With the Gambling Commission’s latest bulletin on emerging money laundering and terrorist financing risks now published, operators are reminded of their obligation under Licence Condition 12.1.1 to ensure that their risk assessments are kept up to date and the related policies and procedures to mitigate any of the risks captured in the risk assessments “remain appropriate and effective”.

The bulletin highlights new high-risk areas, particularly the use of pre-paid payment methods. This includes cards, vouchers, and any crypto-funded options. These methods pose significant risks due to their anonymity, lack of traceability, and potential for misuse of pre-paid payment methods as mechanisms to circumvent regulation (for instance, by permitting pre-paid cards to be funded using credit cards, which circumvents the ban on use of credit cards for gambling under Licence Condition 6.1.2(1)).

The Commission expects:

• AML risk assessments and the relevant policies and procedures to reflect that operators have considered the risks posed by the availability of pre-paid payment methods. Operators need to ensure that their risk assessments and AML policies and procedures are reviewed and that they demonstrate this risk was identified, evaluated and mitigated with respect to their business model.

• Operators to treat pre-paid payment methods as high risk. This is not surprising, since the Commission have addressed this in past bulletins and the Commission’s own risk assessment.

• Operators to conduct an appropriate level of due diligence and therefore, it follows that enhanced due diligence should be conducted on customers who use any pre-paid payment methods as they present higher risks. This means that an operator should conduct more rigorous ‘know your customer’ (KYC) checks to understand the source of funds that flow into its business via pre-paid methods.

An operator’s risk assessment and AML policies and procedures are one of the key areas of focus for the Commission during compliance assessments, and the Commission’s expectation is that operators AML risk assessment, policies procedures and controls “take into account any applicable learning or guidelines published by the Gambling Commission from time to time.”[1] During compliance assessments, the Commission would want operators to demonstrate that any risks it highlights in its guidance, publications or risk assessment was considered within the operator’s AML risk assessment framework, even if the impact of this risk for a particular operator’s business is low (for example, because pre-paid payment methods are not accepted).

The Commission may criticise a licensee’s AML processes during compliance assessments if its prompt to review and update risk assessments in light of emerging risks is ignored. Our team are happy to assist with such a review and provide insights on where operators may have vulnerabilities in their AML framework.

[1] Licence Condition 12.1.1 paragraph 3.