Four gambling businesses have been fined £4.5 million for failing to put in place effective safeguards to prevent money laundering as the UK Gambling Commission works to improve anti-money laundering (AML) compliance for online gambling.
The announcement – a result of an ongoing investigation into online casinos – comes on the heels of the recent release of a guidance from the gambling commission aimed at helping casinos comply with rules for money laundering and terrorism financing.
InTouch Games Limited will pay £2.2m, Betit Operations Limited will pay £1.4m, MT Secure Trade will pay £700,000 in lieu of financial penalties, and BestBet will pay a financial penalty of £230,972.
Those fines were the result of an 18-month crackdown on the industry as the commission told 123 online operators to raise standards to comply with AML rules and protect consumers. Since the investigation began, five operators have surrendered their licenses and no longer operate in the UK. Last November, three companies paid nearly £14m in penalty packages as result of failing to put in place effective safeguards to prevent the flow of dirty money and keep consumers safe from gambling-related harm.
Expected to know your customers
“We have been working hard to raise standards in the online industry to ensure that gambling is crime-free and that the one in five people in Britain who gamble online every month can do so safely,” said Gambling Commission Executive Director Richard Watson.
“We expect operators to know their customers (KYC) and to ask the right questions to make sure they meet their anti-money laundering and social responsibility obligations,” Watson said.
To help gambling operators meet their KYC and other obligations, the UK Gambling Commission recently issued a 98-page guidance that includes the recommendations of the Financial Action Task Force (FATF), the inter-governmental body responsible for setting international standards on anti-money laundering (AML) and countering the financing of terrorism (CFT).
Until the guidance was issued, most legal frameworks on money laundering have focused on wide-ranging prevention and detection of the activity as a way to finance criminal activities.
The commission says the guidance is to assist those who set casino operators’ risk management policies and procedures and controls for preventing money laundering and terrorist financing. “Casino operators will need to establish more detailed and more specific internal arrangements directed by senior management and nominated officers to reflect the risk profile of their business.”
This guidance puts the onus on senior staff to manage the casino operator’s money laundering and terrorist financing risks, and shows how it should be carried out on a risk-based approach. It won’t come as a surprise that the guidance also sets out a standard approach to the identification of customers and verification of their identities and including the obligation to monitor customer activities.
Senior management could face sanctions
The guidance warns of stiff financial or criminal penalties for those casinos that fail to comply.
“Senior management must be fully engaged in the processes around your assessment of risks for money laundering and terrorist financing. They must be involved at every level of the decision making to develop your policies and processes to comply with the Regulations,” the commission wrote. “Disregard for the legal requirements, for example, turning a blind eye to customers spending criminal proceeds, may result in criminal or regulatory action.”
According to the guidance, management must establish and maintain appropriate written risk-sensitive policies and procedures relating to:
- customer due diligence (CDD) measures and ongoing monitoring
- record keeping
- internal control
- risk assessment and management
- monitoring, management and internal communication of policies and procedures.
The guidance said casino employees also have a responsibility to fight AML and report to their manager any knowledge or suspicion of money laundering whether by customers, guests or other employees.
“You must conduct your customer due diligence on the basis of risk assessment, including simplified due diligence and enhanced due diligence (which includes politically exposed persons). You are also required to identify the beneficial owner and need to have evidence of identity in place for all customers.”
“The Commission will expect casino operators to be able to explain the reasons for any departures from that standard.”
Customer risk ratings for KYC
In addition to the advice from the guidance and to help meet KYC obligations, casinos can use AML software tools that calculate risk ratings based on an aggregate view of a customer or patron’s profile. According to Andrew Simpson, COO of CaseWare RCM, factors that can be used in the rating include their PEP (politically exposed person) status, whether they are on any sanctions lists, adverse media on or subpoenas issued for the patron and whether any prior SARs (suspicious activity reports) have been filed on the customer. Weights for each factor can be determined by each institution, depending on their risk tolerance.
Simpson, whose company developed its Alessa software to combat financial crimes, also thinks that the right solution will dynamically update the risk factor depending on the customer’s or patron’s activity. In many cases, a customer’s risk rating is not updated after the onboarding phase and may not reflect changes since account opening. The ability to dynamically update a risk rating allows institutions to identify entities who are engaging in higher risk (and lower risk) activities, as the relationship grows and evolves.
Risk-based approach must be measured
The Money Laundering Regulations in the UK require the identification and assessment of money laundering and terrorist financing risks. The casinos must also be able to measure the effectiveness of their policies, procedures and controls, the guidance said.
The risk-based approach involves a number of steps in assessing ways to manage and mitigate the money laundering and terrorist financing risks:
- identify the money laundering and terrorist financing risks that are relevant to the operator
- design and implement appropriate policies, procedures and controls to manage and mitigate these assessed risks
- monitor and improve the effective operation of these controls
- record what has been done, and why.
“The possibility of gambling facilities being used by criminals to assist in money laundering or terrorist financing poses many risks for casino operators,” the Commission wrote. “These include criminal and regulatory sanctions for operators and their employees, civil action against the operator and damage to the reputation of the operator, leading to a potential loss of business.”
The commission went on to say casino operators will see some benefits in taking a risk-based approach. By focusing on areas where they will have the most impact, the casino business will have a more realistic assessment of the largest criminal threats.
A risk-based approach requires the full commitment and support of senior management, and the active co-operation of all employees, said the Commission. “It should be part of the casino operator’s philosophy and be reflected in the operator’s policies, procedures and controls.”
Determining risks critical to planning
Determining the potential money laundering and terrorist financing risks posed by a customer, or category of customers, is critical to the development and implementation of an overall risk-based framework, the Commission stated. Based on its own criteria, a casino should seek to determine whether a particular customer poses a higher risk, such as politically exposed persons (PEPs), high spenders, disproportionate spenders or customers with changing spending patterns, among others.
Customer due diligence (CDD) measures include identifying the customer and verifying their identity; where there is a beneficial owner who is not the customer, identifying the beneficial owner; and, assessing and obtaining information on the purpose and intended nature of the business relationship.
Once a business relationship has begun, casinos are required to make checks on customers if they suspect money laundering or terrorist financing, doubt the veracity of adequacy of the identification of the customer, or if they carry out an occasional transaction worth more than €1,000.
Even in cases where no obvious doubt is present, CDD measures must be applied to any transaction of €2,000 or more, whether the transaction is executed in a single operation or in several operations which appear to be linked.
Transaction monitoring points out threats
In addition to the thresholds listed above, monitoring customer transactions can help point out threats or suspicious behaviours to watch for. Examples include the following:
- Alters transaction to avoid recordkeeping requirement
- Alters transaction to avoid cash transaction reports (CTR) requirement
- Patron cancels transaction to avoid reporting and recordkeeping requirements
- Multiple transactions below recordkeeping threshold
- Multiple transactions below CTR threshold
- Suspicious inquiry by patron regarding reporting or recordkeeping requirements
- Frequent deposits of cash, cheques, bank cheques, wire transfers into casino account
- Funds withdrawn from account shortly after being deposited
- Exchange small bills for large bills or vice versa
- Account activity with little or no gambling activity
- Associations with multiple accounts under multiple names
- Suspicion concerning the source of funds
- Suspicion concerning the physical condition of funds
- Suspicious designation of beneficiaries, assignees or joint owners
- Funds transferred from casino account to a charity fund
- Suspicious exchange of currencies
- Suspicious receipt of government payments/benefits
- Suspicious use of noncash monetary instruments
- Suspicious use of third-parties (straw-man)
- Transaction out of pattern for patron
The above list represents just some of the scenarios that casinos need to monitor.
When to end a business relationship
To avoid potentially committing money-laundering offences, the guidance said casino operators must consider ending the business relationship with a customer in the following circumstances:
- where it is known that the customer is attempting to use the operator to launder criminal proceeds or for criminal spending
- where the risk of breaches to the U.K.’s Proceeds of Crime Act (POCA) are considered by the operator to be too high
- where the customer’s gambling activity leads to an increasing level of suspicion, or actual knowledge of, money laundering
- where the customer is proven to a reasonable degree of confidence to not be the identity they claim to be.
- Additionally, where, in relation to any customer, the casino operator is unable to apply CDD measures, the business relationship with the customer must be terminated and the operator must submit a suspicious activity report (SAR) to the U.K.’s National Crime Agency (NCA) where they consider the circumstances to be suspicious.
In order for an SAR to be made, it is not necessary to know or to establish the exact nature of any underlying criminal offence, or that the particular funds or property were definitely those arising from a crime, said the guidance. Casinos are told not to wait for a conviction of a customer on money laundering or other criminal offences in order to suspect that money laundering has taken place.
The full Guidance from the UK Gambling Commission is located here.