Implications of the Economic Crime and Corporate Transparency Act 2023 for the Gambling Industry

Blink and you would miss the new paragraph in the document for The Economic Crime and Corporate Transparency Act 2023 (ECCTA).

The paragraph introduces a significant corporate criminal offence known as ‘failure to prevent fraud,’ which has particular implications for land-based and online casinos. Large organisations should make sure they prepare and review/adopt suitable fraud prevention procedures ahead of 1 September 2025.

Here's a quick reference guide to what that could mean for your business. 

What This Means for Gambling Organisations?

Gambling companies can be held criminally liable if an employee, agent, or another person associated with the organisation commits a specified fraud offence for the organisation’s benefit. 

Companies in the gambling sector must establish and maintain 'reasonable’ procedures aimed at preventing fraud. This means that organisations need to implement comprehensive fraud prevention strategies tailored to their operations. 

It is essential to understand that the prosecution does not need to demonstrate that company managers were aware of the fraud or actively participated in it. This shift places greater responsibility on the organisation as a whole to ensure proper oversight and prevention practices.  

We asked Josie for her view on what operators and organisations could do to ensure they comply to the updated ECCTA ACT. 

Josie began by saying that a standalone fraud framework cannot rely solely on existing controls but should involve a holistic evaluation of vulnerabilities within policies, systems, and procedures. 

Josie adds, “While fraud and money laundering risks are often intertwined, operators must implement distinct, well-defined anti-fraud measures that seamlessly integrate into broader AML efforts. 

"A substantive review of all facets of the operator’s anti-financial crime control framework is a necessity to ensure compliance with the act."

That is not to say that anti-fraud controls should be removed from other policies and procedures, quite the contrary, as fraud and money laundering are deeply intertwined in the context of the ECCTA 2023 fraud offence commission. 

For example, money laundering mules regularly employ the use of fraudulent ID in their schemes to circumvent CDD measures. A simple scheme involving the losses of one mule, offset by the winnings of another (i.e., simultaneous even-chance betting via electronic roulette on a live table), presents the possibility of the operator both failing to prevent the identity fraud, and financially benefitting from the fraud by the losses of the losing mule. 

Timeline for Implementation 

The introduction of the ‘failure to prevent fraud’ offence under the ECCTA represents a critical regulatory change for the gambling industry. Josie said: “Organisations must proactively develop and enforce fraud prevention strategies to mitigate risks and ensure compliance ahead of the law’s implementation.” 

Operators Must Avoid a Tick-Box Approach 

Josie advised caution over operators simply using a tick-box approach to comply, saying: “Operators must seek to avoid a tick-box approach to compliance in respect of the provisions of the ECCTA 2023, and conduct detailed analyses and evaluation, considering obliquely as to how shortcomings in their internal policies, procedures, systems, and controls may potentially expose the business to the ‘failure to prevent fraud’ offence, and make genuine considerations as to their weaknesses, vulnerabilities, and operational integrity in respect of fraud risk. 

A key observation is that operators should pay particular focus to internal threats and ‘third-party’ associates, such as employees, agents, junkets, and other affiliated persons/organisations, particularly where a ‘revenue share’ arrangement or employee incentive programme, based upon customer acquisition and spend exists.

As gambling operators are likely to have little oversight over the activities of third parties, operators may inadvertently partially benefit from a fraud perpetrated by these ‘persona non gratae’ whilst they pursue their own financial benefit from the operator’s customers.  

Josie gave an example of this, “Where a high value customer acquired by fraudulent means by a third-party agent on behalf of the operator (revenue share), or by an internal Customer Relationship Manager (who is paid a bonus or incentive based upon acquisition and customer spending volumes), who then goes on to lose significantly with the operator.” 

Training is Key to Fraud Awareness and Prevention 

Staff training is crucial in all aspects of business but none more so than anti-fraud and anti-money laundering measures as we have seen to the detriment of TD Bank recently. 

Josie mapped out the importance of this by saying: “Employee training is key to embedding fraud awareness and prevention throughout the operator’s organisation. Role-specific training enables frontline staff, gaming floor employees, and compliance teams to understand, recognise, and respond to fraud risk. 

"By empowering employees to report suspicious and fraudulent activity, with an unobstructed pathway to facilitate report submission, and continuous training and upskilling on fraud typologies and methodologies with employees, the operator can establish vigilance across all lines of defence and cultivate a proactive anti-fraud culture."