On 23 February 2023, the UK Gambling Commission (the “Commission”) announced that enforcement action against Blue Star Planet Limited (“Blue Star”), trading as 10Bet, concluded in the payment of a £620,000 regulatory settlement by the operator.
Following a compliance assessment in June 2021 (the “Assessment”), the Commission commenced a licence review of Blue Star which found that between November 2019 and June 2021 there were failings in Blue Star’s anti-money laundering and social responsibility procedures and its reporting arrangements.
Blue Star’s key failings consisted of the following:
- AML: Breach of paragraph 1 licence condition (“LC”) 12.1.1 –
- Licensees are required to conduct an assessment of the money laundering and terrorist financing risks facing their business, which must be reviewed in the event of any changes of circumstances (for example, the introduction of new products or technology) and in any event at least annually.
- Blue Star accepted that at the time of the Assessment its risk assessment was inadequate and did not explicitly acknowledge:
- certain high-risk factors which require enhanced customer due diligence to be carried out (under Regulation 33 of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017); and
- certain risks relating to categories of high-risk customer (set out in paragraph 2.22 of the Commission’s AML guidance).
- AML: Breach of paragraphs 2 and 3 of LC 12.1.1 –
- Licensees must also have appropriate AML policies, procedures and controls in place (paragraph 2) and ensure that those policies, procedures and controls are implemented effectively, kept under review and take into account guidelines published by the Commission (paragraph 3).
- Blue Star accepted that at the time of the Assessment financial limits were set too high for the application of automatic controls and the conduct of risk profiling, and as a result, such limits were not effective in controlling high velocity spend.
- It also accepted that in certain instances source of funds evidence should have been requested earlier and some customers who received an interaction should have been restricted from further play due to the risks that were presented.
- AML: Breach of paragraph 1 of LC 12.1.2 –
- Licensees are required to comply with Parts 2 and 3 of the Money Laundering Regulations 2007 (UK Statutory Instrument No. 2157 of 2007) as amended by the Money Laundering (Amendment) Regulations 2007 (UK Statutory Instrument No. 3299 of 2007).
- Blue Star accepted that it was in breach of this condition as a result of the failings identified above.
- Licensed status: Breach of LC 8.1.1 –
- On every screen which customers can access gambling facilities, licensees must display a statement that contains: (i) confirmation that they are licensed and regulated by the Commission; (ii) their account number; and (iii) a link to their licensed status as noted on the Commission’s website if they offer remote gambling to customers. This information must be displayed according to the Commission’s technical standards relevant to the operator’s facilities.
- Blue Star accepted that at the time of the Assessment a necessary link on its website did not work, but once identified it was immediately corrected.
Customer interaction: Failure to comply with SRCP 3.4.1 –
- Paragraphs 1b and 1c and 2 of SRCP 3.4.1 (applicable at the time) require licensees to interact with customers who may be at risk of experiencing gambling related harms and understand the impact of the interaction of the customer, and the effectiveness of the licensee’s approach. Paragraph 2 requires licensees to take into account the Commission’s guidance on customer interaction.
- Blue Star accepted that these provisions had been breached as:
- the financial alerts in place had not been set up with proper consideration for average discretionary income data and failed to identity at risk customers at the earliest opportunity;
- it had not implemented high-velocity risk alerts which meant some customers had been able to gamble at high velocity without real-time intervention;
- it had not acted quickly enough to identify and interact with customers reviewed during the Assessment despite their potentially problematic behaviour;
- it did not employ dedicated compliance staff to monitor the triggering of safer gambling alerts overnight. This meant that some customers had been able to trigger multiple alerts without a risk assessment or interaction occurring in real time and were only manually reviewed the following day; and
- it could have better evidenced its evaluation of the effectiveness of customer interactions.
The regulatory settlement reached between Blue Star and the Commission consists of:
- a payment of £620,000 in lieu of a financial penalty;
- a payment of £3,571.25 towards the Commission’s investigative costs; and
- agreement to the publication of the statement of facts relating to the case.
In determining the appropriate outcome, the Commission considered the following aggravating factors:
- the serious nature of the breaches and the impact on the licensing objectives;
- the need to encourage compliance among other operators;
- the Commission’s prior publication of lessons to be learned in the wider industry, which included comments on breaches like those Blue Star accepted;
- given the nature of the breaches, there was a possibility that some affected customers were not included in the Commission’s review; and
- the Commission’s determination that Blue Star’s senior management should have been aware of the governance issues that led to the breaches.
Bluestar had however taken steps to remedy the breaches, recognised its failings early on and been cooperative throughout the investigation, which were recognised to be mitigating factors.
The Commission’s public statement reinforces its desire for operators to reflect on lessons learnt and take proactive steps to evaluate their practices.
In the context of the enforcement action against Bluestar, the Commission sets out a list of questions which operators should consider and use to inform good practice.
Noteworthy points include:
- Operators are expected to have out of hours arrangements in place.
- Operators are expected to have formal processes in place to measure the effectiveness of their anti-money laundering and safer gambling policies and ensure that their findings are adequately recorded.
- Operators are expected to log the types of behaviour which have triggered a customer interaction and keep sufficiently detailed records of interactions, as well as decisions not to interact.
Operators should consider these points, as well as good practice points arising out of other enforcement action on an ongoing basis.