1. concludes with recommendations to remedy the current

1. Introduction
A recent investigation by the regulator (UK Gambling Commission) found a number of company deficiencies with regard to our operational procedures. This report details the findings of the regulator, the risks of non-compliance and concludes with recommendations to remedy the current situation.

2. Background
In the UK online gambling sector, licensed gambling operators need to ensure that their activity meets the Gambling Act 2005 requirements, the conditions of their license and license objectives, namely:

” (a)  preventing gambling from being a source of crime or disorder, being associated with crime or disorder or being used to support crime, 
(b)  ensuring that gambling is conducted in a fair and open way, and 
(c)  protecting children and other vulnerable persons from being harmed or
exploited by gambling.”
The Regulatory Report stated that the company has breached a condition of its operating license and therefore is at risk of having its license terminated.

3. Identified Issues
3.1 Problems with identifying and dealing with politically exposed persons (PEPs)
One of the issues, highlighted in the Report, is a problem with identifying and dealing with Politically Exposed Persons (PEPs). This problem of identifying PEPs arose as the company had not implemented clear procedures for determining whether a customer has PEP status. A guideline might be included in the procedures based on deployed definition according to FCA finalised guidance “FG 17/6 The treatment of politically exposed persons for anti-money laundering purposes” 2.16 (In accordance with Regulation 35(3)(a)). In addition, the Wolfsberg PEP Guidance (2017) (C.2) might be made clearer for the staff the definition of PEP.

Some Domestic PEP accounts were inappropriately classified as carrying normal levels of risk. The Fourth Anti-Money Laundering Directive requires companies to consider domestic PEPs as high-risk clients on par with foreign ones. In addition, Recommendation 12 of Financial Action Task Force (2017) identifies the need for companies to take into account the risk of domestic PEPs, as well as foreign officials.

There was a failure in conducting enhanced due diligence (EDD) and ongoing monitoring processes for foreign and domestic PEPs, which according to Regulation 14 of the Anti Money Laundering Regulations (2007), the company must apply to:  
“(4) A relevant person who proposes to have a business relationship or carry out an occasional transaction with a politically exposed person must—
(b)  take adequate measures to establish the source of wealth and source of funds which are involved in the proposed business relationship or occasional transaction; and 
(c)  where the business relationship is entered into, conduct enhanced ongoing monitoring of the relationship.”
Once a foreign PEP was identified there was a failure to escalate them to senior staff for relationship approval.  In the FATF Guidelines Politically Exposed Persons (Recommendations 12 and 22), section 81 states that senior management approval is required for establishing business relationship with foreign PEPs.

3.2 Staff understanding of ‘knowledge or suspicion’ in money laundering and company procedures in the event of suspicion
The staff were not aware of the definition of money laundering which constitutes an offence under sections 327, 328 or 329 of Proceeds of Crime Act 2002 (POCA) as well as failure to disclose according to the 330, 331 and 332 section of POCA. It’s states that in circumstances when an employee has knowledge, suspicion or reasonable grounds to know or suspect money laundering or terrorist financing, there is an obligation on the part of the employees to report to a ‘nominated officer’. Thus, concealment of knowledge or suspicion of offences is itself an offence. The UK approach is that any financial crime is reportable regardless of the amount, a so-called “all crimes” approach.  At this point, a SAS report must be filed and transferred to the nominated MLRO officer.

There was a failure in reporting suspicious activity to MLRO. The staff should clearly understand their direct responsibility to inform the MLRO of any relevant knowledge or suspicion of money laundering within the company, as a failure to report is an offence both for an employee and separately for the nominated officer. According to the FAFT 40 Recommendations, on the occasion of detection of suspicious activity the staff should file a suspicious activity report (SAR). The SAR reports have not been filed and the MLRO is not informed of events when they should be. In fact, there is a general misunderstanding among the staff of how a SAR should be reported to the MLRO.  Employees are mistaken in their knowledge that internal reports could be delivered orally to the MLRO. Otherwise, employees will not be able to defend themselves in cases where the MLRO has failed to report suspicious activity to the FIU. Internal reports must be made in written form, but this information is not clearly marked in the procedures.
As an example, let us take the case in which Paddy power failed to respond to suspicions of Money Laundering activity. According to a 2016 statement from the UK Gambling Commission, this case involved a regular customer who was using gaming machines in a Paddy Power shop to launder Scottish bank notes. Despite the shop manager warning senior staff on at least 4 occasions of suspicious activity, he was overruled each time and the MLRO was not informed. Only when police informed the company of the circulation of Scottish notes was the matter escalated and the customer barred – 6 months after suspicions were raised. The company now accepts that the response by senior staff was incorrect and concerns should have been passed on to the MLRO. A financial penalty of £280,000 was paid by Paddy Power, plus £27,250 to cover the Commissions investigations.   

In this particular case, there was a failure to follow procedures in the case of detecting ‘suspicion’. The employee had a clear understanding about suspicion and reported it several times to the senior staff. In this case, the SAR report should have been filed and referred straight to the MLRO as the suspicion of the junior staff was clear. The junior staff member would have been liable for prosecution under POCA section 330 (failure to disclose: regulated sector) if not for the lack of adequate training – one of the three situations that results an exemption from persecution. 

3.3 Anti-Money Laundering (AML) training and impact of AML budget cuts
The training provided for the staff is unclear. In turn, this is the underlying cause of why the staff have insufficient knowledge to identify money laundering activity. The reliance on the use of short online videos without assignments constitutes a failure to properly train staff. The Money Laundering Regulations (2007) require that all ‘relevant’ employees should be aware of the laws relating to money laundering and terrorist financing. Thus, employers will breach these regulations if they fail to provide appropriate training to the staff.

As a consequence of insufficient funds being invested in training, there has been an overall drop in the level of staff professionalism. The result was that there have been significant failures at the company, as already discussed throughout this report. For the same reason, the company has been unable to employ third parties, such as those that assist with the identification of PEPs or provide sanction list screening services. These companies would help to provide better identification of PEPs during the initial stages of CDD.

A statement of the UK Gambling commission on Petfre (Gibraltar) Ltd t/a betfred.com gambling operator shows an example of a breach of the Money Laundering Regulations (2007). They failed to recognise suspicious activities on occasions where under reasonable circumstances they should have been detected. According to the statement document, an individual was arrested on suspicion of theft of £800,000 from his employer. It appeared that he spent a significant amount of the proceeds of crime on online gambling in Betfred. The customer was a remote gambler and spent a large amount of money within the company. Also, the customer provided bank statements with irregular deposits, which could have been considered as one more trigger to investigate the case more deeply, but no actions were followed by Betfred.
 
One of the failures was that Betfred didn’t meet the requirements of the Money Laundering Regulations (2007), Regulation 7 (3), that states “… determine the extent of customer due diligence measures on a risk-sensitive basis depending on the type of customer, business relationship, product or transaction”. The staff failed to recognise that the customer was at a high risk of money laundering and didn’t request any appropriate documentation in order to prove the customer’s income. Conclusions were reached in an informal way and no evidence was provided to the Gambling Commission.

4. Risks
The most critical of these risks are:

The risk of failure to deal with PEPs can involve similar consequences as the risk of handling the proceeds of bribery and corruption.
Due to the inherent risks associated with the gaming sector, banks are reluctant to invest in gaming companies. Failures to comply with regulatory requirements could be damaging to our current and future relationships with the financial services sector.
By not complying with the requirements of operating in the UK jurisdiction, we are in danger of losing our license. As this current market makes up 25% of our profits, this would have a significant impact on the health of our business. It would also make it harder for the company to expand into new markets – a crucial aspect of our business plan for the next five years. 
The company could receive large penalties. For example: the biggest penalty in the gambling sector was received by 888 betting company. The company was obliged to pay £7.8 million for failures to self-exclude and in identifying problem gambling behaviour. Due to a technical failure, more than 7000 customers could access their accounts in-spite of the fact that they self-excluded themselves. Overall the self-excluded customers deposited £3.5 million.
Even though currently there are few landmark examples of PEPs caught abusing the gambling system, they should always be considered as high-risk customers and treated in an appropriate way. 
The risks of failure in identifying and reporting suspicious activity could cause damage to the company’s future, for an employee’s career, as well as to the jurisdiction in which they are working.
A damaged reputation will attract significant attention from the main-stream media and we would lose the custom of customers who may no longer be willing to engage with us.

5. Proposals
5.1 Proposals to identifying and deal with PEPs
The following measures can be appropriate for identifying and assessing the risk posed by a PEP:

To prescribe in the internal procedures with a clear definition regarding who should be considered as a PEP according to the FATF and the European Union Fourth Anti-Money Laundering Directive (2017) standards. Also, provide a clear guideline about risk levels of domestic PEPs.
PEP screening should be applied as a part of an onboarding process. When there is a trigger event a customer due diligence review should take place.
To employ an external service provider with PEP databases, such as GBG, that will perform screening of new and long-term customers and send straightforward alerts, when the customer fails PEP and sanction checks. 
Improve enhanced due diligence by providing more intensive monitoring and more frequent reviews for high-risk customers.
Design and provide appropriate training on a regular basis for the employee’s involved in PEP alert handling.

5.2 Proposals to improve staff understanding of ‘knowledge or suspicion’ in money laundering and refine company procedures in the event of suspicion
In order to improve the situation in which employees recognise and report circumstances: where they know, suspect or where there are reasonable grounds for knowledge or suspicion that their products are being used for the purposes of money laundering or terrorist financing, the following steps can be made:
 

Contract an external specialist company to overhaul our local training program. In particular, to clarify what qualifies as ‘knowledge or suspicion’ of money laundering according to the criminal law. The staff should be made aware of the criminal offence and potential consequences resulting from not reporting suspicious activity. 
Increase employees’ awareness of the knowledge of Money Laundering red flags.
The introduction of objective and subjective tests should be included in the training program, to help employees recognise and report their suspicions.
Training must be provided to staff on a regular basis and include the information on how to recognise and deal with suspicious activities relating to money laundering or terrorist financing.

5.3 Proposal to improve (AML) training and justification for budget increase.
To improve the situation it is necessary for staff to be trained to identify and manage high-risk relationships and money laundering activity. In addition, it should be clear that the escalation of issues to the management should take place where appropriate.

Examples of cases in which it is appropriate to file a SAR could be provided to the employees.

Given that we risk a multi-million pound fine due to the low quality of our staff training, a timely investment in our staff is needed. To deliver this change, action on two timescales is required.

Immediate 1-2 day workshops for our staff (costing around £100 per person per day).
Retraining of the appropriate member(s) of the human resources department to allow the training program to be reformed (roughly £1000 per person).  

6. Summary
This report has provided the background to a number of findings recently detailed by the regulator. The associated risks of not taking action to rectify these points has been outlined and a range of proposals suggested. It is important that the company recognises it’s failures and shows the commitment to amend policies and procedures according to its AML controls. The costs of such measures are not expected to be prohibitory and will result in a positive culture change at the company.