In January 2023, the UK Gambling Commission published its sanctions of InTouch Games Limited, including a fine of £6.1m, after an investigation revealed a number of social responsibility and anti-money laundering failings.
InTouch’s key failings consisted of the following:
- AML: Breaches of paragraphs 1, 2 and 3 of licence condition 12.1.1
- Paragraph 1 requires licensees to conduct an assessment of the risks of their business being used for money laundering and terrorist financing. Such risk assessment must be appropriate and must be reviewed as necessary in the light of any changes of circumstances, including the introduction of new products or technology, new methods of payment by customers, changes in the customer demographic or any other material changes, and in any event reviewed at least annually.
- Paragraph 2 states that following completion of and having regard to the risk assessment, and any review of the assessment, licensees must ensure they have appropriate policies, procedures and controls to prevent money laundering and terrorist financing.
- Paragraph 3 states that licensees must ensure that such policies, procedures and controls are implemented effectively, kept under review, revised appropriately to ensure that they remain effective, and take into account any applicable learning or guidelines published by the Commission from time to time.
The Commission found that within its money laundering and terrorist financing risk assessment, InTouch was not adequately taking account of, nor did it have adequate policies, procedures and controls in place to address the risk of a customer:
- being a beneficiary of a life insurance policy;
- having links to high-risk jurisdictions;
- being a politically exposed person (PEP), family member of a PEP or known close associate of a PEP.
The Commission also stated that InTouch was not sufficiently considering the Commission’s own money laundering and terrorist financing risk assessment or the Commission’s guidance. Additionally, it was found that InTouch was not ensuring its policies, procedures and controls were implemented effectively, as it did not follow its own policy to request source of funds information from customers who had deposited and lost £10,000 in a 12-month period.
- Customer Interaction: Failure to comply with paragraphs 1b, 1c and 2 of Social Responsibility Code Provision (SRCP) 3.4.1
- Paragraphs 1b and 1c provide that licensees must interact with customers in a way which minimises the risk of customers experiencing harms associated with gambling, including interacting with customers who may be at risk of or experiencing harms associated with gambling and understanding the impact of the interaction on the customer, and the effectiveness of the licensee’s actions and approach.
- Paragraph 2 requires licensees to take into account the Commission’s guidance on customer interaction.
These SRCP provisions have been replaced for remote operators by the new SRCP 3.4.3. The Gambling Commission is nevertheless likely to expect lessons to be learned by other remote operators based on this enforcement action, given the new SRCP 3.4.3 also addresses customer interaction.
Specific examples of InTouch’s failings included:
- not interacting with a customer until seven weeks after they had been flagged for interaction for erratic play patterns and extended periods of play; and
- accepting a customer’s word that they earned £6,000 a month without verifying this information after the customer account was flagged due to customer spend and gambling during unsociable hours.
This was not the first time that InTouch had faced regulatory action for anti-money laundering and social responsibility breaches. In May 2019 it paid £2.2m by way of regulatory settlement, and in March 2021 it paid a £3.4m fine and received an official warning (a link to our LawNow explaining the 2021 failings can be found here).
When considering the penalty to impose, the Commission considered in particular:
- The Indicative sanctions guidance – Paragraph 2.19 explains that imposing a financial penalty can be appropriate where there has been a repeated or systemic breach of a licence condition.
- The Statement of principles for determining financial penalties – Paragraphs 1.6, 2.3 and 2.8 confirm that a financial penalty is typically appropriate where the breach is an example of repeat behaviour by the licensee and that this will be considered in determining the quantum of the penalty.
Due to the repeated nature of the breaches, the Commission made the decision to impose a financial penalty of just over £6.1m. In doing so, Kay Roberts, Executive Director of Operations, commented:
“considering this operator’s history of failings we expected to see significant improvement when we carried out our planned compliance assessment. Disappointingly, although many improvements had been made, there was still more to do… This £6.1m fine shows that we will take escalating enforcement action where failures are repeated and all licensees should be acutely aware of this.”
This marks the first time that the Commission has conducted a third licence review of a licensee. The escalation of the financial penalties from £2.2m, to £3.4m, to £6.1m makes clear that the Commission will escalate action in relation to operators who are repeatedly the subject of enforcement action. The Commission also expects operators to show significant improvements following any previous enforcement action.
For further information, email the author or your usual CMS contact.