Shaftesbury Casino Limited Public statement
Our public statements make reference to breaches of the Licence Conditions and Codes of Practice (LCCP) requirements which were in effect at the time of the breach. In some cases, the requirements have since been updated.
- Licence condition 12.1.1
- Social Responsibility code provision 3.4.1
Operators are expected to consider the issues here and review their own practices to identify and implement improvements in respect of the management of customers.
Licensed gambling operators have a legal duty to ensure that their gambling facilities are being provided in compliance with The Gambling Act 2005 (the Act), the conditions of their licence and in accordance with the licensing objectives, namely to:
- prevent gambling from being a source of crime or disorder, being associated with crime or disorder or being used to support crime
- ensure that gambling is conducted in a fair and open way
- protect children and other vulnerable people from being harmed or exploited by gambling.
This case concerns Shaftesbury Casino Limited (Shaftesbury) which holds a non-remote casino 1968 Act operating licence.
The Commission investigated Shaftesbury’s handling of 12 customers following concerns identified at a compliance assessment in August 2019.
Our investigation identified failings in the way Shaftesbury identified and managed customers who were at higher risk of gambling related harm and who presented a higher risk of money laundering or terrorist financing. These failings stemmed from Shaftesbury failing to identify risks relating to money laundering (AML) and having inappropriate anti-money laundering (AML) and safer gambling policies and procedures.
On 24 October 2019, we gave Shaftesbury notice that we were commencing a review of its operating licence. That review revealed Shaftsbury had breached a number of conditions of its operating licence.
Shaftesbury cooperated throughout the course of our investigation and has accepted that its money laundering and terrorist financing risk assessment was not appropriate and that its policies and procedures in respect of AML and safer gambling were not appropriate nor implemented effectively. It has accepted that it failed to act in accordance with conditions of its operating licence between January 2017 and August 2019.
In line with our Statement of principles for licensing and regulation, Shaftesbury will make a payment in lieu of a financial penalty of £260,000. It will also pay Commission costs of £11,690.41.
Failure to identify customers at risk of gambling related harms
Social responsibility code provision 3.4.1
Social responsibility code 3.4.1 states ‘Licensees must put into effect policies and procedures for customer interaction where they have concerns that a customer’s behaviour may indicate problem gambling. The policies must include … (e) specific provision for making use of all relevant sources of information to ensure effective decision making, and to guide and deliver effective customer interactions, including in particular:
i. provision to identify at risk customers who may not be displaying obvious signs of, or overt behaviour associated with, problem gambling: this should be by reference to indicators such as time or money spent.
ii. specific provision in relation to customers designated by the licensee as ‘high value’, ‘VIP’ or equivalent.…
Our investigation identified weaknesses in Shaftesbury’s safer gambling controls and found it had failed to put into effect policies and procedures for customer interaction with specific provision for making use of all relevant sources of information to ensure effective decision making and to guide effective customer interactions, contrary to SRCP 3.4.1 paragraph 1. e(i).
Examples of the responsible gambling failings are:
Customer A registered in 2013 and incurred losses of £219,788.52 between 2013 and 2019. The Commission found no responsible gambling interactions were recorded on the customer’s profile. In February 2018, the customer requested an increase to their debit limit, which restricted how much they could spend on their debit card, from £6,000 to £7,000. This limit was agreed by Shaftesbury on the basis the customer had confirmed they had no money problems, and it was recorded that their demeanour was ‘calm and not intoxicated’. In March 2018, the customer requested a further increase to their debit limit to £10,000. Shaftesbury agreed the limit increase on the basis the customer confirmed they were financially stable without any assessment of affordability. In May 2019, the customer self - excluded from the casino for a year.
Customer B registered as a VIP customer in March 2017 and incurred losses of £205,714.04 between 2017 and 2019. The Commission found Shaftesbury did not undertake any responsible gambling interactions with this customer.
Failure to have appropriate AML measures
Licence condition 12.1.1 relates to the Prevention of Money Laundering and Terrorist Financing
Licence condition 12.1.1(1) requires:
Licensees must conduct an assessment of the risks of their business being used for money laundering and terrorist financing. Such risk assessment must be appropriate and must be reviewed as necessary in the light of any changes of circumstances, including the introduction of new products or technology, new methods of payment by customers, changes in the customer demographic or any other material changes, and in any event reviewed at least annually.
Licence condition 12.1.1(2) requires:
Following completion of and having regard to the risk assessment, and any review of the assessment, licensees must ensure they have appropriate policies, procedures and controls to prevent money laundering and terrorist financing.
Licence condition 12.1.1(3) requires:
Licensees must ensure that such policies, procedures and controls are implemented effectively, kept under review, revised appropriately to ensure that they remain effective, and take into account any applicable learning or guidelines published by the Commission from time to time. Shaftsbury has accepted that it was in breach of this licence condition as:
- The risks assessments were not appropriate
- The policies, procedures and controls were not appropriate to adequately mitigate the risks identified – particularly the monitoring and review of customers to ensure the proceeds of crime were not being spent
- The AML policies, procedures and controls in place were not effective.
During the investigation the Commission identified Shaftesbury had failed to undertake checks to verify the underlying source of the customer funds in some instances. In other instances where checks had been undertaken Shaftesbury had failed to undertake sufficient checks to verify the source of the customer funds. The Commission also found that Shaftesbury failed to check Politically Exposed Persons (PEPs) and persons subject to financial sanctions, despite some customers originating from high-risk jurisdictions.
Examples of AML failings are:
Customer C registered in June 2011 and deposited £2million and incurred losses of £338,000 between 2011 and 2019. Shaftesbury undertook open-source checks to verify the customer’s source of funds which suggested the customer was a former director of a dissolved company, and also on file were some photos of a car valeting company. Although the customer had hit Shaftesbury’s AML triggers it did not request further information for the customer to establish their source of funds. The customer also originated from a high-risk jurisdiction however, Shaftsbury failed to undertake checks against PEPS and financial sanctions checks.
Customer D registered in September 2016 and deposited £631,520 and incurred losses of £60,450 between 2016 and 2019. Shaftesbury undertook open-source checks to verify the customer’s source of funds, which suggested the customer was linked to a company which had been dissolved in November 2016 and that they had also resigned as a director for another company in 2011. In August 2019, Shaftesbury requested further information from the customer who advised that he owned another company although Shaftesbury was unable to find any information on the company. The customer was then requested to provide evidence of their source of funds which they did not provide but was still allowed to continue to gamble. The customer also originated from a high-risk jurisdiction however, Shaftesbury failed to undertake checks against PEPS and financial sanctions checks.
Customer E registered in March 2017 deposited £1,587,095 and incurred losses of £134,000 between 2017 and 2019. Shaftesbury undertook open-source checks to verify the customer’s source of funds which suggested they were a director of a company. Shaftesbury did not request the customer provide further information to verify their source of funds. The customer also originated from a high-risk jurisdiction however, Shaftesbury failed to undertake checks against PEPS and financial sanctions checks.
Failure to have appropriate usage of cash policies and procedures
Licence condition 5.1.1(1) requires:
Licensees, as part of their internal controls and financial accounting systems, must implement appropriate policies and procedures concerning the usage of cash and cash equivalents (eg bankers drafts, cheques and debit cards and digital currencies) by customers, designed to minimise the risk of crimes such as money laundering, to avoid the giving of illicit credit to customers and to provide assurance that gambling activities are being conducted in a manner which promotes the licensing objectives.
Licence condition 5.1.1(2) requires:
Licensees must ensure that such policies and procedures are implemented effectively, kept under review, and revised appropriately to ensure that they remain effective, and take into account any applicable learning or guidelines published by the Gambling Commission from time to time.
Shaftesbury accepted that it failed to implement appropriate policies and procedures and ensure that they were implemented effectively.
The Commission found aspects of Shaftesbury’s cash desk policy document had not been updated as we would have expected.
Action taken by the Licensee
In addition to accepting these failings, Shaftesbury has committed to an ongoing programme of improvements to ensure its policies, procedures and controls are appropriate and implemented effectively including, but not limited to, the following specific remedial action:
- Reviewed and updated its policies and procedures for AML and social responsibility
- Incorporated within its social responsibility policy properly defined indicators of risk for the identification of problem gambling
- Assessed its internal and external reporting processes
- Reviewed and updated its record keeping procedures
- Undertaken a significant staff training exercise to ensure understanding of its policies and procedures.
This regulatory settlement consists of: a) £260,000 payment in lieu of a financial penalty, which will be directed towards delivering the National Strategy to Reduce Gambling Harms b) Agreement to the publication of a statement of the facts in relation to this case c) Payment of £11,690.41 towards the Commission’s costs of investigating the case.
In considering an appropriate resolution to this investigation, the Commission has had regard to the following aggravating and mitigating factors:
- The duration of the breaches
- There were repeated breaches of licence conditions as a result of the absence of internal controls and procedures.
- The Licensee should have been aware of the breaches
- Many of the breaches were serious and had an impact on the licensing objectives
- The breaches arose in circumstances that were similar to previous cases the Commission has dealt with which resulted in the publication of lessons to be learned for the wider industry
- The need to encourage compliance among other operators
- There was timely co-operation with the investigation undertaken by the Commission and no attempt to conceal the extent of the breaches.
- An ongoing programme of remedial action was commenced in response to the breaches being brought to the Licensee’s attention.
- The Licensee has shown insight into the seriousness of the breaches.