Definitive Guide to Enhanced Due Diligence for Gambling Operators: Affordability and AML

 Improve Operational Efficiency and Better Ensure Compliance

During 2021 regulatory action taken was taken against numerous gambling operators with punishments, including multi-million pound fines (Casumo £6 million, Daub Alderney £5.85 million and InTouch Games £3.4 million), the imposition of extensive auditing requirements, and license revocation for another six.

Following this, it is extremely important that robust Enhanced Due Diligence (EDD) – or enhanced player profiling which covers both EDD and CDD – are implemented by operators to protect themselves. However, EDD is complex, driving up analyst costs, and putting incredible pressure on operators’ financial resources and profits.

In this guide we cover all the fundamentals best practices that can help you carry out EDD much more efficiently and ensure you achieve your objectives around meeting compliance needs, while, at the same time, knowing more about your customer, and providing the best possible customer experience.

Read on to find out more.

Optimising Simple Due Diligence to EDD Handover

Enhanced due diligence checks are, as the name states, additional, more thorough checks than basic customer due diligence. As they are more involved than basic due diligence, they are more time-consuming and therefore a greater financial burden on your business. It is therefore extremely important that you clearly find the right point when due diligence on a player needs to be escalated from basic due diligence to EDD.

Unfortunately, this can be extremely difficult. For initial onboarding AML regulations, in Europe, under Article 18 of 4AMLD, any business located in a country on the High-Risk Third Countries list requires EDD. However, then in ongoing monitoring, once a player has been onboarded, it is less clear how to define the triggers that mean EDD is necessary. This is the case for AML and especially so for affordability, where it is not only likely that no single variable is enough, but those variables can have conflicting information. For example, in the case of affordability checks in the gambling sector, it might well be that a postcode suggests that the player cannot afford the amount they are spending, but their income would suggest otherwise.

Without set rules for when EDD should be done, it means, if you set the risk threshold too low, you may review too many cases unnecessarily, pushing up your analyst team costs, or stretching your present ones too thin. It may also mean that if their accounts are frozen while you do a player review for affordability, they may go elsewhere, and you lose a customer. On the other hand, set risk thresholds too high and organisations may inadvertently not deliver on their responsibilities and obligations around affordability to protect players and the world at large from the threat of money laundering; in turn, find themselves exposed to the higher possibility of getting fined.

How to Create that Balance?

As with any other part of your business a systematic, data driven approach should be taken. Business-wide there should be discussions in order to identify likely risk triggers based on everything from internal experience to external resources like the Gambling Commission website.

• Start with a low-risk threshold – this will allow you to carry out EDD and filter the results back into the system, whereas starting with a high-risk threshold will only mean you will find out too late when you have either been fined or harmed a player.
• A/B testing – Using a low-risk strategy will provide great feedback if an unusually high rate of EDD testing proves to be a false alarm, allowing you to adjust. However, it doesn’t reveal the exact sweet spot where EDD should be triggered. A solution to this may be to try some form of A/B testing with differing levels of tolerance that should allow you to more quickly find that optimum point for triggering EDD.
• Analysis – The idea should be to measure the results from EDD and adjust your initial risk assessment rules. Allow rules to grow and become more sophisticated.
• Weighted triggers – Rather than just using single triggers, weighted ones and risk scoring may help to find the right balance more accurately.
• Wholistic approach – As risks found during EDD can give insight into optimising where the level of due diligence handover takes place, it is best to plan out how both stages are measured together.

The EDD Process

Unlike customer due diligence where, for example, if the conditions are met on background it is sufficient for you to have proof of address or a copy of a passport, EDD is a much more complex process where there are few set rules that say, “show me this and you have passed compliance”; but rather the onus is on the operator to build up a case that justifies their decision to let a player continue playing. As such it is an investigation and should be pursued as such.

In addition, similar to the issue of there being no set guidelines on when EDD should be done, there are no official guidelines on what enhanced due diligence should entail, what the report should look like, and how much information on a customer it is necessary to collect. Fines can be given for not referring enough cases to EDD checks, not having a rigorous approach and for not investigating them in enough detail. This is understandably daunting, but there are a number of things you can do to help protect yourself if you are audited.

Use Multiple Data Sources

There are a multitude of different data sources, including financial data from credit reference agencies, land registry documents, Companies House, among others, and each of them provides different insights into a customer. In the example, given earlier of an affordability assessment and a trigger because someone is spending a lot of money, it might well be that salary information suggests they are not gambling responsibly but a look at other sources means that they have several properties that could enable you to justify their spend. The reverse could also be the case that they have a high paying job but also a number of directorships for failed businesses.

Open-Source Intelligence

Adverse media or open-source intelligence (Google search) is also extremely helpful and in fact a recommended data source from the UK Gambling Commission. It is extremely valuable as it may reveal details around recent inheritances, property, other businesses, a wealthy background, that they were an ex-professional footballer or singer, or any other thing that could justify your decision.

Rigorous Investigative Methodology

In an EDD investigation, it is not enough to just gather a lot of information from various sources if they don’t properly provide evidence that addresses the risk. Not only will you likely find yourself failing compliance, but it is also means that you may spend more time than is necessary as the case could have been proven with less information.

It is therefore essential that you first thoroughly research, discuss, get together test cases, and then create search and risk assessment scenarios that your team estimates will meet compliance guidance. As with any other process there should be benchmarks around cost and compliance that can be finetuned for the future.

An additional benefit of this kind of methodology is that if you are required by the Gambling Commission to justify your decision-making, you will already have the information at hand.

Cross Business View and Data Collection

To ensure that the processes you implement are done more effectively, they shouldn’t be siloed but standardized across your analyst teams, brands, and departments to ensure cross-fertilisation of knowledge and a Single Customer View. In fact, the Gambling Commission have gone further with the ambition that a Single Customer View could be available across operators.

This should include strategies to ensure that internal data that may be helpful to an EDD check is integrated into the search and risk assessment workflows. One issue for larger brands with various sub-brands is that when a player has been flagged on one brand, they will move to a different one. It is incredibly important therefore that a system is put in place that allows that sharing of information. One aspect that needs to pay particular attention to is to make sure that GDPR data regulations are followed.

Data Agnostic

Every investigation is different with slightly different data needs.  Work with our partners suggest that they need at least 7 or 8 datasets before they can rest assured, they have done the appropriate level of due diligence. However, there are a multitude of data providers in the market with each with their merits but limitations and costs. Considering those costs there might be an understandable desire to try and solve all your compliance needs with a limited set of data.

It is important therefore to take a data agnostic approach to your needs. When you source data or technology make sure that they also have the widest flexibility in their data offering, even better also have that data agnostic approach.

Data Source Analysis and Collation

Once you have collected data from across your different data sources, it is not enough to put the siloed findings in a report. You have to show that you have drawn a wholistic picture of an individual. Any such picture will show your methodology on false positives by evidencing connecting information around an entity – addresses, phone numbers, jobs – across the different data. It will then mean you bring that picture together to describe the risk around that person.

Risk Scoring and Assessment

The risk-based approach that distinguishes EDD from simplified due diligence continues into how into how you evaluate risk in EDD. In an EDD investigation you are looking for specific individual information around an individual – like property, or open-source information around criminal activity or positive things like community contributions – but it is likely that no one of those is a ‘smoking gun’, so you need to risk score to give an overall grade. This needs to be done for those multiple data sources as a whole.

Detailed Documentation

With scrutiny increasing from the Gambling Commission, your chance of being audited becomes ever more likely. If that happens, your reports that you submit are a fundamental part of that process. Your entire process should be documented and all evidence and research auditable with sources available in a standardised report. This is particularly important as you may be asked to provide that report a long period after it is initially written, necessitating the need to also make sure all sources are still available, and your report is up to date.

Employ Technology

Manually searching, analysing, and reporting across multiple disparate data sources is an extremely time-consuming, expensive and difficult exercise, with the problem of trying to draw connections from data in various different formats particularly problematic (an analyst can cost £25K per annum plus training costs).

A software solution that can automate this process allows you to get the research done for an EDD check much faster, leaving you with more time to decide. In addition, it will allow you to generate a standardised and auditable report to present to the relevant authorities.

Get Professional Help if Needed

As we have indicated carrying out EDD checks is a complex business, and if the correct risk triggers, search parameters, links between entities, and suspicious activity are not identified and thoroughly investigated, it will cost your business not only in terms of failed compliance, but lost customers and employee time. You should ask yourself as a business if you have the in-house skills to carry out credible, professional EDD checks. If not, you should like to employ a consultant or business that has this expertise.

Re-engage your Customer

Assume your customer is legitimate and ask them to help with the EDD check by answering questions and providing further evidence.

Commercial monitoring

As the status of a customer can change at any time, it shouldn’t be the case that you just do the check while onboarding or after a large deposit. You should build ongoing monitoring into your processes to check for changes to the risk triggers.

About Synalogik

Synalogik’s software platform, Scout®, is a one-of-a-kind automation solution for enhanced player profiling investigations and reporting. Scout is data agnostic, integrating internal, open source and out-of-the-box most 3^rd party data providers, allowing you to seamlessly automate search and reporting across all the datasets you use, not just the ones included from your solution provider. Our 3^rd party integrations include Equifax, W2 Global, LexisNexis, Creditsafe, TransUnion, GBG and many more.

As every customer has their own investigation requirements and risk based approach, it inevitably means that they end up using additional datasets outside of the solution provider and any automation isn’t seamless. Our open approach means it is possible to have more complete automation across all your datasets, delivering greater efficiency and insight.