In order to properly apply anti-money laundering and anti-terrorist financing measures, gambling Know your customer (“KYC”) is important for gambling companies. Customer
Know your customer (KYC) is defined as a customer who is known to you through appropriate customer due diligence mechanisms. Customer Due Diligence Mechanism –
all processes and controls in place to ensure that, at all stages of the business relationship
the gambling operator has a clear understanding of who its customer is and the customer’s pattern of behaviour.
Therefore, companies shall, in their anti-money laundering and anti-terrorist financing (AML/CFT)
PPP/CTF) must set out in their internal policies and internal control procedures:
- – how they carry out customer identification;
- – how customer risk is assessed;
- – the timeframes within which customers need to update their identification
- the data to be updated at the time of identification;
- – the time periods for reviewing and reassessing client risk;
- – what action is to be taken in the event of non-cooperation by the customer in the identification/
- (e.g. to consider filing a suspicious activity report or business
- (e.g. considering the possibility of suspicious activity or termination of the relationship, etc.).
An important specificity of the gambling industry is that the purpose and nature of the business relationship is inherently are self-evident, as many customers use the services for entertainment purposes, and therefore gambling companies that organise gambling do not need to carry out any further checks to understand the customer’s purpose in customer opens an account with the company.
However, during the period of the business relationship, gambling companies need to monitor the customer’s activities and, based on the customer’s identified risk, build a customer profile (collecting information
sources of the customer’s assets and funds) in order to be able to properly assess the customer’s performance.
Screening for politically motivated companies is very important for gambling operators.
This is important for gambling companies in relation to vulnerable/influenced individuals. This screening is necessary to determine whether the client is politically
vulnerable/influenced person, as these individuals are potentially more susceptible to corruption and may pose a higher risk.
Gambling companies must always treat politically exposed persons (affected) persons as posing a high risk and apply appropriate enhanced identification measures. All procedures relating to enhanced identification must be extended to their family members and closely related persons. In order to ensure that the client’s status has not changed.
Regularly checking the status of the politically exposed person and assessing the ongoing risk. In addition, the gambling company must always check whether the customer is in a particular country or all persons residing in the State, or persons who are connected to the relevant political, religious or criminal organisations are subject to any economic
Individuals with close links to the sanctioned state should be classified as
high risk and subject to enhanced identification procedures. This also applies to all
third countries identified by the European Commission and the FATF as high risk third countries
In addition, the gambling operator shall take into account the quality of the sources to be verified and the independence of the sources and the nature of the reported infringement, may verify the information in the media, as previous criminal convictions of customers may be an important risk to be taken into account.
The Risk Based Approach is based on the gambling operators’ The basis of the gambling company’s approach is based on an assessment of the gambling company’s customers using a Customer Risk Assessment (CRA) tool. It provides gambling
It helps gambling operators to understand the risks arising from the customer relationship and, by applying different
The Commission shall use a variety of different tools to manage these risks adequately. It is generally accepted that there is a low, medium or
a high level of risk.
The main risk factors to be taken into account by the gambling operator are
in the context of KRM are grouped into:
(a) customer risk – the identification of the potential PP/TF risk posed by the customer is crucial
in the development and application of the overall risk-based approach. This depends on the type of client. The categories of clients for which
The categories of clients whose activities may pose a higher risk include politically exposed persons, high risk clients, clients with a high risk of being exposed to a high risk, clients with a high risk of being exposed to a high risk, clients with a high risk of being
high-risk professions, high spenders, disproportionate spenders, etc;
(b) interfaces and delivery channels – these risks relate to the different channels through which
the different channels through which the gambling company establishes a business relationship with the customer. Businesses that do not take place directly
(e.g. identity theft, etc.).
fraud cases involving impersonation). However, due to accepted
technological mitigating measures and control mechanisms, these risks can be reduced to
to an acceptable level. It is the responsibility of the gambling operator to ensure that these risks are adequately
taken into account in their internal procedures;
(c) Product risks – due to their specific nature, certain gambling products may be
(c) the nature of gambling products, in particular, makes them more attractive to criminals for laundering funds. This may relate to the actual or perceived ease of concealment
illegally obtained funds. Gambling with hedging potential may be used
to secure a return on betting while masking the activity as normal gambling for entertainment. Some
the outcome can be influenced by the customer, for example in the case of poker, the gambling company
needs to monitor individual cases of fraud or aiding and abetting fraud. In order to assess the specific
weaknesses associated with a particular product, the gambling company needs to assess the products offered
classify them according to the ‘type of gambling’ (e.g. fixed odds gambling with or without hedging, sports
betting and peer-to-peer gambling). In principle, peer-to-peer gambling is considered to have a higher risk and
fixed probability gambling without hedging has the lowest risk;
(d) settlement method/transaction risk – this relates to different settlement methods
(d) the anonymity and traceability offered by different settlement methods. Some settlement methods are more susceptible to criminal
exploitation. On the other hand, when a customer transfers funds from a bank account or associated card to
a bank account held in the customer’s name in a reputable jurisdiction, the risk of PP/TF is low. See for a specific example.
particular attention should be paid to customers who use a large number of different payment methods for their gambling
accounts/cards for their gambling.
(e) Geographical risk – some countries present a higher PP/TF risk than others. This risk
is determined by the jurisdictional risk assessment tool. Gambling operators, based on reliable
international sources (e.g. Basel Index, Transparency International Index, FVDG monitored
jurisdictions and Global Sanctions lists) must assess the risk for all countries. Those countries where
high levels of corruption, lax or non-existent PPP/CTF frameworks, low transparency
a low level of transparency/accountability, or are subject to the proliferation of terrorism or weapons of mass destruction
international sanctions, are assessed as high-risk, while those with
better risk metrics are assessed as medium or low risk. Gambling
The gambling company needs to assess any customer relationships with higher risk countries
(e.g. nationality, country of business, country of residence, etc.).
Once the level of risk has been determined, the use of risk-specific
procedures and adequate identification/re-identification tools. The following must be adopted
specific policies, control mechanisms and procedures with flexibility in dealing with
specific risks posed by the customer. Therefore, the risk management process shall consist of risk identification, risk
assessing and ensuring that appropriate systems are in place (to identify, manage and mitigate
the impact of risks).
Depending on the level of risk and when there are issues that materially affect the initial assessment
circumstances that require a change in the client’s risk rating, a review of the CRR is necessary.
Companies are required to include in their internal policies and internal control procedures for PPP/CTF
advice on how to identify high-risk scenarios, the additional information that needs to be obtained, and any
examples of any monitoring to be carried out.
The gambling company must monitor all customer relationships on an ongoing basis.
The initial identification of a new customer is not in itself a sufficient reason to reduce
PP/TF risk. Therefore, constant monitoring has two purposes:
(a) to ensure, through reasonable efforts, that the documents, data or information are up-to-date and accurate, and to verify the accuracy of the data in the event of any discrepancies;
(b) to ensure that the transactions entered into are consistent with the gambling operator’s perception of the risk profile of the customer. By monitoring
the customer’s transactions and activities, the gambling operator is better able to:
- – identify a pattern that differs from the normal pattern or that does not match the customer’s profile; or behaviour/transactions that are otherwise inconsistent with what is expected of the customer;
- – identify suspicious activity that requires the Financial Crimes Investigation Service to report a suspicious monetary transaction and/or transaction;
- – determine whether the initial risk assessment needs to be updated and, in the light of the update
the updated risk assessment or other considerations, the business relationship does not go beyond gambling
the risk limits set by the gambling operator.
Any unusual activity that differs from normal gambling behaviour patterns should be investigated. These activities
Examples of such activities may include unusually high transaction volumes (if they are not consistent with the gambler’s activities or the gambling
information available to the gambling company about the gambler) or unusually large deposits (which
may also be evidence that the person has a gambling problem).
The following sub-paragraph sets out the specific requirements of the Republic of Lithuania’s money laundering and
The following are the specific provisions of the Law on the Prevention of Money Laundering and Terrorist Financing adapted specifically for the gambling sector.
GENERAL REQUIREMENTS FOR CUSTOMER IDENTIFICATION
1. Companies must take measures to identify and verify the identity of the customer:
1.1. before entering into a business relationship;
1.2. where there are doubts as to the correctness or authenticity of the customer’s previously obtained identity data;
1.3. in any other case where there is a suspicion that money laundering and/or
2. Companies are additionally required to establish (unless the identity of the customer has already been established)
and verify the customer’s identity and register the customer:
2.1. at the time of deposit, at the time of withdrawal of winnings or when exchanging cash for chips
or tokens for cash if the amount of money exceeds EUR 1 000 or its equivalent in other cases
currency, whether the transaction is carried out in a single transaction or in several related transactions;
2.2. on entering a gambling house (casino).
3. In the case of multiple linked monetary transactions, the customer’s identity must be established immediately
after it has been established that several monetary transactions are interlinked. Multiple monetary transactions
(a) Several money transactions are deemed to be linked if the customer:
3.1. makes a daily cash-to-totoken or token-to-cash exchange
transactions exceeding EUR 1 000 or its equivalent in a foreign currency;
3.2. deposit amounts or withdraw multiple winnings in excess of EUR 1 000 or the equivalent in foreign currency throughout the day
4. The Companies must in all cases:
4.1. take all appropriate, targeted and proportionate measures when the customer is identified,
to determine whether the customer is acting on his/her own behalf or under his/her own control;
4.2. where the identity of the client is established, verify the identity of the client on the basis of documents,
data or information obtained from a reliable and independent source.
4.3. to monitor the client’s business relationship on an ongoing basis to ensure that the
(b) to ensure that all monetary transactions are consistent with the information available on the customer, the nature of the risk and the source of funds;
4.4. must apply customer identification measures not only to new customers but also to existing customers
(b) in the case of new customers, as well as existing customers, taking into account the level of risk in the event of new circumstances or new information becoming available,
new information relating to the client’s risk profile, the client’s identity, the client’s activities and other relevant information
4.5. review and update on an ongoing basis the documentation provided at the time of client identification,
5. review and update the data or information provided by the identification process and ensure that it is relevant and up-to-date.
REQUIREMENTS FOR THE IDENTIFICATION OF THE CUSTOMER IN THE CASE OF IDENTIFICATION
IN THE PHYSICAL PRESENCE OF THE CUSTOMER
5. When establishing the identity of a customer in the physical presence of the customer, firms must
require the customer to produce an identity document or permit from the Republic of Lithuania or a foreign country
residence in the Republic of Lithuania, or a national of the European Parliament and of the Council of 20 December 2006
2006/126/EC of the European Parliament and of the Council of 20 December 2006 on driving licences (recast)
a driving licence issued in a State of the European Economic Area (hereinafter referred to as ‘identity
document) containing the following data proving his identity:
5.3. personal identification number (for a foreigner, date of birth (if available, personal identification number or other for this person
(b) the unique sequence of symbols assigned to the person, residence permit for the Republic of Lithuania
number and period of validity, place and date of issue (for foreigners);
5.5. a signature (except in cases where it is optional in the identity document);
5.6. nationality (unless optional on the identity document) if
if the person is stateless, the State which issued the identity document.
6. Where the identity document does not indicate the nationality of the client,
the responsible employee of the company shall, when establishing the identity of the customer as a natural person, when it is established for him
in the physical presence of the customer, he/she must request the nationality details from the customer.
7. The Company shall have the right to obtain documents, data or information necessary to establish the identity of the customer
information directly from public information systems or registers and shall not require the customer to
to provide such documents, data or information if the customer does not have to provide the Company’s documents, data or
the client verifies the information obtained directly from public information systems or registers with a signature (including
advanced electronic signature or qualified electronic signature). The Company shall have the right not to require
documents, data or information received by the client directly from public information systems or registers
to provide a signature, provided that such documents, data or information do not differ from those previously
documents, data or information authenticated by the customer’s signature if the documents, data or information obtained from public information systems
documents, data or information obtained from the information systems or registers, and if such documents, data or information are obtained from the Lithuanian
Register of the Republic of Lithuania.
8. At the beginning of the identification of the customer, where the customer is physically present, the responsible person of the company shall
8.1. assess whether the client presents valid documents confirming his/her identity, determine whether his/her
(b) if the customer presents a document containing a photograph of the customer;
8.2. assess the condition of the document presented (paying particular attention to whether the photograph, pages or
(e.g. whether the photograph, pages, entries, etc. have been altered, corrected or similar);
8.3. make a record of the pages of the identity document presented by the person on which the person
(8) make a copy or scan of the document containing the photograph and other particulars necessary for establishing identity;
8.4. verify whether there are circumstances for the application of enhanced customer identification.
9. On each copy of the customer’s identification document (if a paper copy
copy of a paper document), the responsible employee of the company who made the copy must affix an authentication
REQUIREMENTS FOR THE IDENTIFICATION OF THE CUSTOMER WHEN THE IDENTITY
ESTABLISHING THE IDENTITY OF THE CUSTOMER IN THE ABSENCE OF THE CUSTOMER’S PHYSICAL PRESENCE
10. The identity of the customer may be established in the physical absence of the customer only in the following cases:
10.1. by using third party information about the customer in the context of the Money Laundering and
(1) by using information on the customer’s customer information in accordance with the procedure laid down in Article 13 of the Law on Prevention of Terrorist Financing (hereinafter referred to as “the Law”);
10.2. using electronic identification means issued in the European Union and operating in accordance with
electronic identification schemes established in the European Union in 2014
Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and
electronic identification and trust services in the internal market and repealing Directive
10.3. where the identity information of a person is authenticated by a qualified electronic signature using
a qualified electronic signature certificate which complies with the requirements of Regulation (EU) No 910/2014.
Qualified electronic signatures from third countries using a qualified electronic signature
certificate shall be recognised in accordance with Article 14 of Regulation (EU) No 910/2014;
10.4. by electronic means allowing live video transmission by one of the following methods:
10.4.1. the live video transmission shall capture the identity document or the
(d) the original of the residence permit of the Republic of Lithuania and the client’s identity is confirmed using the
at least by an advanced electronic signature complying with the requirements laid down in Article 26 of Regulation (EU) No 910/2014
requirements. Technical requirements for the customer identification process for the identification of the customer
remotely by electronic means allowing live video transmission, shall be
set out in the Technical Requirements for the Customer Identification Process for Remote Identification
for remote customer contact by electronic means allowing live video transmission,
approved by the Financial Crimes Investigation Service under the Ministry of the Interior of the Republic of Lithuania
of the Ministry of Internal Criminal Investigation of the Republic of Lithuania of 30 November 2016 No V-314 “On the technical requirements for the client
for the process of identification of a client when identification is carried out remotely using electronic means
means enabling live video transmission” (hereinafter referred to as the “Technical Requirements
10.4.2. the live video transmission shall capture an image of the customer’s face and the customer’s displayed
the original of the identity document or the corresponding residence permit for the Republic of Lithuania.
Technical requirements for the process of identification of the customer when the identity is established remotely,
using electronic means allowing live video transmission, shall be as follows
the Technical Requirements.
10.5. prior to the commencement of the use of the companies’ services, the payment account of the company shall be credited from the customer to the
name in a credit institution which is registered in a Member State of the European Union or in a third country,
supervised by the competent authorities with regard to compliance with those requirements, a payment order shall be made to an account held by
a paper copy of a personal identity document certified in accordance with the procedure established by the legislation of the Republic of Lithuania
a certified copy of the identity document. The procedure for the validation and submission of a copy of the identity document shall be laid down by the Personal Identity
The procedure for validation and submission of a copy of an identity document shall be laid down in the Procedure for the validation and submission of a copy of an identity document, approved by the Financial Crimes Investigation
of the Director of the Criminal Investigation Service under the Ministry of the Interior of the Republic of Lithuania of 12 September 2017
No V-131 “On Approval of the Procedure for Approval and Submission of a Copy of a Personal Identity Document”.
11. The identification of the client in the cases referred to in sub-paragraphs 10.1 to 10.3 of this Article shall be possible only when there is
all the following conditions are met:
11.1. before the identity of the customer is established in the cases referred to in sub-paragraphs 10.1 and 10.2, the customer’s identity
the third party has been established in the physical presence of the customer or by electronic means,
allowing live video transmission by one of the means referred to in points 10.4 or 10.5
as well as where the customer’s identity has been established in the physical presence of the customer by means of an electronic
identification means operating under a high or sufficient level of security electronic identification
11.2. before the customer’s identity is established in the cases referred to in points 10.1 to 10.3, the customer’s identity
the customer has been established from identity documents (as referred to in point 5).
12. When establishing the identity of a customer in the absence of the customer’s physical presence, firms must take the steps set out in
Article 9, and to establish and verify the identity of the customer, to establish the identity of the customer
use additional data, documents or information to satisfy themselves as to the identity of the customer
the authenticity of the customer’s identity, to verify whether there are circumstances for the application of enhanced customer identification, and:
12.1. in the cases referred to in points 10.1, 10.4 and 10.5, obtain the data referred to in point 5;
12.2. in the cases referred to in sub-paragraphs 10.2 and 10.3, obtaining the data referred to in sub-paragraphs 5.1, 5.2, 5.3, 5.6 and point 6
the data referred to in 6.
ENHANCED CUSTOMER IDENTIFICATION
13. Enhanced customer identification shall be carried out by means of additional identification
13.1. where transactions or business relationships are conducted with politically exposed (affected) persons
13.2. where the transactions or business relationships are with the European Commission and the Financial Action Task Force
(2) In the case of transactions involving financial transactions and transactions with countries declared by the Financial Action Task Force on Money Laundering and Terrorist Financing to be seriously deficient
(b) in the case of countries identified in the lists of countries with weaknesses in the prevention and combating of money laundering and/or terrorist financing
natural persons residing in high-risk third countries;
13.3. where the risk assessment and management procedures established by the companies identify a higher
(b) a higher risk of money laundering and/or terrorist financing. In the assessment of money laundering and/or terrorist financing
The assessment of money laundering and/or terrorist financing risks shall include an assessment of the potential higher risk of money laundering and/or terrorist financing referred to in Article 14(10) of the Law
terrorist financing risk factors;
14. When carrying out enhanced customer identification where transactions or business relationships are carried out
When conducting enhanced due diligence in relation to business and transactions with politically exposed persons, companies must:
14.1. establish and implement internal procedures for determining whether a customer is politically
14.2. obtain the approval of a senior manager for the establishment or continuation of a business relationship with such clients
(c) to continue to conduct business with clients when they become politically exposed persons;
14.3. take appropriate measures to trace the source of funds relating to the business relationship or transaction
(d) to determine the nature of the transaction or transaction;
14.4. carry out enhanced ongoing monitoring of business relationships with politically exposed persons
4. reinforced monitoring of the situation of politically exposed persons.
15. When a politically exposed person ceases to hold an important public office,
companies must continue to take into account the continuing risks posed by that person for a period of at least 12 months
and apply appropriate measures tailored to the level of risk until it is determined that the person
no longer poses a risk specific to politically exposed persons
16. In the context of enhanced customer identification, the European Commission and the Financial Action Task Force
Financial Action Task Force on Money Laundering and Terrorist Financing identified high-risk third countries
natural persons residing in high-risk countries and in cases where companies have identified the following risks
assessment and management procedures identified by the companies as posing a higher risk of money laundering and/or terrorist financing,
companies shall, in accordance with the procedures referred to in this point, take, at their discretion, either one or
additional customer identification measures to mitigate the risk and shall be obliged to:
16.1. obtain the approval of a senior manager for the establishment or continuation of a business relationship with those customers
to continue the business relationship with these clients;
16.2. make appropriate arrangements for the disposition of assets and funds in connection with the business relationship or transaction,
16. to determine the source of the funds
16.3. carry out enhanced ongoing monitoring of the business relationship with those clients.
17. Companies must pay particular attention to any money laundering and/or terrorist financing
(c) any threat of transactions which may arise from transactions which seek to conceal the identity of the customer (tending to
anonymity), as well as from business relationships or transactions with a customer whose identity has not been established
in the physical presence of the client and, if necessary, take immediate measures to prevent the use of the assets
money laundering and/or terrorist financing.