Revised remote customer interaction guidance comes into effect
The Gambling Commission’s revised remote customer interaction guidance (“CI Guidance”) has today (31 October 2023) come into effect, along with the requirement set out in Social Responsibility Code Provision (“SRCP”) 3.4.3 that remote licensees must take the CI Guidance into account.
As readers of our blog will no doubt be aware, we have provided several updates (for example, in December 2022 and January 2023) on, and been critical of, the evolution of the CI Guidance, since the first announcement by the Gambling Commission on 14 April 2022 of the new SRCP 3.4.3 and the associated CI Guidance.
The Gambling Commission has now set out its requirements. Irrespective of their views about the CI Guidance, it is vitally important that those remote licensees to which the CI Guidance applies are compliant with SRCP 3.4.3 and can demonstrate that they have taken the CI Guidance into account. We do not propose to further analyse the CI Guidance in detail in this blog. Rather, we set out below some key considerations for those licensees who must comply with these requirements.
Consideration 1: Be wary of the language used in the CI Guidance
We have previously raised concerns about the Gambling Commission introducing formal requirements through guidance, and about the risk that the language used in the CI Guidance might: (a) inaccurately reflect the requirements set out in SRCP 3.4.3; (b) cause confusion; and/or (c) expose licensees to the risk of broad interpretation by the Gambling Commission.
We note that the Gambling Commission has retained its use of “must” and “should” in the CI Guidance, having confirmed in its response to its consultation on the CI Guidance, published on 24 August 2023 (the “CI Consultation Response”) that it has “ensured that [it] consistently appl[ies] ‘must’ language when quoting or referring to the requirements, and use[s] ‘should’ language when referring to guidance which must be taken into account”. Licensees should take note of this distinction, but at the same time be aware that the requirement imposed by SRCP 3.4.3 to “take into account” the CI Guidance might effectively make such distinction irrelevant.
Consideration 2: Document your decision-making processes
As the Gambling Commission explains in the CI Guidance, SRCP 3.4.3 “sets out the requirements relevant licensees must comply with in relation to remote customer interaction. For compliance and enforcement purposes, [it] will expect licensees to demonstrate how their policies, procedures and practices meet the required outcomes. This can be through implementing relevant parts of the guidance or demonstrating how and why implementing alternative solutions equally meet the outcomes”.
Licensees will likely be aware that the Gambling Commission has taken a very literal approach to the interpretation of its guidance in the past (e.g. its guidance for remote and non-remote casinos on the prevention of money laundering and combating the financing of terrorism). It is therefore likely that the Gambling Commission will take the same literal approach in relation to the CI Guidance. Licensees should ensure that they carefully document their decision-making process in relation to the CI Guidance, in particular in cases where their approach is inconsistent with, or diverges from, the CI Guidance. This documented decision-making process will enable licensees to demonstrate to the Gambling Commission that they have met their regulatory obligations in the event of future oversights and/or regulatory scrutiny.
Consideration 3: Licensees are not expected to screen all customers for every indicator of vulnerability
The Gambling Commission makes it clear in the CI Guidance that its “aim” for SRCP 3.4.3(3), which requires licensees to “consider the factors that might make a customer more vulnerable to experiencing gambling harms”, is to ensure that “where licensees know that customers are in a vulnerable situation, these customers are supported”. Licensees should note that the Gambling Commission also confirms that it does not expect licensees to screen all customers for each of the factors of vulnerability set out in the CI Guidance.. Rather, it expects that licensees “consider and act on information that they have available to them” (our emphasis added).
Consideration 4: Not all information included in the CI Guidance is required to be taken into account
The Gambling Commission clarified in the CI Consultation Response that certain information included in the CI Guidance is not required to be taken into account by licensees. Rather, that information has helpfully been included in an attempt to provide licensees with clarification or additional explanation to assist their understanding. Licensees should ensure that they are aware of this distinction, particularly when they are revising their policies and procedures and/or documenting their decision-making process.
A helpful example of this is the additional information – which is not required to be taken into account – set out below paragraph 5.3 of the CI Guidance. This lists further sub-categories of potential indicators of harm which, whilst not required indicators, may be of particular use to licensees when considering the formal indicators that they are required to incorporate into their approach to customer interaction by SRCP 3.4.3(5).
Consideration 5: No change to affordability requirements (yet!)
At present, the Gambling Commission’s position on customer affordability has not changed. Whilst the Government set out its proposed financial risk check model in the White Paper, upon which the Gambling Commission is consulting, the CI Guidance does not address those issues. Rather, it restates the current position at paragraph 4.6, reminding licensees that: (a) open source data that can assist them in assessing affordability exists; (b) thresholds should be realistic and based on average available income; and (c) they should be aware of the distinction between ‘disposable income’ and ‘discretionary income’.
Consideration 6: Manual reviews of automated decisions are only required if customers contest that decision
SRCP 3.4.3(11) requires that “[l]icensees must ensure that strong indicators of harm, as defined within the licensee’s processes, are acted on in a timely manner by implementing automated processes”. It also requires that, where such automated processes are applied, “the licensee must manually review their operation in each individual customer’s case and […] allow the customer the opportunity to contest any automated decision which affects them”.
The Gambling Commission clarified its position in relation to this manual review in the CI Consultation Response and does so again in the CI Guidance, stating that its expectation is that “where a decision is made solely by automated means and which has legal effects or similarly significantly affects a customer […] the licensee contacts the relevant customer to inform them of the decision and their right to contest it”. It is only where the customer exercises their right to contest the decision that a substantive manual review must be undertaken.
Licensees should take steps to review their data protection processes and procedures to ensure that they are consistent with both data protection legislation and the Gambling Commission’s expectations as set out in the CI Guidance.
Consideration 7: Do not overlook evaluation
Licensees are likely to have gone to significant lengths to ensure their adherence to the burdensome requirements set out in the CI Guidance, with particular focus on indicators of vulnerability and harm. In doing so, there is a risk that they may have overlooked the importance of evaluation as required by SRCP 3.4.3 (12)-(14). Licensees should therefore ensure that their approach to customer interaction incorporates the mandatory evaluation processes both at the individual customer level and of the whole system, and that those evaluation processes are documented and audited.
Please get in touch with us if you would like to discuss the CI Guidance, or if you would like assistance with drafting and/or updating your policies and procedures in light of the CI Guidance.