BEFORE YOU GO...
Check how Shufti Pro can verify your customers within secondsRequest Demo
The Financial Intelligence Analysis Unit has ordered a Malta-based remote gaming operator to pay €236,789 to settle several anti-money laundering deficiencies discovered in its compliance review.
In April 2018, Glitnor Services Limited was established in Malta, subsequently reviewed by the Financial Intelligence Analysis Unit (FIAU) for 10 anti-money laundering regulation violations, and fined €236,789. Whilst the company had implemented ‘alerts’ for monitoring transactions by its players, they were not deemed sufficient to prevent money laundering and terrorism financing. FIAU found several irregular activities and changes to gaming patterns observed by seven players but went unreported.
The report said, “After a month and a half from registering as a company’s customer, one player deposited over €3,000 across 38 transactions ranging between €25 and €100 in 9 days. The highest deposits were made on 2 subsequent days, with the player depositing €800 daily. These 2 days should have triggered the company to question such a spike, especially considering that the player was a relatively new customer and no information on his income was known to the company. Despite this, the player’s activity went unnoticed for another 6 months; until then, the player had already deposited a total of €35,000 and withdrew a total of €25,000, thus losing approximately €10,000 in less than 8 months. Up until the day of the examination, no evidence was found indicating that ongoing monitoring checks were carried out on this player. Moreover, the company was still short of, at least, understanding the income streams of this customer.”
The company failed to carry out any checks or inquire about the source of the player’s wealth or funds, in another instance, when a player deposited a total of €61,942 and lost €12,040 over 13 months.
In an FIAU report, the company reported that spending levels matched customer risk profiles after increasing transaction monitoring thresholds. During the review, the team also identified several instances where enhanced due diligence should have been conducted on customers but was not done.
No enhanced due diligence performed on a 30-year-old player from a non-EU jurisdiction who deposited approximately €12,100 with prepaid cards, nor was there any enhanced due diligence performed on a player who deposited approximately €8,450 over two days.
Furthermore, the review found that over 80% of its customers had not been screened for Politically Exposed Persons (PEPs), even though all had exceeded the €2,000 threshold, which should have prompted further checks.
The review found that several risks were not adequately addressed by the company’s Customer Risk Assessment (CRA). A source of wealth assessment failed to consider the customer’s geography, residence, and the risks associated with their source of wealth or economic profile. Nonetheless, the company has implemented a new method of scoring CRAs that incorporates all risks into the scoring process. However, the FIAU insisted that the “significantly inadequate” procedures during the compliance examination could not be overlooked.
The authority noted that several policies and procedures were missing, incomplete, or inaccurate during the examination. There was no mention or explanation in the policies and procedures for determining a customer’s business and risk profile. Still, at the same time, the company also included checks requiring corporate customers to be examined – even though corporate customers are not offered the company’s services, and no third parties are subcontracted to provide those services.
Following a review, the company could not obtain identification and residential address documentation within the legal 30-day period. According to the FIAU, the number of incidents in which the company failed to follow its processes does not reflect a systemic problem.
A number of the risks associated with the company’s products were not adequately addressed in the company’s Business Risk Assessment (BRA), according to the FIAU. The company’s internal reporting and training obligations were also lacking.
According to the FIAU’s reasoning for the penalty, “The Committee was particularly concerned with the company’s issues regarding ascertaining that the gaming activity entertained by it was in line with the customers’ funding abilities. Furthermore, at times, the company’s inability to at least cross-check the players’ gaming activity against basic information on the employment and the inability to manage heightened risks of certain customers serviced by it was also a cause of concern for the Committee.”
As part of its review, the FIAU noted that the company cooperated well and had begun working on some action points, however overall, FIAU could not help but observe that “at least up until the compliance review, the failures observed confirm that the Company has not given due regard towards its AML/CFT obligations.”