{{item.title}}
{{item.text}}
{{item.title}}
{{item.text}}
Great weather, beautiful landscapes, both could be considered as holiday destinations. But not only - both territories are well known online gambling hubs and both at some point of time were classified as jurisdictions under increased monitoring by the Financial Action Task Force (FATF).
Although Malta was removed from the FATF list in June 2022, Gibraltar still remains as a “grey-listed” country.1
As mentioned by FATF officials “Gibraltar needs to take a number of steps, including focusing on gatekeepers to the financial system, in particular gambling operators and lawyers”.2
In light of this statement, it is worth asking what are the main vulnerabilities of the online gambling sector.
According to this report:3
“risks arising from online gambling have increased further since the publication of the last SNRA in 2019”.
The internet allows for a high degree of anonymity. The non face to face nature of online gambling is one of the main risks represented by this business. Identification and verification of the players require more complex CDD measures in order to detect use of false or stolen identities and ensure that the customer providing documentation is the one described in it. Nevertheless, given the evolution of digital ID technology, it is possible to put in place controls required to build robust KYC checks.
The European Gaming & Betting Association (EGBA) issued an overview of the identity verification methods for online gambling.4
As online gambling transactions are conducted over the internet and gambling platforms which are accessible 24/7, the volume of the transfers related to this activity is immense. Identification of the source of wagered funds might be difficult in some instances.
Although, in case of bank deposits, the risk can be reduced by the CDD measures implemented by particular banks, there are payment methods such as prepaid cards or virtual currencies which could be used to obscure the source of funds.
In 2020 the Isle of Man Gambling Supervision Commission issued AML/CFT Guidance for Virtual Currencies. The guidance references the risks related to virtual currencies and additionally highlights, among others:
difficulty in linking an “account” to a real world identity,
potential use of anonymity software such as coin mixers and IP mixers,
the fact that non-centralised “accounts” may be opened by anyone without CDD checks
lack of expertise to deal with new and rapidly developing technologies
lack of AML/CFT controls for virtual currencies in most jurisdictions.6
These voices provide direction for further development of legislations, such as e.g. Markets in Crypto-Assets Regulation (MiCA) which should harmonise rules for crypto-assets at EU level.
Threats related to this market were lately highlighted by:
The Financial Stability Board (Regulation, supervision and oversight of Crypto-Asset activities and markets, 2022)
Basel Committee on Banking Supervision (Prudential treatment of crypto asset exposures, 2022)
FATF (Targeted update on implementation of the FATF standards on virtual assets and virtual asset providers, 2022; Updated guidance for a risk-based approach virtual assets and virtual asset providers, 2021)
As such gambling operators should limit the ability to create multiple accounts or at least identify customers with multiple accounts and determine the reason for opening more than one account.
Also transfer of funds between different customers should be considered as a red flag. This might be a way to send funds outside the regulated financial system (cross-border movements) and as such should be prohibited or limited.
Further, transactional risk is related to the multiple deposit sources as well as different methods used to deposit and withdraw the funds. The risk arises especially when gambling activity is very limited or there is no gambling activity at all.7
As a mitigating factor gambling operators should only allow deposits and withdrawals using payment methods that match the customer's account name in order to ensure the payment method belongs to the customer.
Moreover, whenever possible given the fact that some payments such as pre-paid cards do not allow return payment or refund, withdrawals should be paid to the account (or other payment method) used to make the deposit that resulted in the win.
Although cash is not a typical method of funding for online gambling, there is a risk that illicit funds could enter the remote gambling sector by money service businesses (crediting the accounts) or mixing gambling chains i.e. depositing funds through land-based casinos and transferring to the online gambling accounts.8
Discussing further vulnerabilities of the online gambling, VIP rooms and master accounts require additional considerations. It is significant for the compliance function to be independent from enterprise functions of the gambling operator to avoid conflict of interest in case of VIP customers. Also master account set-up requires effective control over land-based intermediary and access controls.
Check out other publications in the “Transaction Monitoring” series:
Risk based CDD measures
Transaction monitoring processes
Regular risk assessments of their products
Also competent authorities should implement appropriate steps in order to ensure regular cooperation with the online gambling operators, provide guidance, training sessions, and feedback
In Malta, during January and June 2022, 16 compliance audits were conducted with 114 desktop reviews, accompanied by an additional 7 AML/CFT compliance examinations initiated by the Malta Gambling Authority on behalf of the Financial Intelligence Analysis Unit.9
Also the Gambling Commissioner in Gibraltar performed controls of remote gambling licence holders which resulted in financial penalties in respect of AML deficiencies.10
Probably more examples of gambling regulatory investigations are yet to come. Not only in Malta or Gibraltar.
Sources:
Partner, Financial Crime Unit, PwC Poland
Director, Financial Crime Unit, PwC Poland
Katarzyna Chmara