Consultation response

2023 Consultation on proposed changes related to financial penalties: Consultation Response

This response sets out our position in relation to the consultation on the proposed changes to the Statement of Principles for Determining Financial Penalties.

---

Published
10 July 2025

Last updated
10 July 2025 - Changes

Document actions
Print or save (opens in new tab)

Contents

• 2023 Consultation on proposed changes related to financial penalties: Consultation Response

---

• Executive summary
• Introduction
• Summary of responses and our position
• • Proposal 1: Principles for determining financial penalties
  • Proposal 2: The framework of policies and procedures
  • Proposal 3: The legal framework
  • Proposal 4: The scope of this document
  • Proposal 5: Key considerations
  • Proposal 6: The purpose of imposing a financial penalty
  • Proposal 7: Criteria for the imposition of a financial penalty
  • Proposal 8: Criteria for determining the quantum of a financial penalty
  • Proposal 9: Step 1 - Detriment to consumers and/or financial gain to the licensee
  • Proposal 10: Step 2 (a) - The seriousness of the breach to determine the starting point of the penal element
  • Proposal 11: Step 2 (b) - Determining the starting point of the penal element of the fine
  • Proposal 12: Step 3 - Mitigating and aggravating factors
  • Proposal 13: Step 4 - Adjustment for deterrence
  • Proposal 14: Step 5 - Discount for early resolution
  • Proposal 15: Step 6 - Affordability
  • Proposal 16: Step 7 - Proportionality
  • Proposal 17: Procedural matters, payment plans, time limits and payments in lieu of financial penalties
  • Proposal 18: Indicative sanctions guidance
  • Proposal 19: Impact of the proposals on protected characteristics stated in the Equality Act 2010
• Annex
• • Annex 1 - List of organisations that responded and consented to the publication of their name
  • Annex 2 - Questions asked in the Winter 2023 consultation on proposed changes to the Statement of Principles for Determining Financial Penalties

Proposal 10: Step 2 (a) - The seriousness of the breach to determine the starting point of the penal element

Under the existing process the Gambling Commission considers a number of factors in determining the seriousness of the breach. Some of these factors are considered at the same time and in concert with factors more associated with mitigating or aggravating factors. Therefore, we proposed to separate Step 2 into 2 distinct stages to avoid the risk of double-counting or duplication, as follows:

• Step 2(a): Determining the seriousness of the breach
• Step 2(b): Determining the starting point of the penal element of the fine.

Under Step 2(a) we proposed setting out a non-exhaustive but detailed list of factors which the Commission may have regard to when assessing seriousness, separate and distinct from the factors which may be considered mitigating or aggravating factors (to be considered under Steps 3 and 4). We also proposed categorising the seriousness of the breach using a 5-point scale.

We sought views on:

• the list of factors proposed under paragraph 2.11 that the Commission would consider in order to determine the seriousness of the breach
• whether consideration of those factors to inform the categorisation of the seriousness of the breach should be done using a 5-point scale
• the list of factors and descriptions proposed at paragraph 2.14 to determine the levels of seriousness of the breach.

We also invited general comments.

Consultation questions

Questions 29 to 32, as detailed in Annex 2, related to this document.

Respondents’ views

The responses to questions 29 to 32 were very mixed.

In relation to question 29, most respondents disagreed with the list of factors proposed under paragraph 2.11 on the basis, generally, that there was a lack of clarity in the way that they were drafted. Many respondents provided suggested alternative wording for which the Commission is grateful.

In relation to questions 30 and 31, most respondents who responded either agreed or neither agreed nor disagreed with the proposed 5-point scale for the categorisation of the seriousness of the breach. In respect of those who disagreed, the accompanying comments suggested that the respondents agreed with the principle of a 5-point scale, but their disagreement was largely in relation to the proposed wording of the factors in the table provided at paragraph 2.14 rather than the factors themselves, and with the proposed methodology for determining the level of seriousness of the breach.

Our position

We have considered the comments raised by stakeholders in the consultation responses and have made the following changes to the wording of paragraphs 2.11, 2.12, 2.13 and 2.14 of the amended Statement of Principles for Determining Financial Penalties (SoPfDFP):

At paragraph 2.11 we included the phrase “(this is not an exhaustive list)” to clarify that the list of circumstances for determining seriousness of the breach is not intended to be finite. In respect of the changes made to the list of circumstances at paragraph 2.11, the following changes have been made:

• we have added the words “and potential impact” after “impact” for circumstance “g” of the amended version of the SoPfDFP and removed the reference to the sum calculated at Step 1 in line with the feedback received
• we have added the words “likely to have been” before “affected” and the words “or potential effect” after “effect” for circumstance “h” of the amended version of the SoPfDFP in line with the feedback received
• we have removed circumstance “l” from the list in line with the feedback received.

We have swapped the order of paragraphs 2.12 and 2.13 of the proposed version of the SoPfDFP in the amended version to improve the clarity of this section.

At paragraph 2.12 of the amended version (previously 2.13 of the proposed version) we have amended the wording to improve the clarity of the paragraph in line with the feedback received.

In respect of the table of factors listed under paragraph 2.14, we have made numerous changes to improve the clarity of the wording in line with the feedback received.

Final wording

This requirement will come into force on 10 October 2025.

Paragraphs 2.11 to 2.14 of the amended SoPfDFP

Step 2: The seriousness of the breach to determine the starting point of the penal element

Step 2(a) Determining the seriousness of the breach

2.11.The Commission will first make an assessment to determine the level of seriousness of the breach(es) taking account of all of the circumstances to the case, which may include consideration of (this is not an exhaustive list):

1. the impact on the licensing objectives
2. the nature of the breach
3. the scale of the breach across the licensed entity and/or group
4. the absence of internal controls or procedures intended to prevent the breach
5. the duration or frequency of the breach
6. whether the breach was carried out deliberately or recklessly
7. the impact and potential impact on consumers and the wider public
8. the number of consumers likely to have been affected by the failings
9. whether the breach had an effect or potential effect on vulnerable consumers, whether intentionally or otherwise
10. the level of any potential financial gain, financial gain or intended financial gain from the breach either directly or indirectly
11. whether the breach continued after the licensee became aware of it (and prior to the Commission’s point of knowledge)
12. the extent of any attempt to conceal the failure or breach
13. the involvement of middle and senior management including consideration as to whether they are complicit in the failings or ignorant of them
14. the awareness and involvement of company boards including consideration as to whether they conducted the business with integrity.

2.12. The Commission will exercise its judgment to determine the level of seriousness, taking into account all the circumstances of the case and considering all factors it considers to be relevant.

2.13. Based on the Commission’s assessment of the relevant factors a level of seriousness will be assigned. The level of seriousness ranges from Level 1 (least serious) to Level 5 (most serious). Level 5 is reserved for the most serious cases.

2.14. The table below describes the factors the Commission may consider when assessing the level of seriousness. It is not intended to be a prescriptive list, and it is ultimately a matter of judgment for the Commission to consider by reference to the circumstances of a case. It is not necessary for all factors listed to be present in order to determine a breach at a particular level. In some circumstances a minimal number of factors may be sufficient to determine that a breach falls within a particular category of seriousness.

Levels of seriousness

Levels of seriousness 1 to 5	Factor(s)
Level 1	a low threat to the licensing objectives the breach was small in scale across the licensed entity a low number of consumers suffered detriment or potentially suffered detriment a low amount of actual, potential, or intended financial gain from the breach, either directly or indirectly low impact / potential impact on consumers and/or the general public low impact on vulnerable consumers, whether intentionally or otherwise internal controls or procedures intended were largely effective isolated incident and/or minimal duration.
Level 2	limited threat to the licensing objectives the breach affected a limited number of individuals or systems within the licensed entity middle and senior managers demonstrated a minimal lack of oversight/awareness a limited number of consumers suffered detriment or potentially suffered detriment a limited amount of actual, potential, or intended financial gain from the breach, either directly or indirectly limited impact / potential impact on consumers and/or the general public limited effect on vulnerable consumers, whether intentionally or otherwise weaknesses in internal controls or procedures intended to prevent the breach were limited the duration of the breach was limited.
Level 3	moderate threat to the licensing objectives the breach affected a moderate number of individuals or systems within the licensed entity middle and senior managers demonstrated a moderate lack of oversight/awareness the breach was preventable / elements of recklessness demonstrated moderate number of consumers suffered detriment or potentially suffered detriment moderate amount of actual, potential, or intended financial gain from the breach, either directly or indirectly moderate impact / potential impact on consumers and/or the general public moderate effect on vulnerable consumers, whether intentionally or otherwise weaknesses in internal controls or procedures intended to prevent the breach were moderate company boards demonstrated a lack of awareness but were uninvolved in the breach, and conducted the business with integrity the duration of the breach was moderate.
Level 4	a serious threat to the licensing objectives breach was widespread across the licensed entity middle and senior management demonstrated a lack of oversight/awareness and/or were inexcusably ignorant breach was reckless and/or had an element of deliberate risk serious number of consumers suffered detriment or potentially suffered detriment serious amount of actual, potential, or intended financial gain from the breach, either directly or indirectly attempt to conceal the failure or breach serious impact / potential impact on consumers and/or the general public serious impact on vulnerable consumers, whether intentionally or otherwise serious deficiencies in internal controls or procedures intended to prevent the breach company boards demonstrated significant failings in governance and/or ethical conduct the duration of the breach was serious.
Level 5	a very serious threat to the licensing objectives breach occurred across all aspects of the licensed entity, or impacted the entire entity middle and senior management failed to exercise due diligence and were either actively involved in the misconduct or grossly negligent in their oversight responsibilities breach exhibited characteristics of deliberate intent very serious number of consumers suffered detriment or potentially suffered detriment very serious amount of actual, potential, or intended financial gain from the breach, either directly or indirectly a deliberate and wide-ranging attempt to conceal the failure or breach very serious impact / potential impact on consumers/and or the general public very serious impact on vulnerable consumers, whether intentionally or otherwise substantial weaknesses in internal controls or procedures designed to prevent the breach the company boards demonstrated significant failings in governance and ethical conduct, with potential evidence of complicity or wilful blindness the company boards demonstrated significant failings in governance and ethical conduct, with potential evidence of complicity or wilful blindness.

Previous section
Proposal 9: Step 1 - Detriment to consumers and/or financial gain to the licensee Next section
Proposal 11: Step 2 (b) - Determining the starting point of the penal element of the fine

---

Last updated: 10 July 2025

Show updates to this content

No changes to show.