| UK & Europe | Articles
A firm’s approach to vulnerable customers should not be seen in isolation. It is part of a wider framework of controls to make sure there are sufficient customer insights to enable the right decisions to be made. This should be across financial crime controls as well as social responsibility requirements.
It is certainly true that the Gambling Commission takes this holistic view, and has fined firms for a failure to control, failure to investigate, and failure to prevent, including the following cases:
- 7,000 customers who had chosen to self-exclude were still be able access their accounts
- A customer was allowed to deposit £654,000 over nine months without source of funds checks being carried out.
- A customer was allowed to deposit £541,000 over 14 months after the operator made the assumption that the customer’s potential income could be £365,000 per annum based on a verbal conversation and without further probing. The reality was that the customer was earning around £30,000 a year and was funding his gambling habit by stealing from his employer.
- A licensee did not query one ‘VIP’ customer’s spending rising from £200 a month to £10,000 a month.
Governance and culture
There should be a clear allocation of roles and responsibilities within the organisation to show who will address customer vulnerability issues. PMLs and senior management should be able to evidence that they are undertaking appropriate oversight, and taking action where required.
On the culture side, there’s a clear message from the Gambling Commission that firms should move the focus away from ‘problem gamblers’ to a broader view of ‘problem gambling’ – a proactive consideration of why vulnerabilities may occur, rather than simply a reactive process to address them.
Process and control
Firms must put in place clear and effective policies and procedures to identify and address customer vulnerability issues. Policies should be kept up to date and made widely available throughout the organisation. Controls put in place should be appropriate for the risks and the environment – reflecting the different challenges of remote and non-remote operations.
Training and competency
All staff involved with providing a service to clients (or providing oversight) should be trained to identify possible vulnerabilities. This should not only include the identification of potential vulnerabilities but also how to empathise with clients and what steps are available and appropriate to support clients who are vulnerable for particular reasons.
Training should not be a one-off ‘sheep dip’ exercise, there should be an ongoing programme of refresher training, and measures to check that staff have taken in what they have been taught. It’s also important to support staff through this process. They may deal with very difficult situations and support to staff is vital. It is important staff know where to turn if they need help dealing with a situation.
Identification and action
There is a requirement for operators to ‘use all relevant sources of information to ensure effective decision making’. For remote gambling, the recent Gambleaware report highlighted the expectation that firms will use behavioural analytics, and mine the risk streams of data they hold to identify problematic behaviour. In fast moving environments, players can move into problematic ‘hot state’ gambling very quickly. Firms should have appropriate measures in place to identify issues – in a 24/7 gaming operation that means 24/7 monitoring too.
Where customers wish to self-exclude the process should be clear and simple to execute. Where requests are made they should be actioned promptly and effectively, across all areas of the business (eg. exclusion from gaming, closure of accounts, removal from marketing lists).
Record keeping
Firms need to ensure they maintain accurate records of why action was taken, and perhaps more importantly, why it wasn’t taken. Any assessment of a client as vulnerable must be worded sensitively, particularly as it may be ‘special category’ data under GDPR. Remember clients have a right to request records of information a firm holds on them.
Helping gambling firms reduce the risk of customer harm
Bovill has a wealth of experience in helping firms strengthen their procedures to prevent financial crime, and also in advising firms in developing the broader control framework to reduce the risk of customer harm.
