AML requirements for Gaming Companies – FIAU & MGA guidance

The transposition of the 4^th Anti-Money Laundering Directive (2015/849) into the Maltese Law through Legal Notice 372 of 2017 has broadened the definition of land-based casinos as from 1^st January 2018. The revised description now includes all types of “providers of gambling services”, meaning that all gaming operators are now considered to be ‘subject persons’ and are therefore subject to Anti-Money Laundering and Combating Funding of Terrorism (AML/CFT) obligations.

The Financial Intelligence Analysis Unit (FIAU) and the Malta Gaming Authority (MGA) have jointly issued guidance on the implementation of the provisions under the Prevention of Money Laundering and the Funding of Terrorism Regulations (PMLFTR) for remote gaming operators. Up until 19^th July 2018, this guidance document was still at consultation stage, however, a final guidance document has now been issued that forms part of the sector – specific Implementing Procedures incorporated within Part II of these Procedures. This document sets forth and to a large extent clarifies what is expected from all remote gaming operators in relation to AML/CFT. Below are some of the key elements of the Implementing Procedures (Part II):

• All licensees are required to carry out a business risk assessment to determine the ML/FT risks that they are exposed to. Once completed (and following approval by the Board of Directors), the results should be incorporated into the risk management procedures of the licensee;
• Customer due diligence is to be applied when funds deposited into the gaming account amount to €2,000 or more, whether in a single transaction or split over a number of transactions. When establishing whether this threshold has been met, the licensee cannot take into account funds that were made available by the gaming licensee itself through bonuses and winnings, which therefore implies that only ‘net’ deposits need to be considered. The €2,000 deposit threshold can be calculated either on a daily basis by taking into account all deposits made by the customer or by applying a rolling period of 180 days;
• The licensee is required to carry out a risk assessment on the customer who deposits above €2,000 by not later than 30 days from when the €2,000 threshold has been met;
• Screening to determine the PEP status of a player has to be carried out within 30 days of the €2,000 threshold being met and on an on-going basis thereafter. Similarly, the specific enhanced due diligence measures that need to be applied for PEPs are to be implemented by not later than 30 days from when this threshold is reached.
• Licensees are required to obtain information that is sufficient to establish the customer’s source of wealth as well as the expected level of activity to be generated on the account. The quality and level of information that needs to be collected will depend entirely on the level of risk that the customer poses. The licensee should ensure that, when necessary, the information obtained should be corroborated by obtaining further information and documentation from reliable and independent sources.
• In cases when the licensee is unable to carry out the necessary Customer Due Diligence procedures, even after various attempts have been made, the relationship is to be terminated. If, in such cases, there are grounds for suspicion of ML/FT, then the licensee has to submit a Suspicious Transaction Report to the FIAU.

Although it is undeniable that implementing the PMLFTR and Implementing Procedures is going to be a challenging task for all operators, the measures taken by the European Union should be seen as a fundamental step forward in ensuring a level playing – field across the sector and establishing a more robust regulatory regime that mitigates financial crime risk and strengthens consumer confidence.