Protecting customer money: lessons for gambling from investment
6 September 2019
If you are licensed by the Gambling Commission and hold customer money you need to pay close attention to your regulatory obligations. The same principles around the protection of these funds apply to investment firms in financial services. The approach by the FCA in applying their CASS client money rules can give useful pointers to the gaming industry. There’s hard won experience from investment firms which can be very useful. Increased regulatory scrutiny always hits the bottom line – do the simple things right and you will save money.
Focus areas if you hold customer funds
At Bovill, we’ve helped numerous firms climb the mountain that is the FCA CASS regime, and we apply that experience to our approach to gambling regulation. For us, the key areas of focus are:
- Governance – it is vital that senior management understand their responsibilities, and take appropriate action, as required.
- Monitoring – firms need to have a clear view of what monies they hold, and whether they are caught within the regulations
- Disclosure – providing customers with clear information on what protection is available
- Segregation – ensuring funds are clearly segregated, without co-mingling
Across these areas, firms that take a step back and consider the requirements are able to put in place control frameworks which work in harmony with the business, to achieve the desired results. A clear and simple process is one that is much more likely to be followed.
Are you holding customer funds?
If you are licensed by the Gambling Commission and holding customer funds you will come under their customer funds regime. The funds in question are any monies held to the credit of your customers. Such funds include the following:
- Cleared funds deposited for future gambling activity
- Winnings from previous gambling activities left on deposit by customers
- Crystallised but unpaid bonuses
Remote operators are most likely to hold such funds. Although the rules cover both remote and non-remote operators, the Commission have been clear that the following would not be considered customer funds:
- Physical casino chips that customers can retain for future activity
- Betting slips held by customers
- Tickets for gaming machines that customers hold to cash in later
And because the first step with any regulation is checking if you are covered, the first step for all firms considering the customer funds regime is to determine if they hold funds such that they are pulled inside the remit of the rules.
What do you need to do? Disclosure
If you determine that you are holding customer funds, you will need to disclose in your terms and conditions whether customer funds are protected in the event of insolvency. You will also need to say how they are protected and to include a statement concerning the quality of this protection.
The quality of protection is something measured by clear and strict criteria, although the task of determining the level of protection remains with each firm. The possible ratings are as follows:
|Not protected – No segregation||No protection is provided in the event of insolvency. Only non-remote and ancillary remote firms can apply this level of protection.|
|Not protected – Segregation of customer funds||The customer funds are kept in accounts separate to the firm’s own accounts, but the funds would not be protected in the event of insolvency, being treated instead as part of the firm’s balance sheet. This is the minimum requirement for remote operators.|
|Medium protection||The customer funds are kept in accounts separate to the firm’s but are also held such that they are returned to customers in the event of insolvency.|
|High protection||The customer funds are held in a trust account. The account is subject to oversight from either an independent trustee or auditor.|
Self-assessment of this variety is common place for financial services firms, as is the requirement to properly inform customers about the protection of their money. Where investment firms fall short on these fronts, the FCA are quick to take such failings as evidence of broader issues within a firm. So, while the Gambling Commission’s requirement to assign and disclose a protection rating to customers might seem like an elementary step, it is not one that firms can afford to get wrong. Increased regulatory scrutiny always hits the bottom line – do the simple things right and you will save money.
Remember also that problems with self-assessment and the accuracy of terms and conditions often materialise following changes in operations or the business model. Make sure that you have safeguards in place to prevent such mistakes. If there are changes that alter your protection framework, a control to ensure that client terms and conditions are updated is vital. Remember that the Gambling Commission can ask for evidence that the level of protection in your terms and conditions is reflective of reality. Do not make a silly mistake here and give the Commission cause to lift further stones within your business.
What do you need to do? Segregation
All remote operators need to need to segregate their customer funds. This is a simple concept that continues to trip up the largest banks and investment managers in the UK. It should be no surprise therefore that gaming firms similarly struggle with this issue.
What are the common pitfalls?
- Co-mingling of funds
Effective segregation prevents the co-mingling of firm and customer funds. While such co-mingling can sometimes be traced back to unavoidable human errors, often there are fundamental weaknesses in the firm’s approach to segregation. The only way to manage this risk is with a control framework that is designed to prevent the movement of funds into the wrong bank account and if these preventive controls fail, promptly detects any co-mingling. You might have four-eye checks before transfers of customer funds can be executed to prevent such errors. These in turn could complemented by daily reconciliations to detect any controls failures.
- Weak reconciliations
A common criticism of client money reconciliations is that they do not compare independent sets of data and as such are unlikely to identify errors in the firm’s records. Ultimately, a process does not amount to a reconciliation if the data sets are not independent. You need two sets of data that are fed from different sources if your process is to add any value. Ask yourself if your two sets of data will ever not align. Paradoxically, you want the answer to be yes – if you are answering no to this question, you either have the perfect process or a flawed process. It’s likely the latter.
- Prompt segregation
A challenge for both investment management and gaming firms is the need to promptly segregate customer funds as they arise. Of course, this is not just a case of segregating new deposits. Just as investment firms need to segregate paid dividends, gaming firms need to segregate winnings and bonuses accrued by their customers. The first step to satisfying the regulation is identifying all sources of new customer funds. Have you conducted a total capture exercise to ensure that all sources have been identified? If not, do so and make it an annual exercise. And importantly, foster a culture of challenge and improvement. Your operational boots on the ground are in the best position to identify instances where money is not being segregated as required and empowering them to flag weaknesses will save you time and money in the long term.
What do you need to do? Governance
Try as you might, there will always be unexpected issues that can derail even the best controls. There will always be moving parts, whether it is internal business change or external customer actions. The risk of human error too, while possible to mitigate, will never be eliminated. Regulators are not looking for an approach that has eliminated every conceivable risk – they are looking for an approach that takes all necessary steps to manage identified risks and is adaptable where new risks arise.
Firms can only adapt to such changes if there is a governance framework in place capable of identifying unexpected or new challenges and managing a response. Key stakeholders within your firm should be monitoring the efficacy of existing customer fund protocol. What errors are occurring? What controls are failing? Such questions should be easily answerable once there is comprehensive MI created to fuel management oversight. Without this oversight you will not be able to gauge the efficacy of your controls and you will not be able to adapt to new risks. In such a scenario, it will likely fall to the Commission to inform you of your shortcomings…much better then to get ahead of the problem.
- Make sure you have properly understood the extent to which the customer fund rules apply to your business.
- If you are covered, avoid silly mistakes with something as simple as a customer disclosure – do not give the Commission an excuse to focus more broadly on your firm.
- Recognise that the segregation of customer funds is not easy – look at what tripped up investment firms in this sphere and avoid these mistakes at your firm.
- And lastly, a good segregation framework will only endure if it has the governance that enables it to grow and adapt – convene a committee now and make sure they are fuelled with comprehensive MI.
Helping gambling firms with regulation
This article is part of a series looking in detail at areas of regulatory scrutiny in gambling firms – in particular where there are lessons to be learnt from financial services. Other topics include:
- Vulnerable Customers