The UK regulator the Gambling Commission has published some enhanced provisions relating to AML and crime prevention. The revised licensing conditions and codes of practice (“LCCP”) are to be implemented in the Autumn. The consultation of last year which preceded these changes was against a backdrop of several high profile settlements with operators which had for the period reviewed apparently failed in the standards required of them.
However the fact that the LCCP needed augmenting would suggest that those standards were not clear especially for those operators in the industry which do not currently fall under the Third Money Laundering Directive. There is also the added complication that there will be some cases where pre 2014, a large number of remote operators were not required to adhere to the LCCP as they did not need to hold a UK licence at that time.
In broad terms operators are now expected to track customers and their gambling habits to ensure that there they do not inadvertently handle proceeds of crime. The other by-product of this scrutiny is an assumed obligation to use the data to assess signs of problem gambling (although the way in which the press statements of the various settlements are worded would suggest that operators would be well advised to proceed on the basis that all large spenders are potential problem gamblers).
The difficulty is that in a number of retail or track environments wagering still tends to be cash based and anonymised. Therefore if one makes a base assumption that only a small proportion of those customers will have an issue in relation to proving they have the wherewithal to gamble and the rest not, there will still be understandable reluctance to provide large amounts of sensitive data. In short customers will need time to be re-educated too.
Holding more customer data rather than less presents its own challenges. Assuming that the technology tools can be developed to profile and risk assess customers what rights will they have to see the data and how will that impact upon behaviours? The likely reaction in relation to a customer learning that he or she is high risk is to go to another operator’s premises or close an account. Not only may this impede criminal investigations, but also may cover the tracks of someone who has a gambling problem.
The more data that is held and shared with the regulators and between operators (assuming the relevant consents are sought) the greater cyber security risks exist. With the General Data Protection Regulations being implemented within 2 years, the cost of non-compliance (4% of annual worldwide turnover) is too high to ignore.
The compliance function within gambling operators needs to become as important a cornerstone for the business as for the financial services sector. However, with that the days of the regulatory “confession and absolution” are well and truly over, which may also prove disruptive to a co-existence which by its very nature requires an element of pragmatism.