Cookies on the Gambling Commission website

The Gambling Commission website uses cookies to make the site work better for you. Some of these cookies are essential to how the site functions and others are optional. Optional cookies help us remember your settings, measure your use of the site and personalise how we communicate with you. Any data collected is anonymised and we do not set optional cookies unless you consent.

Set cookie preferences

You've accepted all cookies. You can change your cookie settings at any time.

Skip to main content
  1. Public register
  2. Public statements
  3. Statement
Print statement
Public statement

Done Bros (Cash Betting) Limited Public Statement

Published:
18 July 2023
Search or save this guide

Search this guide by:

  1. pressing Ctrl+f on your keyboard if you’re using a PC or ⌘+f if you’re using a Mac.
  2. typing the word or search term that you’re looking for.

Save a copy of this guide by:

  1. choose the 'save page' option in your browser
  2. save the HTML file in your chosen location.

You can also save this page as a PDF by:

  1. selecting the 'print this guide' button or use your browser print option
  2. in the print settings window, select 'Save as PDF'
  3. save the PDF file in your chosen location.

Our public statements make reference to breaches of the Licence Conditions and Codes of Practice (LCCP) requirements which were in effect at the time of the breach. In some cases, the requirements have since been updated.

Operators are expected to consider the issues outlined below and review their own practices to identify and implement improvements in respect of the management of customers’ accounts.

Introduction

Licensed gambling operators have a legal duty to ensure gambling facilities are provided in compliance with the Gambling Act 2005 (opens in new tab)(the Act), the conditions of their licence and in accordance with the licensing objectives, which are to:

  • prevent gambling from being a source of crime or disorder, being associated with crime or disorder or being used to support crime
  • ensure that gambling is conducted in a fair, and open way
  • protect children and other vulnerable people from being harmed or exploited by gambling.

Done Bros (Cash Betting) Limited Executive Summary

This investigation followed a compliance assessment and resulted in the commencement of a section 116 regulatory review of Done Bros (Cash Betting) Limited’s (the Licensee/Done Bros) Non-Remote General Betting Standard, Pool Betting and Ancillary Remote Licence number: 001058-N-102469-014. The regulatory review found failings in the Licensee’s processes which were aimed at Safer Gambling (SG) and preventing Money Laundering (ML).

Between January 2021 and December 20221, Done Bros failed to comply with certain Licence Conditions and Codes of Practice (LCCP), specifically:

  • paragraphs 1, 2 and 3 of licence condition 12.1.1, requiring the conducting of an appropriate risk assessment, the implementation of appropriate policies and procedures and keeping such policies under review to ensure their effectiveness, all with the objective of preventing ML and Terrorist Financing (TF)
  • paragraphs 1 and 2 of Social Responsibility Code Provision (SRCP) 3.4.1, requiring licensees to interact with customers in a way which minimises the risk of customers experiencing harms associated with gambling, and to take into account the Commission’s guidance on customer interaction.

Taking into account remedial action taken by the Licensee and in line with our Statement of principles for licensing and regulation, the Licensee will voluntarily make a payment in lieu of a financial penalty of £3,250,000, which includes a divestment of £1,052,717.

Done Bros (Cash Betting) Limited Findings

The investigation and our subsequent regulatory review found:

  • failings in the Licensee’s implementation of Anti-Money Laundering (AML) policies, procedures and controls
  • deficiencies in its SG policies, procedures, controls and practices, including weaknesses in implementation.

We found that the Licensee had:

Breached licence condition 12.1 Prevention of money laundering and terrorist financing

Breach of paragraph 1 of licence condition 12.1.1

Licence condition 12.1.1(1) states: “Licensees must conduct an assessment of the risks of their business being used for money laundering and terrorist financing. Such risk assessment must be appropriate and must be reviewed as necessary in the light of any changes of circumstances, including the introduction of new products or technology, new methods of payment by customers, changes in the customer demographic or any other material changes, and in any event reviewed at least annually.”

The Licensee accepted it breached this licence condition as its ML/TF risk assessment did not sufficiently reflect the Commission’s expectations or fully take into account the Commission’s ML/TF risk assessment of the British gambling industry.

The failings were that the Licensee’s ML/TF risk assessment did not:

  • sufficiently take into account the Commission’s most recent POCA Guidance
  • demonstrate that all risks to its business had been considered, for example those connected to third party suppliers, payment providers and processors, and customers using pre-paid cards
  • detail the risks and countermeasures in place to monitor customer transactions across multiple Licensed Betting Offices, products and platforms in order to mitigate any ML potential.

Breach of paragraph 2 and 3 of licence condition 12.1.1

Licence condition 12.1.1 (2) states: “Following completion of and having regard to the risk assessment, and any review of the assessment, licensees must ensure they have appropriate policies, procedures and controls to prevent money laundering and terrorist financing.”

Licence condition 12.1.1(3) states “Licensees must ensure that such policies, procedures and controls are implemented effectively, kept under review, revised appropriately to ensure that they remain effective, and take into account any applicable learning or guidelines published by the Gambling Commission from time to time.”

Although an analysis of the specific customer records identified during the regulatory review found no evidence of criminal spend with the Licensee, the Licensee nevertheless accepted that it had breached this licence condition, as:

  • there were weaknesses and shortcomings in relation to the adequacy and maintenance of its policies and procedures, and their implementation
  • there was poor record keeping and its financial alerts (thresholds) were set too high. For example, Customer A lost circa £61,000 within a four-month period and no action was taken as the Licensee had previously concluded there were ‘no AML concerns’. The Licensee had relied on an ID document alone and no action was taken in respect of this customer when further reviews were completed
  • it had an inability to track customer play across products
  • it failed to consistently obtain appropriate Know Your Customer (KYC) identification and Source of Funds (SoF) documentation from its customers when its thresholds were met. For example, Customer B hit the AML trigger of £250,000 staked in 365 days. The customer’s ID was only requested after a 10-day delay, which the Licensee was unable to explain
  • it placed an undue reliance on open-source information and should have taken further steps to corroborate customers’ SoF information
  • certain customers were able to stake large amounts of money without the Licensee conducting appropriate KYC checks. For example:
    • Customer A reached a net loss position of £61,000 within a four-month period with no appropriate KYC being conducted
    • Customer C staked and lost £72,000 within a 9-month period due to the Licensee relying on uncorroborated open-source information
    • Customer D staked £429,222 and lost £120,353 within a 11-month period due to the Licensee relying on uncorroborated open-source information.

Failed to comply with Paragraph 1 and 2 of SRCP 3.4.1 (Customer Interaction)

Compliance with a SRCP is a condition of the licence by virtue of section 82(1) of the Act. SRCP 3.4.1 (amended from 31 October 2019) states:

“1. Licensees must interact with customers in a way which minimises the risk of customers experiencing harms associated with gambling. This must include:

  • a. identifying customers who may be at risk of or experiencing harms associated with gambling.
  • b. interacting with customers who may be at risk of or experiencing harms associated with gambling.
  • c. understanding the impact of the interaction on the customer, and the effectiveness of the Licensee’s actions and approach.
  1. Licensees must take into account the Commission’s guidance on customer interaction.”

The Licensee accepted it was not fully in compliance with SRCP 3.4.1 as:

  • it had insufficient controls in place to protect new customers, and to monitor high velocity spend and duration of play exposing the customer to the risk of substantial losses without SG interaction
  • it made assumptions that customers were not at risk because they were winning customers. For example, the Licensee failed to carry out interactions on a customer (Customer E) who staked £517,499 between 21 March 2022 and 18 May 2022. The basis was the Licensee was of the view that this customer was a professional poker player, displayed no signs to encourage staff interaction, and was in a winning position of £8,585 in the period. It was established that the customer was able to stake close to the entirety of his net worth (based upon open-source checks carried out by the Licensee) within a two month period and should have been subject of SG considerations
  • it did not always conduct SG interactions with customers who may be at risk of experiencing harm early enough in their journey
  • the interactions that it carried out were not always effective. For example, Customer F played for a period of five months and deposited £337,029 with a loss of £19,336.28 and placed a total of 1,375 bets. The customer was interacted with 12 times and the Licensee noted that each interaction was positive and indicated the customer was happy at his level of spend. However, during some interactions the customer demonstrated signs of potential harms such as his card being declined and placing large bets. The interactions did not escalate in any way and there is no evidence to suggest this customer was offered any information or support. The only factor that appears to have been considered was whether the customer appeared happy to continue to gamble
  • there was a lack of evidence of evaluation of the effectiveness of individual customer interactions and a lack of record keeping which limited the effectiveness of future interactions.

Done Bros (Cash Betting) Limited Regulatory Settlement

This regulatory settlement consists of:

  • a total payment of £3,250,000 in lieu of a financial penalty, which will be directed towards socially responsible purposes, which includes a divestment of £1,052,717
  • agreement to the publication of a statement of facts in relation to this case
  • payment of the Commission’s costs involved in conducting the review.

In considering an appropriate resolution to this investigation, the Commission has had regard to the following aggravating and mitigating factors:

Aggravating factors

  • the serious nature of the breaches identified
  • the impact on the licensing objectives
  • the Licensee’s senior management should have been aware of governance issues that lead to the breaches, given their significance.

Mitigating factors

  • the extent of steps taken to remedy the breach - the Licensee implemented an early action plan to remedy its failings
  • the Licensee procedurally met the Commission’s timetable in respect of providing material and responses
  • early and voluntary acceptance of the Commission’s findings and the early request to enter into the Regulatory Settlement process.

Good practice

Gambling operators should take account of the failings identified in this investigation to ensure industry learning. Operators should consider the following questions:

  • do you have formal processes in place to review your ML/TF risk assessment at least annually and measure the effectiveness of your AML and SG policies and procedures, and are findings adequately recorded?
  • do you efficiently record all compliance decisions and are you able to demonstrate to the Commission, on request, evidence of ongoing assessment, evaluation and improvement?
  • are lessons learned from public statements and other regulatory decisions appropriately incorporated in your policies and processes?
  • are your customer risk profiles reviewed in the light of new information?
  • do you have a formalised process for analysing the effectiveness of customer interactions to ensure that reviews are adequately documented and consistent in their approach?
  • do you log the types of behaviour which trigger a customer interaction and keep sufficient records of interactions, along with any decisions not to interact, especially in relation to the level of detail provided?
  • have your staff received sufficient AML and social responsibility training?

Notes

1 This date represents the total period of non-compliance, there are some variations in the individual breach period for each condition.

Is this page useful?
Back to top