Cookies on the Gambling Commission website

The Gambling Commission website uses cookies to make the site work better for you. Some of these cookies are essential to how the site functions and others are optional. Optional cookies help us remember your settings, measure your use of the site and personalise how we communicate with you. Any data collected is anonymised and we do not set optional cookies unless you consent.

Set cookie preferences

You've accepted all cookies. You can change your cookie settings at any time.

Skip to main content
  1. Home
  2. Licensees and businesses

Emerging money laundering and terrorist financing risks from February 2024

Multiple cards and innovative payment methods

There are an increasing number of instances of multiple stolen debit cards being used to fund online gambling activities. This, along with virtual debit card products that allow multiple virtual debit cards to be linked to one bank account, pose a significant money laundering and terrorist financing risk. Some ‘red flag’ indicators that operators should be mindful of include (but are not limited to) instances where:

  • the operator is unable to match the customer’s personal details with the card details
  • the operator does not have the ability to verify the card holder’s identity information, and
  • there are multiple bank accounts being used to fund a customer’s gambling activity.

Licensees are required to have robust customer due diligence and onboarding checks in place. This includes (see Licence Condition 12 of the LCCP ) reviewing their money laundering and terrorist financing risk assessment as necessary in the light of any changes of circumstances, including the introduction of new products or technology or new methods of payment by customers. Licensees are also required to consider whether checks on ID documents are sufficient to identify false, stolen or ‘mule’ (third party) IDs. Licence Condition 17.1.1.(1) and (4) of the states that:

‘Licensees must obtain and verify information in order to establish the identity of a customer before that customer is permitted to gamble. Information must include, but is not restricted to, the customer’s name, address and date of birth.'

‘Licensees must must take reasonable steps to ensure that the information they hold on a customer’s identity remains accurate.’

Risks associated with access to third party funds

Some functions, roles or responsibilities may give individuals access to third party funds (either funds belonging to other people or to businesses). These may include access to:

  • the funds of vulnerable people
  • customer funds, in the case of, for example, banking, accounting or finance
  • company funds, and
  • charitable funds.

Those customers who have access to third party funds should be considered to present higher inherent risk.

This should be considered when risk profiling customers at the start of the customer relationship, i.e. when a customer first opens a gambling account, and before any deposits are made. However, in order to sufficiently identify these risks, customer monitoring should be an ongoing process.

Updated FATF ‘grey list’

The Democratic Republic of the Congo, Mozambique and Tanzania have been added to the list of jurisdictions that are under an increased level of monitoring by the Financial Action Task Force (FATF). Such jurisdictions are placed on the FATF’s ‘grey list' due to strategic deficiencies in their regimes to counter money laundering, terrorist financing and proliferation financing. The current list of jurisdictions is as follows (as of October 2023): Jurisdictions under Increased Monitoring - 27 October 2023 (opens in new tab)

  • Barbados
  • Bulgaria
  • Burkina Faso
  • Cameroon
  • Croatia
  • Democratic Republic of Congo
  • Gibraltar
  • Haiti
  • Jamaica
  • Mali
  • Mozambique
  • Nigeria
  • Philippines
  • Senegal
  • South Africa
  • South Sudan
  • Syria
  • Tanzania
  • Turkey
  • Uganda
  • United Arab Emirates
  • Vietnam
  • Yemen

Operators are reminded to conduct robust customer due diligence checks in relation to any customer relationships which are associated with the above jurisdictions in order to mitigate the risk of money laundering and terrorist financing, including proliferation financing.

Funds originating from crypto-assets

The Commission is aware of cases of operators not sufficiently considering the risks associated with customer funds where the funds have originated from crypto-assets.

Operators are reminded that crypto-assets are considered high risk by the Commission and licensees are expected to appropriately scrutinise transactions throughout the course of customer and business relationships.

Common operator failings

Ineffective source of fund (SOF) checks and enhanced customer due diligence (ECDD) or ‘know your customer’ (KYC) triggers – there continues to be numerous instances of customers being able to deposit large amounts of money due to insufficient measures and checks in place (such as a SOF checks). Ineffective ECDD or KYC triggers are allowing customers to deposit large sums of money before the first AML review is undertaken against a customer.

Failure to critically review SOF documents – operators have been identified as failing to critically review SOF documentation and relying on electronic checks (including relying solely on open-source information such as Companies House information for example to verify SOF information). Other issues include operators failing to provide sufficient guidance to staff on how to review and verify SOF information and what supporting documents should be requested in this regard.

In order to mitigate the risks in this area, the Commission recommends:

a) Operators setting realistic and effective monetary and non-monetary thresholds/triggers for determining when customer interaction should take place.

b) Carrying out such interactions earlier on in the customer relationship.

c) Ongoing customer monitoring (including monitoring all transactions or activity). The monitoring of customer activity should be carried out using a risk-based approach. Higher risk customers should be subjected to a frequency and depth of scrutiny greater than may be appropriate for lower risk customers.

d) Considering geographical, customer, transactional and product risk in all customer relationships.

See the Commission’s the Prevention of money laundering and combating the financing of terrorism and the Duties and responsibilities under the Proceeds of Crime Act 2002 publication for further information on the above.

It is important to note that the above recommendations are not an exhaustive list of actions that should be undertaken, and operators are reminded that a risk-based approach is required in order to mitigate the risk of money laundering and terrorist financing.

Previous page
Emerging money laundering and terrorist financing risks Next page
Emerging money laundering and terrorist financing risks from June 2022

Last updated: 9 February 2024

Show updates to this content

No changes to show.

Is this page useful?
Back to top