The prevention of money laundering and combating the financing of terrorism
Gambling Commission guidance for remote and non-remote casinos: Fifth edition (Revision 3).
8 - Threshold approach
As discussed in customer due diligence requirements, the Regulations set out thresholds which, if customer transactions reach these levels, require the casino operator to apply customer due diligence measures.
These limits are:
- in non-remote casinos the 'threshold approach for tokens' – identification and verification are required when a customer purchases from or exchanges with the casino tokens for use in gambling at the casino with a value of €2,000 or more
- in non-remote casinos the 'threshold approach for gaming machines' – identification and verification are required when a customer pays €2,000 or more for the use of gaming machines, or collects winnings amounting to €2,000 or more
- in remote casinos the 'threshold approach for remote gaming' – identification and verification are required when a customer deposits funds to take part in remote gambling or withdraws such funds or winnings amounting to €2,000 or more.
The threshold applies to the wagering of a stake or the collection of winnings, and is to be applied to single transactions or transactions that appear to be linked.
Customers may execute a series of linked transactions that are individually below the €2,000 threshold but, when taken cumulatively, they meet or exceed the threshold.
When transactions are considered linked
Transactions should be considered to be linked if, for example, they are carried out by the same customer through the same game or in one gaming session, or in the case of remote casinos, if they are part of the overall activity undertaken by a customer during a single period of being logged on to the operator's gambling facilities. These examples are not exhaustive and casino operators will need to consider whether there are other circumstances in which transactions are linked.
Casino operators will also need to consider, among other things, whether a customer is deliberately spreading their wagering or collection of winnings over a number of transactions in order to circumvent the CDD requirements. They should also ensure that the triggering of the threshold by a customer is not evaded through the customer opening multiple accounts under fictitious names.
The measures taken by the operator must be balanced against the requirement to conduct CDD on:
- establishing a business relationship with a customer
- requirements for the timing of verification
- the need to conduct enhanced customer due diligence in high risk situations108.
This should be informed by the risk profile of the particular customer, including circumstances which alter the risk attributed to the customer.
The gaming machine limits only apply in premises-based casinos. By separating the purchase or exchange of tokens from the payment to use gaming machines there is the potential for customers to spend up to €2,000 in gaming machines in addition to the purchase or exchange of tokens up to €2,000.
Under the Regulations, 'gaming machine' has the same meaning as that in the Act109 . In premises-based casinos, automated and semi-automated table games such as touch-bet roulette are not defined as gaming machines and therefore the take in these games should be counted towards the threshold approach for tokens.
Casino operators will have to satisfy the Commission that they have the mechanisms in place that are appropriate for the spend profile in each premises
For example, a casino with a customer drop/win average considerably below the threshold will need mechanisms in place to monitor customer transactions to be sure that any customer reaching the threshold is picked up in good time to allow CDD to be conducted. Where the casino operator has a number of premises, the Commission will consider the use of the threshold approach for each casino premises rather than for an operator.
Casinos adopting the threshold approach may wish to defer both identification and verification until the threshold is triggered. Alternatively, they may consider that it is more practical to conduct both identification and verification on entry, or conduct identification on entry and defer verification until the threshold is triggered. For example, a premises-based casino may operate a membership scheme where customers are identified on admission to the casino but verification only occurs once the threshold is triggered. Similarly, remote casinos may require customers to identify themselves (and undertake age verification) on registering with the casino, but only require verification of identity if the threshold is triggered. This is sometimes called the hybrid approach.
There may be advantages in asking customers for their identification on entry, even if verification of this information is deferred until the threshold is reached, for example, identifying customers on entry means it will not be necessary to interrupt the customer’s gambling once the threshold is reached and verification becomes necessary. In deciding which approach to take, operators must satisfy themselves and the Commission on a premises-by-premises basis that they have effective procedures, controls and systems in place to track and monitor customers across all the products and platforms that are offered.
A key challenge for casinos wishing to adopt the threshold approach is keeping track of all an individual customer’s:
- purchases and exchanges of tokens
- spend on gaming machines
- collection of their winnings.
However, it may be appropriate to do so in light of the known spend patterns in each premises.
If casino operators choose to adopt the threshold approach, they must satisfy the Commission on a premises-by-premises basis that they have the appropriate procedures in place to manage the threshold in light of the assessed money laundering and terrorist financing risk and spending profile at each premises.
Some remote casinos operate a 'wallet' system which allows customers to use the money in their wallet in different parts of the operator’s site. An operator’s site may include some casino games as well as other games. It is only when a customer first enters the casino part of an operator’s website and deposits money that the CDD requirements apply. The Regulations do not apply to people 'window shopping' in a remote casino’s website, it applies only when money is deposited. Where an operator is unsure of what the funds in the wallet will be used for (for example, casino or sports betting), they should consider applying these controls to all customers.
Casinos using the threshold approach must be sure that they are able to end transactions with a customer who reaches the threshold if they are unable to comply with the CDD requirements.
108 Remote casinos should note that, where no safeguards are in place, non-face-to-face business relationships or transactions must be
considered to present a high risk of money laundering or terrorist financing, which requires the use of enhanced customer due diligence
Enhanced customer due diligence and enhanced ongoing monitoring Next section
Identification and verification on entry
Last updated: 30 May 2023
Show updates to this content
Updated in line with version 3 of the guidance. References to 'proliferation financing' added.