Great Britain’s Gambling Commission has set out several concerns regarding the measures operators have in place for anti-money laundering and counter-terrorist financing (CTF). The commission said some licensees should consider amending their systems to reduce risks.
In an industry bulletin dated 3 October, the Gambling Commission highlighted several areas for improvement. All operators licensed in Britain are required to have measures in place to protect against money laundering and terrorist financing.
Among the key concerns was an “over-reliance on financial threshold controls”. The regulator said in some cases licensees only began customer risk-profiling and associated risk-based due diligence procedures when a financial threshold was reached.
This, it said, was despite other, non-spend related risk factors being clearly present throughout.
It also noted how some financial thresholds were set at an inappropriately high level for the risks present. In addition, it said this reliance on financial thresholds was to the detriment of other risk factors.
The regulator said this allowed players with significant risk factors to gamble without any appropriate risk-based due diligence taking place, or only after they had deposited and withdrawn large sums.
To combat this, the regulator recommended licensees conduct ongoing risk-based customer due diligence and monitoring. It also warned that these parameters should be set at an appropriate level.
“Financial threshold controls can be a useful tool in combatting money laundering and terrorist financing,” it said.
“However, they must not be relied upon in isolation and must be set at a level that is appropriate based on the individual licensee’s risk assessment, business model and customer base and the customer risk profile.”
Gambling Commission urges more action to protect players
Other areas of concern flagged by the Gambling Commission included not compiling risk profiles in line with official guidance. It noted cases where risk factors related to a customer were not identified either at all or not early enough.
“Customer risk profiling must be informed by the operator’s wider risk assessment,” the regulator said. “Operators need to assess the extent to which a particular customer triggers the risk factors considered in the risk assessment and graduate the risk profile of the customer and the level of customer due diligence undertaken accordingly.”
The commission had similar concerns over how players’ documentation and information was scrutinised. In some cases, it said in a review of current systems, operators had failed to identify stand-out risk indicators such as bank statements with significant third-party deposits evident and/or outgoings higher than income.
“We have also seen examples where, although the documentation contained indicators suggesting the document was false or fraudulent, the required enhanced customer due diligence was not conducted,” the regulator said.
“Operators need to have appropriate controls in place to identify such cases and need to ensure that their staff are appropriately trained to assess customer documentation, including how to identify false documents.”
Also flagged was an apparent neglect of proper staff training on AML and CTF issues. This, the commission said, could lead to oversight of key protection measures for both operators and their customers.
Other concerns included poor record keeping, lack of due diligence on third-party relationships and using exterior companies to draft risk assessments.
AI remains a concern for money laundering measures
In addition, the commission noted a rise in the use of AI, algorithms and behavioural models for AML purposes. It said these technologies have been used to identify red flags for money laundering and terrorist financing within a customer’s profile and/or behaviour.
While it acknowledged these can be useful, it said not all operators understand how algorithms work as an AML control. As such, they have not been able to implement them properly, thus falling foul of their licence conditions.
“We have identified compliance concerns where, due to the configuration of the algorithm, high-risk indicators have not been identified and/or escalated by the automated control in place,” the regulator said.
“Operators must ensure that their suite of AML controls, including any algorithms, other reports and manual processes, are appropriately identifying risks so that risk-based due diligence can take place.”
In a review of Gambling Commission AML compliance, the GC said some operators’ financial thresholds were set at an inappropriately high level for the risks present.