The Function is responsible for designing, implementing and steering policies, procedures and controls aimed at managing and mitigating the risks of ML/TF.
These include, inter alia, a clear assignment of responsibilities, the definition of control activities to be carried out in relation to identified risks, and provisions on training and related activities to all Sisal’s employees in order for the to be duly informed about and fully aware of existing procedures, risks and the potential consequences of breaches and non-compliance.
The organization’s internal regulatory framework in the area of Anti-Money Laundering and Countering the Financing of Terrorism relies on a comprehensive set of policies and procedures. The Group AML Policy defines the structure and organization of the Group AML Function
, specifying roles and responsibilities, as well as the general principles and standards that shall be adhered by all Group entities, Italian and foreign subsidiaries, in order to prevent and fight these phenomena
. The policy is then declined into procedures and operating manuals and instructions that are specific to each individual entity, on the basis of the peculiar national characteristics. They are jurisdiction-based and, thus, adapted to local requirements. Additionally, the Function establishes distinct operating manuals and instructions for the business lines / distribution channels describing in detail the processes and controls with the individual work steps to be followed in the activities.
The Function monitors the constantly evolving regulatory landscape
to timely respond to changes and ensure the adequacy of policies, procedures and controls.
In order to comply with all obligations, the Function follows a risk-based approach. Indeed, the customer risk assessment and classification allow controls (from due diligence measures to transaction monitoring) and valuable resources to be targeted at those profiles towards the higher end of the risk spectrum.
Know Your Customer
The cornerstone of the AML/CFT activity is the identification and verification of the customer’s identity through the collection of key identification data. Adequate Customer Due diligence (also known as KYC) procedures must be applied before entering into a relationship (e.g. at the time of the opening of a gaming account for the online channel) or before paying out prizes on the basis of pre-defined thresholds for the land-based gaming channel.
The completion of this step allows the AML Function to subsequently perform background checks. In conjunction with the KYC process, a risk profiling activity is undertaken on each online customer and on in-store customers claiming above-the-threshold prizes, who will be assessed and categorised according to their level of ML/TF. The customer risk classification determines in turn the level of due diligence to be applied to the relationship and the frequency of the periodic review. For those profiles that present higher risks, it is necessary to proceed with the acquisition of further information, as in the case of Politically Exposed Persons. Enhanced measures must be taken to compensate for the higher risk, for example by applying a stricter ongoing monitoring of gaming transactions.
Most activities are conducted using automated proprietary systems (for Customer Risk Profiling, Transaction Monitoring and Data and Document Retention), as well as databases of leading external providers. These tools allow, for instance, to screen the names of all players and corporate structures of the network of authorized partners - both at the onboarding and on an ongoing basis – against up-to-date compliance lists (Sanctions, PEP, adverse media) in order to verify identify possible reputational risks and to establish that the counterparty is someone with whom the Group wishes to start or continue to do business with.
Transaction Monitoring, Investigation and Reporting
The Function is equipped with a Transaction Monitoring engine, developed in-house and specifically customized to the peculiarities of the gaming industry, that allows to continuously monitor customer transactions on a daily basis in order to swiftly detect unusual or suspicious gaming patterns. Any alert of suspicious activity flagged by the system or detected by an employee is reviewed by the AML Function. An escalation process is in place for cases that warrant further investigation and, where appropriate, the timely submission of a suspicious activity report to the relevant Authority.
Internal reporting process
The Group has developed an internal reporting platform in order to comply with whistleblowing obligations. Furthermore, the personnel of the Points of Sale can send reports of suspicious activity, via a dedicated channel, to the AML Officer.
The ability to anticipate the times in accordance to a business philosophy of continuous innovation and improvement is a typical feature of Sisal, as evidenced by the increasing attention paid to emerging technologies such as Artificial Intelligence and Machine Learning. These solutions are subject to a constant analysis regarding how they can be used in AML/CFT prevention and integrated into the internal control framework. New generation technologies will help improve the accuracy in the detection of anomalous behaviour, by reducing the rate of false positives, and optimize the investigation of alerts.
Training is a central element of the internal control system designed to ensure that there are appropriate and robust measures to manage and mitigate ML and TF. It is delivered to all new and existing employees and collaborators, including staff of affiliated Points of Sale, in order to enhance the knowledge of regulatory aspects and the phenomena of ML/TF, strengthening a compliance culture, thereby reducing the risks for the Group. It is given at regular intervals via alternative methods, combining e-learning and classroom sessions, to maintain the employees and other relevant parties current. The plan is regularly updated to include new trends, changes in the legislation and industry updates in order to maintain and further the highest standards of AML/CFT compliance. All training records are documented and retained, in compliance with record-keeping obligations.
Another key activity carried out by the Function is the provision of advisory and support to other Functions on AML/CFT matters, in a spirit of collaboration and knowledge-sharing aimed at preventing money laundering and terrorist financing phenomena.
In order to keep pace with the Sisal’s internationalization process, the AML Function has established coordination mechanisms. These include regular reporting and information flows from the Local AML Officers of the foreign entities on the results of controls, activities, issues to allow a centralized monitoring.
Likewise, the AML/CFT compliance governance structure and oversight at executive/top management board level consists of an adequate internal information flow system.
Indeed, all the results of the AML Function’s activity (e.g. Annual Report, AML risk assessment, etc.) are shared with the Board of Directors, Risk & Compliance Committee and other control bodies in compliance with relevant legislation and internal policies.
The Group retains all records and information relating to customers in compliance with applicable laws. The AML Function keeps the documentation, including the results of any internal evaluation and investigation, for the maximum time limit set for the retention of data by the legislation, guaranteeing the exclusive access to such information to the personnel concerned.
Relations with the Authorities
The AML Function collaborates with law enforcement and other relevant competent Authorities carrying out inspections as a result of a SAR or other investigative activities and timely responding to information requests.