The European Union’s Fourth Anti-Money Laundering Directive (4MLD) came into force in June 2015, allowing Member States two years to transpose the legislation into national law. The UK did so by way of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs 2017), which came into force on 26 June 2017. 4MLD has a wide reach and brings about a number of significant changes for the gambling sector. The overriding aim is to enhance a risk-based approach to anti-money laundering and counter-terrorist financing (AML/CTF) at all levels.
An important distinction to note is that the application of 4MLD, and the application of the MLRs 2017 differ greatly with regards to gambling providers.
4MLD goes beyond its predecessor by bringing all providers of gambling services, whether carried out in a physical location (non-remote), or via forms of remote communication, such as internet and TV (remote), within its remit. Previously, only casinos were covered. However, 4MLD contains a provision allowing Member States to exempt all or parts of their gambling industry from the scope of the Regulations if they are proven to be low risk. The UK exercised this option, and as a result the MLRs 2017 currently apply only to casinos (non-remote and remote). Non-remote casinos are covered by the MLRs 2017 where at least one piece of remote gambling equipment is based in Great Britain, or the services provided by the casino are used here. This means that large numbers of other gambling providers, such as betting shops and bingo halls, are not covered by the MLRs 2017.
Part of the rationale behind the decision to maintain the status quo was the robust legislative framework already in place. All gambling providers are regulated by the Gambling Commission, and must comply with their obligations under the Proceeds of Crime Act 2002 and the Gambling Act 2005.
Furthermore, a fundamental regulation under 4MLD has already been an obligation for gambling providers since October 2016. 4MLD requires all obliged entities (‘relevant persons’ under the MLRs 2017) to carry out an AML/CTF risk assessment, and ensure they have adequate procedures in place to guard against the risks identified. For gambling providers, this requirement was introduced prior to the implementation of the MLRs 2017, when the Licence Conditions and Codes of Practice (LCCPs) were amended.
Despite the MLRs 2017 currently applying only to casinos, it remains imperative that all providers ensure they operate to high compliance standards. The Government has announced it will conduct an assessment before 26 June 2018, to consider whether gambling services should continue to be excluded from the regulations. Should the level of risk posed by the industry increase, it remains open to the Government to bring the whole sector under the remit of the MLRs 2017.
For those covered by the MLRs 2017, or 4MLD by way of domestic legislation in other Member States, there are several key changes to be aware of.
Customer due diligence (CDD)
CDD must be applied at the point of entering a business relationship, or where a provider becomes aware that the circumstances of an existing customer, relevant to their risk assessment, have changed. CDD measures must also be applied to any transactions that amount to €2,000 or more, whether the transaction is executed in a single operation or multiple operations that appear to be linked. This must be carried out not only at the point of collecting winnings, but also at the point of wagering a stake.
Simplified Due Diligence (SDD) and Enhanced Due Diligence (EDD)
4MLD removes the list of scenarios in which SDD can automatically be used. Instead, SDD can only be applied when a relevant person has assessed the relationship or transaction to be low-risk.
EDD must be applied when a relevant person has identified a high risk of money laundering or terrorist financing. Further to this, there are a number of stipulated scenarios in which EDD must be applied, including when a relationship or transaction is with a person established in a high risk third country, or where a transaction appears unusually large or complex.
Politically Exposed Persons (PEPs)
The definition of a PEP has been extended to cover domestic individuals (and/or their families and close associates), where previously it was confined to foreign individuals. As a result, providers may need to reconsider individuals with whom they have pre-existing business relationships, and have procedures in place to identify PEPs at the point of entering into a business relationship.
4MLD stipulates that an individual in the relevant person’s firm must be appointed as a nominated officer. As it has often been common practice for small-scale gambling providers to outsource such a role to a third party, providers must be aware that this is no longer permitted.
Reliance on Third Parties
Relevant persons may outsource services, however they retain the ultimate responsibility for meeting their AML/CTF obligations. Therefore it is vital that providers are confident in third party providers’ ability to meet compliance standards, particularly when carrying out tasks such as CDD.
There is a clear emphasis on holding relevant persons accountable should they fall short in their compliance obligations. The Gambling Commission has demonstrated they will take action against those who are non-compliant. At the start of July, the Commission unveiled a new enforcement strategy, which creates higher penalties for breaches, especially when systematic or repeated. Casino operators should also note that the MLRs 2017 create a new provision, which holds individuals accountable should they knowingly or recklessly make a false or misleading statement, whilst in purported compliance with the investigation and/or enforcement provisions.
Gambling providers, whether subject to the MLRs 2017 or not, must be alert to the potential risks posed to them. Providers must know their customers, and assess the level of monitoring necessary to combat the risks associated. The key change 4MLD brings is that a risk-based approach must be at the heart of all AML/CTF practice and procedure. Gambling providers must be aware of the high compliance standards expected of them, and the potential civil or criminal sanctions they could face for non-compliance.
This article was originally published in Compliance Briefing and can be found here.