The AML/CFT obligations require casino and gaming licensees, more specifically B2C licensees offering Type 1, 2 and 3 games, to apply a risk-based approach in applying AML/CFT measures, controls, and procedures. They are primarily required to appoint a Money Laundering Reporting Officer (MLRO) of sufficient seniority and command whose main responsibility is to analyse unusual or suspicious activity or transactions observed within the business activity, and to follow up the same as necessary through the filing of a suspicious transaction report (STR) with the FIAU. In addition, the appointed MLRO has to be registered with the FIAU and an approved Key AML Function by the MGA, in line with the Gaming Authorisations and Compliance Directive (Directive 3 of 2018) and the Directive on the Key Function of the Prevention of Money laundering and the Financing of Terrorism (Directive 3 of 2020).
The basis of ensuring AML/CFT compliance is to carry out a Business Risk Assessment to understand the risks and vulnerabilities the licensee may be exposed to. Following this, the licensee has to devise a Customer Acceptance Policy and transcribe its AML/CFT policies and procedures outlining how the company will be abiding with its Customer Due Diligence and other various AML/CFT obligations.
While licensees are required to carry out identification procedures and ongoing monitoring from the initiation of a business relationship, the majority of the obligations are triggered once the client reaches a threshold of €2,000 in accrued deposits throughout the business relationship or over a rolling period of 180 days. More specifically, subject persons are required to conduct a customer specific risk assessment and verification procedures and build a business and risk profile of the customer, including by obtaining source of wealth and source of funds information and documentation on a risk sensitive basis. Furthermore, within the context of a business relationship, subject persons need to ensure that proper ongoing transaction monitoring is carried out on a risk-based approach throughout the course of the business relationship.