NCIS, the forerunner of SOCA, and the Financial Action Task Force have both highlighted the gaming sector as vulnerable to money laundering. This vulnerability has not lessened, and indeed may have increased, with the advent of cybergaming. Cybercrime has exploded to cover all aspect of commercial activity in cyberspace and the challenge for law enforcement is the same for all sectors:
- The delinquent activity is borderless
- The activity is encouraged by the protection of being non
face-to-face
- As cybercrime generates more and more criminal property,
it has to be laundered; where better than in the virtual
world in which it was created.
These are among the concerns that led the US congress to outlaw e-gaming last year. What are the crucial elements of an anti money laundering checklist in the UK? It is important to adopt the risk based approach contained within the Money Laundering Regulations 2007; for senior management to take responsibility for managing risk, and for operators to carry out customer due diligence obligations, record-keeping and, ultimately, to identify and report suspicious activity.
1. The Financial Action Task Force Typologies
In its 1997-1998 Typologies Report, FATF recognised that there had been a proliferation of laundering cases in the casinos and gambling part of the non-financial sector. Casinos, they said, are the site of the first stage in the laundering process, i.e. converting the funds to be laundered from banknotes (circulating currency) to cheques (bank money). That system was made all the more opaque by using a chain of casinos with establishments in different countries. Gaming businesses and lotteries were also identified as being used increasingly by launderers. In 2000, FATF noted that examples in which gambling played a role in money laundering - either as the source of criminal proceeds or as a means of laundering them had continued to be cited by many members. The issue of Internet gambling had also begun to raise concern among some members, who saw these services as offering a high degree of anonymity and secrecy to the potential money launderer.
"...it seems that Internet gambling might be an ideal web-based "service" to serve as a cover for a money laundering scheme through the net.1"
In its 2000-2001 Typologies Report, FATF went further and identified on-line banking and internet casinos as major money laundering issues. There was increasing evidence in some FATF jurisdictions that criminals were using the Internet gambling industry to commit crime and to launder the proceeds of that crime. Despite attempts to deal with the potential problems of Internet gambling by regulating it, requiring licenses in order to operate, or banning such services outright, a number of concerns remained. FATF identified three of these concerns as presenting particular difficulties for those seeking to identify and prosecute such activity:
- In instances where an internet user is operating using
dial-up access, his or her identity can be discovered through
the log files of the Internet Service Provider. However, if
the log files are not maintained at any step of the way, or
dial-up user (or subscriber) information is considered to be
protected information, then it may be more difficult to
determine the ultimate link between an illegal activity and a
specific individual.
- Transactions are primarily performed through credit cards
, and the offshore placement of many Internet gambling sites
makes locating and prosecuting the relevant parties more
difficult if not impossible.
- Gambling transactions, the records of which might be
needed as evidence, are conducted at the gambling site and
are software-based; this may add to the difficulty of
collecting and presenting such evidence.
2. A Literature Review and Survey of Statistical Sources on Remote Gambling: Department of Culture, Media and Sport2
As a by-product of the evolution of remote gambling, there appears to be a money laundering "arms race" in operation, with criminals exploiting loopholes or weaknesses in the system and governments and operators working to plug those gaps and strengthen those weaknesses.'
The report highlights comments by US Deputy Assistant Attorney General John Malcolm in his statement to the United States House of Representatives in 2003, in which he stated that, "organised crime is moving into Internet Gambling". The report further cites the 2001 Canadian case in which one of Canada's largest organised crime family's high tech illegal gambling operation was raided and exposed.
Money laundering could be a problem in remote gambling, say the DCMS, because the characteristics of the internet, such as its high speed, high volume and international reach, make it susceptible to such activity. The anonymity of the internet and use of encryption can make it difficult to trace payments, whilst non-credit card forms of electronic payment are arising which may not be subject to the transaction records or limits of credit cards.
3. Online gaming and the United States
The Unlawful Internet Gambling Enforcement Act of 2006 is part of a sustained clampdown on online gaming in the US, and makes it illegal for banks and credit card firms to process online gaming payments from the US. Supporters of the ban on Internet gambling stated that the industry is unregulated, that underage people are more likely to gamble online, and that it supports money laundering and similar criminal enterprises.
However, in a hearing before the Committee on Financial Services (U.S. House of Representatives) in June 2007, entitled, Can internet gambling be effectively regulated to protect consumers and the payments system?3, Jon Prideaux, Chief Executive of Asterion Payments noted that:
During my many years as the chairman of Visa Europe's compliance committee, I can tell you, Mr. Chairman, that I did become aware from time to time of many different complaints that consumers had about various aspects of the Visa system. But during this same period, Mr. Chairman, I can tell you that I did not receive a complaint, nor was I aware of any complaint relating to Visa of problem gambling, nor was I aware of complaints relating to operators cheating their customers on regulated sites, and neither did our anti-money laundering procedures cause us to make any suspicious transaction reports in the regulated sector.
I conclude, therefore, Mr. Chairman, that Internet gambling can and should be regulated effectively. The arrival of the Internet, Mr. Chairman, has changed many industries. The gambling industry is no different. The genie cannot be put back in the bottle. Internet gambling is a fact. We must deal with it.'
4. The prevention of money laundering
4.1 The UK's Money Laundering framework
- The Proceeds of Crime Act 2002 (POCA)
(as amended by the Serious Organised Crime and Police Act
2005 (SOCPA));
- The Money Laundering Regulations
2007; and
- The Terrorism Act 2000 (TA
2000) (as amended by the Anti-Terrorism, Crime and
Security Act 2001 (ATCSA 2001) and the Terrorism Act
2006 (TA 2006)). The Terrorism Act establishes a
series of offences related to involvement in arrangements for
facilitating, raising or using funds for terrorism
purposes.
4.2 A brief overview of the Proceeds of Crime Act 2002
The offences:
- Section 327 - concealing/ disguising/
converting/ transferring criminal property/ removing it from
the jurisdiction.
- Section 328 - entering into or becoming
concerned in an arrangement.
- Section 329 - acquiring, using or
possessing criminal property.
- Section 330 - failure to report offence
for the regulated sector.
- Section 331 Failure to report Regulated sector
MLROs
- Section 332 Failure to report non Regulated
sector MLROs
- Sections 333 and 342 - tipping off and
prejudicing an investigation
Criminal conduct:
Criminal Conduct (s.340(2) POCA) is conduct which:
(a) Constitutes an offence in any part of the UK;
(b) Would constitute such an offence if it occurred there.
Criminal property:
Property is criminal property (s.240(3) POCA) if—
(a) it constitutes a person's benefit from criminal conduct or it represents such a benefit (in whole or part and whether directly or indirectly), and
(b) the alleged offender knows or suspects that it constitutes or represents such a benefit.
Defences to the sections 327-329
- You make an "authorised disclosure" and consent
is obtained before the prohibited act
The defence of consent'
- You intend to make a disclosure but have a
reasonable excuse for not doing so
The reasonable excuse' defence
- You make an "authorised disclosure"
after the "prohibited act" if you
had good reason for your failure to make the disclosure
before, and the disclosure is made on your own initiative and
as soon as it is practicable for you to make it.
- You make an "authorised disclosure
while the offender is doing the prohibited
act where you did not know/suspect etc when he began doing it
and the disclosure is made on your own initiative and as soon
as is practicable for you to make it&"
- You do not know or suspect that the property constitutes
a person's benefit from criminal conduct or that it
represents such a benefit.
- Section 329 only The adequate
consideration' defence
- Reasonable belief conduct legal overseas
Section 330 an overview
- A knows or suspects or has reasonable grounds for knowing or suspecting that another person, B, is engaged in money laundering
- Information or other matter came to A in the course of a business in the regulated sector (Schedule 9)
- A can identify B or the whereabouts of any of the laundered property, or believes, or it is reasonable to expect him to believe, that the information or other matter will or may assist in identifying B or the whereabouts of any of the laundered property
- A does not make the required disclosure to a nominated officer or SOCA as soon as is practicable after it comes to him.
What is meant by suspicion?
Suspicion has been defined by the courts as being beyond mere speculation and based on some foundation. The Gambling Commission notes that unusual patterns of gambling, including particularly large amounts, should receive attention, but atypical patterns of behaviour should not necessarily lead to grounds for knowledge or suspicion of money laundering, or a report to SOCA.
What are reasonable grounds' for knowing or suspecting?
This introduces an objective test: a person may be guilty of this offence if he or she should have known or suspected, even if there was no actual knowledge or suspicion.
The Commission's Guidance indicates that the test would likely be met when there are demonstrated to be facts or circumstances, known to the member of staff in the course of their business, from which a reasonable person engaged in a casino business, would have inferred knowledge, or formed the suspicion, that another person was engaged in money laundering or terrorist financing.
Offences for the Nominated Officer'
- Sections 331 and 332 create
"failure to disclose" offences which apply
to all nominated officers working inside and outside
the regulated sector
- The test for nominated officers in the regulated
sector includes the objective / "reasonable
grounds" test for knowing or suspecting.
- The test for nominated officers outside the
regulated sector requires actual knowledge
or suspicion.
4.3 The Gambling Commission's Guidance
In October 2007, the Gambling Commission issued a consultation document proposing guidance to remote and non-remote casinos concerning their responsibilities under the Money Laundering Regulations, which came into effect on 15 December 2007, and the Proceeds of Crime Act. Following this consultation, the guidance has now been finalised.
In order to help prevent activities related to money laundering and terrorist financing, remote and non-remote casinos will be required to act in accordance with the Commission's guidance
5. The prevention of money laundering: the Money Laundering Regulations 2007
What are your responsibilities under the Money Laundering Regulations 2007?
Operators must establish and maintain appropriate polices and procedures relating to:
- customer due diligence measures and ongoing
monitoring;
- reporting;
- record-keeping;
- internal control;
- risk assessment and management; and
- the monitoring and management of compliance with, and the
internal communication of, such policies and procedures
(staff training)
6. Customer Due Diligence
The Third EU Money Laundering Directive outlines four parts of customer due diligence including a new explicit requirement for ongoing monitoring. It is also more precise over the obligation to identify and verify the identity of any beneficial owner. Specifically the requirements, reflected in Regulation 5, are:
- Identifying the customer and verifying the
customer on the basis of documents, data or
information obtained from a reliable and independent
source;
- Identifying, where applicable, the beneficial
owner4 and taking risk based and
adequate measures to verify his identity so that the
firm is satisfied that it knows who the beneficial owner
is;
- Obtaining information on the purpose and intended
nature of the business relationship; and
- Conducting ongoing monitoring, on a risk
sensitive basis, of the business
relationship5.
The Government is of the view that casinos should identify their customers when they reach a threshold of €2,000 of chips exchanged or gambled. A threshold approach is recommended as international best practice by the Financial Action Task Force, which suggests a level of €3,000. The Third Money Laundering Directive provides for a stricter application of this standard, involving a threshold of €2,000, and it is this approach that the Government is taking. In the view of law enforcement, money laundering in casinos below the sum of €2,000 is not a material risk provided proper checks are in place to ensure that this threshold is not exceeded without appropriate due diligence through the consecutive exchange of smaller amounts6. Casinos should also be able to link customer due diligence information for a particular customer to the transactions that the customer conducts in the casino7.
Those casinos that are able to demonstrate to the regulator that they have the systems in place for tracking and identifying higher risk individuals and for ensuring that criminals are not able to circumvent the threshold by gradually exchanging or gambling chips should therefore follow a threshold approach8. The Government has rejected the blanket application of a threshold system for all casinos, as some may not have the systems in place to deliver it effectively. For those that do not, the default position should continue to be that casinos identify their customers on entry. This will enable those casinos that presently operate a membership system to continue with their current practice of identifying, and verifying the identity of, customers at the point of application for membership. However, the Government encourages all casinos to develop the systems necessary for tracking and identifying higher-risk individuals in line with the threshold approach9.
Regulation 10 sets out the identification requirements on casinos. The threshold will apply for every 24 hours for casinos and internet casinos. If it transpires that there are systemic problems with operating on a threshold basis, then checks on entry will be required10.
Regulation 10 is drafted so that all gaming machines within a casino are included within the scope of the identification requirements. Casinos must, therefore, identify customers using these machines either on entry or when they reach the threshold.
6.1 Application of Customer Due Diligence on a Risk-Sensitive basis
Casinos have flexibility in devising polices and procedures which best suit their assessment of the money laundering and terrorist financing risks faced by their business.
The regulations require a policy and procedure in relation to risk assessment and management. If casinos adopt the threshold approach to customer due diligence (CDD), part of the risk-based approach will involve making decisions about whether or when verification should take place electronically. Operators must determine the extent of their CDD measures, over and above the minimum requirements, on a risksensitive basis depending on the risk posed by the customer and their level of gambling.
Where a customer is assessed as presenting higher risk it will be necessary to seek additional information in respect of the customer.
Article 8.2 of the Third Directive, and, in turn, Regulation 7(3) provide that a relevant person must:
- determine the extent of customer due diligence measures
on a risksensitive basis depending on the
type of customer, business relationship, product or
transaction; and
- (b) be able to demonstrate to his supervisory authority
that the extent of the measures is appropriate in view of the
risks of money laundering and terrorist financing.
The provisions of the Second Directive were criticised for being formulaic and inflexible11, whereas the Third Directive adopts a more focused risk-based approach, recognising that some circumstances pose a greater risk of money laundering than others.
6.2 Identifying and assessing risk
The Gambling Commission stated in its recently published Guidance that an assessment of risk is based on a number of questions, which include:
- What risk is posed by the business profile and customers
using the casino?
- Is the business high volume consisting of many low
spending customers?
- Is the business low volume with high spending customers,
perhaps who use and operate within their cheque cashing
facilities?
- Is the business a mixed portfolio, ie customers are a mix
of high spenders and lower spenders and/or a mix or regular
and occasional customers?
- Are procedures in place to monitor customer transactions
and mitigate any money laundering potential?
- Is the business local with regular and generally well
known customers?
- Are there a large proportion of overseas customers using
foreign currency or overseas based bank cheque or debit
cards?
- Are customers likely to be individuals who hold public
positions in countries which carry a higher exposure to the
possibility of corruption, ie a politically exposed person
(PEP)?
- Are customers likely to be engaged in a business which
involves significant amounts of cash?
- Are there likely to be situations where the source of
funds cannot be easily established or explained by the
customer?
- Are there likely to be situations where the
customer's purchase or exchange of chips is
irrational or not linked with gaming?
- Is the majority of business conducted in the context of
business relationships?
Many customers carry a lower money laundering or terrorist financing risk. These might include customers who are regularly employed or who have a regular source of income from a known source which supports the activity being undertaken.
7. Enhanced Due Diligence
Enhanced due diligence must be applied in respect of all customer relationships representing an enhanced risk, including in the three situations set out in Regulation 14:
a. where the customer is not physically present12;
b. when the transaction involves cross-frontier correspondent banking relationships13; and
c. for transactions with politically exposed persons14.
In all these cases those within the regulated sector must put in place measures requiring additional checks to be made of the customer's identity and the provenance of the funds being handled.
Where the customer is not physically present: remote casinos
Regulation 14(2) outlines possible measures which can be adopted beyond standard verification procedures to compensate for the higher risk of non face-to-face transactions. The regulations suggest the following options by way of example, although this list is not exhaustive:
- using additional documents, data or
information to establish identity;
- using supplementary measures to verify
or certify the documents supplied or obtain
confirmatory certification by a credit or
financial institution which is subject to the money
laundering directive;
- ensuring that the first payment is carried out through
an account opened in the customer's
name with a credit institution.
The Gambling Commission's Guidance notes that remote operators also have the benefit of being able to withhold payment of winnings or remaining deposits until satisfied that CDD is satisfactorily done.
Politically Exposed Persons
The definition of a PEP for these purposes is contained within Regulation 14(5):
- A person who has been entrusted within the last
year with a prominent public
function by a state other than the UK , a Community
institution or an international body, including a person who
falls within any of the following
categories15:
- heads of state, heads of government, ministers and deputy or assistant ministers
- members of parliament
- members of supreme courts, of constitutional courts, or of other high-level judicial bodies whose decisions are not generally subject to further appeal, except in exceptional circumstances
- members of courts of auditors or of the boards of central banks
- ambassadors, charges d'affairs and high-ranking officers in the armed forces
- members of the administrative, management or supervisory bodies of state-owned enterprises
- In addition to the primary' PEPs listed above, a
PEP also includes:
- family members of a PEP spouse, partner, children and their spouses or partners, and parents16; or
- known close associates of a PEP persons with whom joint beneficial ownership of a legal entity or legal arrangement is held, with whom there are close business relationships, or who is a sole beneficial owner of a legal entity or arrangement set up by the primary PEP17.
The following steps must be taken to deal with the heightened risk posed by having a business relationship with a Politically Exposed Person (PEP):
STEP ONE: Obtain senior management approval for establishing the business relationship;
STEP TWO: Take adequate measures to establish the source of wealth and source of funds which are involved in the business relationship or occasional transaction;
STEP THREE: Conduct enhanced ongoing monitoring.
The Gambling Commission's Guidance notes that the nature and scope of a particular casino's business will help to determine the likelihood of PEPs in their customer base, and whether the operator needs to consider screening all customers for this purpose.
Establishing whether individuals are PEPs is not always straightforward: the Gambling Commission's Guidance, quoting from the JMLSG Guidance, notes that where operators need to carry out specific checks, they may be able to rely on an internet search engine, or consult relevant reports and databases on corruption risk published by specialised national, international, nongovernmental and commercial organisations. Resources such as the Transparency International Corruption Perceptions Index may be helpful in terms of assessing the risk. If there is a need to conduct more thorough checks, or if there is a high likelihood of an operator having PEPs for customers, subscription to a specialist PEP database may be necessary. Operators should, as far as practicable, be alert to public information relating to possible changes in the status of its customers with regard to political exposure.
8. Requirement to cease transactions
Where it has not been possible to apply customer due diligence measures, the relevant person, by virtue of Regulation 11:
a. must not carry out a transaction with or for the client through a bank account
b. must not establish a business relationship or carry out an occasional transaction
c. must terminate any existing business relationship with the customer
d. must consider whether there is a requirement to make a disclosure under the Proceeds of Crime Act 2002, or the Terrorism Act 2000.
9. Record-Keeping, Internal Controls and Training
The Third Directive's requirements for record keeping, internal procedures and training are in similar terms to the First and Second Directives.
The Third Money Laundering Directive requires the following records are kept for five years from when either the business relationship or transaction ends:
- A copy of the evidence required to satisfy the customer
due diligence requirements or references of the evidence
required; and
- Evidence and records of transactions carried out as part
of the business relationship.
The Gambling Commission's Guidance identifies the following areas as falling within the remit of an operator's record keeping policy and procedure:
- details of how compliance has been monitored by the
nominated officer;
- delegation of AML/CTF tasks by nominated officer;
- nominated officer reports to senior management;
- information not acted upon by the nominated officer, with
reasoning why no further action was taken;
- customer identification and verification
information;
- supporting records in respect of business relationships
or occasional transactions;
- staff training records;
- internal and external suspicious activity reports;
and
- contact between the nominated officer and law enforcement
or SOCA, including records connected to appropriate
consent.
The Guidance also deals in some detail with supporting records.
In accordance with the terms of Article 34 of the Third Money Laundering Directive the regulated sector will be required to establish appropriate policies and procedures relating to: customer due diligence; reporting; record keeping; internal control; risk assessment; risk management; compliance management and communication in order to forestall and prevent operations related to money laundering or terrorist financing. Article 35 of the Directive requires the regulated sector to train their staff on the money laundering requirements and to help them recognise operations that may be related to money laundering or terrorist financing and what to do in those circumstances. Therefore, the regulations require operators to take appropriate measures so that all relevant employees are:
- made aware of the law relating to money laundering and
terrorist financing; and
- regularly given training in how to recognise and deal
with transactions and other activities which may be related
to money laundering or terrorist financing.
10. Monitoring and Supervision
One of the main changes the Directive introduces is the requirement that all sectors are effectively monitored for compliance with anti-money laundering controls.
A supervisory authority, in this case the Gambling Commission, must effectively monitor casinos and take necessary measures for the purpose of securing compliance with the requirements of the Regulations. A supervisory authority which, in the course of carrying out any of its functions under the Regulations, knows or suspects that a person is or has engaged in money laundering or terrorist financing must promptly inform the Serious Organised Crime Agency.
11. Conclusion
The Anti-Money Laundering regulatory environment in Europe is currently undergoing change with the advent of the Third Money Laundering Directive. The Directive, adopted under the UK's presidency of the EU, represents Europe's commitment to fighting the international problems of money laundering and terrorist financing by implementing the global standards produced by FATF in 2003.
The Directive regulates the sectors that are seen as being most at risk of being used for money laundering or its facilitation. In addition to the regulated sectors, the Directive will affect the supervisory bodies that have responsibility for ensuring the sectors' compliance with anti money laundering legislation, whilst also affecting law enforcement authorities and, indirectly, some of the customers and businesses that deal with the regulated sector18.
Whilst new technologies promise great advances, societies are faced with the prospect of being unable to regulate the way in which their citizens participate in certain activities. Concerns about the practical enforceability of regulatory frameworks for gambling on the Internet are shared by regulators everywhere19. Compliance with the UK's anti-money laundering regulations, the Gambling Commisison's money laundering guidance and license conditions, use of controls within the financial industry and the adaptation of best practices will ensure that the attractiveness of using Internet gambling transactions for money laundering purposes is, at the very least, significantly reduced.
© Monty Raphael, Peters & Peters, 2007
The author wishes to acknowledge the assistance of Rachna Gokani in the preparation of this paper.
Footnotes
1 The Financial Action Task Force Typologies Report 2000-2001
2 October 2006
3 ONE HUNDRED TENTH CONGRESS FIRST SESSION, JUNE 8, 2007. Serial No. 11037
4 See Regulations 5 and 6
5 Regulation 8
6 Money Laundering Regulations 2007, Regulatory Impact Assessment
7 ibid
8 ibid
9 ibid
10 ibid
11 MONEY LAUNDERING: RECENT DEVELOPMENTS IN EUROPE. Speech by CCBE SECOND VICE-PRESIDENT Colin Tyre QC - 18th September 2006
12 See Regulation 14(2)
13 See Regulation 14 (3)
14 The Third Money Laundering Directive includes the following definition of a politically exposed person: "politically exposed persons" means natural persons who are or have been entrusted with prominent public functions and immediate family members, or persons known to be close associates, of such persons. In addition the Commission has clarified further the definition through its comitology procedure.
15 Paragraph 4(1)(a) of Schedule 2
16 Paragraph 4(1)(c) of Schedule 2
17 Paragraph 4(1)(d) of Schedule 2
18 HMRC Regulatory Impact Assessment of the 3rd EU Anti-Money Laundering Directive
19 GAMBLING, MONEY LAUNDERING AND THE PROCEEDS OF CRIME: A TRIFECTA?,' Elizabeth Montano, May 1998, Australian Institute of Criminology
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.