Cookies on the Gambling Commission website

The Gambling Commission website uses cookies to make the site work better for you. Some of these cookies are essential to how the site functions and others are optional. Optional cookies help us remember your settings, measure your use of the site and personalise how we communicate with you. Any data collected is anonymised and we do not set optional cookies unless you consent.

Set cookie preferences

You've accepted all cookies. You can change your cookie settings at any time.

Skip to main content


The prevention of money laundering and combating the financing of terrorism

Gambling Commission guidance for remote and non-remote casinos: Fifth edition (Revision 3).

16 - Reliance

A casino operator may rely on certain third parties to apply the required CDD measures, however, the operator remains liable for any failure to apply such measures.130

The third parties which may be relied on are:

  • other persons who are subject to the requirements of the Regulations (financial institutions, credit institutions, auditors, insolvency practitioners, external accountants, tax advisers, independent legal professionals, trust or company service providers, estate agents, high value dealers, and other casinos)
  • persons who carry on business in a third country who are subject to requirements in relation to CDD and record keeping which are equivalent to those in the Directive, and are supervised for compliance with those requirements.131

A casino operator may not rely on a third party established in a high risk third country.132

When a casino operator relies on a third party to apply CDD measures

It must:

  • immediately obtain from the third party all the information needed to satisfy the requirements for the identification and verification of the customer, any beneficial owner and any person acting on behalf of the customer
  • have an arrangement with the third party that enables the operator to obtain from the third party immediately on request copies of any identification and verification data and other relevant documentation on the identity of the customer, beneficial owner or any person acting on behalf of the customer
  • require the third party to retain copies of such data and documents for a period of five years beginning on the date that the business relationship with the customer ended.133

A casino operator will be treated as having complied with the requirements listed previously:

  • if the operator is relying on information provided by a third party which is a member of the same group as the operator (for example, in the case of group companies with overseas casinos)
  • if that group applies CDD measures, rules on record keeping and programmes against money laundering and terrorist financing in accordance with the Regulations, the Directive or rules having equivalent effect
  • the effective implementation of these requirements is supervised at group level by an authority of an EEA state with responsibility for implementation of the Directive or by an equivalent authority of a third country.134

A casino operator is permitted to apply CDD measures by means of an agent or an outsourcing service provider, provided that the arrangements between the operator and the agent or service provider make clear that the operator remains liable for any failure to apply the CDD measures.135

In this context, an outsourcing service provider is a person who performs a process, service or activity on behalf of the casino operator and is not an employee of the operator.136

We recommend also referring to our information on the purpose of this guidance which highlights the need for operators to consider the risks posed by third parties they contract with.


130 Regulation 39(1).
131 Regulation 39(3).
132 Regulation 39(4) and 33(3).
133 Regulation 39(2).
134 Regulation 39(6).
135 Regulation 39(7).
136 Regulation 39(8).

Previous section
Simplified customer due diligence
Next section
Requirements to cease transactions or terminate relationship
Is this page useful?
Back to top