Online gambling: new European AML regime approved – are you ready?
The online gambling sector is currently dealing with a marked rise in compliance costs. This has been the result of a number of regulatory changes, ranging from the revised Licence Conditions and Codes of Practice through to the new POC tax reporting regime.
And looming on the horizon are changes to the anti-money laundering (AML) regime. The fourth anti-money laundering directive (AMLD4) was approved by the European Parliament on 20 May 2015.
As a result, each member state will have to introduce new laws giving effect to AMLD4 within c. two years. There have been indications that the UK government will be at the forefront of this process, introducing new laws by late 2015 or early 2016.
The UK Gambling Commission has sanctioned several well-known operators in the recent past for failures in their AML regimes, and there is likely to be a high-degree of scrutiny from the Gambling Commission on this issue going forwards. The key points to note are set out below.
All providers of “gambling services” will be subject to AMLD4
Unlike the previous regime – which imposed more stringent requirements on the holders of casino operating licences – AMLD4 will apply to all providers of “gambling services”, i.e. all online gambling operators.
Each member state will have some flexibility in how it implements AMLD4. In particular, each member state can choose to exempt low-risk activities from full compliance with the new regime. It is expected that the industry will begin lobbying for exemptions, particularly in respect of those types of low-stakes gambling which pose minor risks of money-laundering (for example, bingo and lotteries).
Customer due diligence and the risk-based approach
AMLD4 will increase the emphasis on the risk-based approach to AML and on the effectiveness of AML systems, introducing new requirements for member states and firms to carry out their own assessments of the money laundering risks facing them.
For online gambling operators, AMLD4’s customer due diligence (CDD) requirements are likely to be the most significant compliance issue to get to grips with. AMLD4 clarifies and reinforces the previous CDD requirements, and operators will need to assess whether their current systems are adequate. Broadly, operators will need to be sure that they have systems in place to verify customers’ identities based on reliable information, and conduct ongoing monitoring of their relationships with customers. Other requirements will include internal training and record keeping.
The situations where CDD must be carried out include: (a) when establishing a business relationship with a customer (i.e. a commercial relationship which is expected to have an element of duration); (b) when carrying out occasional transactions amounting to EUR 2,000 or more (whether through a single gambling transaction, or several transactions which appear to be linked); or (c) where there are doubts about the veracity or adequacy of previously-obtained CDD.
It would be sensible for gambling operators to anticipate the new CDD regime before it comes into force, particularly when taking on new customers in the lead-up to the new laws coming into force. Operators will need to ensure that their terms and conditions allow them to request CDD information and to terminate the customer relationship if those CDD checks are not successful.
Ensuring compliance with AMLD4 is likely to mean increased compliance costs for online gambling operators, particularly for multi-jurisdictional operators. Operators will have to comply in the jurisdiction where they are established and also in each market in which they operate. Since different EU jurisdictions are likely to interpret and implement AMLD4 differently, multi-jurisdictional operators will likely need to take legal advice in each of the jurisdictions relevant to them.
No more exemptions for third country “equivalence”
At present, it is not necessary to comply with certain CDD requirements when dealing with jurisdictions which are deemed to have “equivalent” AML regimes. This system of exemptions in the case of third country equivalence may not apply under AMLD4, although it is not completely dead. The EU Commission will be able to identify third country jurisdictions whose AML regimes mean they are “high-risk third countries”. Countries that are not classed as high-risk third countries by the EU Commission should not however be automatically treated as having effective AML systems; instead, entities in those jurisdictions must still be assessed on a risk-sensitive basis.
Operators with establishments outside the EU
An operator established in the EU that has branches or majority-owned subsidiaries outside the EU will have to abide by local laws where those establishments are located, but will also have to meet the EU risk-based standard where the local law is not so stringent, to the extent that the third country’s laws and regulations so allow. Where the legislation of a third country does not permit the implementation of group-wide AML policies and procedures, operators that are part of a group will have to take “additional measures” to manage the risk of money laundering. If the “additional measures” are not sufficient, the operator’s home country must take supervisory action, including requesting the group to close down its operations in the third country where appropriate.
Now that AMLD4 has been approved by the EU Parliament, it will be officially published and each EU member state will need to incorporate it into their national laws by June/July 2017 (although states may implement it early). In the meantime, it is likely that further official guidance will follow. Online gambling operators will need to monitor this issue in the meantime, to ensure that they are able to carry on operating without a hitch when the new regime comes into force.
How can we help you?
If you would like to find out more about the capabilities of our Betting & Gaming Group, please click here.