Blink and you would miss the new paragraph in the document for The Economic Crime and Corporate Transparency Act 2023 (ECCTA).
The paragraph introduces a significant corporate criminal offence known as ‘failure to prevent fraud,’ which has particular implications for land-based and online casinos. Large organisations should make sure they prepare and review/adopt suitable fraud prevention procedures ahead of 1 September 2025.
Here's a quick reference guide to what that could mean for your business.
Gambling companies can be held criminally liable if an employee, agent, or another person associated with the organisation commits a specified fraud offence for the organisation’s benefit.
Companies in the gambling sector must establish and maintain 'reasonable’ procedures aimed at preventing fraud. This means that organisations need to implement comprehensive fraud prevention strategies tailored to their operations.
It is essential to understand that the prosecution does not need to demonstrate that company managers were aware of the fraud or actively participated in it. This shift places greater responsibility on the organisation as a whole to ensure proper oversight and prevention practices.
We asked expert Josie Preston, AML & FinCrime in Gambling Expert at Ophion Risk to shed some light on the latest update to the ECCTA 2023 Act.
Josie told Casinos.com: “It goes without saying; a well-considered and robust fraud risk assessment, actionable fraud strategy and implementation plan, policies and procedures - supported by anti-fraud training, operational guidance, and a positive fraud culture - is essential to ensure protection of the operator against commission of the ECCTA 2023’s corporate ‘failure to prevent fraud’ offence.
“In certain sectors of the gambling industry, and with smaller operators, existing fraud controls may be documented within the broader AML/AFC Compliance policies and procedures. The significant corporate liability now in force means to simply extrapolate those controls out and pastiche them into a standalone fraud policy will be an insufficient defence against the ‘failure to prevent fraud’ offence.
We asked Josie for her view on what operators and organisations could do to ensure they comply to the updated ECCTA ACT.
Josie began by saying that a standalone fraud framework cannot rely solely on existing controls but should involve a holistic evaluation of vulnerabilities within policies, systems, and procedures.
Josie adds, “While fraud and money laundering risks are often intertwined, operators must implement distinct, well-defined anti-fraud measures that seamlessly integrate into broader AML efforts.
"A substantive review of all facets of the operator’s anti-financial crime control framework is a necessity to ensure compliance with the act."
That is not to say that anti-fraud controls should be removed from other policies and procedures, quite the contrary, as fraud and money laundering are deeply intertwined in the context of the ECCTA 2023 fraud offence commission.
For example, money laundering mules regularly employ the use of fraudulent ID in their schemes to circumvent CDD measures. A simple scheme involving the losses of one mule, offset by the winnings of another (i.e., simultaneous even-chance betting via electronic roulette on a live table), presents the possibility of the operator both failing to prevent the identity fraud, and financially benefitting from the fraud by the losses of the losing mule.
The introduction of the ‘failure to prevent fraud’ offence under the ECCTA represents a critical regulatory change for the gambling industry. Josie said: “Organisations must proactively develop and enforce fraud prevention strategies to mitigate risks and ensure compliance ahead of the law’s implementation.”
Category | Applicability |
---|---|
Large Gambling Companies (Incorporated Bodies) | Includes major corporate entities in the gambling industry. |
Subsidiaries of Larger Gambling Organizations | Applies to divisions or smaller companies owned by larger gambling companies. |
Partnerships Operating in the Gambling Sector | Covers partnerships actively engaged in gambling operations. |
Non-profit Gambling Organizations (if Incorporated) | Non-profit gambling organizations, if legally incorporated. |
Exemptions | |
Police Forces | Law enforcement agencies exempt from this offense. |
Government Departments | Excludes any department or branch of government. |
Josie advised caution over operators simply using a tick-box approach to comply, saying: “Operators must seek to avoid a tick-box approach to compliance in respect of the provisions of the ECCTA 2023, and conduct detailed analyses and evaluation, considering obliquely as to how shortcomings in their internal policies, procedures, systems, and controls may potentially expose the business to the ‘failure to prevent fraud’ offence, and make genuine considerations as to their weaknesses, vulnerabilities, and operational integrity in respect of fraud risk.
A key observation is that operators should pay particular focus to internal threats and ‘third-party’ associates, such as employees, agents, junkets, and other affiliated persons/organisations, particularly where a ‘revenue share’ arrangement or employee incentive programme, based upon customer acquisition and spend exists.
As gambling operators are likely to have little oversight over the activities of third parties, operators may inadvertently partially benefit from a fraud perpetrated by these ‘persona non gratae’ whilst they pursue their own financial benefit from the operator’s customers.
Josie gave an example of this, “Where a high value customer acquired by fraudulent means by a third-party agent on behalf of the operator (revenue share), or by an internal Customer Relationship Manager (who is paid a bonus or incentive based upon acquisition and customer spending volumes), who then goes on to lose significantly with the operator.”
Staff training is crucial in all aspects of business but none more so than anti-fraud and anti-money laundering measures as we have seen to the detriment of TD Bank recently.
Josie mapped out the importance of this by saying: “Employee training is key to embedding fraud awareness and prevention throughout the operator’s organisation. Role-specific training enables frontline staff, gaming floor employees, and compliance teams to understand, recognise, and respond to fraud risk.
"By empowering employees to report suspicious and fraudulent activity, with an unobstructed pathway to facilitate report submission, and continuous training and upskilling on fraud typologies and methodologies with employees, the operator can establish vigilance across all lines of defence and cultivate a proactive anti-fraud culture."
Most of my career was spent in teaching including at one of the UK’s top private schools. I left London in 2000 and set up home in Wales raising four beautiful children. I enrolled at University where I studied Photography and film and gained a Degree and subsequently a Masters Degree. In 2014 I helped launch a new local newspaper and managed to get front and back page as well as 6 filler pages on a weekly basis. I saw that journalism was changing and was a pioneer of hyperlocal news in Wales. In 2017 I started one of the first 24/7 free independent news sites for Wales. Having taken that to a successful business model I was keen for a new challenge. Joining the company is exciting for me especially as it is a new role in Europe. I am keen to establish myself and help others to do the same.
Read Full Bio