Social responsibility policy: how do we judge success and failure?

Back in June, 32Red received a package of penalty fines totalling £2m from the Commission in relation to what were judged to be a series of failures to intervene with a customer who deposited more than £750,000 over three years, and whose source of income (when questions were asked) was largely unevidenced and appeared to be significantly lower than his expenditure on gambling. 32Red was not the first operator to receive a substantial penalty for this kind of issue, and they probably will not be the last.

In this article, I am deliberately not going to describe or consider the facts of that case for two reasons: first, the decision is a matter of public record [1] and has already been discussed in various places. Second is that there is a great danger in commenting upon decisions and investigations in which one has had no involvement. We do not have access to all the underlying facts.

However, it does provide an opportunity to highlight one of the key problems of gambling regulation – the steps that an operator should take both to know their customers and also to protect them from themselves, and to consider whether the way in which we currently assess those policies is actually optimal.

Let’s start with the key rules that 32Red was said to have broken. The first is Licence Conditions and Codes of Practice (3.4.1) and sets out that operators must include in their policies the way in which they are going to make use of relevant sources of information to identify at-risk customers (and VIP customers) to target customer interactions.  The second is Licence Condition 12.1.1 which obliges operators to create, review and implement a risk policy in relation to anti-money laundering and terrorist financing.

There are (at least) three difficulties with these rules:

• Compliance with the rules is judged retrospectively against outlying cases
• The operator is subject to an internal commercial conflict of interest
• The customers involved are often seeking to avoid the rules.

I am not saying that the current rules are wrong or should not exist – far from it. But I am asking that operator compliance with the rules must be judged with these difficulties in mind.

Retrospectively viewed outliers

Cases brought by the Commission focus on issues which appear to be stark breaches and failures of policy, viewed with the clarity of hindsight. The 32Red case involved a customer who deposited more than £750,000. Viewed alone, that single statistic makes the nature of the failure look catastrophic – how could a system leave such levels of spending unchecked? The problem with focusing on the data relating to failure, is that it may not give an accurate picture of the overall success of the system. Consider this: we look at the reasons behind plane crashes and we are (rightly) shocked by the statistics which show a terrible loss of life –because when things go wrong, they go wrong badly, and lessons need to be learned. But we are also constantly reassured that plane travel is one of the safest forms of transport on the planet [2]. So when we are assessing the overall effectiveness of risk-prevention systems, we should not only judge them by the few incidents of failure, but also by the volume of successful risk-free interactions.

Most data sets relating to a group of humans will conform to some sort of normative or “Gaussian” distribution – there will always be outlying examples which make headlines. Risk based policy making encourages operators to invest a disproportionately large amount of effort into these outlying margins but, when judging the success of a policy, one should not confine one’s analysis only to the outliers.  The fact that some players will go vastly beyond the mean or the mode (or beyond what regulators might find personally acceptable, mostly being non-gamblers themselves) is not a sign that a system is broken or even inappropriate – it is an acknowledgement of the inevitable fact that all normative distributions have outliers.

Internal conflicts

Internal conflicts come in a number of different guises. Perhaps the most obvious is the internal conflict between distinguishing VIPs from problem gamblers. Every successful business rewards its best customers – either offering a discount or better facilities to reward and encourage their fidelity. What is more, VIP players account for a disproportionately high percentage of operator profits. But the Venn diagram of VIPs and problem gamblers has a clear overlap. The decision as to whether to reward and bonus a player or intervene and discourage further gambling often literally pits the job success metrics of the head of VIP against those of the head of compliance / social responsibility. How can regulation ease that tension? The answer is that it can best do this by imposing standards which take that conflict out of the hands of the business.

That is not the only type of internal conflict: Ask a game designer to define their objectives and near the top of the list will be creating a game which is popular, draws people in with compelling calls to action and creates a sense of excitement, so that players will prefer it and play it more than other offerings. Of course, building attractive games is not the same as building addictive games; but it’s not the opposite either.  Once we have accepted that society and our legal framework allows the promotion of gambling, we are inevitably left with a subjective judgement about how much gambling is “too much” or where a product is too appealing. To give one example, if one wanted to find a way of reducing the levels of addiction and problem gambling, one simple way would be to impose a low maximum return to player. If players were to find that their gaming experience resulted in the swift loss of all their money, they would quickly become dis-incentivised. High RTP is a key driver of the attraction of a game, meaning that a customer is hovering around the gain line for more of his gambling experience, and loses his money only slowly. But one cannot imagine the Gambling Commission being brave enough to announce that operators must reduce their return to player – it would hardly lead to happy headlines.

To return to our aviation comparison, one of the single simplest ways of increasing the structural safety of passenger aircraft is to remove all the windows, (a configuration found on most cargo planes). But customer expectation of being able to see outside an aircraft has caused the industry to design aircraft with inherently weaker fuselages, to match consumer expectations. So whilst both industries speak about safety being the “paramount consideration”, it is wrong to ignore that there is always a conflict between customer safety and cost – there is always a balance being struck.

Again, when designing policies in this area, it is often wise to impose detailed standards rather than allowing operators to decide their own approach to risk. The purpose of this approach is to create conformity across industry, but also to ensure that there are no compromises in relation to certain aspects of systems, and that operators cannot effectively compete against each other on safety standards.

Having advocated a more “top down” approach to regulation in this area, there is always a danger that this simply creates a “one size misfits all” approach. As we know, the rules in relation to interventions and anti-money laundering are based upon a risk assessment to be performed by each operator. The attractions of that approach are clear, because it allows operators to develop a model adapted to the peculiarities of their customer bases. But self made risk assessments also carry the risk that operators will take a very different approaches to the same customer base, in ignorance of others’ standards.  So if rules and guidelines are to be constructed (either by industry or by regulators), they have to be smarter.

Q: Your client base is composed of individuals with an average income of £40,000 per annum, average lifetime value of £500 and an average deposit of £30. What is the level of deposit which should trigger an enhanced due diligence check? £1,000, £2,000 or £5,000?

A: Who knows?

In the above example, all of the above answers might be right, (and some of the statistics may even be relevant), but one can see how reasonable minds may differ, even where there is a 5 fold multiple between the top and bottom answer. The industry does not currently have any meaningful measure, standard or yardstick against which to judge these issues, and the Commission is not really showing any sign of developing further assistance to make compliance a more certain science.

Any meaningful assessment of the customer should be based not on plain numbers but on some multiple of standard deviation. Only by looking at the shape of the overall player base can one assess how far a particular player is from the norm Contextualisation of key data within a normative distribution is the only way of creating regulation with a sufficiently sophisticated level of flex. And passing that task over to individual operators is a recipe for differences of opinion.

I am often asked by operators “what do you think would be an appropriate figure?” for a particular risk metric for EDD or intervention. In my experience, the question is not posed as a way of seeking to stretch compliance as far as it can go, but seeking reassurance from an outsider with some knowledge of other operators to help to resolve a very thorny internal question, critical to the business, and at the heart of the tension between profit and customer protection.  It is time that the industry, or the regulator, took a braver approach to defining some of its own regulatory standards, if only to prevent the allegation after the event that “the level you chose was clearly unreasonable, because outcome X shows it must be so”.

Protecting a customer intent on doing harm

Finally, I touch upon the issue that, for the small number of players who are either out of control with their gambling or alternatively using it as a way of masking illegitimate money, the operator finds themselves in an unenviable position: the person whom they are trying to care for may well be intent on subverting the very systems which the operator has imposed. So much is obvious in the field of money laundering, where the player is not at all interested in the game itself, but merely receiving cleaner funds. But it is also true for the problem gambler.  Cases like Calvert v William Hill Credit Ltd highlight what Briggs J called the “inherently limited effectiveness of self-exclusion as a remedy for the underlying problem”. He concluded that “the self-exclusion procedure forms a main plank in the social responsibility structure which stands as the quid per quo for the modern policy of the encouragement of gambling as an industry and as a leisure activity. The question whether the limited effectiveness of self-exclusion as a remedy for problem gambling undermines the integrity of that public policy bargain is something for the Gambling Commission and Parliament rather than the courts to decide.” There is, therefore, a danger that penalising operators for failures in self exclusion, is merely punishing them for not obeying the rules, but not necessarily improving the chances of the regulatory regime working for its intended social purpose.

[1] https://www.gamblingcommission.gov.uk/news-action-and-statistics/news/2018/32Red-to-pay-2m-penalty-package.aspx

[2] There is an average of one fatality for every 287 million passengers carried by UK operators. This can be compared with a one in 19 million chance of being struck and killed by lightning in the UK or a one in 17,000 chance of being killed in a road accident (Source: Civil Aviation Authority).