The Fourth EU Anti-Money Laundering Directive (“4MLD”) was implemented in the UK on Monday 26 June 2017 when the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer Regulations) 2017 (“2017 Regulations”) came into force.
Although 4MLD extends the scope of the anti-money laundering (“AML”) regime to all “providers of gambling services” (including providers of lotteries, poker games and betting transactions), the UK Government has exercised its option to exempt these additional providers from the 2017 Regulations and only casino operators will be subject to them. This decision was based on several factors including the UK National Risk Assessment (October 2015) which identified the gambling sector as low risk. The Government also noted increased awareness of money laundering and terrorist financing within the industry citing the creation of the Gambling Anti-Money Laundering Group as a good example of this.
Whilst this is undoubtedly welcome news the rest of the gambling industry cannot afford to take its eye off the ball. The existing principal money laundering offences under the Proceeds of Crime Act 2002 (“POCA”) continue to apply to all gaming operators and their employees. The UK Government has also stated that it will keep the ambit of the 2017 Regulations under review and gaming providers should therefore take heed of their AML obligations under POCA and continue to work together to prevent the industry from being targeted and exploited.
The need to adopt a risk-based approach permeates the 2017 Regulations. An evaluation of risk must inform all aspects of a casino operator’s approach to its AML obligations, including the training of its employees. Every casino operator must assess the particular risks of money laundering and terrorist financing inherent within its business and implement policies and procedures to alleviate them. Casino operators must also stay informed and take account of any particular risks identified by the Gambling Commission that may be relevant.
Customer due diligence (“CDD”)
The core requirements in relation to CDD remain the same although 4MLD helpfully gives more examples of when to conduct CDD meaning the requirements are now much clearer. Casinos must (i) identify their customers, (ii) verify their identity on the basis of independent documents and (iii) assess and obtain information about the purpose and intended nature of the business relationship/transaction.
Previously, operators could choose to establish and verify identity upon entry to the casino or else could adopt the threshold approach of doing so when a customer paid, staked or exchanged chips amounting to 2,000 euros or more over a 24-hour period. Consistent with the 4MLD emphasis on the risk-based approach, the Government has removed the “upon entry” option from the 2017 Regulations to encourage casinos to adopt the threshold approach. This reflects its best practice recommendation that operators should develop the systems necessary for tracking and identifying high-risk individuals. However, there is nothing to prevent casinos from continuing to operate a system of requiring CDD at the door, whether through a membership system or by requiring identification documents upon entry and it is of course easier to track and identify high-risk individuals who are members than those who are not.
Where an operator enters into a business relationship with a company there are now very prescriptive rules regarding the CDD information that must be obtained as well as stringent requirements for the provision of this information, backed by criminal sanction. Companies must provide this information within two working days or risk being liable to a criminal offence and the casino will also be liable if it continues with the business relationship/relevant transaction without obtaining the right documentation. This type of scenario might arise in the context of employers organising social events for their employees and casinos should notify new corporate customers of their potential criminal liability.
Casino operators should take particular care where payments are made or received on behalf of third-parties. In this type of scenario, the casino operator must undertake CDD on both the account holder and any parties funding/benefitting from that account.
Enhanced Due Diligence
The 2017 Regulations provide more detail about the types of factors that will necessitate enhanced due diligence (“EDD”). These include (i) where a customer is identified as presenting a high risk of money laundering or terrorist financing (ii) where a customer is from a high-risk country (iii) if the customer is a PEP, a family member of a PEP or a known close associate of a PEP and (iv) where there is an unusual pattern of transactions or where the transactions have no apparent economic purpose. A key change under the 2017 Regulations is that the definition of PEPs has been extended to cover those holding a prominent public function within the UK.
Where a casino operator determines that EDD is required it must examine the background and purpose of the transaction (as far as is reasonably possible) and increase the monitoring of the business relationship. Operators should ensure that their employees are well equipped to identify when increased monitoring is necessary and establish the purpose of the transaction through conversations with the customer.
Although the 2017 Regulations introduce more prescriptive requirements for casino operators, the Gambling Commission’s increased focus on money laundering in the past few years means that those operators already complying with regulatory requirements will, in reality, have to make fewer changes to their AML policies and procedures. The Government has heralded further industry specific guidance, particularly in relation to the circumstances in which CDD should be carried out on existing customers and the triggers for EDD and the Gambling Commission has recently revised its anti-money laundering guidance to reflect the 2017 Regulations.
This article first appeared in Gambling Insider on 21 September 2017.
Johanna Walsh and Mellissa Curzon-Berners