Camelot fined £3.15million for Third National Lottery Licence breaches

Today, 22 March 2022, the Gambling Commission has announced that it has fined Camelot UK Lotteries Limited (‘Camelot’), holder of the Third National Lottery Licence and current operator of the UK’s National Lottery, £3.15million for breaches of licence conditions, linked in each case to Camelot’s National Lottery mobile application.

It’s not been a good week for Camelot, today’s announcement coming just seven days after the Commission named:

Due to the historic nature of the breaches (coupled with the Commission’s confirmation that Camelot had not attempted to conceal the breaches), it would appear that a deliberate decision was taken by the regulator not to make today’s announcement until after the outcome of the 4NLC had been made public.

Today’s announcement reads as follows:

National Lottery operator to pay £3.15m fine

The Gambling Commission has imposed a financial penalty on Camelot UK Limited for failures linked to its mobile app.

All £3.15m of the fine will be paid by the current National Lottery operator to good causes following a Commission investigation into three failures which negatively impacted consumers.

The first failure related to the National Lottery mobile app informing up to 20,000 players that their winning draw-based ticket was a non-winner when they scanned the ticket with the device’s QR scanner between November 2016 to September 2020.

The second failure involved 22,210 players who purchased a single draw-based ticket through the app being charged for and receiving two tickets. All of those players have been identified and either refunded for the duplicated wager or where duplicate wagers were winners, these were honoured as such on a duplicate basis.

The third failure related to the app sending out marketing messages to app users who had either self-excluded through Gamstop or had been identified by Camelot as showing signs of gambling harm. While marketing messages were sent out, none of the 65,400 players were subsequently permitted by the app to purchase a National Lottery product.

Details of the failures are published in the Commission’s Decision Notice.

Andrew Rhodes, Gambling Commission Chief Executive, said:

“We are reassured that Camelot has taken steps to make sure that their National Lottery app is fit for purpose. However we must caution Camelot that any failings on their duties will be met with consequences. Today’s announcement reinforces that any operator failing to comply with their licence requirements will be investigated by the Commission and we will not hesitate to issue fines if requirements are breached.”

The Commission’s Decision Notice reads as follows:

Camelot UK Lotteries Limited Decision Notice

Gambling Commission investigation in respect of Camelot UK Lotteries Limited – failing to comply with licence requirements under the National Lottery etc. Act 1993 (as amended) (the Act).

The Gambling Commission (“the Commission”) notified Camelot UK Lotteries Limited (“the Licensee”) on 23 March 2021 that it was conducting an investigation into three incidents (collectively, “the Issues”). Following conclusion of the investigation by Officials, and after consideration by The Commission’s National Lottery Committee (“the Committee”) it was concluded that the following breaches had occurred:

  • breach of conditions 5.1, 5.13G(c)(ii), 7.42 (a), and 14.7(a) (relating to QR Scanner)
  • breach of conditions 5.1, and 14.7(a) (in relation to Push notifications)
  • breach of conditions 5.1, 5.13G(c)(iv) and 14.7(a) (in relation to Duplicate wagers).

In considering what sanction (if any) was appropriate in respect of the breaches found, the Committee considered:

  • outcomes for the National Lottery – the Committee agreed that the breaches had placed the statutory objectives at risk and considered that the potential impact on the reputation of the National Lottery could be significant. The Committee noted the representations made with regards to notification of issues, corrective action, and reparations to players
  • outcomes for the players involved – the Committee agreed that there was evidence to show that players had been disadvantaged, misled and/or treated unfairly as a result of the breaches. In respect of the duplicate wagers, Committee noted the restorative measures taken
  • outcomes for Good Causes – the Committee agreed that there was no evidence of any impact on the return to good causes
  • operator’s financial gain from non-compliance – the Committee agreed that there was no evidence of any financial gain to the operator from non-compliance
  • operator’s governance and controls – the Committee agreed there had been recurrence of issues, and evidence of similar matters or root cause problems in the past, and of issues in effectiveness in managing contractors. There was no evidence of reckless or negligent behaviour presented and nor was there any attempt to conceal.

The Committee concluded that an appropriate response to the breaches of conditions, having regard to section 10A(2) of the Act, the former Director General of the National Lottery’s publication Financial Penalties: Principles and Procedures (2 September 2016) and the Commission’s Enforcement Policy dated January 2018 (“the Enforcement Policy”) is to impose a financial penalty in the sum of £3,150,000.

Details of the Breaches

The Licensee’s National Lottery mobile application (“the App”) was a key component in each of the issues – even if the precise failures in mechanics, source, or controls in each case were not identical. The Commission’s National Lottery Committee (“the Committee”) concluded that in each case the information presented in the App was incorrect, inappropriate, or harmful at the point of delivery to the player.

The following three elements of the app were considered:

1. QR Code ticket scanner

The QR scanner is a function within the App which enables players to scan individual Lottery ticket QR codes using a device such as a mobile telephone. The scan allows the player to instantly identify if the ticket is a prize winner or not.

On 23 September 2020, the Licensee informed the Commission that it had disabled the QR scanner after the identification of an issue with the QR-code scanning functionality of the App (within the iOS version only, not Android) in that some of the customer scans were incorrectly displaying a non-winning message. The QR-code ticket scanner function is intended for use by retail players and, as such, players are not required to log in to a ‘National Lottery’ account to use it. The identity of retail players using the QR-code scanner service in these circumstances are not known to the Licensee.

The Licensee was unable to identify how many customers were affected by this issue however, it estimated that there was a potential that up to 20,000 scans may have produced incorrect ‘non-winning’ messages to players between November 2016 to September 2020. The Licensee estimated the detriment to players as being between £48,000 – £68,000 however it was unable to ratify this figure.

The Committee concluded that conditions 5.1, 5.13G(c)(ii), 7.42(a) and 14.7(a) had been breached.

2. Duplicate draw-based game ticket purchases

Duplicate wagers are defined as a player who inadvertently duplicates a ticket purchase, resulting in players purchasing an additional ticket for the same draw(s) with the same number of lines because they believed the original purchase had not succeeded. It is to note that some players intentionally purchase the same ticket more than once.

This issue occurred in October 2020 and was evident when in certain circumstances a player signed into the App and followed the usual process to purchase a draw-based game ticket. Upon clicking the “Buy Now” button the purchase completed successfully, but due to an error occurring, instead of seeing the ticket confirmation page, the player was logged out of the App. When the player logged back in, they were presented with the “Buy Now” page again, which led some players to believe the purchase had not been completed, and hence they bought the ticket again. Between 13 October and 23 October 2020, 22,210 players were affected by this during two incidents. All those players have been identified and either refunded for the duplicated wager or where duplicate wagers were winners, these were honoured as such on a duplicate basis.

The Committee concluded that conditions 5.1, 5.13G(c) and 14.7 had been breached.

3. Push notifications disregarding suppression flags

Push notifications are messages received by players that can appear on a mobile device screen. Push notifications carry marketing messages, such as jackpot rollovers, game updates or news of winners. These messages can be received at any time; players do not have to have the App open or be using their device to receive the notifications. Push notifications look like SMS text messages and mobile alerts but will only be received by players who have installed and ‘opted-in’ via the App. Upon creating an account, via the App, players are provided with the Licensee’s ‘Privacy Policy’ and ‘Account Terms and Rules.’ Players are also informed they can change their marketing preferences or ‘opt-out’ of receiving communications at any time. The Licensee uses a marketing partner to deliver app push notifications.

The Licensee informed the Commission, that when a player first installs the App on their chosen device, the player will nominate to either receive or block notifications (this is managed in the player’s iOS and Android settings). Unless a player has ‘opted-in’ (i.e., has agreed to accept notifications), no notifications, whether sent by the Licensee or a third-party partner to the Licensee, will be delivered to that player’s device.

In addition, the Licensee has a facility to place ‘suppression flags’ on players accounts to prevent notifications/marketing being sent to players that the Licensee has identified as a player who may be at risk of harm or showing signs of gambling related issues. This would include players who have registered with GamStop self-exclusion. Player ‘suppression flags’ can vary in duration and scope and are generated by the Licensee, reflecting the various categories of suppressions.

A data transmission problem was caused by a delayed trigger event in the player’s journey. This delayed trigger event could occur if a player was moving between multiple applications whilst the Licensee’s App remained open. The delay could, in certain circumstances, result in the player’s ID being classed as ‘anonymous’ due to the App not automatically identifying the player during its initial session. It is agreed that the Licensee produced accurate player suppression lists to third party suppliers, however the data sync issue prevented those players on its suppression list being correctly linked with their known player account ID.

The circumstances led to some in App marketing push notifications being sent to some of the players on the suppressed list. The Licensee explained that if a player re-launched the App, it would reset the player status and the player ID would be updated and aligned to the suppression list.

The issue affected circa 65,400 players between February 2018 and January 2021.

The Committee concluded that conditions 5.1 and 14.7 had been breached.