A gaming company has been fined €130,460 by the Financial Intelligence Analysis Unit over several anti-money laundering breaches were found in its operations.
Olimp Limited was handed the fine after an inspection carried out by the FIAU in 2020.
The company has since surrendered its gaming licence in Malta, and was owned by a Russian national – Galina Reed – and a holding company which was in turn owned by the same Reed and another holding company based in Cyprus.
In its announcement of the fine, the FIAU listed a number of shortcomings which the company had.
Chief amongst those was that the Company did not have a Business Risk Assessment (BRA) in place at the time of the compliance examination.
In its representations, the Company informed the Committee that it had carried out a draft of the BRA, which was carried out in 2020, and therefore two years after the obligation has been in place.
However a review of this draft BRA, showed the Company failed to identify its threats and risks and it failed to determine its inherent and administrative residual risks, the FIAU said.
The Company was expected to compile an inventory of risks, both actual and potential. These would then need to be assessed depending on the likelihood of them happening versus the impact that such risk would leave if it materializes. Following this assessment, the Company would be able to determine its inherent risk. The BRA also needs to assess the controls in place, to ensure that these are robust enough to mitigate the risks, and determine if more controls are required. It is only after the assessment of the controls in place that the Company can work out and determine its residual risk.
“Instead, the draft document outlined the action points that the Company needs to implement to mitigate its risks, and a list of risks, without any indication as to how such risks were assessed or what controls are being done to mitigate,” the FIAU said.
The FIAU also found that no documented customer risk assessment (CRA) methodology was in place at the time of the compliance examination.
“Although it was noted that players had a risk rating assigned, it become apparent that such rating was not relating to ML/FT risks,” the FIAU said. Instead, they were based on business related factors such as how profitable the player was to the Company.
“Since the Company did not have a CRA in place, it was not in a position to ensure that it understood the level of customer due diligence necessary and the level and frequency of ongoing monitoring it was expected to carry out,” the FIAU said.
There were also several shortcomings in relation to the identification and verification measures noted during the compliance examination.
The FIAU said that the Company was expected to carry out customer due diligence measures on these players since all of these had exceeded the €2,000 threshold as per legal obligations, with some of these being that the permanent residential address of five player profiles was not verified, and that the copies of identification documents collected for three players was not adequate.
Prior to the sample file review, the MLRO informed the Officials that information on the player’s source of funds is being collected, and that limits are set on the player’s profile in accordance with their betting activity.
“However, none of the player profiles reviewed held any information on the occupation of the player, their source of wealth and expected source of funds or on the expected level of activity. Thus, limits on the player profiles could not be set since the Company did not have any information on its players in order to determine same,” the FIAU said.
The Committee remarked that the absence of such information meant that the company was offering its services without even having an understanding of the player’s profile, and which inevitably, hindered the its ability to implement effective control measures, thus heightening exposure to money laundering risks.
From the compliance examination it was noted that the Company’s MLRO was outsourced and that he did not have an employment relationship with the Company. This individual worked with an IT company and also occupied the roles of a compliance and legal officer. Members of the FIAU’s committee reiterated that the functions of an MLRO cannot be outsourced.
During the compliance examination it was noted how three of the players reviewed were nationals and residents of a non-reputable jurisdiction.
Although the MLRO had indicated that extended due diligence is carried out on high-risk customers, and that a screening platform is used to obtain information as part of the EDD measures, it was noted that none of these three players was risk assessed as high.
During the deliberations, the FIAU committee took into consideration that the country was included in the FATF list of jurisdictions with strategic deficiencies a few months before the commencement of the compliance examination.
“While it could have been the case that the risk rating of the players was carried out prior to the inclusion of such country into the said list, the Company was expected to have measures in place to identify such a change and apply EDD measures on these players, in line with its legal obligations yet also considering the particularities of the relationships subject to the EDD requirement,” the FIAU said.
After taking into consideration the above breaches, the committee decided to impose an administrative fine of €130,460 against the company.
It said that a follow-up directive would usually be imposed for the breaches identified, but the company has since surrendered its gaming license.