February 15, 2022
On 10 February, the Commission released an emerging risk update in relation to money laundering and terrorist financing. The update covers three key areas:
- gambling operators having inadequate money laundering and terrorist financing risk assessments in place;
- insufficient due diligence checks on third party providers and/or business relationships; and
- the use of Scottish notes and pre-paid cards by customers.
Improvements needed in gambling operators’ money laundering and terrorist financing risk assessments (including policies, procedures and controls)
Licensees are directed to Licence Condition 12.1.1 which requires them to “conduct an assessment of the risks of their business[es] being used for money laundering and terrorist financing” and to “ensure they have appropriate policies, procedures and controls to prevent money laundering and terrorist financing”. Licensees are also reminded to refer to the Commission’s guidance for casinos and other gambling businesses when approaching the implementation of a risk-based approach.
Overall, the Commission says it “expects to see significant improvements by licensees around their money laundering and terrorist financing controls” and reminds operators that it will take regulatory action, including potential suspension and licence revocation, where significant failings are identified. Licensees are advised to refer to the Compliance and Enforcement Repot 2020 to 2021 for examples of good practice.
Due diligence checks on third party business relationships and business investors
The Commission states that it has become aware of instances of operators failing to conduct sufficient due diligence measures in their third-party business relationships. White label partnerships are noted as particularly high risk.
Operators are again reminded to refer to the Commission’s guidance for both casino and other gambling operators (linked above), which highlight the need to give due consideration to the money laundering risks posed by their B2B relationships with third parties. Particular consideration should be given to:
- Risks posed to operators by the jurisdictional location of relevant third parties (particularly in relation to sanctioned jurisdictions);
- Any relevant domestic AML legislation with which they must comply; and
- Transactions and arrangements with third parties such as payment providers and/or processors, including beneficial ownership and source of funds.
Operators are advised to re-visit the April and July 2020 e-bulletins for further information on the risks associated with cryptoasset payments and the importance of robust due diligence in relation to third parties. The Commission reminds operators that any failure to consider these risks could lead to a breach of:
- LC 12.1.1(1), requiring operators to conduct risk assessments in relation to money laundering and terrorist financing;
- LC 12.1.1(3), requiring operators to take Commission guidelines into account; and/or
- Part 7 of the Proceeds of Crime Act 2002 and Part 3 of the Terrorism Act 2000, requiring SARS to be submitted to the UK FIU in instances of knowledge and/or suspicion of money laundering or terrorist financing.
Scottish notes and pre-paid cards
The Commission has previously flagged the significant potential money laundering risks associated with the use of Scottish notes and pre-paid cards. It now highlights the increased risk of Scottish notes being used to top up pre-paid cards.
Operators are advised to “remain curious as to the source of customer funds and conduct ongoing customer monitoring” to ensure spending levels remain aligned with operators’ knowledge of their customers’ affordability to gamble. The Commission further reminds operators that the ‘good practice’ techniques that should be conducted to ensure compliance with legal obligations can be found in the Compliance and Enforcement Report 2019 to 2020.
Much of the Commission’s regulatory energy in recent years has been directed at the AML risks arising from inadequate customer checks on the part of B2C operators. However with several years’ worth of enforcement work, severe sanctions and extensive publicity in this sphere of regulation, the Commission now seems to have some spare bandwidth to turn AML risk in a more jurisdictional and commercial sense, in other words, the vulnerability (or potential vulnerability) of B2B, white label and JV contractual arrangements. The Commission makes plain reference to the risks posed to its licensees by the ‘jurisdictional location of their third party [business partners]’ and to ‘relevant domestic anti-money laundering legislation’. Reference is also made the ‘payment providers and processors…including their source of funds’. Operators, particularly B2B and white label providers, will need carefully to consider these regulatory exhortations in relation to the complex cross-jurisdictional supply chains in which they are frequently involved.
Further information on the emerging risk update can be found here.