4 October 2024: Public Statement on Cyberhorizon Limited

PUBLIC STATEMENT CONCERNING A REGULATORY INVESTIGATION BY THE ISLE OF MAN GAMBLING SUPERVISION COMMISSION IN RESPECT OF CYBERHORIZON LIMITED (“CyberHorizon”) AND THE ASSOCIATED OUTCOMES

1. Action

1.1 The Isle of Man Gambling Supervision Commission (the “Commission”) makes this public statement in accordance with powers conferred on it under section 19 of the Gambling (Anti-Money Laundering and Countering the Financing of Terrorism) Act 2018 (the “Act”).

1.2: The making of such public statement supports the Commission’s statutory objectives of, among other things, securing an appropriate degree of protection for customers of persons carrying on a regulated activity, reducing financial crime and maintaining confidence in the Isle of Man’s gambling industry.

1.3: Consequential to undertaking a regulatory inspection of CyberHorizon which identified prima facie contraventions of the Gambling (Anti-Money Laundering and Countering the Financing of Terrorism) Code 2019 (the “Code”) the Commission opened an investigation into CyberHorizon. This Public Statement details the conclusions and outcomes of that investigation.

1.4: In light of the same, the Commission has determined that it would be reasonable and proportionate, in all the circumstances, that CyberHorizon be required to pay a discretionary civil penalty in connection with these contraventions in the sum of £200,000 discounted by 30% to £140,000 (the “Civil Penalty”).

1.5: The level of the Civil Penalty reflects the failures admitted but also the fact that CyberHorizon and the CyberHorizon directors co-operated with the Commission and agreed settlement at an early stage.

2. Background

2.1 CyberHorizon was licenced by the Commission pursuant to the Online Gambling Regulation Act 2001 (“OGRA”) between 5th March 2021 and 25th September 2023.

2.2 Commencing in June 2023, the Commission conducted a supervisory inspection in respect of CyberHorizon in accordance with its statutory powers (“the Inspection”). The Inspection, based on a sample of files, identified prima facie contraventions of the Code (“the Contraventions”). The identification of such contraventions caused the Commission to consider that it was reasonable, necessary and proportionate in all the circumstances to commence a regulatory investigation.

3. Investigation conclusions

3.1 The Investigation report identified a range of issues that, when assessed by the Commission against relevant Guidance and legislation established, and it is accepted by CyberHorizon that, at all relevant times when formerly licenced, CyberHorizon: -

3.1.1 had not been fully meeting requirements in relation to regularly reviewing its customer risk assessment in contravention of paragraph 8(3) of the Code;

3.1.2 had not fully met requirements in relation to a technology risk assessment being implemented prior to launch of CyberHorizon in contravention of paragraph 7 of the Code;

3.1.3 had not been fully meeting requirements in relation to ceasing customer relationship after customers had not provided enhanced due diligence or had otherwise been found to not meet regulatory requirements in contravention of paragraphs 10 & 14 of the Code;

3.1.4 had not evidenced any process on how records will be retrieved following licence cessation in contravention of paragraph 18 of the Code.

3.2 The nature, extent and type of contraventions were of such a nature as to cause the Commission to conclude that, in all the prevailing circumstances, the imposition of a Discretionary Civil Penalty was appropriate.

4. Statement

4.1 The Commission is satisfied that the imposition of the Civil Penalty on CyberHorizon, reflects the serious nature of the non-compliance and issues identified. The Commission is also satisfied that the directors of CyberHorizon, at this time, recognise and accept that there had been certain shortcomings in that mandatory aspects of the Code had not been complied with.

4.2 It was further noted that CyberHorizon had entered into settlement discussions with the Commission and having accepted certain shortcomings, sought to resolve matters constructively and expeditiously.

5. Key Takeaways

•      All firms undertaking business in the regulated gambling sector have an obligation to conduct their affairs in a manner that adequately identifies and mitigates, amongst other things, the money laundering and terrorist financing risks faced by it.

•      The Commission, in regulating and supervising online gambling, will exercise its powers robustly if material risks to its regulatory objectives are identified in order to ensure that the Isle of Man retains its reputation as a responsible, and well regulated, Jurisdiction.

•     Compliance with the Code is mandatory. Reliance on any third party or service provider for any operational aspects of an Operator’s financial crime control environment should be subject to robust oversight and appropriate assurance controls.

•     Where businesses choose to adopt a higher risk model or take on higher risk clients, the Commission will require that such businesses can demonstrate the necessary degree of competence (including, experience, qualifications, resource capacity and track record) so as to be able to identify and mitigate associated risks.

•     The Commission encourages any Operator subject to a regulatory investigation to engage transparently, openly and urgently with it. The Commission has committed to engaging transparently in the exercise of its enforcement activities. This transparency can be evidenced, amongst other things, through the suite of enforcement policy and guidance documents on its website  www.isleofmangsc.com/gambling/enforcement/