02Jul

Financial Action Task Force: June 2024 update to Grey List jurisdictions

2nd July 2024 Chris Biggs 106

The Financial Action Task Force’s (“FATF”) June Plenary concluded on 28 June 2024, with the announcement of changes to its list of Jurisdictions under Increased Monitoring (“Grey List”).

The changes to the Grey List are as follows:

Jamaica and Turkey are no longer subject to increased monitoring by FATF, due to “significant progress” in addressing the strategic anti-money laundering (“AML”) and counter-terrorism financing (“CTF”) deficiencies previously identified during their mutual evaluations. Even though these countries have been removed from the Grey List, they will continue to work with FATF and their local FATF-style regional bodies to continue improving their AML/CTF regimes.

Conversely, FATF have added Monaco and Venezuela to the Grey List, meaning these jurisdictions have committed to implement an action plan to resolve strategic deficiencies in their regimes to counter money laundering, terrorist financing and proliferation financing within agreed timeframes.

FATF made no changes to its list of High-Risk Jurisdictions subject to a Call for Action (“Black List”), which at the time of writing includes the Democratic People’s Republic of Korea, Iran and Myanmar.

A full list of high-risk third counties on FATF’s Grey and Black Lists can be found on its website.

As discussed in our previous blog, the Gambling Commission recently reminded licensees in its Emerging money laundering and terrorist financing risks from February 2024 to conduct robust customer due diligence checks in relation to any customer relationships associated with the jurisdictions on the Grey List.

Additionally, holders of casino operating licences issued by the Gambling Commission are required by regulation 33(3)(a) of The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 to conduct enhanced customer due diligence and enhanced ongoing monitoring in any business relationship with a person established in a jurisdiction named on the Grey or Black Lists (a ‘high-risk third country’).

Next steps

We recommend that all licensees review their AML/CTF policies, procedures and controls, including business risk assessments, to ensure appropriate measures are applied in relation to high-risk third counties including, from July 2024, Monaco and Venezuela. In addition, licensees should diarise the date of the next FATF Plenary meeting, so they can check if there are further updates. FATF’s next meeting will take place in October 2024.

Please get in contact with us if you require assistance reviewing your AML/CTF policies, procedures or risk assessments or with any other AML/CTF compliance matters.

11Jul

HM Treasury consultation: Reform of the anti-money laundering and counter-terrorism financing supervisory regime

11th July 2023 Chris Biggs 188

On 30 June 2023, HM Treasury published its consultation on reform of the anti-money laundering and counter-terrorism financing supervisory system (the “Consultation”). Released as part of the Government’s commitments within its Economic Crime Plan 2023-2026, the Consultation offers stakeholders the opportunity to provide their views on four possible models for improving the UK’s anti-money laundering and counter-terrorism financing (“AML/CTF”) supervisory regime. The Consultation also seeks responses in order to determine whether there is a need for a more formalised system of sanctions supervision, noting that most AML/CTF supervisors do not have explicit powers to supervise sanctions compliance and controls.

In the Consultation’s preamble, the Treasury Lords Minister Baroness Penn emphasised the Government’s motivations for its proposals:

“Money laundering is the lifeblood of organised crime… Terrorism financing threatens national security and facilitates atrocities we have suffered here in the UK and across the rest of the world. To protect the integrity of the UK’s financial and professional services sectors, we must also do more to address illicit finance linked to corrupt elites…”

The current situation

Presently AML/CTF is regulated by various supervising authorities which oversee businesses that conduct activities classified under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (the “MLRs”). Three statutory supervisors regulate various sectors under the MLRs, specifically: the Gambling Commission for the casino industry; the Financial Conduct Authority for financial institutions; and HMRC for a number of business sectors, including real estate agency businesses and accountancy, trust or company service providers not supervised by another authority or professional body. In addition, Professional Body Supervisors (“PBSs”) are responsible for supervising legal and accountancy firms.

However, in HM Treasury’s 2022 Review of the UK’s AML/CTF Regulatory and Supervisory Regime the Government concluded that, whilst there had been continued improvement to the regime, some weaknesses in supervision may need to be addressed through structural reform. The 2022 review set out four possible models for a future AML/CTF supervisory system and the Consultation further develops these four models, assessing them against three consultation objectives: (a) supervisory effectiveness; (b) improved system coordination; and (c) feasibility.

The proposed models

1. OPBAS+

In 2017, the Government created the Office for Professional Body Anti-Money Laundering Supervision (“OPBAS”). OPBAS was designed to ensure robust and consistent supervision of AML/CTF across the nation’s 22 PBSs. The Consultation proposes that OPBAS be given enhanced powers to increase the effectiveness of supervision by the PBSs.

The Consultation states this proposal would be most immediately feasible, as no structural changes would be required to the current regime. Evidently, this proposal would have little to no impact on the Gambling Commission’s regulation of AML/CTF, however it is possible that the Gambling Commission may seek to mirror any additional accountability mechanisms that this model would introduce.

2. PBS Consolidation

The Consultation proposes that instead of enhancing OPBAS, the number of PBSs be reduced. Specifically, either two or six PBSs would retain responsibility for AML/CTF supervision, whereby two oversee the legal and accountancy sectors respectively across the UK, or two PBSs oversee the legal and accountancy sectors respectively in England and Wales, Scotland and Northern Ireland. Two further variants proposed under this model relate to HMRC’s supervisory role for accountancy and trust or company service providers being removed or reduced.

Again, this model would retain the current system of supervision by PBSs but would reduce the inconsistency and complexity of the current system due to the number of PBSs. It is unlikely that this model would significantly impact the Gambling Commission’s regulation of AML/CTF.

3. Single Professional Services Supervisor

The Single Professional Services Supervisor (“SPSS”) model, as the name suggests, proposes that one single public body (existing or new) supervise all legal and accountancy sector firms for AML/CTF, and possibly some or all of the wider sectors currently supervised by HMRC. The Consultation suggests that the SPSS would be independent of any ministerial department, but accountable to HM Treasury. Its nature as a public body, accountable to Parliament, may be considered more appropriate: (a) because of the broad set of intervention powers it will hold; (b) because its policy remit can be set out in legislation; (c) to facilitate better information sharing; and (d) because it will be more flexible.

Again, it is unlikely that this model would significantly impact the Gambling Commission’s regulation of AML/CTF.

4. Single Anti-Money Laundering Supervisor

The Consultation’s proposal for a Single Anti-Money Laundering Supervisor (“SAS”) represents the most significant proposed change to the AML/CTF supervisory regime in the UK, and one that would change how Licensees are regulated in respect of AML/CTF.

The SAS, which would be a public body, would undertake all AML/CTF supervision in the UK, with the Gambling Commission and the other existing statutory supervisors and PBSs relinquishing their AML/CTF supervisory duties entirely. Similar to the SPSS model above, the SAS would benefit from being an operationally independent public body ultimately accountable to Parliament and HM Treasury.

The Consultation acknowledges that supervisors should take a risk-based and data-led approach to their AML/CTF supervision and it goes without saying that unless seamless communication and data-sharing between supervisors exists, there will be inconsistencies. One overarching supervisory body, such as the SAS, may therefore be best placed to consider data from all sectors and apply a consistent standard of AML/CTF regulation.

From Licensees’ perspective, there has been confusion about the Gambling Commission’s approach to AML/CTF for some time, particularly in relation to the inevitable cross over between AML/CTF and safer gambling, affordability and vulnerability. Licensees may therefore consider that the SAS model will introduce consistency to the AML/CTF supervision of casinos that operate in the UK and introduce a more proportionate and coherent regime. However, Licensees should note that were the SAS model to be introduced, they would be faced with: (a) dual regulation which will inevitably introduce an additional burden; and (b) supervision by the SAS, a newly created regulatory body that will almost certainly have less industry expertise than the Gambling Commission.

Responding to the Consultation

Whether or not the SAS is the favoured model will be influenced by the responses and evidence submitted to the Consultation. The Consultation is open until 30 September 2023. HM Treasury encourages responses to be submitted through its secure online survey, but responses can also be emailed to [email protected]. We recommend that all Licensees review and respond to the Consultation.

Please get in touch with us if you would like assistance with preparing a response or with any AML/CTF compliance or enforcement matters.

With credit and sincere thanks to David Whyte for his invaluable co-authorship.

12Jun

Gambling Commission updates AML guidance

12th June 2023 Adam Russell 174

On 7 June 2023, the Gambling Commission published a further revision of the fifth edition of the prevention of money laundering and combating the financing of terrorism guidance (the “AML Guidance”), applicable to both remote and non-remote casino licensees (“Licensees”).

The purpose of the updates to the AML Guidance is to incorporate and address proliferation financing which is defined by the Gambling Commission in the Glossary of terms section (Annex) of the AML Guidance as:

“The act of providing funds or financial services for use (in whole or in part) in the manufacture, acquisition, development, export, trans-shipment, brokering, transport, transfer, stockpiling of, or otherwise in connection with the possession or use of chemical, biological, radiological or nuclear weapons, including the provision of funds or financial services in connection with the means of delivery of such weapons and other Chemical, Biological, Radiological and Nuclear (CBRN)-related goods and technology, in contravention of a relevant financial sanctions obligation.”

The Gambling Commission directs Licensees to review the latest version of the AML Guidance and “to ensure that these changes are incorporated in their risk assessments, policies, procedures and controls, their processes and in their training.”

Updates in the AML Guidance

The updates in the AML Guidance include that Licensees:

conduct a risk assessment to identify and assess the risks of proliferation financing associated with their business, and implement and maintain policies, procedures and controls to mitigate and manage those risks. Licensees will therefore need to review and update their money laundering (“ML”) and terrorist financing (“TF”) risk assessment and their policies, procedures and controls immediately;
implement staff training in relation to proliferation financing, in addition to ML and TF training. Licensees must therefore ensure staff training is updated and implemented accordingly;
ensure their nominated officer is involved in establishing the basis on which a risk-based approach to the prevention of ML, TF and proliferation financing is put into practice;
ensure that anyone working for them to whom information or other matter comes in the course of business as a result of which they know or suspect, or have reasonable grounds for knowing or suspecting, that a person is engaged in ML, TF or proliferation financing, makes an internal report to their nominated officer; and
manage and mitigate the risks in any business relationship with a customer situated in a high-risk third country or, where Licensees are required to apply customer due diligence measures, where either of the parties to the transaction is a resident in a high-risk third country. This should form part of Licensees’ review of their ML and TF risk assessment and their policies and procedures.

Next steps

Licensees should review and make the required changes immediately. Please get in touch with us if you would like assistance with the required changes, or with any other compliance matters.

05Jul

Lexology – Getting the Deal Through, Gaming 2022

5th July 2022 Harris Hagan 254

As Harris Hagan continues its contribution to the Lexology GTDT Gaming publication, we are pleased to share with our subscribers, complimentary access to the full reference guide which is now available online.

Our Associate, Jessica Wilson, remains the author of the United Kingdom report, which covers a range of British regulatory insights including land-based and remote gambling and quasi-gambling activities, including legal definition; anti-money-laundering regulations; director, officer and owner licensing; passive/institutional ownership; responsible gambling; taxes; advertising; supplier licensing and registration; change of control considerations; and recent trends in the industry.

The reference guide also allows for side-by-side comparisons with other local insights from jurisdictions such as Australia, Brazil, Germany, Hong Kong, Japan, Macau, Nigeria, South Africa and the USA.

We invite you to review the reference guide at your leisure.

18Feb

The Gambling Commission’s emerging money laundering and terrorist financing risks – 10 February 2022 update

18th February 2022 David Whyte 215

The Gambling Commission released its most recent update on emerging money laundering and terrorist financing risks on 10 February.

The Gambling Commission reminds licensees on its website that they are required, by licence condition (“LC”) 12.1.1(3), to “keep up to date with any emerging risks that the Commission publishes”. This update covers three emerging risks that we set out in detail below.

1. Improvements needed to money laundering and terrorist financing risk assessments

The Gambling Commission points out that it expects to see licensees significantly improve their money laundering and terrorist financing controls, flagging that there are “too many instances being identified where licensees are failing to meet the requirements of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 and the LCCP”.

It reminds licensees of the mandatory requirement under LC 12.1.1 that they “conduct an assessment of the risks of their business being used for money laundering and terrorist financing and have appropriate policies, procedures and controls in place to mitigate the risk of money laundering and terrorist financing”.

In warning licensees that it will take regulatory action where it identifies significant failings (which, it also reminds licensees, can include suspension and revocation) the Gambling Commission directs them to its most recent compliance and enforcement report, Raising Standards for consumers – Compliance and Enforcement Report 2020-2021 (the “2021 Report”), within which it has identified and included examples of good practice to consider.

Having seen first-hand the Gambling Commission’s punctilious expectations of licensees’ money laundering and terrorist financing risk assessments, and noting some differences between the good practice examples set out in the 2021 Report and our own practical experience of its expectations, we recommend licensees consider the following:

Ensure that you review your risk assessment in the light of this emerging risk update. If the Gambling Commission has cause to raise concerns about your approach in the future, it will almost certainly point to this update as an opportunity for you to have improved your risk assessment sooner.
Ensure that you also review your risk assessment “as necessary in the light of any changes of circumstances”, including the examples set out in LC 12.1.1(1).
Methodically work through the Gambling Commission’s AML guidance for casinos (in particular paragraphs 2.12 to 2.39) or other gambling businesses (in particular section 18) (together the “AML Guidance”) when completing or updating your risk assessment. Gambling Commission officials seem to use the guidance as a checklist when reviewing risk assessments during compliance assessments.
Ensure that your risk assessment accords with the Gambling Commission’s own money laundering and terrorist financing risk assessments. As with the AML Guidance, Gambling Commission officials will likely cross check the content. Should your assessment of any individual risk differ from the Gambling Commission’s, it will likely expect you to be able to explain why. Please note that the Gambling Commission sets out in its 2020 risk assessment its expectation that you also refer to its 2018 and 2019 risk assessments “s part of your commitment to anti-money laundering and the prevention of terrorist financing”. We therefore recommend that, if you haven’t already, you cross check your risk assessment against all three documents, as together they form a catalogue, rather than superseding each other.
Include reference to all theoretical risks included in the AML Guidance and the Gambling Commission’s own risk assessments, irrespective of whether you consider those theoretical risks to present any actual risk to your business. We have seen Gambling Commission officials criticise licensees who have, justifiably, considered it sensible to omit theoretical risks from their risk assessment because they simply do not exist in their operation and therefore cannot be assessed. By means of an example, even when cryptocurrency it is not accepted, the Gambling Commission has stated it expects details to be included in a risk assessment, including about how this payment method is prevented. Whilst this may be something that can be explained and/or corrected at a later stage, the time and effort required in doing so is best avoided if possible.
Ensure that your policies, procedures and controls are prepared having regard to your risk assessment and cross refer to it where appropriate. By means of an example, a key area of concern often raised by Gambling Commission officials is that there is no explanation in the risk assessment about why triggers and thresholds were set at current levels. Putting aside any argument that policies, and not risk assessments, are the best place for this explanation to be recorded (as how else could those policies – and therefore the triggers and thresholds – have regard to the risk assessment?) the Gambling Commission will be looking for evidence of such consideration.
Ensure that you have a clear methodology for your risk assessment and that you can show that your approach has been applied logically to the risks. If you are unsure on an appropriate methodology to use, consider applying the same methodology that is used by the Gambling Commission in its own risk assessments.
Ensure that you are risk profiling customers from the outset of the business relationship.
Take into account when completing your risk assessment the risks presented by unaffordability, problem gambling or gambling addiction that leads to crime (for example increasing spend inconsistent with apparent source of income). Similarly, as part of a balancing exercise, be careful not to conflate those risks with those presented by money laundering and the financing of terrorism.
Include clear and detailed explanations of risks and mitigation rather than vague references.
Ensure that you do not reference any out-of-date Gambling Commission guidance and/or advice. The Gambling Commission sets out in the 2021 Report its expectation that licensees keep up to date with any guidance and/or advice it provides and then update their risk assessment and polices, procedures and controls based on that guidance and/or advice.

2. Due diligence checks on third party business relationships and business investors

The Gambling Commission sets out that it has become aware of instances of licensees failing to conduct sufficient due diligence in their business relationships, including where licensees have entered white label partnerships (which are noted as high risk in the Gambling Commission’s 2020 risk assessment, specifically for AML failures) or received third-party investment.

Again, the Gambling Commission reminds licensees to refer to the AML Guidance, within which it asserts that increased risks are posed by the jurisdictional location of the third-party, as well as by transactions and arrangements with business associates and third-party suppliers, such as payment providers, including their beneficial ownership and source of funds. Examples given are insufficient checks on the source of funds from an investment that had originated from cryptoassets that was converted to sterling when invested into the gambling business, and repeated failures to consider jurisdictional risk in relation to third-party business relationships.

The Gambling Commission advises licensees to remind themselves of the content of its April and July 2020 e-bulletins for more information on these risks.

This is not the first time the Gambling Commission has raised this issue and as such it is indicative that it may be preparing to widen its practical examination of licensees’ approaches to money laundering and terrorist financing risk, to concentrate further on their transactions in higher risk jurisdictions.

We recommend that licensees, in particular those in white label or B2B arrangements, review their approach to due diligence and risk in anticipation of additional scrutiny. As the Gambling Commission points out, failure to do so could amount to a breach of the MLR, the Proceeds of Crime Act 2002, the Terrorism Act 2000 or LC 12.1.1.

3. Scottish notes and pre-paid cards

Having set out in its 2020 risk assessment “the significant, potential money laundering risks associated with the use of Scottish notes and pre-paid cards” the Gambling Commission points out the increased risk of Scottish notes being used to top up pre-paid cards. It reminds licensees to “remain curious as to the source of customer funds and conduct ongoing monitoring to ensure that customer spending levels align with your knowledge of their affordability to gamble”.

It would be sensible for licensees to take this into account when reviewing their risk assessments, and to be mindful of the Gambling Commission’s concerns if they are accepting pre-paid cards.

Please get in touch with us if you would like any assistance on compliance or enforcement matters.

22Jun

Consultation response: Gambling Commission fees to increase from 1 October 2021

22nd June 2021 Jemma Newton 285

On 14 June 2021 the UK Government issued its response to a consultation by the Department for Digital, Culture, Media and Sport (“DCMS”) in relation to proposals to increase the fees which are payable by gambling operators in Great Britain to the Gambling Commission (the “Commission”).

The Government’s response set out that the consultation had proposed an increase in fees in order to enable the Commission to continue to “recover its costs and address regulatory challenges”.

The Government confirmed it intends to proceed with implementing the proposals outlined in the consultation, which were to:

increase annual fees for remote operating licences by 55% from 1 October 2021;
increase all application fees by 60% from 1 October 2021;
make other changes to simplify the fees system, including removing annual fee discounts for combined and multiple licences, from 1 October 2021; and
increase annual fees for non-remote operating licences by 15%, with implementation of these increases delayed until 1 April 2022.

The Government also confirmed that two minor amendments will be made to fees regulations:

to “ensure fees regulations are consistent with the provisions of UK GDPR and the Information Commissioner’s Office’s guidance”, no variation fee will be charged where individuals exercise their right to have inaccurate personal data rectified; and
the fee for an application for a Single Machine Permit will be increased, from £25 to £40, “to ensure that the Commission recovers its costs in processing these applications”.

The Government’s full response can be viewed here.

The Commission released a response to the Government’s confirmation of an increase in fees, stating that it “welcomes publication of consultation response on the funding of gambling regulation”, and clarifying that the much needed changes to its fees income “will enable to continue to regulate effectively”. The Commission’s response can be viewed here.

What does this mean for licensees?

As set out above, in addition to a significant increase to licence application fees, remote licensees will be required to pay considerably higher annual fees to the Commission from 1 October 2021. Notably, the increase in annual fees for non-remote licensees will be delayed until 1 April 2022, to account for the Government’s recognition of the impact COVID-19 restrictions have had on the non-remote sector. The Government’s response sets out that:

The majority of non-remote operators are required to pay their annual fees in August or September each year, meaning that the new annual fee levels for much of the non-remote industry will not be due until August 2022.

16Jun

Update on the Remote Customer Interaction Consultation

16th June 2021 Jemma Newton 305

Background

On 25 May 2021, the Gambling Commission of Great Britain (“the Commission”) provided an update regarding its Remote Customer Interaction Consultation.

The update referenced the Commission’s consultation, which took place earlier this year, which is concerned with identifying and protecting customers at risk of harm. The update also referred to the Commission’s current requirements, which place a duty on remote operators to monitor gambling, and to take action where there is a risk of harm, and the Commission’s finding that operators were not always acting swiftly enough. The Commission confirmed that it has been analysing the approximately 13,000 responses it received.

Confirming that it had considered what the respondents said, the Commission states that:

Many people think there should be protections in place for the most vulnerable and that appropriate checks should be in place to identify and prevent cases of clearly unaffordable gambling. Many respondents emphasised that measures should be proportionate and targeted at those at risk of harm. At the same time, customers were also concerned about privacy and freedom of choice. We take that seriously.

What are the Commission’s priorities and intentions?

The Commission confirms that it is aiming to achieve the correct balance, and that it has listened to concerns about what could be seen as an unnecessary assessment of time and money spent gambling. However, it goes on to state that it has seen serious failings by operators towards customers, and (somewhat surprisingly given the extensive responses it has to review) it has concluded that it needs to take action now to address the most significant risks, including excessive spending in short periods of time and harm to vulnerable customers.

The Commission states that it has concluded that stronger requirements are needed for operators to identify a range of indicators of harm, and to take action earlier and more often.

The Commission states that it has identified three key risks that it is prioritising for action:

Significant losses in a very short time

Cases where customers have been able to spend many thousands of pounds in short periods, including minutes, without any checks. These cases are relatively rare but have very significant impacts on the consumers affected. For example, in a recent case a customer lost four thousand pounds in six minutes following sign-up.

Significant losses over time

Where customers have significant losses over a period of time without sufficient assessment of whether they are being harmed. Significant losses over time are experienced by a relatively small proportion of customers and it is appropriate to require checks for these customers. An example of this in our casework was where a customer lost thirty-five thousand pounds over two months, without sufficient checks being carried out.

Financial vulnerability

Where information is available that shows when customers are particularly financially vulnerable and likely to be harmed by their level of gambling.

The Commission then sets out its next steps, which will be to:

- Publish its full response this summer, which will set out the detailed actions on the areas on which it has previously put forward proposals for consultation. Such areas include the requirement to take action where customers are known to be in a vulnerable situation, to take action in a timely manner, and, where appropriate, for that action to be automated. The Commission clarified that it will also proceed as planned with a consultation on thresholds for operators to take action and guidance as to what those actions should be.
- Continue to work closely with the Department for Digital, Culture, Media and Sport (“DCMS”) by providing advice and evidence for the Government’s Gambling Act Review (the “Review”) and recognising broader public policy questions about how to protect people from harm which will be considered as part of the Review.
- Continue to engage with consumers, the financial sector and the gambling industry about information on customers that should be available to gambling businesses.
- Continue its work to support the prevention of harm, including working to ensure that existing tools for setting deposit limits are used more widely and effectively.

Points of note for licensees and what should they do in the meantime?

1. The Commission’s update clarified that remote licensees should continue to meet the Commission’s current customer interaction requirements. The Commission’s requirements and current expectations are set out in the Licence Conditions and Codes of Practice, customer interaction guidance issued under SR Code 3.4.1 and in the Commission’s Compliance and Enforcement Report 2019-20. We discuss these requirements further in our blog.

1. Operators should note the three ‘key risks’ flagged by the Commission that are being prioritised for action. Monitoring “significant losses in a very short time” and “significant losses over time” should not be an overly burdensome task for licensees and they should consider taking steps now to introduce monitoring of these risks if they do not already do so. The third key risk, “financial vulnerability” is somewhat more nuanced; until such time as the Commission makes its position clear, licensees should note the increasing focus by the Commission on the risks presented by customers who are financially vulnerable.

1. Despite the apparent step backwards, which the Commission’s update indicates it has taken in relation to its future plans for affordability, licensees should note that in practice, the Commission continues to expect them to consider affordability in both their approach to safer gambling and in their approach to anti-money laundering and combating the financing of terrorism.

17Aug

Consultation Response on Changes to Information Requirements – AML/CTF

17th August 2020 David Whyte 343

In our blog of 7 April 2020 we summarised the Gambling Commission’s consultation, launched on 26 February 2020, in two parts, on planned changes to regulatory information and data reporting requirements. On 30 July 2020, the Gambling Commission published its consultation response document (the “Consultation Response”). The Gambling Commission received 70 written responses to its consultation, including 50 from licensees.

Some of the stated proposals of the consultation were “to make data requirements more efficient for licensees, and for ”, to “streamline existing requirements” and to “reduce regulatory burden”. The stated aim of the consultation being “to ensure the information requirements placed on licence holders are proportionate and effective to inform regulation of the industry”. Whilst many of the changes serve to support the Gambling Commission’s aims and proposals, some of the proposed changes relating to anti-money laundering (“AML”) and counter terrorist financing (“CTF”) may serve to confuse licensees’ understanding and increase the regulatory burden.

We recommend that all licensees read the Consultation Response and new/amended provisions in the Licence Conditions and Codes of Practice (“LCCP”). We highlight some of the Gambling Commission’s significant changes relating to AML/CTF:

New licence condition 15.1.3 – Reporting of systematic or organised money lending

All non-remote casino, non-remote bingo, general betting, adult gaming centre, family entertainment centre and remote betting intermediary (trading rooms only) licences

Licensees must as soon as reasonably practicable, in such form or manner as the Commission may from time to time specify, provide the Commission with any information relating to cases where they encounter systematic, organised or substantial money lending between customers on their premises, in accordance with the ordinary code provisions on money lending between customers.

Presently, ordinary code provisions 3.8.1 and 3.8.2, which apply only to non-remote casinos, provide that licensees take steps to prevent systematic or organised money lending between customers on their premises, and provide that the Gambling Commission should be notified where licensees encounter the same. This new licence condition is self-explanatory: it elevates the reporting requirement to a licence condition.

New licence condition 15.2.2(1)(d) – Other reportable events

All operating licences:

1. Licensees must also notify the Commission in such form or manner as the Commission may from time to time specify, as soon as reasonably practicable of the occurrence of any of the following events:

…

d. any actual or potential breaches by the licensee of the requirements imposed by or under Parts 7 or 8 of the Proceeds of Crime Act 2002, or Part III of the Terrorism Act 2000, or any UK law by which those statutes are amended or superseded.

The Gambling Commission re-emphasises in the Consultation Response that the primary purpose of the introduction of this reportable event is to encourage self-reporting by licensees of breaches of the relevant provisions of the Proceeds of Crime Act 2002 (“POCA”) or Part III of the Terrorism Act 2000 (the “Terrorism Act”).

A number of concerns were raised about the Gambling Commission’s proposal, with respondents considering it to be too broad. This was likely founded on a concern that licensees would be obliged to notify the Gambling Commission each time they submit a suspicious activity report (“SAR”) to the National Crime Agency (“NCA”), because such submission may constitute “a potential breach”. However, the Gambling Commission has made it clear in its Consultation Response that it does not consider the introduction of this licence condition to be too broad, as it covers actual or potential breaches by the licensee and does not extend to breaches by customers of the licensee. It stated:

The only relevant provisions therefore are the reporting requirements in relation to known or suspected money laundering or terrorist financing activity, breaches of the tipping off or prejudicing an investigation requirements, or committing one or more of the principle money laundering or terrorist financing offences...We agree that it is for the courts to decide whether a breach has occurred, and we do not intend to adjudicate in place of this. We do expect a licensee to be capable of identifying whether a breach has or potentially has occurred, and this should be reported to us as it may have an impact on the continued suitability of an operator to hold a licence. The reportable event is a simple process of notifying the Commission of either proven or potential breaches. We encourage self-reporting by licensees which allows us to better manage potential money laundering and terrorist financing risks, and thus keep crime out of gambling.

We therefore suggest that licensees who are concerned about the impact of this new licence condition consider the following when determining whether or not they (and not their customers) have actually or potentially committed any offence under the relevant parts of POCA or the Terrorism Act:

Did knowledge or suspicion exist when the licensee entered into or became concerned in an arrangement? The continuance or termination of a business relationship may be a relevant consideration here.

Under certain provisions of the legislation, the submission of a SAR or the receipt of consent from the NCA serves to ensure that there is no offence committed by the licensee.

Any failure to submit a SAR where knowledge or suspicion of money laundering or terrorist financing exists, or there are reasonable grounds for knowing or suspecting the same, may be caught as a potential breach (failure to disclose) and therefore may be notifiable. To mitigate the risk of licensees committing (or potentially committing) disclosure offences, care should be taken to ensure that policies, procedures and training are clear and up to date in relation to licensees’ SAR procedures.

Have any tipping off, or prejudicing an investigation, offences been committed? The Gambling Commission also made it clear in its Consultation Response that it does not consider that licensees will be at risk of committing the offences of tipping off or prejudicing an investigation when notifying the Gambling Commission under licence condition 15.2.2(1)(d). This seems logical; the notification is not required unless these offences have been committed by the licensee, if they have been, the licensee’s disclosure to the Gambling Commission would likely amount to a confession rather than tipping off or prejudicing an investigation.

New licence condition 15.2.3 – Other reportable events – money laundering, terrorist financing, etc

All non-remote and remote casino operating licences

1. Licensees must notify the Commission in such form or manner as the Commission may from time to time specify, as soon as reasonably practicable of any actual or potential breaches by the licensee of the provisions of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on Payer) Regulations 2017 , or any UK Statutory Instrument by which those regulations are amended or superseded.

2. Licensees must, within 14 days of the appointment, notify the Commission of the identity of the individual appointed as:

a. the officer responsible for the licensee’s compliance with the (regulation 21(1)(a)),

b. the nominated officer (regulation 21(3))

c. and any subsequent appointment to either of those positions.

3. Licensees must, within 14 days of the departure or removal of any individual appointed to the positions mentioned in 2 above, notify the Commission of such departure or removal.

A number of concerns were raised about the Gambling Commission’s proposal, with respondents requesting further guidance on the types of breaches that should be reported under licence condition 15.2.3(1) if the Gambling Commission wanted reporting to be consistent, non-subjective and not overly burdensome. Concerns were also raised that the requirement to report potential breaches was significantly beyond that prescribed in the Regulations.

The Regulations are comprehensive and amongst other things contain customer and enhanced due diligence, record keeping, training and risk assessment requirements. This reporting requirement, in particular the requirement to report potential breaches, is therefore likely to cause confusion and will significantly increase the burden of compliance on licensees.

Key points to note:

Despite some of the requirements of the Regulations being explicit (for example CDD being required before establishing a business relationship or in relation to a transaction that amounts to 2,000 euros or more), others require a risk-based approach. A breach in this sense may constitute a failure to take a risk-based approach and not a certain decision that in hindsight is deemed regretful.

In some cases, it will be very difficult for licensees to determine, on a risk-based approach, whether or not they have potentially breached the Regulations. Licensees may therefore choose to take a subjective view when considering whether or not a potential breach as occurred. Other relevant factors may include:

whether a licensee’s policies and procedures have been adhered to;

given that a breach of a policy implemented on a risk-based approach may be indicative of a potential breach of the Regulations, licensees may wish to review their policies and procedures to ensure that they are not overly committal in certain areas. For example, the Regulations require the regular provision of training in how to recognise and deal with transactions and other activities which may be related to money laundering or terrorist financing. If licensees have deemed in their policy that this training will be provided annually, has there been a potential breach if this training is late and delivered after 13 months? A simpler approach to avoid this may be to specify in policy that training will be delivered regularly and at approximately 12-month intervals, this allowing for flexibility without the pressure of considering Gambling Commission notification.

Are there processes in place to ensure that the notification requirements will be adhered to? What is the procedure? Who is responsible for making the decision on notification?

Have licensees conducted a gap analysis against the Regulations to ensure that all of the requirements are covered by existing policies and procedures?

In circumstances where a decision is made not to notify the Gambling Commission, licensees may consider it sensible to document their decision making process such that this justification can be provided to the Gambling Commission in the event of challenge at a later stage.

The Gambling Commission has made it clear in the Consultation Response that it does not expect licensees to notify it about customer accounts suspended due to a lack of satisfactory source of funds documentation. It is actual or potential breaches of the Regulations – by the licensee – that the Gambling Commission expects to be notified about.

In addition, under licence conditions 15.2.3(2) and (3), licensees are required to notify the Gambling Commission within 14 days of the appointment, and/or departure, and/or removal of both:

the officer responsible for their compliance with the Regulations; and
their nominated officer.

The Gambling Commission makes it clear in the Consultation Response that the notification should include the full details of the individuals, the date of their appointment and details of their position within the business, senior management or role on the board. The Gambling Commission also points out that it intends to consult on the status of the nominated officer role later in 2020.

We strongly recommend that licensees review their AML/CTF policies, procedures, controls and training programmes now to ensure that adequate provision has been made for adherence to these changes before they come into force.

The changes come into force on 31 October 2020.

If you would like to discuss any of the issues raised, please do get in touch with us.

07May

Remain Vigilant to Ensure AML Compliance

7th May 2020 David Whyte 363

The Gambling Commission published the fifth edition of The prevention of money laundering and combating the financing of terrorism – Guidance for remote and non-remote casinos (the “Guidance”) in January 2020. The Guidance incorporates the amendments made by the Money Laundering and Terrorist Financing (Amendment) Regulations 2019 to the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.

In its 2018/2019 Enforcement Report, the Gambling Commission said:

“Compliance activity and enforcement cases revealed again and again that operators’ AML policies, procedures and controls are not fit for purpose. There has been the incorrect perception that all gambling regulators’ expectations are identical in addition to a failure to digest our guidance and implement the legislative requirements applicable to Great Britain. This must change, for these are not just regulatory matters but breaches of UK law. Those failing to learn these lessons will face further draconian action.”

Despite repeated messages and enforcement cases of a similar nature, due to ongoing failings by the industry, the Gambling Commission has “continued to imposed increasingly tough financial penalties (or payments in lieu of financial penalties) in cases where there have been major AML failings in order to send a clear message to the industry.”

Operators must take heed because the Gambling Commission will continue to hold you to account for failing to adhere to the Guidance.

As we noted in our blog on 31 March 2020, the current COVID-19 crisis presents some operators with an opportunity to ease regulatory and commercial burdens.

Operators should ensure that they have implemented all changes required following the update to the Guidance and take note of the Gambling Commission’s statement that:

“…the publication of this updated guidance must result in casino businesses reviewing, and accordingly amending, their money laundering and terrorist financing risk assessments as well as the associated policies, procedures and controls…”

Customer due diligence

Paragraphs 6.16 and 6.17 of the Guidance specify that, for the purposes of CDD (as required by Regulation 28), verify means verifying on the basis of documents or information which, in either case, have been obtained from a reliable source which is independent of the person whose identity is being verified. In addition to documents issued or made available by an official body made available by a customer themselves, information may be regarded as meeting this requirement if:

it is obtained by means of an electronic identification process (by using electronic identification means or by using a trust service); and
that process is secure from fraud and misuse and capable of providing an appropriate level of assurance that the person claiming a particular identity is, in fact, the person with that identity.

Enhanced customer due diligence and enhanced ongoing monitoring

There are now further requirements for EDD measures and/or an assessment of whether there is a high risk of money laundering or terrorist financing (which, if identified, would require EDD measures) where:

in relation to any transaction where there is a requirement apply CDD measures, either of the parties to the transaction are established in a high-risk third country;
a transaction is complex or unusually large, there are unusual patterns of transactions, or the transactions have no apparent economic or legal purpose;
the customer is the beneficiary of a life insurance policy; or
the customer is a third country national who is applying for residence rights in or citizenship of an EEA state in exchange for transfers of capital, purchase of a property, government bonds or investment in corporate entities in that EEA state.

Other changes

Other changes to the Guidance include changes to the risk-based approach, risk assessments, risk-based CDD and new flow diagrams showing the Architecture for the risk-based process (figure 2) and The risk framework and risk-based customer due diligence (figure 3). These highlight the requirement that licensed casino operators:

take appropriate measures in preparation for, and during, the adoption of new products or business practices, and assess and mitigate any money laundering risks arising from such adoption, in addition to the existing and similar requirement for new technology, including cryptocurrencies (Regulation 19(4));
have specific policies, procedures and controls for the measures described above (Regulation 19(1) and (2)); and
take appropriate measures to ensure that any agents used by operators, for the purposes of their business, are given appropriate training in AML and CTF (Regulation 24).

Factors to consider

The new requirements can be addressed by:

reviewing money laundering and terrorist financing risk assessments now, and each time a new product or business practice is introduced;
reviewing AML/CTF policies, procedures and controls to ensure that the Guidance has been considered;
ensuring that all employees are appropriately trained and understand the changes; and
amending contractual clauses and training procedures to ensure that agents are appropriately trained.

If you would like to discuss any of the issues raised, please do get in touch with us.