AML and RG; the quest for information in an EU context
Some European regulators have shown themselves too willing to conflate anti-money laundering with responsible gaming. Kees-Jan Avis argues that this should be resisted
It is beyond question that Anti Money Laundering (AML) rules and regulations and responsible gaming (RG) with its various practices have become part of doing business for any (online) gambling operator. Both AML and RG requirements rely on the collection of information from clients which is applied in the respective contexts. As such, the two appear similar but are they actually one and the same thing and is information garnered from an AML perspective interchangeable and applicable to RG as well? In order to answer the question a brief history of the two and especially of AML provides some insights.
How we got to where we are today
AML is ubiquitous where there are transactions involving banks, crypto or any other platform where value is exchanged. AML, especially in Europe, has become such part of the way business is done that it is considered mainstream – when was the last time anyone paid cash for a house or even a car? However, this was not always the case and an examination of the history and purpose of AML in Europe is instructive when it comes to its application within online gambling industry especially in light of the overlap with information required for RG purposes.
The first EU AML directive, 1AMLD, was issued in 1991, 1AMLD. Prior to this point money laundering and the financing of terrorism outlawed under criminal laws in the individual EU countries. The introduction and implementation of 1AMLD elavated AML (financing of terrorism was not included at this point) from a local, per jurisdiction approach to a multilateral approach facilitating international cooperation. 1AMLD was implemented based on the belief that money laundering could affect the soundness and stability of financial institutions and ultimately jeopardize public trust in the financial system. It was initially aimed at avoiding the proceeds of criminal activity, especially drug money, being introduced into the financial system. It was only after the 9-11 atrocity that 3AMLD, introduced in 2005, directly addressed the financing of terrorism bringing into the AML context within the EU.
1AMLD also introduced obligations in relation to Customer Due Diligence (CDD) and Know Your Client (KYC). Member States were required to pass legislation which placed those public and private institutions and individuals deemed gatekeepers of the financial system under certain obligations. These obligated entities were to adopt procedures by means of which they onboard and accept clients, and also to monitor the activities of clients after onboarding to establish whether any suspicious transactions were being executed. Obligated entities were limited under 1AMLD predominantly to banks but it was later established that this was too limited as money laundering was a risk in a wide variety of sectors and business outside of the core financial industry. 2AMLD, introduced in 2001, widened the scope of obligated entities to include non-bank financial institutions and lawyers, but it was not until the introduction of 3AMLD in 2005 that accountants, tax advisors, notaries and (land based) casinos were also included. The broadening of scope to cover casinos established a direct regulatory connection between AML and the gambling industry.
As well as covering the combatting of terrorism financing for the first time, 3AMLD also further expanded AML obligations to further sectors, such as collective investment undertakings and branches of financial institutions in the EU, regardless of whether their head office was in the EU. Furthermore, 3AMLD introduced variations to the application of CDD in light of the risk profile of the client, product, or other relevant factors. Simplified CDD would be allowed for lower risk situations and enhanced CDD for high(er) risk situations. The directive did not define these higher or lower risk factors as these were to be outlined by other publications of the European Commission. These have been relatively minimal to date. Only publications by the Financial Action Task Force (FATF) have provided additional guidance in this respect. Since 3AMLD however, the European Commission has published regular lists of non-cooperative third countries with which are considered higher risk. Many of the lower and higher risk criteria have been established through policies and procedures and industry standards, in themselves heavily impacted by publications of, amongst others, the FATF and sanction policies.
The EU AML framework evolved with the introduction of 4AMLD in 2015, 5AMLD a year later and 6AMLD in 2018. All of these AML directives have to be implemented in local legislation by the EU member states. For this article these directives, although relevant on their own merits, are deemed further enhancement of the AML regime and the scope and definitions the EU wishes to establish in member states.
Similar but different
Turning now to Responsible Gambling (RG), these are also a vital set of responsibilities for operators and are, like AML legislation, organized at a member state level. Despite this the European Commission did in 2014 feel it important to issue a non-binding advisory document specific to online gambling. Like AML the aim of the recommendation was to move towards common standards and measures regarding player identification, prevention of underage gambling and social responsibility. The recommendations were updated and evaluated in both 2018 and 2021 and it was established that their primary objective was not being achieved. 2021 showed improvements compared to 2018 although these improvements are likely to be the consequence of regulatory evolution with no real link back to the 2014 recommendations. A non-binding RG advisory document is clearly less effective than the various directives that have been issued in relation to AML.
Both RG and AML legislation in member states are guided by the principles of social responsibility; it is deemed that both society as well as individual players should be protected from wrongdoing as the social impact of such wrongdoing is considered substantial. From an AML perspective the reputation of the financial system is deemed critical whilst from an RG perspective personal (financial) health and the wider impact on society are considered in the context of consumer protection. However, even though they are connected through the link to social responsibility, jurisdictions have safeguarded both principals in different laws. The RG requirements are generally addressed within specific gambling laws, including both land-based and online gambling, whilst the AML requirements are generally incorporated in laws that regulate the financial and corporate services industry.
Another element that connects AML and RG requirements is the need to gather, analyze, monitor and store information in relation to players. From an RG perspective players are also referred to as customers, whilst under AML they are termed clients. The information required from players from an RG perspective is similar to that required from clients under AML perspective, especially in relation to behavioral elements which are summarized under transaction monitoring in AML obligations.
Despite the similarities of the player information involved, the aim and uses to which the information is put for AML purposes is very different from that under RG obligations. AML is all about the source and destination of funds and establishing their legitimacy, whilst RG focuses on the behavioral elements associated with financial stability and addiction. Distinguishing AML requirements and context from RG requirements is crucial for all relevant parties, especially operators, in the context of any discussions with the authorities. The information collected to meet both AML and RG requirements appears at first glance very similar, yet the reason and purpose for obtaining such information is quite different. Monitoring player transactions from an AML perspective revolves around the transaction profile of the player and establishing their expected source of funds. Monitoring player transactions from an RG perspective revolves around the behavior of the player in terms of the frequency and timing of bets placed, and other behavioral elements that might serve as indicators of harm. The overlapping element between AML and RG is monetary, but AML is aimed at establishing the legitimacy of the total funds wagered whilst it is the total number of bets placed that serve as a possible indication from an RG and consumer protection angle.
Respecting the differences
Licensed operators will at some point encounter regulatory supervision under the terms of their license. Such supervision may be either a normal check by the regulator or a check by the regulator that is triggered by indications it may have received. For an operator, understanding the nature and purpose of the regulatory visit is essential when considering the information that must be provided to the regulator and the purposes to which that information may be put. Information shared in addition to what was requested by the regulator can generally be used by the regulator, however a regulator requesting further information that is beyond the scope of the initial purpose of its supervision is generally not allowed and can be considered more of a fishing expedition.
In the desire to be as cooperative as possible with a regulator, the online gambling industry is under scrutiny. A reputation for non-cooperation is seen as harmful even if such cooperation might well be result in the handing over of information that was not legally necessary. On their part, regulators should be mindful of the purpose of their supervision and act within its boundaries.
As both AML and RG legislation are aimed at contributing to a regulated and controlled gambling environment it is essential remember that all stakeholders within the industry should act within the boundaries of their duties within this environment. It is undeniably the case that the (online) gambling sector is in the spotlight of policymakers, media and regulatory bodies and faces severe reputational challenges. In these times it is incumbent on all stakeholders to understand the foundation and principles of the regulatory and controlling elements as established within the (online) gambling industry. It requires courage and determination to uphold these principles and to continuously evaluate whether the environment remains suitable in light of the AML and RG principles. This objective is best served when AML and RG, despite their superficial similarities, are regarded as two separate principles each requiring specific tools and sets of information.