The Gambling Commission released its most recent update on emerging money laundering and terrorist financing risks on 10 February.

The Gambling Commission reminds licensees on its website that they are required, by licence condition (“LC”) 12.1.1(3), to “keep up to date with any emerging risks that the Commission publishes”. This update covers three emerging risks that we set out in detail below.

1.     Improvements needed to money laundering and terrorist financing risk assessments

The Gambling Commission points out that it expects to see licensees significantly improve their money laundering and terrorist financing controls, flagging that there are “too many instances being identified where licensees are failing to meet the requirements of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 [(as amended) (the “MLR”)] and the LCCP”.

It reminds licensees of the mandatory requirement under LC 12.1.1 that they “conduct an assessment of the risks of their business being used for money laundering and terrorist financing and have appropriate policies, procedures and controls in place to mitigate the risk of money laundering and terrorist financing”.

In warning licensees that it will take regulatory action where it identifies significant failings (which, it also reminds licensees, can include suspension and revocation) the Gambling Commission directs them to its most recent compliance and enforcement report, Raising Standards for consumers – Compliance and Enforcement Report 2020-2021 (the “2021 Report”), within which it has identified and included examples of good practice to consider.

Having seen first-hand the Gambling Commission’s punctilious expectations of licensees’ money laundering and terrorist financing risk assessments, and noting some differences between the good practice examples set out in the 2021 Report and our own practical experience of its expectations, we recommend licensees consider the following:

• Ensure that you review your risk assessment in the light of this emerging risk update. If the Gambling Commission has cause to raise concerns about your approach in the future, it will almost certainly point to this update as an opportunity for you to have improved your risk assessment sooner.
• Ensure that you also review your risk assessment “as necessary in the light of any changes of circumstances”, including the examples set out in LC 12.1.1(1).
• Methodically work through the Gambling Commission’s AML guidance for casinos (in particular paragraphs 2.12 to 2.39) or other gambling businesses (in particular section 18) (together the “AML Guidance”) when completing or updating your risk assessment. Gambling Commission officials seem to use the guidance as a checklist when reviewing risk assessments during compliance assessments.
• Ensure that your risk assessment accords with the Gambling Commission’s own money laundering and terrorist financing risk assessments. As with the AML Guidance, Gambling Commission officials will likely cross check the content. Should your assessment of any individual risk differ from the Gambling Commission’s, it will likely expect you to be able to explain why. Please note that the Gambling Commission sets out in its 2020 risk assessment its expectation that you also refer to its 2018 and 2019 risk assessments “[a]s part of your commitment to anti-money laundering and the prevention of terrorist financing”. We therefore recommend that, if you haven’t already, you cross check your risk assessment against all three documents, as together they form a catalogue, rather than superseding each other.
• Include reference to all theoretical risks included in the AML Guidance and the Gambling Commission’s own risk assessments, irrespective of whether you consider those theoretical risks to present any actual risk to your business. We have seen Gambling Commission officials criticise licensees who have, justifiably, considered it sensible to omit theoretical risks from their risk assessment because they simply do not exist in their operation and therefore cannot be assessed. By means of an example, even when cryptocurrency it is not accepted, the Gambling Commission has stated it expects details to be included in a risk assessment, including about how this payment method is prevented. Whilst this may be something that can be explained and/or corrected at a later stage, the time and effort required in doing so is best avoided if possible.
• Ensure that your policies, procedures and controls are prepared having regard to your risk assessment and cross refer to it where appropriate. By means of an example, a key area of concern often raised by Gambling Commission officials is that there is no explanation in the risk assessment about why triggers and thresholds were set at current levels. Putting aside any argument that policies, and not risk assessments, are the best place for this explanation to be recorded (as how else could those policies – and therefore the triggers and thresholds – have regard to the risk assessment?) the Gambling Commission will be looking for evidence of such consideration.
• Ensure that you have a clear methodology for your risk assessment and that you can show that your approach has been applied logically to the risks. If you are unsure on an appropriate methodology to use, consider applying the same methodology that is used by the Gambling Commission in its own risk assessments.
• Ensure that you are risk profiling customers from the outset of the business relationship.
• Take into account when completing your risk assessment the risks presented by unaffordability, problem gambling or gambling addiction that leads to crime (for example increasing spend inconsistent with apparent source of income). Similarly, as part of a balancing exercise, be careful not to conflate those risks with those presented by money laundering and the financing of terrorism.  
• Include clear and detailed explanations of risks and mitigation rather than vague references.
• Ensure that you do not reference any out-of-date Gambling Commission guidance and/or advice. The Gambling Commission sets out in the 2021 Report its expectation that licensees keep up to date with any guidance and/or advice it provides and then update their risk assessment and polices, procedures and controls based on that guidance and/or advice.

2.    Due diligence checks on third party business relationships and business investors

The Gambling Commission sets out that it has become aware of instances of licensees failing to conduct sufficient due diligence in their business relationships, including where licensees have entered white label partnerships (which are noted as high risk in the Gambling Commission’s 2020 risk assessment, specifically for AML failures) or received third-party investment.

Again, the Gambling Commission reminds licensees to refer to the AML Guidance, within which it asserts that increased risks are posed by the jurisdictional location of the third-party, as well as by transactions and arrangements with business associates and third-party suppliers, such as payment providers, including their beneficial ownership and source of funds. Examples given are insufficient checks on the source of funds from an investment that had originated from cryptoassets that was converted to sterling when invested into the gambling business, and repeated failures to consider jurisdictional risk in relation to third-party business relationships.

The Gambling Commission advises licensees to remind themselves of the content of its April and July 2020 e-bulletins for more information on these risks.

This is not the first time the Gambling Commission has raised this issue and as such it is indicative that it may be preparing to widen its practical examination of licensees’ approaches to money laundering and terrorist financing risk, to concentrate further on their transactions in higher risk jurisdictions.

We recommend that licensees, in particular those in white label or B2B arrangements, review their approach to due diligence and risk in anticipation of additional scrutiny. As the Gambling Commission points out, failure to do so could amount to a breach of the MLR, the Proceeds of Crime Act 2002, the Terrorism Act 2000 or LC 12.1.1.

3.    Scottish notes and pre-paid cards

Having set out in its 2020 risk assessment “the significant, potential money laundering risks associated with the use of Scottish notes and pre-paid cards” the Gambling Commission points out the increased risk of Scottish notes being used to top up pre-paid cards. It reminds licensees to “remain curious as to the source of customer funds and conduct ongoing monitoring to ensure that customer spending levels align with your knowledge of their affordability to gamble”.

It would be sensible for licensees to take this into account when reviewing their risk assessments, and to be mindful of the Gambling Commission’s concerns if they are accepting pre-paid cards.

Please get in touch with us if you would like any assistance on compliance or enforcement matters.