E-gaming company fined £700,000 over regulatory failings

BMO Manx was licensed between 2021 and 2023

An e-gaming company from Douglas has been ordered to pay £700,000 by the Isle of Man Gambling Supervision Commission for regulatory failings.

BMO Manx, which the body licensed between 2021 and 2023, was found to be in contravention of the Anti-money Laundering and Countering the Financing of Terrorism Act.  

The company was initially ordered to pay a fine of £1,000,000, but this was discounted by 30 percent to £700,000.

An inspection found the business:

  • Did not conduct Enhanced Due Diligence despite the customers being identified as posing a higher risk of Money Laundering and/or Terrorist Financing, and identifying unusual activity as required by paragraph 14 (3) of the Code.
  • Had a Customer Due Diligence policy that did not evidence the need for Enhanced Due Diligence or additional monitoring in the event of suspicious activity as required by paragraph 14 of the Code.
  • Did not evidence consideration within policies and procedures to not proceed with customer relationships, terminating ongoing customer relationships or of making any internal disclosures in the event that Enhance Due Diligence was not provided within a reasonable timeframe as required by paragraph 14 (4) of the Code.
  • Had a Suspicious Activity Reporting chain that was inefficient and diluted across BMO’s operations via Peru and Malta with numerous parties’ involvements before the MLRO could give true consideration of facts. Paragraph 22(a), (b) and (c) of the Code.
  • Had failed to comply with paragraph 23(b) of the Code where, on a reasonable basis, internal disclosures should have been reported to the MLRO.
  • Did not record and maintain procedures & controls for the purpose of identifying Politically Exposed Persons as required by paragraph 13 of the Code.
  • Did not establish, record, maintain or operate appropriate procedures and controls sufficiently to ensure the verification of identity of its customers as required by paragraph 11 of the Code.
  • Was unable to demonstrate that it had processes or any procedures around how or when ongoing monitoring was determined as required by paragraph 15 (3) of the Code.
  • Had a Customer Risk Assessment and applicable policy that did not have regard to all relevant risk factors or those which may pose a higher risk of ML/TF as required by paragraphs 8 (4), and 8 (7)(b) and (c) of the Code.
  • Did not implement its Business Risk Assessment until circa 6 months after commencing online gambling activities, as required by paragraph 6 of the Code.
  • Had not undertaken a Technology Risk Assessment and its Technology Risk Assessment policy was generic and not specific to its business or the risks relevant to its business, as required by paragraph 7 of the Code.
  • Did not have appropriate procedures and controls to monitor and test compliance with AML/CFT legislation as required by paragraph 25 (1) of the Code.
  • Had policies/controls which didn’t ensure that failure to provide CDD must result in the customer relationship being terminated and consideration of an internal disclosure being made, as required by paragraph 10 (5) of the Code;
  • Had an AML/CFT policy that did not sufficiently delineate the responsibilities of the MLRO and AML/CFT Compliance Officer who have distinct regulatory requirements as required by paragraph 21 (1) and 25 (4) of the Code.
  • Had an MLRO and AML/CFT Compliance Officer who was unable to demonstrate having sufficient access to information and resources at all times to properly discharge the responsibilities of these positions as required by paragraphs 21 (2)(c) and 25(4)(c) of the Code.
  • Had an MLRO who was unable to demonstrate or evidence having full access to all relevant business information as required by paragraph 22(d) of the Code.
  • Failed to comply on occasion with Code, paragraph 22(f) which requires that SAR’s are provided to the Financial Intelligence Unit ‘as soon as is practicable’.
  • Had policies which did not detail how quickly (i.e. as soon as is practicable) the MLRO must report knowledge of suspicion externally as required by paragraph 24 (2) of the Code.
  • It was found that the creation and review of key compliance policies and procedures were not undertaken by the AML/CFT Compliance Officer as required by paragraph 25 (1) and (4)(c) of the Code.
  • Could not evidence the AML/CFT Compliance Officer had submitted a report to senior management as required by paragraph 25 (2) of the Code.
  • Failed to meet the training and education requirements of the Code as numerous key role holders were not listed on the training register. Furthermore, of those staff listed, a number had not undertaken relevant training at least annually as required by paragraph 27 (1) of the Code.

The commission also noted that BMO acknowledged the serious shortcomings in its operational arrangement at an early stage and sought to resolve the matters constructively and expeditiously. 

You can find the full report HERE.

More from Isle of Man News