What does the gambling industry need to do about money laundering?

Someone gambling online

AML training requirements for gambling operators

What is the requirement?

All gambling operators have a statutory duty to keep financial crime out of gambling. The Proceeds of Crime Act 2002 (POCA) obligates gambling operators to be alert to customers who try to gamble unlawfully acquired money. Money laundering includes both using illegal cash to clean the money as well as simply using it to fund gambling.

Money laundering risks are not only found in the operator-to-customer relationship, however. They can also occur in business-to-business relationships, as well as with any third parties operators contract with.

All holders of operating licenses issued by the Gambling Commission have obligations to prevent money laundering. This includes operators with few or no employees. It is the responsibility of the operator to ensure they comply with the law.

How does casino money laundering work?

How is money laundered through casinos? Ill-gotten cash is used in gamling in order to “clean” the money, or the unlawfully acquired money is used to fund gambling. Gambling is one way for money to be used in the first stage of a money laundering scheme, i.e., placement, in which dirty cash is inserted into the financial system. This could work, for example, as follows: casino chips are bought with dirty cash. The person plays for a short time or with small stakes, then cashes in the chips and winnings, or bets are made against every possible outcome.

How does money laundering affect gambling?

Money launderers target gambling operators in two distinct ways. First, they may use money, goods or assets that were illegally acquired, or are the proceeds of crime, and try to disguise the origin of that money by putting it through an often cash-intensive legitimate business structure such as a gambling operator. This ‘cleans’ the cash by disguising the true origin of the funds, and allows criminals to put their now legitimate takings back into the financial system.

The second way money launderers abuse gambling operators is by using the proceeds of crime to fund their gambling as a leisure activity. Remember that any proceeds of criminal activity are considered money laundering. So an individual who, for instance, evades tax in order to fund their gambling habits, is laundering money.

Remember that there is no minimum financial threshold for reporting suspected money laundering activity. It is a criminal offence for an operator or anyone working for an operator to fail to report instances where they know or suspect a customer is laundering money.

What is the risk-based approach to money laundering in the gambling industry?

Money laundering is assessed with a risk-based approach. This means operators must identify the money laundering risks most relevant to their sector, design and implement policies and procedures to mitigate and manage those risks, monitor and improve on the effectiveness of those measures, and record everything that is done and why.

If this is not done, the consequences can include regulatory sanctions for operators and their employees, the loss of a licence, civil action against the operator, or even criminal prosecution.

What are some key risks?

The risks will be different in each industry and form of gambling. However, there are certain factors which may be indicative of money laundering, such as a pattern of increasing spend, spend inconsistent with the apparent source of income, or unusual patterns of play. These examples could also be indicative of problem gambling.

Operators have a responsibility to prevent their business from being abused by money launderers and criminals, as well as a responsibility to protect vulnerable people from being harmed by gambling. This is why appropriate checks and enquiries must be made throughout the course of a relationship with a customer and procedures must be in place to identify red flags for potential money laundering as well as potential problem gambling.

Operators should have procedures in place at the establishment of the business relationship with the customer for monitoring ongoing customer activity such as account deposits and withdrawals, and the termination of the business relationship with the customer. In all instances of the relationship, the operator must consider whether the customer is engaging in money laundering.

Remember, making a report in a timely fashion is a defence.

What must gambling operators do to avoid money laundering?

All gambling operators must disclose, in the correct way, any instances where they know or suspect that another person is engaged in money laundering. This includes customers, other businesses or third parties.

Reports must be made to the National Crime Agency in the correct way by the correct nominated officer. If such reports are not made, it could be considered an offence on the part of both the employee and the officer.

A nominated officer is responsible for ensuring that any information regarding money laundering is properly disclosed to the NCA. Employees should report their suspicions to the nominated officer, who will then make the decision whether or not to report the suspicious activity. Operators must appoint a nominated officer.

How should staff be trained to Avoid Money Laundering?

Having employees who know and can spot the risks of money laundering is one of the most important and effective control systems gambling operators can have in place. Simply providing a policy for staff to read is not enough. Employees must be able to know how to identify unusual patterns of behaviour and spot suspicious transactions. 

Training should be based on the specific risks the employees and industry face, but at a minimum, VinciWorks recommends all employees undertake comprehensive money laundering training at least once a year, and more frequently for high risk staff.

What are the consequences of a breach?

Criminal sanctions and loss of licences can be debilitating for operators. But fines are increasingly levied by the Gambling Commission against operators who fail to have the correct policies and procedures in place. In 2020, online operator Betway was fined £11.6 million for various failures to adhere to correct money laundering procedures.

In one case, the operator failed to carry out any checks on the source of funds of a VIP customer who deposited over £8 million into their online account and lost half of it during a four year period. They also failed to carry out checks, including social responsibility interactions, on a customer who deposited and lost £187,000 in two days.

In total, the operator had allowed nearly £6 million to flow through the business which could be, or was suspected to be, the proceeds of crime.

The Gambling Commission stated these failings stemmed from inadequate anti-money laundering (AML) policies and processes, as well as inadequate senior-management oversight. This includes a failure to have a customer interaction policy in place until 2015, and no specific provision for VIP or high-value customers in place until 2017. The operator failed to conduct ongoing monitoring of its business relationship with customers, failed to apply enhanced customer due diligence, failed to keep records and supporting documents, failed to establish and maintain risk-sensitive policies relating to AML, and failed to have an AML risk assessment in place.

How VinciWorks can help

Screenshot of AML: Know Your Risk course
AML: Know Your Risk drops users into real life, immersive scenarios to test their knowledge, understanding and ability to uncover risks of money laundering hidden in everyday transactions. The course can be fully customised to match the requirements of staff working in the gambling industry.

VinciWorks has a range of money laundering training, sample policies and supporting guides available for those in the regulated sector. This includes a wide range of base and refresher money laundering training for staff at all risk levels, jurisdictions and locations. Our training is fully customisable, enabling operators to upload their own policies and procedures, as well as contact details for nominated officers and how to make a report. Our Omnitrack tool is a one-stop solution for tracking, tracing and collating suspicious reports, enabling nominated officers and other senior managers to quickly and easily spot trends, identify hotspots and red flags, and quickly enable staff to make detailed reports.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.