Into the light?

ISSUE 36

YOUR MAGAZINE FROM THE INTERNATIONAL COMPLIANCE ASSOCIATION

Politics, panic and pandemonium?

Getting the measure

Avoiding the pitfalls

p.14 p.17

£4.95 where sold separately

p.42

inCOMPLIANCE ®

Lite

inCOMPLIANCE®3

Reaching the pinnacle

Professional education has changed significantly over the past few years. In my role as Chairman of ICA, I wanted to share with you some recent innovative developments in our higher-education offerings for senior compliance professionals.

As the leading professional body in compliance education, and in collaboration with the University of Manchester Alliance Business School, ICA has developed highly-regarded vocational qualifications for the sector. In response to growing demand for higher-level qualifications, ICA has created two new Professional Post-Graduate Diplomas (PPGDip) in the areas of Governance, Risk and Compliance (GRC) and Financial Crime Compliance (FCC).

The ICA PPGDip is the pinnacle of the ICA education regime and was created for busy professionals who are operating at, or aspire to operate at, leadership level. Typically, it takes nine months to complete a PPGDip, and during that time students attend nine high-level face-to-face masterclasses before completing a formal assessment.

To minimise the demand on delegates’ time, we condensed the masterclass delivery into two intensive residential weekends, held at the world-renowned university centre of Oxford here in the UK. We make all the arrangements, including accommodation and private dinners with guest speakers. It’s ideal for time-pressed business people and students also fly to Britain from all parts of the globe. The weekends also offer fantastic networking opportunities in the peaceful environment of some of the most distinguished Oxford colleges.

A particular area of innovation is the introduction of oral assessment by way of competency-based interviews as well as assessment of candidates’ written submissions. This dual-facing approach appeals particularly to students who embrace the concept of face-to-face assessment.

Graduates from the programmes can top up their qualifications if they so wish; the PPGDip qualifies candidates for direct entry into Masters degrees online at universities globally. These PPGDip programmes have become major flagship qualifications for ICA and have been received enthusiastically by delegates and employers alike.

Well done to the ICA and International Compliance Training teams.

Bill Howarth ICA President

inCOMPLIANCE®

2

inCOMPLIANCE®3

inCOMPLIANCE®

3inCOMPLIANCE®3

INDUSTRY NEWS

J5: international collaboration on tax crimeThe Joint Chiefs of Global Tax Enforcement (J5), a new taskforce dedicated to tackling international tax crime and money laundering through the sharing of information and expertise, launched this month. The J5 comprises senior officials from the tax and criminal authorities in the UK, Canada, the Netherlands, the United States and Australia, who will “work together on joint operations to crack down on those who make a living out of enabling tax crime”.

“International cooperation and information sharing are reaching new levels as the implementation of the OECD’s Common Reporting Standard continues. However, we have never before had a group of jurisdictions actively working together,” commented Richard Morley, Partner in the Tax Dispute Resolution Team at BDO. “Collaboration between the five countries will prove a vital tool and a good example of how world leaders can tackle tax fraud as it becomes ever more complex. The ability to share information and expertise, and to craft effective plans and strategies on a joint basis, will bring a new level of transparency to the fight against global tax fraud.”

https://www.gov.uk/government/news/tax-chiefs-unite-to-tackle-international-tax-crime

Fraud: Anticipating the future “Why are we still so bad at seeing fraud coming and trying to design it out of our great innovations?” asks a new report by the Fraud Advisory Panel, which is celebrating its 20th anniversary. “The explosion of fraud and cybercrime is not an act of nature,” suggests the report. “Nor did it appear without warning. It represents a comprehensive failure of imagination by industry, law enforcement and government. A failure which allowed new technology to rapidly increase the exposure of honest citizens to predatory crime while simultaneously hobbling their guardians.”

The report includes contributions from leading thinkers in the areas of artificial intelligence, cybersecurity, data, Blockchain and beyond, outlining their views on emerging fraud threats. It can be downloaded at:

https://www.fraudadvisorypanel.org/wp-content/uploads/2018/06/Fraud-Futures-WEB-July-2018.pdf

Industry News

inCOMPLIANCE®5

inCOMPLIANCE®4

INDUSTRY NEWS

Half of investors uncertain over wealth management fees

UK wealth managers may be falling short in terms of the accessibility and transparency of fees, in spite of the Financial Conduct Authority’s (FCA) recent recommendation that “Consumers should now see the full costs and charges, expressed as a single fee, for most transactions in investment products, and on an ongoing basis” (FCA Occasional Paper no. 32: “Now you see it: drawing attention to charges in the asset management industry”).

According to a Netwealth survey, conducted by YouGov, half of investors are not sure about all the fees they are being charged by their wealth manager. 37% only knew “most” or “some” of the fees and charges they are paying, while 13% were unclear about any of the fees and charges they are paying. Only 35% had immediate access to information on fees, while 44% could only discover such information through their annual (25%), quarterly (14%) or monthly statements (5%). Nevertheless, 72% stated that “transparency around how fees are charged” is now the most important factor when choosing a wealth manager.

According to Charlotte Ransom, CEO of Netwealth: “Our research indicates that traditional wealth managers are taking advantage of their clients’ trust. They make it extremely difficult for clients to see how their portfolios are performing and to understand fully both the level and the impact of fees that can have such huge negative consequences on their long term savings.”

SEC proposes whistleblower amendmentsThe Securities and Exchange Commission has proposed amendments to its whistleblower programme. The proposals provide stronger incentives for whistleblowers, although some of the proposals may also deter some whistleblowers from stepping forward. The proposed amendments include:

• Permitting awards based on deferred prosecution agreements (“DPAs”) and non-prosecution agreements (“NPAs”)

• The prevention of potential “double recovery”

• Additional considerations for small and exceedingly large awards.

https://www.sec.gov/rules/proposed/2018/34-83557.pdf

FSB cyber security consultation paperIn July the Financial Stability Board (FSB) will publish a consultation paper on the common cyber lexicon that it has been developing. The lexicon is designed to support the work of the FSB, standard-setting bodies, authorities and private sector participants to address cyber security and cyber resilience in the financial sector, in the following areas:

• The development of a cross-sector understanding of cyber security and cyber resilience terminology

• Working to assess and monitor financial stability risks of cyber risk scenarios

• Information sharing as appropriate; and

• Work by the FSB and/or standard-setting bodies to provide guidance related to cyber security and cyber resilience, including to identify effective practices.

http://www.fsb.org/wp-content/uploads/P200318.pdf

EBA paper critical of Brexit preparationsThe UK financial sector’s preparations for Brexit are “inadequate”, according to the European Banking Authority (EBA). In an opinion published at the end of June, the EBA stated that it has been monitoring the level of contingency planning and other preparations being undertaken by financial institutions and it believes that “this planning should advance more rapidly in a number of areas”.

The Authority added that: “Where planning is taking place, some financial institutions appear to be delaying triggering the necessary actions. The time for the required actions to be taken is reducing. Financial institutions should not rely on public sector solutions, as they may not be proposed and/or agreed.”

However, the Chief Executive of the UK Financial Conduct Authority (FCA), Andrew Bailey, has robustly challenged the EBA’s claims, telling The Times CEO summit: “The idea that institutions in London have done no preparation, no thinking about Brexit, I’m afraid, and with all due respect to the EBA, is considerably wide of the mark.”

The FCA has confirmed that it is currently preparing “for a range of scenarios, including one in which the UK leaves the EU on 29 March 2019 without a withdrawal agreement and implementation period having been ratified between the UK Government and the EU.” The FCA also intends to consult this Autumn regarding necessary amendments to its Handbook related to Brexit.

Meanwhile, reports suggest that Barclays is preparing to relocate several roles from its London investment banking operations to Frankfurt ahead of Brexit, following on from previous reports that it aims to expand its Dublin operations. Goldman Sachs is also believed to be planning to relocate several roles to Frankfurt. It is further rumoured that Bank of America will be moving senior bankers from London to Paris, while JPMorgan is believed to be planning to expand its Milan office.

http://www.eba.europa.eu/documents/10180/2137845/EBA+Opinion+on+Brexit+preparations+(EBA-Op-2018-05).pdf

inCOMPLIANCE®5

????????????????????????????

inCOMPLIANCE®

5

REGULATION AND POLITICS

Politics most certainly makes for strange bedfellows ... and if we toss East-West geopolitics, Brexit, and Anglo-American anti-money laundering (AML) policymaking

into the mix, the resulting brew is well nigh explosive. Herewith, a few ostensibly unrelated developments from the frontlines:

• USA – The latest (2017) round of Russian sanctions – the Countering America’s Adversaries Through Sanctions Act (CAATSA) – articulated a wider list of so-called 'Friends of Putin' (the ‘Oligarchs Report’ as mandated by Sec. 241) who, whilst not necessarily subject to specific sanctions – such as the Specifically Designated Nationals (SDNs) of the original (2014) sanctions regime – were effectively named as ‘sanctionable’ and, therefore, subject to a much greater margin of risk vis-à-vis existing and potential business counterparties, who suddenly had little choice but to blacklist them pre-emptively.1

• Cyprus – Media reports indicate that the compliance services of Cypriot banks have suddenly initiated a review of Russian bank account owners, requiring that they explain the grounds for all their transactions over the past 15 (!) years. Apparently, this new initiative

was the direct result of a recent visit to the country by representatives of the US Treasury Department’s Office of Foreign Assets Control (OFAC). Their mission was reported as intending to “cut off money laundering channels around the world, as well as ensure the sanctions are complied with.”2

• Latvia – In March 2018, the US Government warned Latvia that its banks are still involved in money laundering despite the enforced liquidation of ABLV, the country’s third-largest lender, following similar allegations, according to the Baltic state’s finance minister.3

• UK – Russian oligarch Roman Abramovich has been denied renewal of his UK investor’s visa, following which he applied for and received an Israeli passport. However, UK government officials have indicated that Mr Abramovich should not feel at ease to enter and leave the UK at will, even though, by law, his new passport permits him to visit the UK on business for up to six months per trip.4 (This particular expression of the UK government’s recently adopted policy of froideur also cost supporters of the Chelsea Football Club a new stadium that Mr Abramovich had been planning to build.)

Politics, panic and pandemonium?Vladimir Berezansky discusses the politicisation

of compliance

inCOMPLIANCE®7

REGULATION AND POLITICS

These are all aftershocks of shifting tectonic plates – in this case, the sheer bulk of Russian offshore wealth abutting the reinforced vigour of enhanced AML vigilance, primarily by US and UK regulators. As the above examples illustrate, we are witnessing a collision on an epic scale – ripples of great tides of historical forces that stretch back to 1991, and even as far back as 1917.

Shifting definitions, evolving understandingsOn a disturbingly wide and increasing scale, the description of someone or something as being ‘Russian’ now evokes a visceral reaction – quite literally, an adrenaline jolt from the medulla oblongata – rather than entering as information to be weighed and analysed by the cerebral cortex. Indeed, the atmosphere, at times, borders on open panic and pandemonium. In early June, for example, British and foreign media reported that Arron Banks, a UK businessman who funded one of the main campaigns for Brexit, had “links with Russia”. Links with Russia?! Stop the presses!!5

To be sure, there is usually a kernel of truth – perhaps more than one – to the circumstances giving rise to such waves of collective paranoia; but the level of discourse has become so debased that key players – primarily, politicians and regulators – have seemingly lost the ability to distinguish policies that tendentiously assert their nation’s unilateral advantage from regulatory standards that must, by all means, remain neutral as being universal.

To revert briefly to basic principles, financial regulatory regimes exist to ensure equal access to and fair play within financial markets. Barriers to market entry – e.g. licences – must be applied in a fair, unbiased and transparent manner in order to preserve market integrity, as well as (no less important) the perception thereof. Applying these commendable principles becomes more difficult, however, at the ‘fringes’ of a financial regulatory regime. This usually arises in aspects of regulatory control that are inherently more susceptible to politicisation, such as trade sanctions, anti-monopoly / anti-trust restrictions, and AML / Countering the Financing of Terrorism (CFT).

The challenge is to step back from the fray in order to assess for oneself the extent to which some aspect of a financial regulatory regime has been inordinately politicised. What criteria might be applied in making this assessment? Any analysis should begin with the positing of a spectrum that, at one end, contains broadly recognised policy goals – i.e. preventing almost universally identified ‘bad actors’ such as narcotraffickers, organised criminal groups that profit from exploiting inadequately protected persons (primarily women and children), third world dictators, and other corrupt government officials, etc., from benefiting from or legitimising the proceeds of their illicit activities – and at the other end are grouped what might be deemed more subjective or politicised priorities.

The key in such an exercise is to extrapolate various vantages that might have differing – even conflicting – views as to which regulatory policy goals should be deemed subjective. For example, Cuban Americans in Miami might consider maintaining an embargo on their Cuban homeland

as a broadly recognised policy goal; but the vast majority of the world’s population might consider this a subjective, politicised priority. The same might apply for a Taiwanese citizen’s assessment of the need to maintain an embargo on mainland China, or an Arab nation’s boycott of Israel.

The point here is not to pick and choose which financial regulatory restrictions are to be enforced and which might be ignored. The remit of the Compliance function is to apply and enforce the entire financial regulatory regime within a given jurisdiction accurately and vigorously. But having a conceptual tool for sorting the more policy driven, subjective priorities from more widely accepted imperatives provides a methodology for defining a hierarchy within each jurisdiction.

Practically, one would anticipate that, whilst those regulatory controls grouped towards the ‘universal’ end of the spectrum are unlikely to be amended or rescinded frequently, those that tend toward the ‘subjective’ end might be susceptible to more regular revisions and, perhaps, eventual annulment. This exercise also serves as a sanity test to avoid becoming lost in the turmoil of today’s highly politicised regulatory atmosphere.

The level of discourse has become so debased that key players – primarily, politicians and regulators – have seemingly lost the abilityto distinguish policies that tendentiously assert their nation’s unilateral advantagefrom regulatory standards that must, by all means, remain neutral as being universalHue and cryTurning our attention to the current hue and cry over ‘links to Russia’ and similar partisan initiatives, it is clear that universal directives are being co-mingled – including by design, in part – with more ephemeral, politicised agendas. A potentially more constructive approach to this Gordian knot of policies would be to acknowledge that certain aspects associated at the present time with specifically Russian off-shore practices also serve to highlight more universal issues that require broadly focused application.

Shall we select a few of the more widely covered recent regulatory initiatives to see how this construct might be usefully applied?

CAATSA – This latest addition to the US array of sanctions aimed at Russia adds a novel definitional category – i.e. the ‘Oligarchs List’ – to the typology of sanctions previously articulated by the presidential executive orders of 2014. By its very definition, this is a subjective and ambiguous mechanism that, if anything, serves only to blur or confuse the

inCOMPLIANCE®7

inCOMPLIANCE®

7

REGULATION AND POLITICS

earlier, more clearly delineated categories. It would seem logical to place this new law rather far toward the ‘subjective, politicised’ end of the spectrum.

GDPR – Even though the General Data Protection Regulation is a new6 regulatory regime, it replaces a previous (1995) European Union Directive that was deemed outdated due to relevant intervening technological developments. GDPR articulates data protection rules for exporting EU personal data abroad and mandates their implementation by foreign organisations that process personal data pertaining to EU residents. Its premises include seven specifically defined guidelines7 that seem arguably universal in nature and are intended to be applied as widely as possible.

If one were to extrapolate the vantage of a party not captured perforce by GDPR’s jurisdictional reach – for example, an Australian bank – would GDPR’s purpose and scope seem to support more broadly recognised policy goals, or rather be aimed at achieving ‘subjective, politicised’ purposes? Chances are that a licensed financial institution in Australia would already be committed to some version of most or all of the GDPR’s policy goals; and should such an Australian bank decide to continue maintaining client and counterparty relationships with EU citizens and legal entities, then implementing corresponding adjustments to its pre-existing data protection regime – even if tedious, at first – would be consistent with universally recognised best practices that are no doubt reflected in Australia’s domestic financial regulatory and data protection regimes.

Unexplained Wealth / Interim Freezing Orders – I propose these most recent AML enforcement measures9 as representative of the broader campaign recently unleashed by the UK financial regulatory authorities, together with HMRC and the Serious Fraud Office, to address what has been described repeatedly in the media – and most recently in Parliament – as a significant lack of vigour on the part of these oversight entities, especially with regard to gaining control over vast quantities of allegedly criminal proceeds that have coursed in and through the UK from Russia.

Another way to frame this issue is: can a partisan political

agenda ‘taint’ a decision to enhance or refocus a putatively earnest effort to pursue a compliance mandate? Would a decision to arm the UK’s financial regulatory and investigative authorities with these same enhancements be – or appear to be – more objective or ‘legitimate’ without the brash declarations of war on ‘dodgy Russian’ money? If, as in this instance, the core normative imperative – i.e. intercepting and preventing the flow of tainted (if not criminal) overseas proceeds into the UK’s banks, financial system and luxury goods markets – is unassailable, then does arguably irrelevant political spin damage the integrity of this initiative, or its results?

For the moment, the only available answer is: let’s wait and see. As has been convincingly demonstrated by information divulged in the Panama and Paradise Papers10, there are more than just a few ‘true Brits’ – including cabinet ministers, Members of the Peerage, and even the Royal Family – among the high net-worth individuals and families that have been aggressively exploring the outer boundaries of legality in creatively structuring their off-shore wealth. It stands to reason that a good faith effort to ‘name and shame’ the most vigorous abusers of off-shore special purpose vehicles, anonymous trusts, tax optimisation schemes, etc., is highly likely to unearth a representative share of the home grown British elite. Indeed, it is precisely this prospect that is likely to have played an outsize role in forestalling a vigorous campaign of this nature until the present.

So, for now, these latest enhanced enforcement measures might be placed quite properly at the very centre of our spectrum-construct pending subsequent evidence as to how they are being applied – and toward what ends.

Vladimir Berezansky was one of the first foreign professionals to bring Western (US, UK, EU) regulatory compliance leadership to the Russian/CIS/CEE financial services market. He has more than 15 years of work experience in Russia/CIS and Eastern

Europe, as well as Cyprus, Switzerland and in London’s financial market

1. See: https://www.treasury.gov/resource-center/sanctions/OFAC-Enforcement/Pages/20180315.aspx and http://prod-upp-image-read.ft.com/40911a30-057c-11e8-9650-9c0ad2d7c5b5

2. https://en.crimerussia.com/gromkie-dela/cyprus-tightens-regulations-on-bank-accounts/3. https://www.ft.com/content/9784ba4a-22ff-11e8-add1-0e8958b189ea 4. https://www.theguardian.com/football/2018/may/31/chelsea-shelve-stamford-bridge-investment-climate 5. https://www.reuters.com/article/us-britain-eu-russia/brexit-campaigner-banks-says-story-on-russian-ties-absolute-

garbage-idUSKBN1J60MB 6. GDPR entered into effect 25 May 20187. (1) Lawfulness, fairness and transparency; (2) Purpose limitation; (3) Data minimisation; (4) Accuracy; (5) Storage

limitation; (6) Integrity and confidentiality (security); and (7) Accountability. See, e.g., https://gdpr- info.eu/art-5-gdpr/8. See, e.g., http://www.amlpartners.com/news/aml-compliance/uk-report-blasts-london-russian-money-

laundering/#%2EWxqOnKx3icA%2Elinkedin and http://www.spearswms.com/offshore-offense-hmrcs-tax- evasion-hunt-begun/

9. See, e.g., https://www.independent.co.uk/news/world/europe/oligarchs-sanctions-russia-corruption-british- government-london-salisbury-a8360666.html and https://www.cnbc.com/2018/05/21/london-is-a-laundromat- for-russias-dirty-money-uk-report-warns.html

10. See, e.g., my analysis of the Panama Papers, inCOMPLIANCE Issue No28 (March 2017) and the Paradise Papers, inCOMPLIANCE Issue No34 (March 2018).

inCOMPLIANCE®9

inCOMPLIANCE®

8

GAMING

Raising the stakesTim Porter and Nick Parfitt consider the compliance

challenges facing the gaming industry

inCOMPLIANCE®9

In the first in a two-part series, we consider the current state of regulation in the gaming and gambling sector in the UK, some of the specific features of compliance, and

the near-term challenges that operators face. In the second instalment we will share insights from the global industry and suggest a model for compliance.

Scope and scaleLet’s start with some background, beginning with terminology. ‘Gaming’ is increasingly associated with video and electronic games rather than the practice of gambling. We use the terms ‘gaming’ and ‘gambling’ synonymously in this article. The UK's Gambling Act of 2005 defines gambling as “betting, gaming or participating in a lottery”. The UK regulator is the UK Gambling Commission (UKGC), which exists to “licence and regulate people and businesses that provide gambling”. Gambling activities are categorised by the regulator into sectors: arcades, betting, bingo, casinos, lotteries and gaming machines. UKGC permits gambling and grants licences under the Gambling (Licensing and Advertising) Act 2014 in line with the following “licensing objectives”:• Preventing gambling from being a source of crime or

disorder, being associated with crime or disorder, or being used to support crime

• Ensuring that gambling is conducted in a fair and open way

• Protecting children and other vulnerable persons from being harmed or exploited by gambling.1

The gambling industry in the UK is now worth around £13.8bn2, employing around 107,000 people3 across some 2,800 different operators. UKGC has a staff of around 300 and a budget of £20m.

From an anti-money laundering / counter-terrorist financing (AML/CTF) perspective, casinos have been regulated since 2007, but it wasn’t until the introduction of the 4th EU Anti-Money Laundering Directive (4AMLD) in 2017 that the rest of the gaming industry came under regulation. So now, for online gaming operations through to the local bookmaker, preventing money laundering and countering terrorist financing are critical, and appropriate processes and controls must be in place. UKGC has provided comprehensive guidance on AML/CTF in two documents: one for casinos and one for the rest of the sector.4 In March this year, it published its “Money laundering and terrorist financing risk assessment 2017”5 and it expects all operators to be aware of these risks in their operations.

Eyes downAnd the regulator isn’t taking any nonsense. It has issued fines totalling £8.3m in 2018 so far, as well as publishing a detailed report on the state of compliance within online, UK-registered casino operators. It’s interesting to note that whilst AML fines account for the majority of the value of penalties, the regulator’s focus on strengthening social responsibility in gambling has led to a much larger number of individual fines relating to these types of breaches.

As recently as 20 June 2018, UKGC announced a penalty against 32Red for failure to protect a consumer from gambling-related harm, and weaknesses in AML processes.

Readers are likely to be have heard that fixed-odds betting terminals (FOBTs), described as a “social blight”6 by Matt Hancock, the UK’s Digital, Culture, Media and Sport Secretary, have reduced stakes from £100 to £2. In a single year, there were 233,000 cases in which individual gamblers lost more than £1,000 each7 on these machines. The move to reduce stakes will, of course, cut revenues to bookmakers, but it seems to us to be both welcome and long overdue.

Cultural and business-model nuances of gamingThere are considerable differences in the business risks and relative maturity of compliance within the gambling industry. Traditional onshore casino operators have better-established and more rigorous controls in place compared with online operators, some of whom are based offshore. This may not be surprising, given that 4AMLD is relatively new.

There are also, in our view, clear cultural and behavioural differences between different operators. Concerns over brand and reputation mean that well-established onshore operations have lower risk tolerances, and their dedicated compliance teams are more expert in dealing with the risks to which they are subject. However, the fact that gamblers principally use cash in onshore outlets creates a high degree of opacity in which to launder illicit funds. And while AML/CTF programmes are better established in these outlets, they are often inconsistent and inadequate, as recent UKGC penalties show.

Note that in the gambling sector money laundering tends to be the exchange of funds acquired criminally for money or assets that appear to be legitimate, with gambling operators used for channelling the funds through a form of legitimate business transaction or structure. However, the proceeds of crime may also be used to fund gambling as a leisure activity for criminals themselves. Both typologies may be deeper-rooted in casinos and bookmakers.

Compared with traditional onshore businesses, online gaming operators tend to be highly entrepreneurial and tech-savvy. The have seen rapid growth over the past five years, and may not have given regulatory requirements and compliance the priority they deserve. But it is interesting to note too that the perceived AML/CTF risk in online

GAMING

Get more on the CPD Portal• A money laundering magnet - betting and gaming

industry https://www.int-comp.org/cpd/AMLmagnet/bettinggaming

Not a member?For access to the ICA CPD Portal, among other benefits, become a member today: www.int-comp.org/membership/why-become-a-member

inCOMPLIANCE®11

gaming is much lower than in onshore operations, because everything is digital and in many cases traceable back to a bank account. This is particularly relevant to operators’ obligations to ensure responsible gambling; to monitor behavioural patterns beyond actual spend; to identify gamblers who have opted for ‘self-exclusion’; and to be able to quickly report concerns to the regulator. It does, however, assume that appropriate systems and controls are in place and working, a relatively big assumption that we will examine shortly.

A clean sweepFollowing a thematic review of the sector, UKGC wrote in January of this year to all 195 UK online casino operators warning them to review their procedures and to improve measures that protect customers and prevent money laundering. MLROs were even identified as having no formal qualifications and in some cases were “unable to provide suitable explanations as to what constitutes money laundering”.8 These findings – combined with a lack of customer account usage monitoring, poor analysis of players’ socioeconomic indicators and no rigour in filing Suspicious Activity Reports – suggest that even basic Know Your Customer principles appear to be absent.

This poor understanding of customer behaviour is also reflected in the UKGC’s findings, which showed failure to detect “potential signs of problem gambling based on consumers' gambling pattern and spend” that “in many cases, however … did not trigger a customer interaction”. This suggests that account behaviour is either not being monitored at all or is simply being ignored. It also calls into question whether a player’s actual funds and income supports their level of play, and whether the associated AML implications are understood and controlled effectively.

Failure to address these concerns could result in licences to operate in the UK being revoked. The UKGC further stated that it is investigating 17 online operators and considering whether five of these require a licence review.9

Where to from here for online operators?These organisations have a great deal of work to do if they are to stay in business. The level of effort and cost required should not be underestimated. However, the regulatory and compliance focus should be seen less as a challenge and more as an opportunity to move forward. Successful companies have found a balance between short-term initiatives and longer-term structural changes.

In the short term, operators should carry out the following initiatives:• Apply customer due diligence (CDD) measures to any

transaction that amounts to €2,000 or more, whether in a single operation or in several operations that appear to be linked. IT systems need to be capable of monitoring scenarios to support compliance with this regulation.

• Conduct enhanced due diligence (EDD) where a customer presents a higher risk of money laundering,

and put a risk assessment model in place to determine which customers pose a higher risk.

• Develop the capability to monitor customer accounts. UKGC found little evidence of ongoing monitoring of customer accounts, which means that operators are in breach of Regulation 28(11) of The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. It also means that money laundering and/or responsible gambling issues go unreported.

Being under regulatory scrutiny is not comfortable. But with the correct focus, business engagement and culture – the ‘tone at the top’, ‘mood in the middle’ and ‘buzz at the bottom’ – change is possible. As banking industry players are doing, gaming operators should learn from successful peers and use what they learn to differentiate themselves and create competitive advantage.

In our follow-up article we will look at the gaming industry globally, exploring the jurisdictional nuances of the online operators, sharing views from the operators and looking at a longer term model for compliance in the industry.

Tim Porter is Director at Tim Porter Associates.

Nick Parfitt is Head of Market Planning at C6 Intelligence Group

inCOMPLIANCE®

10

GAMING

1. http://www.gamblingcommission.gov.uk/about/Who-we-are-and-what-we-do/Who-we-are-and-what-we-do.aspx

2. http://live-gamblecom.cloud.contensis.com/PDF/Annual-report-and-accounts-2016-2017.pdf

3. Ibid4. http://www.gamblingcommission.gov.uk/for-

gambling-businesses/Compliance/General-compliance/AML/How-to-comply/How-to-comply-with-your-anti-money-laundering-responsibilities.aspx

5. http://www.gamblingcommission.gov.uk/PDF/AML/Money-laundering-and-terrorist-financing-risk-assessment-March-2018.pdf

6. https://www.thetimes.co.uk/article/2-limit-to-curb-crack-cocaine-of-gambling-ftc6v37hr

7. https://www.theguardian.com/commentisfree/2018/may/17/the-guardian-view-on-fixed-odds-betting-terminals-the-bookies-lose-at-last

8. http://www.gamblingcommission.gov.uk/news-action-and-statistics/news/2018/Letter-to-online-casino-operators.aspx

9. Ibid.

inCOMPLIANCE®11

THE JUNIOR COMPLIANCE OFFICER

Making wavesJames Young considers how junior compliance professionals can

make an impact in the early stages of their career

Regardless of seniority, compliance professionals have the same overarching

responsibility – to ensure the business operates within the regulatory framework through the provision of advice, training, monitoring, relationship management, and challenge to senior stakeholders. Looking back on the early days of my compliance career, I didn’t know what to expect and I found it very difficult to make any kind of impact in my role. Now a senior member of the profession, my own struggles as a junior led me to start a blog looking at how junior compliance professionals can make an impact at the early stages of their career. Below, I share two of the hot topics of my blog to date – challenging the business and regulatory interpretation / communication.

The art of challenge Confronting the business on something that has gone wrong is probably the hardest part of a compliance officer's role. This is especially true for junior compliance professionals who may be tasked with challenging senior colleagues who have been at the company longer and are more familiar with its operations. It is important

to remember that this comes with the territory of being a compliance officer. Here are a few thoughts (developed through trial and error) I took forward in the early stages of my career to really make an impact when challenging the business, which have proved to be quite successful.

Reality check – Compliance is not the most important function in the business. Fundamentally, the business exists to make a profit and compliance is there to support this goal. A top tip for juniors is to ensure you understand your role in the wider context of the business's operations and how you are going to add value. I like to think of compliance's purpose as being to help the business safely take the maximum amount of regulatory risk through the development of pragmatic solutions to regulatory issues identified. Don’t make the mistake of assuming that compliance is the reason the business remains open!

Create a ‘win win’ – Another very useful tip when engaging the business on compliance requirements is being able to illustrate the benefits of compliance to the employee you're engaging with, the customer and the business. Think about the efficiencies offered by an effective compliance system and how to frame this to the

business. For example, I was once tasked with rolling out a uniform procedure across several international offices and was met with strong resistance from an operations manager who oversaw the sites. She saw the roll out as unnecessary and thought that the existing (out of date) procedures did the job but failed to see the increased efficiency in harmonisation in terms of staff training, quality improvement and reduction in key person risk. Framing the roll out in this way aligned our objectives and created a ‘win win’ scenario, and compliance suddenly became a competitive advantage. If you can master this at the junior level, you will really make an impact!

Paving the way – In a previous article1, I explored the importance of the compliance function building positive relationships with the business. This is fundamental to ensuring the compliance function is effective, is trusted within the business, and is kept informed. For the junior compliance officer, getting out into the business and making yourself known is a key strategy. Talk to people about compliance in the context of their role, and continually reinforce the message that you, as a compliance professional, are there to help. Company social

inCOMPLIANCE®13

events can be an excellent way to break down barriers and solidify relationships inside the office.

Everybody’s human – when faced with the adversity of having to challenge the business, it is important to appreciate that everybody is human and is faced with pressures and targets in their own business areas. Taking the time to understand each department, its operations and the challenges of its teams will allow you to be informed when providing challenge, show empathy and gain greater traction on your compliance journey.

Regulatory interpretationAnother fundamental aspect of a compliance officer’s role is interpreting regulation and deciding what this means for the business. While an abundance of material is available on interpreting regulations for businesses, there is little to none on the

methodology behind the process.Break it down – When looking at

regulation, I like to strip it down to the fundamentals and ask the following questions: • What is the regulation trying to

achieve? Having a solid understanding of this will pave the way as you comb through the detail and will give you a better understanding of each rule as you analyse it. It will also prepare you for the inevitable question from the business, "why has this regulation been brought in?" Personally, I have found exploring the "why" with the business has been a

key factor in winning them over.• Where are the key themes of

the regulation? Avoid getting bogged down in the detail, keep in mind the purpose of the regulation, remove the jargon and summarise each provision in general, bitesize terms of no more than three bullet points. Breaking it down in this way will greatly aid your understanding!

Think for yourself – When asking yourself the questions above, the importance of thinking for yourself is vital. Read, digest and critically analyse the primary source (i.e. the text of the actual regulation / statute / directive etc) and come up with your own views about what you think it means for your firm.

Only then should you turn to secondary sources (i.e. guidance papers, seminars etc.), which should be used to challenge

and solidify your

THE JUNIOR COMPLIANCE OFFICER

inCOMPLIANCE®

12inCOMPLIANCE®

13

inCOMPLIANCE®13

understanding and provide an insight into how other firms in your sector are interpreting the regulations and implementing solutions. I typically read 6-12 secondary sources to get a good picture of what the sector is doing and ensure I am on the right track with my interpretation. It will be very tempting to place reliance on secondary material (there is enough of it out there!). However, this is a short-term gain and adopting this approach will never allow you to truly hone your ability to understand the regulations and become an expert in the field.

Look to the horizon – Horizon scanning is a simple yet key tool in the successful management of regulatory risk. A fundamental factor

in assessing risk is probability. The earlier you identify a piece

of regulation that impacts your organisation, the more time you have to understand it and help

your business understand it, which equates to less

probability that your company will become non-compliant! A top tip that helped me as a junior was to devise a list of key websites that provide you with updates and put them into a document or spreadsheet for regular review. The most important

sources can be reviewed and ticked off every morning; the less important / impactful sources can be reviewed less frequently.

Communicating the requirementsOnce you get to grips with what the regulation means, how you communicate compliance requirements to the business is crucial.

Consider your audience – The Board is not going to want a three-page road map on how the business’ call centre is going to comply with new complaints rules. Equally, the call centre is not going to want (or need) a one pager on the firm's overarching strategy. Failing to tailor your regulatory communications to the intended audience doesn't help anybody and actually increases your firm's risk of non-compliance as is creates the risk that requirements are misunderstood and applied incorrectly.

Accuracy is key – It may seem simple, but I cannot stress enough the importance of spelling and grammar being accurate when sending compliance communications to the business. The last thing you want is your audience to be distracted by obvious errors when you are attempting to get your

message across. Although not the most exciting task, taking the extra time to proof read thoroughly pays dividends. Remember, senior business personnel will take an interest in what compliance has to say and you do not want to get noticed for the wrong reasons (i.e. typos!).

Know your regulator – As compliance professionals, we speak a lot about the importance of ‘tone from the top’. In the compliance hierarchy, the very top is the regulator, so it is fundamental that you take the time to understand your regulator and its agenda. Start with the regulator’s objectives and understand what they are trying to achieve. Look to speeches and key publications from senior individuals to get to grips with the agenda. Understanding this from an early stage of your career will serve you well as you progress.

James Young LL.M. Dip (GRC) MICA is Head of Compliance at Dr Martens Airwair International Limited. Any views expressed are those of the author and not that of Dr Martens.LinkedIn - https://www.linkedin.com/in/james-young-74806a130/

THE JUNIOR COMPLIANCE OFFICER

Further reading

Further guidance be read on my blog: thejuniorcomplianceofficer makingwaves.wordpress.com

1. Stepping up, inCOMPLIANCE® issue 33, p.34

Confronting the business on something that has gone wrong is probably the hardest part of a compliance officer's role. This is especially true for junior compliance professionals who may be tasked with challenging senior colleagues who have been at the company longer and are more familiar with its operations

inCOMPLIANCE®13

inCOMPLIANCE®14

Head OfficeWrens Court | 52-54 Victoria Road |

Sutton Coldfield | Birmingham | B72 1SX | UNITED KINGDOMTel: +44 (0) 121 362 7747

Email: ica@int-comp.org www.int-comp.org

International Compliance Association CPD - 2 points

Advice to Readers

inCOMPLIANCE® is published by the International Compliance Association. Reproduction, copying, extraction, or redistribution by any means of the

whole or part of this publication must not be undertaken without the written permission of the publishers.

inCOMPLIANCE® is distributed as a free member benefit to all members of the International Compliance Association.

Articles are published in good faith without responsibility on the part of the publishers or authors for loss occasioned to any person acting or refraining

from action as a result of any views expressed therein. Opinions expressed in this publication should not be regarded as the official view of the ICA or as the

personal views of the Editorial Board members of inCOMPLIANCE®.

All rights reserved in respect of all articles, drawings, photographs etc published in inCOMPLIANCE® anywhere in the world. Reproduction or imitations of these

are expressly forbidden without permission of the publishers.

Printed in England

ICAM647