This box is not visible in the printed version.
A summary of the responses to our consultations on changes to LCCP on age and identity verification for remote gambling.
Published: 28 February 2019
Last updated: 27 August 2021
This version was printed or saved on: 17 August 2022
Online version: https://www.gamblingcommission.gov.uk/consultation-response/changes-to-the-licence-conditions-and-codes-of-practice-on-age-and-identity
We exist to safeguard consumers and the wider public by ensuring that gambling is fair and safe. We are focusing on a number of priorities to achieve this as set out in our Strategy 2018-21 to:
We have considered all the responses to our consultation on changes to the Licence conditions and codes of practice (LCCP) relating to age and identity verification for customers of remote gambling. We have decided to strengthen requirements on remote gambling licensees in order to ensure gambling is fair and safe for consumers.
We will require remote licensees to verify the age of any customer before the customer can:
These changes to LCCP will apply to remote betting and gaming operators, as well as lotteries (other than those lotteries that only offer subscription or low frequency lotteries).
We will introduce a new licence condition that requires remote licensees to:
As with the requirements for age verification, this new licence condition will apply to remote betting and gaming operators, as well as lotteries (other than those lotteries that only offer subscription or low frequency lotteries).
We also used our consultation to ask for any information or evidence of good practice that helps licensees and customers to ensure gambling remains fair and safe. This was to inform any future proposals that we might develop that would require licensees to set limits on customers’ gambling activity which can only be changed once the licensee has verified further information about the customer.
We received responses from licensees, consumers and third parties to this call for information, and we will use the feedback to continue to develop our work in this area. We will continue to engage with remote gambling licensees and encourage collaboration in the development of approaches to assess the levels of gambling that a customer might be able to afford. This will form part of our broader work with licensees and financial institutions to better understand the range of data that can be accessed and how it could inform mandatory limit setting, before we consider consulting on options at a later date.
We note that many consumers raised concerns in response to the call for information, particularly around the imposition of account limits by licensees and the related issues of data security and privacy. In progressing our work in this area, we will consider the balance that may be needed between allaying these concerns and the opportunities for stronger consumer protections that could be delivered.
Following careful consideration of the responses received during the consultation, we will be implementing the proposals with some amendments.
Having published the outcome of the consultation, we will notify those licensees affected by any of the changes. These changes to the LCCP will take effect from 7 May 2019.
We license and regulate commercial gambling within Great Britain, including the National Lottery, with the exception of spread betting which is regulated by the Financial Conduct Authority (FCA).
Our functions under the Act include:
We have a statutory duty to aim to permit gambling provided that it is reasonably consistent with the licensing objectives.
In March 2018 we published our review of online gambling. It set out several policy recommendations and areas of further work. Two of those recommendations were to strengthen the existing requirements to verify a customer’s age and identity.
The review outlined the following specific proposals for consultation, to amend our Licence Conditions and Codes of Practice (LCCP):
In September 2018, we launched a 12-week consultation relating to these points. We proposed to amend social responsibility (SR) code provisions 3.2.11 (remote licensees excluding lotteries) and 3.2.13 (remote lotteries) on age verification to deliver the previous first bullet point.
We proposed a new licence condition on customer identity verification in respect of the second bullet point above. We considered it appropriate to deliver the provision via a general licence condition rather than a social responsibility code given that the new provision aimed to support all three of the licensing objectives.
As part of our consultation, we asked for any information or evidence of good practice that helps licensees and customers to ensure gambling remains fair and safe. We were interested in information about existing practice, current plans and what may be possible in the future.
The consultation provided thirty-eight questions and specific areas for discussion, to which stakeholders were invited to respond.
We received written responses from the following categories of respondents:
During the consultation period we also engaged with several licensees and third-party identity verification providers through a workshop that allowed both groups to provide their views on the consultation questions, as well as providing them with an opportunity to inform us of any evidence of good practice.
We have revisited the proposed changes to LCCP and have made some revisions based on the feedback received from respondents. We have also made some additional changes to ensure clarity.
The details of the responses we received to the consultation questions, along with the Commission’s position in view of those responses, are provided in the following section.
Proposed changes to social responsibility code provision 3.2.11 - access to gambling by children and young persons – SR code provision applying to remote betting and gaming operators
The first proposal was about age verification. We proposed to remove the current provision in LCCP that allows licensees 72 hours to verify the age of a new customer. This proposal was aimed at reducing the risks of underage gambling and to take account of improvements in age verification methods.
Alongside the proposal that all remote gambling customers must be age verified before they can deposit money and gamble, we also proposed that all customers must be age verified before they are able to access free-to-play versions of gambling games that licensees make available on their website.
The following questions and respondents’ views cover these distinct areas. Questions 1 to 3 were introductory questions concerning the respondent’s personal details and are not detailed here.
Do you agree that remote betting and gaming licensees should be required to verify the age of customers before they can deposit money or gamble?
The majority of respondents supported this proposal.
Some consumers (some 18% of all respondents that favoured the proposal) were in favour of age verification before depositing and gambling, as long as it reduced delays to, or was not used as a means to delay, the withdrawal of funds from their gambling accounts.
Some consumers, while supportive of verifying the age of customers before deposit, were of the view that licensees should set out what identity documents they need from the outset. Similarly, some consumers stated their concern that licensees have no interest in stopping underage gamblers if the customer is losing.
Licensees were broadly in favour of the proposal, but many caveated their support by stating that they would welcome a reduction in the 72-hour window to e.g. 24 hours. Some advised that they would need a few months to develop systems for manually verifying those customers not automatically verified at the first attempt. Several stated that age verification shouldn’t be necessary for those customer registrations that never go on to deposit, given the sizeable number of customers who register but then don’t go on to deposit or gamble.
A number of licensees were concerned that the proposals would cause disruption or friction to the customer on-boarding journey. For example, one respondent noted that although they supported the proposal it may lead to the unintended consequence of potentially delaying new customers from being able to bet on specific events at short notice.
A small number of licensees and consumers thought that the current 72-hour rule was sufficient, and consumers also added that licensees may misuse the proposed change to ask for further ID documents.
Do you agree that remote betting and gaming licensees should be required to verify the age of customers before they can access play-for-free versions of gambling games that licensees make available on their websites?
There was significant support for the proposal to verify age before a new customer can access free-to-play games. Consumers, third-party ID providers and several licensees supported this proposal on the basis that they consider free-to-play games to be essentially an invitation to gamble. Some licensees noted that the proposal would regularise the position with advertising rules, and therefore provide consistency.
A cross-section of respondents – and in particular, licensees – stated that while they supported the principle of verifying age before a customer can access free-to-play games on licensees’ websites, the Commission should adopt a similar approach to social casino gaming and unregulated websites. Some were concerned that there is a possibility that a substantial volume of players, upon finding themselves unable to engage immediately with a licensed operator, could gravitate towards unlicensed markets.
Among those against the proposals, including consumers and some licensees, respondents argued that free-to-play games are not gambling and that similar games can still be accessed on social gaming platforms. Others noted that parents need to play more of a role in this area or suggested that these types of games should be removed completely from the market.
One licensee responded that they were against the proposal and that accurate statistics needed to be produced to demonstrate the level of underage gambling that is occurring.
We propose to introduce the change to SR Code 3.2.11 as originally published in the consultation. This would therefore require remote betting and gaming operators to verify the age of any customer before they were able to deposit money or gamble, and before they were able to access any free-to-play games the licensee may make available on its website.
As stated in our consultation, age verification would not necessarily need to be completed by licensees at the point a new customer account is opened and registered. However, verification would need to be completed before that customer was able to deposit or gamble online, and before they could access any free-to-play versions of games made available.
For example, the requirements would mean that:
It is important that the risks of underage gambling are minimised, and we therefore do not think it is appropriate for the current 72-hour rule to be reduced to either a 24-hour or 48-hour time period. Only verification before the point of deposit would have any impact on reducing the risks of children being exposed to online gambling.
While we acknowledge that the customer-on-boarding journey may involve greater levels of friction under the proposals, we note that the vast majority of consumers who responded to the consultation supported our proposals for strengthening age verification. Consumers were generally much more concerned about licensees disrupting the process of withdrawing funds from their account than they were about disruption to on-boarding.
Our concerns about the availability of gambling-style games to children also apply to games offered by non-gambling businesses (for example, social casino gaming, which we currently consider falls outside the scope of gambling legislation if no prize of money or money’s worth is awarded). While there is no clear-cut evidence that playing social-casino games is harmful for the vast majority of players, we remain concerned that it may lead to, or cause, more harmful behaviours in some circumstances. The similarities between social casino gaming and commercial gambling, including the elements of expenditure and chance, may result in harm for some.
We have continued to monitor developments within the social casino sector since our position papers of January 2015 and March 2017. We have gathered evidence from a variety of sources and worked in partnership with the industry and other regulators.
In the absence of specific statutory regulation of the social casino sector, the International Social Games Association (ISGA) has developed Best Practice Principles. These provide guidance to the social casino games industry on consumer protection. They include that social casino games should specify that the games are intended for use by those 18 or older and/or provide advice to parents and teens on making smart choices online. They also include that games designed for children should not contain direct exhortations to buy in-game items or to persuade an adult to buy items for them.
As outlined in our March 2017 paper, we have not yet advised Government of the need for additional regulation for the social casino sector. But we did warn that this position depends on the social casino industry pursuing a proactive and credible approach to social responsibility and an awareness of potential harm which must continue to encompass best practice consumer protection measures.
In drawing a distinction between free-to-play games and social casino games, it is important to note that social casino games are available from generic platforms that provide a wide variety of apps, and consumers are not able to access a real-money prize version of a social casino game within the same app. In contrast, consumers accessing free-to-play games on a licensed gambling operator’s website are directly exposed to real money gambling opportunities. The purpose of a free-to-play version of a game on such sites is to encourage players to familiarise themselves with a game prior to playing the real-money version, which can only be accessed by adults. We think it is appropriate for licensed operators to ensure that young people are not able to access their free-to-play tester products. Therefore, such games should only be available to consumers after their age has been verified.
Do you agree that we should remove the current provision that licensees must 'require their customers to affirm that they are of legal age'?
Overall, responses to this proposal were mixed with some against removing the provision, some for and a small group having chosen to not answer the question.
Around half of licensees were in favour of removing the provision on the basis that requiring customers to self-affirm age would no longer be necessary, and that it serves no purpose or provides any additional protection. Other licensees thought it should remain in place as it acts as a deterrent to underage gambling and reinforces customer responsibility. They also argued that it allows a licensee to point to this positive affirmation if they receive customer complaints, and that it prevents ambiguity for those customers claiming they were unaware of the restriction.
Some consumers, licensees and third-party providers were of the view that the onus should be on the consumers to prove that they are not underage, whereas some others said it should be the licensee who verifies legal age.
We will remove from SR Code 3.2.11 the existing provision that licensees require customers to “affirm they are of legal age” as proposed in the consultation. The provision would ultimately have little value from a regulatory perspective, given the new requirement to verify age before deposit and gambling.
However, we acknowledge the responses from some licensees that there are benefits to requiring customers to affirm their age. The removal of the provision from LCCP does not mean that licensees are obliged to remove any customer affirmation from their websites. Licensees are therefore welcome to retain these provisions if they think that doing so will supplement their overall approach to preventing underage gambling.
For licensees: If possible, provide an estimate of the costs that might be incurred by your business through implementing the proposed changes to SR Code 3.2.11. Such costs might include, for example, technological changes (including software development and associated staff time), familiarisation costs in terms of staff training, or other business impact costs. Please also provide details of one-off costs and any annual or ongoing costs from the proposals.
This question was aimed at licensees for them to provide cost estimates. Projections varied significantly. Some licensees quoted figures in the tens of thousands, others figures in the hundreds of thousands. Some licensees argued that there would be revenue losses in the millions due to friction in customer on-boarding. Some licensees quoted on the basis that they would (whether voluntarily, or in misunderstanding of the proposal) pursue systemic changes based on verification at the point of registration rather than verification before deposit or gambling.
Given the disparity in costs estimated by licensees, we also sought some cost estimates from third-party identity verification solution providers. While some licensees will be pursuing more robust and more expensive systemic changes that aim to verify their customers at the point of registration, the Commission is required to assess the economic impact of its regulatory provisions ie the verification of age and identity before deposit and gambling. We will submit a Business Impact Target (BIT) assessment to the Regulatory Policy Committee, as per requirements under enterprise legislation.
For licensees: How long a lead-in time would your business need to implement technical developments in order to deliver the changes proposed to SR Code 3.2.11?
This question was also aimed at licensees, and we received widely varying responses. Some licensees advised that their systems already comply with the proposals, and they would not need any development time. Others thought they would only need a few weeks, but licensees typically stated between 3 and 6 months to implement the changes. There were some outlier estimations of 9 to 12 months.
Given the range of estimates from licensees we also sought similar information from verification solution providers. We have considered the information from licensees around lead-in times but have also taken account of the arguments made by consumers around the need to deliver improvements to consumer protection and fairness.
We intend to implement as soon as possible, meaning that the changes to LCCP will come into effect on 7 May 2019. In reaching this view we are mindful that licensees have been aware of our direction of travel on verification since our proposals were first outlined in our Online Review in March 2018, and that the remote sector has been subject to a number of enforcement cases (the outcomes of which have been publicised) where we have been clear in our expectations that the wider remote sector learns lessons from these cases. We therefore expect licensees to prioritise their resources to comply with the new LCCP requirements.
All remote licences (including ancillary remote betting licences in respect of bets made or accepted by telephone or email), except lottery licences, gaming machine technical, gambling software, host, ancillary remote casino, and ancillary remote bingo licences
Licensees must have and put into effect policies and procedures designed to prevent underage gambling and monitor the effectiveness of these.
Such procedures must include:
To ensure consistency within the LCCP we also proposed to remove the current ‘72-hour’ rule as it applies to society lotteries and external lottery managers (ELMs) so that certain lotteries are required to verify age before a customer can deposit and gamble. In doing so, we noted that the current LCCP provides different age verification requirements for subscription and low-frequency lotteries (defined in the LCCP as a series of lotteries, promoted on behalf of the same non-commercial society, in respect of which there is a period of at least two days between lotteries). We did not intend to amend the requirements for these lower risk lotteries.
The proposal was to require lottery licensees that provide, for example, online instant win and digital scratchcards, or higher frequency lotteries such as daily play, to verify the age of customers before they can participate in such lotteries. Instant win lotteries are a higher risk product than draw-based lotteries due to the frequency and intensity with which customers can participate in such products.
We also proposed that such lotteries should verify the age of customers before allowing them to access any play-for-free versions of lotteries (e.g. scratchcards).
We understand that only a very small number of lottery licensees are likely to be affected by our proposals to amend SR Code 3.2.13. However, any lottery that changed its operational model to start offering free-to-play lottery products, frequent lottery draws or online scratchcards would of course become subject to the proposals.
Do you agree that lotteries should verify the age of customers before they are able to participate in online instant wins/digital scratchcards or any lottery (other than a subscription or low frequency lottery)?
Respondents supported the proposal overall. Licensees from the betting and gaming sectors were in favour of the proposal as they considered that all gambling sectors should be subject to the same requirements. Consequently, they thought that subscription and lower frequency lotteries should also be subject to the requirement to verify age before participation.
A small number of major lottery licensees responded to this question and were supportive of verifying age before participation.
Do you agree that lotteries should verify the age of customers before they are able to access any free-to-play versions of lotteries online (for example, online instant wins or digital scratch cards)?
Respondents were supportive of the proposal overall. Again, several betting and gaming licensees supported this proposal as they thought all licensees across the remote gambling sectors should be required to comply with standardised requirements.
One lottery licensee was not in favour of this proposal, arguing that free-to-play games are not gambling.
We propose to introduce the requirements on age verification for lotteries as outlined in our consultation document. This means that remote lottery licensees- except subscription and low frequency lotteries (as defined in LCCP) - will be required to verify the age of customers before they can:
Our position on free-to-play games and social casino games is outlined in more detail above, in respect of consultation questions 4 and 5.
We continue to view subscription and low frequency lotteries as representing a lower risk to the licensing objectives, and as such it would be disproportionate to introduce the same levels of age and identity verification requirements to such licensees.
For licensees: If possible, provide an estimate of the costs that might be incurred by your business through implementing the proposed changes to SR Code 3.2.13. Such costs might include, for example, technological changes (including software development and associated staff time), familiarisation costs in terms of staff training, or other business impact costs. Please also provide details of one-off costs and any annual or ongoing costs from the proposals.
Only a small number of lotteries responded to this question, which was as expected given that very few lotteries currently offer online scratchcards or higher frequency draws. One licensee said that they would not incur any costs as their systems were already compliant. Another said that they would incur costs in the tens of thousands to implement system changes.
For licensees: How long a lead-in time would your business need to implement technical developments in order to deliver the changes proposed to SR Code 3.2.13?
Again, there were only a couple of responses to this question with one licensee quoting 3 months but another estimating between 6 and 9 months including development and testing.
We have included lotteries’ cost estimates as part of our Business Impact Target (BIT) assessment which we must submit to the Regulatory Policy Committee, as per requirements under enterprise legislation to assess the economic impact on businesses from regulatory change.
We intend to proceed with implementation as soon as possible, to ensure consistency with the changes to verification requirements for remote betting and gaming operators, and therefore to ensure consistency of consumer protections for higher risk remote gambling. The changes to LCCP will come into effect on 7 May 2019.
We would therefore expect licensees to now prioritise their resources to comply with the new LCCP requirements.
Licensees must have and put into effect policies and procedures designed to prevent underage gambling and monitor the effectiveness of these.
Such procedures must include:
Consultation proposal - new licence condition concerning verification of customer identity – applying to all remote betting, gaming and lottery operators (except any lottery licence the holder of which only provides facilities for participation in low frequency1 and subscription lotteries)
As the proposed new provision aims to support all three of the licensing objectives, we considered it appropriate to deliver the requirement via a general licence condition rather than a social responsibility code.
The following questions sought to obtain views on the new proposed condition, including views on the proposal for requiring licensees to match the name associated with a payment method to the name of the account holder.
Do you agree that remote licensees should verify, as a minimum, the name, address, date of birth and email address of their customers before they are permitted to gamble?
The majority of consumers agreed with the proposal, as long as verifying these data points would prevent licensees from using identity verification as a reason to delay the withdrawal of funds. Other consumers agreed and asked that all verification was done up front and that licensees clearly specified what other details they would need.
Some other consumers also said they would support bank or affordability checks, to help operators identify problem gambling. Others thought the proposal would lead to better identification of duplicate accounts, thus leaving only genuine ones.
Licensees were generally in favour of verifying name, address and date of birth (and noted that these data points are generally accessible at the same time as attempts to verify age). However, licensees were almost unanimous that verifying an email address was unhelpful in verifying a customer’s identity. They argued that no service currently exists to comprehensively verify emails, and it would therefore be a disproportionate burden to business given the limited regulatory benefit.
A couple of licensees disagreed with the proposal and instead argued that identity should only be verified on a risk-sensitive basis.
We intend to introduce the licence condition to require licensees to verify the name, address and date of birth of their customers. We are however persuaded by the arguments that email addresses are not helpful for verifying an individual’s identity. We note licensees’ concerns that email addresses can be deleted with ease, that a customer can create a new email address or communicate from several addresses, and that independent verification of an email address is difficult. As email verification is unlikely to be sufficiently reliable in establishing the identity of an individual gambler, we will not include a requirement to obtain and verify email.
However, SR Code 3.5.3 requires licensees to take all reasonable steps to prevent a self-excluded customer from gambling, and obtaining an email address from the customer will normally be an essential component of meeting this requirement. Further, licensees are reminded that obtaining (but not verifying) email addresses is essential for Gamstop (opens in new tab), the online multi-operator self-exclusion scheme, to operate. More generally, the ID verification undertaken by licensees before allowing customers to gamble would need to be sufficient to enable Gamstop, and licensees’ own self-exclusion schemes, to be effective (ie someone shouldn’t be able to gamble until their identity has been established by the licensee).
We are not satisfied that basic identity verification should only be left to the discretion of licensees on a risk-sensitive basis. We outlined in our Online Review and in the consultation – and with reference to the enforcement cases we have undertaken – that some remote licensees are not currently doing enough to verify the basic identity details of their customers, and that this was exacerbating risks to the licensing objectives. It is therefore important to introduce these minimum requirements for verification to mitigate risks where some licensees have been unable to do so.
Do you agree that licensees should obtain and verify any further information they might require (in particular, information to enable customers to withdraw funds promptly from their accounts, or to enable multiple accounts to be related to one another) before permitting customers to gamble, and where practicable to do so?
Many consumers backed the proposals to obtain further information before permitting gambling. Some approved only as long as the proposal would prevent delays to withdrawing account funds, and that licensees were required to be more transparent. There was strong support for requiring licensees to complete all verification checks at account opening, and some suggested that licensees incorporate affordability or problem gambling checks and limit setting.
Of those consumers against the proposal, the main concerns mentioned were that there should be limits on what documents are requested by licensees, and that the verification of name, address and date of birth at account opening should be sufficient. There was also concern that any information would be misused to delay withdrawals.
Licensees were generally against this aspect of the proposed licence condition, advising that they request additional information from customers only when it is necessary, and that requesting information which may never be needed is contrary to data protection laws. Other licensees noted that although there should not be a delay to withdrawing funds, there needs to be due consideration of the checks needed to identify multiple accounts, the need for enhanced customer due diligence (EDD), and source of funds (anti-money laundering (AML) and proceeds of crime (POCA) checks, and that if further information is requested it may lead to customers gambling elsewhere.
Several licensees appeared to think that the purpose of paragraph 2 of the condition was to require them to bring forward all customer checks to the point of on-boarding – essentially, that the Commission was requiring enhanced customer due diligence before gambling, and at the point of account registration. This appears to have been a misinterpretation of the words “any other information” in the draft condition, and that this could mean anything the licensee could need to obtain on a customer.
The original draft of paragraph 2 that appeared in the consultation was as follows:
“If a licensee requires any further information about a customer, including (but not restricted to) circumstances where further information would be required in order to:
a) allow a customer to promptly withdraw funds from their account on request (provided there are no other legal obligations which prevent withdrawal); or
b) enable a licensee to relate each of a customer’s accounts to each of the others, where the licensee allows customers to hold more than one account with them (and, where relevant, to enable the licensee to relate accounts held with other companies in the group company), such information must, where practicable, be obtained and verified before the customer is permitted to gamble”
We acknowledge that several licensees appear to have interpreted “any further information” as a requirement effectively to have undertaken all enhanced due diligence measures before a business relationship with a customer commences, notwithstanding duties to conduct ongoing monitoring.
In drafting paragraph 2 above we were primarily trying to ensure that customers are not unfairly inconvenienced by licensees requiring further information from them, as a condition of withdrawal, only at the point they ask to withdraw funds from their account and when the licensee could reasonably have requested that information earlier.
We think it is essential for LCCP to reflect our original intention, particularly given the very high levels of consumer concern about unfair withdrawal practices. Due to the misunderstanding among licensees, we have re-drafted paragraph 2 to make it more explicit about what we are trying to achieve. We will replace the above draft of paragraph 2 with the text below in the licence condition:
“A request made by a customer to withdraw funds from their account must not result in a requirement for additional information to be supplied as a condition of withdrawal if the licensee could have reasonably requested that information earlier. This requirement does not prevent a licensee from seeking information on the customer which they must obtain at that time due to any other legal obligation”.
“Additional information” means anything in addition to information required to verify the name, address and date of birth of the customer, as required by the preceding paragraph in the condition.
The key outcome of paragraph 2 as re-drafted is that licensees ask their customers for any additional information promptly where they have identified a need for additional information based on their risk assessment, and that such additional information should not be requested solely at the point of withdrawal. This is consistent with AML regulations and our published guidance on AML and POCA which require ongoing monitoring of customer relationships and that risks are considered by the licensee at all stages of the relationship.
For clarity, licensees should on an ongoing basis be identifying whether it is necessary to obtain additional information from the customer. It may be necessary to verify information at the outset of a relationship. Conversely, the need for information may sometimes only be identified later in a relationship, for example in response to identified transactional patterns. In any case, where that need has been identified, the information should then be requested promptly. By way of contrast, it would be inconsistent with our requirements to, for example, permit a customer to continue to gamble until (and if) they try to withdraw funds without any inquiry into the risks of criminality until that point, despite the fact that such risks were evident earlier in the customer’s gambling history
From a compliance point of view, we will explore on a case-by-case basis whether a licensee could or could not reasonably have requested information earlier, in the specific circumstances. Licensees would not be expected to ask for all enhanced due diligence information which might possibly be needed before a relationship begins. “…..reasonably requested that information earlier” refers to the ongoing business relationship and the need to ask for information on a risk-sensitive basis, for example as per the duties under AML.
“At that time” refers to the time that the withdrawal request is made. A licensee would not be able to rely on “this requirement does not prevent … any other legal obligation” where information could reasonably have been requested earlier. But this provision does acknowledge that there will be circumstances where an identifiable risk (for instance relating to money laundering) only emerges later in the relationship, or for example where another enforcement body requires the licensee to terminate transactions with the customer subject to information being verified.
In reviewing the original draft of paragraph 2, we no longer consider it necessary for the condition to make any reference to “enable a licensee to relate each of a customer’s accounts to each of the others…” as appeared in the original draft. This is because existing Social Responsibility Code 3.9.1 already covers this expectation. As SR Code 3.9.1 requires a licensee to have policies and procedures in place to identity multiple accounts held by the same customer, these procedures might in any case necessitate the licensee making prompt requests for information in order to achieve this.
Do you agree that licensees should be able to provide assurance to the Commission that they have verified the identity of all of their existing customers?
Some respondents approved of assurances being reported to the Commission. Of those in favour, some were of the view that licensees should re-verify all active customers when the changes come in. Others suggested that the wording of the condition should be changed to include ‘at the point that the account is created’.
Most licensees thought it would be wholly disproportionate to require them to verify inactive (dormant) accounts as this would be very costly and resource intensive. Others noted that proactively verifying all active accounts would be similarly costly. Some licensees suggested that they should keep their systems under review on a risk basis but did not agree that it should be a mandatory requirement to verify existing customers.
Other licensees advised that assurance on identity verification could be given for all new and existing active customers, but that it would not be appropriate for the Commission to require accounts to be frozen until the latter type had been verified.
We agree that there is very little benefit, in terms of the licensing objectives, in verifying inactive customers who may not conduct any further gambling activity with the licensee. We also acknowledge that it would be disproportionate to require licensees to have verified all their active customers in advance of the changes to LCCP taking effect.
However, from the point the LCCP changes take effect on 7 May 2019, where a licensee has not yet verified the name, address or date of birth of any existing customer, they will be expected to do so before that customer next gambles with them. This will be necessary to meet the requirement of the condition that “licensees must obtain and verify information in order to establish the identity of a customer before that customer is permitted to gamble”.
Licensees should therefore be able to assure the Commission that each customer that has gambled with them since the condition came into effect (ie since 7 May 2019) has been verified in accordance with the condition.
This approach avoids the need to distinguish between active and inactive customers, insofar as any inactive customer that reactivates their account by trying to gamble would become an active customer again and would need to be verified before gambling (if not already verified). Equally, any active customer whose account becomes dormant before the changes to LCCP take effect would not need to be verified until they reactivated.
Do you agree that licensees should be required to verify that an account holder’s identity matches up with the name linked to the payment method they use (for example, that the name associated with a debit card matches the verified name of the gambling account holder)?
Does the Commission need to consider introducing any other arrangements to address any practical issues arising from this proposal?
For licensees: What barriers might licensees face in meeting the proposed requirement to verify that an account holder’s identity details match the payment method they use? What changes might they might need to make to their systems or contracts with third parties to be able to verify such information?
Questions 16, 17 and 18 all broadly covered the same subject matter, so we have aggregated the responses to these questions.
Many consumers supported a requirement for licensees to match an account name to the name on a payment method. Some licensees and third parties also supported the proposal on the basis that it would tackle crime and fraud.
However, most licensees opposed this proposal on the basis that complying with the requirement is not currently possible. In short, they stressed that the cardholder’s name is not verified during a card transaction process. Some third-party solution providers, although agreeing with the principle of the proposal, also noted the current limitations that cardholder name is not verified during payment.
For Q17, some thought that the Commission should work with the payments industry and banking sector to better understand the issues involved and help inform our work going forward. Some suggested that customers should have to make a positive affirmation that the card they are registering belongs to them as the verified account holder.
Q18 was an open question for licensees. Responses to this question again noted the barriers to the proposed requirement, given that the card verification process does not support name matching. Others noted that increasingly strict privacy laws make it harder to obtain and retain identity details.
Some licensees noted that many payment methods do not require a payer’s name, such as prepaid cards and e-wallets, and queried how such payment methods could be verified effectively. Respondents suggested that the Commission facilitates discussions with relevant parties to ensure all information and options were available for licensees to review and assess.
Some consumers stated their concerns that problem gamblers may try to use cards fraudulently, and some presumed that there would already be standard checks by licensees in monitoring the names associated with payment methods.
The purpose of this proposal was to reduce the risk of fraudulent card use for gambling, including where problem gamblers have used a family member’s card without consent. We note however the concerns raised by licensees and third parties, and we engaged with payment services experts as part of the consultation process to understand the challenges.
We understand that this proposal is not currently viable because the payer’s name is not verified during the payment authorisation process, and as such, no online retailer or merchant can access any verified cardholder name details from a payment transaction. Remote gambling licensees therefore cannot verify that the payer is the same person as the gambling account holder. Given these constraints, we do not intend to introduce this requirement into the new licence condition.
We note however that the second Payment Services Directive (PSD2) will provide more possibilities for merchants to have better assurance that a card is being used by the named cardholder during a transaction. Under the Directive, ‘Strong Customer Authentication’ (SCA) processes will require a customer to verify their identity for online purchases. This might involve anything from biometrics to stronger security question authentication. SCA processes will be rolled out over the coming year in readiness for when the regulations come into full force on 14 September 2019.
We understand from problem gamblers’ own testimonies that the use of ‘borrowed’ cards may be a prevalent issue, and from a harm prevention perspective we will continue to consider our policy approach. While our original consultation proposal is not technologically achievable at this stage, we will conduct further work in this area once PSD2 takes effect in order to understand the impact of the SCA controls and the levels of assurance around verification that they afford to online retailers.
In the meantime however, while we do not intend to introduce a provision into LCCP at this stage on payment/account name matching, licensees should still consider how they can use the information available to them to mitigate risks as part of their fraud prevention processes as online merchants.
For example, if a licensee requires its customers to input ‘cardholder name’ details as part of the payment journey then it could conduct basic in-house checks to query any circumstance where the cardholder name keyed in clearly does not match the name of the verified gambling account holder. This could help to flag the need for further checks on certain customers when they add additional payment cards.
Online merchants can of course be liable for any fraudulent card transactions, so in addition to any measures they take to minimise the risk of fraud (such as the use of an Address Verification System, requirement for the card security code, along with any verification measures provided by the issuing bank), licensees should consider how they can disrupt the payment journey – for their own benefit as well as protecting the licensing objectives - where they identify a heightened risk of unauthorised card use.
Do you agree that the proposed condition on customer identity verification should apply to online lotteries (other than subscription and low frequency lotteries)?
Respondents strongly agreed with this proposal, and betting and gaming licensees were of the view that the condition should apply to all types of remote gambling. Some online lottery licensees stressed that society lotteries are low risk and this proposal could be a disproportionate burden on their sector.
The Lotteries Council and a lottery licensee asked us to clarify the wording for how the proposal on identity verification would be disapplied from low frequency and subscription lotteries.
We intend to proceed with our original consultation proposal that the new condition on identity verification will apply to lotteries except subscription and low frequency lotteries (as defined in LCCP).
We acknowledge the concerns of the Lotteries Council about our wording of the application of the proposed condition. We will therefore clarify that the requirements will apply to all remote lotteries “except any lottery licence the holder of which only provides facilities for participation in low frequency or subscription lotteries….”
We continue to view subscription and low frequency lotteries as representing a lower risk to the licensing objectives, and as such it would be disproportionate to introduce the same levels of identity verification requirements to such licensees.
For licensees: If possible, provide an estimate of the costs that might be incurred by your business through implementing the proposed condition. Such costs might include, for example, technological changes (including software development and associated staff time), familiarisation costs in terms of staff training, or other business impact costs. Please also provide details of one-off costs and any annual or ongoing costs from the proposals.
This was an open question for licensees. Consultation question 7 asked licensees to estimate costs incurred in respect of the proposed changes to SR Code 3.2.11 and most licensees who answered questions 7 and 20 provided aggregated estimates for the costs that would be incurred from both the changes to age verification and the proposed licence condition on identity verification. This was because the systemic and procedural changes necessary would be done simultaneously by the licensees to reflect both proposals.
As with the costs outlined in respect of question 7, therefore, projections varied significantly, with some licensees quoting figures in the tens of thousands and other figures being in the hundreds of thousands. Some argued in response to both questions that the risk of losing customers to unregulated markets due to delays in on-boarding could cost millions. Some licensees quoted on the basis that they would (whether voluntarily, or in misunderstanding of the proposal) pursue systemic changes based on verification at the point of registration rather than just verification before gambling.
Several licensees stated that the costs of verifying email addresses would be significantly greater than the costs of verifying the other data points proposed in the condition. One licensee stated that they would incur no additional costs as they already pursue verification to an extent that would comply with the proposals. Others advised that the most significant costs would be incurred if retrospective work is necessary for existing customers or, in particular, if it was necessary to verify the name associated with the payment method.
Given the wide range of costs estimated by licensees in respect of age and identity verification, we also sought some estimates of costings from third-party identity verification solution providers. We have considered the costs estimated by licensees, totalling those projected for both age and identity verification, and taking account of our position that we no longer intend to require emails to be verified nor that the name associated with the payment method used to fund gambling be matched to the verified account holder.
We consider that the median of the costs estimated does not represent a disproportionate cost when set against the regulatory risk that these measures will address. We note that some licensees will be pursuing more robust and more expensive systemic changes that aim to verify their customers at the point of registration. We are required to assess the economic impact of our regulatory provisions that will require the verification of age before a customer can deposit or gamble, and the verification of identity before they can gamble, and we will submit a Business Impact Target (BIT) assessment to the Regulatory Policy Committee as per requirements under enterprise legislation.
For licensees: How long a lead-in time would your business need to implement technical developments in order to deliver the requirements of the proposed condition?
Consultation question 8 asked licensees to estimate the lead-in time they would need in respect of the proposed changes to SR Code 3.2.11, and most licensees who answered questions 8 and 21 provided a total lead-in time to deliver changes on both age verification and the proposed licence condition on identity verification. This was because the systemic and procedural changes necessary would be done simultaneously by the licensees to reflect both proposals.
Some licensees advised that their systems already comply with the proposals, and they would not need any development time. Some licensees thought they would only need a few weeks, but licensees typically stated between 3 and 6 months to implement the changes. There were some outlier estimates of 9 to 12 months.
One licensee responded that they would need a minimum of twelve months to upgrade all existing active customers to the new levels of verification. Other licensees responded that it was not possible to answer this question at this point and that more information would be needed on the final proposals.
We have considered the information from licensees around lead-in times but have also taken account of the arguments made by consumers around the need to deliver improvements to consumer protection and fairness.
We intend to proceed with implementation as soon as possible, meaning that the changes to LCCP will come into effect on 7 May 2019. In reaching this view we are mindful that licensees have been aware of our direction of travel on verification since our proposals were first outlined in our Online Review in March 2018, and that the remote sector has been subject to a number of enforcement cases (the outcomes of which have been publicised) where we have been clear in our expectations that the wider remote sector learns lessons from these cases. We therefore expect licensees to prioritise their resources to be able to comply with the new LCCP requirements.
For licensees: Specifically, how long might it take you to implement any necessary changes to your systems to ensure that you can verify whether an account holder’s identity details match the payment method they use?
Several licensees gave varied lead-in time periods between 6 months and 12 months.
Other licensees responded that it was not possible to answer this question at this point as the service is currently not available or until there exists a suitable technical solution that will meet the proposed requirement.
As outlined above under our position in respect of consultation questions 16, 17 and 18, we no longer propose to require licensees to verify that an account holder’s identity details match the payment method they use. We will conduct further work in this area as PSD2 is implemented, and we also expect licensees to consider how they can use information that is available to them to minimise the risks of fraud.
Do you have any other views that you think the Commission should take account of as part of this consultation, and which are not covered specifically by any of the consultation questions previously?
A small number of consumers thought that verifying ID would be an invasion of their privacy, while some called for licensees to use a standard verification process with uniform ID.
One licensee noted that consideration needs to be given to emerging technologies such as geo-tagging. There was also a call from some licensees for the Commission to offer more guidance, especially on what forms of ID it considers acceptable. Some licensees were concerned that the proposed changes will negatively impact the customer experience, and it would add a delay to the registration process.
We do not intend to prescribe a uniform methodology for verification. Most licensees rely on third party providers such as credit reference agencies or identity management specialists for the sources of data necessary to verify identities. We understand that in some cases, the results from an initial check of third-party databases provide a licensee with certain confidence levels about the quality of an identity match, rather than a simple binary result as to whether or not identity has been verified. Licensees may therefore need to ask the third party to interrogate further data sources in order to achieve higher confidence levels. The verification process can therefore be nuanced and, as the data sources are not proprietary to licensees, prescribing a method of verification by the Commission would effectively require us to regulate or mandate the third-party solutions accessed by licensees, which would be inappropriate for us to do.
What we require is that the outcome of the verification process is that the licensee is satisfied that it has, as robustly as possible, established the identity of the customer, and that the licensee could demonstrate to the Commission what it has done to satisfy itself as to the verification of that person’s identity.
Identity verification should at least be robust enough to give the licensee assurance that the customer exists and that their name, address and date of birth all link to the individual. As we outlined in our Online Review, it is essential for a number of regulatory reasons that the identity of customers is verified before gambling. For example, verification before gambling would make the licensee better placed to identify where multiple accounts are held by the same individual. It would also make self-exclusion processes more effective by ensuring that a person registered with the multi-operator self-exclusion database is the same person whose identity has been verified by the licensee. More generally, verification before gambling will also make the licensee better equipped to identify and mitigate the risks of criminality and the risk of harm to the individual.
Where interrogation of databases fails to establish satisfactorily the identity of a customer, the licensee may have recourse to other electronic solutions or they may simply require the customer to provide them with identity documents such as a passport, driving licence or recent utility bill. Again, the Commission does not intend to prescribe a list of acceptable forms of ID because such lists may go out of date as new forms of government-issued ID documents come into being, or where other technological solutions entering the market are robust enough to verify identity by other means.
However, the licence condition will contain a requirement for remote licensees to inform their prospective customers as to what types of identity documents or other information the licensee may need the customer to provide, the circumstances in which such information might be required, and the form and manner in which such information should be provided. This information should be available to the customer before they deposit money, so that they have the choice of whether or not to proceed.
Where, for example, a licensee might require a prospective customer to provide notarised identity documents as part of the verification process, the licensee will therefore be required to be transparent to those prospective customers about the potential need for notarised ID before that individual goes on to deposit.
We acknowledge that some licensees expressed concern about the delays to the customer sign-up process that may arise from the new requirements on verification. However, the responses received to our consultation from consumers strongly indicate that many would clearly prefer to experience any delay due to identity verification during the registration process than experience delays for the same reasons in the process of withdrawing funds.
All remote licences (including ancillary remote betting licences in respect of bets made or accepted by telephone or email), except any lottery licence the holder of which only provides facilities for participation in low frequency2 or subscription lotteries, gaming machine technical, gambling software, host, ancillary remote casino, and ancillary remote bingo.
Licensees must obtain and verify information in order to establish the identity of a customer before that customer is permitted to gamble. Information must include, but is not restricted to, the customer’s name, address and date of birth.
A request made by a customer to withdraw funds from their account must not result in a requirement for additional information to be supplied as a condition of withdrawal if the licensee could have reasonably requested that information earlier. This requirement does not prevent a licensee from seeking information on the customer which they must obtain at that time due to any other legal obligation.
Before permitting a customer to deposit funds, licensees should inform customers what types of identity documents or other information the licensee may need the customer to provide, the circumstances in which such information might be required, and the form and manner in which such information should be provided.
Licensees must take reasonable steps to ensure that the information they hold on a customer’s identity remains accurate.
Our review of online gambling stated our intention to consult on requirements for licensees to set limits on customers’ gambling activity which could only be changed once the licensee had further verified information about the customer.
We are not proposing at this stage to introduce a specific licence condition or code to require mandatory account limits. However, we asked consultation respondents to provide us with information or evidence of good practice that helps licensees and customers to ensure gambling remains fair and safe. We asked for evidence both in terms of existing practice and what is possible, and which could later inform specific proposals on mandatory account limits to strengthen provisions for preventing gambling-related harm.
What are licensees able to do to ensure they know enough about a new customer to assist them in preventing that customer from experiencing gambling-related harm?
The majority of consumers who responded to this question said that licensees could ask for financial information such as source of income or perform credit checks to assess how much a customer could afford to spend. A small number of respondents said that credit checks may not be appropriate and performing them could have detrimental effects on customers’ credit profiles. Some also thought that licensees could monitor a customer’s patterns of play. One respondent said that there is technology available to allow gambling behaviour and gambling transactions to be shared across different licensees, through open wallets.
The RGA noted that it is currently developing an affordability model for online licensees to use which would include thresholds and involve data sources such as individual economic data and socioeconomic data.
Some licensees advised that they could consider financial information found on ID verification searches. This could include any negative financial information such as CCJs, and a general credit score. Another licensee suggested performing an income check. One licensee raised concern that carrying out credit checks can leave a ‘footprint’ on a consumer’s credit file, and this can be detrimental to the consumer.
A handful of licensees are considering conducting problem gambling and general surveys, at account registration. One licensee suggested that this should however be preceded by a mandatory limit being set prior to gambling.
Another licensee suggested using data from the Office of National Statistics (ONS) to determine a median salary or disposable income for an area, to assess affordability. They suggested that this could be done if a customer sets a deposit limit or where deposits greater than £300 are made (which are monitored and investigated in real time by the licensee).
What types of information are you able to access that could help inform you as to how much a new customer might be able to afford to gamble?
Most consumers responded that licensees could access information relating to a customer’s financial circumstances, such as showing bank statements, proof of income, and credit checks.
Third party providers suggested that licensees could analyse income and expenditure, with a number suggesting using socio-demographic data, or negative financial information to form an understanding of affordability. One provider explained that there is the ability to perform affordability checks through open banking. Another respondent said that a customer’s lifestyle could inform a licensee about how much they could afford to gamble.
A small number of licensees responded that they could access information from social media profiles to help inform them as to how much a customer could afford to gamble, specifically Twitter, Facebook, and LinkedIn. Licensees did note however that although they could use this data, the information gathered can be unreliable.
Other licensees suggested asking a customer for source of wealth and income, however not all mentioned how and when they would request this. Some highlighted the intrusion and restrictions of asking for this information, and others mentioned that this data would be asked for when a “customer exceeds a certain amount of money.”
One licensee stated that it had developed an algorithm which looks to predict an estimate for weekly disposable income based on ONS data; this is still being tested.
How do you try to get to know a customer’s gambling preferences from a commercial perspective (for example, the markets they like to bet on, what days of the week they like to bet, whether they participate in betting and gaming) and can this information assist you in assessing the risk of the customer experiencing harm?
Some consumers were concerned that licensees could use this information to encourage people to gamble more.
Some responded that the analysis of betting patterns could help licensees to identify any markers of harm.
To understand a customer’s gambling preferences from a commercial perspective, one licensee uses RFM (Recency, Frequency, Monetary Value) analysis. RFM analysis looks at recency (how recently a consumer has gambled and purchased), frequency (how often a consumer has gambled and purchased), and monetary value (how much the customer spends). This analysis is a quantitative system and aims to determine whether consumers will respond to marketing offers. The licensee also noted that a similar quantitative system can be applied to assess average gambling behaviour and intervention can be applied to players operating at the extreme of the normal distribution curve.
Several licensees advised that they use behavioural and transactional markers including:
One licensee explained that being a VIP significantly increases the frequency of bonus requests. Another highlighted the use of customer segmentation within the database i.e. to split customers into groups based on their behaviours such as product preferences, bet frequency and value.
Few licensees outlined how this information could be used to mitigate the risk of a customer experiencing harm. Some advised that this information allows licensees to develop a basic pattern, and then identify any changes and intervene if needed.
What information from your customer retention strategies could help to inform you about individual customers?
Responses from third party providers highlighted that information from bonusing can help licensees understand a customer’s propensity to bet.
Licensees answered that the information gathered from their customer retention strategies can inform them about an individual customer’s gambling preferences, including:
What behavioural risk indicators or markers of harm are present or could be detected very early on in a relationship with a new customer; and which might inform the basis of account limits to prevent harm?
Some consumers suggested that patterns of loss could be a risk indicator or a behavioural marker. Others suggested the use of high interest credit cards and failed account deposits (although that the latter could be a genuine mistake) could be risk indicators or behavioural markers.
Third party providers suggested a mixture of technical and financial checks. These could include velocity and inconsistency checks, capturing the customer’s device and IP details, and assessing any negative financial information.
Other examples of markers of harm included:
The RGA noted that markers of harms and indicators of risk will vary between different licensees. This could be because the science behind the types of markers and their relative usefulness of markers is still developing. However, the association is aware that many licensees use the PwC research that was undertaken on behalf of GambleAware as a benchmark for their markers of harm.
The majority of licensees responded with similar behavioural risk indicators or markers of harm:
What elements of relevant research or industry good practice (for example, the RGA Behavioural Analytics Good Practice) have you implemented, and what are you finding most effective?
Several licensees have implemented elements of research and or industry good practice. These include:
The majority of licensees have found the PwC research and the RGA guidelines useful for developing their analytical tools and their algorithms.
The RGA noted they have developed a good practice guidance paper and are intending to update this document in the coming year.
Have you conducted any research among your own customer base?
Did the research generate any information that could inform your harm prevention strategies?
For question 30, most licensees stated they had not conducted research amongst their customer base, although a small proportion had.
Some licensees have conducted a substantial amount of research exploring responsible gambling and markers of harm. One licensee had sent a survey to approximately 77,000 active customers. Their behavioural trigger model is based on the analysis of this survey, as well as existing customer behaviour.
One licensee has conducted a large amount of research including the effectiveness of responsible gambling tools, and the types of tools customers want (e.g. different tools included nudging, limiting and stop tools). Research was also conducted around chosen payment methods, why a customer prefers their chosen payment method and how customers wish to be contacted.
One respondent stated they are working with clients to conduct analytical assessments of customer spending patterns, including when interactions were made, when responsible gambling functionalities are imposed and then working to improve and prevent issues at an earlier stage.
In answering question 31, the majority of licensees have used the relevant information to inform their harm prevention strategies, and initial findings have shaped how they interact with customers and provided insight on more effective ways to interact. Several licensees have used the findings to improve their responsible gambling algorithms, and general responsible gambling tools.
Are there opportunities to collaborate with other licensees to run harm prevention-focussed research among your respective customer bases?
The majority of licensees said that there are opportunities to collaborate with other licensees to conduct harm prevention-focussed research among their respective customer bases. The RGA advised that it regularly facilitated opportunities for licensees to collaborate with each other.
Most licensees have been involved in collaborating with other licensees to run harm-prevention research with the RGA, in particular the RGA algorithms working group and other groups. Licensees have also been involved in collaborative research conducted by PwC through its pilot, and Senet. One licensee stated it had collaborated with another to deliver a Level 2 qualification in player protection.
One respondent was of the view that research needs to be led by the larger licensees who should be leading by example, to assist smaller licensees who may not have the material or technical expertise/resource.
What information have you already acquired from the application of any limits on your customers’ accounts?
What information have you gathered from your enforcement of these limits as part of your customer interaction processes?
Licensees outlined the following information from the application of limits on customer accounts.
Another licensee found that when they speak to new customers about the availability of deposit limits, take-up increases by 4%. Conversely, another licensee found that customers are reluctant to have limits imposed on them for responsible gambling purposes. Finally, one licensee has inconclusive findings for the effectiveness of limits, noting that customers who have limits imposed on them are less likely to adhere to the limits than customers who choose to set a limit of their own choice.
Some licensees have noted that following an exclusion their returning customers are restricted by them to an enforced daily deposit limit of £50 for the first 24 hours. One of the licensees explained that it currently has 292 active returning customers, and 247 of these still have active deposit limits set. 70 of the 247 consumers still have the £50 daily limit set.
One licensee has been using mandatory deposit limits since June 2018 and these can be imposed on consumers so that limits cannot be removed, and a maximum cap is put in place. The licensee has begun trialling limits as a problem gambling intervention, and it is looking to introduce it to at-risk groups such as 18-24-year olds and returning self-excluded customers. On reviewing the customers behaviour following the application of a limit, the licensee has seen that following the spike in behaviour which ultimately led to the enforcement of the limit, customer behaviour falls to below the previous (pre-problematic levels) and does not trend back upwards.
Do you consider socio-demographic or economic data, that is not specific to the customer’s identity, but which could help to inform an assessment of what they might be able to afford to gamble? (e.g. postcode deprivation indices)
And could these be used to inform limit setting?
A large number of licensees said that they consider socio-demographic or economic data that is not specific to the customer’s identity. As mentioned previously, the RGA is currently working on an affordability model which would take socio-demographic data into consideration during an affordability assessment.
Some licensees were conscious that socio-demographic data has limited accuracy or specificity for the individual, and therefore does not offer a current reflection of a consumer’s current financial situation. Other licensees gathered and considered such data (including postal address) during further due diligence, with others beginning a trial of postcode affordability data or building an algorithm which looks to predict an estimate for weekly disposable income based on data from the ONS, although these are yet to be tested. One licensee stated that they use this data during account review, especially if a customer is spending a large amount, is a young person, or is a student. In these cases, source of wealth is asked for and this is usually as part of the AML or responsible gambling process.
The majority of licensees thought that socio-demographic and economic data could be used to inform limit setting.
Do you verify any economic information specific to the customer (e.g. credit scoring data, employment history or indicators of income and expenditure) as part of your risk’s assessment?
Many licensees verify economic information that is specific to the customer as part of their risk assessments, although a large number of licensees did not answer this question.
A number of licensees stated that they verify economic data that is specific to the customer for responsible gambling or AML processes and this is done on a risk-sensitive basis. Another licensee carries out these checks on a risk-based approach according to deposit or loss levels.
However, several licensees maintain that economic data has to form one part of the overall assessment as each customer is different. One licensee is investigating the possibility of using credit score data to assist with new customer affordability assessments. The same licensee uses economic data such as title deeds, CCJs and employment indicators during enhanced customer due diligence checks. Another licensee stated they it asks for source of wealth and bank statements.
Do you monitor the use of gambling management tools from the outset of the relationship, and what do these tell you about the customer?
The vast majority of licensees noted that the use of gambling management tools, such as the increase or removal of limit settings and time outs, are indicators of harm, and these actions do trigger responsible gambling interactions. One licensee did note however that a customer who changes their deposit limit frequently or utilises timeouts regularly may well be using gambling management tools to appropriately manage their gambling and such usage or changes may not always be indicators of risk. However, the use of gambling management tools does help to build a picture about how a customer responsibly manages their play.
The RGA is aware that several licensees are continually monitoring the use and effectiveness of their gambling management tools.
What do you think of the idea of gambling businesses setting limits on a customer's gambling until they know more about them?
What information should a gambling business use to decide whether to change or remove a limit?
The majority of respondents had negative views about gambling businesses setting limits on a customer’s account until they know more about their nature and purpose. The responses included a large number of consumers who were concerned that this would be abused by licensees (as licensees could exploit this to unfairly limit the activity of customers who win) and several respondents argued that this would be very intrusive.
However, there were several respondents who thought that licensees applying limits onto a customer’s account would be a good idea, with some respondents agreeing with the concept in certain circumstances.
Nearly half of the consumers responding were against gambling businesses gathering information before changing a limit on a customer’s account, with the most common response being that it is the “responsibility of the customer” to not only apply their own limits but to make any subsequent changes to those limits.
Of the responses that were positive towards this idea, the majority focused on financial information, with suggestions being that licensees could perform income checks, credit checks, ask for occupation details, or request bank statements. Other suggestions were that licenses assess the time spent gambling and the size of a consumer’s loss.
We welcome the responses to these questions from licensees, consumers and third parties, and we will use the feedback to continue to develop our work in this area. We will continue to engage with remote gambling licensees and encourage them to collaborate in developing approaches to assess the levels of gambling that a customer might be able to afford. This will form part of our broader work with licensees and financial institutions to better understand the range of accessible data and how it could inform mandatory limit setting, before we consider consulting on options at a later date.
We note the concerns raised by consumers regarding the purpose of any such checks, and the related issues of data security and privacy. In progressing our work in this area, we will consider the balance that may be needed between allaying these concerns and the opportunities for stronger consumer protections that could be delivered.
We will consider the responses submitted as part of this call for information when reviewing and updating our customer interaction guidance, and we will publish a consultation on the customer interaction elements of LCCP in February. Licensees should take account of the details submitted as part of this call for information, as outlined in this section, when reviewing their own approaches to harm prevention.
The new condition and amended code provisions will come into force on 7 May 2019.
All remote licences (including ancillary remote betting licences in respect of bets made or accepted by telephone or email), except lottery licences, gaming machine technical, gambling software, host, ancillary remote casino, and ancillary remote bingo licences.
Licensees must have and put into effect policies and procedures designed to prevent underage gambling and monitor the effectiveness of these.
Such procedures must include:
All remote lottery licences
Such procedures must include: