The operator behind the Spreadex.com website will pay the money to socially responsible causes as part of a settlement with the Commission, which was agreed following a review of its business.
Between January 2020 and May 2021, Spreadex was found to have breached the Licence Conditions and Codes of Practice (LCCP), while it also failed to comply with the Social Responsibility Code.
Social responsibility failings identified by the Commission included Spreadex having in place financial alerts that were ineffective and allowed customers to lose significant amounts over a short period of time.
The operator was also found to have placed an overreliance on financial alerts to identify customers at potential risk of experiencing harms, while it failed to sufficiently record and evaluate its customer interactions.
In one case, a customer was able to deposit £1.7m and lose £500,000 over a one-month period. The Commission noted that while customer interactions took place, these were not sufficiently evaluated and did not include considering the effectiveness of restricting the account.
Looking at the anti-money laundering failures highlighted by the Commission, the review picked out one customer who met a £25,000 financial deposit alert and had the alert for further review increased to £100,000 based on a self-declaration of income and an open-source check.
Another customer was able to deposit £365,000 and lose £284,000 over a period of three months, without a source of funds being sufficiently established, while one player was able to continue depositing after providing redacted bank statements in response to a request for evidence of their source of funds.
“Whilst it is disappointing to see anti-money laundering and social responsibility breaches occur despite our extensive published cases highlighting similar failures, we note the swift and robust action the licensee took to bring itself back to compliance,” Commission director of enforcement and intelligence Leanne Oxley said.
“We expect similar commitment and engagement across the gambling sector.”
In its ruling, the Commission said that Spreadex failed to review and update its risk assessment on an annual basis as required, nor did not take into account and consider information on the risks of money laundering and terrorist financing available by the Commission. The regulator also said Spreadex did not assess all relevant customer, product and geographical risk factors.
Spreadex was also found in breach of paragraph 2 of licence condition 12.1.1, which refers to how licensees must ensure they have appropriate policies, procedures and controls to prevent money laundering and terrorist financing.
Here, the Commission identified weaknesses and shortcomings in relation to the adequacy and maintenance of AML policies, procedures and controls, noting that some customers were able to deposit large amounts of money without sufficient interaction being triggered.
The regulator added that Spreadex failed to critically review Source of Funds documentation and was over-reliant on electronic checks, while it did not have in place sufficient staff to respond to financial triggers in a timely fashion and to adequately mitigate the risk.
Finally, the Commission said Spreadex failed to comply with Social Responsibility Code 3.4.1, paragraphs 1 and 2 of which state that licensees must interact with customers in a way which minimises the risk of them experiencing harms associated with gambling.
Summarising its findings, the Commission noted a number of aggravating factors including the serious nature of the breaches, the impact on the licensing objectives, and that some breaches arose in circumstances that were similar to previous cases and subsequently resulted in the publication of lessons to be learned for the wider industry.
However, the regulator also considered certain mitigating factors, namely how Spreadex showed insight into the seriousness of the breaches and self-suspended its casino activities for five months to mitigate risk.
The regulator noted that Spreadex also provided an action plan immediately and took action to expand and improve its compliance capacity, while the operator and its senior managers cooperated with the Commission. In addition, Spreadex made an early offer of a regulatory settlement.
After considering this, the Commission ordered a £1.4m payment in lieu of a financial penalty, with a further payment of £7,831 towards the Commission’s costs of investigating the case.
The latest ruling comes after the Commission last week ordered Entain to pay a record £17.0m after it identified a series of social responsibility and AML failings across its online and land-based businesses.
Commission chief executive Andrew Rhodes said Entain could potentially lose its licence in Great Britain if the group continues to breach rules and regulations in the market.
Also this month, the Commission fined LeoVegas £1.3m after identifying a series of failings, many related to setting triggers too high.