The 4th AML Directive from an Operators Point of View

Dr. Kevin Plumpton and Stefan Grech share their thoughts on this year’s 4th directive

As gaming operator you may feel you have had enough of what you deem to be responsibility ‘responsibility’ dumping. Why is the EU imposing all of these new anti-money laundering and combatting the financing of terrorism (AML/CFT) obligations on the industry through the introduction of the 4Th AML Directive?

Are Operators Investigators?

At first glance it seems like it is literally a matter of ‘dumping’ its onerous tasks on the Operator?
How can operators ever be held responsible for Sherlock’s job? Valid question. Operators are not investigators. They are not meant to be. They are in the gaming business to make money, clean money from legitimate sources. Not to work as investigative agents. Is the regulator aware of the hundreds of thousands if not millions of funds already invested by the Operator  just to build the platform on which its customers on-board? And the moneys spent to fund all the IT techs building the virtual dynamics? Do they consider the costs of setting up the business, of maintaining the license and compensating affiliates? Are the authorities really aware of what it takes to get just one single player to subscribe and log into one’s website for a second time?

Dr. Kevin Plumpton & Stefan Grech from Diligex

Is it worth all that the money, if following all that effort, the Operator is obliged to welcome a customer exceeding €2,000 in stakes, with an investigative ‘Risk-Based’ approach? Even at the risk of scaring off the new customer to third-party greener pastures, where potentially they don’t ask any uncomfortable questions.
Just for a moment and just to make a point, let us compare gaming to another legitimate business, such as catering. Forget the disproportionate incomparable risk of Money Laundering presented by each industry.

Let us ignore that for a while and let us imagine that we were a restaurant owner who has bought a new eatery in the city. We refurbish it from scratch and we are eagerly waiting for the first call of business. A new patron knocks on the restaurant door enquiring on the menu and as any good restaurant owner would do, we haste to the door to greet the enquiring customer. With a beaming smile we welcome him in and hand the new customer a KYC form. The patron returns a confused look. Politely we proceed to inform him that unfortunately, due to the European Union, we can’t serve him dinner tonight, before he fills out all the forms we just gave him and show him to the bar, where we leave some pens handy for KYC purposes.
Hesitantly, and anticipating a negative reaction, we go on to explain that he also needs to provide us with a certi ed true copy of his ID card and Utility Bill before he gets to eat the main course. Not to mention, that we shall be monitoring his orders, and will enquire on his Source of Funds if he orders French truffles and Osetra caviar off the menu!

Is the 4th directive one step too far?

The example is obviously an overstretched assessment of the AML/CFT realities present within the gaming industry. From an AML/CFT risk perspective the comparison made above is odious, to say the least. However, it serves the purpose of highlighting the intense uneasiness sometimes experienced by even the most serious and responsible Operators in the industry. Despite their best of intentions, good-meaning Operators complaint that the 4th Directive has taken their responsibilities one step too far. They feel inadequately positioned to carry out such tasks, especially when confronting their current and constant customer base.

Labelling the 4th Directive and its primary objective as a mere exercise in responsibility ‘dumping’ is, however, an unjust assessment, to say the least. Some of the frustrations that accompany its implementation might be indeed justi ed, as explained above. However, the implementation of strict rules on transaction monitoring and suspicious-activity- reporting is the basis of a strong and protected market. Tolerating anything less than full co-operation from the Operators in the fight against crime, would not only give the wrong message to new applicants looking to invest in a reputable jurisdiction; but would eventually lead to a long- term deterioration of standards and good ethic across the market and operators. Without both standards and good ethics, society would truly be dumping, not only its AML responsibilities, or its consequences, but let’s dare say the Gaming market altogether; or at least a reliable one that produces long-term fruit. The 4th Directive, therefore, is not about responsibility ‘dumping’ but rather responsibility ‘sharing’.

The 4th Directive as a chance for the iGaming industry

In this light, the Operators who are willing to benefit from the spoils of a strong, healthy and open gaming market understand the benefits of ‘sharing’ some responsibilities with the regulator in order to retain the market’s reputation and good-standing. Rather than seeing the 4th Directive implementation as a matter of hard luck, these serious Operators are ushering the new procedures as benchmarks, which ensure higher reputational standards, raising the no-tolerance bar and consolidating their serious channels of business. These new procedures serve to strengthen a strong base of honest customers who are after a professional gaming industry. An industry that is serious enough to get rid of the bad apple.

SiGMA-igaming-Kevin Plumpton

“The 4th Directive is not about responsibility ‘dumping’ but rather responsibility ‘sharing’”

Once we’ve come to terms with the spirit behind this new Regulation, all Operators still need to establish whether, within their current setup, this sprit shall be haunting them throughout the next couple of months and years of implementation. Do they need to reshuffle their entire compliance department? Do they need to engage super- expensive 4th AML experts? Should they re-program their entire IT platform to carry out automated risk screening? In a nutshell – Do they need to run their business at a loss for most of next year or more? The short answer to that question is ‘no’.

Unfortunately, a detailed explanation of that outright ‘no’ would definitely take much more than just two pages on this publication to explain. So, restricted by reality (and for sanity’s sake) this article shall limit itself to three imperative actions that must be taken immediately to ensure that Operators get geared up for a thorough implementation of the 4th AML Directive.

Make sure your MLRO (nominated officer) is not just a figure head

The person nominated for the task must benefit form a minimum amount of experience within the field, especially on risk-based decision-making and adequate record keeping. Most importantly, the role of MLRO is to be respected for the responsibilities it carries. Furthermore, whoever occupies such role, is reasonable to expect advanced training and expert support, at least in the first months of implementation.

Discard any current AML Tick-Box procedures

The ‘Risk-Based Approach’ is in the house. Whilst to date the AML/CFT scenario was essentially based on a tick-box exercise, whereby the essential task of all Compliance personnel was getting all customer declarations and documentation collected, things have now changed completely. All compliance officers are required to direct their efforts towards a reasoned and examined determination of actions required to mitigate potential risks within a particular transaction. There is no box to tick here. All actions must be based on an ad-hoc analysis of the customer’s profile and behaviours, the determination of risk and the taking of unpremeditated measures to mitigate such risks.

The Compliance Department can’t be ignored and left to its own resources to carry out its ‘paper work’. It’s not about papers as much as it is about creating a Client-Relationship dynamic, absent to date, whereby customers are assessed both in terms of their communication with the Operator and in terms of their profile and any deviating patterns in their behaviour. A serious risk-based approach requires the full commitment and support of senior management, and the active co-operation of all employees.

Stop treating your MRLO as a party-pooper

The reality faced by most Nominated Officers, when compared to the expected scenario they are presented with during training sessions, is starkly disappointing, and that’s being polite. The Operator, particularly its senior management, must make all efforts to show that it is serious in insight against financial crime. The Nominated Officer must feel assured that the Operator, on behalf of whom he or she is carrying extensive responsibilities, is intolerant to any attempt of money laundering and the financing of terrorism.
This is not only about the MLRO’s reputation or the potential gravity of the transaction; but it is also about the Operator’s legal status and reputation within the industry. The nominated officer was engaged and appointed to carry out onerous duties at law. It is a fact that such an officer is remunerated for his or her responsibilities.
However, it is also true that these obligations carry a particular burden on the said officer, including the risk of imprisonment, if not carried out with the diligence and care required at law. Thus, the nominated officer must tangibly feel that he or she has the liberty to apply their judgement, based on all skills and knowledge they have acquired in the course of his or her training. Senior Management must be foursquare behind their nominated officer on all required or introduced procedures. That is, if the Operator is serious about its employees (from top to bottom) co-operating fully with all nominated o cials in eliminating nancial crime within their business channels.

Latest News