CyberHorizon Slapped with Fine by GSC for AML, CTF Failures

The Isle of Man Gambling Supervision Commission (GSC), which is responsible for regulating most forms of gambling in its territory including land-based and online gambling services, has levied a £140,000 ($184,000) fine on CyberHorizon Limited. 

Multiple AML and CTF Violations
The fine came as a result of the commission uncovering multiple violations of anti-money laundering (AML) and counter-terrorism financing (CTF) regulations, following a thorough investigation into the company’s compliance with the Isle of Man’s Gambling (Anti-Money Laundering and Countering the Financing of Terrorism) Code 2019. 

The GSC’s actions highlighted the regulatory body’s commitment to enforcing strict AML and CTF standards in the online gambling industry.

One of the key takeaways from GSC’s public statement refers to the fact that operators must comply with the Code while “Reliance on any third party or service provider for any operational aspects of an Operator’s financial crime control environment should be subject to robust oversight and appropriate assurance controls.”

CyberHorizon, which held a license under the Isle of Man’s Online Gambling Regulation Act (OGRA) from March 2021 to September 2023, first attracted regulatory attention during a supervisory inspection in June 2023. 

The inspection, which was based on a sample of files, immediately revealed prima facie contraventions of the Code which prompted the commission “to consider that it was reasonable, necessary and proportionate in all the circumstances to commence a regulatory investigation.”

Accordingly, the GSC initiated a full-scale investigation into the company’s practices.

Key findings of the investigation included CyberHorizon’s failure to conduct regular reviews of customer risk assessments, which is a critical requirement under paragraph 8(3) of the Code. 

The company also neglected to perform a technology risk assessment before launching its operations, as mandated by paragraph 7. 

Additionally, CyberHorizon did not terminate relationships with customers who failed to provide enhanced due diligence or meet other regulatory standards, in violation of paragraphs 10 and 14. 

The company further breached paragraph 18 of the Code by failing to establish a clear process for retrieving records after its license was revoked.

Full Cooperation Brought a 30% Smaller Fine
In light of the violations it discovered, the GSC initially imposed a £200,000 ($261,000) civil penalty on CyberHorizon. 

However, the fine was reduced by 30% as a result of the company’s full cooperation with the investigation and early settlement discussions. 

The GSC acknowledged CyberHorizon’s willingness to engage constructively in resolving the issues, which influenced the decision to reduce the penalty.

In a statement regarding the settlement, the GSC said it was “satisfied that the imposition of the civil penalty on CyberHorizon” was reflective of “the serious nature of the non-compliance and issues identified.” 

The commission was also content that CyberHorizon’s directors recognized and accepted “that there had been certain shortcomings in that mandatory aspects of the Code had not been complied with,” something they were working to correct.

Sending a Clear Message
The GSC’s action against CyberHorizon sends a clear message to other firms in the gambling industry about the importance of adhering to AML and CTF regulations. 

The regulator emphasized that it will continue to rigorously enforce compliance standards when breaches are detected. It also reiterated its commitment to maintaining the Isle of Man’s standing as a well-regulated and responsible jurisdiction for online gambling operations.

“This case underscores the obligation of all operators to conduct their business in a way that effectively identifies and mitigates the risks associated with money laundering and terrorist financing,” the GSC stated while also encouraging operators “subject to a regulatory investigation to engage transparently, openly and urgently with it.”

The GSC also cautioned firms against relying too heavily on third-party providers for financial crime controls without implementing proper oversight and assurance measures.

Following the investigation, CyberHorizon has begun addressing the regulatory breaches and working to ensure future compliance with the Isle of Man’s rules. 

Although the company’s license was terminated in September 2023, its ongoing cooperation with the GSC suggests it is taking steps to rectify the issues identified during the investigation. 

At the end of July, the GSC announced it canceled the licenses for King Gaming Limited and Dalmine Limited, arguing the decisions were aligned with section 5(2) of the Gambling Supervision Act 2010. 

Before that, during the same month, the commission’s chief executive officer, Steve Brennan, announced he would step down from his role after almost two decades, with his official departure scheduled for the end of the year.