Anti-money laundering and remote casinos - the importance of engaging with the customer

Posted: 29th January 2018

The gambling industry has experienced significant change in recent years. The internet has allowed easier access and convenience that has attracted new customers to gambling.

The Gambling Commission (‘the Commission’) stated that online gambling accounted for 33% of all gambling in the UK between April 2015 and March 2016. However, the connection of money laundering and gambling is driving authorities and regulators to focus more squarely on the industry. To this end, in June 2017, the Fourth EU Money Laundering Directive came into force, and remote casinos are within the scope of its requirements. 

There have been many headlines where fraudsters have been convicted for fraud motivated by a gambling addiction. Clearly, this will not apply to the vast majority of individuals with a gambling problem - however, operators must be able to identify problem gamblers and recognise suspicious activity of self-laundering (laundering the proceeds of your own crime, in this case, through gambling).

Spending behaviours that indicate a customer living beyond their means may not only signify problem gambling, but may also raise a suspicion on the source of their income. Therefore, knowing and understanding your customer through strong due diligence to spot patterns and behaviours is essential to mitigating regulatory and reputational risk.

On the 4th January 2018, the Commission announced their findings from their compliance assessment of remote casinos. The assessment provided clear recommendations for operators to take immediate action with regards to customer interaction and anti-money laundering. As a result, the Commission will be investigating 17 operators and five other companies will have their licences reviewed. As fraud and money laundering continue to rise nationally, it is crucial for gambling operators to close the vulnerabilities within their business models for criminals who exploit the sector.

Remote casinos – who are your customers?

Remote casinos face a few more obstacles than their non-remote counterparts. Onboarding customers can be challenging when you are unable to see the customer physically. This disconnection presents a greater risk for operators. The reliance on documentation to prove identity is not always effective to verify the customer – know your customer (KYC) checks can be circumvented by criminals with access to counterfeit identification documents on the black market. There is also the challenge of customers who are subject to sanctions, are politically exposed persons (PEPs) or are vulnerable customers (for example, under age).

However, understanding the customer can enable you to manage the risk of your customers more effectively. Operators that take a holistic approach to these regulatory requirements will display a robust compliance culture and framework to mitigate the risk of irresponsible gambling and money laundering.

The summary of the failings found that operators need to implement the following:

1. A documented risk assessment
2. The correct level of customer due diligence (CDD) / enhanced due diligence (EDD)
3. Training and competence to help staff recognise the red flags and understand the risks
4. A robust and proportionate process for suspicious activity reporting and decision making
5. Policies and procedures to identify the behaviours that indicate problem gambling / vulnerability

1. Risk assessment

In an industry subject to constant change, operators must be able to adapt to maintaining a robust risk assessment. In the gambling sector, technology will constantly provide innovative products and services. Operators will need a risk assessment that can identify the regulatory risk around any new products, new methods of payment and customer type. The risk assessment needs to be a live document that continually evolves and reviewed at least annually.

2. Customer due diligence and enhanced due diligence

The Commission found that many operators were not completing ongoing monitoring of their customers. Customers seen as high-risk in terms of money laundering require enhanced due diligence that goes beyond a tick-box approach.

CDD must be applied to any transaction over €2,000, and it is irrelevant if the transaction is not a single amount and includes several transactions that are connected. This would also include CDD for customers who have spent and lost money rather than only applying CDD when paying out the winnings.

3. Training and competence

The Commission found that some operators have training programmes commensurate with the level of risk inherent in their business models. Operators need to understand how criminals can affect companies by spending their criminal proceeds on gambling. The Money Laundering Regulations 2017 requires firms to ensure that their staff receive adequate training and keep training records. Operators that breach these regulations could also be in breach of licensing conditions.

4. Suspicious Activity Reports (SARs)

Operators are required to submit reports to the National Crime Agency (NCA) when they have a suspicion of money laundering or terrorist financing. Submitting a SAR can help authorities detect money laundering and provide the company with a legal defence. The Commission found that there was “little evidence of effective considerations to SARs”. It was found that some MLROs had not retained or referred cases to the NCA, and there was a lack of understanding of the criminal offence of ‘tipping off’. Operators that do not understand these requirements open the company and its employees to legal liability.  

5. Social responsibility

Engaging with the customer and understanding the gambling pattern and their spending levels can identify signs of money laundering. Furthermore, it also allows firms to recognise the signs of problem gambling.  Customer interaction is imperative to help those that display signs of problem gambling. The Commission found that there were many cases which should have triggered customer interaction and opportunities were missed and raised concerns for the regulator.  

Effectively managing AML risk

The climate of regulatory scrutiny in the gambling sector is rising, and enforcement action by the regulator is looking more likely, particularly when you consider the Financial Action Task Force (FATF) mutual evaluation this year. The evaluation will provide an in-depth description and analysis of how the UK is preventing criminal abuse of the financial system.

Firms need to consider a number of factors to ensure they manage the risks in this area effectively, in particular:

• Periodic compliance monitoring and independent review of systems and controls to ensure they stand up to regulatory scrutiny
• Robust CDD controls using a risk-based approach through profiling of customers and completing EDD when necessary
• Review and assurance testing of third party arrangements, e.g. where CDD / EDD is outsourced to an offshore corporate service provider
• Policies and procedures to engage with potential customers who show warning signs of problem gambling, with accurate records maintained to evidence your customer interactions
• Implement a training programme to raise awareness of, and compliance with, money laundering and terrorist financing regulation. Staff should be aware of their legal obligations and how to identify and deal with suspicious activity and produce reports to the NCA that are clear and contain the right information

The fines for AML failings in financial services have been significant and have damaged firms’ reputations. Gambling operators should look to financial services for methods of managing these requirements, as hard lessons have been learned in the sector. Those operators that adapt to the changes now will be able to mitigate financial crime risk, avoid regulatory sanctions and fines and thrive commercially.