Bonne Terre Limited t/a SkyBetting and Gaming Public statement
Self-exclusion: remote social responsibility (SR) Code 3.5.3
- Prevent self-excluded individuals from participating in gambling – breach of SR Code 3.5.3(1)
- Prevent marketing material being sent to self-excluded customers – breach of SR Code 3.5.3(2)
- Return funds to customers who have entered self-exclusion agreements – breach of SR Code 3.5.3(5)
March 2018 Operators are expected to consider the issues here and review their own practices to identify and implement improvements
Bonne Terre Limited Executive summary
This case concerns Bonne Terre Limited t/a SkyBetting and Gaming (SBG) who hold a remote operating licence authorising them to provide facilities for remote casino, bingo, general betting standard - real event, virtual event and pool betting.
There were weaknesses in SBG’s self-exclusion function which meant that:
- 736 self-excluded customers were able to open and use duplicate accounts to gamble, between November 2014 and November 2017. This is a breach of Social Responsibility Code 3.5.3(1)
- Around 50,000 self-excluded customers received marketing material, whether by email, SMS or a push notification within an app. This is a breach of Social Responsibility Code 3.5.3(2)
- 36,748 self-excluded customers did not have their account balance funds returned to them on account closure. This is a breach of Social Responsibility Code 3.5.3(5)
In line with our Statement of principles for licensing and regulation, SBG will pay a penalty package of £1,008,600, which includes a payment of £750,000 to charities for responsible causes in lieu of a financial penalty. A breakdown of the regulatory settlement is set out in Section 4.
In determining the appropriate regulatory outcome we took into account, among other factors, SBG’s proactive and timely self-reporting of all issues identified.
Bonne Terre Limited Findings
Breach of Social Responsibility Code 3.5.3(1) – Participation in gambling
Following receipt of one customer complaint, SBG performed a full review of their self-exclusion systems and processes. Their investigation revealed that between November 2014 and November 2017, 7361 self-excluded customers had been able to open and use duplicate accounts to gamble.
This does not comply with the requirements in Social Responsibility Code 3.5.3(1) which states:
- Licensees must have and put into effect procedures for self-exclusion and take all reasonable steps to refuse service or to otherwise prevent an individual who has entered a self-exclusion agreement from participating in gambling.
Upon identification, SBG immediately suspended the accounts and their review identified weaknesses and deficiencies in the tools used to detect duplicate accounts. This enabled selfexcluded customers to open and use duplicate accounts to gamble. In the main, false data was used (eg change of date of birth and post code), although some were able to use the same details.
SBG accept the breach of the social responsibility code in that they did not have, and did not put into effect, a fully compliant system, and did not take all reasonable steps to prevent individuals who had entered a self-exclusion agreement from participating in gambling. This impacted vulnerable customers.
SBG has since improved their duplicate account checks to now capture variations in formatting such as spaces in postcodes and case sensitivities, and payment methods can only be assigned to one account. Daily and weekly reports are now run on customers with single or all-product selfexclusions, and to identify and link accounts relating to the same individual.
Breach of Social Responsibility Code 3.5.3(2) – Marketing material
SBG proactively informed the Commission of three separate incidents where marketing material had been sent to around 50,000 self-excluded customers:
- February 2017 - a marketing email was sent to 2579 self-excluded customers due to a technical systems failure
- March 2017 - a SMS message was sent to 1403 self-excluded customers due to inadequate controls of a manual process
- December 2017 - a push notification for a free-to-play app was sent to approximately 46,000 self-excluded customer devices. This was due to inadequate controls of a manual process and was identified within minutes.
This does not comply with the requirements in Social Responsibility Code 3.5.3(2) which states:
- Licensees must, as soon as practicable, take all reasonable steps to prevent any marketing material being sent to a self-excluded customer.
SBG accept the breach of the social responsibility code. They have now implemented changes to automate database updates every 24 hours to remove self-excluded customer details and to refresh before daily campaign selections proceed. Further, customer data sets are segregated and updated daily to remove self-excluded accounts.
Breach of Social Responsibility Code 3.5.3(5) – Return of funds
Whilst conducting the internal investigation into duplicate accounts, SBG identified 36,748 selfexcluded accounts with outstanding balances. The total balance associated with these accounts was £51,817.
This does not comply with the requirements in Social Responsibility Code 3.5.3(5) which states:
- Licensees must close any customer accounts of an individual who has entered a self exclusion agreement and return any funds held in the customer account. It is not sufficient merely to prevent an individual from withdrawing funds from their customer account whilst still accepting wagers from them. Where the giving of credit is permitted, the licensee may retain details of the amount owed to them by the individual, although the account must not be active.
SBG immediately returned monies where possible, but was unable to return £24,588 either as a result of the account’s registered payment method having expired, or because the outstanding balance was less than £1.00. None of the balances exceeded £4.00.
SBG has now automated the process for return of customer funds, to ensure this is effected within 48 hours of account closure.
Bonne Terre Limited Regulatory settlement
The penalty package consists of:
- Divestment of a total of £241,894 by way of contribution to charities for socially responsible purposes, which is broken down as follows:
- £24,588 – the amount contained in the accounts of self-excluded customers which could not be returned to those customers. This is in addition to the sum already returned directly to affected customers
- £217,306 – the Gross Gambling Yield (profit) from customers who opened and used accounts whilst self-excluded, between November 2014 and November 2017
- A payment £750,000 to charities for socially responsible purposes. This payment is in lieu of a financial penalty which the Commission would otherwise impose for breach of a licence condition in accordance with its Statement of principles for determining financial penalties. The penalty consists of:
- £450,000 for the participation in gambling breach
- £250,000 for the marketing material breach
- £50,000 for the return of funds breach
- Payment of the £16,700 towards the Commission’s investigative costs.
Bonne Terre Limited Conclusion
Our investigation found, and SBG accept, that there were weaknesses in its systems relating to the proper management of self-exclusions, and deficiencies in the tools used to detect duplicate accounts.
In determining the appropriate outcome, we took the following factors into account:
- Proactive and timely self-reporting of all issues identified
- Open and transparent from the outset of the investigation and fully co-operated throughout
- Initiation of thorough internal investigations and proactive action to address identified failings and weaknesses, fully reported upon to the Commission
- Demonstrable insight into the seriousness of the failings
- Proactive divestment of monies which should not have been in the business – the GGY (profit) from duplicate accounts and the closed account balances, rather than awaiting regulatory action
- Admissions made.
Bonne Terre Limited Good practice
We consider that this case provides valuable learning for remote (online) operators. You should consider the following questions to avoid these issues:
- How many details would a self-excluded customer have to change to be prevented from opening a duplicate account? Is it so sensitive as to pick up on spacing and case changes? Is your online registration system sufficiently robust?
- Do you make use of all information available, including complaints, to identify potential procedural weaknesses? Do your customer contact arrangements identify potential failings in your systems, so as to enable prompt investigation and remedy?
- How promptly are details of self-excluded customers removed from your marketing databases, including those held by affiliates?
- Are your data sets ring-fenced to prevent access to self-excluded customers’ details for marketing purposes? Are internal controls and restrictions sufficient?
- How promptly do you return funds to a self-excluded customer? To do so swiftly ensures you have active payment methods available to effect the return.
- Would you have complied with requirements to self-report these events to the Commission?
1 The weaknesses were in existence from September 2007, but the facts and outcome is limited to failings from 1 November 2014, when they were first licensed by the Commission
Last updated: 19 May 2021
Show updates to this content
No changes to show.