Games Account Network PLC Public Statement
Our public statements make reference to breaches of the Licence Conditions and Codes of Practice (LCCP) requirements which were in effect at the time of the breach. In some cases, the requirements have since been updated.
- Breach of Licence Condition 12.1.1 (1), (2) and (3) (Prevention of money laundering and terrorist financing.
- Breach of Licence Condition 12.1.2 Anti-money laundering measures for operators based in foreign jurisdictions
- Non-compliance of social responsibility code provision (SRCP) 3.2.11 paragraph 2(b) – Access to gambling by children and young persons
- Non-compliance of SRCP 3.4.1 paragraph 1(e) - Customer interaction
- Non-compliance of SRCP 5.1.6 paragraph 1 – Compliance with advertising codes
October 2020 Operators are expected to consider the issues outlined above and review their own practices to identify and implement improvements in respect of the management of customers’ accounts.
Licensed gambling operators have a legal duty to ensure their gambling facilities are provided in compliance with the Gambling Act 2005 (opens in new tab) (the Act), the conditions of their licence and in accordance with the licensing objectives, which are to:
- prevent gambling from being a source of crime or disorder, being associated with crime or disorder or being used to support crime
- ensure that gambling is conducted in a fair, safe and open way
- protect children and other vulnerable people from being harmed or exploited by gambling.
Games Account Network PLC Executive summary
This investigation resulted in the commencement of a section 116 regulatory review (the Commission commenced its regulatory review on 21 January 2020) of GAN PLC, hereafter referred to as GAN, Combined Remote Operating Licence number: 002604-R-104107-023. The regulatory review found failings within GAN’s processes on their website casino.winstar.com, which were aimed at preventing money laundering (ML) and protecting vulnerable people.
Between August 2018 to September 2019 GAN failed to comply with the Licence conditions and codes of practice (LCCP), specifically:
- Licence condition 12.1.1 (1), requiring an operator to conduct an assessment of the risks of their business being used for money laundering and terrorist financing.
- Licence condition 12.1.1 (2) and (3), requiring compliance with the prevention of money laundering and terrorist financing.
- Licence condition 12.1.2 requiring operators based in foreign jurisdictions to comply with the MLRs.
- Social responsibility code provision (SRCP) 3.2.11 requiring warning potential customers that underage gambling is an offence.
- Social responsibility code provision (SRCP) 4.1, requiring effective policies and procedures for customer interaction; particularly the requirement to make use of all relevant sources of information, to identify at-risk customers who may not be displaying obvious signs, and to interact with customers designated as “VIPs”.
In line with our Statement of principles for licensing and regulation, GAN will have additional licence conditions and pay a total of £146,754 in lieu of a financial penalty.
In agreeing to conclude our review by way of regulatory settlement, we considered the factors in the Commission's statement of principles for determining financial penalties including:
GAN's openness and cooperation with our investigation. Its proposal of a regulatory settlement on acceptable terms at the earliest opportunity in proceedings. The steps taken by GAN to remedy the shortcomings identified.
Games Account Network PLC Findings
The investigation and our subsequent regulatory review found failings in GAN’s AML and SR policies and procedures.
Licence condition 12.1.1 (1)
Licence condition 12.1.1 (1) requires licensees to conduct an appropriate assessment of the risks of their business being used for money laundering and terrorist financing.
GAN has accepted that, between August 2018 and September 2019, it was in breach of this Licence condition. At the time of a Commission assessment in 2018 the Licensee’s business risk assessment document was not deemed appropriate. During a further Commission assessment in 2019 it was found that although the operator’s risk assessment had been amended and improved, it had not been updated to take into account the Commission’s money laundering and terrorist financing risk assessment (CMLTFRA) of June 2019 and still was not up to the expected standard. The Licensee accepted the risk assessment did not include reference to the AML risks which need to be considered when crypto-assets are encountered in source of funds (SOF) checks and that its risk assessment document required further amendment to address the issues identified.
Licence condition 12.1.1 (2) and (3)
Licence condition 12.1.1(2) requires that, following completion of and having regard to the risk assessment and any review of the assessment, licensees must ensure they have appropriate policies, procedures and controls to prevent money laundering and terrorist financing. Licence condition 12.1.1(3) requires that licensees must ensure that such policies, procedures and controls are implemented effectively, kept under review, revised appropriately to ensure that they remain effective, and take into account any applicable learning or guidelines published by the Commission from time to time.
Casino operating licences were subject to ‘The Money Laundering Regulations 2007’ (the 2007 Regulations) and are currently subject to the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017’ (the 2017 Regulations), which superseded the 2007 Regulations.
GAN has accepted that, between August 2018 and September 2019, it was in breach of this licence condition and that its AML controls did not adequately address the risks presented by its customers due to:
- in one case, accepting bank statements submitted by a customer which were in a different name. This indicated the funds originated from a third party who the Licensee knew nothing about or where those funds may had originated
- in another case, analysis of SOF documents provided by a customer was not sufficiently critical and,
- in a third case, there were insufficient assessment of concerns around the use of a cryptocurrency
Licence condition 12.1.2
At the time of the 2019 assessment GAN’s AML policies and procedures remained ineffective. GAN had failed to establish, maintain and regularly review policies, procedures and controls to mitigate and manage effectively the risks of money laundering and terrorist financing (including the monitoring and management of compliance with such policies, procedures and controls), as required by Licence condition 12.1.1 and Regulation 19 of the 2017 Regulations. GAN accepted that its process was incomplete.
Social Responsibility code provision (SRCP) 3.2.11
Licensees are required to ensure they display warnings that underage gambling is an offence. During the 2019 assessment Commission Officials were not satisfied with the location of the warning. GAN took immediate action to rectify the issue. The location of the warning had not been sufficient to meet the requirements of this SR code provision as it was located in an area of the website typically accessed by registered customers and not potential customers landing on the homepage who are considering, or intending on, registering with GAN. Therefore, the Commission considered GAN had not complied with paragraph 2(b) of SRCP 3.2.11and in doing so had breached a condition of its licence.
Social Responsibility code provision (SRCP) 3.4.1(1)
Licensees must put into effect policies and procedures for customer interaction where they have concerns that a customer’s behaviour may indicate problem gambling. The policies must include:
- provision to identify at risk customers who may not be displaying obvious signs of, or overt behaviour associated with, problem gambling: this should be by reference to indicators such as time or money spent.
- specific provision in relation to customers designed by the licensee as “high value”, “VIP”, or equivalent.
GAN’s Responsible Gambling Policy, in place at the time, did not fully reflect the requirements of SRCP 3.4.1 including a specific provision for VIP customers.
Furthermore, the Commission examined copies of GAN’s Customer Interaction Guidance (CIG) and Social Responsibility Monitoring report. The CIG did not reference the Commission’s Guidance for remote operators issued in February 2018 and neither of the policies were dated or signed by senior management. In addition, there were also no arrangements in place for monitoring and identifying customers who are potentially at risk of gambling related harm through regular patterns of gambling but who are not displaying obvious signs of problem gambling. GAN accepted that shortcomings with its customer interactions had been identified.
Social responsibility code provision (SRCP) 5.1.6 (1)
Licensees should not use game tiles containing cartoon imagery as they may appeal to children.
During the 2019 assessment of www.Winstar.com a number of game tiles were illustrated with cartoon imagery. The Licensee advised it had carried out a review of all of its game tiles following the 2018 assessment and these had been updated and any content which appealed to children removed. However, although one game had been redesigned, an updated tile still contained cartoon imagery which may be attractive to children.
Commission officials consider the Licensee had not complied with SRCP 5.1.6(1). GAN accepted this breach which was down to human error when an old version of the game tile was uploaded inadvertently.
Games Account Network PLC Regulatory Settlement
This regulatory settlement consists of:
- £100,000 payment in lieu of a financial penalty, which will be directed towards delivering the National Strategy to Reduce Gambling Harms.
- Divestment of £46,754 which accrued from customer accounts as a result of the failings, which will be directed towards delivering the National Strategy to Reduce Gambling Harms.
- New operating licence conditions stating GAN shall:
- Ensure that all persons who occupy the position of Money Laundering Reporting Officer (MLRO) or Deputy MLRO shall be suitably qualified, shall hold a Personal Management Licence (PML) and shall undertake annual refresher training in anti- money laundering (AML)/counter terrorist financing (CTF) and be able to evidence this to the Commission.
- Ensure that all PML holders, senior management and key control staff undertake outsourced AML training. All such staff must undertake refresher training annually thereafter.
- Continue to review the effectiveness and implementation of its AML and SR policies, procedures and controls.
- Agreement to the publication of a statement of facts in relation to this
- Payment of £6,000 towards the Commission’s costs of investigating the case.
In considering an appropriate resolution to this investigation, the Commission has had regard to the following aggravating and mitigating factors:
- the serious nature of the breaches identified
- the impact on the licensing objectives
- repeated breach or failure by the operator
- the need to encourage compliance by other operators with the
- the proposal of a regulatory settlement was made at the first opportunity and at an early stage in the licence review process
- GAN’s openness and cooperation with the Commission throughout the review process
- GAN took substantial steps to address the issues identified in the assessments
- SOF documents had been requested from customers
- customers who refused to provide SOF documents had their account suspended
- GAN’s financial position.
Games Account Network PLC Good practice
Gambling operators should take account of the failings identified in this investigation to ensure industry learning. Operators should consider the following questions:
- Are your policies and procedures for identifying high risk customers for AML and SR customer accounts effective?
- Are your policies and procedures being reviewed regularly?
- Have you adequately resourced your AML and SR departments, so your staff are always able to put your policies and processes in place for all customers?
- Have your staff received sufficient AML and SR training?
- Are you recording all customer interactions, including decisions not to interact with customers, and are these records available for colleagues to refer to when making decisions?
- Are your customers providing documentation to support their level of spend and loss, and not simply giving assurances?