A Malta-based remote gaming operator has been ordered to pay €236,789 by the Financial Intelligence Analysis Unit after several anti-money laundering shortcomings were found in a compliance review held in 2019.
Glitnor Services Limited, which is today based in Sliema, was opened in Malta in April 2018 and was subject to a compliance review by the FIAU the following year.
The review found that the company had breached 10 regulations concerning the prevention of money laundering, thereby earning it a fine of €236,789 last week.
The review found that while the company had a set of ‘alerts’ in place to monitor transactions by its players, these were not deemed to be comprehensive enough to combat money laundering and the financing of terrorism.
In all, the FIAU found that there were changes in gaming patterns and other irregular activities which were noted for seven players but which went unchecked.
“After a month and a half from registering as a customer of the Company, one player deposited over €3,000 across 38 transactions ranging between €25 and €100 in 9 days. The highest deposits were made on 2 subsequent days with the player depositing €800 on each day,” the report on the review said.
“These 2 days should have served as a trigger for the Company to question such spike, especially when considering that the player was a relatively new customer and no information on his income was known to the Company. Despite this, the player’s activity went unnoticed for another 6 months, until then the player had already deposited a total of €35,000 and withdrew a total of €25,000, thus losing approximately €10,000 in less than 8 months,” it continued.
“Up until the day of the examination, no evidence was found indicating that ongoing monitoring checks were carried out on this player. Moreover, the Company was still short of, at least, understanding the income streams of this customer,” it added.
Another example saw a player deposit a total of €61,942 and lose €12,040 across 13 months, but the company again failed to conduct any checks or carry out any enquiries on the player’s source of wealth or funds.
The FIAU noted that after the review, the company had implemented additional transaction monitoring thresholds to ensure that the level of spending is in line with the risk profile of the customer.
The review also found multiple instances of where enhanced due diligence on a customer should have been carried out, but never was.
For example, no enhanced due diligence was carried out on a 30-year-old player from a non-EU jurisdiction deposited a total of around €12,100 all via pre-paid cards, and neither on a player who deposited €8,450 in two days.
The review found that the company had also failed to conduct Politically Exposed Person (PEP) screenings on over 80% of its customers – all of whom had reached the €2,000 deposit threshold which should have raised an alarm for more checks.
The review also found that the company’s Customer Risk Assessment (CRA) did not adequately consider a number of risks, noting that the company did not consider the customer’s residence and geographical background in connection with their source of wealth and nor did it consider the risks posed by a customer’s source of wealth or economic profile.
The FIAU noted that since the compliance examination, the company had adopted a new CRA scoring methodology which took all risks into consideration, but said that the “significantly lacking” procedures at the time of the review could not be disregarded.
The authority noted that a number of policies and procedures were, at the time of the examination, missing, incomplete or inaccurate. For example, the said policies and procedures did not mention or explain the requirement to develop a customer’s business and risk profile, but at the same time included checks which had to be carried out on corporate customers – even though the company does not offer its services to corporate customers and did not subcontract any third parties.
The review found that the company had failed to obtain proof of identity and residential address through documents within the 30-day legal timeframe, but the FIAU here noted that the number of cases where the company’s processes were not followed in this regard is now and not indicative of a systemic issue.
The FIAU said that the company’s Business Risk Assessment (BRA) was not comprehensive enough because it, amongst others, failed to take into account a number of risks emanating from the products which the company offered.
Further shortcomings were found in the company’s training obligations and its internal reporting.
“The Committee was particularly concerned with the Company’s issues when it comes to ascertaining that the gaming activity entertained by it was in line with the customers’ funding abilities. Furthermore, the Company’s inability, at times, to at least cross-check the players’ gaming activity against basic information on the employment and the inability to manage heightened risks of certain customers serviced by it was also a cause of concern for the Committee,” the FIAU said in its reasoning on the granting of the penalty.
It noted that the company had a good level of cooperation and had started to work on some action points, but on the whole the FIAU said that it couldn’t but note that “at least up until the compliance review, the failures observed confirm that the Company has not given due regard towards its AML/CFT obligations.”
As a result, an administrative penalty of €236,789 was imposed due to the aforementioned breaches identified.