CRIME AND DISORDER (INCORPORATING FRAUD AND AML)
Section 1 – Experience
The Directorate of Company have lengthy experience in securing gaming businesses against criminal misuse and implementing wide ranging anti-fraud and anti-money laundering processes, procedures and extensive staff training programmes.
Underpinning future training programmes will be knowledge of the Proceeds of Crime Act and Money Laundering indicators usually detected in a gaming environment, particularly in a Card Not Present transactional environment.
The directors are fully aware of all aspects of the Proceeds of Crime Act and their responsibilities and are well placed to impart knowledge of Anti –Money Laundering measures and requirements having secured major remote and non-remote gaming businesses in this field.
Section 2 – Anti Money Laundering and Transaction Fraud
Gaming environments are often targeted by those wishing to launder money. The speed of transactions and use of multiple payment processing options make gaming businesses especially vulnerable to this activity.
As a result, many of the initial trading and procedural decisions of the directorate are either directly aimed at combatting this threat or protections are enhanced as a bi-product of the overall commercial and trading approach/strategy taken by the business.
ALL staff will be given training in Money Laundering indicators such as (but not limited to);
All instances of suspected Money Laundering attempts must be reported to the MLRO but that suspicion must not be conveyed to the customer and further actions must await consents. The MLRO is then responsible for liaising with, submitting Suspicious Activity Reports and seeking consents from the NCA/UKFIU where and when appropriate. He will also ensure that appropriate registers are kept for all related reporting
Company will implement a FULL ‘Know Your Customer’ policy. This will assist in tackling not just Money Laundering threats but other fraud threats generally. Customers will be advised at registration and generally on the supporting non-transactional website that Company will utilise online verification tools and that in instances where we are not able to satisfy criteria, ID and address verification documents will be requested.
Other key decisions that will enhance these protections include setting period thresholds/velocities for withdrawals to include at outset the requirement for checks and directorate approval prior to processing card withdrawals and bank transfers of over 2000 EUR in one single transaction, a maximum of 3 (three) daily withdrawals and an overall maximum daily withdrawal of 6000 EUR.
Industry accepted standards that will always lead to Enhanced Due Diligence (the requirement for further proof of ID and Address) will be withdrawals in excess of 2000 EUR in a single 24hour period and 6000 EUR in a 90-day period. Simple online verification will NOT be acceptable in these circumstances.
The business will also not have any cash element to it, mitigating risks associated with counterfeit monies.
Systems will be operating to record all transactions for an account. These account histories will be subject to a programme of regular and continual checks against fraud and social responsibility indicators. Where unusual bet patterns and winning patterns are detected, these will also be cross- referenced to call history to ensure that staff are not colluding with customers or acting illicitly.
Company will also keep a register of those customers that it identifies as high risk or politically exposed. Those accounts will be subject to greater scrutiny and frequency of checks.
In general, where illegal or inappropriate behaviour by staff is identified, investigatory and disciplinary procedures will follow those outlined in staff contracts as required by employment law directives and the need to use in greater propensity, measures such as suspension when for example transactional fraud is suspected and those activities form a standard part of an employee’s job description.
Section 3 – Security and Monitoring
It is essential to implement adequate monitoring procedures in any gaming business across premises, equipment, people, communications and transactions. Company will implement a range of measures and procedures to ensure security and safety in these areas.
Company has installed Call recording technology. This has multiple benefits that include;
The protection of data and the security of software and hardware generally are of prime concern for any business where transactions and data are recorded in a Non-Face to Face environment. Consequently, Company will implement an overarching policy of ‘Encrypt whatever can be Encrypted’. Access to Shared Drives will be strictly limited and monitored and where appropriate, password protected. Data Storage and Back-Up solutions/procedures exist to ensure that Customer Data is not accessible to outside parties and reliably prevents loss of data.
Section 4 – Responsible Relationships with Customers and Businesses
Company will be publishing General Rules, Terms and Conditions and specific sports betting rules on its accompanying non-transactional website. These will make specific reference to syndicated collusion, other fraudulent activity, prior knowledge of a result or the likely result of an event and matters relating to match fixing and suspicious events. It will detail the actions we may take where cheating is suspected or identified and will detail the extent to which we will co-operate with regulators and sports governing bodies to tackle these matters. This will in general allow a transparent communication process with customers in these instances.
However, the directors also acknowledge that in the event that serious criminal activity is suspected or identified, it is also incumbent on they and staff that those suspected of this activity are not ‘tipped off’ as to those suspicions and subsequent investigations and that in some instances, alternative approaches will be required. Appropriate staff training and escalation procedures will be in place.
Company will take all necessary measures to ensure the propriety of its relationships with other businesses. This will entail a standardised due diligence approach often accompanied by Non-Disclosure Agreements where appropriate. This will require default disclosure of ownership and management structures, company incorporation details, address and contact details. Details of these investigations will be templated and records kept.