If you are an entity that holds an Isle of Man Gambling Supervision Commission (“GSC”) licence under the Online Gambling Regulation Act 2001 (“OGRA”), you will be subject to a regulatory compliance visit or assessment.
Typically, a regulatory compliance visit or assessment will commence within the first 6-12 months of the licensed operation “going live” and then for standard risk operators, within 18 months of the previous visit. This is something that can often feel daunting with some operators unclear as to what is expected from them and as to the process and steps undertaken by the GSC throughout this review. In this blog, we will walk you through the rationale for these visits and what to expect before, during and after.
The gaming sector on the Isle of Man is regulated by the GSC. The GSC’s core principles in regulating the gambling industry are to keep the industry crime free, protect the young and those at risk, and to ensure that services offered are fair.
To ensure its licence holders are upkeeping the core principles, and in turn, the reputation and trust within the industry, the GSC is empowered by law to supervise licence holders’ compliance across core regulatory areas such as anti-money laundering and terrorist financing (amongst others).
In accordance with both the Financial Action Task Force (“FATF”) recommendations and the GSC’s own legislation and guidance, the GSC have adopted a risk-based approach to supervision. This approach enables the GSC to allocate resource as to the frequency and scope of assessments and compliance reviews on licence holders.
The GSC issues two different kinds of self-assessments to operators - a general compliance assessment and an AML assessment. Each self-assessment identifies the regulatory requirement and its source, and then requires the licence holder to self-assess its own processes, policies and procedures to determine whether it is considered as met, partially met or not met. In addition, licence holders are expected to provide an explanation and supporting evidence to their evaluation.
The self-assessments and supporting information/evidence are then reviewed by the GSC and may be referred to when an on-site inspection is conducted at a later date. There is also the potential that between the self-assessment submission and the face to face visit the documentation submitted will be scrutinised and actions raised with given timeframes to be completed.
There are two different types of onsite visits - one focuses on general compliance and the other on AML/CFT. These can take place concurrently, or within separate visits (dependant upon the GSC’s requirements and requests). The onsite visit allows for checks to be undertaken into the details provided in previous self-assessments and policies and procedures.
In general, the GSC will provide a 4-week notice period of any suggested visit date and seek to arrange a mutually convenient time for the visit. This gives any off-Island directors and the Money Laundering Reporting Officer (“MLRO”) the opportunity to attend in person on the Island and is something that the GSC would expect.
Once a date has been confirmed, a pre-visit letter will be issued along with the requirements of what information and supporting evidence should be provided to the GSC before the visit and by when. This is now the time to set your wheels into motion as there will be a list of documents and information required to be provided prior to the visit. My top tips would be:
The GSC will go through the self-assessment and cover areas such as:
If the visit is pertaining to AML, you will be questioned on the following areas:
Additionally, you will be asked to show how the systems work, navigate through any back-office systems, and take the GSC through some examples of players. This can include reports on customers who have exceeded qualifying payment thresholds, examples of when CDD has been declined and examples where enhanced due diligence has been requested.
In attendance on the day, there should be at least one director and the Designated Official/Operations Manager. If the visit is pertaining to AML, then the MLRO should also attend or their Deputy and the AML/CFT Compliance Officer. It may also be worthwhile having someone to take notes during the day to refer to for future reference and key learnings for future visits.
A draft report will be sent out shortly after the visit. This will include:
The report utilises a “traffic light” system to highlight areas which they consider to be “satisfactory” (green), “minor” (amber) and “major” (red). They will detail examples of where issues were found either in the policies and procedures or in the dip sample of players.
Licence holders are given the opportunity to provide comment on the draft report (only to the extent of the factual accuracy of the report), and a final report will then be issued.
Where there has been a positive outcome of the visit there may be only areas of improvement recommended. If there are multiple areas to improve upon it may be suggested that a remediation plan is put in place. This should include the following stages: -
The GSC may ask for progress updates throughout the period of remediation and meet with you at the end of the remediation work to ensure that they are happy that all areas of concern have been addressed. However, this will not result in a revised report as the findings are conclusive. The regulator may come back and do a follow up visit or request to see updated documents and issue a further report. However, it should not be underestimated the potential of a poor visit where systematic deficiencies are identified or your own policies and procedures are not being adhered to. For the sake of completeness, we have listed below the potential consequences of a poor visit:
Licence Condition
Directions
Public Statements
The Commission may issue a public statement with respect to or setting out any direction that has been given to you due to the results of the regulatory visit. This is usually only undertaken when the regulator has cause to suspect that the direction has not been adhered to or the AML/CFT legislation has been breached and it is the opinion of the Commission that it is in the public interest to bring it to their attention.
Civil Penalties
If the Commission are satisfied that you have contravened any provision of the Act, you have failed in any respect to comply with AML/CFT legislation or you have given the Commission false, inaccurate, or misleading information regarding AML/CFT legislation then a civil penalty may be imposed.
Warning Notices
A warning notice could be issued to a person who is or has been a director, senior manager, or controller during a period where adverse findings were uncovered during a regulatory inspection.
Establishing good regulatory compliance cannot be achieved overnight, however, we have outlined a few tips below to consider that will contribute towards a successful regulatory assessment:
Amber Gaming can support you with all or any of the above.
If you would like to speak to us about regulatory visits or are interested to know how else we can support you and your business, feel free to get in touch with us.