As commented on earlier this week by the Gambling Commission (“GC”) in its blog post, today sees the introduction of the requirement for online gambling operators to introduce what it describes as “light-touch” financial vulnerability checks and also the introduction of a pilot scheme on additional financial risk assessments for the largest online gambling operators. The GC has also published a follow-up blog post earlier this week on its approach to the pilot scheme for additional financial risk assessments. 

The introduction of the requirement for remote gambling operators to conduct financial risk assessments / affordability checks on their customers has been one of the most hotly debated areas of reform considered as part of the previous Government’s review of the Gambling Act 2005 and the White Paper published in light of that review.

The GC’s latest blog also highlights the amendments to the Licence Conditions and Codes of Practice (“LCCP”) which are intended to strengthen age verification processes and procedures in physical gambling premises.

Financial Vulnerability Checks

The GC has confirmed that it will today introduce the requirement for all online gambling operators to implement the “light-touch” financial vulnerability checks through a new Social Responsibility (SR) Code provision (SR 3.4.4). Under this new SR Code Provision, remote operators will be required to conduct at a minimum a customer-specific public record information check for financial vulnerability red flags. Such red flags would include bankruptcy orders, court judgments and debt relief orders.

These new checks are to be initiated for customers when their “spend” (i.e. deposits less withdrawals) reach certain thresholds. The checks are intended to supplement the customer interaction responsibilities that remote gambling operators are already obliged to perform under the LCCP. The new SR 3.4.4 Code Provision requires remote gambling operators to:

• consider the financial vulnerability information they obtain from the new financial vulnerability checks, together with all of the other information they know about the customer and are permitted to use, in order to assess risk;
• take proportionate action when risk is identified, and record the rationale for decisions on proportionate action;
• ensure that they have appropriate policies and procedures in place to cover:
  • whether, when taking decisions on proportionate action, it is appropriate for such a decision to be taken manually, in a fully automated manner (offering the customer the opportunity for manual review where decisions for action are taken), or through a combination of automated processing and subsequent manual review, and
  • the circumstances in which immediate action is necessary to limit harm where significant risk is identified.

To assist remote gambling operators with the introduction of these requirements, the GC has introduced an initial “spend” threshold of £500 per rolling 30 day period for the 6 months from today to 27^th February 2025. The relevant spend threshold trigger is then to be reduced to £150 per rolling 30 day period from 28^th February 2025.

Pilot Scheme for Financial Risk Assessments

Similarly, the GC has confirmed in its blog this week that it will introduce an additional SR Code Provision 3.4.6 to initiate the pilot program to conduct certain financial risk assessments for the remote operators who fall within the highest three categories of gambling turnover (ie those who fall into licence fee categories J1 to L1). This pilot scheme is to run from today until 31 March 2025, but the GC expressly reserves its right to extend the pilot scheme for a further month provided that it notifies the relevant operators prior to 17March 2025.

Under the pilot scheme, the participant remote operators are to request certain financial risk assessments from one of the listed credit reference agencies (i.e. Equifax, Experian or TransUnion) for each customer who falls into particular categories based on their gambling spend over particular periods which are to be determined by the GC from time to time during the pilot phase. The GC also reserves its ability, among other things, to specify that:

• particular pilot stages operate over different periods in respect of different licensees and/or categories of licensees; and
• different thresholds for different pilot stages and/or for different cases and/or categories of case.

The GC has made it clear that, at this stage, the pilot scheme is not intended to affect how customers are dealt with and restricts operators from taking action based on the risk assessments instituted by the scheme, including for the purposes of complying with their existing customer interaction requirements under SR Code Provision 3.4.3. Rather, it is simply intended to test out the different forms of data available to credit reference agencies to consider what is helpful and meaningful in the gambling context, as well as to test out the data sharing and frictionless nature of the checks. In short, the scheme is a data gathering exercise devised to inform decisions on whether and how these assessments could be introduced in the future. 

Where a relevant remote operator participant receives a financial risk assessment from a relevant credit reference agency pursuant to a request required by the pilot scheme, the relevant online gambling licensee participating in the pilot scheme must:

• consider the financial risk assessment and any other relevant information that it holds about the relevant customer and:
  • assess whether the relevant customer is or was (as the case may be) at risk of harm associated with gambling, and
  • determine what action, if any, the licensee would take or would have taken (as the case may be) under its remote customer interaction obligations under SR Code Provision 3.4.3 as a result of that assessment;
• record the assessment and such relevant action (as well as the reasons for the relevant determination);
• provide to the GC such information in relation to the assessment and/or determination in such form and manner as the GC may specify from time to time;
• determine the policies and procedures that it would be appropriate for it to adopt in relation to:
  • the provision to and receipt from credit reference agencies of data about customers (including the receipt of financial risk assessments);
  • assessments of whether a customer is at risk of harm associated with gambling, and determinations of what action (if any) the licensee would take as a result of that assessment, if the licensee were required to obtain and consider a financial risk assessment for the purposes of its customer interaction obligations under SR Code Provision 3.4.3; and
• report to the GC its conclusions (re: (iv) (a) and (b)), and its reasons for those conclusions, at such time and in such form and manner as the GC may specify from time to time.

Strengthening Age Verification Processes in Physical Gambling Premises

As identified in its response to the Summer 2023 consultation, the GC will also introduce amendments to the LCCP aimed at strengthening age verification processes in physical gambling premises. The new measures would be initiated pursuant to amendments to Code Provision 3.2 of the Code of Practice and shall be effective from today.

The first amendment is to remove the exemptions from the age verification test purchasing requirements which currently exist for the smallest categories of operator (ie category A and B licensees).

The second amendment is to require that gambling premises adopt a “Think 25” approach to age verification – i.e. for them to have procedures in place to check the age of customers who appear to be under 25. Under the GC’s current requirements, gambling operators are only required to have procedures in place to check the age of those customers who appear to be under 21 (i.e. a “Think 21” approach).

Further Thoughts and Future Developments

Last year’s White Paper acknowledged that there is a need for an appropriate balance to be struck between “consumer freedom and choice on the one hand” and “protection from harm on the other hand”, and, in particular, focusing on “doing more to protect those at risk of addiction and associated unaffordable losses”.

In the GC’s recent blog post covering its approach to the pilot scheme, Helen Rhodes, the Director of Major Policy Projects and Evaluations, commented on a similar balance needing to be struck in its scheme between “supporting high-spending customers in financial difficulties” whilst also “supporting a frictionless customer journey for the vast majority of customers”. Rhodes also commented that the relevant decisions as to whether (and if so, how) to proceed with the implementation of the financial risk assessments would be guided by the responses and data from the pilot. How the pilot scheme develops and what data / feedback it creates will no doubt be keenly followed and considered by the industry.

In terms of further upcoming regulatory developments emanating from the White Paper (and the results of certain of the consultations that followed in its wake), the GC has confirmed the following (as more fully described in its consultation response published in May 2024):

• there will be an update to the Remote Technical Standard security requirements, which will come into effect from 31 October 2024;
• the new and amended requirements for operators to ensure that certain functions within their organisation are held by individuals who hold a Personal Management Licence (PML) will be effective from 30 November 2024;
• the new game design requirements (and associated implementation guidance) will come into force on 17 January 2025; and
• from 1 May 2025, operators will be required to provide customers with options to opt-in to the product type they are interested in and the channels through which they wish to receive direct marketing (with all options set to “opt-out” by default).

We shall be covering these and further developments as they are published by the GC.