With this document you can:

Print the full document
Save the page as a HTML document to your device
Print the page as a document
Use your browser print option to save the page as a PDF file

This section is not visible in the printed version.

Public Statements

Public statements can be viewed on our website at gamblingcommission.gov.uk/public-register

Generated: 23 April 2024

Hillside (UK Gaming) ENC Public Statement

Published: 4 April 2024

Operators are expected to consider the issues outlined below and review their own practices to identify and implement improvements in respect of the management of customers’ accounts.

Introduction

Licensed gambling operators have a legal duty to ensure their gambling facilities are provided in compliance with the Gambling Act 2005 (opens in new tab)(the Act), the conditions of their licence and in accordance with the licensing objectives, which are to:

prevent gambling from being a source of crime or disorder, being associated with crime or disorder or being used to support crime
ensure that gambling is conducted in a fair, safe and open way
protect children and other vulnerable people from being harmed or exploited by gambling.

The Gambling Commission commenced a section 116 regulatory review of Hillside (UK Gaming) ENC (the Licensee) - Remote Bingo and Casino Operating Licence Number 055149- R-331499-002 - following a compliance assessment conducted in March 2022.

The regulatory review found failings in the Licensee’s processes aimed at preventing Money Laundering (ML) and protecting individuals from being harmed or exploited by gambling.

The Licensee failed to comply with the following Licence Conditions and Codes of Practice (LCCP):

paragraph 2 of licence condition 12.1.1, requiring operators to comply with the prevention of ML and Terrorist Financing (TF), between May 2021 and July 2022
licence condition 12.1.2, requiring operators based in foreign jurisdictions to comply with the Money Laundering, Terrorist Financing and Transfer of Funds (Information of the Payer) Regulations 2017 (the 2017 Regulations), between May 2021 and July 2022
paragraphs 1b and 1c of Social Responsibility Code Provision (SRCP) 3.4.1, requiring licensees to interact with customers in a way which minimises the risk of customers experiencing harms associated with gambling, between October 2021 and September 2022.

Taking into account remedial action taken by the Licensee and in line with our Statement of principles for licensing and regulation, the Licensee will pay a total of £343,035 in lieu of a financial penalty.

The investigation and our subsequent regulatory review found the Licensee had:

Breached paragraph 2 of licence condition 12.1.1 (Prevention of money laundering and terrorist financing) between May 2021 and July 2022

The Licensee accepted that, at the time of the assessment:

the enhanced customer due diligence triggers in place were ineffective at managing ML risk
it failed to undertake financial sanctions checks on new customers prior to their first deposits
it failed to undertake independent verification checks and over relied on customers’ annual self-verification of customer due diligence information, such as identification documents
its procedure document contained inadequate detail as to who would be deemed “at risk” and “not at risk” for customer risk profiling.

The Commission’s review of the specific customers identified during the compliance assessment found no evidence of criminal spend with the Licensee or the acceptance of funds from persons subject to financial sanctions.

Breached licence condition 12.1.2 (Anti-Money Laundering - Measures for operators based in foreign jurisdictions) between May 2021 and July 2022

Licence condition 12.1.2 has been in place since October 2016 and requires that: “Licensees must comply with Parts 2 and 3 of the Money Laundering Regulations 2007 (UK Statutory Instrument No. 2157 of 2007) as amended by the Money Laundering (Amendment) Regulations 2007 (UK Statutory Instrument No. 3299 of 2007), or the equivalent requirements of any UK Statutory Instrument by which those regulations are amended or superseded insofar as they relate to casinos (the MLR) whether or not the MLR otherwise apply to their business”.

Hillside (UK Gaming) ENC accepted it breached this licence condition as the AML failings, set out above, constitute a breach of the 2017 Regulations, namely:

Regulation 28(11)(a) requires ongoing monitoring of a business relationship which includes, where necessary, checking source of funds to ensure that the transactions are consistent with the relevant person’s knowledge of the customer, the customer’s business and risk profile
Regulation 33 imposes an obligation to apply enhanced customer due diligence measures and enhanced ongoing monitoring in any case identified as one where there is a high risk of ML or TF.

Failed to comply with paragraphs 1b and 1c of SRCP 3.4.1 (Customer Interaction) between October 2021 to September 2022

Compliance with a SRCP is a condition of the licence by virtue of section 82(1) of the Act. SRCP 3.4.1 (in force from 31 October 2019 until 11 September 2022) states:

“1. Licensees must interact with customers in a way which minimises the risk of customers experiencing harms associated with gambling. This must include:

b. interacting with customers who may be at risk of or experiencing harms associated with gambling.
c. understanding the impact of the interaction on the customer, and the effectiveness of the Licensee’s actions and approach”.

The Licensee accepted that at the time of the assessment:

interactions were frequently not tailored to the specific customer journey or spectrum of harm and therefore interactions were not meaningful
its Early Risk Detection System was not demonstrably effective in understanding the impact of individual interactions on a customer’s behaviour and whether further action was required
its approach to evaluation meant that it was unable to effectively ascertain whether a customer had read and understood the information or advice provided within its interactions.

This regulatory settlement consists of:

a payment of £343,035 in lieu of a financial penalty, which will be directed towards socially responsible causes
agreement to the publication of a statement of facts in relation to this case
payment of £15,684.50 towards the Commission’s costs of investigating the case.

In considering an appropriate resolution to this investigation, the Commission has had regard to the following aggravating and mitigating factors:

Aggravating factors

there has been a repeated breach or failure by the operator
the breach arose in circumstances that were similar to previous cases the Commission has dealt with which resulted in the publication of lessons to be learned for the wider industry
the breach continued after the licensee became aware of it
the scale of the breach of a licence condition across the licensed entity
the impact on customers and the public
the absence of internal controls or procedures intended to prevent the breach.
the duration of the breach.

Mitigating factors

the extent of steps taken to remedy the breach
timely co-operation with any investigation undertaken by the Commission.

Good practice

Gambling operators should take account of the failings identified in this investigation to ensure industry learning. Operators should consider the following questions:

do you have formal processes in place to measure the effectiveness of your anti-money laundering and safer gambling policies and are findings adequately recorded?
do you efficiently record all compliance-related decisions and are you able to demonstrate to the Commission, on request, evidence of ongoing assessment, evaluation and improvement?
do lessons learned from public statements flow into your policies and procedures?
do you undertake financial sanctions checks on new customers prior to their first deposits?
are your customer risk profiles informed by or linked to your ML and TF risk assessment?
do you have a formalised process for analysing the effectiveness of customer interactions to ensure that reviews were adequately documented and consistent in their approach?
do you log the types of behaviour which have triggered a customer interaction and keep sufficient records of interactions, along with decisions not to interact especially in terms of the level of detail provided?
have your staff received sufficient anti-money laundering and social responsibility training?

End of public statement

Hillside (UK Sports) ENC Public Statement

Published: 4 April 2024

Operators are expected to consider the issues outlined below and review their own practices to identify and implement improvements in respect of the management of customers’ accounts.

Introduction

prevent gambling from being a source of crime or disorder, being associated with crime or disorder or being used to support crime
ensure that gambling is conducted in a fair, safe and open way
protect children and other vulnerable people from being harmed or exploited by gambling.

The Gambling Commission commenced a section 116 regulatory review of Hillside (UK Sports) ENC (the Licensee) - General Betting Standard - Real Event, General Betting Standard - Virtual Event, and Pool Betting – Remote, Licence Number 055148-R-331498-001 - following a compliance assessment conducted in March 2022.

The regulatory review found failings in the Licensee’s processes aimed at preventing Money Laundering (ML) and protecting individuals from being harmed or exploited by gambling.

The Licensee failed to comply with the following Licence Conditions and Codes of Practice (LCCP):

paragraph 2 of licence condition 12.1.1, requiring operators to comply with the prevention of ML and Terrorist Financing (TF), between May 2021 and July 2022
paragraphs 1b and 1c of Social Responsibility Code Provision (SRCP) 3.4.1, requiring licensees to interact with customers in a way which minimises the risk of customers experiencing harms associated with gambling, between October 2021 and September 2022.

Taking into account remedial action taken by the Licensee and in line with our Statement of principles for licensing and regulation, the Licensee will pay a total of £239,085 in lieu of a financial penalty.

The investigation and our subsequent regulatory review found the Licensee had:

Breached paragraph 2 of licence condition 12.1.1 between May 2021 and July 2022

The Licensee accepted that, at the time of the assessment:

the know your customer triggers in place were ineffective at managing ML risk
it failed to undertake financial sanctions checks (opens in a new tab) on new customers prior to their first deposits
it failed to undertake independent verification checks and over relied on customers’ annual self-verification of know your customer information, such as identification documents
its procedure document contained inadequate detail as to who would be deemed “at risk” and “not at risk” for customer risk profiling.

Compliance with a SRCP is a condition of the licence by virtue of section 82(1) of the Act. SRCP 3.4.1 (in force from 31 October 2019 until 11 September 2022) states:

“1. Licensees must interact with customers in a way which minimises the risk of customers experiencing harms associated with gambling. This must include:

b. interacting with customers who may be at risk of or experiencing harms associated with gambling.
c. understanding the impact of the interaction on the customer, and the effectiveness of the Licensee’s actions and approach”.

The Licensee accepted that at the time of the Assessment:

interactions were frequently not tailored to the specific customer journey or spectrum of harm and therefore interactions were not meaningful
its Early Risk Detection System was not demonstrably effective in understanding the impact of individual interactions on a customer’s behaviour and whether further action was required
its approach to evaluation meant that it was unable to effectively ascertain whether a customer had read and understood the information or advice provided within its interactions.

This regulatory settlement consists of:

a payment of £239,085 in lieu of a financial penalty, which will be directed towards socially responsible purposes
agreement to the publication of a statement of facts in relation to this case
payment of £15,684.50 towards the Commission’s costs of investigating the case.

In considering an appropriate resolution to this investigation, the Commission has had regard to the following aggravating and mitigating factors:

Aggravating factors

there has been a repeated breach or failure by the operator
the breach arose in circumstances that were similar to previous cases the Commission has dealt with which resulted in the publication of lessons to be learned for the wider industry
the breach continued after the licensee became aware of it
the scale of the breach of a licence condition across the licensed entity
the impact on customers and the public
the absence of internal controls or procedures intended to prevent the breach
the duration of the breach.

Mitigating factors

the extent of steps taken to remedy the breach
timely co-operation with any investigation undertaken by the Commission.

Good practice

Gambling operators should take account of the failings identified in this investigation to ensure industry learning. Operators should consider the following questions:

do you have formal processes in place to measure the effectiveness of your anti-money laundering and safer gambling policies and are findings adequately recorded?
do you efficiently record all compliance-related decisions and are you able to demonstrate to the Commission, on request, evidence of ongoing assessment, evaluation and improvement?
do lessons learned from public statements flow into your policies and procedures?
do you undertake financial sanctions checks on new customers prior to their first deposits?
are your customer risk profiles informed by or linked to your ML and TF risk assessment?
do you have a formalised process for analysing the effectiveness of customer interactions to ensure that reviews were adequately documented and consistent in their approach?
do you log the types of behaviour which have triggered a customer interaction and keep sufficient records of interactions, along with decisions not to interact especially in terms of the level of detail provided?
have your staff received sufficient anti-money laundering and social responsibility training?

End of public statement

Lindar Media Limited Public Statement

Published: 20 September 2023

Operators are expected to consider the issues outlined below and review their own practices to identify and implement improvements in respect of the management of customers’ accounts.

Introduction

prevent gambling from being a source of crime or disorder, being associated with crime or disorder or being used to support crime
ensure that gambling is conducted in a fair, safe and open way
protect children and other vulnerable people from being harmed or exploited by gambling.

The Gambling Commission commenced a section 116 regulatory review of Lindar Media Limited (the Licensee), Combined Remote Operating Licence Number 051250-R-328289-006, following a compliance assessment conducted in September 2022.

The regulatory review found failings in Lindar Media Limited’s processes aimed at preventing Money Laundering (ML) and protecting individuals from being harmed or exploited by gambling.

Officials found that, between July 2021 and September 2022, Lindar Media Limited failed to comply with the following Licence Conditions and Codes of Practice (LCCP):

paragraphs 1, 2 and 3 of licence condition 12.1.1 requiring compliance with measures to prevent ML and Terrorist Financing (TF)
ordinary code provision 2.1.1 requiring non-remote and remote casino licence holders to act in accordance with the Commission’s guidance on Anti-Money Laundering (AML): The Prevention of Money Laundering and Combating the Financing of Terrorism – Guidance for remote and non-remote casinos
licence condition 15.2.1(4) – requiring licensees to notify the Commission of specific key events, such as the appointment of a person to, or a person ceasing to, occupy a key position
licence condition 1.2.1(3) – requiring compliance relating to specified management offices
paragraphs 1a, 1b and 2 of Social Responsibility Code Provision (SRCP) 3.4.1 - requiring licensees to identify and interact with customers who may be at risk of or experiencing gambling related harms in a way which minimises the risk of customers experiencing harms associated with gambling, and to take into account the Commission’s guidance on customer interaction
SRCP 5.1.6 – requiring licensees are compliant with advertising codes
SRCP 3.1.1(2) – requiring licensees to make an annual contribution in relation to combating problem gambling.

Taking into account the remedial action taken by Lindar Media Limited prior to and immediately following the compliance assessment, and in line with our Statement of principles for licensing and regulation, Lindar Media Limited will pay a total of £690,947.

A Commission compliance assessment and subsequent regulatory review found:

failings in Lindar Media Limited’s implementation of its AML policies, procedures and controls
deficiencies in its responsible gambling policies, procedures, controls and practices
weaknesses in its reporting arrangements in respect of key events
the person responsible for the Licensee’s gambling regulatory compliance function (Head of Regulatory Compliance) occupied other management posts without the Commission’s approval
failure to advertise its marketing products in a socially responsible manner
failure to make an annual financial contribution to an organisation which support research, prevention and treatment for those harmed by gambling.

The investigation and our subsequent regulatory review found Lindar Media Limited had been in breach of the following:

Breach of paragraph 1 of licence condition 12.1.1

Licence condition 12.1.1(1) states: “Licensees must conduct an assessment of the risks of their business being used for money laundering and terrorist financing. Such risk assessment must be appropriate and must be reviewed as necessary in the light of any changes of circumstances, including the introduction of new products or technology, new methods of payment by customers, changes in the customer demographic or any other material changes, and in any event reviewed at least annually.”

The Licensee failed to have an appropriate ML and TF risk assessment, as it did not to reference that it had adequately assessed risk relating to:

customers
means of payment
additional inherent risks
emerging risks operator control.

In addition, the ML and TF risk assessment did not specifically address certain key risk factors as set out in the Money Laundering Regulations 2017 (the Regulations) and the Commission’s Prevention of money laundering and combating the financing of terrorism (PDF) (opens in a new tab) (February 2021) (the AML Guidance) including:

customers that are associated with higher risk countries, as a result of their citizenship, country of business or country of residence may present a higher ML and TF risk, taking into account all other relevant factors (Paragraph 2.20 of the AML Guidance)
disproportionate spend – casino operators should obtain information about customers’ financial resources so that they can determine whether customers spending is proportionate to their income or wealth (Paragraph 2.22 of the AML Guidance)
when a business relationship is conducted in unusual circumstances (Paragraph 6.33 of the AML Guidance)
where a customer is the beneficiary of a life insurance policy (Paragraph 6.33 of the AML Guidance)
when a customer is a third country national who is applying for residence rights in or citizenship of a state in exchange for transfers of capital, purchase of a property, government bonds or investment in corporate entities in that state (Paragraph 6.33 of the AML Guidance).

Breach of paragraph 2 of licence condition 12.1.1

The following procedures and controls were not appropriate:

at the point of registration all customers were automatically assigned an ML risk rating of low. There was insufficient information known about the customer at the start of the business relationship to adequately profile the customer and assess the risk of ML or TF. There was at the time an over reliance on financial triggers to identify and manage ML risks. The Commission accepts the Licensee had other triggers which were not financial
some financial thresholds in place to identify the risks associated with ML and TF were set at a level which allowed a customer to deposit and lose £10,000 a figure which did not appear to be sufficiently risk-based. Other triggers in place did not prevent some customers from depositing and losing £10,000 in a short period of time. Officials acknowledge the Licensee has taken proactive steps to address this and the issue has now been rectified.

Breach of paragraph 3 of licence condition 12.1.1

Licence condition 12.1.1(3) states “Licensees must ensure that such policies, procedures and controls are implemented effectively, kept under review, revised appropriately to ensure that they remain effective, and take into account any applicable learning or guidelines published by the Gambling Commission from time to time.”

The policies and procedures had been reviewed, but not in a timely manner or as frequently as necessary to take into account the Guidelines published by the Commission. They had not been signed off by the Money Laundering Reporting Officer (MLRO). Officials acknowledge the Licensee has taken steps to address this.

Failure to take into account Ordinary Code Provision 2.1.1

Paragraph 1 of Ordinary Code Provision (OCP) 2.1.1 states: "In order to help prevent activities related to money laundering and terrorist financing, licensees should act in accordance with the Commission guidance on anti-money laundering. The Prevention Money Laundering and Combating the Financing of Terrorism Guidance for remote and non- remote casinos".

The Licensee failed to take into account OCP 2.1.1 in that, contrary to the AML Guidance, the Licensee:

had not followed the requirements as set out at Section 2 of the Guidance requiring the assessment of threats, vulnerabilities and consequences
did not sufficiently address how customer risk should be managed to reflect the Guidance in its AML policy
the Licensee’s AML policy had measures in place in relation to Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD), however they were not always implemented effectively.

Breach of licence condition 15.2.1 (4) - Reporting key events

Licensees must notify the Commission, in such form or manner as the Commission may from time to time specify, of the occurrence of a key event, as soon as reasonably practicable and in any event within five working days of the Licensee becoming aware of the events occurrence.

The Licensee failed to notify the Commission when the Head of Regulatory Compliance (who held the post from 1 August 2019 to 14 June 2022) ceased to hold this position.

The Commission found the Licensee was in breach of licence condition 15.2.1 between 20 June 2022 and September 2022.

Breach of licence condition 1.2.1(3) - Specified management offices – personal management licences

"The person responsible for the licensee’s gambling regulatory compliance function as head of that function shall not, except with the Commission’s express approval, occupy any other specified management office."

At the time of the Assessment the person holding the position of Head of Regulatory Compliance also held a number of other specified management posts without the Commission’s express approval.

The Commission found the Licensee was in breach of licence condition 1.2.1(3) between 20 June 2022 and 3 October 2022.

Failure to comply with paragraph 1b, 1c and 2 of SRCP 3.4.1 (Customer Interaction)

Compliance with a SRCP is a condition of the licence by virtue of section 82(1) of the Act. SRCP 3.4.1 (in force from 31 October 2019 until 11 September 2022) states:

“1. Licensees must interact with customers in a way which minimises the risk of customers experiencing harms associated with gambling. This must include:

a. identifying customers who may be at risk of or experiencing harms associated with gambling.
b. interacting with customers who may be at risk of or experiencing harms associated with gambling.
c. understanding the impact of the interaction on the customer, and the effectiveness of the Licensee’s actions and approach.

Licensees must take into account the Commission’s guidance on customer interaction.”

Failings were identified in respect of the customer interaction processes, relating to identifying customers who may be at risk of or experiencing harms associated with gambling in that:

the series of financial and non-financial safer gambling triggers used to proactively identify when customers may be experiencing harms were not always effective, in particular new customers being able to deposit at high velocity
the Licensee did not have a process in place to identify, in real time, customers at risk of gambling related harm, or implement early and quick interactions.

Officials did not see evidence as to how the Licensee had fully taken account of the Commission’s formal customer interaction guidance, Customer interaction - Formal Guidance for remote gambling operators (PDF) (opens in a new tab) (July 2019)¹ (CI Guidance) in the following areas:

Identify

the processes in place did not always identify those potentially experiencing or at risk of gambling related harm or cause a customer interaction to take place at the earliest opportunity. The Commission expects licensees to monitor customer activity and be in a position to interact early and quickly. The review of customer accounts identified that some customers were able to deposit and lose up to and in excess of £10,000 with no controls in place to intervene until the money had been lost (Section 2.9 of CI Guidance)
disproportionate customer spend in relation to a customer’s personal circumstances was not considered for some customers until they had deposited and lost significant amounts of money
where financial circumstances were considered, the model relied on County Court Judgements and bankruptcy data to identify affordability concerns, which may not always be effective in identifying customers (Sections 2.10 & 2.11 of CI Guidance).

Interact

the interaction process in place did not consider the urgency for customer contact, particularly where nothing was little known about the customer’s circumstances (Section 3.4 of CI Guidance).

Failure to comply with SRCP 5.1.6 - the advertising codes

On 29 June 2022 an advertisement posted on behalf of the Licensee by one of its agents relating to its MrQ website appeared on Reddit. This advertisement featured an image showing three carton Spiderman figures.

Further, a review of MrQ.com on 3 August 2022 identified cartoon imagery, not in a restricted gateway. The imagery related to King Kong cash pots, Piggy Bank Bills and The Doghouse Megaways.

On both occasions the images shown were likely to be of particular appeal to children. The Commission acknowledges that, once it became aware of the adverts, the Licensee took immediate action to remove them.

The Commission found the Licensee had failed to comply with SRCP 5.1.6 on 29 June 2022 and 3 September 2022.

Failure to comply with SRCP 3.1.1(2) – Combating problem gambling

Licensees are required to make an annual financial contribution to an organisation, approved by the Commission to support research, prevention and treatment for those harmed by gambling. The Licensee had failed to make such a payment for the year ending December 2021.

The Commission found the Licensee had failed to comply with SRCP 3.1.1(2) for the year ending December 2021.

This regulatory settlement consists of:

a payment of £690,947 in lieu of a financial penalty, this includes a divestment of £50,947. The money will be directed for socially responsible purposes
agreement to the publication of a statement of facts in relation to this case
payment towards the Commission’s costs of investigating the case.

In considering an appropriate resolution to this investigation, the Commission has had regard to the following aggravating and mitigating factors:

Aggravating factors

the serious nature of the breaches identified
the impact on the licensing objectives
the breach arose in circumstances that were similar to previous cases the Commission has dealt with which resulted in the publication of lessons to be learned for the wider industry
the nature of the breaches may mean other customers were affected that the Commission has not reviewed.

Mitigating factors

The Licensee has:

taken immediate steps to rectify the breaches identified and, in some cases, had implemented changes prior to the compliance assessment
made early disclosure of all relevant facts
accepted the failings at the earliest opportunity
made an early regulatory settlement proposal
been fully co-operative throughout its dealings with the Commission.

Good practice

Gambling operators should take account of the failings identified in this investigation to ensure industry learning. Operators should consider the following questions:

do you have formal processes in place to measure the effectiveness of your AML and safer gambling policies and are findings adequately recorded?
do you have sufficient processes in place to ensure that all key events are notified to the Commission in a timely manner
is your marketing of gambling products and services undertaken in a socially responsible manner. Do they comply with the advertising codes of practice issued by the Committee of Advertising Practice (CAP) and the Broadcast Committee of Advertising Practice (BCAP)? Have you familiarised yourself with the latest Advice from CAP on 'Gambling, betting and gaming: Appeal to children' (May 2023) (opens in new tab)
do you efficiently record all compliance-related decisions and are you able to demonstrate to the Commission, on request, evidence of ongoing assessment, evaluation and improvement?
do lessons learned from public statements flow into your policy and processes?
are your customer risk profiles informed by or linked to your money laundering and terrorist financing risk assessment?
do you have a formalised process for analysing the effectiveness of customer interactions to ensure that reviews were adequately documented and consistent in their approach?
do you log the types of behaviour which have triggered a customer interaction and keep sufficient records of interactions, along with decisions not to interact especially in terms of the level of detail provided?
do you have out of hours arrangements in place?
have your staff received sufficient AML and social responsibility training?

Notes

¹This guidance is no longer in force, as of 11 September 2022.

End of public statement

Done Bros (Cash Betting) Limited Public Statement

Published: 18 July 2023

Operators are expected to consider the issues outlined below and review their own practices to identify and implement improvements in respect of the management of customers’ accounts.

Introduction

Licensed gambling operators have a legal duty to ensure gambling facilities are provided in compliance with the Gambling Act 2005 (opens in new tab)(the Act), the conditions of their licence and in accordance with the licensing objectives, which are to:

prevent gambling from being a source of crime or disorder, being associated with crime or disorder or being used to support crime
ensure that gambling is conducted in a fair, and open way
protect children and other vulnerable people from being harmed or exploited by gambling.

This investigation followed a compliance assessment and resulted in the commencement of a section 116 regulatory review of Done Bros (Cash Betting) Limited’s (the Licensee/Done Bros) Non-Remote General Betting Standard, Pool Betting and Ancillary Remote Licence number: 001058-N-102469-014. The regulatory review found failings in the Licensee’s processes which were aimed at Safer Gambling (SG) and preventing Money Laundering (ML).

Between January 2021 and December 2022¹, Done Bros failed to comply with certain Licence Conditions and Codes of Practice (LCCP), specifically:

paragraphs 1, 2 and 3 of licence condition 12.1.1, requiring the conducting of an appropriate risk assessment, the implementation of appropriate policies and procedures and keeping such policies under review to ensure their effectiveness, all with the objective of preventing ML and Terrorist Financing (TF)
paragraphs 1 and 2 of Social Responsibility Code Provision (SRCP) 3.4.1, requiring licensees to interact with customers in a way which minimises the risk of customers experiencing harms associated with gambling, and to take into account the Commission’s guidance on customer interaction.

The investigation and our subsequent regulatory review found:

failings in the Licensee’s implementation of Anti-Money Laundering (AML) policies, procedures and controls
deficiencies in its SG policies, procedures, controls and practices, including weaknesses in implementation.

We found that the Licensee had:

Breached licence condition 12.1 Prevention of money laundering and terrorist financing

Breach of paragraph 1 of licence condition 12.1.1

The Licensee accepted it breached this licence condition as its ML/TF risk assessment did not sufficiently reflect the Commission’s expectations or fully take into account the Commission’s ML/TF risk assessment of the British gambling industry.

The failings were that the Licensee’s ML/TF risk assessment did not:

sufficiently take into account the Commission’s most recent POCA Guidance
demonstrate that all risks to its business had been considered, for example those connected to third party suppliers, payment providers and processors, and customers using pre-paid cards
detail the risks and countermeasures in place to monitor customer transactions across multiple Licensed Betting Offices, products and platforms in order to mitigate any ML potential.

Breach of paragraph 2 and 3 of licence condition 12.1.1

Although an analysis of the specific customer records identified during the regulatory review found no evidence of criminal spend with the Licensee, the Licensee nevertheless accepted that it had breached this licence condition, as:

there were weaknesses and shortcomings in relation to the adequacy and maintenance of its policies and procedures, and their implementation
there was poor record keeping and its financial alerts (thresholds) were set too high. For example, Customer A lost circa £61,000 within a four-month period and no action was taken as the Licensee had previously concluded there were ‘no AML concerns’. The Licensee had relied on an ID document alone and no action was taken in respect of this customer when further reviews were completed
it had an inability to track customer play across products
it failed to consistently obtain appropriate Know Your Customer (KYC) identification and Source of Funds (SoF) documentation from its customers when its thresholds were met. For example, Customer B hit the AML trigger of £250,000 staked in 365 days. The customer’s ID was only requested after a 10-day delay, which the Licensee was unable to explain
it placed an undue reliance on open-source information and should have taken further steps to corroborate customers’ SoF information
certain customers were able to stake large amounts of money without the Licensee conducting appropriate KYC checks. For example:
- Customer A reached a net loss position of £61,000 within a four-month period with no appropriate KYC being conducted
- Customer C staked and lost £72,000 within a 9-month period due to the Licensee relying on uncorroborated open-source information
- Customer D staked £429,222 and lost £120,353 within a 11-month period due to the Licensee relying on uncorroborated open-source information.

Failed to comply with Paragraph 1 and 2 of SRCP 3.4.1 (Customer Interaction)

Compliance with a SRCP is a condition of the licence by virtue of section 82(1) of the Act. SRCP 3.4.1 (amended from 31 October 2019) states:

“1. Licensees must interact with customers in a way which minimises the risk of customers experiencing harms associated with gambling. This must include:

a. identifying customers who may be at risk of or experiencing harms associated with gambling.
b. interacting with customers who may be at risk of or experiencing harms associated with gambling.
c. understanding the impact of the interaction on the customer, and the effectiveness of the Licensee’s actions and approach.

Licensees must take into account the Commission’s guidance on customer interaction.”

The Licensee accepted it was not fully in compliance with SRCP 3.4.1 as:

it had insufficient controls in place to protect new customers, and to monitor high velocity spend and duration of play exposing the customer to the risk of substantial losses without SG interaction
it made assumptions that customers were not at risk because they were winning customers. For example, the Licensee failed to carry out interactions on a customer (Customer E) who staked £517,499 between 21 March 2022 and 18 May 2022. The basis was the Licensee was of the view that this customer was a professional poker player, displayed no signs to encourage staff interaction, and was in a winning position of £8,585 in the period. It was established that the customer was able to stake close to the entirety of his net worth (based upon open-source checks carried out by the Licensee) within a two month period and should have been subject of SG considerations
it did not always conduct SG interactions with customers who may be at risk of experiencing harm early enough in their journey
the interactions that it carried out were not always effective. For example, Customer F played for a period of five months and deposited £337,029 with a loss of £19,336.28 and placed a total of 1,375 bets. The customer was interacted with 12 times and the Licensee noted that each interaction was positive and indicated the customer was happy at his level of spend. However, during some interactions the customer demonstrated signs of potential harms such as his card being declined and placing large bets. The interactions did not escalate in any way and there is no evidence to suggest this customer was offered any information or support. The only factor that appears to have been considered was whether the customer appeared happy to continue to gamble
there was a lack of evidence of evaluation of the effectiveness of individual customer interactions and a lack of record keeping which limited the effectiveness of future interactions.

This regulatory settlement consists of:

a total payment of £3,250,000 in lieu of a financial penalty, which will be directed towards socially responsible purposes, which includes a divestment of £1,052,717
agreement to the publication of a statement of facts in relation to this case
payment of the Commission’s costs involved in conducting the review.

In considering an appropriate resolution to this investigation, the Commission has had regard to the following aggravating and mitigating factors:

Aggravating factors

the serious nature of the breaches identified
the impact on the licensing objectives
the Licensee’s senior management should have been aware of governance issues that lead to the breaches, given their significance.

Mitigating factors

the extent of steps taken to remedy the breach - the Licensee implemented an early action plan to remedy its failings
the Licensee procedurally met the Commission’s timetable in respect of providing material and responses
early and voluntary acceptance of the Commission’s findings and the early request to enter into the Regulatory Settlement process.

Good practice

Gambling operators should take account of the failings identified in this investigation to ensure industry learning. Operators should consider the following questions:

do you have formal processes in place to review your ML/TF risk assessment at least annually and measure the effectiveness of your AML and SG policies and procedures, and are findings adequately recorded?
do you efficiently record all compliance decisions and are you able to demonstrate to the Commission, on request, evidence of ongoing assessment, evaluation and improvement?
are lessons learned from public statements and other regulatory decisions appropriately incorporated in your policies and processes?
are your customer risk profiles reviewed in the light of new information?
do you have a formalised process for analysing the effectiveness of customer interactions to ensure that reviews are adequately documented and consistent in their approach?
do you log the types of behaviour which trigger a customer interaction and keep sufficient records of interactions, along with any decisions not to interact, especially in relation to the level of detail provided?
have your staff received sufficient AML and social responsibility training?

Notes

¹ This date represents the total period of non-compliance, there are some variations in the individual breach period for each condition.

End of public statement

Videoslots Limited Public Statement

Published: 15 June 2023

Operators are expected to consider the issues outlined below and review their own practices to identify and implement improvements in respect of the management of customers’ accounts.

Introduction

Licensed gambling operators have a legal duty to ensure gambling facilities are provided in compliance with the Gambling Act 2005 (opens in new tab)(the Act), the conditions of their licence, and in accordance with the licensing objectives, which are to:

prevent gambling from being a source of crime or disorder, being associated with crime or disorder or being used to support crime
ensure that gambling is conducted in a fair and open way
protect children & other vulnerable people from being harmed or exploited by gambling.

This investigation followed two compliance assessments which resulted in the commencement of a section 116 regulatory review¹ of Videoslots’ Limited, Combined Remote Operating Licence number: 039380-R-319311-032.

The regulatory review found failings in the implementation of Videoslots’ processes which were aimed at preventing Money Laundering (ML) and ensuring safer gambling.

Between October 2019 and February 2022², Videoslots failed to comply with certain Licence Conditions and Codes of Practice (LCCP), specifically:

paragraph 3 of licence condition 12.1.1, requiring licensees to ensure that ML policies, procedures and controls are implemented effectively, kept under review, revised appropriately to ensure that they remain effective, and take into account any applicable learning or guidelines published by the Gambling Commission
paragraphs 1a, 1b and 2 of Social Responsibility Code Provision (SRCP) 3.4.1, requiring licensees to identify and interact with customers in a way which minimises the risk of customers experiencing harms associated with gambling, and to take into account the Commission’s guidance on customer interaction.

In line with our Statement of principles for licensing and regulation, Videoslots will make payments in lieu of a financial penalty of £2,000,000. A breakdown of the regulatory settlement is set out in the following pages.

The investigation, and our subsequent regulatory review, found:

failings in Videoslots’ implementation of Anti-Money Laundering (AML) policies, procedures and controls
deficiencies in its responsible gambling controls and practices, and weaknesses in the implementation of the existing policies procedures and controls.

We found that Videoslots had been in:

Breach of licence condition 12.1.1(3)

Licence condition 12.1.1(3) states that “Licensees must ensure that such policies, procedures and controls are implemented effectively, kept under review, revised appropriately to ensure that they remain effective, and take into account any applicable learning or guidelines published by the Gambling Commission from time to time.”

Videoslots accepted it breached this licence condition between March 2021 and April 2022 for the following reasons:

it had not implemented its own risk-based processes appropriately due to significant delays in conducting the required action (such as an AML review or request for source of funds) following an AML trigger. For example, Customer A hit several AML triggers and was able to deposit £112,225 and, AML analysts did not properly implement all actions required by the Licensee's AML policies and procedures. Similar failings were demonstrated with other customers
it had not fulfilled elements of customer due diligence as early as intended in accordance with its risk-based approach
it did not have sufficient AML analysts to process the volumes of data or undertake the AML account reviews that were required to be performed in accordance with its AML policies and procedures
there were examples where analysts did not properly implement the Licensee's policies and procedures in respect of AML, which allowed a number of high-risk customers to continue to gamble significant amounts.

Failure to comply with SRCP 3.4.1 Customer interaction

Compliance with a SRCP is a condition of the licence by virtue of section 82(1) of the Act.

During the period covered by the compliance assessments SRCP 3.4.1 (ceased in September 2022) states:

“1. Licensees must interact with customers in a way which minimises the risk of customers experiencing harms associated with gambling. This must include:

a. identifying customers who may be at risk of or experiencing harms associated with gambling
b. interacting with customers who may be at risk of or experiencing harms associated with gambling
c. understanding the impact of the interaction on the customer, and the effectiveness of the Licensee’s actions and approach.

2 Licensees must take into account the Commission’s guidance on customer interaction.”

Videoslots accepted it was not fully in compliance with SRCP 3.4.1 during the following periods:

SRCP 3.4.1 paragraph 1a between March 2021 and October 2022
SRCP 3.4.1 paragraph 1b between March 2021 and March 2022
SRCP 3.4.1 paragraph 2 between October 2019 and February 2022.

Videoslots accepted it breached this SRCP for the following reasons:

in some instances, it did not ensure that customers displaying risk behaviours were identified as potentially experiencing harm because responsible gambling reviews were not undertaken as early, or as well as they should have been
it did not use restrictive measures such as forced deposit limits and playblocks as regularly as it could have
it failed to identify whether a customer was at risk of experiencing harm by not considering whether the amount being deposited or lost was appropriate. For example, Customer C had a self-declared income of between £60,000 and £80,000 and savings of between £20,000 and £50,000. This customer was able to deposit and lose £98,000 within 6 months which was more than all of their savings and estimated earnings combined. The reviews and interactions with this customer did not take into account the fact that this customer deposited disproportionately to their declared salary
it allowed customers showing indicators of harm, and those of medium and high risk, to continue to gamble significant amounts after interactions, despite their behaviour continuing. For example, Customer A deposited £112,225 and lost £58,725 between 21 November 2021 and 7 January 2022. During that period this customer hit a number of triggers such as gambling for long periods, gambling in the early hours and losses exceeding thresholds based on declared source of wealth. As a result of the triggers the Licensee completed three account reviews (one being as a result of the customer being a top winner) and sent an automated email. However, for this customer an account review was missed on 8 December 2021 and delayed on 29 December 2021. The operator’s approach to interactions set out in their responsible gambling policy and procedures was not implemented as it should have been. The customer not amending their behaviour demonstrates that the interactions, as a result, were not effective in minimising the risk of harm
it did not carry out effective interactions where it had information (such as numerous markers of harm triggered) which may have demonstrated that an enhanced approach or intervention was required
its process for escalating interactions or intervening were ineffective due to an over reliance on customer responses and source of wealth declarations
in some of the customer accounts reviewed, there were instances where, contrary to the Licensee's policy, affordability was not fully considered by responsible gambling analysts in allowing customers to continue to gamble.

A regulatory settlement penalty package of £2,000,000 has been agreed, which consists of the following elements:

a payment in lieu of a financial penalty of £1,505,158.02 which will be directed towards socially responsible causes
divestment of £494,841.98
agreement to the publication of a statement of facts by the Commission
payment of £11,308.00 towards our investigative costs.

Conclusion

Our investigation found, and Videoslots accepts, that there were significant weaknesses in its ability to implement its policies and procedures for AML and safer gambling purposes.

In considering an appropriate resolution to this investigation, the Commission has had regard to the following aggravating and mitigating factors:

Aggravating factors:

the nature of the breaches may mean other customers were affected that the Commission has not reviewed
the breach arose in circumstances that were similar to previous cases the Commission has dealt with which resulted in the publication of lessons to be learned for the wider industry
some of the breaches continued for a period of 1 year and 9 months
this is the second S116 review the Licensee has been subjected to. The first resulting in a settlement of £1 million.

Mitigating factors:

the Licensee has taken steps to rectify the breaches highlighted
the Licensee’s has accepted the key failings
the Licensee has acted in a timely manner and been co-operative with the investigation
the Licensee was transparent during the review period and outlined that operational effectiveness was severely impacted during the relevant period by the Covid pandemic.

Good practice

Gambling operators should take account of the failings identified in this investigation to ensure industry learning. Operators should also consider the following questions:

do lessons learned from public statements flow into your policy and processes?
are you providing your staff with appropriate training to ensure that they are aware of the law relating to money laundering and terrorist financing, and how to recognise and deal with transactions, activities or situations which may be related to ML or terrorist financing? 
do you have sufficient resilience within your AML and social responsibility functions?

Notes

¹ The Commission commenced its regulatory review on 9 February 2022

² This demonstrates the overall breach period. The period the Licensee was in breach for each condition varies and has been detailed further under the relevant sections below.

End of public statement

Skill On Net Limited Public Statement

Published: 23 May 2023

Operators are expected to consider the issues outlined below and review their own practices to identify and implement improvements in respect of the management of customers’ accounts.

Introduction

prevent gambling from being a source of crime or disorder, being associated with crime or disorder or being used to support crime
ensure that gambling is conducted in a fair, and open way
protect children and other vulnerable people from being harmed or exploited by gambling.

This investigation followed the commencement of a section 116 regulatory review of Skill on Net Limited (the Licensee), Combined Remote Operating Licence number: 039326-R-319358-050. The regulatory review found failings in the Licensee’s processes which were aimed at safer gambling and preventing Money Laundering (ML).

Between the period of January 2021 and December 2022¹, the Licensee failed to comply with the following Licence Conditions and Codes of Practice (LCCP):

paragraphs 1, 2 and 3 of licence condition 12.1.1 requiring compliance with the prevention of ML and Terrorist Financing (TF)
licence condition 12.1.2 requiring operators based in foreign jurisdictions to comply with the ML, TF and Transfer of Funds (Information of the Payer) Regulations 2017
paragraphs 1a, b and 2 of Social Responsibility Code Provision (SRCP) 3.4.1 requiring licensees to interact with customers in a way which minimises the risk of customers experiencing harms associated with gambling, and to take into account the Commission’s guidance on customer interaction
failed to adhere to Ordinary Code Provision (OCP) 2.1.1 - Anti-Money Laundering guidance.

Taking into account remedial action taken by the Licensee and in line with our Statement of principles for licensing and regulation, the Licensee will voluntarily make a payment in lieu of a financial penalty of £305,150, which includes a £105,650 divestment, and agreement to conduct an independent third-party audit as regards the effective implementation of the Licensee’s AML and safer gambling policies, procedures and controls within 12 months of the conclusion of the Licence Review.

The investigation and our subsequent regulatory review found:

insufficient policies, procedures and controls to comply with its Anti-Money Laundering (AML) responsibilities
deficiencies in its responsible gambling policies, procedures, controls and practices, including weaknesses in implementation.

We found that, between the period of January 2021 and December 2022, Skill on Net had been in:

Breach of paragraph 1 of licence condition 12.1.1

The Licensee accepted it breached this licence condition between May 2021 until December 2022, as its ML/TF risk assessment did not sufficiently reflect the Commission’s expectations or fully take into account the Commission’s ML/TF risk assessment of the British gambling industry.

The Commission found the relevant risk assessment failed to:

appropriately consider payments received from unknown or unassociated third parties of the customer
appropriately consider organised crime groups and mule accounts
take into account and adequately consider information on the risks of ML and TF made available to them by the Commission.

Breach of paragraph 2 of licence condition 12.1.1

Licence condition 12.1.1(2) states, “Following completion of and having regard to the risk assessment, and any review of the assessment, licensees must ensure they have appropriate policies, procedures and controls to prevent money laundering and terrorist financing.”.

The Licensee accepted that issues identified by the Commission indicated deficiencies in their policies and procedures and accepted they were in breach of licence condition 12.1.1(2) between May 2021 and March 2022.

The Commission’s concerns included:

failure to have appropriate procedures in place to consider customer’s salary or wealth in order to identify disproportionate spend, and reliance upon customers’ declarations to mitigate the ML risks posed
failure to effectively risk profile customers from an AML perspective and consider the risks outlined within the Licensees’ Risk Assessment
the Licensee relied on unevidenced verbal comments and monetary thresholds when considering disproportionate spend
a failure to require that the nominated officer provides an annual report covering the operation and effectiveness of the operator’s systems and controls to combat ML and TF, and take any action necessary to remedy deficiencies identified by the report in a timely manner.

Breach of paragraph 3 of licence condition 12.1.1

Licence condition 12.1.1(3) states, “Licensees must ensure that such policies, procedures and controls are implemented effectively, kept under review, revised appropriately to ensure that they remain effective, and take into account any applicable learning or guidelines published by the Gambling Commission from time to time.”.

The Licensee acknowledged their policies and procedures were not fully compliant with licence condition 12.1.1(3) between May 2021 and December 2022.

The Commission’s concerns included:

failure to take into account the Prevention of money laundering and combating the financing of terrorism guidance applicable at the time of the assessments
several customers were able to deposit and lose more than double the £2,000 limit the Licensee had in place to mitigate the risks of unverified payment methods
there was an over-reliance on re-staked gambling winnings with the belief that funds won and withdrawn by the customer were evidence of available funds up to 30 days later
the Licensee made assumptions that customers were recycling winnings without obtaining any evidence from the customer to support that assertion.

Breach of paragraph 1 of licence condition 12.1.2 (Anti-money laundering - measures for operators based in foreign jurisdictions)

Paragraph 1 of this condition has been in place since October 2016 and requires the Licensee comply with The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (the 2017 Regulations).

The Licensee accepted its policies and processes were not fully compliant and that there was a breach of licence condition 12.1.2 between May 2021 and December 2022.

Commission officials consider the Licensee failed to adequately implement the measures described in the relevant regulations laid out in the 2017 Regulations for reasons including:

the Licensee failed to take appropriate steps to identify and assess the risks of ML and TF
the Licensee failed to establish and maintain effective policies, procedure and controls
the Licensee failed to adequately take into account information made available to them by the supervisory authority (the Gambling Commission) under regulation 17(9).

Failure to comply with SRCP 3.4.1 paragraphs 1 and 2

SRCP (1) and (2) states:

“1. Licensees must interact with customers in a way which minimises the risk of customers experiencing harms associated with gambling. This must include:

a. identifying customers who may be at risk of or experiencing harms associated with gambling
b. interacting with customers who may be at risk of or experiencing harms associated with gambling
c. understanding the impact of the interaction on the customer, and the effectiveness of the Licensee’s actions and approach.".

Licensees must take into account the Commission’s guidance on customer interaction.”.

The Licensee accepted they were not in full compliance with SRCP 3.4.1 as follows:

paragraph 1a – May 2021 and 1 March 2022
paragraph 1b – January 2021 until 8 July 2021
paragraph 2 - January 2021 and 1 March 2022.

The Commission was concerned in particular with the following customer interaction failings regarding SRCP 3.4.1(1):

failure to identify customers who displayed markers of harm following a win such as an increase in sessions and stakes
customers were able to deposit and gamble high value bets at high velocity without company safer gambling controls activating due to a technical issue
failure to identify customers at risk or those disproportionately spending - for example, one customer was able to deposit and lose up to £3,000 per month which was more than their evidenced monthly salary
failure to recognise night play as a marker of harm due to its procedures not being correctly followed – one customer had a seven-hour session and admitted to being at work on nights with his phone on autoplay
failure to effectively interact with some customers by relying upon automated pop-ups
customer interactions did not effectively minimise the risk of customers experiencing harms associated with gambling. For example, one customer deposited £16,000 in total and had a net loss of £3224.74 over 41 days. The customer received multiple automated safer gambling popups and emails as well as receiving two alerts for their activity. The customer has a number of safer gambling chats which provided basic information to the agent’s questions and as a result the customer was able to continue gambling. The Licensee’s interactions were not effective in capturing the necessary information in order to make an assessment on whether an individual was at risk or not. The interactions that did take place were minimal and took the customer’s word at face value without any further scrutiny or attempt to seek further information to support decision making.

The Commission was also concerned the Licensee failed to take into account the Commission’s guidance on customer interaction, in accordance with SRCP 3.4.1(2) as:

there was no evidence to suggest high staking behaviour following a win had been taken into account as a potential marker of harm (CI Guidance – Sections 2.7f)

This regulatory settlement consists of:

£305,150 payment in lieu of a financial penalty, which will be directed towards socially responsible causes
agreement to the publication of a statement of facts in relation to this case
payment of £9,079.00 towards the Commission’s costs of investigating the case
agreement to conduct an independent third-party audit as regards the effective implementation of the Licensee's AML and safer gambling policies, procedures and controls within 12 months of the conclusion of the Licence Review.

In considering an appropriate resolution to this investigation, the Commission has had regard to the following aggravating and mitigating factors:

Aggravating factors:

the nature of the breaches may mean other customers were affected that the Commission has not reviewed
the breach arose in circumstances that were similar to previous cases the Commission has dealt with which resulted in the publication of lessons to be learned for the wider industry
the Licensee was subjected to three compliance assessments which all identified failings resulting in a prolonged period of non-compliance
officials still identified failings following two periods of special measures.

Mitigating factors:

the Licensee has now taken steps to rectify the breaches highlighted
the Licensee has accepted the key failings
the Licensee has acted in a timely manner and been co-operative with the investigation.

Good practice

Gambling operators should take account of the failings identified in this investigation to ensure industry learning. Operators should consider the following questions:

do you have formal processes in place to measure the effectiveness of your AML and safer gambling policies and are findings adequately recorded?
do lessons learned from public statements flow into your policy and processes?
does your ML and TF risk assessment meet all the requirements?
are your customer risk profiles formed by or linked to your ML and TF risk assessment?
do you have sufficient processes and systems in place to identify and interact with customers displaying markers of harm?

Notes

¹ This varies for each licence condition and the dates for each one is detailed under the relevant sections

End of public statement

William Hill Organization Limited Public Statement

Published: 28 March 2023

Operators are expected to consider the issues outlined below and review their own practices to identify and implement improvements in respect of the management of customers’ accounts.

Introduction

prevent gambling from being a source of crime or disorder, being associated with crime or disorder or being used to support crime
ensure that gambling is conducted in a fair, and open way
protect children and other vulnerable people from being harmed or exploited by gambling.

This investigation followed a compliance assessment and resulted in the commencement of a section 116 regulatory review¹ of William Hill Organization Limited (WH Retail / the Licensee), Combined Non-Remote Operating Licence number: 000-002752-N-102413-014.

The regulatory review found failings in the Licensee’s processes which were aimed at preventing Money Laundering (ML), and safer gambling.

Between 1 January 2020 and 18 October 2021², the Licensee failed to comply with certain Licence Conditions and Codes of Practice (LCCP), specifically:

paragraphs 1, 2 and 3 of licence condition 12.1.1, requiring the conducting of an appropriate risk assessment, the implementation of appropriate policies and procedures and keeping such policies under review to ensure their effectiveness, all with the objective of preventing ML and Terrorist Financing (TF)
paragraphs 1 and 2 of Social Responsibility Code Provision (SRCP) 3.4.1, requiring licensees to interact with customers in a way which minimises the risk of customers experiencing harms associated with gambling, and to take into account the Commission’s guidance on customer interaction.

Taking into account remedial action taken by the Licensee and in line with our Statement of principles for licensing and regulation, the Licensee will voluntarily make a payment in lieu of a financial penalty of £2,999,850 which includes a divestment of £244,026.95, and will vary its licence to add additional licence conditions.

The investigation found:

failings in the Licensee’s implementation of Anti-Money Laundering (AML) policies, procedures and controls
deficiencies in its responsible gambling policies, procedures, controls and practices, including weaknesses in implementation
weaknesses in its reporting arrangements.

We found that, between January 2020 and 18 October 2021, the Licensee had been in:

Breach of paragraph 1 of licence condition 12.1.1

Breach of paragraph 1 of licence condition 12.1.1, which states: “Licensees must conduct an assessment of the risks of their business being used for money laundering and terrorist financing. Such risk assessment must be appropriate and must be reviewed as necessary in the light of any changes of circumstances, including the introduction of new products or technology, new methods of payment by customers, changes in the customer demographic or any other material changes, and in any event reviewed at least annually.”

The failings were that the Licensee’s risk assessment did not:

make explicit reference to specific risks in relation to TF.
make specific reference to risks associated with customer bank account changes, risks of fraudulent or dyed notes or business risks in the geographical risk section³
mention how the Licensee monitors customers who place bets in multiple betting offices, how this was reviewed and the mitigations in place.

Breach of paragraphs 2 and 3 of licence condition 12.1.1

The Licensee accepted:

weaknesses and shortcomings in relation to the adequacy and maintenance of its policies and procedures, and their implementation
certain customers identified by the Commission were able to stake large amounts of money without being monitored or scrutinised to the standard expected by the Commission:

a customer profile was compiled for Customer A after the customer had gambled £34,000 and lost £16,000 between 20 May and 1 June, 2021. Despite staking a £19,000 in a single bet no Source of Funds (SoF) evidence was requested
customer B staked £39,324 and lost £20,360.67 between 16 and 28 October 2020. No documentation was obtained by the Licensee which would support levels of gambling spend to mitigate the ML risk of high spend taking place over a short period of time
customer C staked a total of £276,942 with a total loss of £24,395 between 17 August and 16 October 2020. SoF evidence was requested on 12 October 2020, however, to date no evidence has been seen by the Licensee
the Licensee acknowledged that AML thresholds have since been revised and has confirmed that it has since amended its bet acceptance process

in relation to certain customers identified by the Commission, it placed over-reliance on recycled winnings
in particular cases, the Licensee failed to appropriately track customers across multiple Licensed Betting Offices (LBOs). The Commission found instances where the Licensee could have more effectively tracked customers across its LBO estate using information available to it. The Commission recognises the challenges of tracking customers using multiple premises in the non-remote Licensed betting offices.

The Commission’s review of the specific customers identified during the compliance assessment found no evidence of criminal spend with the Licensee.

Failure to comply with Paragraph 1 and 2 of SRCP 3.4.1 (Customer Interaction)

Compliance with a SRCP is a condition of the licence by virtue of section 82(1) of the Act. SRCP 3.4.1 (amended from 31 October 2019) states:

“1 Licensees must interact with customers in a way which minimises the risk of customers experiencing harms associated with gambling. This must include:

a. identifying customers who may be at risk of or experiencing harms associated with gambling
b. interacting with customers who may be at risk of or experiencing harms associated with gambling
c. understanding the impact of the interaction on the customer, and the effectiveness of the Licensee’s actions and approach.

2 Licensees must take into account the Commission’s guidance on customer interaction.”

The Licensee accepted it was not fully in compliance with SRCP 3.4.1 as:

with certain customers, the Licensee did not identify changes in the customer behaviour which should have provoked consideration of whether the customer was experiencing harm:

a safer gambling interaction was conducted with Customer D only after he had placed and had accepted an £18,000 bet - no interaction took place when accepting his bet as the Commission would have expected
Customer A usually places small stakes but then placed a £19,000 bet. Although a safer gambling interaction was conducted during which he stated he was ‘fine with his spend’, the Licensee failed to proactively further consider him from a responsible gambling prospective

it had insufficient controls in place to protect new customers, and to effectively consider high velocity spend and duration of play until the customer may have been exposed to the risk of substantial losses in a short period of time:

after its retail premise had been re-opened following the Covid pandemic lockdown, the Licensee allowed Customer F to lose £10,600 in two days without a safer gambling interaction.
despite being unknown and staking £42,253 in 130 bets over a three-day period, staff did not identify Customer G as being at risk of experiencing harms associated with gambling or undertake any customer interactions

in particular cases, the Licensee did not conduct interactions with customers who may be at risk of experiencing harm early enough in the customer journey
there was a lack of evidence of evaluation of the effectiveness of individual customer interactions and a lack of record keeping limited staff in properly tailoring their interactions with historic interactions in mind.

This regulatory settlement consists of:

a total payment of £2,999,850 in lieu of a financial penalty, which will be directed towards socially responsible purposes, which includes a divestment of £244,361.57
agreement to the publication of a statement of facts in relation to this case
agreement by the Licensee to vary its operating licence to add conditions to its operating licence, namely:
- to appoint a Board-level sponsor, either reporting directly to the Chair or the Executive Chair, to assume responsibility for compiling and progressing a 12-month action plan to deal with post case activity, and
- undertake a follow-up independent audit of relevant policies and procedures by 13 February 2024 to ensure whether it is effectively implementing its AML and safer gambling policies, procedures and controls, and that any further recommendations made by the independent audit should be implemented thereafter
payment of the Commission’s costs of conducting the review.

In considering an appropriate resolution to this investigation, the Commission has had regard to the following aggravating and mitigating factors:

Aggravating factors

the serious nature of the breaches identified
the impact on the licensing objectives
there has been a repeated breach or failure by the operator or other group companies
the breach arose in circumstances that were similar to previous cases the Commission has dealt with which resulted in the publication of lessons to be learned for the wider industry
the Licensee’s senior management should have been aware of governance issues that lead to the breaches, given their significance.

Mitigating factors

the extent of steps taken to remedy the breach – the Licensee implemented an action plan to remedy its failings
the Licensee procedurally met the Commission’s timetable in respect of providing material and, where such material could not be provided within the expected time period, sought an extension.

Good Practice

Gambling operators should take account of the failings identified in this investigation to ensure industry learning. Operators should consider the following questions:

do you have formal processes in place to measure the effectiveness of your AML and safer gambling policies and procedures, and are findings adequately recorded?
do you efficiently record all compliance decisions and are you able to demonstrate to the Commission, on request, evidence of ongoing assessment, evaluation and improvement?
do lessons learned from public statements flow into your policy and processes?
do you have a formalised process for analysing the effectiveness of customer interactions to ensure that reviews were adequately documented and consistent in their approach?
do you log the types of behaviour which have triggered a customer interaction and keep sufficient records of interactions, along with decisions not to interact, especially the level of detail provided?
have your staff received sufficient AML and social responsibility training?

Notes

¹ The Commission commenced its regulatory review on 30 September 2021.

² There is one variance from the breach date listed - Paragraph 1 of licence condition 12.1.1 was breached between 1 January 2020 and 2 May 2022.

³ The AML Guidance and the Commission’s ML/TF risk assessment sets out a number of factors licensees must and should consider when undertaking their own ML/TF risk assessments. In addition, the Licensee is required, by virtue of Regulation 18(2)(a) of the Regulations, to take these documents into account when carrying out its own ML/TF risk assessment.

End of public statement

WHG (International) Limited Public Statement

Published: 28 March 2023

Operators are expected to consider the issues outlined below and review their own practices to identify and implement improvements in respect of the management of customers’ accounts.

Introduction

prevent gambling from being a source of crime or disorder, being associated with crime or disorder or being used to support crime
ensure that gambling is conducted in a fair, and open way
protect children and other vulnerable people from being harmed or exploited by gambling.

This investigation followed a compliance assessment and resulted in the commencement of a section 116 regulatory review¹ of WHG (International) Limited (the Licensee/WHG), Combined Remote Operating Licence number: 000-039225-R-319373-011².

The regulatory review found failings in the Licensee’s processes which were aimed at safer gambling and preventing Money Laundering (ML).

Between May 2020³ and 18 October 2021, WHG (International) Limited failed to comply with certain Licence Conditions and Codes of Practice (LCCP), specifically:

licence condition 2.3.1 (Remote Technical Standards)
paragraphs 1, 2 and 3 of licence condition 12.1.1, requiring the conducting of an appropriate risk assessment, the implementation of appropriate policies and procedures and keeping such policies under review to ensure their effectiveness, all with the objective of preventing ML and Terrorist Financing (TF)
licence condition 12.1.2 requiring remote casino operators based in foreign jurisdictions to comply with the ML, TF and Transfer of Funds (Information of the Payer) Regulations 2017.
paragraphs 1 and 2 of Social Responsibility Code Provision (SRCP) 3.4.1, requiring licensees to interact with customers in a way which minimises the risk of customers experiencing harms associated with gambling, and to take into account the Commission’s guidance on customer interaction
paragraphs 1a, 1c and 1d of SRCP 3.7.1 (Provision of Credit)
paragraph 2 of SRCP 3.9.1 requiring licensees to put into effect policies and procedures designed to identify separate accounts which are held by the same individual and where customers hold more than one account, the Licensee must have and put into effect procedures which enable them to relate each of a customer’s such accounts to each other.

Taking into account remedial action taken by the Licensee and in line with our Statement of principles for licensing and regulation, the Licensee will voluntarily make a payment in lieu of a financial penalty of £12,500,000, which includes a divestment of £284,361.57, and will vary its licence to add additional licence conditions.

The investigation and our subsequent regulatory review found:

failings in the Licensee’s implementation of Anti-Money Laundering (AML) policies, procedures and controls
deficiencies in its responsible gambling policies, procedures, controls and practices, including weaknesses in implementation.

We found that between May 2020⁴ and 18 October 2021 the Licensee had been in:

Breach of paragraph 1 of licence condition 2.3.1

Licence condition 2.3.1, paragraph 1 states: “Licensees must comply with the Commission’s technical standards and with requirements set by the Commission relating to the timing and procedures for testing”

The Licensee accepted it was not fully in compliance with 2.3.1 as:

the Licensee failed to ensure organisation policies and procedures were in place within its trading rooms
in the trading rooms there was evidence that certain customer relationships lacked management oversight or control
a member of trading team staff who had knowledge of customer’s username and password, placed bets on the customer’s instruction on their online account.

Breach of paragraph 1 of licence condition 12.1.1

The failings were that the Licensee’s risk assessment did not:

make explicit reference to specific risks in relation to TF
make specific reference to use of third parties or agents obscuring the source of ownership of money gambled by customers, high monetary thresholds or organised crime gangs’ use of mule accounts⁵.

Breach of paragraphs 2 and 3 of licence condition 12.1.1

The Licensee accepted it breached this licence condition as:

there were weaknesses and shortcomings in relation to the adequacy and maintenance of its policies and procedures, and their implementation
its policies, procedures and controls lacked guidance on appropriate action to take following the results of customer profiling and how its findings should be used to establish the appropriate outcome
its procedures and controls lacked hard stops to prevent further spend and mitigate against AML risks before customer risk profiling is completed
certain customers were able to deposit large amounts of money without timely Enhanced Customer Due Diligence (ECDD) - a particular example included Customer A who had a net spend of £36,137 before ECDD profiling
failure to resource due diligence teams sufficiently following a change in triggers that resulted in a backlog of ECDD reviews to complete
it made assumptions the fact certain customers were in a winning position reduced the risk for ML without gathering supporting evidence to support that assertion. In addition, for certain customers the Licensee could not demonstrate it held adequate evidence or could not point to recorded decisions that allowed it to assert a customer’s recycling of winnings reduced the ML risk posed to the business
it placed an undue reliance on open-source information and should have taken further steps to corroborate the customer’s Source of Funds (SoF) information
there were weaknesses in the documented processes relating to management of a small number of accounts which were directly managed by the trading team
AML training delivered to staff provided insufficient information on risks and how they are managed
certain customers were able to deposit large amounts of money without the Licensee conducting appropriate know your customer checks:
- Customer B was able to deposit £71,427 and lose £70,134 without the Licensee having knowledge as to the SoF or occupation details
- Customer C was a winning customer who was allowed to place bets via the trading team with a lack of appropriate oversight. A lack of depth and frequency of ongoing account monitoring allowed the customer to place bets on behalf of unknown third parties posing a risk to the licensing objectives – the Licensee had information that strongly suggested Customer C was placing bets on behalf of others. The customer was in a winning position of circa £195,000 when the account was suspended in February 2021
- Customer D had lost £38,000 between 21 April 2021 and 27 May 2021. Although operator profiling established the customer was a sales director, no financial information was gathered
- Customer E, who registered on 12 March 2021, was able to deposit and lose £36,000 in four days. The Licensee acknowledged it should have acted sooner when the customer deposited and lost significant amounts in the first 24 hours.

Breach of paragraph 1 of licence condition 12.1.2 (Anti-money laundering measures for operators based in foreign jurisdictions)

Paragraph 1 of this condition has been in place since October 2016 and requires that:

“Licensees must comply with Parts 2 and 3 of the Money Laundering Regulations 2007 (UK Statutory Instrument No. 2157 of 2007) as amended by the Money Laundering (Amendment) Regulations 2007 (UK Statutory Instrument No. 3299 of 2007), or the equivalent requirements of any UK Statutory Instrument by which those regulations are amended or superseded insofar as they relate to casinos (the MLR) whether or not the MLR otherwise apply to their business”.

The Licensee accepts it breached this licence condition as the AML failings, set out above, constitute a breach of the 2017 Money Laundering Regulations, namely:

regulation 18 required that the ‘the relevant person’ take appropriate steps to identify and access the risks of ML and TF to which its business is subject
regulation 19(1)(a) requires that the ‘relevant person’ must maintain policies, controls and procedures to mitigate and manage effectively the risks of ML and TF identified in any risk assessment undertaken by the relevant person
regulation 28 (11)(a) requires ongoing monitoring of a business relationship which includes, where necessary, checking source of funds to ensure that the transactions are consistent with the relevant person’s knowledge of the customer, the customer’s business and risk profile
regulation 33 imposes an obligation to apply ECDD measures and enhanced ongoing monitoring in any case identified as one where there is a high risk of ML or TF.

The Commission’s review of the specific customers identified during the compliance assessment found no evidence of criminal spend with the Licensee.

Failure to comply with paragraph 1 and 2 of SRCP 3.4.1 (Customer Interaction)

Compliance with a SRCP is a condition of the licence by virtue of section 82(1) of the Act. SRCP 3.4.1 (amended from 31 October 2019) states:

“1 Licensees must interact with customers in a way which minimises the risk of customers experiencing harms associated with gambling. This must include:

a. identifying customers who may be at risk of or experiencing harms associated with gambling
b. interacting with customers who may be at risk of or experiencing harms associated with gambling
c. understanding the impact of the interaction on the customer, and the effectiveness of the Licensee’s actions and approach.

2 Licensees must take into account the Commission’s guidance on customer interaction.”

The Licensee accepted it was not fully in compliance with SRCP 3.4.1 as:

it failed to identify certain customers who were at risk of experiencing gambling related harm, failed to carry out checks at a significantly earlier stage with those customers, and failed to intervene in relevant circumstances

Customer F opened his account on 15 February 2021 and met a £7,500 ECDD threshold trigger on 19 February 2021, but due to a backlog, a customer profile was not completed until 17 March 2021. During those four weeks, the customer lost £54,252 but the operator did not seek income evidence, carry out adequate checks, or use any other effective method to identify risk of harm. The Licensee accepts there was a lack of interaction early enough in the customer journey

its system was not operating as it should have and allowed customers to exceed the thresholds it had previously implemented without interactions occurring and without any technical restriction or block
inadequate record keeping hampered the operator’s ability to decide how and when to interact with customers
insufficient controls exposed new or returning customers to the risk of substantial losses in a short period of time:

Customer G opened his account and lost £11,400 over the first 30 days without being subject to sufficient checks to minimise the risk of gambling related harm
Customer H did not have a telephone interaction until losses had reached £45,800

there was a reliance on automated email interactions when customers hit safer gambling alerts, and more should have been done to evaluate the effectiveness of those interactions.

Failure to comply with paragraphs 1a, 1c and 1d of SRCP 3.7.1 (Provision of Credit)

Paragraph 1a of SRCP states:

“Licensees who choose to offer credit to members of the public who are not themselves gambling operators must also:

a. have procedures for checking and scoring applications for credit from such customers, for setting, and for the increase of, credit limits

Paragraph 1c of SRCP 3.7.1 states:

c. set a maximum credit limit for each customer and not permit customers to exceed that limit without further application

Paragraph 1d of SRCP 3.7.1 states licensees must:

d. apply a 24-hour delay between receiving a request for an increase in a credit limit and granting it in those cases where the limit exceeds that which the operator previously set”

The Licensee accepted it was not fully in compliance with SRCP 3.7.1 as:

Customer C was allowed to immediately place a £100,000 bet when his credit limit had been set at £70,000
there were weaknesses in its documented processes relating to a small number of credit accounts.

Failure to comply with paragraph 2a of SRCP 3.9.1 (Identification of individual customers)

Paragraphs 2a of SRCP 3.9.1 state:

“2. Where licensees allow customers to hold more than one account with them, the licensee must have and put into effect procedures which enable them to relate each of a customer’s such accounts to each of the others and ensure that:

a. if a customer opts to self-exclude, they are effectively excluded from all gambling with the licensee unless they make it clear that their request relates only to some forms of gambling or gambling using only some of the accounts they hold with the licensee”

The licensee accepted it was not fully in compliance with SRCP 3.9.1 as:

ineffective controls allowed 331 customers to gamble with WHG (International) Limited despite them having self-excluded with another operator within the Group, Mr Green Limited. Such customers had self-excluded with Mr Green prior to its acquisition by William Hill.

This regulatory settlement consists of:

a total payment of £12,500,000 in lieu of a financial penalty, which will be directed towards socially responsible purposes, which includes a divestment of £284,361.57
agreement to the publication of a statement of facts in relation to this case
agreement by the Licensee to vary its operating licence to add conditions to its operating licence, namely:
- to appoint a Board-level sponsor, either reporting directly to the Chair or the Executive Chair, to assume responsibility for compiling and progressing a 12-month action plan to deal with post case activity, and
- undertake a follow-up independent audit of relevant policies and procedures by 13 February 2024 to ensure whether it is effectively implementing its AML and safer gambling policies, procedures and controls, and that any further recommendations made by the independent audit should be implemented thereafter
payment of the Commission’s costs of conducting the review.

In considering an appropriate resolution to this investigation, the Commission has had regard to the following aggravating and mitigating factors:

Aggravating factors

the serious nature of the breaches identified
the impact on the licensing objectives
there has been a repeated breach or failure by the operator or other group companies
the breach arose in circumstances that were similar to previous cases the Commission has dealt with which resulted in the publication of lessons to be learned for the wider industry
the nature of the breaches may mean other customers unknown to the Commission were affected
the Licensee’s senior management should have been aware of governance issues that lead to the breaches, given their significance.

Mitigating factors

the extent of steps taken to remedy the breach - the Licensee implemented an early action plan to remedy its failings
the Licensee procedurally met the Commission’s timetable in respect of providing material and, where such material could not be provided within the expected time period, sought an extension
early and voluntary reporting of breaches to the Commission - the Licensee reported early and voluntary breaches to the Commission⁶ .

Good practice

Gambling operators should take account of the failings identified in this investigation to ensure industry learning. Operators should consider the following questions:

do you ensure organisation policies and procedures are effective within your trading room?
do you have formal processes in place to measure the effectiveness of your AML and safer gambling policies and procedures, and are findings adequately recorded?
do you efficiently record all compliance decisions and are you able to demonstrate to the Commission, on request, evidence of ongoing assessment, evaluation and improvement?
do lessons learned from public statements flow into your policy and processes?
are your customer risk profiles informed by or linked to your money laundering and terrorist financing risk assessment?
do you have a formalised process for analysing the effectiveness of customer interactions to ensure that reviews were adequately documented and consistent in their approach?
do you log the types of behaviour which have triggered a customer interaction and keep sufficient records of interactions, along with decisions not to interact, especially the level of detail provided?
have your staff received sufficient AML and social responsibility training?

Notes

¹ The Commission commenced its regulatory review on 30 September 2021

² WHG (International) Limited trade under: William Hill Online

³ There are some variances of starting date for breach, but they all fall mainly within this common period. Specific variations from this date, include breach of licence condition 2.3.1 occurred during an unknown time period between December 2020 and February 2021; breach of paragraph 1 of licence condition 12.1.1 which occurred between 20 September 2020 and 22 October 2021. The Licensee also failed to comply with SRCP 3.4.1 between 4 December 2020 and 18 October 2021; SRCP 3.7.1 between 7 February 2021 and 12 February 2021; SRCP 3.9.1 between June 2021 to October 2021

⁴ Subject of variations detailed at footnote 3

⁵ The AML Guidance and the Commission’s ML/TF risk assessment sets out a number of factors licensees must and should consider when undertaking their own ML/TF risk assessments. In addition, the Licensee is required, by virtue of regulation 18(2)(a) of the Regulations, to take these documents into account when carrying out its own ML/TF risk assessment.

⁶ The Licensee reported early and voluntary breaches to the Commission which related to matters detailed in Finding 1 (Remote technical standard requirements under A.7.2.2); Finding 6 (SRCP 3.7.1); and Finding 7 (SRCP 3.7.1).

End of public statement

Mr Green Limited Public Statement

Published: 28 March 2023

Operators are expected to consider the issues outlined below and review their own practices to identify and implement improvements in respect of the management of customers’ accounts.

Introduction

prevent gambling from being a source of crime or disorder, being associated with crime or disorder or being used to support crime
ensure that gambling is conducted in a fair, and open way
protect children and other vulnerable people from being harmed or exploited by gambling.

This investigation followed a compliance assessment and resulted in the commencement of a section 116 regulatory review¹ of Mr Green Limited (the Licensee/MRG), Combined Remote Operating Licence number: 000-039264-R-319432-019². The regulatory review found failings in the Licensee’s processes which were aimed at safer gambling and preventing Money Laundering (ML).

Between May 2020³ and 18 October 2021, MRG failed to comply with certain Licence Conditions and Codes of Practice (LCCP), specifically:

paragraphs 1, 2 and 3 of licence condition 12.1.1, requiring the conducting of an appropriate risk assessment, the implementation of appropriate policies and procedures and keeping such policies under review to ensure their effectiveness, all with the objective of preventing ML and Terrorist Financing (TF).
licence condition 12.1.2 requiring operators based in foreign jurisdictions to comply with the ML, TF and Transfer of Funds (Information of the Payer) Regulations 2017
paragraphs 1 and 2 of Social Responsibility Code Provision (SRCP) 3.4.1, requiring licensees to interact with customers in a way which minimises the risk of customers experiencing harms associated with gambling, and to take into account the Commission’s guidance on customer interaction
paragraphs 1 and 2 of SRCP 3.9.1 requiring licensees to put into effect policies and procedures designed to identify separate accounts which are held by the same individual and where customers hold more than one account, the Licensee must have and put into effect procedures which enable them to relate each of a customer’s such accounts to each other.

The investigation and our subsequent regulatory review found:

failings in the Licensee’s implementation of Anti-Money Laundering (AML) policies, procedures and controls
deficiencies in its responsible gambling policies, procedures, controls and practices, including weaknesses in implementation
certain customers who were the subject of AML restrictions on different brands were able to open account(s) with MRG.

We found that between 20 September 2020 and 22 October 2021 MRG had been in:

Breach of paragraph 1 of licence condition 12.1.1

The failings were that the Licensee’s risk assessment did not:

make explicit reference to specific risks in relation to TF
make specific reference to high monetary thresholds or organised crime gangs use of mule accounts⁴.

We found that between May 2020 and 18 October 2021 MRG had been in:

Breach of paragraphs 2 and 3 of licence condition 12.1.1

MRG accepted it breached this licence condition as:

there were weaknesses and shortcomings in relation to the adequacy and maintenance of its policies and procedures, and their implementation
its policies, procedures and controls lacked guidance on appropriate action to take following the results of customer profiling and how its findings should be used to establish the appropriate outcome
its procedures and controls lacked hard stops to prevent further spend and mitigate against ML risks before customer risk profiling is completed
certain customers were able to deposit large amounts of money without timely Enhanced Customer Due Diligence (ECDD) - a particular example included Customer A who deposited £52,985 before ECDD profiling.
a failure to resource due diligence teams sufficiently following a change in triggers resulted in a backlog of ECDD reviews to complete
it made assumptions that the fact certain customers were in a winning position reduced the risk for ML without gathering supporting evidence to support that assertion. In addition, for certain customers, the Licensee could not demonstrate it held adequate evidence or could not point to recorded decisions that allowed it to assert a customer’s recycling of winnings reduced the ML risk posed to the business
it placed an undue reliance on open-source information and should have taken further steps to corroborate the customer’s Source of Funds (SoF) information
AML staff training provided insufficient information on risks and how to manage them, in particular risks such as those associated with politically exposed person’s and high-risk jurisdictions
the Commission identified that certain customers were able to deposit large amounts of money without the Licensee conducting appropriate know your customer checks
- With Customer B, who deposited £73,535 and lost £14,068 in four months, the Licensee focused on the net worth of the companies with which the customer identified as being a director, rather than establishing personal income derived through a salary or dividend payments.

Breach of Paragraph 1 of licence condition 12.1.2 (Anti-money laundering measures for operators based in foreign jurisdictions)

Paragraph 1 of this condition has been in place since October 2016 and requires that:

The Licensee accepts it breached this licence condition as the AML failings, set out above, constitute a breach of the 2017 Money Laundering Regulations, namely:

regulation 18 requires that the ‘relevant person’ take appropriate steps to identify and access the risks of ML and TF to which its business is subject
regulation 19 (1)(a) requires that the ‘relevant person’ must maintain policies, controls and procedures to mitigate and manage effectively the risks of ML and TF identified in any risk assessment undertaken by the relevant person
regulation 28 (11)(a) requires ongoing monitoring of a business relationship which includes, where necessary, checking source of funds to ensure that the transactions are consistent with the relevant person’s knowledge of the customer, the customer’s business and risk profile
regulation 33 imposes an obligation to apply ECDD measures and enhanced ongoing monitoring in any case identified as one where there is a high risk of ML or TF.

The Commission’s review of the specific customers identified during the compliance assessment found no evidence of criminal spend with the Licensee.

Failure to comply with Paragraph 1 and 2 of SRCP 3.4.1 (Customer Interaction)

Compliance with a SRCP is a condition of the licence by virtue of section 82(1) of the Act. SRCP 3.4.1 (amended from 31 October 2019) states:

“1 Licensees must interact with customers in a way which minimises the risk of customers experiencing harms associated with gambling. This must include:

a. identifying customers who may be at risk of or experiencing harms associated with gambling
b. interacting with customers who may be at risk of or experiencing harms associated with gambling
c. understanding the impact of the interaction on the customer, and the effectiveness of the Licensee’s actions and approach.

2 Licensees must take into account the Commission’s guidance on customer interaction.”

MRG accepted it was not fully in compliance with SRCP 3.4.1 as:

it failed to identify certain customers at risk of experiencing gambling related harm and checks should have been undertaken at a significantly earlier stage in the customer's journey:

customer C opened an account on 3 January 2021 and had deposited £23,000 in 24 hours because was no trigger in place to capture and prevent high velocity gambling without any interaction taking place
customer D opened an account on 16 March 2021 and lost £14,902 in 70 minutes, illustrating there was no effective trigger in place to capture and prevent high velocity gambling without any interaction

due to poor systems, and a lack of oversight across brands, there was no complete picture of a customer’s activity available to staff in order to identify risk from previous interactions or safeguards put in place
inadequate record keeping hampered the operator’s ability to decide how and when to interact with customers
it had insufficient controls in place to protect new customers, and to effectively consider high velocity spend and duration of play until the customer may have been exposed to the risk of substantial losses in a short period of time:
- customer E was allowed to open a new account and spend £32,500 over two days in January 2021 without any checks
- customer F was allowed to open a new account and spend £19,000 in 33 days over February and March in 2021 without any checks
- customer C was allowed to open a new account and spend £23,000 in 20 minutes on 3 January 2021 without any checks
- customer D was allowed to open an account and spend £18,000 in 24 hours on 3 January 2021 without any checks
there was a reliance from Licensee on email interactions when customers hit safer gambling alerts. Whilst the emails were not automated, they were not sufficiently tailored to customers’ individual circumstances.

Failure to comply with paragraph 1 and 2b of SRCP 3.9.1 (Identification of individual customers)

Paragraph 1 of SRCP 3.9.1 states:

“Licensees must have and put into effect policies and procedures designed to identify separate accounts which are held by the same individual”.

Paragraph 2b states:

“Where licensees allow customers to hold more than one account with them, the licensee must have and put into effect procedures which enable them to relate each of a customer’s such accounts to each of the others and ensure that: all of a customer’s accounts are monitored and decisions that trigger customer interaction are based on the observed behaviour and transactions across all the accounts”.

MRG accepted it was not fully in compliance with SRCP 3.9.1 as:

the Commission review revealed the Licensee failed to establish that at least four consumers had, or previously had, accounts, with WHG earlier enough in the customer journey. The linked accounts were discovered by MRG at the point it completed ECDD by which point significant amounts had been staked.

This regulatory settlement consists of:

a total payment of £3,750,000 in lieu of a financial penalty, which will be directed towards socially responsible purposes, which includes a divestment of £218,310.20
agreement to the publication of a statement of facts in relation to this case
agreement by the Licensee to vary its operating licence to add conditions to its operating licence, namely:
- to appoint a Board-level sponsor, either reporting directly to the Chair or the Executive Chair, to assume responsibility for compiling and progressing a 12-month action plan to deal with post case activity, and
- undertake a follow-up independent audit of relevant policies and procedures by 13 February 2024 to ensure whether it is effectively implementing its AML and safer gambling policies, procedures and controls, and that any further recommendations made by the independent audit should be implemented thereafter
payment of the Commission’s costs of conducting the review.

In considering an appropriate resolution to this investigation, the Commission has had regard to the following aggravating and mitigating factors:

Aggravating factors

the serious nature of the breaches identified
the impact on the licensing objectives
there has been a repeated breach or failure by the operator or other group companies
the breach arose in circumstances that were similar to previous cases the Commission has dealt with which resulted in the publication of lessons to be learned for the wider industry
the nature of the breaches may mean other customers were affected that the Commission has not reviewed
the Licensee’s senior management should have been aware of governance issues that lead to the breaches, given their significance.

Mitigating factors

the extent of steps taken to remedy the breach - the Licensee implemented an early action plan to remedy its failings
the Licensee procedurally met the Commission’s timetable in respect of providing material and, where such material could not be provided within the expected time period, sought an extension.

Good practice

Gambling operators should take account of the failings identified in this investigation to ensure industry learning. Operators should consider the following questions:

do you have formal processes in place to measure the effectiveness of your AML and safer gambling policies and procedures, and are findings adequately recorded?
do you efficiently record all compliance decisions and are you able to demonstrate to the Commission, on request, evidence of ongoing assessment, evaluation and improvement?
do lessons learned from public statements flow into your policy and processes?
are your customer risk profiles informed by or linked to your money laundering and terrorist financing risk assessment?
do you have a formalised process for analysing the effectiveness of customer interactions to ensure that reviews were adequately documented and consistent in their approach?
do you log the types of behaviour which have triggered a customer interaction and keep sufficient records of interactions, along with decisions not to interact, especially the level of detail provided?
have your staff received sufficient AML and social responsibility training?

Notes

¹ The Commission commenced its regulatory review on 30 September 2021

² Mr Green Limited trade under: Mr Green

³ There are some variances of starting date for breach, but they all fall within this common period. Specific variations from this date, include breach of paragraph 1 of Licence condition 12.1.1 which occurred between 20 September 2020 and 22 October 2021; Failing to comply with paragraphs 1 and 2 of SRCP 3.4.1 between 4 December 2020 and 18 October 2021; Paragraphs 1 and 2 of SRCP 3.9.1 between 4 December 2020 and 18 October 2021.

⁴ The AML Guidance and the Commission’s ML/TF risk assessment sets out a number of factors licensees must and should consider when undertaking their own ML/TF risk assessments. In addition, the Licensee is required, by virtue of Regulation 18(2)(a) of the Regulations, to take these documents into account when carrying out its own ML/TF risk assessment.

End of public statement

Blue Star Planet Limited Public Statement

Published: 16 February 2023

Operators are expected to consider the issues outlined above and review their own practices to identify and implement improvements in respect of the management of customers’ accounts.

Introduction

prevent gambling from being a source of crime or disorder, being associated with crime or disorder or being used to support crime
ensure that gambling is conducted in a fair, safe and open way
protect children and other vulnerable people from being harmed or exploited by gambling.

This investigation resulted in the commencement of a section 116 regulatory review¹ of Blue Star Planet Limited, Combined Remote Operating Licence Number: 000-043173-R-322899-020.

The regulatory review found failings in Blue Star Planet Limited’s processes which were aimed at preventing Money Laundering (ML) and protecting vulnerable people. These failings were identified following a compliance assessment that was conducted by Commission Officials on 22, 23, 24 and 25 June 2021.

Between November 2019 and June 2021, Blue Star Planet Limited failed to comply with the following Licence Conditions and Codes of Practice (LCCP):

paragraphs 1, 2 and 3 of licence condition 12.1.1, requiring compliance with the prevention of money laundering and terrorist financing
licence condition 12.1.2 requiring operators based in foreign jurisdictions to comply with the Money Laundering, Terrorist Financing and Transfer of Funds (Information of the Payer) Regulations 2017 (the 2017 Regulations)
paragraph 1a of licence condition 8.1.1, requiring licensees providing facilities for remote gambling to display on every screen from which customers are able to access gambling facilities provided in reliance on this licence a statement that they are licensed and regulated by the Gambling Commission
paragraphs 1b, 1c and 2 of Social Responsibility Code Provision (SRCP) 3.4.1, requiring licensees to interact with customers in a way which minimises the risk of customers experiencing harms associated with gambling, and to take into account the Commission’s guidance on customer interaction.

Considering remedial action taken by Blue Star Planet Limited and in line with our Statement of principles for licensing and regulation, Blue Star Planet Limited will pay a total of £620,000 in lieu of a financial penalty.

The investigation and our subsequent regulatory review found:

failings in Blue Star Planet Limited’s implementation of Anti-Money Laundering (AML) policies, procedures and controls
deficiencies in its responsible gambling policies, procedures, controls and practices, including weaknesses in implementation
weaknesses in its reporting arrangements.

We found that between November 2019 and June 2021, Blue Star Planet Limited had been in:

Breach of paragraph 1 of license condition 12.1.1

Blue Star Planet Limited accepted its AML Risk Assessment (the Risk Assessment) was inadequate in certain areas and did not explicitly acknowledge:

certain high-risk factors deemed by the Commission to be relevant under Regulation 33 of the 2017 Regulations(opens in new tab)
certain customer risks specifically mentioned at paragraph 2.22 of the Commission’s guidance on anti-money laundering (opens in new tab) ‘The prevention of money laundering and combating the financing of terrorism – Guidance for remote and non-remote casinos’ (AML Guidance).

Breach of paragraph 2 of license condition 12.1.1

Blue Star Planet Limited accepted that at the time of the Assessment:

the financial controls in place to automatically limit the amount customers could deposit were too high and that, as a consequence, its policies and procedures were not implemented effectively or appropriately in accordance with licence condition 12.1.1(2)
the financial limits put in place to control how much more a customer could deposit and gamble after reaching an AML risk alert, and before satisfactory risk profiling could take place, were set too high
some customers were permitted to deposit significant amounts of money (up to the cumulative deposit limit) in a short period of time before satisfactory risk profiling (and any manual restrictions) could occur.

Breach of paragraph 3 of licence condition 12.1.1

Blue Star Planet Limited accepted that, at the time of the Assessment:

some customers were able to gamble at high velocity before automated restrictions were applied to the customer’s account
there were instances where SoF evidence should have been requested from some customers at an earlier stage in the business relationship
some of its customers who had received an interaction should have been restricted from further play due to ML / TF risks that were presented
the financial deposit limits were too high and, as a result, were not effective in controlling high velocity spend and permitted some customers to exceed AML risk thresholds that were in place.

Breach of paragraph 1 of licence condition 12.1.2 (Anti-Money Laundering Measures for operators based in foreign jurisdictions)

Paragraph 1 of this condition has been in place since October 2016 and requires that: “Licensees must comply with Parts 2 and 3 of the Money Laundering Regulations 2007 (UK Statutory Instrument No. 2157 of 2007) as amended by the Money Laundering (Amendment) Regulations 2007 (UK Statutory Instrument No. 3299 of 2007), or the equivalent requirements of any UK Statutory Instrument by which those regulations are amended or superseded insofar as they relate to casinos (the MLR) whether or not the MLR otherwise apply to their business”.

Blue Star Planet Limited accepted:

it was in breach of licence condition 12.1.2 on the basis of the conditions detailed at sections 1 to 3.

Breach of licence condition 8.1.1 (Display of Licensed Status)²

Licence condition 8.1.1 states:

“1 Licensees providing facilities for remote gambling must display on every screen from which customers are able to access gambling facilities provided in reliance on this licence:

a. a statement that they are licensed and regulated by the Gambling Commission.
b. their account number.
c. a link (which will be supplied by the Commission) to their current licensed status as recorded on the Commission’s website.

2 Such statement, account number and link must be in the format, provided by the means, and contain the information from time to time specified by the Commission in its technical standards applicable to the kind of facilities for gambling provided in accordance with this licence or otherwise notified to licensees for the purposes of this condition.

3 Licensees may also display on screens accessible from Great Britain information about licences or other permissions they hold from regulators in, or by virtue of the laws of, jurisdictions outside Great Britain provided it is made plain on those screens that the licensee provides facilities for gambling to persons in Great Britain in reliance on their Gambling Commission licence(s).”

Blue Star Planet Limited accepted that, at the time of the Assessment:

a link on its website did not work however, upon identification this was immediately corrected.

Compliance with a SRCP is a condition of the licence by virtue of section 82(1) of the Act. SRCP 3.4.1 (amended from 31 October 2019) states:

“1 Licensees must interact with customers in a way which minimises the risk of customers experiencing harms associated with gambling. This must include:

a. identifying customers who may be at risk of or experiencing harms associated with gambling.
b. interacting with customers who may be at risk of or experiencing harms associated with gambling.
c. understanding the impact of the interaction on the customer, and the effectiveness of the Licensee’s actions and approach”.

2 Licensees must take into account the Commission’s guidance on customer interaction.”

Blue Star Planet Limited accepted, at the time of the Assessment:

it did not employ dedicated compliance staff to monitor safer gambling alerts overnight. Customers who reached safer gambling triggers overnight would be manually reviewed the following day
as a result of the need for manual review and there being no overnight monitoring of safer gambling alerts some customers were permitted to hit several safer gambling triggers without risk assessments and interactions occurring in real time
it did not implement high-velocity risk alerts which permitted some customers to spend at high velocity without interactions happening in real time
the financial risk alerts in place at the time of the Assessment failed to give adequate consideration to average discretionary income data and failed to identify customers at the earliest opportunity. It recognises that the safer gambling controls failed to prevent some customers from spending significant amounts of money over short periods of time, before interactions or interventions occurred based on meaningful assessments of the risks presented. Further, while interactions and interventions did occur, it is accepted that these did not occur in real-time (and generally occurred one day later)
it could have better evidenced how customer interactions were evaluated for their effectiveness
it did not act quickly enough to identify and interact with two customers reviewed by Officials during the Assessment, despite both exhibiting signs of potentially problematic gambling.

This regulatory settlement consists of:

£620,000 payment in lieu of a financial penalty, which will be directed towards socially responsible causes.
agreement to the publication of a statement of facts in relation to this case.
payment of £3,571.25 towards the Commission’s costs of investigating the case.

In considering an appropriate resolution to this investigation, the Commission has had regard to the following aggravating and mitigating factors:

Aggravating factors

the serious nature of the breaches identified
the impact on the licensing objectives
the breach arose in circumstances that were similar to previous cases the Commission has dealt with which resulted in the publication of lessons to be learned for the wider industry
the need to encourage compliance among other operators
the nature of the breaches may mean other customers were affected that the Commission has not reviewed
Blue Star Planet Limited’s senior management should have been aware of governance issues that lead to the breaches.

Mitigating factors

the extent of steps taken to remedy the breach
Blue Star Planet Limited’s early recognition of its failings
the Licensee has been co-operative throughout its dealings with the Commission.

Good practice

Gambling operators should take account of the failings identified in this investigation to ensure industry learning. Operators should consider the following questions:

do you have formal processes in place to measure the effectiveness of your AML and safer gambling policies and are findings adequately recorded?
do you efficiently record all compliance-related decisions and are you able to demonstrate to the Commission, on request, evidence of ongoing assessment, evaluation and improvement?
do lessons learned from public statements flow into your policy and processes?
are your customer risk profiles formed by or linked to your money laundering and terrorist financing risk assessment?
do you have a formalised process for analysing the effectiveness of customer interactions to ensure that reviews were adequately documented and consistent in their approach?
do you log the types of behaviour which have triggered a customer interaction and keep sufficient records of interactions, along with decisions not to interact especially in terms of the level of detail provided?
do you have out of hours arrangements in place?
have your staff received sufficient AML and SR training?

Notes

¹ The Commission commenced its section 116 review on 7 September 2021.

² Although the Licensee accepts the breach, it remains of the view that an isolated incident of a single broken website link should not warrant a finding that it breached licence condition 8.1.1.

End of public statement

Vivaro Limited Public Statement

Published: 17 January 2023

Operators are expected to consider the issues outlined as follows and review their own practices to identify and implement improvements in respect of the management of customers’ accounts.

Introduction

Licensed gambling operators have a legal duty to ensure gambling facilities are provided in compliance with the Gambling Act 2005 (the Act), the conditions of their licence, and in accordance with the licensing objectives, which are to:

prevent gambling from being a source of crime or disorder, being associated with crime or disorder or being used to support crime
ensure that gambling is conducted in a fair and open way
protect children & other vulnerable people from being harmed or exploited by gambling.

This investigation followed a compliance assessment carried out in April 2021 and resulted in the commencement of a section 116 regulatory review1 of Vivaro Limited (Vivaro), Combined Remote Operating Licence number: 000-044662-R-324273-017.

The regulatory review found failings in Vivaro’s processes which were aimed at preventing Money Laundering (ML) and safer gambling.

Between October 2020 and June 2021 Vivaro failed to comply with certain Licence Conditions and Codes of Practice (LCCP), specifically:

paragraphs 2 and 3 of Licence condition 12.1.1, requiring the prevention of money laundering and terrorist financing
Licence Condition 12.1.2 requiring operators based in foreign jurisdictions to comply with the Money Laundering, Terrorist Financing and Transfer of Funds (Information of the Payer) Regulations 2017
paragraphs 1 and 2 of Social Responsibility Code Provision (SRCP) 3.4.1, requiring licensees to interact with customers in a way which minimises the risk of customers experiencing harms associated with gambling, and to take into account the Commission’s guidance on customer interaction.

In line with our Statement of principles for licensing and regulation, Vivaro will make payments in lieu of a penalty package of £337,631. A breakdown of the regulatory settlement is set out in the following sections.

The investigation, and our subsequent regulatory review, found:

failings in Vivaro’s implementation of Anti-Money Laundering (AML) policies, procedures and controls
deficiencies in its responsible gambling policies, procedures, controls and practices, including weaknesses in implementation.

We found that between October 2020 and June 2021, Vivaro had been in breach of the following licence conditions and Social Responsibility Code Provisions:

Breach of licence condition 12.1.1.2 and 12.1.1.3

Licence condition 12.1.1 (2) states that “Following completion of and having regard to the risk assessment, and any review of the assessment, licensees must ensure they have appropriate policies, procedures and controls to prevent money laundering and terrorist financing.”

Vivaro accepted it breached these licence conditions for the following reasons:

customers were able to deposit a significant sum of money before ‘know your customer’ (KYC) checks were carried out
Vivaro did not provide sufficient guidance within its policies or procedures as to how staff should verify Source Of Funds (SOF) and what supporting documents should be requested
AML trigger levels were considered too high, based on the average level of customer spend, and were therefore not appropriate to effectively manage associated ML risk
customers reviewed during the compliance assessment were subject to AML checks which were ineffective in establishing the SOF being used for gambling, bank statements were not scrutinised to identify other income and a reliance was placed on winnings from other operators. One Customer was able to deposit £14,850 within two months with insufficient SOF being established. It is the Commission's view that whilst some checks were conducted, these were not sufficient until the customer had met the ‘Very High AML Threshold’ set by the Licensee. It is the Commission's view that Vivaro were over reliant on the customer’s net gambling position. Another customer provided a bank statement showing a balance of over £270,000 said to be winnings from other betting account. Vivaro failed to sufficiently consider the risks associated with recycled winnings. In particular, no additional checks were undertaken to confirm the origin of the funds that had been used to gamble. Customers could be misappropriating funds and re-depositing fresh criminal spend
the Licensee did not sufficiently consider the risks associated with funds a customer used to gamble that had originated from crypto currency. Crypto currency is considered high risk by Commission Officials and should be subject to further investigation.

The Commission’s review of the specific customers identified during the Compliance assessment found no evidence of criminal spend with the Licensee.

Breach of licence condition 12.1.2.1

Paragraph 1 of this condition has been in place since October 2016 and requires that:

The Licensee accepts it breached this licence condition as the AML failings, set out above, constitute a breach of the 2017 Money Laundering Regulations, namely:

Regulation 19 (1)(a) requires that the ‘relevant person’ must maintain policies, controls and procedures to mitigate and manage effectively the risks of money laundering and terrorist financing identified in any risk assessment undertaken by the relevant person
Regulation 24 (a) imposes a relevant person must take appropriate measures to ensure that its relevant employees are made aware of the law relating to money laundering and terrorist financing, and to the requirements of data protection, which are relevant to the implementation of these Regulations; and regularly given training in how to recognise and deal with transactions and other activities or situations which may be related to money laundering or terrorist financing
Regulation 28 (11)(a) requires ongoing monitoring of a business relationship which includes, where necessary, checking source of funds to ensure that the transactions are consistent with the relevant person’s knowledge of the customer, the customer’s business and risk profile.

Compliance with a SRCP is a condition of the licence by virtue of section 82(1) of the Act. SRCP 3.4.1 (amended from 31 October 2019) states:

“1 Licensees must interact with customers in a way which minimises the risk of customers experiencing harms associated with gambling. This must include:

a. identifying customers who may be at risk of or experiencing harms associated with gambling.
b. interacting with customers who may be at risk of or experiencing harms associated with gambling.
c. understanding the impact of the interaction on the customer, and the effectiveness of the Licensee’s actions and approach.

2 Licensees must take into account the Commission’s guidance on customer interaction.”.

Vivaro accepted it was not fully in compliance with SRCP 3.4.1 as:

it had insufficient control in place to protect new customers, and to effectively consider high velocity spend and duration of play until the customer reached a ‘higher tier’ AML Trigger. In one example a customer was allowed to deposit and lose £4000 within a 4-day period
it did not have sufficient resourcing of its KYC agents to manage requirements in respect of identifying customers at risk and undertake customer interactions. The automatic system suspension was in relation to financial triggers only; and that it did not sufficiently resource other risk factors
it did not have sufficient resourcing or effective automatic blocking to manage requirements in respect of customer interactions. Commission Officials consider that the licensee would have been able to act more promptly and tailor interactions more appropriately (such as telephone calls) if there were sufficient staff resources
there was a reliance from Vivaro on email interactions when customers hit safer gambling alerts. Whilst the emails were not automated, they were not sufficiently tailored to the customers’ individual circumstances
there was a poor level of recording by Vivaro, as well as no evaluation of customer use and impact of responsible gambling tools and/or customer interactions for their effectiveness. One Customer with a salary of £5,000 a month, was able to deposit £20,000 between 09 September 2020 and 05 February 2021- this amounted to circa 80% of the customers salary and the Licensee did not sufficiently review this level of spend.

A regulatory settlement package of £337,631 has been agreed, which consists of the following elements:

a payment in lieu of a financial penalty of £302,500 which will go to National Responsible Gambling Strategy project(s) to pay for research and treatment as determined appropriate to address the risk of harmful gambling
divestment of £35,131
the voluntary placing of additional condition on Vivaro’s’ operating licence under section 117(1)(b) of the Act, requiring the licensee to:

undertake a third-party audit within 12 months of the conclusion of the review. The purpose of the audit is to examine whether the Licensee is effectively implementing its anti-money laundering and social responsibility policies, procedures and controls in accordance with its regulatory requirements
provide the Commission with a copy of the Audit report within 5 working days of it being received by it.

agree to the publication of a statement of facts by the Commission
payment of £15,606.50 towards our investigative costs.

Conclusion

Our investigation found, and Vivaro accepts, that there were significant weaknesses in its systems relating to how it managed its customers for AML and social responsibility purposes.

In determining the appropriate outcome, we took the following factors into account:

there were significant licence condition breaches for a sustained period of time. This impacted the licensing objectives, particularly preventing gambling from being used to support crime, and protecting vulnerable persons from being harmed or exploited by gambling
proactive and timely action taken by Vivaro to address all the issues identified
Vivaro being open and transparent from the outset of the investigation and fully co-operative throughout
the nature of Vivaro’s business, including their financial resources.

Good Practice

Gambling operators should take account of the failings identified in this investigation to ensure industry learning. Operators should also consider the following questions:

do you have formal processes in place to measure the effectiveness of your AML and safer gambling policies and procedures, and are findings adequately recorded?
do you efficiently record all compliance decisions and are you able to demonstrate to the Commission, on request, evidence of ongoing assessment, evaluation and improvement?
do lessons learned from public statements flow into your policy and processes?
are your customer risk profiles informed by, or linked to, your money laundering and terrorist financing risk assessment?
do you have a formalised process for analysing the effectiveness of customer interactions to ensure that reviews were adequately documented and consistent in their approach?
do you log the types of behaviour which have triggered a customer interaction and keep sufficient records of interactions, along with decisions not to interact, especially the level of detail provided?
have your staff received sufficient AML and SR training?

End of public statement

Spreadex Limited Public Statement

Published: 25 August 2022

Key failings:

breach of licence condition 12.1.1 paragraphs 1, 2 and 3 - Prevention of Money Laundering and Terrorist Financing
failure to act in accordance with Ordinary Code Provision (OCP) 2.1.1 – Anti-Money Laundering (Casino)
failure to comply with Social Responsibility Code Provision 3.4.1 paragraph 1 and 2 - Customer Interaction.

Operators are expected to consider the issues outlined below and review their own practices to identify and implement improvements in respect of the management of customers’ accounts.

Introduction

Licensed gambling operators have a legal duty to ensure their gambling facilities are provided in compliance with the Gambling Act 2005 (opens in new tab) (the Act) and the conditions of their licence, and in accordance with the licensing objectives, which are to:

prevent gambling from being a source of crime or disorder, being associated with crime or disorder or being used to support crime
ensure that gambling is conducted in a fair, safe and open way
protect children and other vulnerable people from being harmed or exploited by gambling.

This investigation resulted in the commencement of a section 116 regulatory review of Spreadex Limited (Spreadex), Combined Remote Operating Licence number: 000-008835-R-104580-017. The Commission commenced its regulatory review on 2 June 2021, following concerns identified in a compliance assessment conducted in May 2021.

The regulatory review found failings in Spreadex’s procedures which were aimed at preventing Money Laundering (ML) and protecting vulnerable people.

Between January 2020 and May 2021 Spreadex breached its Licence Conditions and Codes of Practice (LCCP), specifically:

paragraphs 1, 2 and 3 of licence condition 12.1.1, requiring the prevention of money laundering and terrorist financing. This includes its failure to act in accordance with the Commission’s guidance: The Prevention of Money Laundering and Combating the Financing of Terrorism - Guidance for remote and non-remote casinos OCP 2.1.1 – Anti-Money Laundering (Casino)
paragraphs 1 and 2 of Social Responsibility Code Provision (SRCP) 3.4.1, requiring licensees to interact with customers in a way which minimises the risk of customers experiencing harms associated with gambling, and to take into account the Commission’s guidance on customer interaction.

Taking into account remedial action taken by Spreadex and in line with our Statement of Principles for licensing and regulation, Spreadex will pay a total of £1,363,786 in lieu of a financial penalty.

The investigation and our subsequent regulatory review found:

failings in Spreadex’s implementation of anti-money laundering (AML) policies, procedures and controls
deficiencies in its responsible gambling policies, procedures, controls and practices, including weaknesses in implementation.

Breach of paragraph 1 of licence condition 12.1.1

Licence condition 12.1.1(1) states, “Licensees must conduct an assessment of the risks of their business being used for money laundering and terrorist financing. Such risk assessment must be appropriate and must be reviewed as necessary in the light of any changes of circumstances, including the introduction of new products or technology, new methods of payment by customers, changes in the customer demographic or any other material changes, and in any event reviewed at least annually.”.

The Commission found, and Spreadex acknowledged, that its Money Laundering and Terrorist Financing Risk Assessment (ML and TF RA) was not fully compliant with licence condition 12.1.1 (1). In particular:

it had not been reviewed and updated on an annual basis as required, and did not take into account and adequately consider information on the risks of ML and TF made available in Commission publications
it did not acknowledge and assess all the relevant customer, product and geographical risk factors.

Breach of paragraph 2 of licence condition 12.1.1

Licence condition 12.1.1(2) states “Following completion of and having regard to the risk assessment, and any review of the assessment, Licensees must ensure they have appropriate policies, procedures and controls to prevent money laundering and terrorist financing.”.

The Commission found, and Spreadex acknowledged, that it was not fully compliant with licence condition 12.1.1(2). In particular:

there were weaknesses and shortcomings in relation to the adequacy and maintenance of its AML policies, procedures and controls
certain customers were able to deposit large amounts of money without sufficient interaction being triggered, such as a Source of Funds (SOF) check.

As examples, the Commission’s concerns included:

ineffective Enhanced Customer Due Diligence (ECDD) triggers allowed customers to deposit large sums of money before the first AML review was undertaken
the level of information obtained and verified by the Licensee did not increase in line with customer ML risk levels. In one case, a customer who met a £25,000 financial deposit alert, had the alert for further review increased to £100,000 based on a self-declaration of income and an open-source check
over reliance on electronic verification checks without obtaining additional independent evidence from reliable sources.

Breach of paragraph 3 of licence condition 12.1.1

The Commission found, and Spreadex acknowledged, that its policies, procedures and controls were not fully compliant with licence condition 12.1.1(3). In particular, the Licensee:

failed to critically review SOF documentation and was over reliant on electronic checks
did not have in place sufficient staff to respond to financial triggers in a timely fashion and to adequately mitigate the risk.

As examples, the Commission’s concerns included:

a customer who was able to continue depositing after providing redacted bank statements in response to a request for evidence of SOF
a customer who was able to deposit £365,000 and lose £284,000 over a period of 3 months without SOF being sufficiently established.

The Commission’s review of the specific customers identified during the Compliance assessment found no evidence of criminal spend with the Licensee.

Failure to consider Ordinary Code Provision (OCP) 2.1.1 – Anti-money Laundering (Casino)¹

The findings set out at 1 to 3 occurred, to an extent, because Spreadex had failed to sufficiently take into account the Commission’s AML guidance. OCP 2.1.1, states: “In order to help prevent activities related to money laundering and terrorist financing, licensees should act in accordance with the Commission’s guidance on anti-money laundering: The Prevention of Money Laundering and Combating the Financing of Terrorism - Guidance for remote and non-remote casinos.

Social Responsibility Code Practice (SRCP 3.4.1) at paragraphs 1 and 2 states “Licensees must interact with customers in a way which minimises the risk of customers experiencing harms associated with gambling. This must include:

a. identifying customers who may be at risk of or experiencing harms associated with gambling
b. interacting with customers who may be at risk of or experiencing harms associated with gambling
c. understanding the impact of the interaction on the customer, and the effectiveness of the Licensee’s actions and approach.

2 Licensees must take into account the Commission’s guidance on customer interaction.”.

The Commission found, and Spreadex acknowledged, that its policies and processes were not fully compliant with SRCP 3.4.1 (1) and (2). In particular:

its financial alerts were ineffective and allowed customers to lose significant amounts over a short period of time
it placed an overreliance on financial alerts to identify customers at potential risk of experiencing harms
it did not sufficiently record and evaluate its customer interactions.

As an example, the Commission’s concerns included a customer who was able to deposit £1.7 million and lose £500,000 during the course of a one month period. Customer interactions had taken place but they had not been sufficiently evaluated, and did not include considering the effectiveness of restricting the account.

This regulatory settlement consists of:

£1,363,786 payment in lieu of a financial penalty, which will be directed towards socially responsible purposes
agreement to the publication of a statement of facts in relation to this case
payment towards the Commission’s costs of investigating the case of £7,831.00.

In considering an appropriate resolution to this investigation, the Commission had regard to the following aggravating and mitigating factors:

Aggravating factors

the serious nature of the breaches identified
the impact on the licensing objectives
that the breach arose in circumstances that were similar to previous cases the Commission has dealt with which resulted in the publication of lessons to be learned for the wider industry
the need to encourage compliance among other operators
the nature of the breaches may mean other customers were affected that the Commission has not reviewed.

Mitigating factors

Spreadex showed insight into the seriousness of the breaches and self-suspended its casino actives for 5 months to mitigate risk
Spreadex provided an action plan immediately following the Compliance Assessment and took effective action to expand and improve its compliance capacity
Spreadex and its senior managers cooperated with the Commission in a timely and transparent manner
Spreadex made an early offer of a regulatory settlement.

Good practice

Gambling operators should take account of failings identified in this investigation to ensure industry learning. Operators should consider the following questions:

do you have formal processes in place to measure the effectiveness of your AML and safer gambling policies and procedures, and are findings adequately recorded?
do you efficiently record all compliance decisions and are you able to demonstrate to the Commission, on request, evidence of ongoing assessment, evaluation and improvement?
do lessons learned from public statements flow into your policy and processes?
do you have a formalised process for analysing the effectiveness of customer interactions to ensure the types of interaction are effective?
do you log the types of behaviour which have triggered a customer interaction and keep sufficient records of interactions, along with decisions not to interact especially in terms of the level of detail provided?

¹OCP do not have the status of licence conditions but set out good practice. Any departure from OCP provision by an operator may be considered by the Commission as part of a licence review.

²Compliance with an SRCP is a condition of the licence by virtue of section 82(1) of the Act.

End of public statement

Ladbrokes Betting & Gaming Limited Public Statement

Published: 17 August 2022

This licensee is part of the Entain Group (Entain) (formerly named the GVC group) of companies.

Operators are expected to consider the issues outlined as follows and review their own practices to identify and implement improvements in respect of the management of customers’ accounts.

Introduction

Licensed gambling operators have a legal duty to ensure gambling facilities are provided in compliance with the Gambling Act 2005 (opens in new tab) (the Act), the conditions of their licence and in accordance with the licensing objectives, which are to:

prevent gambling from being a source of crime or disorder, being associated with crime or disorder or being used to support crime
ensure that gambling is conducted in a fair, and open way
protect children and other vulnerable people from being harmed or exploited by gambling.

This investigation followed a compliance assessment and resulted in the commencement of a section 116 regulatory review¹ of Ladbrokes Betting & Gaming Limited (LBG), Combined Non-Remote Operating Licence number: 001611-N-102408-022. The regulatory review found failings in LBG’s processes which were aimed at preventing Money Laundering (ML) and safer gambling.

Between December 2019 and October 2020 LBG failed to comply with certain Licence Conditions and Codes of Practice (LCCP), specifically:

paragraphs 2 & 3 of licence condition 12.1.1 – Prevention of money laundering and terrorist financing
paragraphs 1 & 2 of Social Responsibility Code Provision (SRCP) 3.4.1 – Customer Interaction.

Taking into account remedial action taken by LBG and in line with our Statement of Principles for licensing and regulation, LBG will voluntarily divest itself of £212,849.86 and pay £2,787,150.14 in lieu of a financial penalty resulting in a total payment of £3,000,000.

The investigation and our subsequent regulatory review found:

failings in LBG’s implementation of Anti-Money Laundering (AML) policies, procedures and controls
deficiencies in its responsible gambling policies, procedures, controls and practices, including weaknesses in implementation
weaknesses in its reporting arrangements.

We found that, between December 2019 and October 2020, LBG had been in breach of the following licence conditions and Social Responsibility Code Provisions:

Breach of paragraphs 2 and 3 of licence condition 12.1.1

LBG accepted:

weaknesses and shortcomings in relation to the adequacy and maintenance of its policies and procedures, and their implementation
certain customers identified by the Commission were able to stake large amounts of money without having been monitored or scrutinised to the standard expected by the Commission

customer G was a high staking cash customer who regularly loaded cash of £500 or more onto shop terminals. This customer placed their first bet on 10 January 2020 and staked circa £168,000 in the proceeding eight months, losing a total of circa £28,000. They were not considered by the Licensee for AML checks, largely due to not being referred for review by shop staff and not hitting the Licensee’s AML threshold triggers. The Licensee acknowledged that it did not commence due diligence checks in relation to this customer until it conducted a review as part of its Governance process in September 2020
customer H’s last 12-month stakes were £440,474 with losses of £68,867 over the same period. The Licensee acknowledged that further formal AML thresholds and checkpoints would have been appropriate in respect of stake levels and has confirmed that it has since amended its approach.

in relation to certain customers identified by the Commission, it placed overreliance on recycled winnings
in particular cases, despite training, local staff or area managers could have escalated potential concerns sooner.

The Commission’s review of the specific customers identified during the compliance assessment found no evidence of criminal spend with the Licensee.

Compliance with a SRCP is a condition of the licence by virtue of section 82(1) of the Act. SRCP 3.4.1 (amended from 31 October 2019) states:

“1 Licensees must interact with customers in a way which minimises the risk of customers experiencing harms associated with gambling. This must include:

a. identifying customers who may be at risk of or experiencing harms associated with gambling
b. interacting with customers who may be at risk of or experiencing harms associated with gambling
c. understanding the impact of the interaction on the customer, and the effectiveness of the Licensee’s actions and approach.

2 Licensees must take into account the Commission’s guidance on customer interaction.”.

LBG accepted it was not fully in compliance with SRCP 3.4.1 as:

it was slow to interact or did not interact with certain customers in a way which minimised their risk of experiencing harms associated with gambling:

in July 2020 customer I staked £29,372 and lost £11,345 (a third of their 12-month loss). This was the customer’s highest monthly stakes since becoming a monitored shop customer and a loss figure that was significantly higher than any previous recorded monthly losses. The customer was not escalated for a safer gambling review by either the shop or support office teams.

in particular cases, despite training, local staff or area managers could have escalated potential concerns sooner:

customer J was able to stake £173,285 and lost £27,753 between October 2019 and October 2020
customer K who was known to be a delivery driver was able to lose £17,000 between October 2019 and October 2020.

whilst it was evaluating the adequacy of certain individual customer interactions, it should have conducted such evaluation to a higher standard and recorded the same more clearly:

the Licensee accepted this failing was relevant in its evaluation of customer L who staked £218,765 and lost £44,597 between October 2019 and October 2020.

in its interactions with certain customers identified by the Commission, affordability ought to have been considered sooner
there were instances where interactions were not specifically adapted depending on the extent of potential harm to a customer.

This regulatory settlement consists of:

(i) divestment of £212,849.86 and (ii) a payment in lieu of £2,787,150.14 making a total payment of £3,000,000 in lieu of a financial penalty, which will be directed towards socially responsible purposes.
agreement to the publication of a statement of facts in relation to this case
agreement by LBG to vary its operating licence to add conditions to its operating licence, namely:

to appoint a Board-level sponsor, reporting directly to the Chair, to assume responsibility for the implementation of its action plan, and
undertake a follow-up independent audit of relevant policies and procedures within 12 months to ensure whether it is effectively implementing its AML and safer gambling policies, procedures and controls, and that any further recommendations made by the independent audit should be implemented thereafter.

payment of the Commission’s costs of conducting the review.

In considering an appropriate resolution to this investigation, the Commission has had regard to the following aggravating and mitigating factors:

Aggravating factors

the serious nature of the breaches identified
the impact on the licensing objectives
there has been a repeated breach or failure by the operator or other group companies
the breach arose in circumstances that were similar to previous cases the Commission has dealt with which resulted in the publication of lessons to be learned for the wider industry
the need to encourage compliance among other operators
the nature of the breaches may mean other customers were affected that the Commission has not reviewed
LBG’s senior management should have been aware of governance issues that lead to the breaches, given their significance.

Mitigating factors

the extent of steps taken to remedy the breach – the Licensee implemented an early action plan to remedy its failings
the Licensee procedurally met the Commission’s timetable in respect of providing material and, where such material could not be provided within the expected time period, sought an extension.

Good practice

Gambling operators should take account of the failings identified in this investigation to ensure industry learning. Operators should consider the following questions:

do you have formal processes in place to measure the effectiveness of your AML and safer gambling policies and procedures, and are findings adequately recorded?
do you efficiently record all compliance decisions and are you able to demonstrate to the Commission, on request, evidence of ongoing assessment, evaluation and improvement?
do lessons learned from public statements flow into your policy and processes?
do you have a formalised process for analysing the effectiveness of customer interactions to ensure that reviews were adequately documented and consistent in their approach?
do you log the types of behaviour which have triggered a customer interaction and keep sufficient records of interactions, along with decisions not to interact, especially the level of detail provided?
have your staff received sufficient AML and SR training?

Notes

¹The Commission commenced its regulatory review on 18 January 2021.

End of public statement

LC International Limited Public Statement

Published: 17 August 2022

This licensee is part of the Entain Group (Entain) (formerly named the GVC group) of companies.

Operators are expected to consider the issues outlined as follows and review their own practices to identify and implement improvements in respect of the management of customers’ accounts.

Introduction

Licensed gambling operators have a legal duty to ensure gambling facilities are provided in compliance with the Gambling Act 2005 (opens in new tab) (the Act), the conditions of their licence and in accordance with the licensing objectives, which are to:

prevent gambling from being a source of crime or disorder, being associated with crime or disorder or being used to support crime
ensure that gambling is conducted in a fair, and open way
protect children and other vulnerable people from being harmed or exploited by gambling.

This investigation followed a compliance assessment and resulted in the commencement of a section 116 regulatory review¹ of LC International Limited (LCI), Combined Remote Operating Licence number: 000-054743-R-330863-0072². The regulatory review found failings in LCI’s processes which were aimed at preventing Money Laundering (ML) and safer gambling.

Between December 2019 and October 2020, LCI failed to comply with certain Licence Conditions and Codes of Practice (LCCP), specifically:

paragraphs 1, 2 and 3 of licence condition 12.1.1, requiring the prevention of money laundering and terrorist financing (ML and TF)
licence condition 12.1.2 requiring operators based in foreign jurisdictions to comply with the Money Laundering, Terrorist Financing and Transfer of Funds (Information of the Payer) Regulations 2017
paragraphs 1 and 2 of Social Responsibility Code Provision (SRCP) 3.4.1, requiring licensees to interact with customers in a way which minimises the risk of customers experiencing harms associated with gambling, and to take into account the Gambling Commission’s guidance on customer interaction
paragraphs 1 and 2 of SRCP 3.9.1 requiring Licensees to put into effect policies and procedures designed to identify separate accounts which are held by the same individual and where customers hold more than one account, the Licensee must have and put into effect procedures which enable them to relate each of a customer’s such accounts to each other.

Taking into account remedial action taken by LCI and in line with our Statement of Principles for licensing and regulation, LCI will voluntarily divest itself of £544,048.03 and pay £13,455,952 in lieu of a financial penalty resulting in a total payment in lieu of a financial penalty of £14,000,000.

The investigation and our subsequent regulatory review found:

failings in LCI’s implementation of Anti-Money Laundering (AML) policies, procedures and controls
deficiencies in its responsible gambling policies, procedures, controls and practices, including weaknesses in implementation
certain customers who were the subject of AML restrictions were able to open account(s) on different brands.

We found that between December 2019 and October 2020 LCI had been in breach of the following licence conditions and Social Responsibility Code Provisions.

Breach of paragraph 1 of licence condition 12.1.1

LCI accepted it breached this licence condition as its ML and TF risk assessment did not sufficiently reflect the Commission’s expectations or fully take into account the Commission’s ML and TF risk assessment of the British gambling industry.

The failings were that LCI’s risk assessment did not:

refer to terrorist financing
make specific reference to customer nationality or business risks in the geographical risk section³.

Breach of paragraphs 2 and 3 of licence condition 12.1.1

Licence condition 12.1.1(3) states: “Licensees must ensure that such policies, procedures and controls are implemented effectively, kept under review, revised appropriately to ensure that they remain effective, and take into account any applicable learning or guidelines published by the Gambling Commission from time to time.”

LCI accepted it breached this licence condition as:

there were weaknesses and shortcomings in relation to the adequacy and maintenance of its policies and procedures, and their implementation
the Commission identified that certain customers were able to deposit large amounts of money without an interaction being triggered (in particular, a Source of Funds (SOF) check):

customer A had £742,000 in deposits during a membership period of 14 months, having first registered in May 2019. The Licensee established via open source that this customer was a director of a newly formed company. The customer’s salary was not known by the Licensee as no personal financial information was available on open source. At the time of the Assessment, the customer had lost £59,000 in the preceding six months
customer B’s total deposits over the life of a six-month account, which was registered in February 2020, were £186,000 with a loss of £31,000 at the time of the Assessment, including almost £25,000 in losses in the last three months. The Licensee acknowledged it should have acted sooner when it identified that the customer’s home address was a social housing property.

in relation to certain customers identified by the Commission, it placed an overreliance on recycled winnings
in relation to certain customers, it should have conducted Enhanced Customer Due Diligence (ECDD) checks sooner than it did:

customer C deposited £157,698 in two months. The Licensee first requested SOF evidence on 9 August 2020, however, the customer was allowed to continue gambling until the account was restricted on 27 August 2020. The Licensee later closed the account on receipt of the customer’s SOF evidence due to the Licensee’s concerns about the legitimacy of the evidence provided
customer D deposited a total of £524,501 in the period of the failings, incurring losses of £75,600. The customer was not requested to provide SOF evidence until April 2020, which they refused to provide, and the account was subsequently closed.

it placed excessive reliance on open-source information in certain cases:

customer A hit an AML trigger in June 2020 by depositing £10,000 in one day. This prompted the Licensee to review the account (via open-source checks) for the first time and no adverse information was found. The customer was allowed to continue playing until they hit a further AML trigger by depositing £60,000 in 7 days, which prompted a SOF check by the Licensee
the Licensee believed customer E to be a wealthy individual based on assumptions made during open-source checks. However, prior to a source of funds request in August 2020, no evidence had been obtained to show that the assumed wealth was being used to fund the account. The customer deposited £140,700 in the period of the failings with an overall net loss of £60,300.

Breach of paragraph 1 of licence condition 12.1.2 (Anti-Money Laundering measures for operators based in foreign jurisdictions)

Paragraph 1 of this condition has been in place since October 2016 and requires that:

The Licensee accepts it breached this licence condition as the AML failings, set out above, constitute a breach of the 2017 Money Laundering Regulations, namely:

regulation 19 (1)(a) requires that the ‘relevant person’ must maintain policies, controls and procedures to mitigate and manage effectively the risks of money laundering and terrorist financing identified in any risk assessment undertaken by the relevant person
regulation 28 (11)(a) requires ongoing monitoring of a business relationship which includes, where necessary, checking source of funds to ensure that the transactions are consistent with the relevant person’s knowledge of the customer, the customer’s business and risk profile
regulation 33 imposes an obligation to apply ECDD measures and enhanced ongoing monitoring in any case identified as one where there is a high risk of money laundering or terrorist financing.

The Commission’s review of the specific customers identified during the compliance assessment found no evidence of criminal spend with the Licensee.

Compliance with a SRCP is a condition of the licence by virtue of section 82(1) of the Act. SRCP 3.4.1 (amended from 31 October 2019) states:

“1 Licensees must interact with customers in a way which minimises the risk of customers experiencing harms associated with gambling. This must include:

a. identifying customers who may be at risk of or experiencing harms associated with gambling
b. interacting with customers who may be at risk of or experiencing harms associated with gambling
c. understanding the impact of the interaction on the customer, and the effectiveness of the Licensee’s actions and approach.

2 Licensees must take into account the Commission’s guidance on customer interaction.”.

LCI accepted it was not fully in compliance with SRCP 3.4.1 as:

it was slow to interact with, or did not interact with, certain customers identified by the Commission in a way which minimised their risk of experiencing harms associated with gambling

during their custom with the Licensee, customer F made a large number of deposits and withdrawals and played for extended periods of time overnight and in the early morning; with total deposits of £186,889 in 2019 and £43,956 within six months in 2020. They were twice referred to the safer gambling team and received just one chat interaction. The Licensee accepts there was a lack of interaction with this customer and also accepts that an analyst error in November 2018 led to the customer’s account being reopened, contrary to previous decisions to permanently close it
in respect of customer A who deposited £742,000 in 14 months, the Licensee accepts that its actions in relation to this customer were not of a standard that the Commission or the Licensee, itself, expects. It acknowledges it should have engaged with the customer sooner and when doing so it should have asked further questions regarding affordability and income. The Licensee has since amended its thresholds and related processes to ensure that such an oversight does not happen again.

its policies were not updated in a timely fashion to reflect the introduction of the October 2019 SRCP 3.4.1
in evaluating the adequacy of its customer interaction processes as a whole, the operator should have kept better records of those evaluations
in its interactions with certain customers identified by the Commission, affordability ought to have been considered sooner.

Paragraphs 1 and 2 of SRCP 3.9.1 state:

“1 Licensees must have and put into effect policies and procedures designed to identify separate accounts which are held by the same individual.

2 Where licensees allow customers to hold more than one account with them, the licensee must have and put into effect procedures which enable them to relate each of a customer’s such accounts to each of the others and ensure that:

a. if a customer opts to self-exclude they are effectively excluded from all gambling with the licensee unless they make it clear that their request relates only to some forms of gambling or gambling using only some of the accounts they hold with the licensee;
b. all of a customer’s accounts are monitored and decisions that trigger customer interaction are based on the observed behaviour and transactions across all the accounts;
c. where credit is offered or allowed the maximum credit limit is applied on an aggregate basis across all accounts; and
d. individual financial limits can be implemented across all of a customer’s accounts.”.

LCI accepted it was not fully in compliance with SRCP 3.9.1 as:

there was an ability for customers subject to AML enquiries and restrictions to open multiple accounts with the Licensee’s other brands

in one instance customer A had their account blocked with Coral because they had spent £60,000 in 12 months and failed to provide source of funds, but was immediately able to open an account with Ladbrokes and deposit £30,000 in a single day.

This regulatory settlement consists of:

(i) divestment of £544,048.03 and (ii) a payment in lieu of £13,455,952 making a total payment of £14,000,000 in lieu of a financial penalty, which will be directed towards socially responsible purposes
agreement to the publication of a statement of facts in relation to this case
agreement by LCI to vary its operating licence to add conditions to its operating licence, namely:

to appoint a Board-level sponsor, reporting directly to the Chair, to assume responsibility for the implementation of its action plan, and
undertake a follow-up independent audit of relevant policies and procedures within 12 months to ensure whether it is effectively implementing its AML and safer gambling policies, procedures and controls, and that any further recommendations made by the independent audit should be implemented thereafter.

payment of the Commission’s costs of conducting the review.

In considering an appropriate resolution to this investigation, the Commission has had regard to the following aggravating and mitigating factors:

Aggravating factors

the serious nature of the breaches identified
the impact on the licensing objectives
there has been a repeated breach or failure by the operator or other group companies
the breach arose in circumstances that were similar to previous cases the Commission has dealt with which resulted in the publication of lessons to be learned for the wider industry
the need to encourage compliance among other operators
the nature of the breaches may mean other customers were affected that the Commission has not reviewed
LCI’s senior management should have been aware of governance issues that lead to the breaches, given their significance.

Mitigating factors

the extent of steps taken to remedy the breach - the Licensee implemented an early action plan to remedy its failings
the Licensee procedurally met the Commission’s timetable in respect of providing material and, where such material could not be provided within the expected time period, sought an extension.

Good practice

Gambling operators should take account of the failings identified in this investigation to ensure industry learning. Operators should consider the following questions:

do you have formal processes in place to measure the effectiveness of your AML and safer gambling policies and procedures, and are findings adequately recorded?
do you efficiently record all compliance decisions and are you able to demonstrate to the Commission, on request, evidence of ongoing assessment, evaluation and improvement?
do lessons learned from public statements flow into your policy and processes?
are your customer risk profiles formed by or linked to your money laundering and terrorist financing risk assessment?
do you have a formalised process for analysing the effectiveness of customer interactions to ensure that reviews were adequately documented and consistent in their approach?
do you log the types of behaviour which have triggered a customer interaction and keep sufficient records of interactions, along with decisions not to interact, especially the level of detail provided?
have your staff received sufficient AML and SR training?

Notes

¹The Commission commenced its regulatory review on 11 November 2020.

²LCI trade under: Cheeky Bingo; Coral; Foxy Bingo; Foxy Games; Gala; Gala Bingo; Gala Casino; Gala Coral; Gala Spins; Game Bookers; Ladbrokes; Party Casino; Party Poker; Sporting Bet; bwin.

³The AML Guidance and the Commission’s MLTF risk assessment sets out a number of factors licensees must and should consider when undertaking their own MLTF risk assessments. In addition, the Licensee is required, by virtue of Regulation 18(2)(a) of the Regulations, to take these documents into account when carrying out its own MLTF risk assessment.

End of public statement

Jumpman Gaming Limited Public Statement

Published: 17 May 2022

Key failings:

breach of Licence Condition 12.1.1 Paragraphs 1, 2 and 3 - Prevention of money laundering and terrorist financing
breach of Paragraph 1 of Licence Condition 12.1.2 (Anti-money laundering measures for operators based in foreign jurisdictions)
failure to comply with Social Responsibility Code Provision 3.4.1 paragraph 1 and 2 - Customer interaction.

Operators are expected to consider the issues outlined and review their own practices to identify and implement improvements in respect of the management of customers’ accounts.

Introduction

Licensed gambling operators have a legal duty to ensure their gambling facilities are provided in compliance with the Gambling Act 2005 (the Act), the conditions of their licence and in accordance with the licensing objectives, which are to:

prevent gambling from being a source of crime or disorder, being associated with crime or disorder or being used to support crime
ensure that gambling is conducted in a fair, safe and open way
protect children and other vulnerable people from being harmed or exploited by gambling.

This investigation resulted in the commencement of a section 116 regulatory review of Jumpman Gaming Limited (Jumpman Gaming), Combined Remote Operating Licence number: 039175-R-319452-022. The Commission commenced its regulatory review on 3 September 2020 following concerns identified in a compliance assessment conducted in July 2020.

The regulatory review found failings in Jumpman Gaming’s processes which were aimed at preventing money laundering (ML) and promoting safer gambling by protecting vulnerable people.

Evidence gathered during the compliance assessment and the subsequent review of the operating licence found Jumpman Gaming failed to comply with the Licence Conditions and Codes of Practice (LCCP), specifically:

paragraphs 1, 2 and 3 of Licence Condition (LC) 12.1.1, requiring compliance with the prevention of money laundering and terrorist financing
Licence Condition 12.1.2 requiring operators based in foreign jurisdictions to comply with the Money Laundering, Terrorist Financing and Transfer of Funds (Information of the Payer) Regulations 2017 (“the 2017 Regulations”)
paragraphs 1 and 2 of Social responsibility code provision (SRCP) 3.4.1: requiring licensees interact with customers in a way which minimises the risk of customers experiencing harms associated with gambling, and to take into account the Commission’s guidance on customer interaction.

Further failings of the following LCCP were also identified:

paragraphs 1 and 2 of SRCP 3.9.1, requiring policies and procedures are put into effect that are designed to identify separate accounts held by the same individual, and requirements where licensees allow customers to hold more than one account with them.

Taking into account remedial action taken by Jumpman Gaming and in line with our Statement of principles for licensing and regulation, Jumpman Gaming will pay a total of £500,000 in lieu of a financial penalty.

The investigation and our subsequent regulatory review found:

failings in Jumpman Gaming’s implementation of anti-money laundering (AML) policies, procedures and controls
deficiencies in its responsible gambling policies, procedures, controls and practices, including weaknesses in implementation.

The assessment and review focused on the period of time between February 2020 and July 2020. The Commission used a sample of customers that opened accounts during this period.

Breach of paragraph 1 of Licence Condition 12.1.1

Licence Condition 12.1.1(1) states, “Licensees must conduct an assessment of the risks of their business being used for money laundering and terrorist financing. Such risk assessment must be appropriate and must be reviewed as necessary in the light of any changes of circumstances, including the introduction of new products or technology, new methods of payment by customers, changes in the customer demographic or any other material changes, and in any event reviewed at least annually.”.

Jumpman Gaming acknowledged their money laundering and terrorist financing (ML and TF) risk assessment was deficient and that they were in breach of Licence Condition 12.1.1(1).

The Commission found the relevant risk assessments failed to:

take into account and adequately consider information on the risks of ML and TF made available to them by the Commission
sufficiently assess risks posed by customers that meet certain criteria
fully assess risk posed by business relationships or transactions involving countries identified by credible sources as not having effective systems to counter ML or TF.

Breach of paragraph 2 of license condition 12.1.1

Licence Condition 12.1.1(2) states, “Following completion of and having regard to the risk assessment, and any review of the assessment, licensees must ensure they have appropriate policies, procedures and controls to prevent money laundering and terrorist financing.”.

Jumpman Gaming accepted issues identified by the Commission during the compliance assessment indicated deficiencies in their policies and procedures and accepted they were in breach of Licence Condition 12.1.1(2).

The Commission’s concerns included:

the policies, procedures and controls appeared to conflate source of wealth (SOW) and source of funds (SOF). SOF refers to the origins of the funds which are involved in a particular transaction. SOW refers to the origins of the customer’s entire body of wealth
financial triggers appeared to be at levels which were not sufficiently risk-based
the policy documents did not cover in detail the requirements for guidance to employees on conducting customer due diligence (CDD), enhanced CDD, ongoing monitoring and enhanced ongoing monitoring
not all high-risk factors had been considered for applying enhanced CDD and enhanced ongoing monitoring.

Breach of paragraph 3 of licence condition 12.1.1

Licence Condition 12.1.1(3) states, “Licensees must ensure that such policies, procedures and controls are implemented effectively, kept under review, revised appropriately to ensure that they remain effective, and take into account any applicable learning or guidelines published by the Gambling Commission from time to time.”.

Jumpman Gaming acknowledged their policies and processes were not fully compliant with Licence Condition 12.1.1(3).

The Commission’s concerns included:

customers were able to deposit and lose well in excess of the average UK income before meaningful reviews were conducted
the Licensee did not comply with its own policy when customers met AML alert triggers. Customers were then able to continue to deposit further money before action was taken
despite significant levels of spend, customers were able to continue to gamble at a high velocity.

Breach of Paragraph 1 of Licence Condition 12.1.2 (Anti-money laundering Measures for operators based in foreign jurisdictions)

Jumpman Gaming accepted its policies and processes were not fully compliant and that there was a breach of Licence Condition 12.1.2.

Commission officials consider the Licensee failed to thoroughly implement the measures described in the relevant regulations laid out in the 2017 Regulations for reasons including:

the Licensee failed to take appropriate steps to identify and assess the risks of ML and TF
the Licensee failed to establish and maintain effective policies, controls and procedures
the business relationships with the customers included failures to properly scrutinise transactions to ensure they were consistent with the Licensee’s knowledge of the customer.

Examples included:

a customer had gambled and lost in excess of £5,000 before the first email for CDD documents was sent
CDD documents were requested from a customer when a deposit trigger was met. No response was received; however the account was not suspended until the customer had lost £23,500.

SRCP 3.4.1 (1) and (2) states:

“1. Licensees must interact with customers in a way which minimises the risk of customers experiencing harms associated with gambling. This must include:

a. identifying customers who may be at risk of or experiencing harms associated with gambling
b. interacting with customers who may be at risk of or experiencing harms associated with gambling
c. understanding the impact of the interaction on the customer, and the effectiveness of the Licensee’s actions and approach.".

Licensees must take into account the Commission’s guidance on customer interaction.”.

The Licensee accepted they were not in full compliance with this SRCP 3.4.1 (1) and (2).

The Commission was concerned in particular with the following customer interaction failings regarding SRCP 3.4.1(1):

a customer lost over £15,000 in less than a month without sufficient evidence being gathered which confirmed if they could afford to. The customer lost over £11,000 in two days during the peak of the COVID-19 lockdown. 13 customer interactions were recorded on the profile
a customer lost over £20,000 in approximately 6 weeks before any consideration was given to affordability. 16 interactions were conducted via email, pop-up and questionnaire. The customer’s gaming trajectory showed increased gambling activity thereby indicating these interactions had little impact
a customer lost nearly £19,000 in approximately 4 months without sufficient evidence being gathered which confirmed if they could afford to.

The Commission was also concerned the Licensee failed to take into account the Commission’s guidance on customer interaction, in accordance with SRCP 3.4.1(2).

The Commission’s concerns included:

it appeared there was a reliance on automated, as opposed to human, interactions by the Licensee when customers hit SG alerts and the Licensee did not demonstrate an understanding of the impact and effectiveness of the interactions
the Licensee did not appear to apply the Commission’s Customer interaction guidance that states: "Thresholds should be realistic, based on the average available income for your customers. This should include the Office of National Statistics publications on levels of household income" (paragraph 2.10)
it appeared the Licensee did not conduct affordability assessments for individuals that met thresholds and triggers.

SRCP 3.9.1 (1) and (2) state:

"1. Licensees must have and put into effect policies and procedures designed to identify separate accounts which are held by the same individual.

Where licensees allow customers to hold more than one account with them, the licensee must have and put into effect procedures which enable them to relate each of a customer’s such accounts to each of the others and ensure that:

a. if a customer opts to self-exclude they are effectively excluded from all gambling with the licensee unless they make it clear that their request relates only to some forms of gambling or gambling using only some of the accounts they hold with the licensee
b. all of a customer’s accounts are monitored and decisions that trigger customer interaction are based on the observed behaviour and transactions across all the accounts
c. where credit is offered or allowed the maximum credit limit is applied on an aggregate basis across all accounts
d. individual financial limits can be implemented across all of a customer’s accounts.”.

The Licensee acknowledged that some customers who had opened multiple accounts across the Jumpman brands were able to circumvent our internal measures due to the misapplication of tools available at the time.

This regulatory settlement consists of:

£500,000 payment in lieu of a financial penalty, which will be directed towards delivering the National Strategy to Reduce Gambling Harms
agreement to the publication of a statement of facts in relation to this case
payment of £13,594.30 towards the Commission’s costs of investigating the case.

In considering an appropriate resolution to this investigation, the Commission has had regard to the following aggravating and mitigating factors:

Aggravating factors

there was clear impact on 1st and 3rd licensing objectives
the breaches and non-compliance were systemic not isolated
the Licensee ought to have known of the breaches
the breaches arose in circumstances similar to previous cases publicised by the Commission.

Mitigating factors:

the action plans and significant steps taken by the Licensee to remedy the breaches and to prevent recurrence
prompt improvements were made to the AML and safer gambling policies and procedures
the Licensee and its senior managers cooperated with the Commission in a timely and transparent manner.

Good practice

Gambling operators should take account of the failings identified in this investigation to ensure industry learning. Operators should consider the following questions:

do you have formal processes in place to measure the effectiveness of your AML and safer gambling policies and are findings adequately recorded?
do lessons learned from public statements flow into your policy and processes?
does your money laundering and terrorist financing risk assessment meet all the requirements?
are your customer risk profiles formed by or linked to your money laundering and terrorist financing risk assessment?
do you have a formalised process for analysing the effectiveness of customer interactions to ensure the types of interaction are effective?
do you log the types of behaviour which have triggered a customer interaction and keep sufficient records of interactions, along with decisions not to interact especially in terms of the level of detail provided?
do you have robust measures to identify separate accounts which are held by the same individual. and which enable you to relate each of a customer’s such accounts to each of the others?

End of public statement

Progress Play Limited Public Statement

Published: 17 May 2022

Key failings

Anti-money laundering:

breach of Licence Condition 12.1.1 paragraphs 2 and 3 - Prevention of money laundering and terrorist financing
breach of paragraph 1 of Licence Condition 12.1.2 - Anti-money laundering Measures for operators based in foreign jurisdictions.

Safer gambling:

failure to comply with Social Responsibility Code Provision 3.4.1 paragraph 1 and 2 - Customer interaction.

Operators are expected to consider the issues outlined and review their own practices to identify and implement improvements in respect of the management of customers.

Introduction

Licensed gambling operators have a legal duty to ensure that their gambling facilities are being provided in compliance with The Gambling Act 2005 (the Act), the conditions of their licence and in accordance with the licensing objectives, which are to:

prevent gambling from being a source of crime or disorder, being associated with crime or disorder or being used to support crime
ensure that gambling is conducted in a fair and open way
protect children and other vulnerable people from being harmed or exploited by gambling.

This investigation resulted in the commencement of a section 116 regulatory review of Progress Play Limited’s, (Progress Play), Combined Remote Casino and Betting Operating Licence number: 000-039335-R-319313-017. The Commission commenced its regulatory review on 14 August 2020.

The regulatory review found failings in Progress Play’s processes which were aimed at preventing money laundering and protecting vulnerable people. Progress Play failed to comply with the Licence conditions and codes of practice (LCCP), specifically:

paragraphs 2 and 3 of Licence Condition 12.1.1, requiring measures for the prevention of money laundering and terrorist financing
Licence Condition 12.1.2 requiring operators based in foreign jurisdictions to comply with the Money Laundering, Terrorist Financing and Transfer of Funds (Information of the Payer) Regulations 2017
paragraphs 1 (a), (b), (c) and 2 of social responsibility code provision (SRCP) 3.4.1, requiring licensees to interact with customers in a way which minimises the risk of customers experiencing harms associated with gambling, and to take into account the Commission’s guidance on customer interaction.

Progress Play fully cooperated throughout the course of our investigation and has accepted that its policies and procedures in respect of anti-money laundering and safer gambling were not appropriate, nor implemented effectively. It has accepted that it failed to act in accordance with conditions of its operating licence. Progress Play provided an action plan during the investigation and took action to expand and improve their compliance capacity.

Taking into account remedial action taken by Progress Play and in line with our Statement of principles for licensing and regulation, Progress Play will make a payment in lieu of a financial penalty and divestment to the sum of £175,718.00 It will also pay Commission costs of £12,466.35.

Breach of paragraph 2 of licence condition 12.1.1

Licence condition 12.1.1 (2) states that: "Following completion of and having regard to the risk assessment, and any review of the assessment, licensees must ensure they have appropriate policies, procedures and controls to prevent money laundering and terrorist financing.".

Commission Officials consider that Progress Play failed to establish and maintain appropriate policies, procedures and controls to prevent money laundering and terrorist financing.

Progress Play accepted:

customers were given 14 days to provide information to support their Source of Funds (SOF) and during this period were able to continue to gamble. This approach did not sufficiently mitigate money laundering risks.

Breach of paragraph 3 of licence condition 12.1.1

Licence condition 12.1.1(3) states that: “Licensees must ensure that such policies, procedures and controls are implemented effectively, kept under review, revised appropriately to ensure that they remain effective, and take into account any applicable learning or guidelines published by the Gambling Commission from time to time.”.

Commission Officials consider Progress Play failed to ensure that their policies, procedures and controls were implemented effectively, kept under review, revised appropriately to ensure they remain effective and take into account any applicable learning or guidelines published by the Gambling Commission.

Progress Play accepted:

a failure to apply its own SOF policy when customers hit triggers
whilst customer profiles examined did contain some evidence of SOF information being recorded, there was a lack of a clear rationale regarding decision-making
there was a failure to effectively review SOF information provided, resulting in customers being able to spend more than their known earnings
there was a lack of ongoing customer due diligence and enhanced customer due diligence. Customers were able to gamble following triggers being hit and prior to SOF evidence being provided to the Licensee and the Licensee establishing the customer’s SOF.

Breach of Paragraph 1 of Licence Condition 12.1.2 (Anti-money laundering measures for operators based in foreign jurisdictions)

Paragraph 1 of this condition requires that: "Licensees must comply with Parts 2 and 3 of the Money Laundering Regulations 2007 (UK Statutory Instrument No. 2157 of 2007) as amended by the Money Laundering (Amendment) Regulations 2007 (UK Statutory Instrument No. 3299 of 2007), or the equivalent requirements of any UK Statutory Instrument by which those regulations are amended or superseded insofar as they relate to casinos (the MLR) whether or not the MLR otherwise apply to their business.".

Progress Play accepted it did not:

establish and maintain policies, controls and procedures to mitigate and effectively manage the risks of money laundering and terrorist financing identified in a risk assessment
establish and maintain appropriate risk-sensitive policies and procedures
appropriately scrutinise transactions throughout customer business relationships and obtain SOF evidence in accordance with the customer’s risk profile
apply adequate customer due diligence measures, including, but not restricted to, scrutiny of transactions undertaken throughout the course of the business relationship (including, where necessary, the SOF) to ensure that the transactions were consistent with their knowledge of the customer, the customer’s business and risk profile.

Compliance with a SRCP is a condition of the licence by virtue of section 82(1) of the Act. SRCP 3.4.1 (amended from 31 October 2019) states:

Licensees must interact with customers in a way which minimises the risk of customers experiencing harms associated with gambling. This must include:

a. identifying customers who may be at risk of or experiencing harms associated with gambling
b. interacting with customers who may be at risk of or experiencing harms associated with gambling
c. understanding the impact of the interaction on the customer, and the effectiveness of the Licensee’s actions and approach.

Licensees must take into account the Commission’s guidance on customer interaction.

Progress Play accepted that:

there is no evidence Progress Play undertook any review regarding the effectiveness or impact of the interactions it undertook with customers
they failed to implement proactive gambling control measures, as referenced in its Responsible Gaming & Interaction procedure for customers
they did not conduct affordability assessments for individuals picked up by existing or new thresholds and triggers which indicate consumers experiencing harm – this is contrary to Paragraph 2(e) of the Commission’s updated guidance dated 12 May 2020
VIP agents may have received pay incentives linked to the take up of bonus offers and promotions. Given this, Commission officials consider Progress Play may not have taken into account paragraph 2(g) of the Commission’s guidance (May 2020) which states Licensees should "Stop bonus offers or promotions to customers displaying indicators of harm"
in relation to the safer gambling reviews, it was not clear what action was taken by Progress Play, the outcome of that action, nor what the customer’s response was.

Failure to consider OCP 3.4.2 (customer interaction)

Ordinary code provisions (OCP) do not have the status of licence conditions but set out good practice. Any departure from OCP provision by an operator may be considered by the Commission as part of a licence review.

Progress Play failed to consider OCP 3.4.2 which states operators should keep a record of customer interactions, and where an interaction has been ruled out the reasons for this. Where an interaction has taken place later, this should also be recorded.

This regulatory settlement consists of:

£175,718.00 payment in lieu of a financial penalty and divestment, which will be directed towards delivering the National Strategy to Reduce Gambling Harms
agreement to the publication of a statement of the facts in relation to this case
payment of £12,466.35 towards the Commission’s costs of investigating the case.

In considering an appropriate resolution to this investigation, the Commission had regard to the following aggravating and mitigating factors:

Aggravating factors

there were repeated breaches of licence conditions as a result of the absence of internal controls and procedures
the Licensee should have been aware of the breaches
many of the breaches were serious and had an impact on the licensing objectives
the breaches arose in circumstances that were similar to previous cases the Commission has dealt with which resulted in the publication of lessons to be learned for the industry
the need to encourage compliance among other operators.

Mitigating factors

there was timely an open co-operation with the investigation undertaken by the Commission and no attempt to conceal the extent of the breaches
an ongoing programme of remedial action was commenced in response to the breaches being brought to the Licensee’s attention
Progress Play provided an action plan during the investigation and took action to expand and improve their compliance capacity
the Licensee made an offer of a regulatory settlement
the Licensee has shown insight into the seriousness of the breaches.

End of public statement

BV Gaming Limited Public Statement

Published: 24 February 2022

Key failings:

breach of Licence Condition 7.1.1 paragraph 1 - Fair and transparent terms and practices
breach of Licence Condition 12.1.1 Paragraphs 1, 2 and 3 - Prevention of money laundering and terrorist financing
breach of Paragraph 1 of Licence Condition 12.1.2 - Anti-money laundering Measures for operators based in foreign jurisdictions
social Responsibility code provision (SRCP) 3.4.1 - Customer Interaction
SRCP 5.1.9 paragraph 2 - Other marketing requirements.

February 2022

Operators are expected to consider the issues previously outlined and review their own practices to identify and implement improvements in respect of the management of customers’ accounts.

Introduction

prevent gambling from being a source of crime or disorder, being associated with crime or disorder or being used to support crime
ensure that gambling is conducted in a fair, safe and open way
protect children and other vulnerable people from being harmed or exploited by gambling.

Following a compliance assessment conducted in March 2020 (the Assessment), the Commission commenced a section 116 regulatory review¹ of BV Gaming Limited, trading as BetVictor (BV Gaming), Combined Remote Operating Licence number: 039576-R- 319370-019. The regulatory review found failings in BV Gaming’s processes which were aimed at preventing money laundering (ML) and protecting vulnerable people.

Between 1 January 2019 to 12 March 2020 BV Gaming failed to comply with the Licence conditions and codes of practice (LCCP), specifically:

paragraph 1 of Licence condition 7.1.1 requiring compliance with fair and transparent terms and practices
paragraphs 1, 2 and 3 of Licence condition 12.1.1, requiring licensees to take steps to prevent money laundering and terrorist financing
Licence Condition 12.1.2 requiring operators based in foreign jurisdictions to comply with the Money Laundering, Terrorist Financing and Transfer of Funds (Information of the Payer) Regulations 2017 (the 2017 Regulations)
paragraphs 1 and 2 of Social responsibility code provision (SRCP) 3.4.1, requiring licensees to interact with customers in a way which minimises the risk of customers experiencing harms associated with gambling, and to take into account the Commission’s guidance on customer interaction
paragraph 2 of SRCP 5.1.9 requiring licensees to comply with marketing requirements.

BV Gaming submitted a remedial action plan with the Commission within 2 days of receiving the notice commencing the licence review on 7 April 2020, which it then preceded to implement, as it had committed to the Commission to do.

Taking into account remedial action taken by BV Gaming and in line with our Statement of principles for licensing and regulation, BV Gaming will divest £352,000.00, gross gambling yield (GGY) gained as a result of the failings and pay a total of £1,728,000 in lieu of a financial penalty.

¹ The Commission commenced its regulatory review on 7 April 2020.

The investigation and our subsequent regulatory review found:

failings in BV Gaming’s implementation of anti-money laundering (AML) policies, procedures and controls
failings in relation to BV Gaming’s AML risk assessment which did not sufficiently meet the standard expected at that time in adequately identifying risks posed by money laundering and terrorist financing and the mitigating controls as per the Commission’s money laundering and terrorist financing risk assessment guidance
deficiencies in its responsible gambling policies, procedures, controls and practices, including weaknesses in implementation.

We found that between 1 January 2019 to 12 March 2020 BV Gaming had been in:

1. Breach of paragraph 1 of licence condition 7.1.1

Licence condition 7.1.1(1) states “Licensees must ensure that the terms on which gambling is offered, and any consumer notices relating to gambling activity, are not unfair within the meaning of the Consumer Rights Act 2015. Licensees must comply with those terms.”

Although this was an isolated failing and not systemic, BV Gaming accepted:

at the time of the Assessment, it was not in full compliance with the Competition and Markets Authority (CMA) principles 15 and 18 (and therefore in technical breach of) licence condition 7.1.1 as issues were identified with its promotional terms and conditions across its channels, namely:
it was not clear in its terms and conditions whether an attempt is made to try and repay the deposit balance to the last payment method used by the customer when an account is inactive for 12 months. Where an account with a credit deposit balance has been inactive for at least 12 months, operators must try to repay it to the last payment method used.

Further, an unfair term was identified in one promotion whereby the wording suggested a promotion could be cancelled or amended by the Promoter. Operators have a legitimate interest in being able to amend or remove a promotion before a consumer has signed up or acted upon it, however a promotion should not be withdrawn, or amended where a consumer has already signed up. In this case, BV Gaming did not actually cancel or amend promotions where a consumer had already signed up but accepted the Commission’s view that the terms and conditions needed to be clearer that it would not do so. As such, the learning for the industry is to ensure terms and conditions clearly state that whilst promotions could be cancelled or amended by an operator, that is without prejudice to any customer that has already signed up to the promotion in question.

2. Breach of paragraph 1 of licence condition 12.1.1

BV Gaming accepted it was in breach of licence condition 12.1.1(1) as its AML Risk assessment (the Risk Assessment) reviewed at the time of the Assessment did not sufficiently reflect the Commission’s expectations or fully comply with the Commission’s AML risk assessment as set out in our guidance.

Examples of failures included:

not adequately including risk factors such as high spenders or consumers using multiple gambling accounts or wallets
drawing on a risk assessment that lacked detail considering the large size of the business
no rationale was provided on how the risk ratings for the broad areas were arrived at, not taking into account information on the risks of ML and TF made available to them by the Gambling Commission, including the Commission’s guidance, MLTF risk assessment, and recent risk bulletins.

3. Breach of paragraph 2 of licence condition 12.1.1

Licence condition 12.1.1 (2) states: “Following completion of and having regard to the risk assessment, and any review of the assessment, licensees must ensure they have appropriate policies, procedures and controls to prevent money laundering and terrorist financing.” BV Gaming accepted at the time of the Assessment its policies and processes were not fully compliant and it was in breach of Licence condition 12.1.1(2) as:

there was no evidence of effective due diligence, in the majority of the customer accounts reviewed
due to ineffective triggers, certain reviewed customers were able to deposit and spend large sums of money before source of funds (SoF) and affordability were established. Where customer accounts were in a winning position, risk reviews were undertaken in an inconsistent manner. This resulted in incomplete enhanced due diligence (EDD) reviews being undertaken (insofar as source of funds was not adequately established) due to triggers not being met
customers could continue to gamble after hitting the initial trigger as they would not hit any further triggers for significant periods, increasing both AML and safer gambling (SG risk
there was no evidence in the customer accounts reviewed of sufficient information being provided by the customer to substantiate the open-source profile – such as occupation details, and potential earnings, - to determine the level of customer risk and consequently decide the level of due diligence and monitoring required.

4. Breach of paragraph 3 of licence condition 12.1.1

BV Gaming accepted at the time of the Assessment, its policies and processes were not fully compliant, and it was in breach of licence condition 12.1.1(3) and it needed a more coordinated approach to managing ML/TF risk and must focus on ensuring it can properly evidence the decisions it takes as:

there appeared to be no evidence of effective due diligence, in the majority of the customer accounts reviewed
the review of the customer accounts did not give assurance that effective decisions were being made on what actions should be taken on a customer account following EDD review and the evidence to be obtained
there were no controls in place to ensure the account restrictions were placed on an account when requested by the customer
there was an overreliance on automated thresholds to request SoF. This meant the AML function failed to consider individual customer risk, based on what was known or not known about the customer
whilst we saw evidence of regular meetings taking place, specifically looking at the top 25 high-risk customers, we did not see evidence of any ongoing monitoring of customers unless they hit the thresholds
tier 1 VIP customers should have had an EDD review conducted and signed off by the EDD team and an SG review in addition to an SG interaction. During the Assessment the Licensee could not confirm where the reviews were stored and there was no evidence of these processes being followed at onboarding for Tier 1 customers
the Licensee could not provide any evidence to support reviews having been undertaken for onboarding of any VIPs.

5. Breach of Paragraph 1 of Licence Condition 12.1.2 (Anti-money laundering Measures for operators based in foreign jurisdictions)

Paragraph 1 of this condition has been in place since October 2016 and requires that:

“Licensees must comply with Parts 2 and 3 of the Money Laundering Regulations 2007 (UK Statutory Instrument No. 2157 of 2007) as amended by the Money Laundering (Amendment) Regulations 2007 (UK Statutory Instrument No. 3299 of 2007), or the equivalent requirements of any UK Statutory Instrument by which those regulations are amended or superseded insofar as they relate to casinos (the MLR) whether or not the MLR otherwise apply to their business”.

BV Gaming accepted:

it failed to thoroughly implement the measures described in the relevant parts of the 2007 Regulations and 2017 Regulations
at the time of the Assessment, it was not in full compliance with (and therefore in breach of) licence condition 12.1.2.

Compliance with a SRCP is a condition of the licence by virtue of section 82(1) of the Act.

When in force, SRCP 3.4.1(e)(i) required the following: “Licensees must put into effect policies and procedures for customer interaction where they have concerns a customer’s behaviour may indicate problem gambling. The policies must include:

e) specific provision for making use of all relevant sources of information to ensure effective decision making and to guide and deliver effective customer interaction including in particular:
i. provision to identify at risk customers who may not be displaying obvious signs of, or overt behaviour associated with, problem gambling; this should be by reference to indicators such as time or money spent."

This SRCP was subsequently amended on 31 October 2019. This requires licensees to: “1. Licensees must interact with customers in a way which minimises the risk of customers experiencing harms associated with gambling. This must include:

a. identifying customers who may be at risk of or experiencing harms associated with gambling.
b. interacting with customers who may be at risk of or experiencing harms associated with gambling.
c. understanding the impact of the interaction on the customer, and the effectiveness of the Licensee’s actions and approach”.

"2. Licensees must take into account the Commission’s guidance on customer interaction.”

BV Gaming accepted that at the time of the Assessment it was not fully in compliance with SRCP 3.4.1 as it failed to:

implement/follow its policies and procedures to ensure ‘at risk’ customers were protected from gambling related harm
take into consideration our guidance on customer interaction (CI)
make use of all relevant sources of information to ensure effective decision making and to guide and deliver effective customer interactions.

7. Failure to comply with paragraph 2 of SRCP 5.19 (Other marketing requirements)

SRCP 5.1.9(2) requires:

“Licensees must ensure that all significant conditions which apply to marketing incentive are provided transparently and prominently to consumers. Licensees must present the significant conditions at the point of sale for any promotion, and on any advertising in any medium for that marketing incentive except where, in relation to the latter, limitations of space make this impossible. In such a case, information about the significant conditions must be included to the extent that it is possible to do so, the advertising must clearly indicate that significant conditions apply and where the advertisement is online, the significant conditions must be displayed in full no further than one click away.”

BV Gaming accepted that at the time of the Assessment it was not in full compliance with (and therefore in technical breach of) SRCP 5.1.9 as significant conditions of a welcome offer were not displayed with sufficient prominence at the point of promotion despite there being sufficient space to do so.

This regulatory settlement consists of:

£352,000 divestment of GGY gained as a result of the failings, which will be directed towards delivering the National Strategy to Reduce Gambling Harm
£1,728,000 payment in lieu of a financial penalty, which will be directed towards delivering the National Strategy to Reduce Gambling Harms
agreement to the publication of a public statement in relation to this case.
payment of £11,000 towards the Commission’s costs of investigating the case.

In considering an appropriate resolution to this investigation, the Commission has had regard to the following aggravating and mitigating factors:

Aggravating factors:

The aggravating factors were:

the serious nature of the breaches identified
the impact on the licensing objectives
the breach arose in circumstances that were similar to previous cases the Commission has dealt with which resulted in the publication of lessons to be learned for the wider industry
the need to encourage compliance among other operators
the nature of the breaches means other customers the Commission is not aware of may be affected
BV Gaming’s senior management should have been aware of governance issues that lead to the breaches, given their significance.

Mitigating factors:

The mitigating factors were:

the extent of steps taken to remedy the breach, including the implementation of an action plan
BV Gaming’s early recognition of failings
BV Gaming has been co-operative throughout its dealings with the Commission.

Good practice:

Gambling operators should take account of the failings identified in this investigation to ensure industry learning. Operators should consider the following questions:

do you have formal processes in place to measure the effectiveness of your AML and safer gambling policies and are findings adequately recorded?
do you efficiently record all compliance-related decisions and are you able to demonstrate to the Commission, on request, evidence of ongoing assessment, evaluation and improvement?
do lessons learned from public statements flow into your policy and processes?- are your customer risk profiles formed by or linked to your money laundering and terrorist financing risk assessment?
do you have a formalised process for analysing the effectiveness of customer interactions to ensure that reviews were adequately documented and consistent in their approach?
do you log the types of behaviour which have triggered a customer interaction and keep sufficient records of interactions, along with decisions not to interact especially in terms of the level of detail provided?
do you have out of hours arrangements in place?
have your staff received sufficient AML and SR training?

End of public statement

Annexio (Jersey) Limited trading as Affiliate Empire Public Statement

Published: 20 January 2022

Key failings

breach of Licence Condition 12.1.1 Paragraphs 1, 2 and 3 - Prevention of money laundering and terrorist financing
failure to comply with Social Responsibility Code Provision (SRCP) 3.4.1 Paragraph 1 (a), (b) and (c) and Paragraph 2 – Customer interaction
breach of Licence Condition 15.2.1 - Reporting key events and other reportable events.

Operators are expected to consider the issues outlined and review their own practices to identify and implement improvements in respect of the management of customers’ accounts.

Introduction

prevent gambling from being a source of crime or disorder, being associated with crime or disorder or being used to support crime
ensure that gambling is conducted in a fair, safe and open way
protect children and other vulnerable people from being harmed or exploited by gambling.

This investigation resulted in the commencement of a section 116 regulatory review¹ of Annexio (Jersey) Limited (Annexio), combined remote operating licence number: 051692-R-329113-006. The Commission commenced a regulatory review on 14 April 2021. The regulatory review found failings in Annexio’s processes which were aimed at preventing money laundering (ML) and protecting vulnerable people.

Between October 2019 and November 2021 Annexio failed to comply with the Licence conditions and code of practice (LCCP), specifically:

paragraphs 1, 2 and 3 of licence condition 12.1.1, requiring Licensee’s to conduct an assessment of the risks to their business being used for money laundering and terrorist financing; have appropriate policies, procedures and controls to prevent money laundering and terrorist financing and ensure they are kept under review, revised appropriately and take into account any applicable learning or guidelines published by the Commission
paragraph 1 and 2 of social responsibility code provision (SRCP) 3.4.1, requiring licensees to identify customers who may be at risk of or experiencing harms associated with gambling, interact with such customers and understanding the impact on the customer and the effectiveness of their actions and approach. Licensees must also take into account the Commission’s guidance on customer interaction
licence condition 15.2.1 requiring operators to report key events to the Commission.

Taking into account the remedial action taken by Annexio and in line with our Statement of principles for licencing regulation, Annexio will pay a total of £612,000 in lieu of a financial penalty.

The investigation and subsequent regulatory review found:

failings in Annexio’s implementation of anti-money laundering (AML) policies, procedures and controls
deficiencies in its responsible gambling policies, procedures, controls and practices, including weaknesses in implementation
weaknesses in its reporting arrangements.

Breach of Paragraph 1 of Licence Condition 12.1.1 (Anti-Money Laundering) between October 2019 and November 2021

Licence condition 12.1.1(1) states: “Licensees must conduct an assessment of their risks of their business being used for money laundering and terrorist financing. Such risk assessment must be appropriate and must be reviewed as necessary in the light of any changes of circumstances, including the introduction of new products or technology, new methods of payment by customers, changes in the customer demographic or any other material changes, and in any event reviewed at least annually.”

Annexio accepted its MLTF risk assessment had not addressed certain risks in sufficient detail including:

the risk of customers making numerous low-level transactions to minimise suspicion and evade CDD requirements
the risk of customers using third parties or agents to obscure the source or ownership of money
risks associated with prepaid cards or crypto asset transactions
risks of customers being linked to high-risk jurisdictions either from business relationships or place of birth.

Following the Assessment Annexio updated its MLTF risk assessment.

Breach of Paragraph 2 of Licence Condition 12.1.1 between October 2019 and December 2020

Annexio acknowledged that some of its AML policies and procedures in place at the time of the Assessment were not compliant with the Licence conditions and codes of practice (LCCP).

Annexio accepted in respect of some customer accounts reviewed:

there were unjustified delays in completing customer due diligence (“CDD”) and enhanced due diligence (“EDD”) which enabled customers to gamble significant sums before a limit was applied to their account
when EDD was carried out, further steps should have been taken to corroborate the information provided by certain customers during the assessment, to establish their financial circumstances
recorded decision making did not always adequately assess the MLTF risks presented by certain customers reviewed or explain reasoning as to why the customer had been permitted to continue gambling
information that was subsequently obtained could not support the customers’ level of spend.

Breach of paragraph 3 of Licence Condition 12.1.1 between October 2019 and December 2020

Licence condition 12.1.1(3) states “Licensees must ensure that such policies, procedures, and controls are implemented effectively, kept under review, revised appropriately to ensure that they remain effective, and take into account any applicable learning or guidelines published by the Gambling Commission from time to time.”

Annexio accepted:

in relation to one of the customers reviewed, the compliance team incorrectly determined that EDD had been completed using a bank statement that had been collected and used for CDD purposes
a decision made to lift a deposit limit after CDD had been completed had been made in error, as the specific customer had also hit the EDD trigger, yet EDD had not been completed. The Licensee stated that steps should have been taken to complete EDD, but instead the customer was permitted to gamble. It concluded it had not complied with the EDD procedures in place at the time. Evidence subsequently collected did not provide adequate support for the reviewed customer’s level of spend

Annexio has implemented a number of new procedures including the following:

introduction of a £500 monthly gross deposit limit on all new customers as an interim measure pending implementation of its affordability check
if a customer wanted to increase the £500 deposit limit, their account was flagged for review and no increase will be permitted until the review has been completed against AML and responsible gambling policies
all existing customers that (a) reached a lifetime deposit of £10,000 but (b) had not provided satisfactory evidence to enable affordability and source of wealth and responsible gambling checks, are put on a deposit limit of zero
the system has been changed so that no customer can override any limit imposed by Annexio
additional resource has been recruited and reallocated to increase the number of employees undertaking customer account checks for CDD, EDD and responsible gambling reviews
Annexio has conducted a review of all active customers (active in the last six months) where EDD had been completed. These customers were reviewed individually, and appropriate deposit locks applied. Updated EDD requests were made where required and deposit limits set pending receipt of documentation and completion of necessary reviews
only pdf documents will be accepted for review, no screenshots or similar will be accepted
a new AML and responsible gambling flowchart has been implemented in respect of customers, which includes revised triggers.

Failure to comply with Paragraph 1 and 2 of SRCP 3.4.1 (Customer Interaction) between October 2019 and December 2020

Compliance with a SRCP is a condition of the licence by virtue of section 82(1) of the Act. SRCP 3.4.1 (amended from 31 October 2019) states:

“1. Licensees must interact with customers in a way which minimises the risk of customers experiencing harms associated with gambling. This must include:
a. identifying customers who may be at risk of or experiencing harms associated with gambling.
b. interacting with customers who may be at risk of or experiencing harms associated with gambling.
c. understanding the impact of the interaction on the customer, and the effectiveness of the Licensee’s actions and approach.

Licensees must take into account the Commission’s guidance on customer interaction.”

Annexio accepted it had:

failed to trigger appropriate enquiries sufficiently early in its relationship with some customers, resulting in those customers being able to gamble without having undergone the appropriate affordability checks, (now mandated in the Licensee’s updated affordability processes)
failed to adequately assess bank statements and payslips, provided by certain customers (reviewed during the compliance assessment), which resulted in the customers being able to gamble longer than they should have been able to and spend more than they could afford
on one occasion refused a request from a customer, who had placed a limit on their account, to have the limit reduced. This resulted in the customer continuing to gamble without the Licensee mitigating the risk that their gambling may have been financially unsustainable
failed to interact with some customers in a way that minimised the risks associated with gambling
failed to fully implement the Commission’s guidance in relation to customer interaction.

Breach of Licence condition 15.2.1 (Reporting key events) in August 2020

A key event is an event that could have a significant impact on the nature or structure of a licensee’s business. Licence condition 15.2.1 requires licensees to notify the Commission, or ensure the Commission is notified, in such form or manner as the Commission may from time to time specify, of the occurrence of specified key events as soon as reasonably practicable and in any event within five working days of the licensee becoming aware.

Annexio failed to notify the Commission of a “bug” discovered on 11 August 2020 which was removed on 26 August 2020. The bug allowed customers to override and circumvent deposit limits set by Annexio.

This regulatory settlement consists of:

payment of £612,000 (comprising of £112,000 divestment and £500,000 penal element) in lieu of a financial penalty, which will be directed towards delivering the National Strategy to Reduce Gambling Harms
payment towards the Commission’s costs of investigating the case.

In considering an appropriate resolution to this investigation, the Commission took the following aggravating and mitigating factors into consideration:

Aggravating factors

the breaches had an impact on the licensing objectives
the breaches arose in circumstances that were similar to previous cases the Commission has dealt with which resulted in the publication of lessons to be learned for the wider industry
the Licensee should have been aware of the breaches
the need to encourage compliance among other operators
the nature of the breaches may mean other customers were affected that the Commission has not reviewed.

Mitigating factors

the extent of steps taken to remedy the breaches
Annexio co-operated throughout its dealings with the Commission
an ongoing programme of remedial action was commenced following identification of and notification of the breaches to Annexio
on the data seen at the time of the Commission’s investigation, there was no evidence that the Licensee has received any proceeds of crime.

Good practice

Gambling operators should take account of the failings identified in this investigation to ensure industry learning. Operators should consider the following questions:

do you have formal processes in place to measure the effectiveness of your AML and safer gambling policies and are findings adequately recorded?
do you efficiently record all compliance-related decisions and are you able to demonstrate to the Commission, on request, evidence of ongoing assessment, evaluation and improvement?
do lessons learned from public statements flow into your policy and processes?
are your customer risk profiles formed by or linked to your money laundering and terrorist financing risk assessment?
do you have a formalised process for analysing the effectiveness of customer interactions to ensure that reviews are adequately documented and consistent in their approach?
do you log the types of behaviour which have triggered a customer interaction and keep sufficient records of interactions, along with decisions not to interact especially in terms of the level of detail provided?
have your staff received sufficient AML and SR training?

Footnotes

¹ The Commission commenced a regulatory review on 14 April 2021.

End of public statement

Rank Digital Gaming (Alderney) Limited Public statement

Published: 20 January 2022

Key failings

failure to comply with Social Responsibility Code Provision 3.4.1 paragraph 1 and 2 - Customer interaction, between October 2019 and February 2021
failure to comply with Social Responsibility Code Provision 3.9.1 Paragraph 2 (b) - Identification of individual customers - remote, between June 2020 and February 2021
failure to comply with Social Responsibility Code Provision 3.5.3 Paragraph 6 - Self-exclusion - remote between November 2020 and February 2021.

Operators are expected to consider the issues outlined above and review their own policies and practices to identify and implement improvements in respect of the management of customers’ accounts.

Introduction

prevent gambling from being a source of crime or disorder, being associated with crime or disorder or being used to support crime
ensure that gambling is conducted in a fair, safe and open way
protect children and other vulnerable people from being harmed or exploited by gambling.

Following a compliance assessment of Rank Digital Gaming (Alderney) Limited (Rank) failings were identified, which resulted in the commencement of a section 116 regulatory review¹ of its Combined Remote Operating Licence number: 038750-R-319345-023. The regulatory review found failings in Rank’s processes aimed at protecting vulnerable people. Between October 2019 and February 2021 Rank failed to comply with the Licence conditions and codes of practice (LCCP), specifically:

paragraphs 1 and 2 of Social Responsibility Code Provision (SRCP) 3.4.1, requiring licensees to interact with customers in a way which minimises the risk of customers experiencing harms associated with gambling and to take into account the Commission’s guidance on customer interaction
paragraph 2 (b) Social Responsibility Code Provision 3.9.1 - Paragraph 2 (b) requires that licensees who allow customers to hold more than one account must ensure that all accounts are monitored and that decisions that trigger customer interaction are based on behaviour and transactions across all accounts
paragraph 6 of Responsibility Code Provision 3.5.3 - licensees must ensure that any individual who has self-excluded cannot gain access to gambling.

Taking into account remedial action taken by Rank and in line with our Statement of principles for licensing and regulation, Rank will pay a total of £700,557 in lieu of a financial penalty.

The investigation and our subsequent regulatory review found:

Compliance with a SRCP is a condition of the licence by virtue of section 82 (1) of the Act. SRCP 3.4.1 (amended from 31 October 2019) states:

"1. Licensees must interact with customers in a way which minimises the risk of customers experiencing harms associated with gambling. This must include:

identifying customers who may be at risk of or experiencing harms associated with gambling.
interacting with customers who may be at risk of or experiencing harms associated with gambling.
understanding the impact of the interaction on the customer, and the effectiveness of the Licensee’s actions and approach.

Licensees must take into account the Commission’s guidance on customer interaction.”

Rank accepted that:

the series of financial and non-financial safer gambling triggers used to proactively identify when customers may be experiencing harms were not always effective, in particular new customers being able to deposit at high velocity
it was overly reliant on its £1,000 30-day net loss threshold to identify potential signs of problematic gambling and its processes for identifying other markers of potential harm were largely reactive
customer interaction processes were overly reliant on setting proactive deposit limits, rather than carrying out affordability assessments to inform risk-based decision making
it used average income data to set deposit limits which were, on occasion, set too high, and which made assumptions based on other open-source information which should have been corroborated against other independent sources of information.

This states: “Where licensees allow customers to hold more than one account with them, the licensee must have and put into effect procedures which enable them to relate each of a customer’s such accounts to each of the others and ensure that:

b. all of a customer’s accounts are monitored and decisions that trigger customer interaction are based on the observed behaviour and transactions across all the accounts.”

Rank accepted that a small percentage of customers held more than one account and that some had circumvented the controls. Despite the relatively low numbers, it needed to protect customers who were limited by them or displayed at risk behaviours, from creating new accounts unchecked.

The Licensee has implemented enhanced controls for identifying duplicate accounts, particularly for restricted customers.

This states: “6. Licensees must put into effect procedures designed to ensure that an individual who has self-excluded cannot gain access to gambling.”

Following a platform migration in November 2020, the manual processes in place in respect of bellacasino.com and meccagames.com were not sufficient to mitigate the risk of self-excluded customers opening accounts across two platforms.

Rank accepted:

that 1,416 customer accounts created on Bella Casino or Mecca games websites had been matched to a Rank self-exclusion.

The process for dealing with such breaches has post Assessment been significantly enhanced.

This regulatory settlement consists of:

£700,557 payment in lieu of a financial penalty, which will be directed towards delivering the National Strategy to Reduce Gambling Harms
agreement to the publication of a statement of facts in relation to this case
payment of the Commission’s costs relating to the investigating of the case.

In considering an appropriate resolution to this investigation, the Commission has had regard to the following aggravating and mitigating factors:

Aggravating factors:

the breaches could impact the licensing objectives

Mitigating factors:

the extent of steps taken to remedy the breaches
early recognition of the failings and timely disclosure of all relevant facts including a wider customer review into the extent of the failings
Rank has been co-operative throughout its dealings with the Commission
made an early offer of a regulatory settlement proposal.

Good practice:

Gambling operators should take account of the failings identified in this investigation to ensure industry learning. Operators should consider the following questions:

do you efficiently record all compliance-related decisions and are you able to demonstrate to the Commission, on request, evidence of ongoing assessment, evaluation and improvement?
do lessons learned from public statements flow into your policy and processes?
do you have a formalised process for analysing the effectiveness of customer interactions to ensure that reviews were adequately documented and consistent in their approach?
do you log the types of behaviour which have triggered a customer interaction and keep sufficient records of interactions, along with decisions not to interact especially in terms of the level of detail provided?
have your staff received sufficient SR training?
are the controls you have in place in respect of self-excluded customers appropriate – would they prevent a self-excluded customer from opening a new account?
if a customer holds more than one account are the controls effective – are all accounts monitored and decisions that trigger customer interactions based, on the observed behaviour and transactions across all the accounts.

Footnotes

¹ The Commission commenced its Regulatory review on 27 May 2021.

End of public statement

International Multi-Media Entertainments Limited (IMME)

Published: 22 December 2021

IMME provided facilities for real event betting, i.e. betting on the outcome of international lotteries under an operating licence granted by the Gambling Commission.

Following a licence review, which commenced on 17 January 2020, the Commission concluded that it was minded to revoke the operating licence. This followed the Commission’s decision to suspend the operating licence on 16 March 2020 due to concerns regarding the risk presented by IMME’s management of the business, continued compliance issues and a lack of insight into the Commission’s concerns. IMME remained suspended throughout the investigation.

Officials were minded to revoke the operating license as IMME:

breached conditions of its licence
was unsuitable to carry out the licensed activities
operated in a manner inconsistent with the statutory licensing objectives to keep crime out of gambling, to ensure gambling is conducted in a fair, safe and open way, and to protect children and other vulnerable people from being harmed or exploited by gambling.

IMME decided to challenge officials’ preliminary decision at a Regulatory Panel hearing, which was scheduled to take place on 27 and 28 October 2021. On 22 September 2021 IMME surrendered its operating licence.

In line with our Statement of principles for licensing and regulation and our Licensing, compliance and enforcement under the Gambling Act 2005: policy statement, the Commission decided to determine the facts of the case and publish the findings of the investigation, as we consider that there are wider lessons to be learned by the industry about the failings we identified.

The Commission’s investigation found that IMME failed to comply with the Licence conditions and codes of practice (LCCP), specifically:

Licence condition 4.2.1 (disclosure to customers)
Licence condition 7.1.1 (fair and transparent practice)
Licence condition 8.1.1 (display of licensed status)
Licence condition 12.1.1 (Anti-money laundering, prevention of money laundering and terrorist financing)
Licence condition 15.1.2 (reporting suspicion of offences)
Licence condition 15.2.1 (reporting key events)
Licence condition 15.3.1 (general and regulatory returns)
Licence condition 17.1.1. (customer identity verification)
Social Responsibility Code provision 3.1.1 (combating problem gambling)
Social Responsibility Code provision 3.3.4 (remote time out facility)
Social Responsibility Code provision 3.4.1 (customer interaction)
Social Responsibility Code provision 5.1.6 (compliance with advertising codes)
Social Responsibility Code provision 5.1.9 (other marketing requirements)
Social Responsibility Code provision 7.1.2 (responsible gambling information for staff)
Ordinary Code provision 1.1.1 (licensing objectives)
Ordinary Code provision 3.4.2 (customer interaction)
Ordinary Code provision 3.5.4 (self-exclusion).

The Commission also made further adverse findings regarding:

the financial circumstances of IMME
IMME’s resourcing and structure
the overlap between licensed and non-licensed gambling products.

The Commission has further questioned the integrity of IMME with regard to:

its marketing practices
misclassification of the gambling product
IMME’s engagement with the Commission
consumer complaints.

The investigation found, in summary:

failings in IMME’s anti-money laundering (AML) policies, procedures and controls
failings in its responsible gambling policies, procedures, controls and practices, and
suitability concerns.

AML policies, procedures and controls

IMME’s licence and the Money Laundering Regulations 2017 require operators to establish and maintain policies to manage effectively the risks of money laundering and terrorist financing. Officials found IMME's anti-money laundering policies were deficient as the investigation found:

a lack of documentary information to evidence source of funds (SOF) of any of the customer profiles assessed by Officials, despite substantial monthly deposits. IMME knew very little about the source of its customers’ funds throughout their active membership. IMME did not acknowledge the risks highlighted by some customers reviewed by Officials, including a customer who deposited £15,417.60 in one month
one customer, who was 100 years old at the time the review was commenced, bet £23,839.90 in just five months. His deposits more than doubled from £2,992 in September 2018 to £6,090 in October 2018 and continued to rise but IMME did not obtain SOF
IMME’s top depositor bet £36k in six months, yet IMME failed to adequately verify the source of this customer’s funds
data supplied by IMME showed two of its top depositors to be retired postmen, one of whom had bet £20,345.10 in five months (January to May 2019) and the other £16,207.70 in six months (January to June 2019) with insufficient further information requested to support that level of deposit.

Social responsibility code provision 3.4.1 requires licensees to interact with customers in a way which minimises the risk of gambling-related harm. The investigation found that IMME’s social responsibility policies and practices generally failed to comply with this Code provision.

The review found IMME was unable to evidence social responsibility measures being implemented effectively and exhibited a lack of understanding of the requirements. Some examples are set out below:

IMME was unable to evidence adequate safer gambling interactions with its customers to the Commission
Officials found no evidence that sales representatives, who contacted customers, were appropriately trained to be able to undertake a customer care approach under social responsibility requirements
There were no records of interactions with a customer (78 years old) who spent £63,951 in just over three months between September and December 2019. It was of particular concern that the Commission was informed by the customer’s brother that deposits were withdrawn from his bank account by IMME whilst he was in hospital and later, a care home. He also noticed some transactions took place shortly before his brother’s death. This prompted him to raise a fraud complaint with the bank and IMME
One customer (74 years old) was allowed to deposit £9,379 in eight days without an adequate responsible gambling interaction
The review found failings in relation to certain marketing requirements, including the fact that the Lotteries.com website claimed that when customers were betting on a lottery, the Licensee contributed to underlying good causes. At the assessment, IMME stated this was a remnant from its previous licence and agreed to remove this banner from the website
It was not clear to consumers that they were betting on a lottery and not entering a lottery. IMME erroneously linked labels and tags to its website which suggested customers would be purchasing lottery tickets or playing actual lotteries as opposed to betting on the outcome.

Suitability concerns

The review found serious concerns regarding IMME’s suitability, including, but not limited to:

Extensive evidence of widespread breaches.

Failure to work with the Commission in an open and cooperative way including:

consistent failure to meet deadlines for provision of material during the review
failure to disclose all relevant material requested during the review.

Concerns regarding IMME’s customer base and its marketing practices

Figures provided by IMME showed 75% of its customers were over 60 years old and 20% were over 80 years old. This demographic seems disproportionately focused on older people and IMME had not considered the potential vulnerabilities of their customer base.

Concerns regarding IMME’s business and financial structure. Officials found there was insufficient clarity between the two different products offered by IMME, both in terms of finances and governance

IMME’s business structure appears to lend itself to overlap between two of the products offered by it i.e., the licensed gambling product (Lotteries.com) and the non-licensed product offered under the brand name “The Lottery Centre” (Lottery messenger service selling Lottery tickets for foreign lotteries under a syndicate arrangement). Both products are offered by IMME. The Commission found every one of IMME’s top 20 depositors were, or were previously, Lottery Centre customers.

The monies for both The Lottery Centre and Lotteries.com were found not to be adequately segregated

Key persons demonstrated a lack of knowledge and understanding throughout the Commission’s engagement during assessments, meetings and the review

IMME’s customer records appeared to be inaccessible by members of staff, making informed responsible gambling interactions and internal decision making difficult. For example, paper customer records were stored at one location but were not accessible to IMME’s sales agents making marketing calls from other parts of the world. This is despite the fact IMME operated a remote business

The review found that there were multiple complaints to the police and Action Fraud about IMME’s products. Some complaints named the Lottery Centre but the Commission found that the complainant was actually a customer of the gambling product Lotteries.com, but were unaware what service they were actually paying for

In addressing one complaint, IMME accepted that its call centre agents did not use their real names. The Commission was deeply concerned that any of IMME’s staff might resort to using an alias since this significantly diminished trust in IMME and its methods. This also raised questions as to why a staff member might be told to or choose to be dishonest about their real name

Evidence of customers complaining of being called repeatedly by IMME sales agents, including one customer in her 90s who was called several times a week. Another complainant stated that a Lotteries.com customer was called every 30-40 minutes, five or six times until the phone was answered.

IMME appeared unwilling to accept that customers were making complaints about its products. IMME’s approach throughout the review was to discredit the complaints or complainants and question their integrity rather than to provide evidence to dispute statements of complainants.

Evidence from the National Trading Standards (NTS) Scams Team showed that many of IMME’s top 20 depositing customers were identified on an NTS database that identified consumers who have been targeted on multiple occasions and replied to mailings. Some of these customers were recorded by NTS as having been targeted by scammers on multiple occasions and also identified on known or convicted scammers’ data lists as replying. IMME claimed it had referred many of its top 20 depositing customers to the NTS itself, and it maintains that this explains the crossover between IMME customers and persons on the NTS’s database.

IMME not surrendered its operating licence

As a result of the above findings, had IMME not surrendered its operating licence, the Commission would have revoked its operating licence under section 117(1)(f) and section 119(1) of the Act.

In particular, the Commission considers the following conditions set out under section 120 (1) which applied to this case, namely:

IMME had been carrying on the licensed activity in a manner inconsistent with the licensing objectives (section 120(1)(a)), namely the objectives to keep gambling from being a source of, or associated with, crime and disorder, and protecting children and other vulnerable persons from being harmed or exploited by gambling
conditions of the licence had been breached (section 120(1)(b)), and
IMME is unsuitable to carry on the licensed activities (section 120(1)(d)).

In accordance with section 120(3) in considering a licensee's suitability for the purpose of subsection (1)(d) the Commission may, in particular, have regard to:

the integrity of the licensee
the competence of the licensee
the financial and other circumstances of the licensee.

By reference to our Indicative sanctions guidance (June 2017) at section 2.29 we found that revocation would have been appropriate as the findings set out above demonstrated IMME was unsuitable to hold a licence for the following reason:

there had been serious breaches of the Commission’s Licensing Conditions and Social Responsibility Codes of Practice
what happened seriously affected consumers, either deliberately or through incompetence
there was a continuing risk that what happened would be repeated
persistent lack of insight into, or understanding of, the seriousness of what happened, the reasons that led up to a problem or the consequences.

Gambling operators should take account of the failings identified in this investigation to ensure industry learning. Operators should consider the following questions:

Do you have formal processes in place to measure the effectiveness of your AML and safer gambling policies and are findings adequately recorded?
Do you efficiently record all compliance-related decisions and are you able to demonstrate to the Commission, on request, evidence of ongoing assessment, evaluation and improvement?
Do lessons learned from public statements flow into your policy and processes?
Are your customer risk profiles formed by or linked to your money laundering and terrorist financing risk assessment?
Do you have a formalised process for analysing the effectiveness of customer interactions to ensure that reviews were adequately documented and consistent in their approach?
Do you log the types of behaviour which have triggered a customer interaction and keep sufficient records of interactions, along with decisions not to interact especially in terms of the level of detail provided?
Do you have out of hours arrangements in place?
Have your staff received sufficient AML and SR training?

End of public statement

Greentube Alderney Limited Public statement

Published: 2 December 2021

Key failings

breach of Licence Condition 12.1.1 Paragraphs 1, 2 and 3 - Prevention of money laundering and terrorist financing
breach of Paragraph 1 of Licence Condition 12.1.2 (Anti-money laundering Measures for operators based in foreign jurisdictions)
breach of Paragraph 15 of Licence Condition 15.2.1 (Reporting key events)
failure to comply with Social Responsibility Code Provision 3.4.1 paragraph 1 and 2 - Customer interaction.

Operators are expected to consider the issues outlined and review their own practices to identify and implement improvements in respect of the management of customers’ accounts.

Introduction

prevent gambling from being a source of crime or disorder, being associated with crime or disorder or being used to support crime
ensure that gambling is conducted in a fair, safe and open way
protect children and other vulnerable people from being harmed or exploited by gambling.

This investigation resulted in the commencement of a section 116 regulatory review of Greentube Alderney Limited, (Greentube), Combined Remote Operating Licence number: 039050-R-319315-014. The Commission commenced its regulatory review on 16 December 2020.

The regulatory review found failings in Greentube’s processes which were aimed at preventing money laundering (ML) and protecting vulnerable people. These failings were found on two of Greentube’s casino and betting websites, admiralcasino.co.uk and bellfruitcasino.com.

Between December 2019 and November 2020 Greentube failed to comply with the Licence conditions and codes of practice (LCCP), specifically: 

paragraphs 1, 2 and 3 of Licence Condition 12.1.1, requiring compliance with the prevention of money laundering and terrorist financing
Licence Condition 12.1.2 requiring operators based in foreign jurisdictions to comply with the Money Laundering, Terrorist Financing and Transfer of Funds (Information of the Payer) Regulations 2017 (“the 2017 Regulations”)
Licence Condition 15.2.1 requiring operators to report key events to the Commission
paragraphs 1 and 2 of Social responsibility code provision (SRCP) 3.4.1, requiring licensees to interact with customers in a way which minimises the risk of customers experiencing harms associated with gambling, and to take into account the Commission’s guidance on customer interaction.

Taking into account remedial action taken by Greentube and in line with our Statement of principles for licensing and regulation, Greentube will pay a total of £685,000 in lieu of a financial penalty.

The investigation and our subsequent regulatory review found:

failings in Greentube’s implementation of anti-money laundering (AML) policies, procedures and controls
deficiencies in its responsible gambling policies, procedures, controls and practices, including weaknesses in implementation
weaknesses in its reporting arrangements.

Between December 2019 and November 2020 Greentube has been in breach of the following licence conditions and failed to comply with the following social responsibility code provisions.

Breach of paragraph 1 of license condition 12.1.1

Greentube accepted its AML Risk assessment (the Risk Assessment) did not explicitly acknowledge:

that Greentube would ensure it would keep adequate records in writing of the steps it had taken to identify and assess the risks of money laundering to which its business is subject as required by Regulation 18(4) of the 2017 Regulations
that when new products, business practices or technologies are adopted, appropriate measures would be taken to assess and mitigate any money laundering risk this may cause
that consideration had been given to the low risk factors outlined in the Commission’s guidance. Regulation 37(3) of the 2017 Regulations and paragraph 6.93 of the Commission's guidance 'The prevention of money laundering and combating the financing of terrorism - Guidance for remote and non-remote casinos' (the AML Guidance).

Breach of paragraph 2 of license condition 12.1.1

Greentube accepted:

its policies failed to make adequate provision for monitoring money laundering risks during out-of-hours
its processes at the time of the failings placed undue reliance on slots games being a lower risk product from a money laundering perspective, which had the effect of allowing some customers to deposit, gamble and lose significant sums before source of funds were requested
the record keeping processes in place at the time of the Commission’s investigation were inadequate and it was not always able to provide clear evidence of an audit trail to demonstrate decision making.

Breach of paragraph 3 of licence condition 12.1.1

Greentube accepted:

relevant employees did not interrogate customer source of fund and source of wealth information with sufficient critical scrutiny, which meant that undue reliance was placed on open source or incomplete information when further corroborative evidence should have been sought
there were unacceptable delays to obtaining confirmation of ownership of the payment methods used by certain customers and on occasion ownership of the payment method was taken at face value without seeking independent confirmation of the same.

Breach of Paragraph 1 of Licence Condition 12.1.2 (Anti-money laundering Measures for operators based in foreign jurisdictions)

Greentube accepted it did not:

carry out source of wealth (SOW) / source of funds (SOF) immediately after identification of a politically exposed person (PEP) instead it carried out such checks after the PEP had hit a £1,000 deposit threshold which is contrary to regulation 35(5)(b) of the Money Laundering Regulations 2017 (MLR 2017)
properly take into account of the Commission’s AML Guidance and its MLTF Risk Assessment when preparing its own ML/TF Risk Assessment (Regulation 18(2)(a) MLR 2017)
properly articulate the methodology that it had used to prepare its ML/TF Risk Assessment, nor explain what information and data had been used to assess and analyse ML/TF risks presented to Greentube’s business (Regulation 18(4) MLR 2017)
take appropriate measures in preparation for, and during, the adoption of new products or business practices, by assessing any money laundering risks arising from such adoption and implementing specific policies, procedures and controls to mitigate those risks (Regulation 19 MLR 2017)
fully adhere to the requirement to screen relevant employees both before being appointed and during the course of their employment (Regulation 21(1)(b) MLR 2017.

Greentube accepted it relied too heavily on ineffective threshold triggers and generally lacked information regarding how much a customer should be allowed to spend based on income, wealth or any other money laundering risk factors (Regulation 33 MLR 2017).

Breach of Paragraph 15 of Licence Condition 15.2.1 (Reporting key events)

Paragraph 24 licence condition 15.2.1, applicable at the time of the breaches, and currently paragraph 15 of licence condition 15.2.1, requires the reporting of the making of a disclosure pursuant to section 330, 331, 332 or 338 of the Proceeds of Crime Act 2002 or section 19, 20, 21, 21ZA, 21ZB or 21A of the Terrorism Act 2000 (a suspicious activity report). Under this key event, the Licensee should inform the Commission of the unique reference number issued by the United Kingdom Financial Intelligence Unit of the National Crime Agency in respect of each disclosure. The requirement to submit this key event within the five working day period referred to above runs from the licensee’s receipt of the unique reference number. The licensee should also indicate whether the customer relationship has been discontinued

Greentube accepted that they failed to submit key events to the Commission within 5 working days of submission of six suspicious activity reports (SARs) to the National Crime Agency.

Compliance with a SRCP is a condition of the licence by virtue of section 82(1) of the Act. SRCP 3.4.1 (amended from 31 October 2019) states:

“1. Licensees must interact with customers in a way which minimises the risk of customers experiencing harms associated with gambling. This must include:

identifying customers who may be at risk of or experiencing harms associated with gambling.
interacting with customers who may be at risk of or experiencing harms associated with gambling.
understanding the impact of the interaction on the customer, and the effectiveness of the Licensee’s actions and approach.

Licensees must take into account the Commission’s guidance on customer interaction.”

Greentube accepted that:

the series of financial and non-financial safer gambling triggers used to proactively identify when customers may be experiencing harms were not always effective
it was overly reliant on its £1,000 30-day net loss threshold to identify potential signs of problematic gambling and its processes for identifying other markers of potential harm were largely reactive, and did not properly take into consideration such things as the length, frequency and time-of-day of gambling to inform its decision making
its safer gambling and AML teams failed to share relevant information with each other to allow each team a holistic view of the customer profile
customer interaction processes were overly reliant on setting proactive deposit limits, rather than carrying out interactions or affordability assessments to inform risk-based decision making
it used average income data to set deposit limits which were, on occasion, set too high, and which made assumptions based on other open-source information which should have been corroborated against other independent sources of information.

This regulatory settlement consists of:

£685,000 payment in lieu of a financial penalty, which will be directed towards delivering the National Strategy to Reduce Gambling Harms
agreement to the publication of a statement of facts in relation to this case
Greentube has agreed to vary its operating licence to add a specific condition to carry out a third-party audit to review its compliance with the Licensing condition and codes of practice within twelve months, the findings of which it will share with the Commission
payment of £8,789.86 towards the Commission’s costs of investigating the case.

In considering an appropriate resolution to this investigation, the Commission has had regard to the following aggravating and mitigating factors:

Aggravating factors

the serious nature of the breaches identified
the impact on the licensing objectives
the breach arose in circumstances that were similar to previous cases the Commission has dealt with which resulted in the publication of lessons to be learned for the wider industry
the need to encourage compliance among other operators
the nature of the breaches may mean other customers were affected that the Commission has not reviewed
Greentube’s senior management should have been aware of governance issues that lead to the breaches, given their significance.

Mitigating factors

the extent of steps taken to remedy the breach
Greentube’s early recognition of failings
licensee has been co-operative throughout its dealings with the Commission.

Good practice

Gambling operators should take account of the failings identified in this investigation to ensure industry learning. Operators should consider the following questions:

Do you have formal processes in place to measure the effectiveness of your AML and safer gambling policies and are findings adequately recorded?
Do you efficiently record all compliance-related decisions and are you able to demonstrate to the Commission, on request, evidence of ongoing assessment, evaluation and improvement?
Do lessons learned from public statements flow into your policy and processes?
Are your customer risk profiles formed by or linked to your money laundering and terrorist financing risk assessment?
Do you have a formalised process for analysing the effectiveness of customer interactions to ensure that reviews were adequately documented and consistent in their approach?
Do you log the types of behaviour which have triggered a customer interaction and keep sufficient records of interactions, along with decisions not to interact especially in terms of the level of detail provided?
Do you have out of hours arrangements in place?
Have your staff received sufficient AML and SR training?

End of public statement

VGC Leeds Limited Public statement

Published: 13 October 2021

Key failings

Safer Gambling:

Social Responsibility Code Provision 3.4.1

Anti-Money Laundering:

Licence condition 12.1.1(3)

Operators are expected to consider the issues here and review their own practices to identify and implement improvements in respect of the management of customers.

Introduction

Licensed gambling operators have a legal duty to ensure that their gambling facilities are being provided in compliance with the Gambling Act 2005 (the Act), the conditions of their licence and in accordance with the licensing objectives, namely to:

prevent gambling from being a source of crime or disorder, being associated with crime or disorder or being used to support crime
ensure that gambling is conducted in a fair and open way
protect children and other vulnerable people from being harmed or exploited by gambling.

This case concerns VGC Leeds Limited t/a Victoria Gate Casino (VGC) which holds non-remote casino and ancillary remote casino operating licences.

The Commission investigated VGC’s handling of 10 customers following concerns identified at a compliance assessment in July 2019.

Our investigation identified failings in the way VGC identified and managed customers who were at higher risk of money laundering and gambling-related harm. These failings stemmed from VGC failing to effectively implement its anti-money laundering (AML) and safer gambling policies and procedures.

On 24 October 2019, we gave VGC notice that we were commencing a review of its operating licence. That review revealed VGC had breached conditions of its operating licence.

VGC cooperated with our enquiries throughout the course of our investigation and has accepted that the implementation of its policies and procedures in respect of AML and safer gambling were not effective. It has accepted that it failed to act in accordance with conditions of its operating licence between January 2017 and July 2019.

In line with our Statement of principles for licensing and regulation, VGC will pay £241,000 to represent divestment of the amount of financial gain accrued as a result of the accepted failings, and £209,000 in lieu of a financial penalty. It will also pay Commission costs of £21,578.17.

Social responsibility code 3.4.1 stated (at the time it was in place) that:

‘Licensees must put into effect policies and procedures for customer interaction where they have concerns that a customer’s behaviour may indicate problem gambling. The policies must include:

(e) specific provision for making use of all relevant sources of information to ensure effective decision making, and to guide and deliver effective customer interactions, including in particular:
i. provision to identify at risk customers who may not be displaying obvious signs of, or overt behaviour associated with, problem gambling: this should be by reference to indicators such as time or money spent.

Our investigation identified weaknesses in VGC’s safer gambling controls and found it had failed to effectively implement its policies and procedures for customer interaction. Furthermore, VGC failed to make use of all relevant sources of information to ensure effective decision making and to guide effective customer interactions, contrary to SRCP 3.4.1, paragraph 1(e)(i).

Customer A incurred losses of £275,000 over 22 months before the licensee requested source of funds evidence. When source of funds information was finally sought the operator relied on a tax account which it considered supported income of £217,391 – clearly this figure did not support the affordability of the customer’s losses. To establish source of wealth the operator also relied on the customer being the main shareholder for a dormant company and the fact that the customer’s firm had undertaken construction work at its premises. Furthermore, although regular interactions took place with the customer the Licensee accepts it failed to record these interactions and its rational for decisions on the customer’s profile as required by its own policy.
Customer B incurred total losses of £93,294 over 16 months on their account since registering in February 2017. Numerous ‘no concern’ interactions were recorded on the customer’s profile however, no rationale was recorded as to why the interaction was undertaken. This was despite VGC’s own customer interaction policy stating ‘any interaction must be recorded on a Customer Interaction record and retained… Where subsequent customer interactions take place with the same individual, these must also be fully recorded.’

Failure to implement effective AML controls

Licence condition 12.1.1 relates to the Prevention of Money Laundering and Terrorist Financing

Licence condition 12.1.1(3) requires:

Licensees must ensure that such policies, procedures and controls are implemented effectively, kept under review, revised appropriately to ensure that they remain effective, and take into account any applicable learning or guidelines published by the Commission from time to time.

VGC has accepted weaknesses and shortcomings in the relation to the implementation of some of its procedures and controls.

During the investigation we identified VGC had failed to undertake sufficient checks to verify the underlying source of the customer funds in some instances.

Examples of AML failings include:

Customer A incurred losses of £275,000 over 22 months before the licensee requested source of funds evidence. When source of funds information was finally sought the operator relied on a tax account which it considered supported income of £217,391 – clearly this figure did not support the affordability of the customer’s losses. To establish source of wealth the operator also relied on the customer being the main shareholder for a dormant company and the fact that the customer’s firm had undertaken construction work at its premises.
Customer B incurred total losses of £93,294 on their account since registering in February 2017. VGC requested the customer provide proof of SoF in March 2018, within seven days. The customer did not submit copies of bank statements until seven weeks later but was permitted to continue to gamble at VGC’s premises throughout that period. Although the bank statements showed a substantial balance, and regular payments into the account, the origin of the funds were not verified. In addition, the customer had experienced a number of wins and was believed to have used these funds to gamble. However, it was not clear whether the customer had withdrawn these funds and removed them from VGC’s premises. The customer was spoken to eight months later with regard to an annual review and they advised the Licensee they would submit the required documents. However, the customer visited VGC’s premises again a week later but did not provide the documentation. It is not clear from the customer profile if, or when, the documents were submitted.

In addition to accepting these failings, VGC has committed to an ongoing programme of improvements to ensure the implementation of its policies, procedures and controls are effective including, but not limited to, the following specific remedial action:

carried out a full review of the process for collation, review and sign-off of customer profiles, with the objective of creating a holistic summary of due diligence information and affordability
carried out a review of all customers previously Enhanced Due Diligence-approved or in the EDD process, using its updated approach to EDD
carried out a detailed gap analysis to assess the areas of its policies and procedures that required improvement, including its AML policies and procedures. It then updated these policies and procedures in the areas of weakness identified
refined its recycled winnings process in order to ensure that its acceptance of recycled funds as source of funds or source of wealth is documented and justified
updated and implemented a new version of its Social Responsibility policy. This policy includes improved capability in identifying potential indicators of risk via additional training and analytical tools, and a requirement for more detailed and structured recording of customer interactions
introduced new reports to identify customers who are spending more than they can afford or exhibiting changes in their level of play or frequency of visits
improved its record keeping practices to include a stronger focus on the quality of narrative recording of customer interactions and the recording of overall rationale for decisions made.

This regulatory settlement consists of:

£241,000 to represent divestment of the amount of financial gain accrued as a result of the accepted failings, which will be directed towards delivering the National Strategy to Reduce Gambling Harms
£209,000 payment in lieu of a financial penalty, which will be directed towards delivering the National Strategy to Reduce Gambling Harms
agreement to the publication of a statement of the facts in relation to this case
payment of £21,578.17 towards the Commission’s costs of investigating the case.

In considering an appropriate resolution to this investigation, the Commission has had regard to the following aggravating and mitigating factors:

Aggravating factors

the Licensee should have been aware of the breaches
the breaches were serious and had an impact on the licensing objectives
the breaches arose in circumstances that were similar to previous cases the Commission has dealt wwith which resulted in the publication of lessons to be learned for the wider industry
the need to encourage compliance among other operators.

Mitigating factors

there was timely co-operation with the investigation undertaken by the Commission and no attempt to conceal the extent of the breaches
an ongoing programme of remedial action was commenced in response to the breaches being brought to VGC’s attention
VGC has shown insight into the seriousness of the breaches.

End of public statement

Public Statements

Hillside (UK Gaming) ENC Public Statement

Introduction

Breached paragraph 2 of licence condition 12.1.1 (Prevention of money laundering and terrorist financing) between May 2021 and July 2022

Breached licence condition 12.1.2 (Anti-Money Laundering - Measures for operators based in foreign jurisdictions) between May 2021 and July 2022

Failed to comply with paragraphs 1b and 1c of SRCP 3.4.1 (Customer Interaction) between October 2021 to September 2022

Aggravating factors

Mitigating factors

Good practice

Hillside (UK Sports) ENC Public Statement

Introduction

Breached paragraph 2 of licence condition 12.1.1 between May 2021 and July 2022

Failed to comply with paragraphs 1b and 1c of Social Responsibility Code Provision (SRCP) 3.4.1 (Customer Interaction) between October 2021 to September 2022

Aggravating factors

Mitigating factors

Good practice

Lindar Media Limited Public Statement

Introduction

Breach of paragraph 1 of licence condition 12.1.1

Breach of paragraph 2 of licence condition 12.1.1

Breach of paragraph 3 of licence condition 12.1.1

Failure to take into account Ordinary Code Provision 2.1.1

Breach of licence condition 15.2.1 (4) - Reporting key events

Breach of licence condition 1.2.1(3) - Specified management offices – personal management licences

Failure to comply with paragraph 1b, 1c and 2 of SRCP 3.4.1 (Customer Interaction)

Identify

Interact

Failure to comply with SRCP 5.1.6 - the advertising codes

Failure to comply with SRCP 3.1.1(2) – Combating problem gambling

Aggravating factors

Mitigating factors

Good practice

Notes

Done Bros (Cash Betting) Limited Public Statement

Introduction

Breached licence condition 12.1 Prevention of money laundering and terrorist financing

Breach of paragraph 1 of licence condition 12.1.1

Breach of paragraph 2 and 3 of licence condition 12.1.1

Failed to comply with Paragraph 1 and 2 of SRCP 3.4.1 (Customer Interaction)

Aggravating factors

Mitigating factors

Good practice

Notes

Videoslots Limited Public Statement

Introduction

Breach of licence condition 12.1.1(3)

Failure to comply with SRCP 3.4.1 Customer interaction

Conclusion

Aggravating factors:

Mitigating factors:

Good practice

Notes

Skill On Net Limited Public Statement

Introduction

Breach of paragraph 1 of licence condition 12.1.1

Breach of paragraph 2 of licence condition 12.1.1

Breach of paragraph 3 of licence condition 12.1.1

Breach of paragraph 1 of licence condition 12.1.2 (Anti-money laundering - measures for operators based in foreign jurisdictions)

Failure to comply with SRCP 3.4.1 paragraphs 1 and 2

Aggravating factors:

Mitigating factors:

Good practice

Notes

William Hill Organization Limited Public Statement

Introduction

Breach of paragraph 1 of licence condition 12.1.1

Breach of paragraphs 2 and 3 of licence condition 12.1.1

Failure to comply with Paragraph 1 and 2 of SRCP 3.4.1 (Customer Interaction)

Aggravating factors

Mitigating factors

Good Practice

Notes

WHG (International) Limited Public Statement

Introduction

Breach of paragraph 1 of licence condition 2.3.1

Breach of paragraph 1 of licence condition 12.1.1

Breach of paragraphs 2 and 3 of licence condition 12.1.1

Breach of paragraph 1 of licence condition 12.1.2 (Anti-money laundering measures for operators based in foreign jurisdictions)

Failure to comply with paragraph 1 and 2 of SRCP 3.4.1 (Customer Interaction)

Failure to comply with paragraphs 1a, 1c and 1d of SRCP 3.7.1 (Provision of Credit)

Breach of licence condition 8.1.1 (Display of Licensed Status)²

Failure to consider Ordinary Code Provision (OCP) 2.1.1 – Anti-money Laundering (Casino)¹

Failure to comply with: Social Responsibility Code 3.4.1²