Common market: how similar regulatory failings are colouring UK legislation

The shocking details revealed by the Gambling Commission’s (UKGC) investigation into the failings of PT Entertainment Services (PTES) published on 27 May 2020 has no doubt shocked many people throughout the industry. The investigation, which started in March 2019 after a complaint to the UKGC from the family of a 25-year-old man who tragically took his own life after holding an account in their online casino for four months prior to his death, identified “the common regulatory vulnerabilities” that keep appearing in UKGC enforcement actions, and have been doing so since 2018 and earlier.

So, what are these “common regulatory vulnerabilities” that seem to be blighting the gambling industry, and have appeared in so many of the recent enforcements that have lead to huge fines and losses of licences, impacting market giants such as Caesars Entertainment, Mr Green, Ladbrokes Coral and Daub Alderney?

Risk assessment in relation to money laundering and terrorist financing

Failing to complete an adequate risk assessment in relation to money laundering and terrorist financing as required by Licence Condition 12.1.1. All the operators named above and many more, at least 10 since 2018, have faced enforcement action, with this failing being a contributing factor.

The investigation into PTES found that although they had carried out an assessment of risk, they did not have in place a formal risk assessment which identified risk and appropriate mitigation. They therefore did not have in place appropriate policies, procedures and controls to prevent money laundering and terrorist financing leading from a formal risk assessment. Lastly, they had not reviewed and revised such policies and procedures as appropriate and so were found in breach of Licence Condition 12.1.1.

Only two months before, in March 2020, Betway were fined £11.6m in an enforcement action that also included the failure to conduct an appropriate risk assessment of money laundering and terrorist financing, covering risks such as the introduction of new products or technology, new deposit methods, changes in the customer demographic or any other material changes. The UKGC went on to mention that these risk assessments should be completed at least annually and following the completion of such review and revise appropriate policies, procedures and controls to prevent money laundering and terrorist financing.

The UKGC does not stipulate in Licence Condition 12.1.1 how the risk assessment should be completed or offer guidance on this. It merely states that “such risk assessment must be appropriate and must be reviewed as necessary in the light of any changes of circumstances”.  Many operators, such as PTES, are attempting to conduct these risk assessments and still facing enforcement action as the UKGC does not find them ‘appropriate’.

Considering the size of the fines being given to operators for enforcements that include this failing, it must be prudent of operators to consider whether engaging external consultants, with a proven methodology for these risk assessments, may be the most appropriate way to manage this risk.

Ongoing investigations into personal management licence (PML) holders

The second “common regulatory vulnerability” is the ongoing trend by the UKGC to continue its investigation into PML holders once the enforcement action into the operator has been completed and a notice posted publicly. In the case of PTES, the UKGC notices states that it “is continuing to investigate the role played by key individuals at PTES who still hold personal licences and will take any appropriate action following completion of further investigations”.

Earlier the same month, in an enforcement action notice against FSB Technology (UK), the UKGC stated “senior personal management licence (PML) holders within FSB at the time of the failings failed to provide sufficient and effective oversight of the licensed activities” and added later in the notice that “the Commission is still reviewing the actions of personal management licence holders involved in this case”.

Back in September 2019, in the Silverbond Enterprises enforcement by the UKGC in relation to AML failures at the land-based Park Lane Club casino, the UKGC reviewed two PML holders who both received formal warnings for the roles they played in the operator’s failing. There have been many other PML enforcement actions prior to that leading to formal warnings or licence revocations.

This continued direction by the UKGC has to be disconcerting at the least for current PML holders. This seems to be the course that the UKGC is taking, with almost all recent enforcement actions having this noted in the enforcement notices.

It would not be surprising if this potential burden on PML holders is causing angst in the industry and potentially making recruiting suitable PML holders more difficult. Do all PML holders fully understand the gravity of being a PML holder and the personal liability that being in that position brings? The recent enforcement actions, seemingly pointing towards PML holders personal failings suggests that the answer to this may be ‘no’.

While information is readily available on who should be and how to apply for a PML, the risk associated with this and the extent of the responsibilities that holding a PML brings, is not often fully appreciated. A formal warning or even licence revocation against a PML will go on a publicly available sanctions register accessible via the UKGC website. This will have serious implications when it comes to the PML holder’s future employment and ability to hold a similar role.

Maybe operators should consider providing access to independent resources for potential PML holders to access the critical information that they need to fully understand what personal liability they will be taking on, in an effort to reduce the risk of enforcement action?

Andrew Tait has over 20 years’ specialist expertise in betting and gaming, regulation and compliance including 10 years as general counsel and chief compliance officer at Mansion Group.

Michelle Walsh is the head of compliance, risk and regtech for Ince Gibraltar and is also the GFSC approved MLRO in Gibraltar. She has extensive financial services experience, including banking, FX, e-money and emerging technologies.