Following its announcement, in April 2022, of the introduction of a new Social Responsibility Code Provision (“SRCP”) 3.4.3 that comes into effect on 12 September 2022, the Gambling Commission (the “Commission”) published its customer interaction guidance – for remote gambling businesses (formal guidance under SR Code 3.4.3) (the “2022 Guidance”) on 20 June 2022, which comes into effect at the same time as SRCP 3.4.3. To date the Commission has made no reference to the revision of its guidance for premises-based businesses and therefore those licensees remain in the dark about any changes that may be introduced in the future.

However, the Commission’s reference to “[n]ew consumer protection guidance” in the press release for the 2022 Guidance demonstrates further its self-driven evolution into a consumer protection body and, given that the requirements set out in SRCP 3.4.3 require action across licensees’ entire customer base, the Commission’s reference to “new rules on action for at risk customers” in the release for the new SRCP is a further indication that the Commission considers all gamblers to be “at risk”. It is therefore likely that revisions to the requirements for premises-based licensees will follow. As we know from the affordability issue, whether formal inclusion of these licensees occurs or not, the Commission is not averse to applying guidance to the entire industry. As we have explained before, the Commission’s approach is difficult to reconcile with the licensing objectives set out in section 1 of the Gambling Act 2005 (the “2005 Act”) and in the Commission’s statutory obligations under section 22 of the Act:

“(a) to pursue, and wherever appropriate to have regard to, the licensing objectives, and

(b) to permit gambling, in so far as [it] thinks it reasonably consistent with pursuit of the licensing objectives”

The Commission is not charged with protecting all consumers, however admirable that may be; it could be the purpose of an ombudsman if appointed as part of the changes to gambling legislation. It was certainly not the intention of Parliament when passing the 2005 Act that the third licensing objective – “protecting children and other vulnerable persons from being harmed or exploited by gambling” apply to all customers who, at some point in time, may be “at risk”.

The 2022 Guidance, which we recommend licensees review in detail, reveals an apparent ignorance on the Commission’s part of various concerns that have been raised in the past about its approach, thereby exposing it to the risk of challenge. This article does not attempt a detailed critique of the entire 2022 Guidance; rather we have sought to identify the most salient points which we believe may have the greatest impact on licensees, or where we believe the Commission’s approach is misconceived.

Section A – General requirements

Paragraphs 1 and 2 – Formal guidance?

The Commission maintains its previous approach in paragraphs 1 and 2 of SRCP 3.4.3, requiring licensees to “embed the three elements of customer interaction – identify, act and evaluate”. Its replacement of the previous requirement to “interact” with a requirement to “act to minimise harm” illustrates its expectation that licensees do more than simply engage with customers and that tailored, proactive steps are taken to minimise the risk of harm.

The 2022 Guidance is more prescriptive than the existing guidance documents that the Commission has issued in relation to customer interaction, and it is certainly less outcome focussed. It requires licensees to undertake specific measures, for example that “licenses must understand that there are many reasons a person may be in a vulnerable situation” or that “licensees must identify customers that may be at risk of harm using all of the information available about the customer.” The use of words such as “must” and “required” have no place in guidance: they are the language of statute, conditions and codes of practice. We will leave for now the bigger issue that this prescription undermines the entire premise of the 2005 Act, which introduced a principles and risk-based system, as opposed to the prescriptive regime of the Gaming Act 1968 which it replaced.

It is of note that paragraph 2 requires that licensees “take into account the Commission’s guidance on customer interaction … as published and revised from time to time…” and that the Commission makes similar reference in the 2022 Guidance, stating that “for the purposes of raising standards, protecting customer interests, and preventing harm to customers, [we] will update and re-issue guidance.” It is intriguing how the Commission considers that future updates to guidance “intended to support compliance with LCCP SR code 3.4.3” can raise standards or prevent harm. Unless, that is, the Commission intends to use the “formal” 2022 Guidance to implement “formal” requirements.

For a number of reasons, the Commission’s attempt to make a silk purse out of a sow’s ear is evident from the questionable foundations upon which the evolved 2022 Guidance is based. Firstly, and somewhat unsurprisingly, the Commission continues to ignore previous concerns raised, not least by us, about its use of guidance: guidance that enables the Commission to outline its expectations to licensees to assist their understanding of licence conditions or codes of practice is sensible. However, the Commission continues to introduce formal requirements through its use of guidance and without consultation, which is wrong. The Commission’s powers are controlled by statute and are therefore the preserve of Parliament. The 2005 Act requires that the Commission must consult before specifying a licence condition (section 76) and before issuing or revising a code of practice (section 24). Guidance must therefore be easily distinguished from a licence condition or code of practice (including those that carry the weight of a licence conditions such as SRCP 3.4.3) and should not prescribe additional requirements.

The distinction is not more apparent than real. Aside from the fact that it exceeds the Commission’s powers to introduce a licence condition or code of practice without consultation, by using guidance which should only be explanatory rather than mandatory, the distinction has very different consequences. Breach of a licence condition or code of practice carrying the weight of a licence condition is a criminal offence and allows the Commission to prosecute or resort to its full armoury of penalties through licence review. By contrast, licensees must “take into account” guidance and therefore not following it should not be an automatic breach. It is therefore wrong, and confusing, for the Commission to include specific requirements in the 2022 Guidance, particularly when it has very recently consulted on the introduction of SRCP 3.4.3 and has thus had the opportunity formally to introduce whatever further formal requirements it wished at that time. Reference to “formal” guidance in the title of the 2022 Guidance is indicative that it knew what it was doing.

Secondly, if the Commission is willing and able to circumvent statutory controls now, and not for the first time (it introduced its Covid-19 guidance very quickly and not alongside a change to the SRCP or consultation), it is likely to do so again. This leaves licensees and other stakeholders exposed to the risk of further change without fair notice or the ability to challenge.

Thirdly, whilst it may seem somewhat hypocritical to challenge now this prescription when licensees have been desperate for clarity for many years, a more thorough analysis of the 2022 Guidance reveals that, despite it being more prescriptive, it is unlikely to provide licensees with the clarity that they desire and will certainly lead to a continuance of the ‘flexible interpretation’ experienced by licensees during compliance assessments and subsequent regulatory investigations. One might argue that, like licensees, the Commission has also struggled to identify what specific controls and thresholds will adequately identify who might be at risk of harm and balance those controls against the freedom of choice.  

It seems that in recent times, guidance, formal guidance and licence conditions have become one and the same thing in the belief of the Commission, the only difference being that the former two contain requirements that the Commission have found inconvenient.

Section B: Identify

Paragraph 3 – Transforming vulnerability

Paragraph 3 requires that “Licensees must consider the factors that might make a customer more vulnerable to experiencing gambling harms and implement systems and processes to take appropriate and timely action where indicators of vulnerability are identified. Licensees must take account of the Commission’s approach to vulnerability as set out in the Commission’s Guidance.” Prior to the publication of the 2022 Guidance, the wording of paragraph 3 indicated that the Commission may have taken a step back from its intention, set out in its consultation, to require that licensees “take account of its definition of vulnerability”. However, it is clear in the 2022 Guidance that this is not the case: the requirement remains but it is drafted more subtly. The Commission sets out in “Aim 3” (which reads as more of an obligation than an aim – a theme that runs throughout the 2022 Guidance) that “[we] require operators to take action when they are aware that a customer is in a vulnerable situation”, and sets out its own definition of a vulnerable person as

“somebody who, due to their personal circumstances, is especially susceptible to harm, particularly when a firm is not acting with appropriate levels of care”.

The Commission requires (amongst other things) that “licensees must understand that there are many reasons a person may be in a vulnerable situation…” explaining that a vulnerable situation “can be permanent, temporary or intermittent, and may be related to health, capability, resilience, or the impact of a life event such as a bereavement or loss of income”.

In recent years the transformation of what the Commission considers to be “vulnerability” is bewildering. Parliament clearly considered the interpretation of vulnerability a straightforward matter: it did not find it necessary to include a statutory definition in the 2005 Act. This is understandable: as we have discussed previously, the reference in the third licensing objective firstly to children, and then to other vulnerable persons, adequately set out Parliament’s intention that the licensing objective apply to those people who are not able to make properly informed or ‘adult’ decisions.

Most worrying, however, is that vulnerability as now defined, is to be determined by whether a “firm”, which we understand to mean a licensed operator, is “acting with appropriate levels of care”. Given that the decision about whether a licensee has acted with “appropriate levels of care” rests with the Commission, it seems that vulnerability will be determined subjectively by the Commission, in hindsight, most likely during compliance assessments, and based primarily on a licensee’s actions and controls in relation to each individual customer. In referring to those “appropriate levels of care” the Commission also suggests incorrectly that licensees have a duty of care at law to prevent customers from gambling if they are or might be vulnerable and risks improperly seeking to introduce such a duty in law, or at least exposing licensees to such a challenge based on its definition.

Matters are likely to become further complicated when the Commission launches its further consultation on the ways to tackle what it considers to be three key financial risks for consumers: binge gambling, significant unaffordable losses over time, and risks for those who are financially vulnerable (the “Financial Risks Consultation”). Licensees who are hoping that this consultation will provide clarity about affordability expectations may be disappointed and faced with a further definition to consider, this time of “financial vulnerability”. Based on its current approach, the Commission is likely to permit itself a similar level of hindsight, the focus of its decisions being on action taken and controls implemented.  

The Commission apparently considers itself lawmaker on a par with Parliament: it will determine who is and who is not vulnerable, and will further amend its definition without consultation, whenever it sees fit.

Paragraphs 4 and 5 – Affordability?

Paragraphs 4 and 5 require licensees to “have in place effective systems and processes for monitoring customer activity” and set out a range of indicators which must be operated by licensees. The 2022 Guidance expands on these requirements, making it clear that the Commission expects a mix of automated and manual processes and that systems should “draw on all available sources of data”.

The 2022 Guidance does nothing to clarify the uncertainty about affordability, with the Commission’s position largely replicating the previous guidance. In setting out examples of indicators which should be used by licensees (some of which have now been made requirements) the Commission refers to “[A]mounts spent compared with other customers, taking account of financial vulnerability”. It is of note that in its reference to the Financial Risks Consultation, the Commission indicates that further “guidance” will follow. Again, given that the Commission has considered it necessary to define “vulnerability”, this is an indication that a further definition for “financial vulnerability” seems likely.

Section C – Act

Paragraphs 8, 9, and 11 – An absence of prescription or guidance?

These paragraphs require that licensees take “appropriate action in a timely manner when they have identified a risk of harm” and that this action is tailored “based on the number and level of indicators of harm exhibited.” The 2022 Guidance obliges licensees to have a suite of actions in place ranging from “early generic action” to “very strong” action (this essentially amounting to ending the business relationship). The Commission does not, however, specify which indicators of harm it considers lower level and which it considers strong. Rather, strong indicators must be “defined within the licensees’ processes”. Prescription, when most likely to be helpful, is absent. The resulting inevitability of inconsistent standards and expectations being applied during compliance assessments will further frustrate licensees.

The requirement not only to “implement automated processes”, but also when those automated processes are applied to “manually review their operation in each individual customer’s case” is burdensome, impracticable, counterproductive and undermines the benefits of automation. The limited guidance – in its true sense – in relation to this requirement and the lack of clarity about when any manual review must take place, is indicative that the Commission has not considered fully how it is “consistent with data protection requirements”.

Section D – Evaluate

Paragraphs 12, 13 and 14 – Impact?

Evaluating the impact of each customer interaction is no easy task. As licensees have already experienced, it doubles the operational impact, with additional and equivalent resource required to follow up on the original interaction. The Commission fairly points out in the 2022 Guidance that “not every customer who receives an interaction will require a follow up” however it overlooks the fact that not every interaction will require evaluation. The Commission states that “by impact we mean a change in the customer’s gambling activity which could be attributed to the interaction”. The implication here is that if the customer’s gambling activity does not change for the better (i.e stop or reduce), they are suffering, or continue to be at risk of suffering harm. This cannot be correct. Some customers will, for various reasons, simply continue to gamble at previous levels, or may even increase their spend, particularly if they are winning (as is commonplace when most people gamble). This is certainly not always an indicator of harm. This lack of clarity will mean that licensees will continue to feel obligated to ensure that on every occasion they interact with a customer they see a change in behaviour, and where this is not the case will feel bound to take further action whether or not any such action is wanted by a customer or thought necessary to prevent harm.

The requirement that licensees evaluate the effectiveness of their overall approach maintains the current requirements, however the Commission sets out in more detail its expectations. The new obligation to “take account of problem gambling rates for the relevant activity published by the Commission in order to check whether the number of customer interactions is, at a minimum, in line with this level” is something of a step away from the tailored approach of other requirements in SRCP 3.4.3 and the 2022 Guidance. To avoid criticism, licensees will need to be acutely aware of any updated publication of problem gambling rates by the Commission, however questionable that data may be, and ensure that this is reflected in their approach.

Conclusion

Whatever the Commission’s intention, and however strongly it feels that licensees are not going far enough to protect consumers, it is vitally important that it acts within its statutory remit. Not for the first time, the 2022 Guidance reveals a willingness on the Commission’s part to act beyond its powers, this time under the guise of the new SRCP and its intention to introduce “stronger and more prescriptive” rules. The Commission’s willingness to continually use guidance as a means of introducing formal requirements through the back door is concerning and it may only be a matter of time before it faces challenge. In the meantime, licensees should ensure that they take steps to ensure that they are able to adhere to both the SRCP and the 2022 Guidance to mitigate the risk of regulatory action.

With thanks to Julian Harris for his invaluable co-authorship.