Bet365 reaches regulatory settlement with the Gambling Commission

On 4 April 2024, the Gambling Commission (the “Commission”) announced that it had reached a regulatory settlement with Bet365. The settlement comprised a payment in lieu of a financial penalty totalling £582,120 across two licensees.

Following a compliance assessment in March 2022, the Commission commenced a regulatory review under s.116 of the Gambling Act 2005. The licence review found Bet365 in breach of the Licence Conditions and Codes of Practice between May 2021 and September 2022 in respect of social responsibility and anti-money laundering (“AML”) obligations (though there were some variations in the individual breach periods).

Breaches

• AML: Breach of paragraph 2 of Licence Condition (“LC”) 12.1.1
  
  Paragraph 2 of LC 12.1.1 provides that following completion and consideration of the risk assessment, operators must have appropriate policies, procedures and controls in place to prevent money laundering and terrorist financing.
  
  The Commission’s review found no evidence of criminal spend with Bet365 or the acceptance of funds from persons subject to financial sanctions. Bet365 accepted that it had breached this condition because:
  • its KYC and enhanced CDD triggers were ineffective at managing money laundering risk;
  • it failed to undertake financial sanctions checks on new customers prior to their first deposits;
  • it failed to undertake independent verification checks and over relied on customers’ annual self-verification of CDD information; and
  • its procedure document contained inadequate detail as to who would be deemed “at risk” for customer risk profiling.
• AML: Breach of LC 12.1.2
  
  Casino operators are required to comply with Parts 2 and 3 of the Money Laundering Regulations 2007.
  
  Bet265 accepted that its casino business (Hillside (UK Gaming) ENC) was in breach of this condition as the AML failings set out above breached:
  • Regulation 28(11)(a), which requires ongoing monitoring of a business relationship; and
  • Regulation 33, which imposes an obligation to apply enhanced CDD measures and enhanced ongoing monitoring in high risk cases.
• Customer interaction: Failure to comply with Social Responsibility Code Provision (“SRCP”) 3.4.1
  • Paragraphs 1b and 1c of SRCP 3.4.1 (as applicable at the time) require operators to interact with customers who may be at risk of experiencing gambling related harms and understand the impact of the interaction on the customer, and the effectiveness of the operator’s approach.
  • Bet365 accepted that it was in breach because:
    • interactions were frequently not tailored to the specific customer journey or spectrum of harm and therefore interactions were not meaningful;
    • its Early Risk Detection System was not demonstrably effective in understanding the customer’s behaviour and whether further action was required; and
    • its approach to evaluation meant it was unable to effectively ascertain whether a customer had read and understood the information or advice provided within its interactions.

Regulatory settlement

The regulatory settlement reached between Bet365 and the Commission consisted of:

• a payment of £582,120 in lieu of a financial penalty (£343,035 in respect of Hillside (UK Gaming) and £239,085 in respect of Hillside (UK Sports) ENC);
• a payment of £31,369 towards the Commission’s investigative costs; and
• agreement to the publication of the statement of facts relating to the case.

The Commission previously investigated Bet365 in 2014 and found weaknesses in its AML and social responsibility controls. In determining the appropriate outcome, the Commission considered the following aggravating factors: (i) there had been a repeated breach or failure by Bet365; (ii) the scale and duration of the breaches; and (iii) the breaches continued after Bet365 became aware of them. 

Bet365 had however taken steps to remedy the breaches, and been cooperative with the Commission’s investigation, which were recognised to be mitigating factors.

Comment

In the context of the enforcement action against Bet365, the Commission’s findings set out a list of questions which operators should consider and use to inform good practice.

Noteworthy points include:

• Operators should undertake financial sanctions checks on new customers prior to their first deposits.
• Operators are expected to have formalised processes to measure the effectiveness of AML and safer gambling policies, as well as to analyse the effectiveness of customer interactions, which should be adequately documented.
• Operators are expected to efficiently record all compliance-related decisions and demonstrate to the Commission, on request, evidence of ongoing assessment, evaluation and improvement.
• Operators’ customer risk profiles should be informed by or linked to their money laundering and terrorist financing risk assessment.
• Operators are expected to log the types of behaviour which have triggered a customer interaction and keep sufficiently detailed records of interactions, as well as decisions not to interact.

Operators should consider these points, as well as good practice points arising out of other enforcement action on an ongoing basis.

In concluding the licence review against Bet365, Kay Roberts, the Executive Director of Operation at the Commission explained that Bet365’s “policy and procedural failings may not have been as severe as those at other gambling businesses in recent years but they were failings nonetheless”. Moreover, she stated that Bet365 “is very aware that a repeat of these failings will result is [sic] escalating regulatory action”, which highlights the Commission’s pursuit of operators for repeat failings.