As all operators licensed by the Gambling Commission reading this will surely be aware, they are required to uphold the licensing objectives under the Gambling Act 2005 and to have in place effective policies and procedures to identify and manage the risks to those objectives arising from their business.
In order to uphold the first licensing objective to prevent gambling from being a source of crime or disorder, being associated with crime or disorder or being used to support crime, Ordinary Code provisions 2.1.1 and 2.1.2 of the Gambling Commission’s LCCP impose an obligation on operating licence-holders:
- in the case of remote and non-remote casinos, to act in accordance with the Commission’s guidance on anti-money laundering (“AML”) “The Prevention of Money Laundering and Combating the Financing of Terrorism – Guidance for remote and non-remote casinos’ and
- in the case of all licences except casino licences, to take into account the Commission’s advice on the Proceeds of Crime Act 2002 “Duties and responsibilities under the Proceeds of Crime Act 2002 – Advice for operators (excluding casino operators)”
Major operators have felt the full force of the Commission’s investigative and enforcement powers in recent years with the likes of Ladbrokes, Coral Racing and bet365 in the betting sphere and Aspers and the Rank Group in the gaming sphere facing public criticism from the Commission for weaknesses in their AML controls.
Amongst the areas of learning for the rest of the industry identified by the Commission have been:
- ensuring commercial imperatives do not crowd out management of regulatory risk,
- ensuring that information sources are appropriate and effective in identifying regulatory risk (eg potential money laundering, problem gambling) and are acted upon, and
- linking information across different outlets, products and platforms.
For obvious reasons, the Gambling Commission’s above-mentioned publications constitute essential reading material for all operators, but whilst they explain from the regulator’s perspective the statutory obligations with which licence-holders must comply, they can sometimes lead to lead to questions of mixed interpretation.
That is just one of the reasons why the publication by the Remote Gambling Association of the second edition of its “Anti-money laundering: Good practice guidelines for the online gambling industry” should be welcomed by all operators. These very clear and practical guidelines can be accessed via the link on our website at http://cliftondavies.com/rga-publishes-updated-aml-guidelines/
Another important reason for welcome is the fact that the RGA’s guidelines anticipate some of the changes that will flow from the forthcoming implementation of the EU’s 4th Money Laundering Directive which will include the entire gambling sector as opposed to just casinos (although the Directive will allow EU Member States to exempt sectors on the basis of proven low risk posed by the nature and scale of their services).
The RGA explains that the guidelines reflect best practice and shared experience within the industry and are meant to complement legal and regulatory requirements, irrespective of the jurisdictions where operators are licensed, providing practical guidance for operators to conduct AML and counter-terrorism (“CTF”) financing measures where applicable. What follows is merely a summary of the content of the guidelines, which all operators should read in full.
- The RGA guidelines give good solid practical advice on the following steps that should be followed by operators when undertaking a risk assessment for AML/CTF, which is described as “not a one-off exercise, it is an ongoing process”:
- risk identification (ie customer risk, product/services risk, transaction/payment risk, geographical risk and behavioural risk)
- risk mitigation
- risk monitoring
- documented policies and procedures
- risk review
Application of internal controls
- Internal processes and procedures are described as the “key link between the risks identified in the AML/CTF risk assessment and the practical implementation of mitigation measures”. As is the case with the Gambling Commission’s guidance, emphasis is placed on the need for full engagement by senior management, proper documentation of policies and processes and full record-keeping by money laundering reporting officers (“MLROs”).
Customer verification and due diligence
- Customer DD checks are now something with which most people are now familiar from their dealings with banks, solicitors and accountants. The verification process is vital to ensure that gambling operators can be satisfied that customers are who they say they are and are not acting on behalf of anyone else and do not feature on a PEP or Sanctions list.
Ongoing and enhanced due diligence
- Customers should be continually monitored so that their risk profiles can be updated as necessary. Enhanced DD should follow the risk-based principle with the consequence that where a customer’s risk increases, so too should the level of DD performed on him or her. The RGA guidelines list a number of processes, use of which may increase confidence that no money laundering or terrorist financing concerns are associated with a customer.
Politically exposed persons
- PEPs constitute a higher risk due to their position by reason of them being entrusted with, or being closely associated with persons who have been entrusted with, prominent public functions. This is because the sphere of influence within which such persons operate makes them uniquely placed to be involved in potential corruption and may enable them to circumvent AML/CTF regulation. The RGA guidelines list processes to be put in place.
- The guidelines are intended to have a wider geographical application than merely the UK and other EU countries. Gambling operators are advised to examine carefully any requirements that their regulators may place on them in relation to financial sanctions measures imposed by governments.
Role of the MLRO
- As is now widely recognized, the person appointed as MLRO should have sufficient seniority and command within the business to fulfill the role effectively, should have direct access to the Board of Directors and should report to the board and/or senior management regularly. The guidelines list key responsibilities of the MLRO but also emphasise the need for training so that all relevant customer-facing staff are aware of money laundering risks.
Working with supervisory authorities
- The guidelines make the obvious point that operators should liaise with all relevant supervisory authorities in every jurisdiction where they hold a gambling licence and ensure they know what AML and CTF regulations apply and which Financial Intelligence Unit they must report to.
Suspicious transaction reporting
- In almost all jurisdictions, a legal obligation will exist to report suspicious transactions and operators should have a documented process in place for all employees to escalate by reporting them to the MLRO when suspicions exist that a customer (or others) may be engaged in money laundering or terrorist financing. The guidelines also outline the responsibilities of the MLRO when this occurs.
- The guidelines make the point that, unlike the land-based gambling sector, a remote gambling operator will always enter into a business relationship with a customer and must keep records relating to transaction documents, customer DD information, suspicious transaction information, MLRO reports, AML training and AML/CTF policies and procedures. The guidelines recommend that all such records should be kept for a minimum of 5 years and specify the dates from which this time period should be calculated.
Employee training and screening
- The importance of appropriate and regular staff training is emphasized, and the recommended content of such training is set out, in the guidelines. Staff training records should be kept and operators should have at least an annual review of all AML/CTF training material. The guidelines also make clear that, when hiring staff, operators should have in place appropriate DD procedures to screen potential employees to verify their identity and ensure their integrity.
The RGA’s guidelines are therefore no less essential reading than the Gambling Commission’s own publications, particularly bearing in mind the risk of criminal prosecutions and regulatory sanctions (including fines and revocations of both operating and personal licences) that can flow from failures to adopt and implement sufficiently adequate AML systems and controls.
Article by David Clifton – Director of Clifton Davies Consultancy