Table of Contents
- Licenses: UKGC & MGA
- EU 4th Money Laundering Directive – Key Changes for Casinos
- EU 4th Money Laundering Directive - Enhanced Due Diligence
- €2000 Threshold
- Establishing of business relationships
- Customer due diligence in remote casinos
- Enhanced Due Diligence – What is it?
- Enhanced Due Diligence – UKGC requirements
- Preliminary checks
- Enhanced Due Diligence – What we do
- Identification vs Verification
- Point of Verification
- Age Verification
- Age Verification – No Result
- Age Verification – Fail
- Underage Gambling
- CDD/KYC Documentation
Malta Gaming Authority (MGA)
- MGA Licence
- Underage Gambling – Identified Underage Gamblers
- When Are Players Verified
- Age Verification
- KYC Limit
- CDD Threshold
- CDD Threshold - Pending Period
- High Risk Jurisdictions
The Internal KYC Process
- Proof of Address
- Payment Methods
- How are Documents Submitted
- How are Documents Verified
- Wallet checks
Source of Income
- Source of Income Process
- Source of Income – Other Triggers
- Source of Wealth
- Source of Income - Responsible Gambling
- Source of Income - Benefits & Student Loans
- Source of Income – Failure to Submit Documents
- Threshold Approach Process
Politically-Exposed Persons (PEP)
- PEP status
- PEP Verification
- Age Verification
- Cross-Casino verification
- KYC Fail
- Use of Third Parties for Due Diligence checks
- Third Party CCD UKGC Checklist
- Withdrawal Checks
- Withdrawal Count
- Anti-Money Laundering (AML)
- First In First Out (FIFO)
- Routing for Pre-Paid Method
- Payment Routing
- KYC Documentation
1. Licenses: UKGC & MGA
As a Casino brand we are regulated by both the UK Gambling Commission and the Malta Gaming Authority. The UK Gambling Commission (UKGC) licence covers all UK players registered on our BETAT & SlottyVegas Casinos. The Malta Gaming Authority is the single, independent, regulatory body responsible for the governance of all gaming activities in Malta, both online and land-based. Both regulatory bodies have different approaches when it comes to Customer Due Diligence however they share similar aims in ensuring that its licensees do their utmost to protect the players registered at their Casinos.
2. EU Legislation
EU 4th Money Laundering Directive – Key Changes for Casinos
The Fourth Anti-Money Laundering Directive was implemented by the European Union and came into effect in June 2017. Under the new directive Gaming Operators became obliged entities under the Prevention of Money Laundering Act (Malta)/Proceeds of Crime Act (UK) for the very first time.
The Directive puts a heavy emphasis on employing a risk-based approach to money laundering at every level which at Casino level will be deployed through a framework of risk-based policies. This will provide a greater degree of flexibility for institutions and operators in a bid to ensure that the implementation of preventative measures is more effective, and that it is focused on areas that present higher risks of money laundering and funding of terrorism.
The directive also changes the requirements for enhanced customer due diligence. Under the Directive, enhanced customer due diligence is required for non-face-to-face business relationships or transactions where there are no safeguards (such as electronic signatures).
A threshold was established for customer due diligence by Casinos where customers wish to place a stake or collect winnings of at least €2,000. When the threshold is reached, Casinos are to carry out enhanced due diligence on the player in order to verify their identity.
EU 4th Money Laundering Directive - Enhanced Due Diligence
Customer due diligence measures shall comprise:
(a) identifying the customer and verifying the customer's identity on the basis of documents, data or information obtained from a reliable and independent source;
(b) identifying the beneficial owner and taking reasonable measures to verify that person's identity so that the obliged entity is satisfied that it knows who the beneficial owner is, including, as regards legal persons, trusts, companies, foundations and similar legal arrangements, taking reasonable measures to understand the ownership and control structure of the customer;
(c) assessing and, as appropriate, obtaining information on the purpose and intended nature of the business relationship;
(d) conducting ongoing monitoring of the business relationship including scrutiny of transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are consistent with the obliged entity's knowledge of the customer, the business and risk profile, including where necessary the source of funds and ensuring that the documents, data or information held are kept up-to-date. When performing the measures referred to in points (a) and (b) of the first subparagraph, obliged entities shall also verify that any person purporting to act on behalf of the customer is so authorised and identify and verify the identity of that person.
As an “obliged entity” under the Directive, all gambling operators are required to conduct due
diligence measures once the player deposits a sum total of €2000. This involves the collection
of KYC documents as well as Source of Income information. Both will be discussed in further
depth at a later stage in these procedures.
Point 21 : The use of gambling sector services to launder the proceeds of criminal activity is of concern. In order to mitigate the risks relating to gambling services, this Directive should provide for an obligation for providers of gambling services posing higher risks to apply customer due diligence measures for single transactions amounting to EUR 2 000 or more. Member States should ensure that obliged entities apply the same threshold to the collection of winnings, wagering a stake, including by the purchase and exchange of gambling chips, or both. Providers of gambling services with physical premises, such as casinos and gaming houses, should ensure that customer due diligence, if it is taken at the point of entry to the premises, can be linked to the transactions conducted by the customer on those premises. However, in proven low-risk circumstances, Member States should be allowed to exempt certain gambling services from some or all of the requirements laid down in this Directive. The use of an exemption by a Member State should be considered only in strictly limited and justified circumstances, and where the risks of money laundering or terrorist financing are low. Such exemptions should be subject to a specific risk assessment which also considers the degree of vulnerability of the applicable transactions. They should be notified to the Commission. In the risk assessment, Member States should indicate how they have taken into account any relevant findings in the reports issued by the Commission in the framework of the supranational risk assessment.
Three key regulatory goals inform and direct Commission activity. These are defined by the Gambling Act 2005 as the ‘Licencing Objectives’
- preventing gambling from being a source of crime or disorder, being associated with crime or disorder or being used to support crime,
- ensuring that gambling is conducted in a fair and open way, and
- protecting children and other vulnerable persons from being harmed or exploited by gambling.
Our process for UK players reflected the above referenced aims of the Gambling Commission.
Establishing of business relationships
As we are regulated by the UK Gambling Commission (UKGC), we are obligated to abide by
their regulatory requirements. The UKGC defines the establishment of business relationship as
the point at which a customer a customer opens an account with the casino operator or joins a
Similarly to The MGA, when establishing a business relationship, casino operators will need to give consideration to the following:
- the potential risk posed by the customer
- appropriate due diligence checks on the customer
- whether it is known or suspected that the customer may launder money (including criminal spend)
The Regulations also further oblige remote casinos operating under a UKGC license to establish and verify the identity of all customers to whom they make gaming facilities available by using one of the following two approaches:
- before access is given to such facilities
- who, in the course of any period of 24 hours pay to, or stake with, the remote casino €2,000 or more in connection with facilities for remote gaming
Customer due diligence in remote casinos
Customer Due Diligence (CDD) is identifying the client and verifying their identity on the basis
of documents, data or information obtained from a reliable and independent source. This is
also referred to as the Know Your Customer (KYC) process.
Land-based Casinos are required to carry out CDD to a certain level of extent as they are able to verify certain elements of the customer identification on a face-to-face level or through the provision of physical documents. For remote casinos however the UKGC require that enhanced CDD is carried out and ongoing monitoring is in place on all customers.
Enhanced Due Diligence – What is it?
UKGC definition - Casino operators are required to apply, on a risk-sensitive basis, enhanced
customer due diligence measures and enhanced ongoing monitoring (commonly referred to as
enhanced due diligence) in any situation which, by its nature, can present a higher risk of
money laundering or terrorist financing.
Enhanced due diligence measures are mandatory in respect of PEPs and remote casino customers. ‘Enhanced due diligence’ must be carried out when your customer is not present, the transaction is with a politically exposed person (the definition of this needs further consideration) or where there is a higher risk of money laundering. The reasoning behind this is that we, as a remote casino, can better identify suspicious transactions if we know our customer and understand the reasoning behind the instructions they give us.
Enhanced Due Diligence – UKGC requirements
The Regulations view situations where a customer is not physically present for identification
purposes (as in the case of remote casinos) as higher risk for money laundering and require a
casino operator to undertake enhanced due diligence, for example, by applying one or more of
the following measures:
(a) ensuring that the customer’s identity is established by additional documents, data or information
(b) supplementary measures to verify or certify the documents supplied, or confirmatory certification by a credit or financial institution which is subject to the money laundering directive
(c) ensuring that the first payment is carried out through an account opened in the customer’s name with a credit institution (credit institutions are required to provide the player's name, address and account number with all electronic fund transfers). These measures should be applied notwithstanding the threshold approach for CDD and should be tailored to the risk posed.
Option (c) above will fit with remote casinos’ business methods where it is necessary for a customer to have a bank or credit card account, which should be in the customer’s name.
Remote casino operators also have the benefit of being able to withhold the payment of winnings or remaining deposits until satisfied that CDD is satisfactorily done. Remote casino operators should include in their policies how they will manage, on a risk sensitive basis, the higher risks presented by customers not being physically present for identification purposes.
Casino operators should also apply enhanced due diligence measures where:
As soon as a player makes their first deposit, several remote checks are conducted on the
player in the background through Onfido. Onfido, a third party ID&V company, conducts the
following checks based on Full Name (first name, any middle names and surname), Date of
Birth & Current Address. The checks are done by crosschecking data across a number of
Date of birth
Legal and Regulatory Warning
Politically Exposed Person
Enhanced Due Diligence – What we do
- Preliminary checks done via Onfido immediately upon completion of 1 st deposit
- Players are asked for copies of their physical documents as opposed to remote checks. Most other Casino verify their customer electronically by verifying their data against databases. The eliminates the need for submission of copies of physical documents. We require copies of actual documents to be submitted which adds an extra layer of security * (ICAS Example)
- Players are prompted to declare their PEP status upon registration. This is crosschecked using a third-party identification service.
- Players are only able to deposit using a payment method registered in their name
- Players are only able to withdraw funds to a payment method previously registered on their account
- Players are only able to withdraw funds in the same order of the deposits placed (FIFO) although this is subject to change
Identification vs Verification
The casino operator is required to identify customers and then verify their identities as part of
Customer Due Diligence, either upon entry or when reaching the threshold. Identification of a
customer means being told or coming to know of the customer’s identifying details, such as
their name and address. This is done at point of registration when customers are promoted to
enter their personal details. This includes their name, age, address, email address and contact
Verification means obtaining evidence which supports this claim of identity. The verification of the identity consists of the operator verifying some of this information against documents, data or information obtained from a reliable and independent source. This will be covered in more depth in the INTERNAL KYC PROCESS section of this manual.
Point of Verification
The LCCP changes that came into effect on 07/05/2019 changed the previous trigger points for
Operators are now required to verify the identity of players before allowing them to gamble. Operators are required to verify, as a minimum, the customer’s name, address & date of birth. This is already done via Onfido’s Identity Report, which is a soft search of UK national databases. Players for whom the report returns a failed result will be forced to fully verify their accounts before being able to place a bet.
As a Casino we are also required to inform all UK players about what types of identity documents or other information they may need to provide to fully verify their account, such as Source of Income information (Funds/Wealth). This information includes the circumstances or trigger points in which such information might be required, the form in which it is required to be submitted and any other additional information involving verification requirements. This change has been implemented to reduce the amount of complaints generated due to the customer friction generated when players are requested to provide KYC documents at point of withdrawal.
We will also take reasonable steps to ensure that the information we hold on a customer’s identity remains accurate. This is done by informing players via the site to review and re-new their verification information. An example of this is by prompting players to submit any new versions of previously documents that may have since expired or to update addresses if they have moved house.
Age Verification – No Result
If for any reason age verification cannot be carried out, the account is to be frozen and no further gambling will be permitted until age verification has been successfully completed.
Age Verification – Fail
If on completion of age verification the customer is shown to be underage, we are to refund all deposits the customer has placed and void any winnings that the customer may have accumulated.
Any players who fall under the UKGC jurisdiction who are proven to have been under the legal
gambling age at the time they made any gambling transactions, including any freespins, will
have the following actions taken on their account:
If you are proven to have been under that age at the time you accessed any gambling facilities, including any free spins, then:
- Account to be closed;
- In line with UK regulation, any person found to have created and/or operated an account whilst underage shall have any and all stakes refunded (less withdrawals, should there be any).
UK Customers are required to verify their identity through the submission of documentation. The documentation required will validate their name, age and address. The UKGC lists the following sources as useful for verification of UK-based players:
- current signed passport
- birth certificate
- current photo card driving licence
- current EEA member state identity card
- current identity card issued by the Electoral Office for Northern Ireland
- residence permit issued by the Home Office
- firearms certificate or shotgun licence
- benefit book or original notification letter from the Department of Works and Pensions confirming the right to benefits
- council tax bill
- utility bill or statement (but not ones printed off the internet), or a certificate from a utilities supplier confirming an arrangement to pay services on pre-payment terms
- bank, building society or credit union statement or passbook containing current address (but not statements printed off the internet) - bank or credit cards alone will not be sufficient as these do not provide either residential address or date of birth
- confirmation from an electoral register that a person of that name lives at that address
- recent original mortgage statement from a recognised lender
- solicitor’s letter confirming recent house purchase or land registry confirmation of address
- local council or housing association rent card or tenancy agreement
- HM Revenue and Customs (HMRC) self-assessment statement or tax demand
- house or motor insurance certificate
4. Malta Gaming Authority (MGA)
As a Casino we are also regulated by the MGA, whose Remote Gaming Regulations apply to all of our non-UK players. The Remote Gaming Regulations provide guidelines for CDD & AML measures, including an obligation on licensees to verify the identity, age and place of residence of a player prior to making a payment in excess of €2,329.37.
Regulations stipulate that the following data is to be gathered from players upon registration.
The data is as follows:
(i) that the player is over eighteen years of age
(ii) the player’s identity
(iii) the player’s place of residence
(iv) the player’s valid e-mail address
MGA - Underage Gambling
The MGA takes a similar approach to the UKGC in that it does not allow for minors to partake in any gambling activity. It does not allow for any person under eighteen years of age to be registered or a player and any funds deposited or won by such persons is to be forfeited to the authority.
Underage Gambling – Identified Underage Gamblers
Any players who fall under the MGA jurisdiction who are proven to have been under the legal gambling age at the time they made any gambling transactions will have the following actions taken on their account:
- Account to be closed;
- Any winnings and bonuses will be confiscated and remaining balance returned (subject to reasonable charges);
- Any winnings which accrued during such time will be forfeited by the player and the player is to return to us any such funds which have been withdrawn from their account.
When Are Players Verified
A key difference between the CDD approach of the MGA & the UKGC is the point at which player’s identified are verified. As previously discussed, the UGKC require remote casinos to employ either the On-Entry or Threshold approach when verifying player identities. The MGA does not have any such approach and instead players are verified once their total deposits reach €2000 or they wish to withdraw funds out of their account, similarly to the approach taken for UK players. This is in line with the EU 4th Anti-Money Laundering Directive.
The age players input upon registration is not verified until the withdrawal threshold is reached. This is dissimilar to the UKGC approach which requires age verification to be undertaken immediately upon the player placing their first deposit. This places the responsibility on the player to provide true and accurate data at point of registration.
As a Casino we are not to make a payment in excess of two thousand and three hundred and twenty-nine euro and thirty-seven cents (€2329.37) out of a player’s account to a player until the player’s identity, age and place of residence have been verified. We however enforce a stricter policy and do not allow any withdrawals without a player’s account being verified. In theory however, we are able to pay out players a total amount less than €2329.37 without verifying their identity.
The FIAU allows for operators to adopt two possible approaches to players reaching the
stipulated €2000 threshold limit before CDD & source of income information is requested. The
threshold limit is always to be calculated based on customer deposits exclusively however the
period in which the threshold is reached will be up to the operator to choose. The Euro two
thousand (€2,000) deposit threshold can be calculated either:
a. On a daily basis taking into account all deposits effected by a customer since the establishment of the business relationship; or
b. On the basis of a rolling period of one hundred and eighty (180) days.
In the latter case, a licensee would have to consider whether a customer’s overall deposits in the previous one hundred and eighty (180) days have met or exceeded the Euro two thousand (€2,000) threshold, with licensees being able to make said determination either each time a customer effects a deposit or at the end of each day in which a customer effects one or more deposits.
Due to the increased complexity of option B, option A has been uptaken and the threshold limit reached once a player’s lifetime deposit amount reaches €2000.
CDD Threshold - Pending Period
The player account is to have the transactions and gameplay blocked until KYC documents have been submitted, the Source of Income form is complete and supporting docs submitted. Moreover, if following the lapse of thirty (30) days from when the Euro two thousand (€2,000) threshold is met the customer has not made the requested information and documentation available, the account is to be closed.
5. High Risk Jurisdictions
High-risk and other monitored jurisdictions:
- Democratic People's Republic of Korea (DPRK)
- Sri Lanka
- Trinidad and Tobago
6. The Internal KYC Process
Both the UKGC & the MGA do not specify an exact process for account verification, leaving it up to the operators to create one to ensure that the customer’s player’s identities can be verified. The process we have in place to verify a player’s account involves three elements of verification; ID verification, proof of address & proof of payment. The current requirements are as following:
- Copy of a valid photo ID such as a passport, driver’s license or government ID card. This must include scans of the front and back of the cards. See also documents listed in “UKGC - CDD/KYC Documentation”
- In the absence of photo-ID, we can accept a copy of a birth certificate. The certificate must have all four corners visible. We will also need a photo of the player holding up their birth certificate, with their face and the front of the certificate clearly visible.
Proof of Address
- A utility bill or bank statement clearly displaying the player’s name and current residential address which has been issued with the last three months. See also documents listed in “UKGC - CDD/KYC Documentation”
The verification of a customer’s proof of payment will depend on the deposit method they choose to deposit with. The requirements will differ for each method and may need to be updated periodically due to changes the payment methods may make to their user interfaces and/or the Casinos accepted payment methods. The below is a list of current proof of payment requirements at the Casino based on the currently accepted payment methods:
Copies of all debit/credit cards registered and used on the player’s account. These copies must display the player’s signature together with the first six and last four digits of the card itself. For the player’s own security and safety we suggest that players black out the security number at the back and middle digits in the front
A screenshot of your Neteller account showing the player’s email address/account number and personal account information
A screenshot of your Skrill account showing the player’s email address/account number and personal account information
A screenshot of your eCoPayz account showing the player’s email address/account number and personal account information
- A bank statement issued in the last 3 months for the player’s bank account. This should include the player’s bank name, bank account number, IBAN number and BIC code. All four corners of the statements are to be visible. The statement may be a hardcopy or a PDF.
- We also request a PDF or screenshot showing the player’s deposit to the Casino.
Copies of all debit/credit cards registered and used on the player’s account. These copies must display the player’s signature together with the first six and last four digits of the card itself. For the player’s own security and safety we suggest that players black out the security number at the back and middle digits in the front
Pre-paid vouchers are not verified
A monthly statement in PDF format showing the deposits made using the player’s mobile phone contract
Players verify their accounts through the submission of documents to the Casino. Full instructions on this process are given to players on both brand websites. Players are to submit proof of the three elements of KYC – ID, Proof of Address & Proof of Payment
How are Documents Submitted
Players verify their accounts through the submission of documents to the Casino via a
dedicated KYC mini-site.
As a last resort, players may also submit their documents via email. If a player submits documents via email, the player is to submit documents to the following email address:
BETAT Casino – firstname.lastname@example.org SlottyVegas Casino – email@example.com
Emails can only be accepted if the email the player sends the email from is the same as the one registered on the account. Emails sent from addresses that are not the registered email address on the Casino account are not to be accepted.
Should a player wish to submit a new doc or revised doc via chat, the player must be logged in. Players are to be told to login before they submit documents via chat. Documents submitted on chat without the player being signed in are not to be accepted.
How are Documents Verified
ID documents are verified by third parties. The use of third party verification companies was a
decision taken to improve the accuracy of our verification checks as many of the security
features on ID documents are not easy to distinguish with the naked eye. We currently used
the supplier Onfido. Documents are uploaded to Onfido to be verified and their response
followed up by the Risk & Payments team.
Proof of Addresses are verified through the use of Google Maps. Addresses are inputted in Google Maps to ensure the address is valid and is not a business address. The use of Google Streetview aids in identifying this.
Payment methods can be verified without the need of additional software or resources. Cards can be verified manually if the copies submitted meet our requirements. E-Wallets are verified through screenshots of the accounts showing the player’s email address/account number and personal account information. Bank accounts can be verified through bank statements and screenshots of deposits.* Player deposits can also be verified by locating the deposits in the payment method backoffices. This will allow for verification of any screenshots and statements submitted.
If the payment method in question is card, the signature is to be matched against that present on the player’s ID document and vice versa. If for any reason these do not match, the player is to be asked to take a selfie with his ID card and the bank card in question.
If the players use wallets, additional checks can be carried out to check the account holder’s KYC status with the wallet service. This is done through the wallet verification tool which is located within Betatools through which the KYC status can be verified. The service is available for all wallets under the Paysafe group, those being Neteller and Skrill. This can be a useful enhanced due diligence tool should the player’s activity raise suspicion.
Source of Income
Under the 4 th Money Laundering Directive, Gambling Operators have a legal obligation to
know more on who the players they transact with; to verify their age, their identity, address
and the source of the funds used to gamble with at their Casino.
As part of the focus of the 4 th Money Laundering Directive on identifying potential risk, the Casino operators should also apply a risk-based approach to due diligence and should therefore consider whether it is appropriate to:
- seek further verification from the customer
- request information on the source of the funds
- conduct enhanced ongoing monitoring
- cease the business relationship
Source of Income Process
The Source of Income process has been integrated into the KYC process to ensure that all
players verifying their account will also be forced to state their Source of Income. Account
verification will be triggered when players reach the €2000 threshold or when they wish to
make their first withdrawal. If account verification is triggered by a player reaching his
threshold, gameplay and transactions are blocked until the verification process is complete
and documents have been submitted.
The first phase is the collection of the Source of Funds data. This allows for a seamless integration of both processes. Players who do not complete the Source of Income form will not be able to complete the verification process or continue depositing.
The Source of Income process is split into two phases. Within the KYC minisite players are prompted to declare their Source of Income via a ticklist, with the selection being recorded on our internal database. An extract of the ticklist can be seen below.
- Salary – Original or copy of a payslip
- Savings – Certified savings certificates
- Sales of Shares – Bank statement clearly showing receipt of funds
- Sales of Property – Signed letter from solicitor/estate agent
- Inheritance – Grant of probate which must include the value of estate
- Insurance – Signed letter from person who insured you
- Gift – Donor’s source of income
Only one option can be selected form the form and the player will also need to agree to a
declaration that the information is true and correct.
Based on their selection, players are also requested to submit documents to support their selection. The document(s) submitted is a form of Sources of Funds although some may double as Source of Wealth. These are saved on player accounts and notes left to reflect this. Accounts are not verified until both KYC and SoF documents have been collected.
Source of Income Process
Apart from the €2000 threshold & withdrawal request triggers, there may be other instances
where players are asked to verify their accounts and submit Source of Income documentation
due to the higher levels of risk they present.
The Malta Financial Intelligence Analysis Unit (FIAU) recommend that key factors are actively monitored that may raise suspicion in the player.
- logs-in from high-risk jurisdictions
- irregular and excessive depositing patterns
- Deposits using payment methods that have a higher risk of money laundering such as pre-paid methods
Difficulties in conducting the necessary customer due diligence, such as those
- customer refuses to provide personal identification documents
- customer provides documentation which appears to be false or tampered with
- a customer insists on identifying himself with a name or nickname that does not appear on his identification document.
- Customer requests the transfer of winnings to the bank account of someone else.
- Customer attempts to convince casino staff not to record transaction information.
- Customers in collusion who consistently appear to bet against each other on even money games (for example in roulette games). Such a technique offers the possibility of laundering the proceeds of crime without the risk of losing the monies subject to gaming.
- Customer wagers his deposits exactly once consistently
Noticeable changes in the gaming patterns of a customer. Examples of these changes
- Customers who carry out transactions that are significantly larger in volume when compared to the transactions they normally carry out; or
- Customer carries out transactions which seem to be disproportionate to his wealth, known income or financial situation.
Source of Wealth
Players who have a higher potential risk of money laundering or terrorist financing such as
PEPs or high-rollers will be subject to additional Source of Income checks. Such players may be
requested to submit Source of Wealth document(s) having already submitted SoF documents.
The SoW will show the player’s declared body of wealth and provide a clearer understanding
of whether they can afford to sustain their level of gambling. The SoW request is not done
through the KYC mini-site but separately via email.
Players such as high-rollers, PEPs or VIPs will be subject to further scrutiny and may also be asked to provide Source of Wealth documentation. This will ensure that evidence is at hand to show that their level of gambling is sustainable as such players usually have a significant level of transactional value. The current trigger point for SoW requests is once the player’s total deposited amount reaches €/£/$ 50,000 deposit however we may request the SoW at an earlier point should we feel the need to.
Source of Income - Responsible Gambling
In the event that it is identified that the Source of Income of a player shows a significant
percentage of their declared income being spent on gambling, the case is to be transferred to
the Customer Service team to address the Responsible Gambling issues that may be present.
This is because we do not want any players to be gambling over and above their means which
may leave them in a precarious financial position. An example of this would be a player who
submits a payslip showing an income of £1500 as their Source of Income. If the player’s
account data shows monthly deposits of over £1000 the case would be forwarded to the CS
team to discuss setting limits on the account as this would account to a high percentage of
high monthly income.
The transfer to the CS team is to be done via email, where the account number, ticket number and a brief summary of the issue is to be included.
Source of Income - Benefits & Student Loans
Players who declare their Source of Wealth as any of the below may be at higher risk exposure due to their financial situation.
- Unemployment benefits
- Disability benefits
- Student Loans
On a daily basis the R&P team will run the “Proof of Wealth Sources” report within MaxEnt
Tools to pro-actively identify players who list their Source of Income as any of the above.
When such a player is identified, an email is sent asking them to send evidence of their
income. They will also be asked to declare if they have any alternative sources of income, and
if so, provide evidence for this as well. Their account in the backoffice will be suspended in the
interim to prevent any potential issues and re-opened only if the document(s) submitted show
that their gambling is affordable.
Although an individual on benefits may not necessarily be in a higher RG risk bracket, this process will ensure that each case is reviewed individually to establish affordability.
Source of Income – Failure to Submit Documents
Players who refuse to submit Source of Income documentation will have their account frozen and potentially closed, irrelevant of their VIP status. The Source of Income documents submitted will be subject to the same stringent quality requirements of KYC docs.
Threshold Approach Process
UK players who deposit €2000 will be automatically prompted on-site to verify their accounts by re-directing them to a KYC mini-site. From the mini-site they will be guided through the process of submitting the three elements of KYC : ID, Proof of Address & Proof of Payment. The last page of the mini-site is a Source of Income tick list so as to incorporate both KYC and Source of Income requirements within the same process. The customer’s gameplay will be blocked until the process is complete. It is important to note however that at present any customer that wishes to make a withdrawal, regardless of amount, will undergo enhanced due diligence in order to verify their account as otherwise they will not be able to request a payout.
Politically-Exposed Persons (PEP)
PEP is a person who is or has, at any time in the preceding year, been entrusted with prominent public functions by a state, a Community institution (for example, the European Parliament) or an international body (for example, the United Nations), including the following persons:
- heads of state, heads of government, ministers and deputy or assistant ministers
- members of parliament
- members of supreme courts, constitutional courts or other high-level judicial bodies whose decisions are not generally subject to further appeal, except in exceptional circumstances
- members of courts of auditors or of the boards of central banks
- ambassadors, chargés d’affaires and high ranking officers in armed forces
- members of the administrative, management or supervisory bodies of state-owned enterprises.
The following persons are also regarded as PEPs by virtue of their relationship or association with the persons listed above:
- Immediate family members of the persons listed above, including spouse, partner, children and their spouses or partners, and parents
- known close associates of the persons listed above, including persons with whom joint beneficial ownership of a legal entity or legal arrangement is held, with whom there are close business relationships, or who is a sole beneficial owner of a legal entity or arrangement set up by the PEP with whom they are associated.
PEP status itself does not incriminate individuals or entities. It does, however, put a customer into a higher risk category.
New and existing customers may not initially meet the definition of a PEP, but that position may change over time. Equally, individuals who are initially identified as PEPs may cease to be PEPs, for example, a year after they change their job or retire. The casino operator should, as far as practicable, be alert to public information relating to possible changes in the status of its customers with regard to political exposure. Casino operators should be alert to situations which suggest that the customer is a PEP. These situations include:
- receiving funds from a government account
- correspondence on an official letterhead from the customer or a related person
- general conversation with the customer or related person linking the person to a PEP
- news reports suggesting that the customer is a PEP or is linked to one
Although under the definition of a PEP an individual ceases to be so regarded after he has left office for one year, casino operators are encouraged to apply a risk-based approach in determining whether or when they should cease carrying out appropriately enhanced monitoring of transactions. In many cases, a longer period might be appropriate, in order to ensure that the higher risks associated with the individual’s previous position have adequately abated.
Upon registration, players are given to self-declare themselves as PEPs. If the option is
selected, the end-user is given a form to complete in which they give further details regarding
their PEP status. The data inputted is then stored on a PEP report held within our platform.
Their PEP status is checked again via Onfido who will identify any PEPs through crosschecking
across several databases.
Should it be identified that a player is a PEP, a decision is to be taken as to whether to keep their account open or not based on the level of risk the player carries. Should the account remain open, the PEP will be subject to further checks due to the elevated level of risk. To mitigate this, the players in question will be requested to verify their accounts and provide Source of Income documentation (Source of Funds + Source of Wealth).
In-line with UKGC requirements, should a UK resident make their initial deposit with a
payment method other than a credit card, their age is to be verified immediately upon their
first deposit. The age verification is not done internally but instead outsourced to be
completed via third parties, with Onfido being the service currently used. This is done by
matching their identification data, namely name/DOB/address, against credit agency data
(which consists of 3 credit agencies). The electoral roll and telephone databases are also
checked. The data is sent via API meaning that the player’s user experience will remain
uninterrupted as the checks will be done in the background.
Should the third party be unable to verify the customer’s age, the account is to be frozen until age verification has been successfully completed through the provision of KYC docs which will allow for a secondary source of age verification.
Should the player be found to be underage, the account is to be closed all deposits refunded.
If a player is verified on one of our Casino brands but is not yet verified on the other brand, the
documents are to be transferred over if the account information such as address, telephone
number and date of birth are the same. If any of the aforementioned details have changed, the
player is to be asked for new KYC documents relevant to the identification data that has
When attempting to cross-verify, payment methods are to be checked to establish whether any new payment methods have been registered. If any new payment methods have been registered, the account cannot be KYC’ed until they have been verified.
Standard fraud checks are to be completed on the account undergoing verification as part of the process regardless of the fact that the player has a verified account on the other Casino brand.
If we are unable to verify a player, their account is to be closed as per our T&Cs. Account verification may fail for a variety of reasons. An example of this is if their ID documents are flagged by Onfido as fake*. In such cases, players are not be asked to submit alternative-ID as this opens an opportunity for the player to submit a different document if the first document submitted was fake. Players may also refuse to verify their accounts which will also result in account close.As part of the closure process all bets are to be invalidated and all deposits refunded.
Use of Third Parties for Due Diligence checks
Reliance can be placed on third parties to perform customer due diligence checks, although the ultimate responsibility for meeting customer due diligence requirements remains with us as the Casino. However, we should be cautious about relying on third parties, as we will remain liable for any failure to comply or omissions. The checks made by other firms may differ from our own standards, and it is advisable that copies of all relevant documents and information are requested, to satisfy yourself that the information is sufficient. In our case, we hold copies of all documents submitted and are able to download reports directly from Onfido on each document that they attempt to verify.
Third Party CCD UKGC Checklist
Where checks are made electronically, record the actual information obtained at the time and not just state that ID was obtained, as a new search if needed in the future may have different underlying data.
- There are a number of commercial organisations that provide online identification checks for money laundering purposes. They can access databases that provide both positive and negative information.
- Positive information (relating to full name, current address, date of birth) can prove that an individual exists, but some can offer a higher degree of confidence than others. Such information should include data from more robust sources - where an individual has to prove their identity, or address, in some way in order to be included, as opposed to others, where no such proof is required.
- Negative information includes lists of individuals known to have committed fraud, including identity fraud, and registers of deceased persons. Checking against such information may be necessary to mitigate against impersonation fraud.
- Paragraph 5.55 of the CCAB guidance states that the following points should be considered before deciding to use an electronic source:
- Does the system draw on multiple sources? A single source, eg, the Electoral Roll, is usually not sufficient. A system which uses both negative and positive data sources is generally more robust than one that does not.
- Are the sources checked across a period of time? Systems that do not regularly update their data are generally prone to more inaccuracies than those that do.
- Are there control mechanisms to ensure the quality and reliability of data? Systems should have built-in checks that ensure the integrity of data and should ideally be transparent enough to show the results of these checks and their bearing on the integrity of data.
- Is the information accessible? Systems need to allow a business either to download and store the results of searches in appropriate electronic form, or to print off a hardcopy record containing all necessary details as to name of provider, source, date etc.
The CCAB Guidance can be found on the Anti-money laundering area of the website at: http://icas.org.uk/home/regulation-and-ethics/anti-money-laundering/guidance/
Regardless of who is processing a withdrawal, a standard set of checks need to be completed prior to payout of withdrawal. These can be broken down into four classifications: Notes, Gameplay, Routing, Withdrawal Count, Anti-Money Laundering.
- Checking specific payment instructions (payment method/payment schedule)
- If KYC for any un-verified payment method(s) has been requested
- Previously identified Same IP and checking of other linked accounts
- Does customer have a payment option registered
- Is Payment method a method through which payments can be processed e.g. prepaid
- Is payment method KYC’ed
- Is this the customer’s first withdrawal
- What is the amount
- What is total deposited amount vs total withdrawn amount
- Has the customer complained/queried the status of their withdrawal
- Where did the winnings stem from? (Deposit/Bonus/NDB)
- Have bonus rules been breached?
Anti-Money Laundering (AML)
- Does gameplay raise suspicion due to bet size / bet pattern? If so, run relevant reports
- Has deposit been wagered 1x
- Does the customer have a history of wagering deposits 1x
- Has the customer been asked to wager his deposit more than 1x in previous communication(s)
- Is there deposit stacking?
First In First Out (FIFO)
As per AML regulations, when withdrawing funds, payments of winnings are paid to the account from which deposits have originated, in their correct order. This means that prior to withdrawing to a new deposit method, all previous deposits processed via different payment methods must equal the total amount of withdrawals from the payment method. Below is a scenario:
Player A first places a deposit of $100 at the Casino using her credit card but loses her funds. She then places a second deposit of $20 using her Neteller account hoping for better luck but once again, loses her funds. She places a third deposit of $30 using her Skrill account and strikes it lucky and wins an amount of $200. To be able to adhere to our policy of paying out winnings to the account from which deposits have originated in their correct order, Player A would have to do the following:
- Firstly, she would have to withdraw the first $100 of her winnings to her credit card
- Secondly, she would have to withdraw $20 of his winnings to her Neteller account
- Thirdly, she would have to withdraw $30 to her Skrill account
- Fourthly, she can withdraw the remaining $50 to any of the three payment methods since all her deposited amounts have been covered
If the player then deposits a further $30 using her credit card and then re-deposits
$20 with her Neteller account and wins $30, the Player would have to withdraw
the full amount of her winnings ($30), to her credit card.
If Player A then re-deposits $20 with her Skrill account and wins $60, she would need to withdraw $20 to her credit card, $20 to her Neteller account and the remaining $20 to whichever payment option she has used
Routing for Pre-Paid Method
If a players’ deposits via a pre-paid method such as PaySafe or Poli, or any non two-way payment method such as GiroPay or Sofort, then any winnings are to be paid out to a bank account in their name. Prior to payment, player’s are to provide a bank statement as proof of ownership of the bank account to which they have requested their winnings to be paid out to. Paying out to a bank account greatly reduces the possibility of money laundering as the payment will be subject to bank due diligence checks and we would be paying out to an account registered in their name. Payments to e-wallets for example would be subject to less checks than a payment made to a bank.
Routing for Pre-Paid Method
|Fast Bank Transfer||Safecharge|
|Bank Transfer (Trustly)||Bank Transfer (Trustly)|
|Credit Card / Mastercard||Safecharge|
|Credit Card / Visa||Safecharge|
|Cards / Prepaid||Bank transfer (Safecharge)|
|Paysafe||Bank transfer (Safecharge)|
|Sofort||Bank transfer (Safecharge)|