High rollers and Higher stakes
The Gambling Industry is a profitable source of income for the UK economy. Currently worth £13.9 billion according to the Gambling Commission, its value is only set to increase as the sector continues to build on consumer appetites for online gambling.
With the onus currently on operators to spot both illicit funds from financial criminals and problem gamblers, already-stretched compliance staff are finding themselves under a mountain of customer checks and could begin to stray away from their other regulatory requirements. The past 12 months has already seen a number of fines within the sector for ineffective money laundering controls, largely focused around the sources of customer wealth and a lack of action in flagging suspicious customers on the part of the operators. So, how can operators ensure that the funds being injected into their systems aren't illicit?
Risk and Regulation
The current guidance from the Gambling Commission on antimoney laundering (AML) controls is in line with the UK's 2017 Money Laundering Regulations, which were based on the LU 4th Money Laundering Directive (4MLD). Whilst online casinos had been mentioned in previous directives of this nature, 4MLD was the first time that the requirement for certain entities to carry out effective customer due diligence (CDD) has applied across the entire gambling sector.
Furthermore, the Regulations included specific notices to operators to apply CDD measures for single transactions amounting to €2,000 or more. In theory, this due diligence should target so-called 'high rolling' customers who deposit large sums of funds in a single transaction. Flowever, this is not being done consistently by operators in practice.
The Gambling Commission has recently fined two leading operators as a result of failures in anti-money laundering controls. One case saw several cases of large customer deposits, which were later shown to have come from illicit sources. This should sound an alarm bell for the whole sector, and all operators need to ensure they are taking a risk-based approach to the sources of client funds - especially for so-called "high rollers".
On this particular case, Neil McArthur, Executive Director of the Gambling Commission said:
Gambling businesses have a responsibility to ensure they keep crime out of gambling and tackle problem gambling - and as part of that, they must be constantly curious about where the money they are taking is coming from.
While it is clear that the Commission is serious about compliance, operators are seeking more specific guidance around how they can effectively conduct due diligence on their specific customer types. At the moment, they are subject to general catch-all guidance to follow a risk-based approach, and as such, sometimes fail to have the proper checks in place.
Waving a red flag
The statements from the Commission also identifies two important challenges for all operators: internal resource and appropriate staff training for those responsible for implementing AML controls. Senior management failure to mitigate operational risk and provide resource to carry out sufficient levels of due diligence on both new and existing customers is a key issue.
That said, there are a number of 'red flags' which compliance staff should always look for when it comes to customer due diligence checks, whichever approach is used. The basic customer documentation required for due diligence checks such as payslips should be the first consideration, as then it can be determined whether a customer's income level matches the level of funds being placed as a deposit. Equally, another simple step is to consider where these funds are coming from. The offence of money laundering also includes criminal spend, i.e. the use of criminal proceeds to fund gambling, so looking at the origin of these funds is paramount.
Whilst the source of customer funds should always be a priority for a compliance officer, the methods through which the funds are transferred should also be met with a cautionary eye. Operators need to be especially wary of alternative methods of payment such as credit card, prepaid or stored value cards and money service businesses, such as currency exchanges and other cross-border transfer systems. The Commission also expects operators to maintain AML policies which identify the use of multiple accounts, multiple debit/credit cards and multiple online e-money accounts as areas of potential risk.
The last piece of the puzzle lies with checks on the customers themselves. Staff need to ensure that they flag any customers who are from high-risk jurisdictions, included on a sanctions list or identified as a politically-exposed person (PEP). Each of these categories should be seen as a potential marker for suspicious activity, and all customers - high rollers or not-should be subject to some form of identification and verification checks.
The Customer is King
The age-old retail saying of "the customer is always right" may not apply to due diligence purposes, but customers still need to feel respected and valued by the operators whose goods and services they are purchasing.
For gambling operators, there is a fine line between adequate due diligence and customer satisfaction, as there is a significant challenge in enquiring about a customer's wealth without offending them. As a result, we are seeing more and more land- based casinos implementing a 2-day due diligence structure, whereby the customer will book an appointment in advance to visit the establishment, and in the two days prior, the casino's compliance staff will use that time to conduct all relevant checks on the customer and their potential risk. This is proving to be especially effective in larger cities like London, as customers - especially the high rollers - are flying in from overseas, and therefore are far more likely to book their sessions in ahead of time.
On the other hand, online operators are finding that whilst they may have more data on their customers overall, the onboarding process is at times trickier due to customers having to scan in or share digital versions of all the relevant documents needed for compliance, such as payslips, P60s and other proof of identity and proof of address documents, to ensure all bases are covered.
This can create friction with new customers who just want to use their funds to play the game or bet on an upcoming match, but are unable to do so until the correct checks have been conducted. One solution to this lies in Open Banking, which came into force in January 2018. Theoretically, with a customer's approval, operators could use Open Banking to access the customer's banking details and conduct all the appropriate checks with minimal input from the customer themselves. The sticking point here, however, lies in this theory becoming a reality.
A Process-based Approach
It is clear that what is holding retail and online operators back from due diligence success is the process with which they conduct this activity. There is a great deal of inconsistency in the policies and procedures adopted by individual operators, and the regulations themselves are not prescriptive. There is no "one size fits all" approach; a different process is needed for every type of customer, and it is up to each operator to understand its own risk exposure and implement appropriate policies to reflect this.
The general guidance from the Commission states that firms need to:
- Identify the money laundering and terrorist financing risks that are relevant to their business
- Design and implement policies and procedures to manage and mitigate these assessed risks
- Monitor and improve the effective operation of these controls
- Record what has been done, and why
The ability to action these steps ultimately depends upon the compliance resources each operator has.
Ongoing monitoring is also a key part of the Commission's guidance, and can potentially be a weak spot for operators when it comes to effective customer verification. From a regulatory perspective, operators need to evidence that they are conducting ongoing monitoring of their existing customers, outside of the onboarding process. Indeed, customer records are expected to be kept for a minimum of five years, and so operators need to ensure that their employees are trained to record and retain information for all customers.
All in all, operators are facing increased regulatory scrutiny, but the processes needed to achieve compliance are often unclear. Taking a risk-based approach is a far cry from the old 'tick box' approach to compliance. It requires a high level of staff training staff to perform customer checks and the potential risk factors to look out for, and when to refer concerns to management without reproach. Operators themselves need to take their AML obligations seriously and have robust procedures in place to report suspicious activity to the National Crime Agency through the Suspicious Activity Report (SAR) process.
Gambling businesses are in the front line in the fight against financial crime, and the industry needs a deeper understanding of the typologies adopted by financial criminals. By taking a proactive approach in ensuring proper AML controls are in place, gambling operators can begin to turn the tables on their process problems and gain a distinct advantage, especially as the regulator looks to increase compliance levels even further.