Camelot fined £3.15m over National Lottery app failings

| By Robert Fletcher
Great Britain’s Gambling Commission has ordered Camelot UK, operator of the UK National Lottery, to pay a fine of £3.15m (€3.77m/$4.14m) over failings related to its mobile app.

The fine comes just days after the regulator announced that Camelot’s 28-year tenure as the UK’s lottery operator is set to come to an end.

The Commission identified three key failures stretching back to November 2016, including that players were wrongly informed their winning ticket was a non-winner, customers being charged for two tickets when only wanting to buy one and the app sending out marketing messages to people who had self-excluded. All of these placed it in breach of the National Lottery Act 1993.

Regarding the players being informed of the wrong result, Camelot notified the Commission on 23 September 2020 of issues with its QR scanner, a function that allows players to scan individual Lottery ticket QR codes using a mobile device in order to see if a ticket is a winner.

Camelot said it had disabled the function after identifying issues with the iOS version of its app in that some of customer scans were incorrectly displaying a non-winning message.

The Commission said Camelot was unable to identify how many customers were affected but estimated there was a potential that up to 20,000 scans may have produced incorrect ‘non-winning’ messages to players between November 2016 and September 2020. 

Camelot also estimated that this resulted in between £48,000 and £68,000 worth of missed winnings, though it was unable to ratify this figure.

In response, the Commission’s National Lottery Committee concluded licence conditions 5.1, 5.13G(c)(ii), 7.42(a) and 14.7(a) had all been breached.

The second failure related to duplicate ticket purchases for draw-based games. A number of players were given two tickets with the same number of lines for the same draw as they believed the original purchase had not succeeded. 

This issue, the Commission said, occurred in October 2020 when some players clicked the ‘Buy Now’ button to purchase their ticket, but instead of seeing the ticket confirmation page, they were logged out of the app. 

When the player logged back in, they were presented with the ‘Buy Now’ page again, which led players to believe the purchase had not been completed. As a result, they bought the same ticket again. 

The commission said between 13 October and 23 October 2020, a total of 22,210 players were affected by this issue during two incidents. All of these players were identified and either refunded for the duplicated wager or – where duplicate wagers were winners – both tickets were honoured as winners.

The Committee concluded that conditions 5.1, 5.13G(c) and 14.7 had been breached.

The third and final failure was in reference to push notifications that were sent to players who had either self-excluded from gambling or had been identified by Camelot as at-risk customers. 

Camelot informed the Commission that when a player first installs the app, they can choose to receive or block notifications. Unless a player has opted in, no notifications, either from Camelot or a third-party partner, will be delivered to that player’s device.

In addition, Camelot has a facility to place ‘suppression flags’ on accounts to prevent notifications or marketing being sent to players it has identified as at risk of harm or who have shown signs of gambling-related issues. 

However, it said that a “data transmission problem” was caused by a “delayed trigger event” in the player journey. This, the Commission said, could occur if a player was moving between multiple apps while the Camelot app remained open. 

In certain circumstances, the Commission said this delay could result in a player’s ID being classed as ‘anonymous’, therefore not associating the account with any of the protection measures. 

The Commission agreed that Camelot produced accurate player suppression lists to third-party suppliers, but said this issue prevented those players on its suppression list being correctly linked with their known account ID.

This led to a number of in-app marketing push notifications being sent to some players on the suppressed list. Camelot noted that if a player re-launched the app, this would have reset the player status and the ID would be updated and added to the suppression list.

As such, the Committee concluded that conditions 5.1 and 14.7 had been breached. The issue impacted approximately 65,400 players between February 2018 and January 2021.

Concluding its findings, the Committee agreed that the breaches placed Camelot’s statutory objectives at risk and said this could have a significant impact on the reputation of the National Lottery. However, it also noted that Camelot did take action to notify the regulator of issues, take corrective action and pay players refunds or lost winnings.

The Committee also agreed there was evidence to show players had been disadvantaged, misled and treated unfairly as a result of the breaches, though, in the case of duplicate wagers, it recognised restorative that measures had been taken.

The Committee added that there was no evidence of any impact on the return to good causes, nor was there evidence of any financial gain to the operator from non-compliance.

In addition, looking at Camelot’s governance and controls, the Committee agreed there had been recurrence of issues, and evidence of similar matters in the past, as well as issues in effectiveness in managing contractors. However it also said there was not any evidence of reckless or negligent behaviour, nor any attempt to conceal failings.

Referencing section 10A(2) of the National Lottery Act 1993 and the Commission’s Enforcement Policy dated January 2018, the Committee decided to impose a financial penalty of £3.15m.

Camelot agreed to pay the entire fine to good causes.

“We are reassured that Camelot has taken steps to make sure that their National Lottery app is fit for purpose,” Gambling Commission chief executive Andrew Rhodes said.

“However, we must caution Camelot that any failings on their duties will be met with consequences. Today’s announcement reinforces that any operator failing to comply with their licence requirements will be investigated by the Commission and we will not hesitate to issue fines if requirements are breached.”

Responding to the ruling, a Camelot spokesperson said: “

“We accept the outcome of the Gambling Commission’s investigation in respect of three unrelated historical incidents. We are sorry that some of our controls fell short of the mark in certain very specific circumstances and have paid the fine. We always strive to operate The National Lottery to the highest possible standards and, given its scale and complexity, we’re proud of our track record of running The National Lottery with extremely high levels of integrity.
“We welcome the Gambling Commission’s recognition that, as soon as the issues became known to us, we reported them and acted promptly to resolve them. We’re also pleased that the Commission makes clear that we did not act negligently, and that there was no negative impact on returns to Good Causes or financial benefit to Camelot.”

The fine comes after last week the Commission named Allwyn as its preferred applicant for the fourth National Lottery licence – the first time an operator other than Camelot had been chosen.

If the operator – formerly known as the Sazka Group – finalises its agreement with the regulator, it will operate the lottery for 10 years, starting in February 2024. 

Camelot, which has run the lottery since its inception in 1994, was named reserve applicant and would continue in its role should the Gambling Commission fail to finalise a deal with Allwyn.

The Camelot fine follows a series of other financial penalties handed out by the Commission in recent weeks. Bonne Terre Limited, trading as Sky Betting and Gaming, was this month fined £1.17m for sending promotional emails to customers who had self-excluded or opted out of receiving marketing.

Also in March, the Commission fined 888 £9.4m over a series of social responsibility and money laundering failings, including setting its deposit threshold for financial checks at £40,000.

BetVictor operator BV Gaming Limited also agreed to pay a regulatory settlement worth £2.0m after the Commission identified a series of fairness, social responsibility, and money laundering failures.

Subscribe to the iGaming newsletter