Leading international law firm Mishcon de Reya details in-depth insight and stakeholder advice on mitigating the industry’s upcoming ‘Enforcement Action’. Outlining precautions online incumbents should be taking/assessing to reduce the risk of a compliance assessment becoming a licence review.
Document authored by:
- Niki Stephens – Managing Associate, Mishcon de Reya LLP
- Nick Nocton – Partner, Mishcon de Reya LLP
- Matthew Hancock – Legal Director, Mishcon de Reya LLP
On 13 February, the Committees of Advertising Practice (CAP) released new guidance which comes into force on 1 April 2019. The new guidance aims to further protect children and young people from irresponsible gambling advertising by providing greater detail on approaches that are likely to be unacceptable in individual marketing communications.
Only a week prior to this, the UK Gambling Commission (UKGC) announced changes to the Licence Conditions and Codes of Practice aimed at making gambling safer and fairer.
Among other things, these new rules require operators to verify the name, address and date of birth of customers before allowing them to gamble, ask for additional verification information promptly, inform customers (before they deposit funds) of the types of identity document or other information that might be required, the circumstances in which such information might be required and how it should be supplied and take reasonable steps to ensure that information on the identity of their customers remains accurate. These changes will come into effect on 7 May 2019.
These recent developments are against a backdrop of ongoing regulatory action by the UKGC against online casino operators. At the end of 2018, regulatory action against two online casino operators resulted in financial penalty payments totalling £13m, with the commission further placing six licensed incumbents under investigation.
The UKGC is taking decisive action and online operators can ill afford to assume that the gambling authority will not come knocking at their door… Proactivity is essential!
Most businesses are aware of their limitations, but it is now more important than ever to take steps to address those weaknesses. We have advised a number of online operators following compliance assessments and (in a number of instances) consequential licence reviews.
From our experience, self-diagnosis and addressing weaknesses is a valuable exercise. The better prepared an operator is for self-assessment, the better placed it will be to mitigate against the risk of it resulting in a licence review which could ultimately lead to a sanction.
We, therefore, urge all online operators to work through the UKGC’s compliance health check, to implement any necessary changes, and:
- Consider how they would demonstrate to the UKGC that compliance sits firmly at the heart of the business – the commission expects licensees to be able to provide evidence of this and to demonstrate that leadership takes an active interest and role in compliance matters.
For due-diligence purposes, keeping records of meetings at which compliance matters have been meaningfully discussed/debated should be standard practice. Depending on the size and structure of the business, operators should also consider whether it would be appropriate to appoint a compliance committee.
- Create an internal ‘compliance calendar’ – although key compliance policies will inevitably require more frequent review, by implementing a calendar that alerts all relevant staff to upcoming compliance milestones, operators can (for example) ensure that, at least annually, all key compliance policies are reviewed in detail and audited to ensure ongoing adequacy and effectiveness. Operators should also consider engaging external advisors to review and audit the adequacy and effectiveness of key compliance policies and procedures.
- Keep records on all levels of staff training, not just training related to AML disciplines. Logs are good evidence of all induction and ongoing training received by staff and enable the operator to ensure regular training is received. Operators should also assess the nature of training delivered to staff and ensure that a mix of in-house and external training is delivered.
- Conduct regular reviews of its ‘top’, highest risk, customers and involve the nominated and deputy nominated officers in those reviews – these reviews should be recorded in a system that informs all relevant staff of the status of the customer in question and the outcome of the review (including all customer service, VIP, compliance and responsible gambling staff). These reviews should help ensure that all necessary enhanced due diligence has been collected, stored and updated and should assist the operator in objectively assessing the effectiveness of their anti-money laundering and counter-terrorist financing policies, including the suitability of any financial triggers implemented to identify higher risk players.
- Ensure that its systems are sophisticated enough to enable system logs to be maintained, which allow interactions with customers to be recorded and reviewed (in real time) to ensure effective decision-making by customer service, responsible gambling and compliance staff. These logs will also be valuable during any internal or external audit during which the effectiveness of the relevant policies and procedures is assessed. The UKGC is also likely to ask for evidence of customer interactions during any compliance assessment.
This list is not intended to be exhaustive. It is a sample of a variety of steps that operators should be taking in preparation for any compliance assessment. Failure to take any preparatory steps would be unwise and benchmarking compliance against peers is not a prudent position to take.
Niki Stephens will be speaking on this subject at Betting on Football, which is being held at Stamford Bridge 19-22 March. For more information, click here.