Cookies on the Gambling Commission website

The Gambling Commission website uses cookies to make the site work better for you. Some of these cookies are essential to how the site functions and others are optional. Optional cookies help us remember your settings, measure your use of the site and personalise how we communicate with you. Any data collected is anonymised and we do not set optional cookies unless you consent.

Set cookie preferences

You've accepted all cookies. You can change your cookie settings at any time.

Skip to main content


The prevention of money laundering and combating the financing of terrorism

Gambling Commission guidance for remote and non-remote casinos: Fifth edition (Revision 3).

  1. Contents
  2. Part 2 - Risk-based approach
  3. 2 - Identifying and assessing the risks

2 - Identifying and assessing the risks

The Regulations require casino operators to take appropriate steps, taking into account the size and nature of its business, to identify and assess the risks of money laundering, terrorist financing and proliferation financing to which its business is subject, taking into account the following:

  • information on the risks of money laundering and terrorist financing made available to them by the Commission and, in the case of proliferation financing, information in the report by Treasury referred to in Regulation 16A (the proliferation financing risk assessment)30
  • risk factors.

Risk factors include factors relating to:

  • its customers
  • the countries or geographic areas in which it operates
  • its products or services
  • its transactions
  • its delivery channels31

Casino operators must:

  • keep an up-to-date record in writing of all the steps taken to identify and assess the risks of money laundering, terrorist financing and proliferation financing to which its business is subject
  • provide the written record, the risk assessment it has prepared and the information on which it was based to the Commission on request.32

Assessing risk

The casino operator should assess its risks in the context of how it is most likely to be involved in money laundering, criminal spend, terrorist financing or proliferation financing.

Assessment of risk is based on a number of questions, including:

  • what risk is posed by the business profile and customers using the casino?
  • what risk is posed to the casino operator by transactions with business associates and suppliers, including their beneficial ownership and source of funds?
  • is the business high volume consisting of many low spending customers?
  • is the business low volume with high spending customers, perhaps who use and operate within their cheque cashing facilities?
  • is the business a mixed portfolio? Are customers a mix of high spenders and lower spenders and/or a mix of regular and occasional customers?
  • are procedures in place to monitor customer transactions across outlets, products and platforms and to mitigate any money laundering potential?
  • is the business local with regular and generally well-known customers?
  • are there a large proportion of overseas customers using foreign currency or overseas based bank cheque or debit cards?
  • are customers likely to be individuals who hold public positions (PEPs)?
  • are customers likely to be engaged in a business which involves significant amounts of cash?
  • are there likely to be situations where the source of funds cannot be easily established or explained by the customer?
  • are there likely to be situations where the customer’s purchase or exchange of chips is irrational or not linked with gaming?
  • is the majority of business conducted in the context of business relationships?
  • is there a local clustering of gambling outlets which makes it easier for a person to launder criminal proceeds over multiple venues and products?
  • does the customer have multiple or continually changing sources of funds (for example, multiple bank accounts and cash, particularly where this is in different currencies or uncommon bank notes)?
  • does the customer have multiple or changing addresses?
  • has the customer ever presented a fraudulent identity document or failed to provide an identity document repeatedly on request?
  • does the customer’s behaviour follow a pattern or is it constantly changing, or did it change suddenly recently?
  • for remote gaming, does the customer use shared internet protocol addresses, dormant accounts or virtual private network (VPN) connections? Among other things, this could indicate that a group of people are using the same device or location to gamble for the purposes of committing fraud.

Operators should also give due consideration to the money laundering risks posed by their business-to-business relationships, including any third parties they contract with. The assessment of these risks is based, among other things, on the risks posed to the operator by transactions and arrangements with business associates and third-party suppliers such as payment providers and processors, including their beneficial ownership and source of funds. Effective management of third-party relationships should assure operators that the relationship is a legitimate one, and that they can evidence why their confidence is justified.33


30Regulation 18A
31Regulation 18(1), (2) and (3), and 18A
32Regulation 18(4) and (6).
33The World Economic Forum's good practice guidelines on conducting third party due diligence.

Previous section
Next section
Risk assessments
Is this page useful?
Back to top