policies, procedures and controls to mitigate and manage effectively the risks identified in the operator's risk assessment of money laundering and terrorist financing.

The policies, procedures and controls must be:

  • proportionate with regard to the size and nature of the operator's business
  • approved by its senior management.39

In determining what is appropriate or proportionate with regard to the size and nature of their business, casino operators may take into account any guidance issued by the Commission or appropriate body, and approved by HM Treasury. 40. An appropriate body is a body which regulates or is representative of any trade, profession, business or employment carried on by a casino operator41 (and includes trades bodies such as the Betting and Gaming Council).

Internal controls

Casino operators must maintain a record in writing of:

  • their policies, procedures and controls
  • any changes to those policies, procedures and controls
  • the steps they have taken to communicate the policies, procedures and controls or any changes to them, within the operator's business.42

The policies, procedures and controls must include:

  • risk management practices
  • internal controls
  • CDD measures and ongoing monitoring, including enhanced measures for high risk customers
  • reliance and record keeping
  • the monitoring and management of compliance with, and the internal communication of, such policies, procedures and controls.43

The policies, procedures and controls must also include specific policies, procedures and controls that provide for the identification and scrutiny of any case where:

  • a transaction is complex or unusually large, or there is an unusual pattern of transactions, or the transaction or transactions have no apparent economic or legal purpose
  • and other activity or situation that the casino operator regards as particularly likely, by its nature, to be related to money laundering or terrorist financing
  • that specify the undertaking of additional measures, where appropriate, to prevent the use for money laundering or terrorist financing of products or transactions that might favour anonymity
  • which ensure that, when new products, business practices or technology are adopted by the casino operator, appropriate measures are taken in preparation for, and during, the adoption of such products, business practices or technology to assess and, if necessary, mitigate any money laundering or terrorist financing risks this new product, business practice or technology may cause
  • under which anyone in the operator's business who knows or suspects, or has reasonable grounds for knowing or suspecting, money laundering or terrorist financing must report such knowledge or suspicion to the operator's nominated officer.44

The casino operator’s policies, procedures and controls should also cover:

  • the arrangements for nominated officer reports to senior management
  • the systems for customer identification and verification, including enhanced arrangements for high risk customers, including PEPs
  • the circumstances in which additional information in respect of customers will be sought in the light of their activity
  • the procedures for handling SARs, covering both reporting by employees and submission to the NCA
  • the mechanisms for contact between the nominated officer and law enforcement or the NCA, including the circumstances in which a defence (appropriate consent) should be sought
  • the arrangements for recording information not acted upon by the nominated officer, with reasoning why no further action was taken
  • the monitoring and management of compliance with internal policies, procedures and controls
  • the communication of such policies, procedures and controls, including details of how compliance is monitored by the nominated officer, and the arrangements for communicating the policies, procedures and controls to all relevant employees; employee training records, supporting records in respect of business relationships, and the retention period for the records.

Casino operators must, where relevant, communicate the policies, procedures and controls they establish and maintain to their branches and subsidiary undertakings which are located outside the UK.45

References

39Regulation 19(1) and (2).
40 Regulation 19(5).
41Regulation 3(1).
42Regulation 19(1)(c).
43Regulation 19(3).
44Regulation 19(4).
45Regulation 19(6).

Previous section
Obligations on all casino operators
Next section
Internal controls
Is this page useful?
Back to top