UKGC draws attention to a series of important AML, CTF and risk proliferation developments

The Gambling Commission’s 27 June 2022 eBulletin has drawn attention to the following:

  • Its sixth emerging risks update (from June 2022), that highlights money laundering and terrorist financing risks associated with operators failing to comply with data protection requests from law enforcement and common operator failings. It also mentions the addition of Gibraltar to the FATF’s ‘grey list’ (as previously reported by us here),
  • Publication by:
    • HM Treasury of its consultation response (that you can download below) setting out amendments to the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (‘MLR 2017’), with which it advises casino operators to familiarise themselves particularly, we would suggest, in relation to the need for such operators to conduct proliferation financing risk assessments (on which we comment further below),
    • the Financial Action Taskforce (‘FATF’) of its follow-up report on the UK’s compliance with FATF AML and CTF requirements (as previously reported by us here, where you can also download the report), and
    • the Office of Financial Sanctions Implementation (‘OFSI’) of an updated version of its enforcement and monetary penalty guidance (that you can download below).

We address below in turn those of the above items on which we have not previously reported.

The Commission’s sixth emerging risk update

The Commission’s update states as follows:

Emerging money laundering and terrorist financing risks from June 2022

Our latest emerging risks update looks at the money laundering risks associated with operators failing to comply with data protection requests, under the Data Protection Act 2018 (DPA) (opens in new tab), from law enforcement, the addition of Gibraltar to the Financial Action Task Force’s (FATF) ‘grey list’ and common operator failings, including other general risk areas.

Failure to comply with DPA requests

The Commission has come across instances of operators failing to comply with DPA requests from law enforcement. This includes instances where customer accounts have been closed by operators following a DPA request from the police.

Operators are reminded that such actions can significantly hinder any police investigations and can lead to a potential breach of sections 342 and 333A of the Proceeds of Crime Act 2002 (opens in new tab) under the offences of ‘prejudicing an investigation’ and ‘tipping off’.

Such a breach is a criminal offence with a maximum imprisonment term of 5 years for the ‘prejudicing an investigation’ offence and a maximum imprisonment term of 2 years for the ‘tipping off’ offence.

Operators must carefully consider their actions upon receipt of a DPA request from law enforcement, consider the consequences of their actions and liaise with the law enforcement agency.

Further information can be found in Paragraphs 8.87 to 8.89 of the Gambling Commission’s prevention of money laundering and combating the financing of terrorism guidance.

Updated FATF ‘grey list’

Gibraltar has been added to the list of jurisdictions that are under an increased level of monitoring by the Financial Action Task Force (FATF). Such jurisdictions are placed on the FATF’s ‘grey list’ due to strategic deficiencies in their regimes to counter money laundering, terrorist financing and proliferation financing. The current list of jurisdictions is as follows:

  • Albania
  • Barbados
  • Burkina Faso
  • Cambodia
  • Cayman Islands
  • Gibraltar
  • Haiti
  • Jamaica
  • Jordan
  • Mali
  • Morocco
  • Myanmar
  • Nicaragua
  • Pakistan
  • Panama
  • Philippines
  • Senegal
  • South Sudan
  • Syria
  • Turkey
  • Uganda
  • United Arab Emirates
  • Yemen

Malta has been removed from the FATF’s ‘grey list’.

Operators are reminded to conduct robust due diligence checks in any business and customer relationships which are associated to the above jurisdictions in order to mitigate the risk of money laundering and terrorist financing, including proliferation financing.

Common operator failings

Ongoing regulatory action against operators has shown the following failings, which carry significant money laundering risks. These include failures to:

  • establish and maintain policies, controls and procedures to mitigate and effectively manage the risks of money laundering and terrorist financing identified in a risk assessment
  • establish and maintain appropriate risk-sensitive policies and procedures
  • appropriately scrutinise transactions throughout customer business relationships and obtain Source Of Funds (SOF) evidence in accordance with the customer’s risk profile
  • establish and maintain adequate customer due diligence measures, including, but not restricted to, scrutiny of transactions undertaken throughout the course of the business relationship (including, where necessary, the SOF) to ensure that the transactions were consistent with their knowledge of the customer, the customer’s business and risk profile.

Further information on regulatory action the Commission has undertaken can be found on our public statements page.

General risks

The Commission is also reminding operators of ongoing, significant risks that they should be vigilant against. This includes risks associated with money services businesses, the acceptance of e-wallet payments from customers and the risk of ‘mule accounts’.

For further information on these risk areas and how to mitigate the chance of such risks from occurring, please refer to our money laundering and terrorist financing risks assessment of the gambling industry.

In relation to the Commission’s above comments under the heading ‘Failing to comply with DPA requests’, paragraphs 8.87 to 8.89 of its AML/CTF Guidance state as follows:

Interaction with customers

8.87  Normal customer enquiries will not, in the Commission’s view, amount to tipping off or prejudicing an investigation under POCA, unless you know or suspect that a SAR has already been submitted and that an investigation is current or impending and make the enquiries of the customer in a way that it discloses those facts. Indeed, such customer enquiries are likely to be necessary not only in relation to money laundering but also in connection with social responsibility duties (for example, problem gambling). In regard to this offence, counter or frontline staff may not be aware that the nominated officer has submitted a SAR to the NCA. Reasonable and tactful enquiries regarding the background to a transaction or activity that is inconsistent with the customer’s normal pattern of activity is good practice, forms an integral part of CDD measures (and may be driven by social responsibility concerns) and should not give rise to tipping off or the prejudicing of an investigation.

8.88  If patterns of gambling lead to an increasing level of suspicion of money laundering, or even to actual knowledge of money laundering, casino operators should seriously consider whether they wish to allow the customer to continue using their gaming facilities. If a casino operator wishes to terminate a customer relationship, provided this is handled sensitively, there will be low risk of tipping off or prejudicing an investigation. However, if the decision has been made to terminate the relationship and there is a remaining suspicion of money laundering with funds to repatriate, consideration should be given to asking for a defence (appropriate consent).

8.89  In circumstances where a law enforcement agency requests a casino operator to continue trading with a customer as they conduct further investigations, the operator is advised to record the factors considered when agreeing or declining to do so (for example, the risks of participating in such activity, assurances provided by law enforcement, possible money laundering offences, relevant timescales provided, the gravity of the offences being investigated and the purpose of the request), and how this may change the management of risks to the licensing objectives. Given the casino operator’s heightened exposure to risk, it is advisable for the operator to ask for confirmation in writing of such requests from law enforcement. The operator should also continue to submit SARs and/or seek a defence (consent) from the NCA if they decide to continue with a business relationship with such customers.

HM Treasury’s Consultation Response setting out amendments to the MLR 2017

The Commission summarises below key changes set out within the response document that, subject to Parliamentary approval, will affect both the land-based and remote casino sectors with effect from 1 September 2022. There is therefore very little time for those in that sector to familiarise themselves with the changes and, in particular, to complete their respective risk assessments of proliferation financing, alongside their ML and TF risk assessments.

HM Treasury money laundering consultation response

HM Treasury’s consultation response document sets out amendments to the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (the Regulations), following a public consultation in July 2021.

Most of the measures mentioned in the consultation response will come into force on 1 September 2022, subject to Parliamentary approval. The Commission advises casino operators to familiarise themselves with applicable changes in advance of implementation.

Key changes relevant to the casino sector include:

Access to suspicious activity reports (SARs)

A clear legal gateway for Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) supervisors to access, view and consider the quality of the content of SARs submitted by supervised populations, provided they are necessary to fulfil supervisory functions.

Proliferation financing

Amendments to regulations 16, 17 and 18 of the Regulations which will require Great Britain’s casino industry to complete their own risk assessments of proliferation financing, alongside their current risk assessments for money laundering and terrorist financing.

Reporting of discrepancies

Expansion of regulation 30A to introduce an ongoing requirement to report discrepancies in beneficial ownership information.

Information sharing and gathering

Expansion of regulation 52 to allow for wider information sharing and disclosure to a range of bodies, and to reduce the existing barriers to sharing information and intelligence that inhibit effective AML and/or CTF supervision.

Crypto asset firms

Information sharing requirements where crypto asset payments are accepted.

You can download HM Treasury’s Response document below.

Proliferation financing

On the subject to proliferation financing (‘PF’), FATF states that “the financing of proliferation refers to the risk of raising, moving, or making available funds, other assets or other economic resources, or financing, in whole or in part, to persons or entities for purposes of WMD [i.e. weapons of mass destruction] proliferation, including the proliferation of their means of delivery or related materials”.

On the subject of PF risk assessments, paragraphs 4.3 and 4.4 of HM Treasury’s Response document state:

4.3  Respondents indicated concern about the additional burden created by including PF in risk assessments carried out by relevant persons under the MLRs. The government understands that this could be a concern, particularly for smaller businesses, and has therefore been clear that companies will have the flexibility to either create a new risk assessment or to incorporate PF into ML/TF risk assessments they are obligated to carry out, to reduce the burden and minimise additional costs.

4.4  Responses also suggested there was limited awareness of PF in each sector, and that outreach, communication and engagement would therefore be widely appreciated to develop understanding of: what constitutes PF, what the PF risks are in their sector, how to carry out a PF risk assessment and how to address risks identified. The government recognises the need for further information dissemination to the private sector in this area and will conduct outreach to the relevant supervisors, so they are able to support their regulated populations in understanding PF risks and carrying out assessments. The government also notes the publication in September 2021 of the UK’s first National Risk Assessment of Proliferating Financing which provides a macro level assessment of PF risks to the UK.

Given what is said at paragraph 4.4, it might be hoped that some guidance from the Commission on their expectations in relation to casino operators’ proliferation financing risk assessments will be forthcoming shortly. In the meantime, we draw attention to:

OFSI Enforcement and Monetary Penalties for Breaches of Financial Sanctions Guidance

OFSI’s updated version of its enforcement and monetary penalty guidance can be downloaded below.

This reflects, amongst other things, the fact that, on 15 March 2022, the Economic Crime (Transparency and Enforcement) Act 2022 amended the powers in the Policing and Crime Act 2017 by inserting a new clause 1A in the 2017 Act. As explained at paragraph 1.8 of the updated guidance:

This removed the requirement for OFSI to demonstrate that a person had knowledge or reasonable cause to suspect they were in breach of a financial sanction to issue a monetary penalty. This amendment applies only to consideration of civil liability and the imposition of a monetary penalty and is not relevant to any assessment of whether a criminal offence has been committed under sanctions regulations.

Download article PDF: OFSI Enforcement Guidance 15.06.22