This article was produced by Olswang LLP, which joined with CMS on 1 May 2017.
The Gambling Commission (the "Commission") has issued a document underlining the seriousness with which it is taking anti money laundering ("AML") and social responsibility issues under the leadership of its new Chief Executive, Sarah Harrison. The document details a voluntary settlement from Gala Coral with the Commission under which the operator agreed to pay nearly £850,000 and adopt stringent new procedures.
The background
Operators located in the United Kingdom have to comply with the general law in relation to anti money laundering, principally the provisions of the Money Laundering Regulations 2007 and Part 7 of the Proceeds of Crime Act 2002.
In addition, all operators regulated by the Commission (that is all operators providing services to punters in Great Britain) must comply with the provisions in the Commission's Licence Conditions and Codes of Practice (and associated guidance) in relation to anti money-laundering and social responsibility. Unfortunately, these have not been revamped in full since the extension of regulation by the Commission to overseas operators.
This has resulted in some uncertainty in what is required by these provisions. However, as the document issued by the Commission shows, they cannot be sensibly ignored.
The facts
The Commission began an investigation into Gala Coral after being notified by the Police that one of its VIP retail and online customers had been sentenced to 3 years' imprisonment for stealing approximately £800,000 from a vulnerable adult.
A Police examination of the customer's bank records – which were not available to Gala Coral – revealed that the proceeds of the theft had been used to fund the customer's gambling and that the majority of his bets were made through Gala Coral's retail and online operations.
Gala Coral co-operated with the Commission's enquiry and acknowledged at an early stage that there were "serious shortcomings" in its AML and social responsibility procedures. Gala Coral proposed a voluntary settlement whereby the vulnerable adult who was victim of the theft would receive the customer's gross gambling yield of £846,664, and that it would take other steps including a review of its AML and social responsibility policies procedures (including periodic audits), enhanced staff training, and payment of the sum of £30,000 to reflect the Commission's costs of the investigation.
The Commission agreed that the level of co-operation provided by Gala Coral pre-empted the need for a formal review of its gambling licence. Nevertheless, the Commission's investigation into this particular case identified the following issues with Gala Coral's AML and social responsibility obligations:
1. Inadequate investigation into the source of funds: Initial background checks confirmed only the customer's identity and residential address, and Gala Coral believed he was an electrician from a wealthy family. They did not identify that the initial significant payments into his online account were a sign of potential money laundering and placed too much reliance on the fact that his payments were from one UK bank account on one credit card.
2. Lack of effectiveness of social responsibility provisions: The customer's play history was readily available and the increasing volume and size of his bets, together with the increased time spent gambling were indicators that should have identified this customer as a social responsibility risk.
3. Over-reliance on uncorroborated information: Gala Coral's Retail and VIP Team did make informal efforts to assess the customer's source of funds through his interactions with shop and VIP staff, and by meeting him and his friends and family at two hospitality events. However Gala Coral did not attempt to either challenge or corroborate the explanations received.
4. Failure to utilise open-source information: Gala Coral conducted what the Commission considered to be "limited" open source searches as part of its scrutiny of the customer's account in October 2014. These revealed that he was an electrician who lived in a modest semi-detached property, which Gala Coral assumed that he owned. There was other information available through open internet sources that should have flagged that – based on the customer's job and the value of his home – he probably could not afford to be gambling at such high levels.
5. Lack of timeliness in compiling/submitting a Suspicious Activity Report ("SAR"): While Gala Coral's account scrutiny did identify a disparity between the customer's likely income and his levels of gambling (meaning that he was identified as a 'Red' customer), no urgency was attached to compiling a SAR (although one was ultimately compiled). Gambling operators should always "act with haste" where there is a concern about a customer's source of funds.
6. Over-reliance on information gathered at hospitality events: The Commission considered that it was concerning that a high degree of reliance was placed on the fact the customer attended these events. Information gathered should have been critically assessed.
The lessons for all operators
Plainly the Commission is taking the connected areas of AML and social responsibility extremely seriously. Part of the background to this is the EU's Fourth Money Laundering Directive which will extend the EU's anti-money laundering regime to all gambling operators from June 2017 (subject to the UK Government exempting specific gambling products) and the Commission may consider that it needs to be seen to be taking a firm stance in this area.
Many operators may be somewhat behind the curve on AML and social responsibility compliance. The document most helpfully sets out a list of questions which operators can sensibly ask themselves in these areas, which we set out below. These constitute a handy check list for operators seeking to come to terms with what is required and what the Commission is seeking.
This time, on top of reimbursing the amount lost to the victim and paying some investigation costs to the Commission, there was no fine imposed on Gala Coral. However, in future such fines are more than possible and they may well be hefty. Indeed, there is a clear sense here – following on from the Commission's censure of Rank, Caesars Entertainment and Paddy Power - of sending a message to the industry. Accordingly, all operators would be prudent to ensure that their AML and social responsibility procedures and policies are up to scratch.
The questions raised by the Commission
Customer’s source of funds
1. Are you confident that you are utilising all of the account information you hold on customers when assessing the risk they pose?
2. Are you scrutinising the due diligence information you collect from customers sufficiently to ensure that the lifestyle of the customer matches their level of spending?
3. When you identify a customer of concern are you escalating your concerns appropriately? With regard to remote customers are you conducting appropriate levels of ongoing monitoring in accordance with the Money Laundering Regulations 2007?
4. Can you demonstrate that the policies and procedures in place for obtaining information about customers’ sources of funds are appropriately risk-based and are being implemented effectively?
Social responsibility provisions
5. Are you effectively using customer profile and account activity information to identify customers displaying indicators of problem gambling?
6. Is this monitoring ongoing and across all platforms?
7. When you identify customers of concern do you have effective policies and procedures to ensure these concerns are acted upon?
8. Do you have policies in place which address the process and circumstances where services to customers can be withdrawn as a result of social responsibility concerns?
Reliance on uncorroborated information
9. Do you overly rely on uncorroborated information to assess a customer’s risk?
10. How do you ensure that you properly scrutinise any information collated which is to be used to make customer risk assessments?
11. Do you take this information on face value or use it in isolation?
Open source information
12. Are you effectively utilising all available open source information which is available relating to a particular customer?
13. Do you critically assess the open source information you collate?
14. When appropriate could you use open source information to confirm the ownership of a customer’s address or the standard rates of pay for their employment?
Timely submission of suspicious activity reports
15. Do you act with sufficient speed when collating information which might result in a SAR?
16. Do you record the collection of information which could potentially result in a SAR?
17. Do you record the decision-making process when collating information which may result in a SAR?
18. If required, could you evidence this?
Reliance on information gathered through hospitality
19. Do you place undue or misplaced assurance from information gathered at hospitality events?
20. Do you critically assess information supplied at hospitality events with regard to those connected to the customer who may be benefiting from the hospitality?
21. Do you ensure that any explanations supplied are corroborated externally?
Social Media cookies collect information about you sharing information from our website via social media tools, or analytics to understand your browsing between social media tools or our Social Media campaigns and our own websites. We do this to optimise the mix of channels to provide you with our content. Details concerning the tools in use are in our privacy policy.