The Gambling Commission website uses cookies to make the site work better for you. Some of these cookies are essential to how the site functions and others are optional. Optional cookies help us remember your settings, measure your use of the site and personalise how we communicate with you. Any data collected is anonymised and we do not set optional cookies unless you consent.

Set cookie preferences

You've accepted all cookies. You can change your cookie settings at any time.

Skip to main content


The prevention of money laundering and combating the financing of terrorism

Guidance for remote and non-remote casinos: fifth edition

16 - Reliance

A casino operator may rely on certain third parties to apply the required CDD measures, however, the operator remains liable for any failure to apply such measures. 125

The third parties which may be relied on are:

  • other persons who are subject to the requirements of the Regulations (financial institutions, credit institutions, auditors, insolvency practitioners, external accountants, tax advisers, independent legal professionals, trust or company service providers, estate agents, high value dealers, and other casinos)
  • persons who carry on business in a third country who are subject to requirements in relation to CDD and record keeping which are equivalent to those in the Directive, and are supervised for compliance with those requirements. 126

A casino operator may not rely on a third party established in a country which has been identified by the European Commission as a high risk third country. 127

When a casino operator relies on a third party to apply CDD measures

It must:

  • immediately obtain from the third party all the information needed to satisfy the requirements for the identification and verification of the customer, any beneficial owner and any person acting on behalf of the customer
  • have an arrangement with the third party that enables the operator to obtain from the third party immediately on request copies of any identification and verification data and other relevant documentation on the identity of the customer, beneficial owner or any person acting on behalf of the customer
  • require the third party to retain copies of such data and documents for a period of five years beginning on the date that the business relationship with the customer ended. 128

A casino operator will be treated as having complied with the requirements listed previously:

  • if the operator is relying on information provided by a third party which is a member of the same group as the operator (for example, in the case of group companies with overseas casinos)
  • if that group applies CDD measures, rules on record keeping and programmes against money laundering and terrorist financing in accordance with the Regulations, the Directive or rules having equivalent effect
  • the effective implementation of these requirements is supervised at group level by an authority of an EEA state with responsibility for implementation of the Directive or by an equivalent authority of a third country. 129

A casino operator is permitted to apply CDD measures by means of an agent or an outsourcing service provider, provided that the arrangements between the operator and the agent or service provider make clear that the operator remains liable for any failure to apply the CDD measures. 130

In this context, an outsourcing service provider is a person who performs a process, service or activity on behalf of the casino operator and is not an employee of the operator. 131

We recommend also refering to our information on the purpose of this guidance which highlights the need for operators to consider the risks posed by third parties they contract with.


125 Regulation 39(1).
126 Regulation 39(3).
127 Regulation 39(4).Note that, as a consequence of the UK’s withdrawal from the EU and under Schedule 8 of the European Union (Withdrawal) Act 2018, any changes to the EU’s list of high-risk third countries ceased to have effect in the UK on exit day. This, in effect, means that the EU’s list became frozen in time and a new autonomous list now applies in the UK which currently mirrors the EU list as it existed at the end of the Transition Period.
128 Regulation 39(2).
129 Regulation 39(6).
130 Regulation 39(7).
131 Regulation 39(8).

Previous section
Simplified customer due diligence
Next section
Requirements to cease transactions or terminate relationship
Is this page useful?
Back to top