Reforms to anti-money laundering (AML) rules have already been finalised at EU level and gambling operators operating in the British market should be preparing themselves for the changes to impact on them.
New legislation is expected to be tabled in the autumn to implement the EU's fourth AML Directive, finalised last year. The reforms will impose specific AML duties on a greater number of gambling operators than is currently the case, with potential criminal penalties for non-compliance.
Existing AML rules and guidance that applies to casinos offer clues to other gambling operators of the internal controls they will need to put in place to account for the new framework.
Existing AML rules and the EU's new AML Directive
All gambling operators operating in Britain must address AML risks under current rules set out in the Gambling Act and under the Gambling Commission's licensing regime, however, casinos are the only businesses within the gambling sector currently subject to specific AML laws.
The UK's existing Money Laundering Regulations, which in-part implement previous EU AML rules, considers both premises-based and remote casinos to be in the 'regulated sector' and subject to specific AML obligations.
Casinos must establish and maintain appropriate risk-based policies and procedures to prevent money laundering and terrorist financing under the regulations. Customer due diligence duties also apply under the regulations. They require casinos to either identify and verify a customer's identity before entry to the casino or access is given to remote gaming facilities, or alternatively when a customer pays to, or stakes with, the casino €2,000 over the course of a 24 hour period. Enhanced due diligence rules apply in the context of remote gambling where casinos must obtain evidence of identity from at least two sources and give further consideration to whether a source of funds check is also necessary.
The regulations further require casinos to appoint a dedicated money laundering reporting officer who must fulfil a range of duties, including receiving and filing suspicious activity reports and seeking consent to complete suspect transactions where necessary under the Proceeds of Crime Act (POCA) and the Terrorism Act. Employees must be required to report any knowledge or suspicion of money laundering to that reporting officer.
Casinos must also ensure all relevant employees are trained on money laundering and terrorist financing, and on how to recognise and deal with suspicious transactions and activities and must keep up to date records of the customer due diligence checks.
Guidance issued by the Gambling Commission (51-page / 555KB PDF) for casinos on compliance with these duties emphasises the need for senior management to be fully engaged in managing risk.
Similar obligations can be expected to be imposed on other gambling operators under the EU's fourth AML Directive.
A fundamental change introduced by the Directive is to move the gambling industry in its entirety into the 'regulated sector' in the light of concerns that the sector is vulnerable to money laundering. This means that non-casino gambling operators would be required to carry out the duties that casinos are currently obliged to comply with or face potential criminal penalties for failing to do so.
EU national governments can decide to opt those companies out of those requirements under the Directive.
There must be a "proven low risk posed by the nature and, where appropriate, the scale of operations of such services" for the opt-out right to be legitimately exercised. The Treasury will be responsible for making such determinations on risk, but will be advised on the issue by the Gambling Commission. The Commission has indicated that "any determination of risk is likely to include not only the vulnerability to money laundering but also the presence and effectiveness of controls to mitigate it".
Areas of focus for internal controls
The introduction of the Directive into UK law will bring the threat of money laundering in the gambling industry into sharper focus and operators in the industry will need to ensure their internal controls meet the legal requirements and the Gambling Commission's guidance.
Previous failings of gambling operators identified by the Gambling Commission to-date show that anti-money laundering internal controls should ensure that:
- customer risk is appropriately assessed;
- rigorous due diligence checks are carried out and go beyond reliance on negative information, such as no trace results;
- source of funds / wealth checks are carried out;
- all employees are trained to recognise 'red flags' for money laundering and on the appropriate range of actions to be taken;
- 'red flags' prompt a review of whether to continue a particular business relationship;
- decision making records are maintained; and
- appropriate levels of on-going monitoring are carried out.
Stacy Keen is an expert in anti-money laundering regulations at Pinsent Masons, the law firm behind Out-Law.com.