Caesars Entertainment UK Limited Public statement
- Breach of Licence Conditions 12.1.1 (Prevention of money laundering and terrorist financing)
- Failure to comply with Social Responsibility Code Provision 3.4.1.(1) (Customer interaction)
2 April 2020 Operators are expected to consider the issues here and review their own practices to identify and implement improvements in respect of the management of customers’ accounts.
Licensed gambling operators have a legal duty to ensure that their gambling facilities are being provided in compliance with the Gambling Act 2005 (opens in new tab) (the Act), the conditions of their licence and in accordance with the licensing objectives, namely to:
- prevent gambling from being a source of crime or disorder, being associated with crime or disorder or being used to support crime
- ensure that gambling is conducted in a fair and open way
- protect children and other vulnerable people from being harmed or exploited by gambling.
Caesars Entertainment UK Limited Executive summary
This investigation resulted in the commencement of section 116 regulatory reviews1 of 11 Licensed Entities, who are licensed by the Gambling Commission (the Commission) to operate land-based casino premises. The 11 Licensed Entities sit within the Caesars Entertainment UK Limited group, hereafter referred to as CEUK.
The Licensed Entities are:
- Playboy Club London Limited (Operating Licence number 000-000689-N-103536-018)
- London Clubs LSQ Limited (Operating Licence number 000-000694-N-103542-017)
- London Clubs Manchester Limited (Operating Licence number 000-000707-N-103551-016)
- London Clubs Nottingham Limited (Operating Licence number 000-000708-N-103553-016)
- London Clubs Glasgow Limited (Operating Licence number 000-000698-N-103544-019)
- London Clubs Southend Limited (Operating Licence number 000-000709-N-103555-017)
- London Clubs Poker Room Limited (Operating Licence number 000-000685-N-103535-022)
- The Sportsman Club Limited (Operating Licence number 000-000691-N-103538-016)
- London Clubs Brighton Limited (Operating Licence number 000-000702-N-103547-021)
- The Golden Nugget Club Limited (Operating Licence number 000-000693-N-324862-006)
- London Clubs Leeds Limited2 (Operating Licence number 000-000704-N-103549-016)
CEUK is the parent company of London Clubs Management Limited (LCM) who, in turn, wholly own the shareholdings within the Licensed Entities. CEUK is ultimately owned by Caesars Entertainment Corporation US (CEUS). CEUS, CEUK and LCM are not licensed by the Commission.
The regulatory reviews found systemic failings within CEUK’s governance arrangements, resulting in a disconnect between it and the Licensed Entities. There were key failings in processes which were aimed at preventing money laundering (ML) and protecting the vulnerable. Anti-money laundering (AML) and social responsibility requirements are expected to be in place to keep crime out of gambling and protect the vulnerable.
Senior personal management licence (PML) holders within CEUK at the time of the failings failed to mitigate risks and provide sufficient and effective oversight of the licensed activities3.
As a result of systemic failings between 2016 and December 2018, the Licensed Entities repeatedly failed to comply with the Licence conditions and codes of practice (LCCP), specifically:
- Licence condition 12.1.1, requiring compliance with the prevention of money laundering and terrorist financing (and the related failure to take into account Ordinary code provision 2.1.1 Anti-money laundering – casino)
- Social responsibility code provision 3.4.14, requiring effective policies and procedures for customer interaction; particularly the requirement to make use of all relevant sources of information, to identify at-risk customers who may not be displaying obvious signs, and to interact with customers designated as “VIPs”.
The Licensed Entities were subject to ‘The Money Laundering Regulations 2007’ (the 2007 Regulations) (opens in new tab) and are currently subject to the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017’ (the 2017 Regulations) (opens in new tab), which superseded the 2007 Regulations.
Ordinary code provision 2.1.1 reinforces the requirement to act in accordance with the Commission’s guidance set out in The Prevention of Money Laundering and Combating the Financing of Terrorism - Guidance for remote and non-remote casinos. This guidance covers requirements in respect of the Regulations referred to above, among other things.
In addition, our licence reviews identified other failings, namely:
- Licence condition 15.2.1 (Reporting key events and other reportable events): requires licensees to notify the Commission, or ensure the Commission is notified of, the occurrence of specified key events as soon as reasonably practicable
- Licence condition 15.3.1 (Submitting regulatory returns): requires licensees to provide the Commission with such information as the Commission may require about the use made of facilities provided in accordance with its licence
- Licence condition 5.1.1 (Cash and cash equivalents)5: requires that licensees must ensure policies and procedures for the usage of cash and cash equivalents are implemented effectively, kept under review and revised appropriately
- Social responsibility code provision 1.16: requires that licensees must assess the local risks to the licensing objectives posed by the provision of gambling facilities at each of their premises.
In line with our Statement of principles for licensing and regulation, CEUK will pay a total of £13 million in lieu of a financial penalty.
In agreeing to conclude our regulatory reviews by way of regulatory settlement, we considered the factors in the Commission’s statement of principles for determining financial penalties7 and their representations including:
- the prompt instigation of an internal investigation commissioned by CEUS and shared with the Commission
- CEUK’s cooperation with our investigation including its early acknowledgement and voluntary disclosure of its failings, and its proposal of a regulatory settlement on acceptable terms the improvements CEUK made in governance, policies, processes and resourcing
Caesars Entertainment UK Limited Findings
The investigation and our subsequent regulatory reviews found failings in the Licensed Entities anti-money laundering and social responsibility policies and procedures.
1) Licence condition 12.1.1
Licence condition 12.1.1(1) requires that licensees must conduct an assessment of the risks of their business being used for money laundering and terrorist financing. Such risk assessment must be appropriate and must be reviewed as necessary in the light of any changes of circumstances, including the introduction of new products or technology, new methods of payment by customers, changes in the customer demographic or any other material changes, and in any event reviewed at least annually.
Licence condition 12.1.1(2) requires that, following completion of and having regard to the risk assessment and any review of the assessment, licensees must ensure they have appropriate policies, procedures and controls to prevent money laundering and terrorist financing.
Licence condition 12.1.1(3) requires that licensees must ensure that such policies, procedures and controls are implemented effectively, kept under review, revised appropriately to ensure that they remain effective, and take into account any applicable learning or guidelines published by the Gambling Commission from time to time.
In addition, ordinary code provision 2.1.1 Anti-money laundering – casino, requires that, in order to help prevent activities related to money laundering and terrorist financing, licensees should act in accordance with the Commission’s guidance on anti-money laundering, The Prevention of Money Laundering and Combating the Financing of Terrorism - Guidance for remote and non-remote casinos.
CEUK has accepted that, between 2016 and December 2018, its operational Licensed Entities were in breach of this licence condition and that its AML controls did not adequately address the risks presented by higher-risk customers. The Commission found that this included, but was not limited to:
- its ML risk assessment had not been reviewed at least annually as required
- its AML policies and procedures were outdated and had not been refreshed since March 2016
- key PML holders, at the time, did not maintain adequate oversight and were not sufficiently curious in respect of source of funds (SOF) or source of wealth (SOW) used to gamble
- in practice, there was a disconnect of understanding in respect of responsibilities of the compliance team and front-line staff operations within casino premises, which led to poor decision making and delays in reviewing the risks posed by customers
- the compliance team responsible for ensuring AML procedures were put into practice were not adequately resourced
- there was a lack of adequate documentation and audit trail to demonstrate decision making.
Examples of customer failings within the CEUK casino estate:
Customer A8 visited a London casino and was allowed to drop9 circa £820,000 with a total loss of circa £240,000 over a 13-month period. The customer triggered several premises agreed limit10 (PAL) financial alerts which should have prompted enhanced customer due diligence (ECDD) checks. Despite these alerts, the licensee did not take sufficient action to adequately confirm SOF for the customer’s gambling activity. In January 2019, the customer provided bank statements which, when reviewed, prompted immediate termination of the business relationship.
Customer B visited a London casino and was allowed to drop circa £800,000 with a loss of circa £795,000 during a 13-month period. The customer was recorded as a politically exposed person (PEP) by association and as high risk. The customer triggered several PAL financial alerts which should have prompted further ECDD checks (last completed in April 2018). Despite these alerts the Licensed Entity did not obtain adequate evidence of SOF or SOW, as required. The customer was suspended in January 2019, after a detailed customer review.
Customer C visited a London casino and was allowed to drop circa £3.5 million losing circa £1.6 million over a period of 3 months. The casino customer due diligence had been reliant on a company business card, heavily redacted company bank statements and open internet searches (which called into question the SOF). It transpired the customer had, at times, been using a company business card to withdraw cash from a cash terminal in order to fund his gambling activities. The subsequent CEUS review confirmed the business relationship should have been terminated at an earlier stage. The customer has now been barred.
Customer D11 visited a London casino and was allowed to buy-in12 for circa £1.07 million, losing circa £323,000 in a 12-month period. The customer was said to be a restaurant owner and using his income to fund his gambling. The customer activated several PAL financial alerts which prompted further ECDD checks however, these were found to be inadequate. The customer was suspended in January 2019 as material, such as bank statements, supplied to the licensee did not support the level of spend.
Customer E visited a casino and was allowed to buy-in for circa £87,000 during a 12-month period losing circa £15,000. The customer’s occupation was recorded as a ‘waitress’. The customer triggered a PAL financial alert that should have prompted further ECDD checks. The customers spend was not proportionate to the stated occupation and the Licensed Entity did not further explore the customer’s SOF. The customer was suspended in April 2019, pending the provision of appropriate documentation supporting the level of spend.
Customer F visited a casino and was allowed to drop circa £185,000 during a 6-month period losing circa £115,000. The customer was said to be an overseas student and seemed to be reliant on funding from family. The initial spend was low, but the casino did not review the customer’s position as gambling spend escalated. The customer triggered a number of PAL financial alerts, which prompted ECDD checks. However, the information collated was inadequate due to an overreliance on third party information and a lack of scrutiny. The customer was suspended in October 2018.
2) Social Responsibility code provision 3.4.1(1)13
Licensees must put into effect policies and procedures for customer interaction where they have concerns that a customer’s behaviour may indicate problem gambling. The policies must include:
(e) specific provision for making use of all relevant sources of information to ensure effective decision making, and to guide and deliver effective customer interactions, including in particular
(i) provision to identify at risk customers who may not be displaying obvious signs of, or overt behaviour associated with, problem gambling: this should be by reference to indicators such as time or money spent
(ii) specific provision in relation to customers designed by the licensee as “high value”, “VIP”, or equivalent
CEUK has accepted that, between 2016 and December 2018, it failed to ensure its safer gambling policies and procedure in use at the operational venues, were kept appropriately up to date:
- the CEUK responsible gambling policy had not been updated since March 2015 and was not reflective of the Commission’s expectations
- key PML holders, at the time, did not maintain adequate oversight of this key area of business
- local arrangements within Licensed Entities put an over reliance on customer interactions being carried out by casino management which restricted the availability of its resources to meet its requirements
- the policies and procedures in place did not always prompt effective interactions where customers may be displaying signs of problem gambling
- in some instances, interactions and decisions not to interact, had not been adequately recorded.
Examples of customer failings within the CEUK casino estate:
Customer G14 visited a London casino and was allowed to drop circa £820,000 with a total loss of circa £240,000 over a 13-month period. The casino was aware that the customer had previously self-excluded from gambling by registering with Self-Enrolment National Self-Exclusion (SENSE) in April 2016 but deregistered from SENSE in December 2018. As a result of this knowledge, the Commission would have expected a heightened level of review regarding the customer’s gambling behaviour. The casino accepts it did not hold adequate customer interactions regarding this customer.
Customer H15 visited a London casino and was allowed to buy-in for circa £1.07 million losing circa £323,000 in a 12-month period. The customer had displayed signs of problem gambling which included 30 sessions exceeding five hours, which should have prompted meaningful interactions. However, the customer interactions that the casino carried out were inadequate.
Customer I visited a casino and was allowed to buy-in for circa £430,000 during a 12-month period losing circa £112,000. At the time of this gambling activity the casino did not hold appropriate source of funds information to identify whether this level of spend was sustainable. The Licensee confirmed that the last recorded intervention with the customer was dated 2007, 11 years previously. The number of recorded customer interactions with this customer were found to be inadequate.
Customer J visited a casino and was allowed to drop circa £335,000 within a 6-month period losing circa £65,000. The casino was aware that the customer had previously self-excluded from gambling. The customer had visited the casino 54 times in 13 months including 14 gambling sessions which exceeded 5 hours and 3 gambling sessions which exceeded 10 hours. The customer interactions with this customer were found to be inadequate particularly given the casino’s knowledge of the customer, time spent and level of spend.
Customer K visited a London casino and was allowed to buy-in for circa £185,000 losing circa £40,000 during a 30-month period. The casino understood that the customer was a self-employed ‘Nanny’. The customer had informed staff that her savings had been spent, and that she was borrowing money from family and using an overdraft facility to fund gambling activities. Despite the knowledge of this information, the customer was allowed to continue to gamble losing circa £18,000 the following year. The casino accepts it did not carry out adequate customer interactions with this customer. The customer was subsequently barred pending a full enhanced due diligence process and responsible gambling review.
Customer L visited a casino and was allowed to buy-in for circa £60,000. The customers occupation was recorded as a retired ‘Postman’. The casino was aware the customer had previously self-excluded for six months before returning to gambling. Despite this knowledge, the customer was allowed to gamble for a period of 44 days, losing over £15,000. Customer interactions with this customer were found to be inadequate particularly given the knowledge that the customer had previously self-excluded. In addition, SOF checks revealed the customers income did not support the level of spend. The customer was subsequently barred.
3) Licence condition 5.1.1 requires:
Licence condition 5.1.1 requires: ‘Licensees, as part of their internal controls and financial accounting systems, must implement appropriate policies and procedures concerning the usage of cash and cash equivalents (e.g. bankers drafts, cheques and debit cards and digital currencies) by customers designed to minimise the risk of crimes such as money laundering, to avoid the giving of illicit credit to customers and to provide assurance that gambling activities are being conducted in a manner which promotes the licensing objectives.
Licensees must ensure that such policies and procedures are implemented effectively, kept under review and revised appropriately to ensure that they remain effective, and take into account any applicable learning or guidelines published by the Gambling Commission from time to time.’
We found aspects of the CEUK cash desk policy document designed to give staff operational guidance had not been updated as we would have expected.
4) Licence condition 15.2.1 (Reporting key event and other reportable events)
A key event is an event that could have a significant impact on the nature or structure of a licensee’s business. Licence condition 15.2.1 requires licensees to notify the Commission, or ensure the Commission is notified, in such form or manner as the Commission may from time to time specify, of the occurrence of specified key events as soon as reasonably practicable and in any event within five working days of the licensee becoming aware. Key events can be reported via eServices.
The LCCP provides full details of the key events we expect to be reported to us which are listed in numbered paragraphs beneath licence condition 15.2.1. including:
- Paragraph 22 of licence condition 15.2.1 requires the reporting of: ‘the imposition by the Licensee of a disciplinary sanction, including dismissal, against the holder of a personal licence or a person occupying a qualifying position for gross misconduct; or the resignation of a personal licence holder or person occupying a qualifying position following commencement of disciplinary proceedings in respect of gross misconduct against that person.
- Paragraph 24 of licence condition 15.2.1 requires the reporting of: ‘the making of a disclosure pursuant to section 330, 331, 332 or 338 of the Proceeds of Crime Act 2002 or section 19, 20, 21, 21ZA, 21ZB or 21A of the Terrorism Act 2000 (a suspicious activity report (SAR)): the licensee should inform the Commission of the unique reference number issued by the United Kingdom Financial Intelligence Unit of the National Crime Agency in respect of each disclosure and for the purposes of this key event the five working day period referred to above runs from the licensee’s receipt of the unique reference number. The licensee should also indicate whether the customer relationship has been discontinued at the time of the submission.’
We found that during 2018, a number of key event reports subject of notification in respect of paragraph 22 and 24 had not been submitted to us by the Licensed Entities, as required.
CEUK indicated that this failing occurred as responsibility rested with a single point of contact who had failed to make the required notification. CEUK did not have sufficient governance of this process to ensure it met its regulatory requirements.
We expect Licensees to work with us in an open and cooperative way and to inform us of anything we might need to be aware of in order to regulate effectively.
Key event notifications are important because they allow the Commission to:
- identify responsible PML holders within licensed operators and in the case of disciplinary notifications consider whether it is necessary to review an individual’s performance
- track trends in incidents across sectors and to develop a clearer understanding of threats in the gambling industry.
5) Licence condition 15.3.1 (General and regulatory returns)
Licence condition 15.3.1 requires: ‘On request, licensees must provide the Commission with such information as the Commission may require about the use made of facilities provided in accordance with this licence, and the manner in which gambling authorised by this licence and the licensee’s business in relation to that gambling are carried on, including in particular information about:
a. the numbers of people making use of the facilities and the frequency of such use
b. the range of gambling activities provided by the licensee and the numbers of staff employed in connection with them
c. the licensee’s policies in relation to, and experiences of, problem gambling.
In particular, within 28 days of the end of each quarterly period or, for those only submitting annual returns, within 42 days of the end of each annual period, licensees must submit a Regulatory Return to the Commission containing such information as the Commission may from time to time require.’
We found that the Licensed Entities had not submitted regulatory returns to us by the required due dates of 28 April 2018, 28 July 2018 and 28 October 2018. The Licensed Entities indicated that this failing occurred as responsibility rested with a single point of contact who had failed to make the submission.
CEUK did not have sufficient governance of this process to ensure its regulatory requirements were met.
Regulatory returns are important to the Commission as they:
- provide us with vital information to ensure we regulate effectively
- inform the publication of bi-annual industry statistics
- ensure Licensees are within the correct fee category
6) Failure to comply with code of practice issued under Section 24 Gambling Act 2005, so as to be treated as a licence condition Social Responsibility Code Provision 10.1.1 (Assessing Local Risk)
SRCP 10.1.1 requires: ‘Licensees must assess the local risks to the licensing objectives posed by the provision of gambling facilities at each of their premises, and have policies, procedures and control measures to mitigate those risks. In making risk assessments, licensees must take into account relevant matters identified in the licensing authority’s statement of licensing policy.
Licensees must review (and update as necessary) their local risk assessments:
(a) to take account of significant changes in local circumstances, including those identified in a licensing authority’s statement of licensing policy
(b) when there are significant changes at a Licensee’s premises that may affect their mitigation of local risks
(c) when applying for a variation of a premises licence; and
(d) in any case, undertake a local risk assessment when applying for a new premises licence.’
We found that London Clubs Southend Limited did not have in place a local risk assessment, as required.
We expect a local risk assessment to be structured in a manner that offers sufficient assurance that Licensed premises have suitable controls and procedures in place. These controls should reflect the level of risk within its geographical area, which in turn will be determined by local circumstances. For example, if the Licensee’s premises are situated near a school it should explain how it mitigates the risk of underage gambling.
In addition, we noted the Licensed Entities policies have now been updated to ensure that local risk assessments are updated at least annually to reflect changes in local demographics.
Caesars Entertainment UK Limited Actions taken by Caesars Entertainment UK Limited
In addition to accepting the failings, CEUK has:
Put in place an improved system of governance including the appointment of an independently chaired ‘Independent Compliance Committee’ (ICC) to oversee compliance risk. The ICC meets monthly or ad hoc as required and is empowered to deliver independent governance in respect of all aspects of regulatory compliance. The minutes of ICC meetings are available to the CEUK and CEUS board for review. The ICC periodically reports to the CEUK board with its recommendations.
Revised its regulatory policies and procedures designed to deliver compliance.
Appointed new senior staff in various posts including the role of Managing Director, Group Compliance Director, Money Laundering Reporting Officer (MLRO), Deputy MLRO and a senior compliance manager with a specific responsibility for safer gambling.
Significantly increased resourcing with responsibilities for compliance within CEUK and at the Licensed Entities.
Completed a review of its high value customers and where it felt appropriate has suspended the business relationship.
Commissioned an external Risk and Governance Review, completed by BDO LLP, which reported in October 2019.
Caesars Entertainment UK Limited Regulatory settlement
This regulatory settlement consists of:
- £13m payment in lieu of a financial penalty, which will be directed towards delivering the National Strategy to Reduce Gambling Harms.
- Conditions which are to be added to the licences held by the Licensed Entities, and will require the Licensed Entities to:
- ensure that all PML holders, senior management and key control staff undertake outsourced AML training. All such staff must undertake outsourced refresher training annually thereafter. Arrangements to be made within three months
- ensure that the MLRO and Deputy MLRO undertake annual, role-specific refresher training in AML and be able to evidence this to the Commission. Arrangements to be made within three months
- develop and put into effect an AML and SR training programme for all staff which is tailored and provides training commensurate with the role of individual staff members on an annual basis
- complete, on an annual basis, a review of the effectiveness and implementation of the group AML and SR policies and procedures. In addition, CEUK shall instruct a firm of auditors independent of CEUK to undertake an annual audit of the reviews, which would include reviewing the effectiveness of such policies against a representative sample of its customers. The responsibility for the reviews and the engagement of external auditor will rest with the CEUK Board of Directors. The outcome of the reviews/audits and subsequent action plans to implement recommendations must be reported to the Commission.
- Agreement to the publication of a statement of facts in relation to this case.
- Payment of £115,000 towards the Commission’s costs of investigating the case.
In considering an appropriate resolution to this investigation, the Commission had regard to the following aggravating and mitigating factors:
- The serious nature of the breaches identified
- The duration of the breach, which is almost three years
- Repetition of breaches previously identified by the Commission during engagement with CEUK in 2015
- The systemic nature of the breaches may mean other customers were affected that the Commission has not reviewed
- The lessons learnt from similar cases had been published by the Commission during the periods of the breach but do not appear to have been acted upon by CEUK
- CEUK senior management were likely to have been aware of and, if not, should have been aware of, the governance issue that lead to the breaches, given their significance
- The need to encourage compliance by other Operators with these requirements.
- The proposal of a regulatory settlement was made at the first opportunity and at an early stage in the licence review process
- The actions taken by the CEUK and CEUS as set out above. CEUS had not been made aware of the failings within CEUK until September 2018
- Openness and cooperation with the Commission throughout the review process
- CEUS made early and voluntary disclosures to the Commission of issues which arose during the Commission’s investigation, including the carrying out of a detailed investigation, the results of which were made available to the Commission
- Immediate steps were taken to prevent breaches from continuing once identified
- The extent of the measures taken to remedy the breaches identified including the financial commitment to staff changes made to improve compliance which have increased business cost in this area by circa £1.2 million
Caesars Entertainment UK Limited Good practice
Gambling operators should take account of the failings identified in this investigation to ensure industry learning. Operators should consider the following questions:
- Are your governance and audit arrangements effective?
- Are your policies and procedures for identifying high risk customers for AML and SR purposes effective?
- Are you following the Commission’s guidance as set out in ‘The Prevention of Money Laundering and Combating the Financing of Terrorism - Guidance for remote and non-remote casinos’?
- Have you adequately resourced your AML and SR departments, so your staff are always able to put your policies and processes in place for all customers?
- Are you following the Commissions guidance set out in ‘Customer Interaction Formal Guidance non-remote’ July 2019 in respect of recording all customer interactions, including decisions not to interact with customers, and are these records available for colleagues to refer to when making decisions? Customer Interaction Formal Guidance Non Remote-July 2019 (opens in new tab)
- Are your customers providing documentation to support their level of spend and loss, and not simply giving assurances?
- Do you have resilience within your eService reporting team?
- Have you completed a local risk assessment and are you periodically reviewing it (at least annually)?
1The Commission commenced its regulatory reviews on 6 June 2019.
2 This casino is not currently trading. The only relevant failing in relation to this Licensed Entity is licence conditions 15.2.1 and 15.3.1.
3 The actions of individual PML holders’ formed part of the investigation.
4 This SRCP was relevant at the time of the failings
5 These failings related to outdated policies and procedures for cash desks.
6 This failing related only to London Clubs Southend Limited.
7 Statement of principles for determining financial penalties
8 This customer also features within Social Responsibility concerns but referred to in that section as customer G
9 Gambling spend, which may include recycled winnings.
10 Premises agreed limit is terminology used by the Licensee.
11 This customer also features within Social Responsibility concerns but is referred to in that section as customer H
12 Purchase of chips
13 This SRCP was relevant at the time of the failings
14 This customer also features within anti-money laundering concerns but is referred to in that section as customer A
15 This customer also features within anti-money laundering concerns but is referred to in that section as customer D