ARTICLE
14 May 2008

Combating Cybercrime In Betting And Gaming - Creating A More Effective Anti-Money Laundering Strategy

PP
Peters & Peters

Contributor

Peters & Peters logo
Explore
NCIS, the forerunner of SOCA, and the Financial Action Task Force have both highlighted the gaming sector as vulnerable to money laundering. This vulnerability has not lessened, and indeed may have increased, with the advent of cybergaming.
UK Government, Public Sector
To print this article, all you need is to be registered or login on Mondaq.com.

Article by Monty Raphael, Joint Head of Fraud and Regulatory, Peters & Peters

NCIS, the forerunner of SOCA, and the Financial Action Task Force have both highlighted the gaming sector as vulnerable to money laundering. This vulnerability has not lessened, and indeed may have increased, with the advent of cybergaming. Cybercrime has exploded to cover all aspect of commercial activity in cyberspace and the challenge for law enforcement is the same for all sectors:

  1. The delinquent activity is borderless

  2. The activity is encouraged by the protection of being non face-to-face

  3. As cybercrime generates more and more criminal property, it has to be laundered; where better than in the virtual world in which it was created.

These are among the concerns that led the US congress to outlaw e-gaming last year. What are the crucial elements of an anti money laundering checklist in the UK? It is important to adopt the risk based approach contained within the Money Laundering Regulations 2007; for senior management to take responsibility for managing risk, and for operators to carry out customer due diligence obligations, record-keeping and, ultimately, to identify and report suspicious activity.

1. The Financial Action Task Force Typologies

In its 1997-1998 Typologies Report, FATF recognised that there had been a proliferation of laundering cases in the casinos and gambling part of the non-financial sector. Casinos, they said, are the site of the first stage in the laundering process, i.e. converting the funds to be laundered from banknotes (circulating currency) to cheques (bank money). That system was made all the more opaque by using a chain of casinos with establishments in different countries. Gaming businesses and lotteries were also identified as being used increasingly by launderers. In 2000, FATF noted that examples in which gambling played a role in money laundering - either as the source of criminal proceeds or as a means of laundering them had continued to be cited by many members. The issue of Internet gambling had also begun to raise concern among some members, who saw these services as offering a high degree of anonymity and secrecy to the potential money launderer.

"...it seems that Internet gambling might be an ideal web-based "service" to serve as a cover for a money laundering scheme through the net.1"

In its 2000-2001 Typologies Report, FATF went further and identified on-line banking and internet casinos as major money laundering issues. There was increasing evidence in some FATF jurisdictions that criminals were using the Internet gambling industry to commit crime and to launder the proceeds of that crime. Despite attempts to deal with the potential problems of Internet gambling by regulating it, requiring licenses in order to operate, or banning such services outright, a number of concerns remained. FATF identified three of these concerns as presenting particular difficulties for those seeking to identify and prosecute such activity:

  1. In instances where an internet user is operating using dial-up access, his or her identity can be discovered through the log files of the Internet Service Provider. However, if the log files are not maintained at any step of the way, or dial-up user (or subscriber) information is considered to be protected information, then it may be more difficult to determine the ultimate link between an illegal activity and a specific individual.

  2. Transactions are primarily performed through credit cards , and the offshore placement of many Internet gambling sites makes locating and prosecuting the relevant parties more difficult if not impossible.

  3. Gambling transactions, the records of which might be needed as evidence, are conducted at the gambling site and are software-based; this may add to the difficulty of collecting and presenting such evidence.

2. A Literature Review and Survey of Statistical Sources on Remote Gambling: Department of Culture, Media and Sport2

As a by-product of the evolution of remote gambling, there appears to be a money laundering "arms race" in operation, with criminals exploiting loopholes or weaknesses in the system and governments and operators working to plug those gaps and strengthen those weaknesses.'

The report highlights comments by US Deputy Assistant Attorney General John Malcolm in his statement to the United States House of Representatives in 2003, in which he stated that, "organised crime is moving into Internet Gambling". The report further cites the 2001 Canadian case in which one of Canada's largest organised crime family's high tech illegal gambling operation was raided and exposed.

Money laundering could be a problem in remote gambling, say the DCMS, because the characteristics of the internet, such as its high speed, high volume and international reach, make it susceptible to such activity. The anonymity of the internet and use of encryption can make it difficult to trace payments, whilst non-credit card forms of electronic payment are arising which may not be subject to the transaction records or limits of credit cards.

3. Online gaming and the United States

The Unlawful Internet Gambling Enforcement Act of 2006 is part of a sustained clampdown on online gaming in the US, and makes it illegal for banks and credit card firms to process online gaming payments from the US. Supporters of the ban on Internet gambling stated that the industry is unregulated, that underage people are more likely to gamble online, and that it supports money laundering and similar criminal enterprises.

However, in a hearing before the Committee on Financial Services (U.S. House of Representatives) in June 2007, entitled, Can internet gambling be effectively regulated to protect consumers and the payments system?3, Jon Prideaux, Chief Executive of Asterion Payments noted that:

During my many years as the chairman of Visa Europe's compliance committee, I can tell you, Mr. Chairman, that I did become aware from time to time of many different complaints that consumers had about various aspects of the Visa system. But during this same period, Mr. Chairman, I can tell you that I did not receive a complaint, nor was I aware of any complaint relating to Visa of problem gambling, nor was I aware of complaints relating to operators cheating their customers on regulated sites, and neither did our anti-money laundering procedures cause us to make any suspicious transaction reports in the regulated sector.

I conclude, therefore, Mr. Chairman, that Internet gambling can and should be regulated effectively. The arrival of the Internet, Mr. Chairman, has changed many industries. The gambling industry is no different. The genie cannot be put back in the bottle. Internet gambling is a fact. We must deal with it.'

4. The prevention of money laundering

4.1 The UK's Money Laundering framework

  • The Proceeds of Crime Act 2002 (POCA) (as amended by the Serious Organised Crime and Police Act 2005 (SOCPA));

  • The Money Laundering Regulations 2007; and

  • The Terrorism Act 2000 (TA 2000) (as amended by the Anti-Terrorism, Crime and Security Act 2001 (ATCSA 2001) and the Terrorism Act 2006 (TA 2006)). The Terrorism Act establishes a series of offences related to involvement in arrangements for facilitating, raising or using funds for terrorism purposes.

4.2 A brief overview of the Proceeds of Crime Act 2002

The offences:

  • Section 327 - concealing/ disguising/ converting/ transferring criminal property/ removing it from the jurisdiction.

  • Section 328 - entering into or becoming concerned in an arrangement.

  • Section 329 - acquiring, using or possessing criminal property.

  • Section 330 - failure to report offence for the regulated sector.

  • Section 331 Failure to report Regulated sector MLROs

  • Section 332 Failure to report non Regulated sector MLROs

  • Sections 333 and 342 - tipping off and prejudicing an investigation

Criminal conduct:

Criminal Conduct (s.340(2) POCA) is conduct which:

(a) Constitutes an offence in any part of the UK;

(b) Would constitute such an offence if it occurred there.

Criminal property:

Property is criminal property (s.240(3) POCA) if—

(a) it constitutes a person's benefit from criminal conduct or it represents such a benefit (in whole or part and whether directly or indirectly), and

(b) the alleged offender knows or suspects that it constitutes or represents such a benefit.

Defences to the sections 327-329

  • You make an "authorised disclosure" and consent is obtained before the prohibited act The defence of consent'

  • You intend to make a disclosure but have a reasonable excuse for not doing so The reasonable excuse' defence

  • You make an "authorised disclosure" after the "prohibited act" if you had good reason for your failure to make the disclosure before, and the disclosure is made on your own initiative and as soon as it is practicable for you to make it.

  • You make an "authorised disclosure while the offender is doing the prohibited act where you did not know/suspect etc when he began doing it and the disclosure is made on your own initiative and as soon as is practicable for you to make it&"

  • You do not know or suspect that the property constitutes a person's benefit from criminal conduct or that it represents such a benefit.

  • Section 329 only The adequate consideration' defence

  • Reasonable belief conduct legal overseas

Section 330 an overview

- A knows or suspects or has reasonable grounds for knowing or suspecting that another person, B, is engaged in money laundering

- Information or other matter came to A in the course of a business in the regulated sector (Schedule 9)

- A can identify B or the whereabouts of any of the laundered property, or believes, or it is reasonable to expect him to believe, that the information or other matter will or may assist in identifying B or the whereabouts of any of the laundered property

- A does not make the required disclosure to a nominated officer or SOCA as soon as is practicable after it comes to him.

What is meant by suspicion?

Suspicion has been defined by the courts as being beyond mere speculation and based on some foundation. The Gambling Commission notes that unusual patterns of gambling, including particularly large amounts, should receive attention, but atypical patterns of behaviour should not necessarily lead to grounds for knowledge or suspicion of money laundering, or a report to SOCA.

What are reasonable grounds' for knowing or suspecting?

This introduces an objective test: a person may be guilty of this offence if he or she should have known or suspected, even if there was no actual knowledge or suspicion.

The Commission's Guidance indicates that the test would likely be met when there are demonstrated to be facts or circumstances, known to the member of staff in the course of their business, from which a reasonable person engaged in a casino business, would have inferred knowledge, or formed the suspicion, that another person was engaged in money laundering or terrorist financing.

Offences for the Nominated Officer'

  • Sections 331 and 332 create "failure to disclose" offences which apply to all nominated officers working inside and outside the regulated sector

  • The test for nominated officers in the regulated sector includes the objective / "reasonable grounds" test for knowing or suspecting.

  • The test for nominated officers outside the regulated sector requires actual knowledge or suspicion.

4.3 The Gambling Commission's Guidance

In October 2007, the Gambling Commission issued a consultation document proposing guidance to remote and non-remote casinos concerning their responsibilities under the Money Laundering Regulations, which came into effect on 15 December 2007, and the Proceeds of Crime Act. Following this consultation, the guidance has now been finalised.

In order to help prevent activities related to money laundering and terrorist financing, remote and non-remote casinos will be required to act in accordance with the Commission's guidance

5. The prevention of money laundering: the Money Laundering Regulations 2007

What are your responsibilities under the Money Laundering Regulations 2007?

Operators must establish and maintain appropriate polices and procedures relating to:

  • customer due diligence measures and ongoing monitoring;

  • reporting;

  • record-keeping;

  • internal control;

  • risk assessment and management; and

  • the monitoring and management of compliance with, and the internal communication of, such policies and procedures (staff training)

6. Customer Due Diligence

The Third EU Money Laundering Directive outlines four parts of customer due diligence including a new explicit requirement for ongoing monitoring. It is also more precise over the obligation to identify and verify the identity of any beneficial owner. Specifically the requirements, reflected in Regulation 5, are:

  • Identifying the customer and verifying the customer on the basis of documents, data or information obtained from a reliable and independent source;

  • Identifying, where applicable, the beneficial owner4 and taking risk based and adequate measures to verify his identity so that the firm is satisfied that it knows who the beneficial owner is;

  • Obtaining information on the purpose and intended nature of the business relationship; and

  • Conducting ongoing monitoring, on a risk sensitive basis, of the business relationship5.

The Government is of the view that casinos should identify their customers when they reach a threshold of €2,000 of chips exchanged or gambled. A threshold approach is recommended as international best practice by the Financial Action Task Force, which suggests a level of €3,000. The Third Money Laundering Directive provides for a stricter application of this standard, involving a threshold of €2,000, and it is this approach that the Government is taking. In the view of law enforcement, money laundering in casinos below the sum of €2,000 is not a material risk provided proper checks are in place to ensure that this threshold is not exceeded without appropriate due diligence through the consecutive exchange of smaller amounts6. Casinos should also be able to link customer due diligence information for a particular customer to the transactions that the customer conducts in the casino7.

Those casinos that are able to demonstrate to the regulator that they have the systems in place for tracking and identifying higher risk individuals and for ensuring that criminals are not able to circumvent the threshold by gradually exchanging or gambling chips should therefore follow a threshold approach8. The Government has rejected the blanket application of a threshold system for all casinos, as some may not have the systems in place to deliver it effectively. For those that do not, the default position should continue to be that casinos identify their customers on entry. This will enable those casinos that presently operate a membership system to continue with their current practice of identifying, and verifying the identity of, customers at the point of application for membership. However, the Government encourages all casinos to develop the systems necessary for tracking and identifying higher-risk individuals in line with the threshold approach9.

Regulation 10 sets out the identification requirements on casinos. The threshold will apply for every 24 hours for casinos and internet casinos. If it transpires that there are systemic problems with operating on a threshold basis, then checks on entry will be required10.

Regulation 10 is drafted so that all gaming machines within a casino are included within the scope of the identification requirements. Casinos must, therefore, identify customers using these machines either on entry or when they reach the threshold.

6.1 Application of Customer Due Diligence on a Risk-Sensitive basis

Casinos have flexibility in devising polices and procedures which best suit their assessment of the money laundering and terrorist financing risks faced by their business.

The regulations require a policy and procedure in relation to risk assessment and management. If casinos adopt the threshold approach to customer due diligence (CDD), part of the risk-based approach will involve making decisions about whether or when verification should take place electronically. Operators must determine the extent of their CDD measures, over and above the minimum requirements, on a risksensitive basis depending on the risk posed by the customer and their level of gambling.

Where a customer is assessed as presenting higher risk it will be necessary to seek additional information in respect of the customer.

Article 8.2 of the Third Directive, and, in turn, Regulation 7(3) provide that a relevant person must:

  1. determine the extent of customer due diligence measures on a risksensitive basis depending on the type of customer, business relationship, product or transaction; and

  2. (b) be able to demonstrate to his supervisory authority that the extent of the measures is appropriate in view of the risks of money laundering and terrorist financing.

The provisions of the Second Directive were criticised for being formulaic and inflexible11, whereas the Third Directive adopts a more focused risk-based approach, recognising that some circumstances pose a greater risk of money laundering than others.

6.2 Identifying and assessing risk

The Gambling Commission stated in its recently published Guidance that an assessment of risk is based on a number of questions, which include:

  • What risk is posed by the business profile and customers using the casino?

  • Is the business high volume consisting of many low spending customers?

  • Is the business low volume with high spending customers, perhaps who use and operate within their cheque cashing facilities?

  • Is the business a mixed portfolio, ie customers are a mix of high spenders and lower spenders and/or a mix or regular and occasional customers?

  • Are procedures in place to monitor customer transactions and mitigate any money laundering potential?

  • Is the business local with regular and generally well known customers?

  • Are there a large proportion of overseas customers using foreign currency or overseas based bank cheque or debit cards?

  • Are customers likely to be individuals who hold public positions in countries which carry a higher exposure to the possibility of corruption, ie a politically exposed person (PEP)?

  • Are customers likely to be engaged in a business which involves significant amounts of cash?

  • Are there likely to be situations where the source of funds cannot be easily established or explained by the customer?

  • Are there likely to be situations where the customer's purchase or exchange of chips is irrational or not linked with gaming?

  • Is the majority of business conducted in the context of business relationships?

Many customers carry a lower money laundering or terrorist financing risk. These might include customers who are regularly employed or who have a regular source of income from a known source which supports the activity being undertaken.

7. Enhanced Due Diligence

Enhanced due diligence must be applied in respect of all customer relationships representing an enhanced risk, including in the three situations set out in Regulation 14:

a. where the customer is not physically present12;

b. when the transaction involves cross-frontier correspondent banking relationships13; and

c. for transactions with politically exposed persons14.

In all these cases those within the regulated sector must put in place measures requiring additional checks to be made of the customer's identity and the provenance of the funds being handled.

Where the customer is not physically present: remote casinos

Regulation 14(2) outlines possible measures which can be adopted beyond standard verification procedures to compensate for the higher risk of non face-to-face transactions. The regulations suggest the following options by way of example, although this list is not exhaustive:

  • using additional documents, data or information to establish identity;

  • using supplementary measures to verify or certify the documents supplied or obtain confirmatory certification by a credit or financial institution which is subject to the money laundering directive;

  • ensuring that the first payment is carried out through an account opened in the customer's name with a credit institution.

The Gambling Commission's Guidance notes that remote operators also have the benefit of being able to withhold payment of winnings or remaining deposits until satisfied that CDD is satisfactorily done.

Politically Exposed Persons

The definition of a PEP for these purposes is contained within Regulation 14(5):

  • A person who has been entrusted within the last year with a prominent public function by a state other than the UK , a Community institution or an international body, including a person who falls within any of the following categories15:

- heads of state, heads of government, ministers and deputy or assistant ministers

- members of parliament

- members of supreme courts, of constitutional courts, or of other high-level judicial bodies whose decisions are not generally subject to further appeal, except in exceptional circumstances

- members of courts of auditors or of the boards of central banks

- ambassadors, charges d'affairs and high-ranking officers in the armed forces

- members of the administrative, management or supervisory bodies of state-owned enterprises

  • In addition to the primary' PEPs listed above, a PEP also includes:

- family members of a PEP spouse, partner, children and their spouses or partners, and parents16; or

- known close associates of a PEP persons with whom joint beneficial ownership of a legal entity or legal arrangement is held, with whom there are close business relationships, or who is a sole beneficial owner of a legal entity or arrangement set up by the primary PEP17.

The following steps must be taken to deal with the heightened risk posed by having a business relationship with a Politically Exposed Person (PEP):

STEP ONE: Obtain senior management approval for establishing the business relationship;

STEP TWO: Take adequate measures to establish the source of wealth and source of funds which are involved in the business relationship or occasional transaction;

STEP THREE: Conduct enhanced ongoing monitoring.

The Gambling Commission's Guidance notes that the nature and scope of a particular casino's business will help to determine the likelihood of PEPs in their customer base, and whether the operator needs to consider screening all customers for this purpose.

Establishing whether individuals are PEPs is not always straightforward: the Gambling Commission's Guidance, quoting from the JMLSG Guidance, notes that where operators need to carry out specific checks, they may be able to rely on an internet search engine, or consult relevant reports and databases on corruption risk published by specialised national, international, nongovernmental and commercial organisations. Resources such as the Transparency International Corruption Perceptions Index may be helpful in terms of assessing the risk. If there is a need to conduct more thorough checks, or if there is a high likelihood of an operator having PEPs for customers, subscription to a specialist PEP database may be necessary. Operators should, as far as practicable, be alert to public information relating to possible changes in the status of its customers with regard to political exposure.

8. Requirement to cease transactions

Where it has not been possible to apply customer due diligence measures, the relevant person, by virtue of Regulation 11:

a. must not carry out a transaction with or for the client through a bank account

b. must not establish a business relationship or carry out an occasional transaction

c. must terminate any existing business relationship with the customer

d. must consider whether there is a requirement to make a disclosure under the Proceeds of Crime Act 2002, or the Terrorism Act 2000.

9. Record-Keeping, Internal Controls and Training

The Third Directive's requirements for record keeping, internal procedures and training are in similar terms to the First and Second Directives.

The Third Money Laundering Directive requires the following records are kept for five years from when either the business relationship or transaction ends:

  • A copy of the evidence required to satisfy the customer due diligence requirements or references of the evidence required; and

  • Evidence and records of transactions carried out as part of the business relationship.

The Gambling Commission's Guidance identifies the following areas as falling within the remit of an operator's record keeping policy and procedure:

  • details of how compliance has been monitored by the nominated officer;

  • delegation of AML/CTF tasks by nominated officer;

  • nominated officer reports to senior management;

  • information not acted upon by the nominated officer, with reasoning why no further action was taken;

  • customer identification and verification information;

  • supporting records in respect of business relationships or occasional transactions;

  • staff training records;

  • internal and external suspicious activity reports; and

  • contact between the nominated officer and law enforcement or SOCA, including records connected to appropriate consent.

The Guidance also deals in some detail with supporting records.

In accordance with the terms of Article 34 of the Third Money Laundering Directive the regulated sector will be required to establish appropriate policies and procedures relating to: customer due diligence; reporting; record keeping; internal control; risk assessment; risk management; compliance management and communication in order to forestall and prevent operations related to money laundering or terrorist financing. Article 35 of the Directive requires the regulated sector to train their staff on the money laundering requirements and to help them recognise operations that may be related to money laundering or terrorist financing and what to do in those circumstances. Therefore, the regulations require operators to take appropriate measures so that all relevant employees are:

  • made aware of the law relating to money laundering and terrorist financing; and

  • regularly given training in how to recognise and deal with transactions and other activities which may be related to money laundering or terrorist financing.

10. Monitoring and Supervision

One of the main changes the Directive introduces is the requirement that all sectors are effectively monitored for compliance with anti-money laundering controls.

A supervisory authority, in this case the Gambling Commission, must effectively monitor casinos and take necessary measures for the purpose of securing compliance with the requirements of the Regulations. A supervisory authority which, in the course of carrying out any of its functions under the Regulations, knows or suspects that a person is or has engaged in money laundering or terrorist financing must promptly inform the Serious Organised Crime Agency.

11. Conclusion

The Anti-Money Laundering regulatory environment in Europe is currently undergoing change with the advent of the Third Money Laundering Directive. The Directive, adopted under the UK's presidency of the EU, represents Europe's commitment to fighting the international problems of money laundering and terrorist financing by implementing the global standards produced by FATF in 2003.

The Directive regulates the sectors that are seen as being most at risk of being used for money laundering or its facilitation. In addition to the regulated sectors, the Directive will affect the supervisory bodies that have responsibility for ensuring the sectors' compliance with anti money laundering legislation, whilst also affecting law enforcement authorities and, indirectly, some of the customers and businesses that deal with the regulated sector18.

Whilst new technologies promise great advances, societies are faced with the prospect of being unable to regulate the way in which their citizens participate in certain activities. Concerns about the practical enforceability of regulatory frameworks for gambling on the Internet are shared by regulators everywhere19. Compliance with the UK's anti-money laundering regulations, the Gambling Commisison's money laundering guidance and license conditions, use of controls within the financial industry and the adaptation of best practices will ensure that the attractiveness of using Internet gambling transactions for money laundering purposes is, at the very least, significantly reduced.

© Monty Raphael, Peters & Peters, 2007

The author wishes to acknowledge the assistance of Rachna Gokani in the preparation of this paper.

Footnotes

1 The Financial Action Task Force Typologies Report 2000-2001

2 October 2006

3 ONE HUNDRED TENTH CONGRESS FIRST SESSION, JUNE 8, 2007. Serial No. 11037

4 See Regulations 5 and 6

5 Regulation 8

6 Money Laundering Regulations 2007, Regulatory Impact Assessment

7 ibid

8 ibid

9 ibid

10 ibid

11 MONEY LAUNDERING: RECENT DEVELOPMENTS IN EUROPE. Speech by CCBE SECOND VICE-PRESIDENT Colin Tyre QC - 18th September 2006

12 See Regulation 14(2)

13 See Regulation 14 (3)

14 The Third Money Laundering Directive includes the following definition of a politically exposed person: "politically exposed persons" means natural persons who are or have been entrusted with prominent public functions and immediate family members, or persons known to be close associates, of such persons. In addition the Commission has clarified further the definition through its comitology procedure.

15 Paragraph 4(1)(a) of Schedule 2

16 Paragraph 4(1)(c) of Schedule 2

17 Paragraph 4(1)(d) of Schedule 2

18 HMRC Regulatory Impact Assessment of the 3rd EU Anti-Money Laundering Directive

19 GAMBLING, MONEY LAUNDERING AND THE PROCEEDS OF CRIME: A TRIFECTA?,' Elizabeth Montano, May 1998, Australian Institute of Criminology

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More