Systemic senior management failure to protect consumers and prevent money laundering will result in the William Hill Group (WHG) paying a penalty package of “at least £6.2 million”. A Gambling Commission investigation has revealed that, between November 2014 and August 2016, the gambling business breached anti-money laundering and social responsibility regulations.
Senior management failed to mitigate risks and have sufficient numbers of staff to ensure that the company’s anti-money laundering and social responsibility processes were effective. This resulted in ten customers being allowed to deposit large sums of money linked to criminal offences which resulted in gains for WHG of around £1.2 million. WHG did not adequately seek information about the source of the funds or establish whether the people involved were “problem gamblers”.
WHG will pay more than £5 million for breaching regulations and divest itself of the £1.2 million earned from transactions with the ten customers. Where victims of the ten customers are identified, they will be reimbursed. If further incidents of failures relating to this case emerge, WHG will divest any money made from these transactions.
WHG will also appoint external auditors to review the effectiveness and implementation of its anti-money laundering and social responsibility policies and procedures and share learning with the wider industry.
Neil McArthur, executive director of the Gambling Commission, said: “We will use the full range of our enforcement powers to make gambling fairer and safer. This was a systemic failing at William Hill which went on for nearly two years. The penalty package, which could exceed £6.2 million, reflects the seriousness of the breaches. Gambling businesses have a responsibility to ensure that they keep crime out of gambling and tackle problem gambling. As part of that, they must be constantly curious about where the money they are taking is coming from.”
William Hill Group’s failures
Examples of WHG’s failures (note that all figures are approximate) include the following:
*a customer was allowed to deposit £654,000 over nine months without source of funds checks being carried out. The customer lived in rented accommodation and was employed within the accounts department of a business earning around £30,000 per annum
*a customer was allowed to deposit £541,000 over 14 months after the operator made the assumption that the customer’s potential income could be £365,000 per annum based on a verbal conversation and without further probing. The reality was that the customer was earning around £30,000 per annum and was funding his gambling habit by stealing from his employer
*a customer who was allowed to deposit £653,000 in an 18-month period activated a financial alert at WHG. The alert resulted in a grading of ‘amber risk’ which, in accordance with the licensee’s anti-money laundering policy, required a customer profile to be reviewed. The file was marked as having been passed to managers for review, but this didn’t occur due to a systems failure. The customer was able to continue gambling for a further six months despite continuing to activate financial alerts
*a customer was identified by WHG as having an escalating gambling spend with deposit levels exceeding £100,000. WHG interacted with the customer seeking assurances that the customer was ‘comfortable with their level of spend’. After receiving verbal assurance and without investigating the wider circumstances, the operator continued to allow the customer to gamble. In the Gambling Commission’s view, that interaction was inadequate and didn’t review the customer’s behaviour sufficiently to identify if their behaviour was indicative of problem gambling
*a customer exceeded deposits of £147,000 in an 18-month period with an escalating spend and losses of £112,000. WHG systems identified the issue, but its only response over a 12-month period was to send two automated social responsibility e-mails. The Gambling Commission’s view is that this action alone wasn’t sufficient given the customer’s gambling behaviour coupled with the severity of the losses
All gambling business operators are advised to read William Hill International: Regulatory Settlement for further details and the lessons to be learned.
In response to the news, William Hill’s CEO Philip Bowcock stated: “William Hill has fully co-operated with the Gambling Commission throughout this process, introducing new and improved policies and increased levels of resourcing. We have also committed to an independent process review and will work to implement any recommendations that emerge from that review. We are fully committed to operating a sustainable business that properly identifies risk and better protects customers. We will continue to assist the Gambling Commission and work with other operators to improve practices in the areas identified.”
Reaction from the industry
Nick Gaubitch, research manager (EMEA) at Pindrop, commented: “The penalty imposed on the William Hill Group shines a rather interesting spotlight on fraud detection within the industry. We often come across fraudulent behaviour related to money laundering on a global scale. It’s more difficult to detect as there are no direct monetary losses. That said, how efficiently companies mitigate risk and fraudulent transactions, and particularly so with machine learning and voice authentication, should play a key part in defending vulnerable channels.”
Gaubitch continued: “With 60% of fraud originating from the phone channel, we can assume that there’s some transactional activity taking place over the phone, whether that be checking a transaction has gone through or managing betting account balances. There’s an opportunity here for the betting and gaming industry to use machine learning technology to detect potentially fraudulent behavioural patterns and anomalies in real-time, in turn eliminating the risk of investigations and large fines.”
In addition, Gaubitch explained: “More advanced technology that builds upon some of the basic security validation foundations that exist in the Call Centre environment today is Phoneprinting. This introduces multi-factor analysis of an incoming phone call. The technology identifies specific components about each call such as location, device, behaviour and whether the phone has been used to call the company before. It combines this with voice technology and machine learning data to help keep businesses secure. For example, the tool would detect a potentially fraudulent transaction in real-time before it becomes an issue after having assessed over 1,380 aspects of that caller faster than any human would be able to.”
In conclusion, Gaubitch told Risk UK: “In terms of how this would practically work in the betting and gaming industry, a suite of authentication technology and fraud detection tools passively analyses short utterances of a caller’s speech, the overall audio signal of the call and the touchtone behaviour, regardless of whether that caller is interacting with an automated or live Call Centre agent. Capturing odd behaviour patterns and irregular account dealings, while also authenticating legitimate customers and their actions, has to be the way forward for betting firms in order for them to remain compliant and protect their customers.”