Written by Tim Tyler on Wednesday December 13, 2017
There are many different approaches recognised in the development of MLRAs using qualitative and quantitative data; analysing root cause or embarking on risk journeys; asking why again and again; or using a fishbone styled approach to tease out the key issues. They all have their value. I won’t, however, attempt to single out, or describe any particular methodology, but instead consider three essential elements of any approach.
Individual MLRAs are always prepared in a particular context. This is summarised in the first section, before consideration of the nature of the risks and finally, the controls intended to mitigate them.
Perhaps the greatest challenge is simply knowing where to start in developing a MLRA. There are, however, resources available that can help. In October last year HM Treasury published the first national risk assessment of money laundering and terrorist financing. This contains sections focused on online and land based casinos and the betting sector, helpfully identifying key threats together with some of the steps being taken by the industry to mitigate them. The US has similarly developed a national risk assessment with a chapter devoted to casinos. Trade Associations such as the UK Association of British Bookmakers, the National Casino Forum, and Remote Gambling Association continue to work with operators to develop and share understanding and good practice.
The GB Gambling Commission can help here as well. A number of high profile cases in which operators were sanctioned for AML failures are set out on the Commission’s website. The detail contained in the case studies provides opportunity to learn from the experience of others – both in terms of the risks encountered, and the nature of the controls required (and at times absent) to mitigate them.
Resources are available then to assist a firm in developing an MLRA. The assessment is prepared in the context of these external drivers but also, vitally, in light of a number of internal factors. Methodologies used to assess other regulatory, commercial and operational risks may set the tone and approach for the MLRA alongside a clear understanding of the firm’s risk appetite. The unique operating model, customer base, marketing channels and product portfolio demand an approach to developing the MLRA that is tailored to these particular characteristics. Whilst it may be attractive to develop a MLRA that can be used by all operators within, for instance, a particular sector, this one-size fits all approach makes no consideration for the unique nature of each business and is unlikely to accurately reflect the particular risks encountered, and the required controls to mitigate them.
The identification and evaluation of money laundering risks is at the heart of any MLRA. There are many ways of doing this, and some are mentioned above. Whatever approach is taken, it is likely to involve at least four key areas: customer; product; jurisdictional; and means of payment.
Risks associated with the type of customers with whom an operator has potential to do business can fall into a number of areas such as:
All gambling products have the potential to be exploited by money launderers, but some have more potential than others. For instance, peer to peer gambling, where the parties are known to each other, presents particular risks. Products that allow a customer to bet against all possible outcomes of an event can be misused, and fixed odds betting terminals and other electronic forms of payment have the potential to be loaded before cashing out – a recognised form of money laundering. Understanding the nature and vulnerabilities of individual products is vital.
Individuals can potentially gamble online from anywhere in the world including some jurisdictions that entail particular risks of money laundering or terrorist financing. Some customers at land based operators may be linked to parts of the world that again give rise to particular concerns. It’s necessary to identify which countries a customer may be associated with, and to have a suitable tools to assess the level of risk these present.
The means by which gambling transactions are paid for is increasingly diverse, reflecting the proliferation in the different means of payment that are increasingly available. The use of prepaid cards, online payment systems such as Skrill and Neteller compliment more traditional forms of payment such as debit cards. The use of cash continues to dominate much of the industry – presenting particular vulnerabilities to laundering.
Whilst it is necessary to identify and address key areas such as customer, product, geography and means of payment separately for the purpose of building a MLRA, the practical threat of money laundering will most likely entail a combination of the factors – for instance a particular type of customer using a certain product, and paying with cash.
Controls such as customer due diligence (CDD), staff training and suspicion reporting are of course mandated for some operators - regardless of the level and nature of any risks presented. A clear understanding and recognition of the laundering risks the business is exposed to will ensure that these controls are focused on, and calibrated to the right issues.
Some businesses focus their controls on limiting either the impact or the likelihood of laundering taking place - or both. The former would entail for instance, introducing restrictions to play, or limiting the number of transactions in certain circumstances. On the other hand controls aimed at reducing the likelihood of laundering may include customer screening, seeking consent for certain transactions and staff training.
Another way of framing controls considers the necessary steps to identify possible laundering, together with actions required when concerns are detected. For example, ‘red flags’ or trip wires that are built into the operation of a business can be an effective way of identifying potential laundering. This is just the first stage in the process and the controls aren’t effective unless this triggers appropriate response – very often involving some kind of human intervention to investigate and either resolve the concerns, or escalate them for a decision about the continued relationship.
The research and analysis required to develop an effective MLRA is significant. Introducing or updating required controls can be expensive and time consuming. The cost of failure, however, can far exceed even this – whether through legal or regulatory sanction, reputational loss or ethical failure.
Given constant technological advances, the fluid nature of the industry and the ever evolving threat of money laundering, the MLRA can’t be treated as a static, once-and-for-all product. Instead, it needs to be updated in light of operational and industry developments and refreshed, normally on an annual basis.
There are resources available to do this, and some are mentioned above. Perhaps most vitally, each business needs to have appropriately trained staff to develop and implement the MLRA, at a senior level to provide oversight, and at the front line to deliver against it.
To stay updated on the latest developments in governance,risk and compliance, anti money laundering and financial crime prevention, please follow us on either LinkedIn, Facebook and Twitter where you are guaranteed to be notified when our next blog post goes live!
Thank you. Your comment is awaiting moderation and should appear on the site shortly.
Required fields are not completed, please ensure all required fields (*) have been filled in properly.
You can leave the name empty should you wish to remain Anonymous.