Consultation Response on Changes to Information Requirements – AML/CTF
In our blog of 7 April 2020 we summarised the Gambling Commission’s consultation, launched on 26 February 2020, in two parts, on planned changes to regulatory information and data reporting requirements. On 30 July 2020, the Gambling Commission published its consultation response document (the “Consultation Response”). The Gambling Commission received 70 written responses to its consultation, including 50 from licensees.
Some of the stated proposals of the consultation were “to make data requirements more efficient for licensees, and for ”, to “streamline existing requirements” and to “reduce regulatory burden”. The stated aim of the consultation being “to ensure the information requirements placed on licence holders are proportionate and effective to inform regulation of the industry”. Whilst many of the changes serve to support the Gambling Commission’s aims and proposals, some of the proposed changes relating to anti-money laundering (“AML”) and counter terrorist financing (“CTF”) may serve to confuse licensees’ understanding and increase the regulatory burden.
We recommend that all licensees read the Consultation Response and new/amended provisions in the Licence Conditions and Codes of Practice (“LCCP”). We highlight some of the Gambling Commission’s significant changes relating to AML/CTF:
New licence condition 15.1.3 – Reporting of systematic or organised money lending
All non-remote casino, non-remote bingo, general betting, adult gaming centre, family entertainment centre and remote betting intermediary (trading rooms only) licences
- Licensees must as soon as reasonably practicable, in such form or manner as the Commission may from time to time specify, provide the Commission with any information relating to cases where they encounter systematic, organised or substantial money lending between customers on their premises, in accordance with the ordinary code provisions on money lending between customers.
Presently, ordinary code provisions 3.8.1 and 3.8.2, which apply only to non-remote casinos, provide that licensees take steps to prevent systematic or organised money lending between customers on their premises, and provide that the Gambling Commission should be notified where licensees encounter the same. This new licence condition is self-explanatory: it elevates the reporting requirement to a licence condition.
New licence condition 15.2.2(1)(d) – Other reportable events
All operating licences:
1. Licensees must also notify the Commission in such form or manner as the Commission may from time to time specify, as soon as reasonably practicable of the occurrence of any of the following events:
…
d. any actual or potential breaches by the licensee of the requirements imposed by or under Parts 7 or 8 of the Proceeds of Crime Act 2002, or Part III of the Terrorism Act 2000, or any UK law by which those statutes are amended or superseded.
The Gambling Commission re-emphasises in the Consultation Response that the primary purpose of the introduction of this reportable event is to encourage self-reporting by licensees of breaches of the relevant provisions of the Proceeds of Crime Act 2002 (“POCA”) or Part III of the Terrorism Act 2000 (the “Terrorism Act”).
A number of concerns were raised about the Gambling Commission’s proposal, with respondents considering it to be too broad. This was likely founded on a concern that licensees would be obliged to notify the Gambling Commission each time they submit a suspicious activity report (“SAR”) to the National Crime Agency (“NCA”), because such submission may constitute “a potential breach”. However, the Gambling Commission has made it clear in its Consultation Response that it does not consider the introduction of this licence condition to be too broad, as it covers actual or potential breaches by the licensee and does not extend to breaches by customers of the licensee. It stated:
The only relevant provisions therefore are the reporting requirements in relation to known or suspected money laundering or terrorist financing activity, breaches of the tipping off or prejudicing an investigation requirements, or committing one or more of the principle money laundering or terrorist financing offences...We agree that it is for the courts to decide whether a breach has occurred, and we do not intend to adjudicate in place of this. We do expect a licensee to be capable of identifying whether a breach has or potentially has occurred, and this should be reported to us as it may have an impact on the continued suitability of an operator to hold a licence. The reportable event is a simple process of notifying the Commission of either proven or potential breaches. We encourage self-reporting by licensees which allows us to better manage potential money laundering and terrorist financing risks, and thus keep crime out of gambling.
We therefore suggest that licensees who are concerned about the impact of this new licence condition consider the following when determining whether or not they (and not their customers) have actually or potentially committed any offence under the relevant parts of POCA or the Terrorism Act:
- Did knowledge or suspicion exist when the licensee entered into or became concerned in an arrangement? The continuance or termination of a business relationship may be a relevant consideration here.
- Under certain provisions of the legislation, the submission of a SAR or the receipt of consent from the NCA serves to ensure that there is no offence committed by the licensee.
- Any failure to submit a SAR where knowledge or suspicion of money laundering or terrorist financing exists, or there are reasonable grounds for knowing or suspecting the same, may be caught as a potential breach (failure to disclose) and therefore may be notifiable. To mitigate the risk of licensees committing (or potentially committing) disclosure offences, care should be taken to ensure that policies, procedures and training are clear and up to date in relation to licensees’ SAR procedures.
- Have any tipping off, or prejudicing an investigation, offences been committed? The Gambling Commission also made it clear in its Consultation Response that it does not consider that licensees will be at risk of committing the offences of tipping off or prejudicing an investigation when notifying the Gambling Commission under licence condition 15.2.2(1)(d). This seems logical; the notification is not required unless these offences have been committed by the licensee, if they have been, the licensee’s disclosure to the Gambling Commission would likely amount to a confession rather than tipping off or prejudicing an investigation.
New licence condition 15.2.3 – Other reportable events – money laundering, terrorist financing, etc
All non-remote and remote casino operating licences
1. Licensees must notify the Commission in such form or manner as the Commission may from time to time specify, as soon as reasonably practicable of any actual or potential breaches by the licensee of the provisions of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on Payer) Regulations 2017 , or any UK Statutory Instrument by which those regulations are amended or superseded.
2. Licensees must, within 14 days of the appointment, notify the Commission of the identity of the individual appointed as:
a. the officer responsible for the licensee’s compliance with the (regulation 21(1)(a)),
b. the nominated officer (regulation 21(3))
c. and any subsequent appointment to either of those positions.
3. Licensees must, within 14 days of the departure or removal of any individual appointed to the positions mentioned in 2 above, notify the Commission of such departure or removal.
A number of concerns were raised about the Gambling Commission’s proposal, with respondents requesting further guidance on the types of breaches that should be reported under licence condition 15.2.3(1) if the Gambling Commission wanted reporting to be consistent, non-subjective and not overly burdensome. Concerns were also raised that the requirement to report potential breaches was significantly beyond that prescribed in the Regulations.
The Regulations are comprehensive and amongst other things contain customer and enhanced due diligence, record keeping, training and risk assessment requirements. This reporting requirement, in particular the requirement to report potential breaches, is therefore likely to cause confusion and will significantly increase the burden of compliance on licensees.
Key points to note:
- Despite some of the requirements of the Regulations being explicit (for example CDD being required before establishing a business relationship or in relation to a transaction that amounts to 2,000 euros or more), others require a risk-based approach. A breach in this sense may constitute a failure to take a risk-based approach and not a certain decision that in hindsight is deemed regretful.
- In some cases, it will be very difficult for licensees to determine, on a risk-based approach, whether or not they have potentially breached the Regulations. Licensees may therefore choose to take a subjective view when considering whether or not a potential breach as occurred. Other relevant factors may include:
- whether a licensee’s policies and procedures have been adhered to;
- given that a breach of a policy implemented on a risk-based approach may be indicative of a potential breach of the Regulations, licensees may wish to review their policies and procedures to ensure that they are not overly committal in certain areas. For example, the Regulations require the regular provision of training in how to recognise and deal with transactions and other activities which may be related to money laundering or terrorist financing. If licensees have deemed in their policy that this training will be provided annually, has there been a potential breach if this training is late and delivered after 13 months? A simpler approach to avoid this may be to specify in policy that training will be delivered regularly and at approximately 12-month intervals, this allowing for flexibility without the pressure of considering Gambling Commission notification.
- Are there processes in place to ensure that the notification requirements will be adhered to? What is the procedure? Who is responsible for making the decision on notification?
- Have licensees conducted a gap analysis against the Regulations to ensure that all of the requirements are covered by existing policies and procedures?
- In circumstances where a decision is made not to notify the Gambling Commission, licensees may consider it sensible to document their decision making process such that this justification can be provided to the Gambling Commission in the event of challenge at a later stage.
- The Gambling Commission has made it clear in the Consultation Response that it does not expect licensees to notify it about customer accounts suspended due to a lack of satisfactory source of funds documentation. It is actual or potential breaches of the Regulations – by the licensee – that the Gambling Commission expects to be notified about.
In addition, under licence conditions 15.2.3(2) and (3), licensees are required to notify the Gambling Commission within 14 days of the appointment, and/or departure, and/or removal of both:
- the officer responsible for their compliance with the Regulations; and
- their nominated officer.
The Gambling Commission makes it clear in the Consultation Response that the notification should include the full details of the individuals, the date of their appointment and details of their position within the business, senior management or role on the board. The Gambling Commission also points out that it intends to consult on the status of the nominated officer role later in 2020.
We strongly recommend that licensees review their AML/CTF policies, procedures, controls and training programmes now to ensure that adequate provision has been made for adherence to these changes before they come into force.
The changes come into force on 31 October 2020.
If you would like to discuss any of the issues raised, please do get in touch with us.