If you have a question about your gambling, or the gambling of someone close to you, our FAQs from gambling consumers during lockdown may provide valuable information.
Try the new Gambling Commission website we're working on, and give us feedback.
Skip to main content

Compliance health check

Use this handy checklist to make an assessment of your own business. 

Anti-money laundering (AML)


Have you allocated sufficient resources to AML compliance?


Have you conducted an anti-money laundering (AML)/ counter-terrorism financing (CTF) risk assessment which takes into consideration the Treasury’s national risk assessment and the Commission’s risk assessment for your gambling sector?


Do your policies and procedures mitigate the risks identified within your risk assessment?


Do you have effective, clearly set out, and up to date AML policies and procedures?


Have you ensured your policies and procedures have been informed by our AML guidance? (Don’t assume that because you are complying with another regulator’s guidance you are automatically in compliance with the Commission’s requirements)


Have you ensured staff have, and continue to receive, training on AML laws and regulations and know how to recognise and deal with transactions, activities or situations related to money laundering or terrorist financing?


Are you supporting your nominated officers with appropriate resources and do they have the authority to operate objectively and independently?


Are your systems and controls appropriate for your specific business?


Do you regularly audit the adequacy of your systems and controls and staff compliance with policies and procedures?


Do you know your customer (KYC)? Are you gaining a complete picture of the customer’s source of funds, particularly in relation to VIP customers? Are you critically assessing the source of funds information received from customers?


Are you acting on information that you receive about customer’s source of funds and do you end business relationships with customers where information on the source of funds is not sufficient?


Are you making records of customer interactions and transactions where necessary?


Is your approach governed by risk? Once an alert has been raised, do you have in place procedures to ensure the case is quickly reviewed? Will decisions be appropriately recorded?


Are you confident commercial considerations do not outweigh your adherence to the terms of your licence?


Is money laundering and terrorist financing risk being ‘owned’ at an appropriately senior level within your organisation?


Do you use your AML information to inform your responsible gambling program? 



Customer interaction and identifying problem gamblers


Do you have policies and procedures in place to identify customers who may be experiencing or are at risk of developing problems with their gambling?


Have you allocated sufficient resources to be able to interact with customers early and effectively when you have concerns?


Are you curious about your customers? Do you monitor customer activity? Do you record interactions? Do you track customers across your different platforms and do enough to spot multiple customer accounts?


Do you have systems in place to identify potential problem gamblers (these should not be just financial)?


How do you protect new customers (where a pattern of play cannot yet be established)?


Do your systems include appropriate trigger points for changes in a customer’s gambling patterns?


Do your systems generate problem gambling red flag, trigger and gambling pattern management information reports?


Will your processes keep pace with increased demand?


Will your growth, or any merger, affect your ability to monitor customers?


How are you evaluating your measures and procedures to ensure they are effective and how do you plan to make improvements?


Are your staff sufficiently trained to spot problem gamblers and know how to report concerns? Are there clear procedures once a concern has been raised?


Where concerns arise, are you able to intervene early and engage with a customer?


Do your customer interaction policies and procedures also cover VIP customers? Are you alert to the particular risk these customers bring? Are you ensuring commercial considerations are not overriding customer protections?


Do your interactions work? Are you analysing the success of the interactions?


Have you considered what a good interaction looks like? (A standard, one size fits all approach to interactions is not sufficient)


Do you ensure that the problem gambling interaction is purely about problem gambling and is not aimed at making money?


Do you proactively interact with customers and ensure that customer responses are adequately reassuring?


Do you ensure that VIP and responsible gambling programs interact to protect customers identified as at risk?





Are you allocating sufficient resources to ensure your self-exclusion polices are compliant?


Are your systems robust?


Are you considering how many details a self-excluded customer would need to change in order to open a duplicate account?


Can your systems pick up on simple detail changes made by a customer when trying to register multiple accounts?


Do you perform all-inclusive reviews of your customer base and make use of all information available to you, including complaints, to protect self-excluded customers?


If a customer self-excludes from one of your websites, brands or products, are you satisfied this self-exclusion will be applied across all of these (unless the customer requests for a limited self-exclusion)?


Are details of self-excluded customers quickly removed from your marketing databases?


 Are your data sets ring-fenced to prevent access to self-excluded customers’ details for marketing purposes?


Does this also include marketing affiliates, for which you have responsibility?


How responsive are you when things go wrong to enable prompt investigation and provide an appropriate remedy?



Licensing regime and consumer law


Are you confident that your business is not involved in any unfair practices which contravene consumer protection legislation?


Are you confident that your contract terms for your customers are fair?


Have you read the guidance on consumer law (Unfair contract terms: CMA37 and Consumer Protection from Unfair Trading Regulations – traders: OFT1008) and the material relevant to gambling sector published by the CMA (Do’s and don’ts for online gambling companies and Further information for online gambling companies which relate to the specific compliance issues they have addressed in their investigation)? Have you taken any legal advice on this?


Have you reviewed your terms and conditions to ensure they are in line with consumer protection law?


Have you checked that your marketing of offers is compliant with consumer protection law?


Have you checked that there is no key information presented or omitted from the marketing offers which may alter a customer’s decision?


Have you reviewed all of your commercial practices involving customer engagement, before, during and after a contract is formed with a consumer to ensure compliance with consumer protection law?


Are you allocating sufficient resources to the creation of fair contractual terms and to assess how you treat your customers? Do you have sufficient in-house knowledge to ensure compliance in this area?


Have you embedded changes to ensure compliance with consumer protection law in internal policies, guidance and training materials for employees? For example, are those handling complaints sufficiently trained on consumer protection issues?


Are you satisfied that you are acting in accordance with your terms?


Do you ensure that an accurate summary of contractual terms on which gambling is offered is available to customers and is set out in plain English?



Marketing and advertising


Do your marketing and advertising materials comply with the BCAP and CAP codes, and the licence conditions and codes or practice? If in doubt, have you made use of CAP’s copy advice team?


Are your advertisements clear and fair? Does your marketing communications include significant limitations and qualifications consumers should be aware of?


Are you confident you have control over your marketing materials once you have engaged marketing affiliates? Have you ensured your contractual terms with affiliates are robust? Are you conducting regular audits of your affiliates’ activity against your compliance policy?


Are you allocating sufficient resources to ensuring your marketing and advertising is compliant?


Is responsibility for marketing and advertising being owned at an appropriate level within your organisation?