The Gambling Commission published the fifth edition of The prevention of money laundering and combating the financing of terrorism – Guidance for remote and non-remote casinos (the “Guidance”) in January 2020. The Guidance incorporates the amendments made by the Money Laundering and Terrorist Financing (Amendment) Regulations 2019 to the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.
In its 2018/2019 Enforcement Report, the Gambling Commission said:
“Compliance activity and enforcement cases revealed again and again that operators’ AML policies, procedures and controls are not fit for purpose. There has been the incorrect perception that all gambling regulators’ expectations are identical in addition to a failure to digest our guidance and implement the legislative requirements applicable to Great Britain. This must change, for these are not just regulatory matters but breaches of UK law. Those failing to learn these lessons will face further draconian action.”
Despite repeated messages and enforcement cases of a similar nature, due to ongoing failings by the industry, the Gambling Commission has “continued to imposed increasingly tough financial penalties (or payments in lieu of financial penalties) in cases where there have been major AML failings in order to send a clear message to the industry.”
Operators must take heed because the Gambling Commission will continue to hold you to account for failing to adhere to the Guidance.
As we noted in our blog on 31 March 2020, the current COVID-19 crisis presents some operators with an opportunity to ease regulatory and commercial burdens.
Operators should ensure that they have implemented all changes required following the update to the Guidance and take note of the Gambling Commission’s statement that:
“…the publication of this updated guidance must result in casino businesses reviewing, and accordingly amending, their money laundering and terrorist financing risk assessments as well as the associated policies, procedures and controls…”
Customer due diligence
Paragraphs 6.16 and 6.17 of the Guidance specify that, for the purposes of CDD (as required by Regulation 28), verify means verifying on the basis of documents or information which, in either case, have been obtained from a reliable source which is independent of the person whose identity is being verified. In addition to documents issued or made available by an official body made available by a customer themselves, information may be regarded as meeting this requirement if:
- it is obtained by means of an electronic identification process (by using electronic identification means or by using a trust service); and
- that process is secure from fraud and misuse and capable of providing an appropriate level of assurance that the person claiming a particular identity is, in fact, the person with that identity.
Enhanced customer due diligence and enhanced ongoing monitoring
There are now further requirements for EDD measures and/or an assessment of whether there is a high risk of money laundering or terrorist financing (which, if identified, would require EDD measures) where:
- in relation to any transaction where there is a requirement apply CDD measures, either of the parties to the transaction are established in a high-risk third country;
- a transaction is complex or unusually large, there are unusual patterns of transactions, or the transactions have no apparent economic or legal purpose;
- the customer is the beneficiary of a life insurance policy; or
- the customer is a third country national who is applying for residence rights in or citizenship of an EEA state in exchange for transfers of capital, purchase of a property, government bonds or investment in corporate entities in that EEA state.
Other changes to the Guidance include changes to the risk-based approach, risk assessments, risk-based CDD and new flow diagrams showing the Architecture for the risk-based process (figure 2) and The risk framework and risk-based customer due diligence (figure 3). These highlight the requirement that licensed casino operators:
- take appropriate measures in preparation for, and during, the adoption of new products or business practices, and assess and mitigate any money laundering risks arising from such adoption, in addition to the existing and similar requirement for new technology, including cryptocurrencies (Regulation 19(4));
- have specific policies, procedures and controls for the measures described above (Regulation 19(1) and (2)); and
- take appropriate measures to ensure that any agents used by operators, for the purposes of their business, are given appropriate training in AML and CTF (Regulation 24).
Factors to consider
The new requirements can be addressed by:
- reviewing money laundering and terrorist financing risk assessments now, and each time a new product or business practice is introduced;
- reviewing AML/CTF policies, procedures and controls to ensure that the Guidance has been considered;
- ensuring that all employees are appropriately trained and understand the changes; and
- amending contractual clauses and training procedures to ensure that agents are appropriately trained.
If you would like to discuss any of the issues raised, please do get in touch with us.