With the introduction of 4MLD, particular implications apply to the gambling and gaming sectors. Here Andrew Tait, Partner at Gordon Dadds, discusses these considerations with Lawyer Monthly, delving into the top priorities for gambling institutions in remaining compliant.
The new MLRs which replace the previous 2007 regulations came into force on 26th June 2017, transposing the EU’s Money Laundering Directive 2015 (4AMLD) into UK law. The 4AMLD was enacted a result of the Financial Action Task Force’s (FATF) 2012 global recommendations into improving standards on the prevention of money laundering and terrorist financing.
Whilst the 4AMLD lays down certain mandatory requirements, member states were given some discretion to implement certain measures dependent on their own national assessment of risk. The 4AMLD extended the regulated sector to all gambling services subject to each member state having the ability to exempt gambling sectors assessed as being low risk. The Gambling Commission’s own AML risk assessment as at 31st October 2016 determined that all forms of betting and remote bingo were high risk, in addition to all forms of casino gaming.
Nevertheless as part of the wider national risk assessment undertaken by HM Treasury (covering all the 8 regulated businesses, including legal professionals), only casinos were assessed as high risk. Therefore status quo was retained in the 2017 regulations with both remote and non-remote casinos being subject to the new regulations.
However if holders of remote casino licenses operate a single wallet across different sectors, those other sectors are brought within the scope of the 2017 Regulations.
Main Changes Immediately Applicable to Casinos
Regulation 18 prescribes the requirements for casinos to carry out a risk assessment based on customer base, geographical reach, transactions, products and delivery channels. This risk assessment will form the basis of casinos’ AML policies, controls and procedures, which must be regularly reviewed and updated in line with changes in the risk landscape. The risk assessment needs to be documented and available for inspection. Under the former 2007 Regulations the requirement was to establish and maintain risk assessed policies and procedures.
There is much more onus on internal supervision and control in the MLRs in that responsibility for compliance with the regulations must rest with someone at board or senior management level, who amongst other things needs to ensure that there is an independent audit function to assess the adequacy and effectiveness of AML controls. There is also a new requirement for relevant employees involved in the AML flow to be regularly screened from an integrity and capability perspective. The regulations also now specifically require that the nominated officer (MLRO) is an internal appointment from within the licensed company.
The requirement relating to undertaking enhanced due diligence of Politically Exposes Persons (PEPs) has also been extended to include domestic PEPs.
Where casinos are part of a UK based group of companies there are additional new obligations for the parent company to ensure that its policies, controls and procedures apply to all subsidiaries and branches outside of the UK. These must have regard to the national legislation of relevant EEA states. Where subsidiaries and branches are established outside the EEA (where the AML laws are not as strict as the UK), the parent company must ensure that the subsidiaries and branches apply controls and measures equivalent to those required by the MLRs.
Implications for the Whole Gambling Industry
As intimated above, one of the biggest surprises for the UK gambling industry was that the fact that the MLRs retained the status quo and still only applied to casinos. This is contrary to not only the Gambling Commission’s own risk assessment but the EU Commission’s own guidance. In addition the stance taken by the majority of other EU states such as Germany, Belgium and Sweden, who have completed their national risk assessments, is that all gambling sectors except lotteries and sometimes bingo have been assessed as high risk and brought within national regulations.
The reason for HM Treasury’s approach was largely due to the fact that all forms of gambling are already subject to strict AML controls under the Commission’s own Licensing Conditions and Codes of Practice (LCCP). All licensed operators have (since 31st October 2016) been required under LCCP to carry out AML risk assessments and conduct customer due diligence using a risk based approach. It is also a requirement for all operators’ AML risk assessments to be reviewed along with their AML policies and procedures on at least an annual basis.
The Commission has in the past 4 years taken enforcement action against operators with AML failings on no less than 9 occasions, imposing settlements in lieu of financial sanctions, in the region of £1M in some cases. Under the Commission’s new enforcement strategy effective from July 2017, financial penalties will be increased for operators who continue to exhibit the same failings as those previously published. Operators and personal license holders may also see their licenses suspended or revoked in the most serious cases.
The Commission has recently confirmed that most operator AML risk assessments, reviewed to date, have been inadequate and have announced a thematic review of AML controls applied by operators during Q2 2017, in time for the FATF’s inspection of the UK in 2018.
Under the MLRs HM Treasury will have to carry out another risk assessment across the regulated businesses before 26th June 2018, in order to review areas of lower or higher risk. This will no doubt factor in the Commission’s thematic review and general assessment of all AML controls across all sectors. Therefore it may only take a few instances of evidenced money laundering activity, or inadequate risk assessments and AML controls in the betting or other sectors for the remit of the Regulations to be extended to the wider industry.