The frontline: Dealing with new AML risks
As the various threats to the gambling sector evolve, so must the teams that dedicate themselves to protecting the operators, customers and funds of everyone involved. It’s often a complicated, thankless job. If the Money Laundering Reporting Officers (MLROs) do that job right, the players will complain that Know Your Customer (KYC) protocols are too imposing. On the other hand, if something slips through the cracks, operators might inadvertently facilitate money laundering, could get fined and face reputational repercussions. With a company’s reputation riding on operations staying above board at all times, it can become all too easy to start pointing the finger when something does go wrong.
After reading the Remote Gaming Thematic Review published this year, we spoke exclusively with Catherine Zammit, Claudia Callus and Kimely Louise Borg Warne from the Financial Intelligence Analysis Unit Malta (FIAU) to discuss how they’re handling the situation.
The Thematic Review was an in-depth paper that dissected how thoroughly the MLROs and other relevant employees in the remote gambling industry were doing their jobs. The report didn’t shy away from asking difficult and specific questions either, such as “Which obligations cannot be outsourced in line with the IPs Part I?” or “What are all the EDD measures required for high-risk customers when the €2,000 ($2,190) deposit threshold is met and the CRA and PEP screening have been carried out?”
With so many details and situations in the balance, it’s understandable that human error will always pose a threat. This raises the question, though, of who is responsible if an AML/CFT violation occurs? Is it the MLRO who was managing the case, or the operator who oversees all the operations? Well, according to “Regulation 15 of the Prevention of Money Laundering and Funding of Terrorism Regulations, a subject person is required to appoint one of its officers as the MLRO” and “the MLRO is responsible for reporting knowledge or suspicion of ML/FT to the FIAU.”
A company is required to appoint an MLRO, and the MLRO is responsible for passing along any information to the FIAU. It’s not so much pointing the finger at one person for being ‘responsible’, but it’s a chain of collaboration and trust between parties. For this to work as efficiently as possible, each party needs to know who to turn to for guidance and assistance. Furthermore, the FIAU stresses that “penalties apply to the operator if there is no direct involvement by the MLRO in the breach identified. For example, by intentionally choosing not to report a suspicion in full knowledge of it.” This might seem like a flat point, but it begins to build the wider picture of responsibility.
The FIAU was established in 2002 and, while the first AML legislation can be dated back to February 1994, the definition of subject persons, which at EU level are referred to as obliged entities, was extended to cover remote gaming operators in the Prevention of Money Laundering and Funding of Terrorism Regulations (PMLFTR) in 2018. It’s no secret that the gambling industry has accelerated at a phenomenal pace in the last 20 years, which means lawmakers have been working tirelessly to keep up with the evolving demands.
Against all the odds, though, it has worked, around 46% of suspicious transaction reports (STRs) (4,205 out of 9,157 in 2023) to the FIAU arose from remote gaming, which makes it one of the top reporting sectors. Not only that, but all of the MLROs and other relevant employees who were interviewed for the Thematic Review were aware that internal reports should be made without delay, and 98% were able to provide examples of red flags that should lead to the filing of an internal report. The FIAU reflected on these statistics, noting “this shows that notwithstanding room for improvement in a number of areas, employees working in AML/CFT within remote gaming operators are aware of reporting obligations and what can lead to potentially submitting an STR to the FIAU, and thereby supporting the FIAU to reach its goal i.e. to combat ML/FT.”
Openness over punishment
So how has the team in Malta managed this feat? For one, the FIAU has been pushing for MLROs to come forward and discuss any potential issues before they develop into longstanding consequences.
“We encourage MLROs who are in doubt, need clarifications, and/or support to reach out to us”, the team emphasised. “We have a dedicated mailbox to which queries may be sent.” This isn’t the first organisation we’ve spoken to who are employing this tactic either, and it seems like more and more jurisdictions are seeing the positives in creating an environment where operators feel confident enough to come forward and ask questions without the fear of being punished. After all, it makes sense and has the potential to lessen the workload for everyone involved. Giving advice and support will always be easier than solving a problem after the fact, not to mention that it streamlines the process for MLROs and operators, too.
Of course, this hasn’t been an overnight achievement. The FIAU has been strengthening the chain of responsibility, as previously mentioned, by introducing collaborative efforts between the MGA and FIAU. The Thematic Review that was published earlier this year was the start of a fresh initiative between the two regulators. “Having seen the results, we felt it would be an opportune springboard to reach out to the gaming sector through training”, the FIAU explained. “Towards the end of October – through the initiative ‘MGA Meets’ we will be offering some insights and open to Q&A; however, the agenda for this event is still being devised.” The team has also attended several training sessions and held events specifically for AML/CFT in the gaming sector.
Desire to be better is critical
Perhaps the FIAU has a point when it comes to this approach. With the legal frameworks having to evolve alongside the endless threats that are ever-developing, perhaps everyone will make more progress if they’re in an encouraging and supportive atmosphere. The team at the FIAU Malta encapsulates this perfectly: “Even though there may be consequences to a mistake, it shouldn’t be the end of the world. If it’s an honest mistake, we must acknowledge it, learn from it and move forward with an awareness of the past to do better in the future.
“It would be more apt if remote gaming operators establish AML/CFT frameworks and processes, then if found to be imperfect they can be improved through ongoing learning and open communication with the oversight of the FIAU and the MGA as the regulators. The desire to do better is critical. It is very positive that a number of subject persons do approach the FIAU to notify of self-imposed remediation programs to address gaps in their AML/CFT control framework; (before the FIAU announces an examination and therefore demonstrate that the subject persons are proactive and do not wait for the Regulator to find out). This is very welcomed by the FIAU.”
Gambling Insider delivers the latest industry news, in-depth features, and operator reviews that you can trust. Our team combines rigorous editorial standards with decades of specialized expertise to ensure accuracy and fairness. We are committed to delivering clear, impartial, and dependable coverage across the global gambling sector.
