Online casino fined £3 million for "systemic" AML failings

11 March 2020

On 27 February 2020, the Gambling Commission announced that it had fined Mr Green (now owned by William Hill plc) £3 million for what it described as “systemic failings” in respect of Mr Green’s social responsibility and anti-money laundering (“AML”) controls which affected a significant number of customers across its online casinos.  The fine represents the ninth gambling business to face regulatory enforcement action relating to social responsibility and AML failures since 2018.

The specific facts of Mr Green's AML breaches are considered below, along with the lessons to be learned by other casino operators, Personal Management Licence holders, and organisations and individuals operating in other regulated sectors.

Mr Green’s legal and regulatory obligations

Licensed gambling operators have a legal duty to ensure that their gambling facilities are being provided in compliance with the Gambling Act 2005, the conditions of their licence and in accordance with the licensing objectives. In particular:

  • Licence condition 12.1.1(1) requires that licensees must conduct an assessment of the risks of their business being used for money laundering and terrorist financing. Such risk assessment must be appropriate and must be reviewed as necessary in the light of any changes of circumstances, including the introduction of new products or technology, new methods of payment by customers, changes in the customer demographic or any other material changes, and in any event reviewed at least annually.
  • Licence condition 12.1.1(2) requires that following completion of and having regard to the risk assessment, and any review of the assessment, licensees must ensure they have appropriate policies, procedures and controls to prevent money laundering and terrorist financing.
  • Licence condition 12.1.1(3) requires that licensees must ensure that such policies, procedures and controls are implemented effectively, kept under review, revised appropriately to ensure that they remain effective, and take into account any applicable learning or guidelines published by the Gambling Commission from time to time.
  • Licence condition 12.1.2(1) requires licensees to put into place and implement the measures described in Parts 2 and 3 of the Money Laundering Regulations 2007 (superseded by the 2017 Regulations), insofar as they relate to casinos.

The Gambling Commission’s findings

Following a compliance assessment and subsequent operating licence review, the Gambling Commission uncovered what it described as “systemic failings” in respect of Mr Green’s AML controls which affected a significant number of customers across its online casinos. In particular:

  • Mr Green failed to conduct a risk assessment of the risks of the business being used for money laundering and terrorist financing from November 2016 to November 2017, contrary to licence condition 12.1.1(1).
  • Mr Green failed to ensure adequate customer Enhanced Due Diligence (“EDD”) and Source of Funds (“SOF”) checks had been conducted on customers who presented a higher risk of money laundering, contrary to licence conditions 12.1.1(2) and 12.1.1(3). This resulted in customers being able to gamble significant sums of money without adequate EDD and SOF checks being conducted. For example, Mr Green took ten-year-old evidence of a £176,000 claims pay-out as satisfactory evidence of SOF for a customer who deposited over £1 million. Following a review of Mr Green’s top 120 existing customers, 113 had to be closed as they failed to pass Mr Green’s AML checks.
  • Mr Green failed to put in place and implement measures described in the Money Laundering Regulations 2007 and the Money Laundering Regulations 2017, contrary to licence condition 12.1.2. This was because, between the relevant period, Mr Green did not have adequate AML controls to consistently address the risks presented by higher risk customers.

Lessons to be learned

Recent enforcement action by the Gambling Commission shows a clear willingness to investigate and take action against casino operators and Personal Management Licence holders in respect of AML concerns. Since 2018, more than £20 million in fines has been paid by casino operators. The fine issued to Mr Green continues this trend and demonstrates the proactivity of the regulator in this area.

A number of clear themes and questions emerge from these cases, which all regulated businesses should consider when assessing the adequacy of their AML controls:

  • When establishing a business relationship with a customer, is due consideration given to the potential risk posed by the customer (e.g. is the customer a politically exposed person or from a high risk jurisdiction)?
  • What on-boarding policies do you have in place and do they comply with the latest legislation and your regulatory requirements? Do you ensure that commercial imperatives do not trump those requirements?
  • Are you gaining a holistic picture of customers’ source of funds and source of wealth? Are you critically assessing assurances you receive as to source of funds and source of wealth? Are you over-relying on checks made by, or information provided by, third parties?
  • For existing customers, are you conducting appropriate on-going monitoring (including sources of information, the accounts they hold and patterns of transactions) and how can you evidence this? If suspicious patterns emerge, do you consider seriously whether to allow the customer to remain a customer?
  • Are you submitting information about suspicious transactions? How many reports were made in your last financial year? What conclusions might you be able to draw from that? Are employees reporting their suspicions? Are decisions to report or not to report being recorded?
  • Are your AML policies and procedures clear, accessible and up to date? Are they appropriately risk-based, fit-for-purpose, tailored to your organisation and being implemented effectively?
  • Do your employees have an up-to-date knowledge of the AML regime within which they operate and understand their own personal duties, including the reporting of suspicions? What training do they receive and how regularly?

Further information

For further information on the issues raised in this blog post, please contact a member of our criminal team.


About the author

Phil Salvesen is an associate in the criminal litigation team who specialises in advising individuals and corporates in relation to criminal and regulatory issues. His cases frequently involve serious allegations such as fraud, market abuse, insider dealingmoney laundering, false accounting, bribery and corruption, electoral offences and anti-competitive behaviour.

Phil maintains a general crime practice and also advises on contentious regulatory issues in a range of other sectors, including matters involving the Financial Reporting Council (FRC), Institute of Chartered Accountants in England and Wales (ICAEW), Gambling Commission and CFA Institute.

Share insightLinkedIn Twitter Facebook Email to a friend Print

Email this page to a friend

We welcome views and opinions about the issues raised in this blog. Should you require specific advice in relation to personal circumstances, please use the form on the contact page.

Leave a comment

You may also be interested in:

Skip to content Home About Us Insights Services Contact Accessibility