Anti money laundering laws – whose burden?
Online casinos – attractive to fraudsters
Online casinos are a very attractive channel for criminal gangs looking to launder their ill-gotten gains. What's more, they're nothing like as visible as Turkish barber shops...
Money laundering through online gambling is just about as old as the industry itself. And if you ever wondered how most of them do it, this outlines it quite succinctly.
Whose burden indeed?
Gambling law, particularly in the UK where legislation is generally progressive, is not without its nuances and ambiguities. It’s not always clear whose responsibility is what, and more pertinently perhaps, whether or not it should be.
This is the case when it comes to the enforcement of anti money laundering responsibilities and legislation (AMLs). HM Revenue & Customs (HMRC) is evidently keen to offload the responsibility onto casinos, when arguably the responsibility should sit with themselves, the Gambling Commission (UKGC) or the police.
As a result, casinos have been hit with some substantial fines for not assuming the responsibilities foisted upon them by HMRC.
What are AMLs?
When it comes to preventing money laundering in Britain, several different organisations have responsibilities. These include the Financial Conduct Authority (FCA), National Crime Agency (NCA), Serious Fraud Office (SFO), HMRC and the Prudential Regulation Authority (PRA).
When it comes to the UK gambling industry AMLs are regulated by the UKGC as part of the collective effort to “ensure that adequate controls are in place to prevent gambling businesses being used for money laundering and terrorist financing purposes”. The UKGC monitors and enforces anti money laundering measures industry-wide, serving as a central ‘supervisory authority’ – meaning they’re responsible for providing guidance, making assessments, monitoring suspicious activities, raising awareness and disciplining operators who fail to adhere to AMLs.
Many big operators have fallen foul of AMLs. In April 2024, bet365 received a £582k penalty for four separate AML breaches, including using inadequate Know Your Customer (KYC) measures.
Similarly, in January 2024, Gamesys, whose brands include several familiar names, was fined £6 million for “not always identifying customers at risk of experiencing harms associated with gambling”, among other failures.
Brick-and-mortar operations are susceptible too. In February, an ‘illegal gambling den’ was raided, two men arrested for money laundering activities, and a large haul of gambling paraphernalia confiscated.
What do AMLs require?
Like many areas of UKGC legislation, AMLs and the related best practice guides are constantly evolving. Generally speaking, they require operators to:
- Register for money laundering supervision, which is carried out by the UKGC.
- Carry out regular internal AML risk assessments. The UKGC and government provide specific guidelines for doing this.
- Comply with all relevant legislation, including the Terrorism Act (2000), the Proceeds of Crime Act (2002), and Money Laundering, Terrorist Financing and Transfer of Funds Regulations (2017).
- Carry out customer due diligence, including gathering basic information such as names, addresses, ages and more, then verifying this.
- Put prevention and detection measures in place and train employees in spotting AML red flags.
- Report any instances of suspected money laundering properly, and keep records of all internal investigations.
Burden of responsibility
When it comes to breaches of AMLs, operators are accountable. Casinos and operators are required to manage and monitor their own traffic, and to ensure that their finances are not connected to the funding of terrorism or money laundering. When issues arise, it’s they who pay the price.
This obviously sounds great in principle. Businesses like casinos should be held accountable for things within their control, and they must operate ethically, but where do we draw the line?
It could be argued that some AML failures of casinos are extensions of the failures of government agencies. Casinos should of course be responsible for reporting suspicious activities, but should they be punished for the failings of other organisations?
The international situation
Similar systems exist around the world, and none are necessarily any more balanced than Britain’s.
In April 2024, Spillemyndigheden, the Danish regulator, fined SkillOnNet for three failings related to AML requirements. The infractions pertained to the quality of risk assessments and internal controls. Also in Denmark, Mr Green has been accused of AML failings. Meanwhile, in Australia, SkyCity Adelaide has agreed to pay a massive AUS$67 million fine.
Spanish authorities have recently introduced new measures that increase levels of strictness when it comes to reporting gambling winnings for tax purposes. They’ve even gone so far as to request ID cards at physical betting venues to make it easier for players’ winnings to be tracked.
Introducing such a measure in the UK would likely be met with a vocal backlash and understandable accusations of invasion of privacy. However, the possibility of practices like these being introduced is not out of the question.
Treating symptoms rather than the root cause?
Another issue with the current system is that, from the perspective of a UK casino, it may end up being more cost-effective to simply pay the fine, rather than to go to the great lengths required by AMLs.
This could have the unintended effect of encouraging operators to take a lax approach to suspicious activities, and simply accept fines as an operational cost, the price of doing business.
The government and UKGC would then have little incentive to change legislation, pocketing regular large sums of cash.
A perpetual cycle of this sort would be incredibly dangerous, not only because it breeds corruption, but because it would result in a failure to address the root problem: money laundering.
Time for a reappraisal?
The AML situation in Britain could be compared to the issue of illegal workers. In the case of the latter, the burden of responsibility falls on employers. But, if there are illegal workers in the country in the first place, then this points to a failure of other tax-funded institutions and agencies whose jobs are to prevent this.
Similar comparisons could also be drawn between other areas of the law. For instance, failures to comply with UK General Data Protection Regulation (GDPR) regulations have resulted in fines of hundreds of millions for social media companies.
This puts into perspective just how financially beneficial these laws can be to the institutions who implement and enforce them. However, despite the size of these fines, they’re unlikely to provide much incentive for a company as profitable as, for example, Facebook.
Tight AML restrictions are essential, and none of us want our gambling industry to be associated with criminal activities. However, the current distribution of blame and penalties seems skewed in favour of a system that perpetuates blame, fines, and inadequate security measures, whilst encouraging blind eyes to be turned.
Looking ahead
AMLs are an essential and responsible part of a functioning and ethically-regulated economy. However, the distribution of blame resulting from infringements should be closely scrutinised. As things stand, there are undeniable flaws.
So where should a casino’s responsibility start and end? Perhaps the buck ought to stop a little higher, with the tax-funded institutions who are responsible for some of these issues, rather than the casinos which contribute so significantly to the British economy.
Perhaps a better balanced solution than currently would be to take a more collaborative approach. Rather than simply throwing fines and accusations of lapsed responsibilities at each other, the relevant organisations could instead put their heads together for the common good. Let's see.