Cookies on the Gambling Commission website

The Gambling Commission website uses cookies to make the site work better for you. Some of these cookies are essential to how the site functions and others are optional. Optional cookies help us remember your settings, measure your use of the site and personalise how we communicate with you. Any data collected is anonymised and we do not set optional cookies unless you consent.

Set cookie preferences

You've accepted all cookies. You can change your cookie settings at any time.

Skip to main content
  1. Home
  2. Public and players
  3. Public statements

WHG (International) Limited Findings

The investigation and our subsequent regulatory review found:

  • failings in the Licensee’s implementation of Anti-Money Laundering (AML) policies, procedures and controls
  • deficiencies in its responsible gambling policies, procedures, controls and practices, including weaknesses in implementation.

We found that between May 20204 and 18 October 2021 the Licensee had been in:

Breach of paragraph 1 of licence condition 2.3.1

Licence condition 2.3.1, paragraph 1 states: “Licensees must comply with the Commission’s technical standards and with requirements set by the Commission relating to the timing and procedures for testing”

The Licensee accepted it was not fully in compliance with 2.3.1 as:

  • the Licensee failed to ensure organisation policies and procedures were in place within its trading rooms
  • in the trading rooms there was evidence that certain customer relationships lacked management oversight or control
  • a member of trading team staff who had knowledge of customer’s username and password, placed bets on the customer’s instruction on their online account.

Breach of paragraph 1 of licence condition 12.1.1

Licence condition 12.1.1(1) states: “Licensees must conduct an assessment of the risks of their business being used for money laundering and terrorist financing. Such risk assessment must be appropriate and must be reviewed as necessary in the light of any changes of circumstances, including the introduction of new products or technology, new methods of payment by customers, changes in the customer demographic or any other material changes, and in any event reviewed at least annually.”

The Licensee accepted it breached this licence condition as its ML/TF risk assessment did not sufficiently reflect the Commission’s expectations or fully take into account the Commission’s ML/TF risk assessment of the British gambling industry.

The failings were that the Licensee’s risk assessment did not:

  • make explicit reference to specific risks in relation to TF
  • make specific reference to use of third parties or agents obscuring the source of ownership of money gambled by customers, high monetary thresholds or organised crime gangs’ use of mule accounts5.

Breach of paragraphs 2 and 3 of licence condition 12.1.1

Licence condition 12.1.1 (2) states: “Following completion of and having regard to the risk assessment, and any review of the assessment, licensees must ensure they have appropriate policies, procedures and controls to prevent money laundering and terrorist financing.”

Licence condition 12.1.1(3) states “Licensees must ensure that such policies, procedures and controls are implemented effectively, kept under review, revised appropriately to ensure that they remain effective, and take into account any applicable learning or guidelines published by the Gambling Commission from time to time.”

The Licensee accepted it breached this licence condition as:

  • there were weaknesses and shortcomings in relation to the adequacy and maintenance of its policies and procedures, and their implementation
  • its policies, procedures and controls lacked guidance on appropriate action to take following the results of customer profiling and how its findings should be used to establish the appropriate outcome
  • its procedures and controls lacked hard stops to prevent further spend and mitigate against AML risks before customer risk profiling is completed
  • certain customers were able to deposit large amounts of money without timely Enhanced Customer Due Diligence (ECDD) - a particular example included Customer A who had a net spend of £36,137 before ECDD profiling
  • failure to resource due diligence teams sufficiently following a change in triggers that resulted in a backlog of ECDD reviews to complete
  • it made assumptions the fact certain customers were in a winning position reduced the risk for ML without gathering supporting evidence to support that assertion. In addition, for certain customers the Licensee could not demonstrate it held adequate evidence or could not point to recorded decisions that allowed it to assert a customer’s recycling of winnings reduced the ML risk posed to the business
  • it placed an undue reliance on open-source information and should have taken further steps to corroborate the customer’s Source of Funds (SoF) information
  • there were weaknesses in the documented processes relating to management of a small number of accounts which were directly managed by the trading team
  • AML training delivered to staff provided insufficient information on risks and how they are managed
  • certain customers were able to deposit large amounts of money without the Licensee conducting appropriate know your customer checks:
    • Customer B was able to deposit £71,427 and lose £70,134 without the Licensee having knowledge as to the SoF or occupation details
    • Customer C was a winning customer who was allowed to place bets via the trading team with a lack of appropriate oversight. A lack of depth and frequency of ongoing account monitoring allowed the customer to place bets on behalf of unknown third parties posing a risk to the licensing objectives – the Licensee had information that strongly suggested Customer C was placing bets on behalf of others. The customer was in a winning position of circa £195,000 when the account was suspended in February 2021
    • Customer D had lost £38,000 between 21 April 2021 and 27 May 2021. Although operator profiling established the customer was a sales director, no financial information was gathered
    • Customer E, who registered on 12 March 2021, was able to deposit and lose £36,000 in four days. The Licensee acknowledged it should have acted sooner when the customer deposited and lost significant amounts in the first 24 hours.

Breach of paragraph 1 of licence condition 12.1.2 (Anti-money laundering measures for operators based in foreign jurisdictions)

Paragraph 1 of this condition has been in place since October 2016 and requires that:

“Licensees must comply with Parts 2 and 3 of the Money Laundering Regulations 2007 (UK Statutory Instrument No. 2157 of 2007) as amended by the Money Laundering (Amendment) Regulations 2007 (UK Statutory Instrument No. 3299 of 2007), or the equivalent requirements of any UK Statutory Instrument by which those regulations are amended or superseded insofar as they relate to casinos (the MLR) whether or not the MLR otherwise apply to their business”.

The Licensee accepts it breached this licence condition as the AML failings, set out above, constitute a breach of the 2017 Money Laundering Regulations, namely:

  • regulation 18 required that the ‘the relevant person’ take appropriate steps to identify and access the risks of ML and TF to which its business is subject
  • regulation 19(1)(a) requires that the ‘relevant person’ must maintain policies, controls and procedures to mitigate and manage effectively the risks of ML and TF identified in any risk assessment undertaken by the relevant person
  • regulation 28 (11)(a) requires ongoing monitoring of a business relationship which includes, where necessary, checking source of funds to ensure that the transactions are consistent with the relevant person’s knowledge of the customer, the customer’s business and risk profile
  • regulation 33 imposes an obligation to apply ECDD measures and enhanced ongoing monitoring in any case identified as one where there is a high risk of ML or TF.

The Commission’s review of the specific customers identified during the compliance assessment found no evidence of criminal spend with the Licensee.

Failure to comply with paragraph 1 and 2 of SRCP 3.4.1 (Customer Interaction)

Compliance with a SRCP is a condition of the licence by virtue of section 82(1) of the Act. SRCP 3.4.1 (amended from 31 October 2019) states:

“1 Licensees must interact with customers in a way which minimises the risk of customers experiencing harms associated with gambling. This must include:

  • a. identifying customers who may be at risk of or experiencing harms associated with gambling
  • b. interacting with customers who may be at risk of or experiencing harms associated with gambling
  • c. understanding the impact of the interaction on the customer, and the effectiveness of the Licensee’s actions and approach.

2 Licensees must take into account the Commission’s guidance on customer interaction.”

The Licensee accepted it was not fully in compliance with SRCP 3.4.1 as:

  • it failed to identify certain customers who were at risk of experiencing gambling related harm, failed to carry out checks at a significantly earlier stage with those customers, and failed to intervene in relevant circumstances
    • Customer F opened his account on 15 February 2021 and met a £7,500 ECDD threshold trigger on 19 February 2021, but due to a backlog, a customer profile was not completed until 17 March 2021. During those four weeks, the customer lost £54,252 but the operator did not seek income evidence, carry out adequate checks, or use any other effective method to identify risk of harm. The Licensee accepts there was a lack of interaction early enough in the customer journey
  • its system was not operating as it should have and allowed customers to exceed the thresholds it had previously implemented without interactions occurring and without any technical restriction or block
  • inadequate record keeping hampered the operator’s ability to decide how and when to interact with customers
  • insufficient controls exposed new or returning customers to the risk of substantial losses in a short period of time:
    • Customer G opened his account and lost £11,400 over the first 30 days without being subject to sufficient checks to minimise the risk of gambling related harm
    • Customer H did not have a telephone interaction until losses had reached £45,800
  • there was a reliance on automated email interactions when customers hit safer gambling alerts, and more should have been done to evaluate the effectiveness of those interactions.

Failure to comply with paragraphs 1a, 1c and 1d of SRCP 3.7.1 (Provision of Credit)

Paragraph 1a of SRCP states:

“Licensees who choose to offer credit to members of the public who are not themselves gambling operators must also:

  • a. have procedures for checking and scoring applications for credit from such customers, for setting, and for the increase of, credit limits

Paragraph 1c of SRCP 3.7.1 states:

  • c. set a maximum credit limit for each customer and not permit customers to exceed that limit without further application

Paragraph 1d of SRCP 3.7.1 states licensees must:

  • d. apply a 24-hour delay between receiving a request for an increase in a credit limit and granting it in those cases where the limit exceeds that which the operator previously set”

The Licensee accepted it was not fully in compliance with SRCP 3.7.1 as:

  • Customer C was allowed to immediately place a £100,000 bet when his credit limit had been set at £70,000
  • there were weaknesses in its documented processes relating to a small number of credit accounts.

Failure to comply with paragraph 2a of SRCP 3.9.1 (Identification of individual customers)

Paragraphs 2a of SRCP 3.9.1 state:

“2. Where licensees allow customers to hold more than one account with them, the licensee must have and put into effect procedures which enable them to relate each of a customer’s such accounts to each of the others and ensure that:

  • a. if a customer opts to self-exclude, they are effectively excluded from all gambling with the licensee unless they make it clear that their request relates only to some forms of gambling or gambling using only some of the accounts they hold with the licensee”

The licensee accepted it was not fully in compliance with SRCP 3.9.1 as:

  • ineffective controls allowed 331 customers to gamble with WHG (International) Limited despite them having self-excluded with another operator within the Group, Mr Green Limited. Such customers had self-excluded with Mr Green prior to its acquisition by William Hill.
Previous page
WHG (International) Limited Executive Summary Next page
WHG (International) Limited Regulatory Settlement

Last updated: 28 March 2023

Show updates to this content

No changes to show.

Is this page useful?
Back to top