Casino Malta Limited has been handed a €233,834 administrative penalty by the Financial Intelligence Analysis Unit in connection with breaches of anti-money laundering and terrorist financing laws.
The Casino fell foul of a number of anti-money laundering regulations, however specific concern was raised over the lack of procedures when filing an internal suspicious report to the company’s Money Laundering Report Officer (MLRO) and the lack of enhanced due diligence (EDD) on high-risk players.
On the former, the FIAU said first and foremost that the company needed to allocate more resources to the MLRO.
Secondly, the FIAU noted that company’s procedures did not adequately outline what should happened when an internal suspicious report is submitted to the authority.
The FIAU’s enforcement committee said that there were three players who should have been flagged by the Casino as being suspected of facilitating money laundering or the financing of terrorism and should therefore have been reported to the FIAU.
In the first case, the player was Maltese who registered with the casino in 2015 and who was listed as ‘selfemployed – plasterer’ in his player profile.
The Company allocated a low risk rating to this player but in the course of the business relationship, this player was arraigned in court for allegedly being involved in drug trafficking with a freezing order also issued against him.
“The Company, although unaware of the freezing order, knew of the ongoing court proceedings against the customer. Notwithstanding this, the Company never submitted an STR [Suspicious Transaction Report] to the FIAU in relation to this and continued to allow the player to wager substantial amounts,” the FIAU said.
The second case concerns a former Politically Exposed Person (PEP) who registered with the casino in 2015 and who was, despite being a PEP, allocated a low-risk rating. The PEP was not named in the report.
“The Company conducted open source checks in 2019 which resulted in the discovery of the player’s alleged involvement in bribery and tax evasion at the time of the formal appointment. Notwithstanding this discovery, the customer was still allowed to continue wagering great amounts in cash. Despite all of this, the Company failed to submit an STR to the FIAU,” the committee said.
The third case concerns a business owner who registered with the casino in 2016, and was subsequently assigned a low risk rating in 2019 even though the casino had been aware that the player had been served with a judicial letter demanding him to pay over EUR500,000 in unpaid taxes, since 2017.
“Moreover the Committee also noted that the Company had adverse records which suggested that this customer had been involved in fraudulent events which included tax evasion. Notwithstanding this, the Company still failed to submit an STR to the FIAU,” the committee said.
Casino failed to carry out rigorous enhanced due diligence checks on high-risk players - FIAU
The FIAU’s enforcement committee noted that the EDD procedures and measures in place were not rigorous enough and did not provide enough insight on players, particularly when it came to their source of wealth and source of funds.
“This is mostly due to the fact that the information collected was obtained from unverified open sources,” the committee wrote in its enforcement notice.
The Committee remarked that 28% of the player profiles reviewed were allocated a high-risk rating at some point during the business relationship and noted that where heightened risk was indeed observed, the Company failed to carry out the necessary EDD measures.
One such case concerns a player who was the CEO of a company and had connections to Turkey.
“The player dropped over €1 million, the majority of which amount was in cash and using eight different bank accounts. Moreover, a change in transaction pattern was noted,” the committee wrote.
The Committee noted that in view of the high gaming activity, the fact that the player utilised eight different bank accounts and the change in transaction pattern, the Company should have carried out additional measures such as obtaining documentation as to this player’s source of wealth as well as the income earned, and other returns generated through his employment/businesses.
A second example concern a student with links to China who was allocated a high-risk rating. He too dropped €200,000 in cash, and lost over €80,000 of them.
The Committee remarked that it was not provided with any reassurance as to how a student could afford such substantial gaming activity/deposit in a relatively short period of time (from January 2019 to December 2019).
The Committee also observed that 22% of the player profiles it reviewed were allocated a low or medium risk rating but made transactions of a substantial amount which one wouldn’t expect from clients allocated such a risk level.
The Committee pointed out that this customer activity should have triggered the Company not only to carry out an update of the risk rating but independently of the rating, to carry out the necessary enhanced measures to manage the risks of such activity.
One example of such a player was one who dropped over €2 million, of which he lost €900,000, in the space of the three years (between 2016 and 2019).
The investigating committee also found that 10% of the player profiles reviewed did not have a permanent residential address listed, instead having a hotel address. A further 6% of the profiles reviewed had foreign addresses which were either invalid or did not exist.
Another 20% of the player profiles reviewed relied solely on information provided by the player, with the company not doing anything to verify the information provided, the FIAU said.
“The Committee observed that the Company’s overall procedure of obtaining information and/or documentation related to the purpose and intended nature of the business relationship was inadequate and did not aid the Company in building a complete and thorough business and risk profile of the customers it services, especially of those who pose a higher risk of ML/FT,” the FIAU said.
The Casino was also found to have breached regulations concerning their Business Risk Assessment and Customer Risk Assessment procedures, amongst other breaches.
As a result of all of the above, the company was handed a fine of €233,834 and served with a number of follow-up directives which it has to follow.