Reminder to operators: new licence condition on customer identity verification
05 July 2019
We are continuing to receive complaints from gambling consumers concerning operators only asking them for ID at the point they ask to withdraw funds from their account.
All remote operators should be aware of the changes to the LCCP introduced on 7 May this year.
Where an operator delays a request to withdraw funds due to insufficient ID being verified, that operator may be in breach of a new licence condition and may find themselves subject to regulatory action as a result.
The new licence condition, Licence Condition 17 – Customer identity verification, requires that:
Licensees must obtain and verify information in order to establish the identity of a customer before that customer is permitted to gamble. Information must include, but is not restricted to, the customer’s name, address and date of birth.
A request made by a customer to withdraw funds from their account must not result in a requirement for additional information to be supplied as a condition of withdrawal if the licensee could have reasonably requested that information earlier. This requirement does not prevent a licensee from seeking information on the customer which they must obtain at that time due to any other legal obligation.
Before permitting a customer to deposit funds, licensees should inform customers what types of identity documents or other information the licensee may need the customer to provide, the circumstances in which such information might be required, and the form and manner in which such information should be provided.
Licensees must take reasonable steps to ensure that the information they hold on a customer’s identity remains accurate.
This means that licensees must have verified, as a minimum, the name, address and date of birth of any customer – new or existing – before permitting that customer to gamble.
“Additional information” in paragraph 2 means anything in addition to information required to verify the name, address and date of birth of the customer as required by paragraph 1.
The key expectation of paragraph 2 is that licensees should ask their customers for any additional information promptly where they have identified a need for that information based on their risk assessment, and that such information should not be requested solely at the point of withdrawal. This is consistent with AML regulations and our published guidance on AML and POCA which require ongoing monitoring of customer relationships and that risks are considered by the licensee at all stages of the relationship.
Paragraph 2 states that the requirement does not prevent a licensee from seeking information on the customer which they must obtain at that time (ie the time the withdrawal request is made) due to any other legal obligation.This acknowledges that there will be circumstances where an identifiable risk (for instance relating to money laundering) only emerges later in the relationship, or for example where another enforcement body requires the licensee to terminate transactions with the customer subject to information being verified.
However, operators would not be able to rely on this provision in any case where information could reasonably have been requested earlier than the point the withdrawal request is made.
Operators should also remember that they cannot confiscate a customer’s funds on the basis that they have not provided ID. Last year, on the back of action it had undertaken in the remote gambling sector (opens in new tab) , the Competitions and Markets Authority (CMA) provided its view that consumers are legally entitled to money which they have deposited in their account, to winnings made with money they have deposited and gambled, and winnings made from a bonus where the relevant conditions have been met (subject to AML or other regulatory requirements).
Last updated: 18 February 2021
Show updates to this content
No changes to show.