The Financial Intelligence Analysis Unit (FIAU) has issued a €233,834 fine to Casino Malta Limited €226,902, due to irregularities found during a compliance review carried out in 2019. The review found the company in breach of anti-money laundering rules and was also issued a follow-up directive by the FIAU.
Casino Malta Limited is a local land-based casino that launched at the end of 2015, almost entirely owned by Eden Leisure Gaming Limited, with OEG Malta Holding Limited owning a single share.
The FIAU noted that the company had first carried out its business risk assessment (BRA) in April 2019, over a year after when it became an obligation to draft one (January 2018). The company had contended that there was no stipulated date by when it was meant to be carried out, however, the delay meant that the company failed to identify and assess threats and vulnerabilities to which the casino is exposed to.
It also noted that the company’s BRA segmented countries into three categories of risk however there was no justification for the categorisation provided.
Furthermore, while it did consider the results of the national risk assessment published in 2018, it did not include a supranational risk assessment. The company had based its representations based on legislation which said that either the national risk assessment or the EU supranational risk assessment can be considered, however, the FIAU stressed the importance of taking both into consideration and that the legislation said otherwise.
Therefore, unless one of the two was unavailable at the time of drafting the BRA, both the national and supranational risk assessments need to be considered.
When analysing the company’s customer risk assessment (CRA) the FIAU found that its procedure was not in line with the risk factors outlined in its BRA, and did not take into consideration all the money laundering/financing of terrorism (ML/FT) risks which it is exposed to.
The FIAU found that the CRA only focused on customer and geographic risks, while product, service, transaction, and delivery channel risks were not considered. It also said that the company is obliged to consider each respective casino player’s reputation, nature and behaviour in the CRA.
It was also found that the CRA did not include political exposure risk in its risk-scoring calculation tools. This was something which the company admitted was an error and was immediately fixed.
There were other inadequacies identified in the CRA. Firstly that it was only carried out in January 2019, and when it came to geographic risk, it only considered the player’s place of residency.
The company explained that the residency risk refers to the place of business and/or legal residence of the customer, and also provided an overview of the amendments undertaken in relation to the CRA after the examination.
The FIAU remarked that the company lacked a documented customer acceptance policy (CAP) at the time of the review.
Furthermore, it found that 10 per cent of player profiles reviewed did not have a permanent residential address listed, but instead had temporary addresses such as hotel addresses.
The overall procedure of how the company collected information and/or documentation was criticised by the FIAU for being inadequate and did not help the company build a complete and thorough risk and business profile.
This was highlighted in the fact that the company relied on the casino players’ occupation details which were provided at the time of registration, and that the company did not request further explanations or proof of source of wealth or funds.
For around 12 per cent of player profiles, the occupation information was found to be rather generic. One example was a player who submitted that they were an employee of a local reputable bank, and another was a student. The FIAU stressed that this was insufficient for the purpose of determining the player’s purpose and the intended nature of the business relationship.
When it came to transaction monitoring the FIAU observed that the company failed to scrutinise transactions in a manner that would allow it to determine whether they were in line with the player’s business and risk profile. It also failed to monitor the transactions of high-risk individuals who made large transactions and used cash as a payment method.
The enhanced due diligence procedures of the company were also criticised for not being rigorous enough and failing to take proper measures on players who would be classified as high-risk.
In one case, a player who was a student linked to China was classified as high-risk. He had dropped over €200,000 in cash and lost over €80,000. The FIAU remarked that it was not provided with any reassurance of how a student could afford this level of gaming activity in a relatively short period (January 2019 – December 2019).
The FIAU also noted that there were shortcomings in the company’s reporting procedure and its awareness and training of employees.
At the time of writing the penalty is not yet final and may be appealed by the company before the Court of Appeals.
Annual STI testing for non-EU massage therapists amounted to ‘slander,’ admit health authorities
Health authorities kept quiet about changes to the legal provisions
KM Malta Airlines announces extra flights and special fares for MEP and local council elections
To qualify for special fares, all travel needs to take place into and out of the same city
European Parliament adopts regulation making it easier for companies to be paid on time
The maximum credit term under the new Late Payment Regulation is to up to 120 days, for some sectors