I wrote in June about an increased regulatory focus on AML within the gambling industry. This included reference to requirements set out within the GB Gambling Commission’s licensing regime that entail the preparation of money laundering risk assessments (MLRA) by all gambling operators.
This new condition mirrors an existing obligation for casinos to develop such assessments – required by the Money Laundering Regulations and recognised internationally as a fundamental component of successful AML capability.
During my time within the Gambling Commission, and since then, delivering AML training, I have found that no issues cause more confusion and uncertainty than the nature and development of operator ML risk assessments. Whilst this short piece won’t provide a comprehensive explanation, it can serve to de-mystify some of the elements.
There are many different approaches recognised in the development of MLRAs using qualitative and quantitative data; analysing root cause or embarking on risk journeys; asking why again and again; or using a fishbone styled approach to tease out the key issues. They all have their value. I won’t, however, attempt to single out, or describe any particular methodology, but instead consider three essential elements of any approach.
Individual MLRAs are always prepared in a particular context. This is summarised in the first section, before consideration of the nature of the risks and finally, the controls intended to mitigate them.
Perhaps the greatest challenge is simply knowing where to start in developing a MLRA. There are, however, resources available that can help. In October last year HM Treasury published the first national risk assessment of money laundering and terrorist financing. This contains sections focused on online and land based casinos and the betting sector, helpfully identifying key threats together with some of the steps being taken by the industry to mitigate them. The US has similarly developed a national risk assessment with a chapter devoted to casinos. Trade Associations such as the UK Association of British Bookmakers, the National Casino Forum, and Remote Gambling Association continue to work with operators to develop and share understanding and good practice.
The GB Gambling Commission can help here as well. A number of high profile cases in which operators were sanctioned for AML failures are set out on the Commission’s website. The detail contained in the case studies provides opportunity to learn from the experience of others – both in terms of the risks encountered, and the nature of the controls required (and at times absent) to mitigate them.
Resources are available then to assist a firm in developing an MLRA. The assessment is prepared in the context of these external drivers but also, vitally, in light of a number of internal factors. Methodologies used to assess other regulatory, commercial and operational risks may set the tone and approach for the MLRA alongside a clear understanding of the firm’s risk appetite. The unique operating model, customer base, marketing channels and product portfolio demand an approach to developing the MLRA that is tailored to these particular characteristics. Whilst it may be attractive to develop a MLRA that can be used by all operators within, for instance, a particular sector, this one-size fits all approach makes no consideration for the unique nature of each business and is unlikely to accurately reflect the particular risks encountered, and the required controls to mitigate them.
The identification and evaluation of money laundering risks is at the heart of any MLRA. There are many ways of doing this, and some are mentioned above. Whatever approach is taken, it is likely to involve at least four key areas: customer; product; jurisdictional; and means of payment.
Risks associated with the type of customers with whom an operator has potential to do business can fall into a number of areas such as:
- politically exposed persons
- high rollers
- customer whose spend isn’t consistent with their wealth or income, and
- improper use of third parties.
All gambling products have the potential to be exploited by money launderers, but some have more potential than others. For instance, peer to peer gambling, where the parties are known to each other, presents particular risks. Products that allow a customer to bet against all possible outcomes of an event can be misused, and fixed odds betting terminals and other electronic forms of payment have the potential to be loaded before cashing out – a recognised form of money laundering. Understanding the nature and vulnerabilities of individual products is vital.
Individuals can potentially gamble online from anywhere in the world including some jurisdictions that entail particular risks of money laundering or terrorist financing. Some customers at land based operators may be linked to parts of the world that again give rise to particular concerns. It’s necessary to identify which countries a customer may be associated with, and to have a suitable tools to assess the level of risk these present.
The means by which gambling transactions are paid for is increasingly diverse, reflecting the proliferation in the different means of payment that are increasingly available. The use of prepaid cards, online payment systems such as Skrill and Neteller compliment more traditional forms of payment such as debit cards. The use of cash continues to dominate much of the industry – presenting particular vulnerabilities to laundering.
Whilst it is necessary to identify and address key areas such as customer, product, geography and means of payment separately for the purpose of building a MLRA, the practical threat of money laundering will most likely entail a combination of the factors – for instance a particular type of customer using a certain product, and paying with cash.
Controls such as customer due diligence (CDD), staff training and suspicion reporting are of course mandated for some operators - regardless of the level and nature of any risks presented. A clear understanding and recognition of the laundering risks the business is exposed to will ensure that these controls are focused on, and calibrated to the right issues.
Some businesses focus their controls on limiting either the impact or the likelihood of laundering taking place - or both. The former would entail for instance, introducing restrictions to play, or limiting the number of transactions in certain circumstances. On the other hand controls aimed at reducing the likelihood of laundering may include customer screening, seeking consent for certain transactions and staff training.
Another way of framing controls considers the necessary steps to identify possible laundering, together with actions required when concerns are detected. For example, ‘red flags’ or trip wires that are built into the operation of a business can be an effective way of identifying potential laundering. This is just the first stage in the process and the controls aren’t effective unless this triggers appropriate response – very often involving some kind of human intervention to investigate and either resolve the concerns, or escalate them for a decision about the continued relationship.
The research and analysis required to develop an effective MLRA is significant. Introducing or updating required controls can be expensive and time consuming. The cost of failure, however, can far exceed even this – whether through legal or regulatory sanction, reputational loss or ethical failure.
Given constant technological advances, the fluid nature of the industry and the ever evolving threat of money laundering, the MLRA can’t be treated as a static, once-and-for-all product. Instead, it needs to be updated in light of operational and industry developments and refreshed, normally on an annual basis.
There are resources available to do this, and some are mentioned above. Perhaps most vitally, each business needs to have appropriately trained staff to develop and implement the MLRA, at a senior level to provide oversight, and at the front line to deliver against it.
Click here to find out more about Betting, Gaming and Money Laundering Risks
To stay updated on the latest developments in governance,risk and compliance, anti money laundering and financial crime prevention, please follow us on either LinkedIn, Facebook and Twitter where you are guaranteed to be notified when our next blog post goes live!