The Gambling Commission released its most recent update on emerging money laundering and terrorist financing risks on 9 February 2024. This update covers five emerging risks that we set out in detail below.

1. Multiple cards and innovative payment methods

The Gambling Commission indicates that there are an increasing number of instances of “multiple stolen debit cards” being used to fund online gambling activities. Alongside virtual debit card products that allow multiple virtual debit cards to be linked to one bank account, these instances pose a significant money laundering and terrorist financing (“ML/TF”) risk.

The Gambling Commission points out the following (non-exhaustive) red flag indicators of which licensees should be mindful:

• • the operator is unable to match the customer’s personal details with the card details;
  • the operator does not have the ability to verify the card holder’s identity information; and
  • there are multiple bank accounts being used to fund a customer’s gambling activity.

The Gambling Commission reminds licensees that they are required to have “robust customer due diligence and onboarding checks” in place. It points out that in accordance with Licence Condition (“LC”) 12 of the Licence Conditions and Codes of Practice (“LCCP”), licensees must review their ML/TF risk assessments as necessary in the light of “any changes of circumstances, including the introduction of new products or technology or new methods of payment by customers.” It also reminds licensees that they must consider whether checks on customer ID documents are sufficient to identify false, stolen or “mule” (third party) ID documents, in accordance with the identification and verification requirements set out in LC 17.1.1(1) and (4).

2. Risks associated with access to third party funds

The Gambling Commission states that customers who are in functions, roles or responsibilities that give them access to third party funds should be considered to present a higher inherent ML/TF risk. Such roles may include access to:

• • the funds of vulnerable people;
  • customer funds, in the case of banking, accounting or finance (for example);
  • company funds; and
  • charitable funds.

It points out that licensees should consider these risks at the start of the customer relationship and before any deposits are made, noting that in order to sufficiently identify these risks customer monitoring should be an ongoing process.

3. Updated FATF ‘grey list’

In stating that the Democratic Republic of the Congo, Mozambique and Tanzania have been added to the list of jurisdictions that are under an increased level of monitoring by the Financial Action Task Force (“FATF”), the Gambling Commission points out that these jurisdictions are placed on the FATF’s ‘grey list’ due to “strategic deficiencies in their regimes to counter money laundering, terrorist financing and proliferation financing.”

It reminds licensees to conduct robust customer due diligence checks in relation to any customer relationships associated with the jurisdictions on the FATF’s grey list in order to mitigate the risk of ML/TF, including proliferation financing.

The above-listed countries were added to the FATF’s grey list on 27 October 2023. However, it is important licensees note that following the Gambling Commission’s February 2024 update, the FATF announced on 23 February 2024 that Barbados and Gibraltar have been removed from the grey list. The FATF’s recent announcement and full grey list can be found here.

4. Funds originating from crypto-assets

The Gambling Commission states that it is aware of cases of licensees “not sufficiently” considering the risks associated with customer funds where the funds have originated from crypto-assets. It reminds licensees that it considers crypto-assets to be high risk and it expects licensees to “appropriately scrutinise transactions throughout the course of customer and business relationships.”

5. Common operator failings

The Gambling Commission states that there continues to be numerous instances of  customers being able to deposit large amounts of money before the first anti-money laundering (“AML”) review can be undertaken by the licensee against a customer, due to insufficient and/or ineffective source of funds (“SOF”) checks and enhanced customer due diligence or KYC triggers.  

It states that licensees have been identified as “failing to critically review SOF documentation” instead relying on electronic checks, which includes relying solely on open-source information, such as Companies House records, to verify SOF information. Other issues include licensees failing to provide sufficient guidance to staff on how to review and verify SOF information and to determine what supporting documents should be requested.

To mitigate these risks, the Gambling Commission recommends:

• • setting realistic and effective monetary and non-monetary thresholds/triggers for determining when customer interactions should take place;
  • carrying out such interactions earlier on in the customer relationship;
  • ongoing customer monitoring (including monitoring all transactions or activity). The monitoring of customer activity should be carried out using a risk-based approach. Higher risk customers should be subjected to a frequency and depth of scrutiny greater than may be appropriate for lower risk customers; and
  • considering geographical, customer, transactional and product risk in all customer relationships.

Next steps

As a reminder to licensees, LC 12.1.1(3) of the LCCP requires that all operating licence holders (with the exception of gaming machine technical and gambling software licences) ensure that their policies, procedures and controls for the prevention of money laundering and terrorist financing are “implemented effectively, kept under review, revised appropriately to ensure that they remain effective, and take into account any applicable learning or guidelines published by the Gambling Commission from time to time”.

We recommend that all licensees review their ML/TF risk assessments as soon as possible in the light of the Gambling Commission’s update. In addition to any necessary updates to their risk assessments, licensees must update their policies, procedures and controls to take into account any changes made.

Please get in contact with us if you require assistance reviewing your ML/TF risk assessment and/or your AML policies, procedures and controls.