Betit Operations Limited (t/a kaboo.com, highroller.com) Public statement
- Anti-money laundering – breaches of:
Licence condition 22.214.171.124 - Licensees must conduct an assessment of the risks of their business being used for money laundering and terrorist financing.
Licence condition 126.96.36.199 and 188.8.131.52 – Having regard to the risk assessment, licensees must have appropriate policies, procedures and controls to prevent money laundering and terrorist financing and such policies, procedures and controls are implemented effectively, kept under review and revised appropriately.
Licence condition 12.1.2 – Anti-money laundering measures for operators based in foreign jurisdictions requiring compliance with Money Laundering Regulations 2007 (opens in new tab). (superseded by The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (opens in new tab)).
- Customer interaction – Failure to comply with code of practice - Social Responsibility Code 3.4.1. Compliance with a social responsibility code of practice is a condition of the operating licence by virtue of section 82(1) of the Act.
- Personal management offices – Breach of licence condition 1.2.1 requiring operators to ensure specified management offices are held by personal management licence (PML) holders.
- Key event notification - Breach of licence condition 15.2.1 relating to key event notifications in respect of reporting changes in the holders of management offices.
Operators are expected to consider the issues here and review their own practices to identify and implement improvements in respect of the management of customers.
Betit Operations Limited Executive summary
Following a compliance assessment, the Gambling Commission identified weaknesses in Betit Operations Limited’s (Betit) anti-money laundering and social responsibility controls. The assessment (carried out in September 2017) also identified failures relating to requirements around personal management offices and key event notifications.
Betit acknowledged its shortcomings at an early stage and accepted that it failed to act in accordance with the Licence Conditions and Codes of Practice (LCCP), The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (opens in new tab) (the 2017 Regulations) and our guidance on money laundering and terrorist financing.
In line with our Statement of principles for licensing and regulation, Betit will make a payment in lieu of a financial penalty of £1,400,000. A breakdown of the regulatory settlement is set out below.
Betit Operations Limited Findings
1. Breaches of licence condition 184.108.40.206 (Anti-money laundering)
Licensees must conduct an assessment of the risks of their business being used for money laundering and terrorist financing
Licence condition 220.127.116.11 requires operators to conduct an assessment of the risks of their business being used for money laundering and terrorist financing. Such risk assessment must be appropriate and must be reviewed as necessary in the light of any changes of circumstances, including the introduction of new products or technology, new methods of payment by customers, changes in the customer demographic, or any other material changes, and in any event reviewed at least annually.
The assessment found that Betit did not have a formal money laundering and terrorist financing (MLTF) risk assessment in place. Whilst it is accepted that Betit had carried out risk assessments in March 2017 and November 2017, these assessments were not considered sufficient to meet the requirements of licence condition 18.104.22.168 or the 2017 Regulations.
2. Breaches of licence condition 22.214.171.124 and 126.96.36.199
Licensees must have appropriate policies, procedures and controls to prevent money laundering and terrorist financing and such policies, procedures and controls must be implemented effectively, kept under review and revised appropriately
At the time of the assessment we found that Betit had failed to establish and maintain appropriate risk-sensitive policies, procedures and controls relating to the management of its customers (including monitoring and management of compliance with such policies and procedures) to prevent money laundering and terrorist financing, as required by licence conditions 188.8.131.52, 184.108.40.206 and contrary to Regulation 19 of the 2017 Regulations.
We found Betit:
- only conducted basic checks on all customers, which consisted of a soft credit check and verification of a customer’s name and address. This approach to customer due diligence (CDD) is inadequate as it means that the same approach is adopted for all customers irrespective of the level of risk attributed to the customer.
- Betit’s AML policies did not sufficiently define situations where enhanced customer due diligence (EDD) and enhanced ongoing monitoring would be required.
Betit acknowledged that improvement to their policies, procedures and controls was required in order to better cater for a risk-based approach. Betit has taken steps to remedy the issue and has implemented new policies, procedures and controls.
3. Breaches of licence condition 220.127.116.11
Anti-money laundering measures for operators based in foreign jurisdictions
Betit was required to put in place and implement the measures described in Parts 2 and 3 of the Money Laundering Regulations 2007 (superseded by the 2017 Regulations) insofar as they relate to casinos.
The investigation found that Betit failed:
- to apply EDD on a risk-sensitive basis, contrary to Regulation 14 of the 2007 Regulations and Regulation 33 of the 2017 Regulations
- to apply customer due diligence measures in relation to any transaction that amounted to €2000 or more (Regulation 27(5) and (6) of the 2017 Regulations). Betit’s procedures included seven triggers, which it acknowledged were not sufficiently risk-sensitive and Betit implemented a withdrawal threshold figure of €2,300 for customer due diligence, based on Maltese rules and regulations, rather than a threshold of €2,000 in deposits or withdrawals.
- to have in place appropriate risk-management systems and procedures to determine whether a customer is a politically exposed person (PEP) or a family member or known associate of a PEP, as required by Regulation 35 of the 2017 Regulations.
to have an appropriate MLTF risk assessment in place in accordance with Regulation 19 of the 2017 Regulations.
4. Failure to comply with Social Responsibility code 3.4.1
Customer Interaction. Compliance with a Social responsibility code is a condition of the operating licence by virtue of section 82(1) of the Act
Licensees must put into effect policies and procedures for customer interaction when they have concerns that a customer’s behaviour may indicate problem gambling. SR code provision 18.104.22.168.e requires specific provision for making use of all relevant sources of information to ensure effective decision making, and to guide and deliver effective customer interaction, including in particular:
(i) provision to identify at risk customers who may not be displaying obvious signs of, or overt behaviour associated with, problem gambling; this should be by reference to indicators such as time or money spent.
(ii) specific provision in relation to customer designated by the Licensee as ‘high value’, ‘VIP’ or equivalent.
We found that at the time of the assessment (September 2017) Betit was in breach of 22.214.171.124 by failing to put into effect its own policies and procedures for customer interaction.
For example, Customer A deposited £67,078 over a 23-day period. It was established that Betit’s internal flags had not been triggered in-line with its ‘Responsible Gaming Guide’. The customer made numerous bonus requests to the VIP Account Manager over a 16-day period, with each request accompanied by details of the loss of money.
Customer B deposited £110,500 over a 24-hour period and Betit failed to conduct appropriate customer interaction. Instead the operator gave the customer VIP status, offered him cash bonuses and raised his deposit limits despite the bank having declined transactions from two of his cards. Betit has voluntarily refunded this customer.
5. Breach of Licence condition 1.2.1
Operating licence holders must ensure specified management offices must be held by personal management licence (PML) holders and; Breach of licence condition 15.2.1 – Key event reporting
Licensees must ensure that individuals who occupy the management offices specified in respect of the licensed activities hold a personal licence with the Commission authorising the performance of the functions of that office.
In addition, it is a requirement of licence condition 126.96.36.199.b to notify the Commission of the appointment of a person, or a person ceasing to occupy such a management position.
For a thirteen-month period from December 2016 to January 2018, an appropriately qualified individual occupying the information technology function did not hold a personal management licence. We had not been notified by way of a key event that the person previously occupying that position had left the company.
Betit Operations Limited Regulatory settlement
The regulatory settlement package consists of:
a) A payment in lieu of a financial penalty of £1,400,000 which will go to National Responsible Gambling Strategy project(s) to pay for research and treatment as determined appropriate to address the risk of harmful gambling.
b) The voluntary placing of additional conditions on Betit’s’ operating licence under section 117(1)(b) of the Act, requiring the licensee to:
- Maintain the appointment of an appropriately qualified Money Laundering Reporting Officer (MLRO) who holds a Personal Management Licence (PML), and, in appointing the MLRO, ensure that the individual undertakes annual refresher training in AML and be able to evidence this to the Commission.
- Ensure that all PML holders, senior management and key control staff undertake outsourced anti-money laundering training. All such staff must undertake outsourced refresher training annually thereafter.
- Continue its review of the effectiveness and implementation of its AML and social responsibility (SR) policies, procedures and controls. In addition, Betit will engage external auditors, whose appointment and terms of reference must be agreed with us, to sample the reviews that have been carried out so as to provide additional assurance as to the findings.
c) Agree to the publication of a statement of facts by the Commission
d) Payment of £18,732 towards our investigative costs.
Betit Operations Limited Conclusion
Our investigation found, and Betit accepts, that there were weaknesses in its systems relating to how it managed its customers for anti-money laundering and social responsibility purposes.
In determining the appropriate outcome, we took the following factors into account:
- There were significant licence condition breaches for a sustained period of time. This impacted the licensing objectives – particularly preventing gambling from being used to support crime, and protecting vulnerable persons from being harmed or exploited by gambling
- Proactive and timely action taken by Betit to address all the issues identified
- Betit being open and transparent from the outset of the investigation and fully co- operative throughout
- A demonstrable insight into the seriousness of the failings
- The nature of the licensee, including their financial resources