Cookies on the Gambling Commission website

The Gambling Commission website uses cookies to make the site work better for you. Some of these cookies are essential to how the site functions and others are optional. Optional cookies help us remember your settings, measure your use of the site and personalise how we communicate with you. Any data collected is anonymised and we do not set optional cookies unless you consent.

Set cookie preferences

You've accepted all cookies. You can change your cookie settings at any time.

Skip to main content
  1. Public register
  2. Public statements
  3. Statement
Print statement
Public statement

WHG (International) Limited Public Statement

Published:
28 March 2023
Search or save this guide

Search this guide by:

  1. pressing Ctrl+f on your keyboard if you’re using a PC or ⌘+f if you’re using a Mac.
  2. typing the word or search term that you’re looking for.

Save a copy of this guide by:

  1. choose the 'save page' option in your browser
  2. save the HTML file in your chosen location.

You can also save this page as a PDF by:

  1. selecting the 'print this guide' button or use your browser print option
  2. in the print settings window, select 'Save as PDF'
  3. save the PDF file in your chosen location.

Our public statements make reference to breaches of the Licence Conditions and Codes of Practice (LCCP) requirements which were in effect at the time of the breach. In some cases, the requirements have since been updated.

Operators are expected to consider the issues outlined below and review their own practices to identify and implement improvements in respect of the management of customers’ accounts.

Introduction

Licensed gambling operators have a legal duty to ensure gambling facilities are provided in compliance with the Gambling Act 2005 (opens in new tab)(the Act), the conditions of their licence and in accordance with the licensing objectives, which are to:

  • prevent gambling from being a source of crime or disorder, being associated with crime or disorder or being used to support crime
  • ensure that gambling is conducted in a fair, and open way
  • protect children and other vulnerable people from being harmed or exploited by gambling.

WHG (International) Limited Executive Summary

This investigation followed a compliance assessment and resulted in the commencement of a section 116 regulatory review1 of WHG (International) Limited (the Licensee/WHG), Combined Remote Operating Licence number: 000-039225-R-319373-0112.

The regulatory review found failings in the Licensee’s processes which were aimed at safer gambling and preventing Money Laundering (ML).

Between May 20203 and 18 October 2021, WHG (International) Limited failed to comply with certain Licence Conditions and Codes of Practice (LCCP), specifically:

  • licence condition 2.3.1 (Remote Technical Standards)
  • paragraphs 1, 2 and 3 of licence condition 12.1.1, requiring the conducting of an appropriate risk assessment, the implementation of appropriate policies and procedures and keeping such policies under review to ensure their effectiveness, all with the objective of preventing ML and Terrorist Financing (TF)
  • licence condition 12.1.2 requiring remote casino operators based in foreign jurisdictions to comply with the ML, TF and Transfer of Funds (Information of the Payer) Regulations 2017.
  • paragraphs 1 and 2 of Social Responsibility Code Provision (SRCP) 3.4.1, requiring licensees to interact with customers in a way which minimises the risk of customers experiencing harms associated with gambling, and to take into account the Commission’s guidance on customer interaction
  • paragraphs 1a, 1c and 1d of SRCP 3.7.1 (Provision of Credit)
  • paragraph 2 of SRCP 3.9.1 requiring licensees to put into effect policies and procedures designed to identify separate accounts which are held by the same individual and where customers hold more than one account, the Licensee must have and put into effect procedures which enable them to relate each of a customer’s such accounts to each other.

Taking into account remedial action taken by the Licensee and in line with our Statement of principles for licensing and regulation, the Licensee will voluntarily make a payment in lieu of a financial penalty of £12,500,000, which includes a divestment of £284,361.57, and will vary its licence to add additional licence conditions.

WHG (International) Limited Findings

The investigation and our subsequent regulatory review found:

  • failings in the Licensee’s implementation of Anti-Money Laundering (AML) policies, procedures and controls
  • deficiencies in its responsible gambling policies, procedures, controls and practices, including weaknesses in implementation.

We found that between May 20204 and 18 October 2021 the Licensee had been in:

Breach of paragraph 1 of licence condition 2.3.1

Licence condition 2.3.1, paragraph 1 states: “Licensees must comply with the Commission’s technical standards and with requirements set by the Commission relating to the timing and procedures for testing”

The Licensee accepted it was not fully in compliance with 2.3.1 as:

  • the Licensee failed to ensure organisation policies and procedures were in place within its trading rooms
  • in the trading rooms there was evidence that certain customer relationships lacked management oversight or control
  • a member of trading team staff who had knowledge of customer’s username and password, placed bets on the customer’s instruction on their online account.

Breach of paragraph 1 of licence condition 12.1.1

Licence condition 12.1.1(1) states: “Licensees must conduct an assessment of the risks of their business being used for money laundering and terrorist financing. Such risk assessment must be appropriate and must be reviewed as necessary in the light of any changes of circumstances, including the introduction of new products or technology, new methods of payment by customers, changes in the customer demographic or any other material changes, and in any event reviewed at least annually.”

The Licensee accepted it breached this licence condition as its ML/TF risk assessment did not sufficiently reflect the Commission’s expectations or fully take into account the Commission’s ML/TF risk assessment of the British gambling industry.

The failings were that the Licensee’s risk assessment did not:

  • make explicit reference to specific risks in relation to TF
  • make specific reference to use of third parties or agents obscuring the source of ownership of money gambled by customers, high monetary thresholds or organised crime gangs’ use of mule accounts5.

Breach of paragraphs 2 and 3 of licence condition 12.1.1

Licence condition 12.1.1 (2) states: “Following completion of and having regard to the risk assessment, and any review of the assessment, licensees must ensure they have appropriate policies, procedures and controls to prevent money laundering and terrorist financing.”

Licence condition 12.1.1(3) states “Licensees must ensure that such policies, procedures and controls are implemented effectively, kept under review, revised appropriately to ensure that they remain effective, and take into account any applicable learning or guidelines published by the Gambling Commission from time to time.”

The Licensee accepted it breached this licence condition as:

  • there were weaknesses and shortcomings in relation to the adequacy and maintenance of its policies and procedures, and their implementation
  • its policies, procedures and controls lacked guidance on appropriate action to take following the results of customer profiling and how its findings should be used to establish the appropriate outcome
  • its procedures and controls lacked hard stops to prevent further spend and mitigate against AML risks before customer risk profiling is completed
  • certain customers were able to deposit large amounts of money without timely Enhanced Customer Due Diligence (ECDD) - a particular example included Customer A who had a net spend of £36,137 before ECDD profiling
  • failure to resource due diligence teams sufficiently following a change in triggers that resulted in a backlog of ECDD reviews to complete
  • it made assumptions the fact certain customers were in a winning position reduced the risk for ML without gathering supporting evidence to support that assertion. In addition, for certain customers the Licensee could not demonstrate it held adequate evidence or could not point to recorded decisions that allowed it to assert a customer’s recycling of winnings reduced the ML risk posed to the business
  • it placed an undue reliance on open-source information and should have taken further steps to corroborate the customer’s Source of Funds (SoF) information
  • there were weaknesses in the documented processes relating to management of a small number of accounts which were directly managed by the trading team
  • AML training delivered to staff provided insufficient information on risks and how they are managed
  • certain customers were able to deposit large amounts of money without the Licensee conducting appropriate know your customer checks:
    • Customer B was able to deposit £71,427 and lose £70,134 without the Licensee having knowledge as to the SoF or occupation details
    • Customer C was a winning customer who was allowed to place bets via the trading team with a lack of appropriate oversight. A lack of depth and frequency of ongoing account monitoring allowed the customer to place bets on behalf of unknown third parties posing a risk to the licensing objectives – the Licensee had information that strongly suggested Customer C was placing bets on behalf of others. The customer was in a winning position of circa £195,000 when the account was suspended in February 2021
    • Customer D had lost £38,000 between 21 April 2021 and 27 May 2021. Although operator profiling established the customer was a sales director, no financial information was gathered
    • Customer E, who registered on 12 March 2021, was able to deposit and lose £36,000 in four days. The Licensee acknowledged it should have acted sooner when the customer deposited and lost significant amounts in the first 24 hours.

Breach of paragraph 1 of licence condition 12.1.2 (Anti-money laundering measures for operators based in foreign jurisdictions)

Paragraph 1 of this condition has been in place since October 2016 and requires that:

“Licensees must comply with Parts 2 and 3 of the Money Laundering Regulations 2007 (UK Statutory Instrument No. 2157 of 2007) as amended by the Money Laundering (Amendment) Regulations 2007 (UK Statutory Instrument No. 3299 of 2007), or the equivalent requirements of any UK Statutory Instrument by which those regulations are amended or superseded insofar as they relate to casinos (the MLR) whether or not the MLR otherwise apply to their business”.

The Licensee accepts it breached this licence condition as the AML failings, set out above, constitute a breach of the 2017 Money Laundering Regulations, namely:

  • regulation 18 required that the ‘the relevant person’ take appropriate steps to identify and access the risks of ML and TF to which its business is subject
  • regulation 19(1)(a) requires that the ‘relevant person’ must maintain policies, controls and procedures to mitigate and manage effectively the risks of ML and TF identified in any risk assessment undertaken by the relevant person
  • regulation 28 (11)(a) requires ongoing monitoring of a business relationship which includes, where necessary, checking source of funds to ensure that the transactions are consistent with the relevant person’s knowledge of the customer, the customer’s business and risk profile
  • regulation 33 imposes an obligation to apply ECDD measures and enhanced ongoing monitoring in any case identified as one where there is a high risk of ML or TF.

The Commission’s review of the specific customers identified during the compliance assessment found no evidence of criminal spend with the Licensee.

Failure to comply with paragraph 1 and 2 of SRCP 3.4.1 (Customer Interaction)

Compliance with a SRCP is a condition of the licence by virtue of section 82(1) of the Act. SRCP 3.4.1 (amended from 31 October 2019) states:

“1 Licensees must interact with customers in a way which minimises the risk of customers experiencing harms associated with gambling. This must include:

  • a. identifying customers who may be at risk of or experiencing harms associated with gambling
  • b. interacting with customers who may be at risk of or experiencing harms associated with gambling
  • c. understanding the impact of the interaction on the customer, and the effectiveness of the Licensee’s actions and approach.

2 Licensees must take into account the Commission’s guidance on customer interaction.”

The Licensee accepted it was not fully in compliance with SRCP 3.4.1 as:

  • it failed to identify certain customers who were at risk of experiencing gambling related harm, failed to carry out checks at a significantly earlier stage with those customers, and failed to intervene in relevant circumstances
    • Customer F opened his account on 15 February 2021 and met a £7,500 ECDD threshold trigger on 19 February 2021, but due to a backlog, a customer profile was not completed until 17 March 2021. During those four weeks, the customer lost £54,252 but the operator did not seek income evidence, carry out adequate checks, or use any other effective method to identify risk of harm. The Licensee accepts there was a lack of interaction early enough in the customer journey
  • its system was not operating as it should have and allowed customers to exceed the thresholds it had previously implemented without interactions occurring and without any technical restriction or block
  • inadequate record keeping hampered the operator’s ability to decide how and when to interact with customers
  • insufficient controls exposed new or returning customers to the risk of substantial losses in a short period of time:
    • Customer G opened his account and lost £11,400 over the first 30 days without being subject to sufficient checks to minimise the risk of gambling related harm
    • Customer H did not have a telephone interaction until losses had reached £45,800
  • there was a reliance on automated email interactions when customers hit safer gambling alerts, and more should have been done to evaluate the effectiveness of those interactions.

Failure to comply with paragraphs 1a, 1c and 1d of SRCP 3.7.1 (Provision of Credit)

Paragraph 1a of SRCP states:

“Licensees who choose to offer credit to members of the public who are not themselves gambling operators must also:

  • a. have procedures for checking and scoring applications for credit from such customers, for setting, and for the increase of, credit limits

Paragraph 1c of SRCP 3.7.1 states:

  • c. set a maximum credit limit for each customer and not permit customers to exceed that limit without further application

Paragraph 1d of SRCP 3.7.1 states licensees must:

  • d. apply a 24-hour delay between receiving a request for an increase in a credit limit and granting it in those cases where the limit exceeds that which the operator previously set”

The Licensee accepted it was not fully in compliance with SRCP 3.7.1 as:

  • Customer C was allowed to immediately place a £100,000 bet when his credit limit had been set at £70,000
  • there were weaknesses in its documented processes relating to a small number of credit accounts.

Failure to comply with paragraph 2a of SRCP 3.9.1 (Identification of individual customers)

Paragraphs 2a of SRCP 3.9.1 state:

“2. Where licensees allow customers to hold more than one account with them, the licensee must have and put into effect procedures which enable them to relate each of a customer’s such accounts to each of the others and ensure that:

  • a. if a customer opts to self-exclude, they are effectively excluded from all gambling with the licensee unless they make it clear that their request relates only to some forms of gambling or gambling using only some of the accounts they hold with the licensee”

The licensee accepted it was not fully in compliance with SRCP 3.9.1 as:

  • ineffective controls allowed 331 customers to gamble with WHG (International) Limited despite them having self-excluded with another operator within the Group, Mr Green Limited. Such customers had self-excluded with Mr Green prior to its acquisition by William Hill.

WHG (International) Limited Regulatory Settlement

This regulatory settlement consists of:

  • a total payment of £12,500,000 in lieu of a financial penalty, which will be directed towards socially responsible purposes, which includes a divestment of £284,361.57
  • agreement to the publication of a statement of facts in relation to this case
  • agreement by the Licensee to vary its operating licence to add conditions to its operating licence, namely:
    • to appoint a Board-level sponsor, either reporting directly to the Chair or the Executive Chair, to assume responsibility for compiling and progressing a 12-month action plan to deal with post case activity, and
    • undertake a follow-up independent audit of relevant policies and procedures by 13 February 2024 to ensure whether it is effectively implementing its AML and safer gambling policies, procedures and controls, and that any further recommendations made by the independent audit should be implemented thereafter
  • payment of the Commission’s costs of conducting the review.

In considering an appropriate resolution to this investigation, the Commission has had regard to the following aggravating and mitigating factors:

Aggravating factors

  • the serious nature of the breaches identified
  • the impact on the licensing objectives
  • there has been a repeated breach or failure by the operator or other group companies
  • the breach arose in circumstances that were similar to previous cases the Commission has dealt with which resulted in the publication of lessons to be learned for the wider industry
  • the nature of the breaches may mean other customers unknown to the Commission were affected
  • the Licensee’s senior management should have been aware of governance issues that lead to the breaches, given their significance.

Mitigating factors

  • the extent of steps taken to remedy the breach - the Licensee implemented an early action plan to remedy its failings
  • the Licensee procedurally met the Commission’s timetable in respect of providing material and, where such material could not be provided within the expected time period, sought an extension
  • early and voluntary reporting of breaches to the Commission - the Licensee reported early and voluntary breaches to the Commission6 .

Good practice

Gambling operators should take account of the failings identified in this investigation to ensure industry learning. Operators should consider the following questions:

  • do you ensure organisation policies and procedures are effective within your trading room?
  • do you have formal processes in place to measure the effectiveness of your AML and safer gambling policies and procedures, and are findings adequately recorded?
  • do you efficiently record all compliance decisions and are you able to demonstrate to the Commission, on request, evidence of ongoing assessment, evaluation and improvement?
  • do lessons learned from public statements flow into your policy and processes?
  • are your customer risk profiles informed by or linked to your money laundering and terrorist financing risk assessment?
  • do you have a formalised process for analysing the effectiveness of customer interactions to ensure that reviews were adequately documented and consistent in their approach?
  • do you log the types of behaviour which have triggered a customer interaction and keep sufficient records of interactions, along with decisions not to interact, especially the level of detail provided?
  • have your staff received sufficient AML and social responsibility training?

Notes

1 The Commission commenced its regulatory review on 30 September 2021

2 WHG (International) Limited trade under: William Hill Online

3 There are some variances of starting date for breach, but they all fall mainly within this common period. Specific variations from this date, include breach of licence condition 2.3.1 occurred during an unknown time period between December 2020 and February 2021; breach of paragraph 1 of licence condition 12.1.1 which occurred between 20 September 2020 and 22 October 2021. The Licensee also failed to comply with SRCP 3.4.1 between 4 December 2020 and 18 October 2021; SRCP 3.7.1 between 7 February 2021 and 12 February 2021; SRCP 3.9.1 between June 2021 to October 2021

4 Subject of variations detailed at footnote 3

5 The AML Guidance and the Commission’s ML/TF risk assessment sets out a number of factors licensees must and should consider when undertaking their own ML/TF risk assessments. In addition, the Licensee is required, by virtue of regulation 18(2)(a) of the Regulations, to take these documents into account when carrying out its own ML/TF risk assessment.

6 The Licensee reported early and voluntary breaches to the Commission which related to matters detailed in Finding 1 (Remote technical standard requirements under A.7.2.2); Finding 6 (SRCP 3.7.1); and Finding 7 (SRCP 3.7.1).

Is this page useful?
Back to top