Our relationship with our players is paramount. We get to know them and tailor our products around their needs, so that we form long-term bonds that give us more sustainable revenue. The key to this is providing both a fun and safe environment for players to play in, and we are committed to proactively assessing, managing and mitigating the risk of our players developing problem gambling behaviours. We take this commitment seriously and see it as a marketplace differentiator. We’re already seen as a responsible gambling leader and it is one of our five strategic business goals to develop this further this year.
Accountability for the Group’s approach to responsible gambling rests with the Board, who are supported by the newly formed ESG Committee.
We are first and foremost an entertainment company so our products must be fun. We provide a fully rounded entertainment experience and whilst gambling is a significant part of this, nearly half of our website use (46%) is for non-gambling related activities, including free games and chat rooms. Having this breadth of service helps us to cement longer-term relationships with our players.
The quality of our players’ experience is extremely important to us and so we are highly selective about the games we offer. We conduct detailed statistical analysis on the use of our games, but we also rely heavily on player feedback, which we actively use to shape the games we have on site. We gather this feedback in a number of ways:
- Twice-yearly player satisfaction survey: In 2019 the survey questions were refreshed and for the first time we surveyed not only our players but also 3,500 players of 12 other brands. The feedback received was overwhelmingly positive, with an overall satisfaction and net promoter score for all Gamesys’ brands significantly exceeding the peer group average.
- Annual responsible gambling survey: This survey is specifically to understand player views on responsible gambling and the tools we provide.
- Online research community: C.9,000 of our players form our voluntary online research community, ‘VoiceBox’. We use the community for piloting new games, trialling advertising and conducting ad hoc surveys.
- Focus groups: On specific projects we engage focus groups of players and non-players in our dedicated focus group room. Almost 20 of these sessions were held in 2019, some of which were observed by members of the Board.
- Chat rooms: We monitor comments on our chat rooms and use this as a source of feedback, as well as hosting chat room conversations specifically designed to gather feedback.
The player insights we receive are actively used to drive change in the business. For example, when we developed new theme ideas for one of our brands, we tested these on our VoiceBox community. The winning themes were then brought to life by our in-house design team and in a subsequent survey to VoiceBox players, 76% were found to find the games appealing.
Trust is the foundation for our relationship with our players and it facilitates an enjoyable recreational experience. Imperative to this is operating fairly and providing a safe environment for our players to play in. We’re proud of our work in this area and the findings from our latest available player survey showed that, on a scale of 0-10, we were rated as 8.1 for trustworthiness and 8.3 for taking responsible gambling seriously, both industry-leading scores.
We recognise, however, that there is a risk that a small number of our players may lose control of their gambling activity. We’re committed to reducing this risk and as a minimum meet all regulatory and licensing requirements, going beyond these in many instances.
We deliver our commitment to responsible gambling in a number of ways:
- Player-centric product design: We design our products with our players in mind, including territory-specific control mechanisms to ensure players are over the legal age in territory and a range of tools to help control gambling. These tools include deposit limits, session reminders, self-exclusions and cool-off periods. Quarterly communications to players on responsible gambling tools were rolled out globally in 2019. New UK players also receive responsible gambling communications within 24 hours of joining, with additional interactions if their risk profile changes. In our latest responsible gambling survey, 96% of players said it was easy to find and use the tools.
- Responsible marketing: We’re committed to ensuring that we, and our affiliates, advertise and market activities in a fair, transparent and responsible way, in accordance with relevant legislation and regulations, and adhering to best practice standards including the Gambling Industry Code for Socially Responsible Advertising. As a member of the Betting and Gaming Counsel ExCOM, we are active in various working groups, committing to raising standards across the industry. In order to ensure marketing campaigns are responsibly positioned, accurate and not misleading, our legal team and the marketing compliance team get involved early on with large-scale marketing initiatives and projects to ensure relevant training, standards and guidance are captured and adhered to from the outset. Marketing campaigns are also signed off by the legal team or marketing compliance team, who provide relevant significant conditions and guidance on suitable content and appropriate substantiation requirements to accompany the marketing claims. We ensure advertisements only target people over the legal age for gambling, display the 18+ logo and are designed to not be of particular appeal to children, young people or vulnerable people. Technical solutions for the verification of customer age are also in place and verification is ensured before direct marketing is sent. Compliance with our responsible marketing policy and guidelines is monitored by an in-house QA team and as part of the Marketing Compliance role.
- Management procedures: We have a robust framework of procedures and processes in place to identify, manage and respond to suspected problem gambling. These are based on the five “I”s.
- Identify: We use complex machine-learning algorithms to continually monitor gambling behaviours, allocate individual player risk ratings and identify potential players at risk. We also have a dedicated email address for employees to raise any concerns they may have about a player. VIP players are more closely monitored and must go through a risk-assessment onboarding process and frequent on-going gambling reviews. Positively, year on year we have seen the percentage of active players considered at risk of, or experiencing gambling-related harm, reduced from 7.7% in 2018 to 7.4% in 2019.
- Investigate: Our skilled responsible gambling teams analyse account information using an intelligent review system.
- Interact: Where there are concerns for a player, our response is tailored procedurally to the level of need. For example, interventions may begin within 15 minutes for urgent cases, or for more minor concerns, phone calls, automated emails and site pop-ups may be used.
- Intervene: Where we believe problem gambling exists we will provide advice and support to players, and immediately close their accounts. One of the benefits of the majority of our products now being hosted on proprietary technology is that we can do this in real time. For UK players we will directly transfer their call to counsellors at GamCare (we were one of the first in the industry to do this), fund GamBan (device software which blocks access to gambling) on our player’s behalf and talk players through how to register on GAMSTOP (which stops players being able to play on other gambling sites). We do not allow players registered with GAMSTOP to use our websites. Players who wish to return after an agreed self-exclusion (minimum duration six months) has lapsed must speak to our support staff and be supervised through their return to play with deposit limits also put into place.
- Impact: We use our dedicated insights team to examine the impact of our interventions. For example, in a recent analysis they found that 84% of players who received an intervention call from our responsible gambling team saw a reduction in their algorithmic risk rating after seven days. The insight team’s latest research is continually used to hone our algorithms, thresholds, limits and other responsible gambling tools.
- Resources: All of our employees are trained in responsible gambling and we instil a culture of care through our Gamesys DNA. We operate two dedicated responsible gambling support teams, covering all markets and, for our largest market, the UK, these are available to players 24 hours a day. Our 23 responsible gambling team staff are extensively trained in their specialist skills, with such training designed by third-party experts.
Problem gambling is an industry-wide issue so we proactively work with our peers, industry experts and charities to share information and drive change. Our commitment to collaboration is reflected in our recent decision to join the Betting and Gaming Council (‘BGC’), an industry body championing progressive, beyond-regulatory standards of responsible gambling. We actively support their goals and senior Gamesys Group employees participate in three BGC sub-committees.
Another important peer group collaboration we’re involved with is being led by EQ-Connect. This pioneering project involves sharing player data with other participating companies in order to better facilitate the early identification of at-risk players. We are one of the first companies to have engaged with this scheme.
In a new two-year partnership with Wolverhampton’s Citizens Advice Bureau we are sponsoring an apprentice to run a web chat service providing advice on debt management. In return we will be given access to anonymised data on debt issues and the relationship between gambling and debt, for our insights team to analyse. The Citizens Advice Bureau will also be providing our staff with training on financial debt management.
It is one of the Group’s five strategic priorities, ‘Putting the player first’, to continually evolve our approach to responsible gambling and keep ahead of the pack. Headline achievements in 2019 include rolling out the GamCare call transfer service, removal of credit card payments in the UK (prior to the required effective date) and new research into how to most effectively communicate on responsible gambling. The latter research, which was conducted by behavioural science experts, will be used to trial, iterate and improve player communication over the coming months.
Following the uniting of our two companies, the Chief Product Officer has taken responsibility for spearheading the streamlining and progression of responsible gambling initiatives, supported by a newly appointed project manager. Progress updates are regularly provided by the Chief Product Officer to the ESG Committee and the CEO. Our multiple improvement workstreams centre around three focal areas – learn, care and inform.
Invest in research to understand the drivers of problem gambling so that we can make a real difference.
Creating a caring environment by investing in education and support whilst applying globally and locally defined player care standards.
Develop a ‘Player Care’ sub-brand, widely known by our players.
We operate a robust risk assessment and mitigation process to prevent the business being used for money laundering. Core to this is knowing our players, and we operate both automated and manual methods to verify a player’s age, identity and source of funds.
Anti-money laundering (‘AML’) risk assessments are conducted at a minimum on an annual basis, with additional assessments for significant business changes (e.g. launch of a new product, expansion of operations to a new jurisdiction etc.). Where significant risks are identified (e.g. a politically exposed person, presence of sanctions etc.), mitigating controls are implemented. Responsibility for our AML procedures rests with our two money laundering reporting officers, who together cover all markets.
All employees receive training on their responsibilities relating to AML and additional targeted training is given to roles relating to higher risk areas. Gamesys Group successfully completed a corporate evaluation by the UK Gambling Commission at the end of 2019.
Our online gaming business model warrants a complex technological environment that is complemented with comprehensive, company-wide Information Security Management and Data Protection programmes. The protection and privacy of our players and staff data (“Data”) are fundamental to both programmes. The Information Security Management Programme (ISMS) contains administrative, physical, and technical safeguards that are designed to protect Data against any unauthorised access, alteration, destruction, disclosure, or use. This Programme includes the following aspects:
- Information security framework: Our formal information security framework establishes a clear mandate for the Group’s effective information security governance and represents the endorsement of the Group’s executive management team. The framework objectives are defined in a set of security principles that translate into policies, standards, procedures and guidelines. We regularly review these documents and monitor compliance to them, conduct risk assessments, perform application and network security assessments, and foster security awareness.
- Risk management: The Group has a process in place whereby risks to the business are identified and assessed, and thereafter prioritised, treated or mitigated. Risks are benchmarked according to their impact and likelihood scores which together form the security risk score. The risks and ensuing risk scores are defined and maintained in periodically reviewed risk registers.
- Security awareness training & communications: All staff undergo mandatory security induction training upon employment. Additional, role-specific security training is provided on a periodic basis in line with any jurisdictional, regulatory, and compliance requirements. Security training is periodically complemented with internal communications, and security awareness simulations that assess and benchmark staff comprehension.
- Physical Controls: Physical security and access to information systems (both in-house and third-party data centres) and Group-owned facilities is regulated and monitored through a set of physical controls and video surveillance facilities. Additional controls are present at co-located data centres and third-party cloud service providers in line with their certification and compliance obligations.
- Technical controls: The Group adopts a set of security technical controls, including but not limited to, access controls, data encryption, segmentation of environments, and perimeter security that are commensurate with the confidentiality, integrity, privacy and availability of the respective services and data being handled.
- Security incident management and response: There are documented procedures in place for reporting and managing any suspected or actual security threats, including the subsequent mitigation and response to any confirmed Data breaches or other security incidents. All reported security incidents are logged while an investigation team performs a root cause analysis and identifies any affected parties. Such parties are notified, and any responsive actions and remediation plans are documented.
- Security Assessments and Audits: Security controls are regularly assessed through the Group internal audit function and the organisational security maturity is assessed on a biannual basis. External security audits are undertaken on a periodic basis in line with jurisdictional, regulatory, and compliance requirements. Any detected vulnerabilities are benchmarked and addressed on a risk basis.
- Certifications and Attestations: The Group ISMS is aligned with and attested against contemporary industry-standard security practice, as well as in compliance with legal and regulatory frameworks in the jurisdictions we operate in. The Group also possesses and maintains ISO 27001 and PCI-DSS Level 1 Service Provider certifications for some of its entities.
- Information security in outsourced data processing: All new vendors acting as data processors are subject to a comprehensive vendor risk assessment in the form of a compliance due diligence process (including where applicable a data protection impact assessment) and a security review. In both cases, the vendors are assessed against different set criteria and on the ensuing documentation they provide. Any identified risks within these assessments are reflected within the finalised contractual arrangements with the respective vendors. Data processors cannot sub-contract data processing activities without prior approval from the controller of the Group and all sub-processors must be bound by the same level of contractual obligations as the processor.
- Business continuity functions: The Group maintains a documented business continuity process that satisfies the availability requirements for different business functions. These provide contingencies for informational assets, business processes, and human resources. Resilience features are present within different components of information systems.
- Player Security: The Group has appropriate security measures to prevent player data from being accidentally or maliciously accessed, used, alteredor disclosed. All Internet-based traffic between players and Group websites is encrypted during transit using Transport Layer Security (TLS). Additionally, access to player data is limited to staff, contractors, and other authorised third parties strictly on a role-based need-to-know basis. Player data is processed in compliance with applicable jurisdictional, regulatory, and compliance requirements. In the event of any suspected or confirmed security breach involving player data, a procedure is in place to notify affected players. Player can contact Customer Support anytime through appropriate channels should they have any concerns on the safety of their own data. Finally, all player online transactions are carefully screened to prevent fraudulent activity.
Privacy Mission Statement
At Gamesys, we recognise the importance of protecting personal information and are committed to processing it responsibly and in compliance with applicable data protection laws in all countries in which we operate. Our commitment is set out in our Privacy Mission Statement.