From time to time, the Gambling Commission (as the industry’s supervisor under the Money Laundering Regulations) publishes bulletins which identify “emerging money laundering and terrorist financing risks”.

Holders of every type of operating licences except gaming machine technical and gambling software licences need to comply with Licence Condition 12.1.1(3) which requires them to “take into account any applicable learning or guidelines published by the Gambling Commission”, which includes such bulletins.

We have seen, on numerous occasions, operators called out for not doing so in the context of compliance assessment. It is critical that all operators reflect on this information and can demonstrate this to the Commission. This requires a detailed, recorded assessment of the risks presented, the relevance to their business, the mitigations identified and a clear mapping across into policies and procedures. We have seen operators criticised by the Commission for failing to record why a particular emerging risk was not actually relevant to them.

This will require an update to risk assessments and then to corresponding policies and procedures. Licence holders’ governance frameworks will be tested by this and need to react appropriately and ensure their reaction is effective.

The emerging risks the Commission identifies are summarised below.

The bulletin itself contains guidance on “What operators need to do”, which needs careful digestion.

1. Money service business activity in remote and non-remote casinos

Some remote and non-remote casinos offer money service business (MSB) facilities, which include foreign currency exchange, third-party cheque cashing and third-party money transfer (into and out of the casino)

The Commission cites casino customers attempting to deposit large denomination notes of foreign currencies (including €500 notes) into casinos and criminals using currency exchange services to convert criminal cash into high denomination foreign currency notes.

2. Artificial intelligence used to bypass customer due diligence

There is an increase in the scale and sophistication of attempts to bypass customer due diligence checks using false documentation, deepfake videos and face swaps generated by artificial intelligence.

3. Money in exchange for personal details and gambling accounts

Consumers are being targeted by companies who offer money in exchange for personal details to open multiple gambling accounts in the customer’s name. Consumers are directed to upload their documentation which is then used by the third-party to open large numbers of gambling accounts.

4. Third-party business relationships, including white-label partnerships and investments

Operators are failing to conduct sufficient due diligence measures in relation to their third-party business relationships, including white-label partnerships and monies coming into the business in the form of loans or other investments.

5. Open-loop payment processes

The Commission notes that a ‘lack of closed loop’ payment systems is high risk. The Commission is aware of some operators (particularly non-remote betting operators) still operate open-loop payment processes.

6. Licensed software providers’ games available on websites not licensed by the Gambling Commission

Casino games that have been developed by software operators licensed by the Commission can be available on unlicensed websites and accessible to British consumers illegally.

7. Cryptoassets

The Commission cited “an increasing interest in cryptoassets (also known as crypto currencies) within the licensed gambling industry”.

The Commission reiterates the “importance of operators’ responsibilities under Licence Condition 12.1.1 (1), which requires licensees to conduct an assessment of the risks their businesses face from money laundering and terrorist financing upon the introduction of new products or technology or new methods of customer payment”. Operators are also required to submit a Key Event “wherever there are changes in payment methods”.

(It is noted this is not the same as the Commission explicitly objecting to cryptocurrency being used as a payment method).

8. Terminals used to facilitate payments in non-remote casinos

Terminals used to facilitate customer deposits into non-remote casinos are not scrutinised as closely as deposits via other methods.

9. Changing customer demographics in the non-remote casino sector

Some non-remote casinos have experienced changes in the demographics of their customer base, which has not been reflected in their risk assessment or policies, procedures and controls.

10. Adult gaming centre premises converting to licensed bingo premises

Some adult gaming centre (AGC) premise licence holders converting to bingo premises, are not considering all relevant risks cited in the Commission’s risk assessment.

11. Crash games

The Commission notes the increased interest in crash games.

There are concerns that products of this nature can allow criminals to camouflage the high-risk behaviour of cashing out quickly with limited gameplay within the context of the crash game (where these behaviours are inherently more common), and that transactional monitoring controls may not be effective in detecting suspicious activity.

12. Application Registration Cards

Application registration cards (ARCs) are issued by the Home Office to individuals who claim asylum. ARCs contain information about the holder but are not evidence of identity and must not be accepted as a form of identity documentation.

Those presenting ARCs when attempting to open a gambling account, or access gambling premises, may also be at a higher risk of exploitation and mule account activity.

13. Jurisdictions subject to increased monitoring by FATF

In February 2025, FATF updated its list of high-risk jurisdictions (sometimes known as the FATF “black list”) and the list of jurisdictions subject to increased monitoring (sometimes known as the FATF “grey list”). Operators need to review the lists above and ensure they have effective policies, procedures and controls in place to identify customers and relationships with links to high-risk jurisdictions, including those subject to calls for action and subject to enhanced monitoring.

—————-

The emerging risks bulletin can be accessed here.