On 18 July 2023, the Gambling Commission (the “Commission”) announced that it had reached a regulatory settlement with Done Bros (Cash Betting) Limited (“Betfred”), comprising a payment in lieu of a financial penalty totalling £3.25m.
Betfred was subject to a compliance assessment which resulted in the commencement of a regulatory review under s.116 of the Gambling Act 2005 (“the Act”). The licence review found Betfred to be in breach of the Licence Conditions and Codes of Practice (“LCCP”) between January 2021 and December 2022 in respect of social responsibility and anti-money laundering (“AML”) obligations (though there were some variations in the individual breach periods).
Paragraph 1 of licence condition (“LC”) 12.1.1 of LCCP requires operators to conduct an assessment of AML and terrorist financing (“TF”) risks facing their business, which must be appropriate and reviewed as necessary in light of any changes in circumstances. Paragraphs 2 and 3 of LC 12.1.1 provide that following the completion of the risk assessment, operators must ensure they have appropriate policies, procedures and controls implemented effectively, which must be kept under review and revised appropriately.
Betfred accepted it breached paragraph 1 of LC 12.1.1 as its risk assessment did not:
- sufficiently take into account the Commission’s Proceeds of Crime Act 2005 Guidance;
- demonstrate that all risks to its business had been considered, for example those connected to third party suppliers, payment providers and processors, and customers using pre-paid cards; and
- detail the risks and countermeasures in place to monitor customer transactions across multiple Licensed Betting Offices, products and platforms in order to mitigate any money laundering (“ML”) potential.
Although an analysis of the specific customer records identified during the regulatory review found no evidence of criminal spend with the operator, Betfred nonetheless also accepted its breach of paragraphs 2 and 3 LC 12.1.1 as:
- there were weaknesses in relation to the adequacy, maintenance, and implementation of its policies and procedures;
- there was poor record keeping and its financial alerts (thresholds) were set too high;
- it had an inability to track customer play across products;
- it failed to consistently obtain appropriate KYC identification and source of funds documentation from its customers when its thresholds were met;
- it placed an undue reliance on open-source information and should have taken further steps to corroborate customers’ source of funds information; and
- certain customers were able to stake large amounts of money without the operator conducting appropriate KYC checks.
2. Social responsibility
Paragraph 1 of the SRCP 3.4.1 (applicable at the time) states that operators must interact with customers in a way which minimises the risks of customers experiencing harms associated with gambling. This involves identifying at risk customers, interacting with them and evaluating the effectiveness of such interactions. Paragraph 2 of the SRCP 3.4.1 (applicable at the time) requires that operators take into account the Commission’s guidance on customer interaction.
Betfred accepted it was not fully in compliance with paragraphs 1 and 2 of SRCP 3.4.1 as:
- it had insufficient controls in place to protect new customers and to monitor high velocity spend and duration of play;
- it assumed that customers were not at risk because they were winning customers;
- it did not always conduct safer gambling interactions early enough with customers who were at risk of experiencing harm;
- the interactions that it carried out were not always effective; and
- there was a lack of evidence of evaluation of the effectiveness of individual customer interactions and a lack of record keeping which limited the effectiveness of future interactions.
The regulatory settlement agreed between the Commission and Betfred comprised:
- a payment of £3,250,000 in lieu of a financial penalty, directed towards socially responsible purposes, which included a divestment of £1,052,717;
- agreement to the publication of a statement of facts in relation to this case; and
- payment of the Commission’s costs involved in conducting the review.
In agreeing the settlement, the Commission considered the following aggravating factors: (i) the serious nature of the breaches identified; (ii) the impact on the licensing objectives; and (iii) senior management should have been aware of governance issues that lead to the breaches, given their significance.
The Commission also recognised the following mitigating factors: (i) implementing an early action plan to remedy its failings; (ii) meeting the Commission’s timetable; and (iii) accepting the Commission’s findings early and voluntarily, as well as requesting early to enter into the Regulatory Settlement process.
Reflecting on the Commission’s findings as regards Betfred, operators should consider the following questions:
- Do you have formal processes in place to review your risk assessment at least annually and measure the effectiveness of your AML and safer gambling policies and procedures, and are findings adequately recorded?
- Do you efficiently record all compliance decisions and can you show the Commission, on request, evidence of ongoing assessment, evaluation and improvement?
- Do you incorporate lessons learned from public statements and other regulatory decisions into your policies and processes?
- Are your customer risk profiles reviewed in the light of new information?
- Do you have a formal process for analysing the effectiveness of customer interactions, and do you keep detailed records of the types of behaviour which have triggered a customer interaction?
- Have your staff received sufficient AML and social responsibility training?
In concluding the licence review against Betfred, Kay Roberts, the Executive Director of Operations at the Commission, explained that “this case illustrates how important it is for us to continue our drive to raise standards across the whole industry” and that “it is vital that every single operator – either online or offline – has in place effective safeguards to prevent harm or crime.”
The Commission has demonstrated that it is serious in its drive to raise standards as it is increasingly pursuing operators for repeat failings. Betfred is an example of this – it was subject to enforcement action in September 2022 and was fined £2.87m for AML and social responsibility failings in respect of its online brand and less than a year later is has been subject to further enforcement action concerning its retail business, paying out a further £3.25m.