With this document you can:

This box is not visible in the printed version.

Emerging money laundering and terrorist financing risks

As part of your Anti-Money Laundering commitments, you will need to make sure that you are aware of any emerging risks.

Published: 28 June 2021

Last updated: 12 February 2024

This version was printed or saved on: 23 May 2024

Online version: https://www.gamblingcommission.gov.uk/licensees-and-businesses/guide/emerging-anti-money-laundering-risks

Overview: As part of your commitment to ensuring compliance with anti-money laundering and counter-terrorist financing legislation, you will need to ensure that you keep up to date with any emerging risks that the Commission publishes (as required under Licence Condition 12.1.1(3) of the Licence Conditions and Codes of Practice LCCP).

Emerging money laundering and terrorist financing risks from February 2024

Multiple cards and innovative payment methods

There are an increasing number of instances of multiple stolen debit cards being used to fund online gambling activities. This, along with virtual debit card products that allow multiple virtual debit cards to be linked to one bank account, pose a significant money laundering and terrorist financing risk. Some ‘red flag’ indicators that operators should be mindful of include (but are not limited to) instances where:

Licensees are required to have robust customer due diligence and onboarding checks in place. This includes (see Licence Condition 12 of the LCCP ) reviewing their money laundering and terrorist financing risk assessment as necessary in the light of any changes of circumstances, including the introduction of new products or technology or new methods of payment by customers. Licensees are also required to consider whether checks on ID documents are sufficient to identify false, stolen or ‘mule’ (third party) IDs. Licence Condition 17.1.1.(1) and (4) of the states that:

‘Licensees must obtain and verify information in order to establish the identity of a customer before that customer is permitted to gamble. Information must include, but is not restricted to, the customer’s name, address and date of birth.'

‘Licensees must must take reasonable steps to ensure that the information they hold on a customer’s identity remains accurate.’

Risks associated with access to third party funds

Some functions, roles or responsibilities may give individuals access to third party funds (either funds belonging to other people or to businesses). These may include access to:

Those customers who have access to third party funds should be considered to present higher inherent risk.

This should be considered when risk profiling customers at the start of the customer relationship, i.e. when a customer first opens a gambling account, and before any deposits are made. However, in order to sufficiently identify these risks, customer monitoring should be an ongoing process.

Updated FATF ‘grey list’

The Democratic Republic of the Congo, Mozambique and Tanzania have been added to the list of jurisdictions that are under an increased level of monitoring by the Financial Action Task Force (FATF). Such jurisdictions are placed on the FATF’s ‘grey list' due to strategic deficiencies in their regimes to counter money laundering, terrorist financing and proliferation financing. The current list of jurisdictions is as follows (as of October 2023): Jurisdictions under Increased Monitoring - 27 October 2023 (opens in new tab)

Operators are reminded to conduct robust customer due diligence checks in relation to any customer relationships which are associated with the above jurisdictions in order to mitigate the risk of money laundering and terrorist financing, including proliferation financing.

Funds originating from crypto-assets

The Commission is aware of cases of operators not sufficiently considering the risks associated with customer funds where the funds have originated from crypto-assets.

Operators are reminded that crypto-assets are considered high risk by the Commission and licensees are expected to appropriately scrutinise transactions throughout the course of customer and business relationships.

Common operator failings

Ineffective source of fund (SOF) checks and enhanced customer due diligence (ECDD) or ‘know your customer’ (KYC) triggers – there continues to be numerous instances of customers being able to deposit large amounts of money due to insufficient measures and checks in place (such as a SOF checks). Ineffective ECDD or KYC triggers are allowing customers to deposit large sums of money before the first AML review is undertaken against a customer.

Failure to critically review SOF documents – operators have been identified as failing to critically review SOF documentation and relying on electronic checks (including relying solely on open-source information such as Companies House information for example to verify SOF information). Other issues include operators failing to provide sufficient guidance to staff on how to review and verify SOF information and what supporting documents should be requested in this regard.

In order to mitigate the risks in this area, the Commission recommends:

a) Operators setting realistic and effective monetary and non-monetary thresholds/triggers for determining when customer interaction should take place.

b) Carrying out such interactions earlier on in the customer relationship.

c) Ongoing customer monitoring (including monitoring all transactions or activity). The monitoring of customer activity should be carried out using a risk-based approach. Higher risk customers should be subjected to a frequency and depth of scrutiny greater than may be appropriate for lower risk customers.

d) Considering geographical, customer, transactional and product risk in all customer relationships.

See the Commission’s the Prevention of money laundering and combating the financing of terrorism and the Duties and responsibilities under the Proceeds of Crime Act 2002 publication for further information on the above.

It is important to note that the above recommendations are not an exhaustive list of actions that should be undertaken, and operators are reminded that a risk-based approach is required in order to mitigate the risk of money laundering and terrorist financing.

Emerging money laundering and terrorist financing risks from June 2022

24 June 2022

Our latest emerging risks update looks at the money laundering risks associated with operators failing to comply with data protection requests, under the Data Protection Act 2018 (DPA) (opens in new tab), from law enforcement, the addition of Gibraltar to the Financial Action Task Force’s (FATF) ‘grey list’ and common operator failings, including other general risk areas.

Failure to comply with DPA requests

The Commission has come across instances of operators failing to comply with DPA requests from law enforcement. This includes instances where customer accounts have been closed by operators following a DPA request from the police.

Operators are reminded that such actions can significantly hinder any police investigations and can lead to a potential breach of sections 342 and 333A of the Proceeds of Crime Act 2002 (opens in new tab) under the offences of ‘prejudicing an investigation’ and ‘tipping off’.

Such a breach is a criminal offence with a maximum imprisonment term of 5 years for the ‘prejudicing an investigation’ offence and a maximum imprisonment term of 2 years for the ‘tipping off’ offence.

Operators must carefully consider their actions upon receipt of a DPA request from law enforcement, consider the consequences of their actions and liaise with the law enforcement agency.

Further information can be found in Paragraphs 8.87 to 8.89 of the Gambling Commission’s prevention of money laundering and combating the financing of terrorism guidance.

Updated FATF ‘grey list’

Gibraltar has been added to the list of jurisdictions that are under an increased level of monitoring by the Financial Action Task Force (FATF). Such jurisdictions are placed on the FATF’s ‘grey list' due to strategic deficiencies in their regimes to counter money laundering, terrorist financing and proliferation financing. The current list of jurisdictions is as follows:

Malta has been removed from the FATF's 'grey list'.

Operators are reminded to conduct robust due diligence checks in any business and customer relationships which are associated to the above jurisdictions in order to mitigate the risk of money laundering and terrorist financing, including proliferation financing.

Common operator failings

Ongoing regulatory action against operators has shown the following failings, which carry significant money laundering risks. These include failures to:

Further information on regulatory action the Commission has undertaken can be found on our public statements page.

General risks

The Commission is also reminding operators of ongoing, significant risks that they should be vigilant against. This includes risks associated with money services businesses, the acceptance of e-wallet payments from customers and the risk of ‘mule accounts’.

For further information on these risk areas and how to mitigate the chance of such risks from occurring, please refer to our money laundering and terrorist financing risks assessment of the gambling industry.

Emerging money laundering and terrorist financing risks from February 2022

10 February 2022

Our latest emerging risks update covers the risks associated with having inadequate money laundering and terrorist financing risk assessments in place (including policies, procedures and controls), insufficient due diligence checks on third party providers and or business relationships, along with the use of Scottish notes and pre-paid cards by customers.

Improvements needed in gambling operators’ money laundering and terrorist financing risk assessments (including policies, procedures and controls)

The Gambling Commission expects to see significant improvements by licensees around their money laundering and terrorist financing controls.

Licensees should:

There are too many instances being identified where licensees are failing to meet the requirements of the The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (opens in new tab)1 and the LCCP. We would urge all licensees to review their current controls to ensure that they are fully compliant with Licence condition 12.1.1.

To assist licensees, we have published the Raising Standards for consumers - Compliance and Enforcement Report 2020 to 2021. The Report highlights failings we have identified and includes some examples of good practice to consider.

We will take regulatory action (which can include suspension and revocation of licences) where we identify significant failings by licensees. Further information about the action we have taken can be found on the Commission’s regulatory actions page.

1 applicable to casinos only

Due diligence checks on third party business relationships and business investors

The Commission has become aware of instances of gambling operators failing to conduct sufficient due diligence measures in their third-party business relationships (including where licensees have received third party investment or entered into white label partnerships).

White label partnerships have been noted as high risk specifically for anti-money laundering failures in the Commission’s current money laundering and terrorist financing risk assessment of Britain's gambling industry.

Gambling operators are required to take account of such publications under Licence Condition 12.1.1(3) of the LCCP. Further information on white label partnerships can be found in the Commission’s publication 'Reminder to licensees regarding white label gambling websites’.

The Commission’s guidance for both casino and other gambling operators notes the following:

‘Operators should also give due consideration to the money laundering risks posed by their business-to-business relationships, including any third parties they contract with. The assessment of these risks are based, among other things, on the risks posed to the operator by the jurisdictional location of their third-party and any relevant domestic anti-money laundering legislation they must comply with, transactions and arrangements with business associates and third-party suppliers such as payment providers and processors, including their beneficial ownership and source of funds. Effective management of third-party relationships should assure operators that the relationship is a legitimate one, and that they can evidence why their confidence is justified’.

In one case study a gambling operator failed to conduct sufficient checks on the source of funds from an investment that had originated from cryptoassets (which was then converted to Sterling when it was invested into the gambling business). This case study highlights failings with the licensed business, including: failure to establish the source of funds for the originating cryptoassets; transactional risks of asset exchange and jurisdictional risks due to the sources of funds originating from a high risk jurisdiction.

There have been repeated examples of gambling operators failing to consider jurisdictional risk in relation to these business relationships. The Commission’s guidance for both casino and other gambling operators highlights the importance of considering jurisdictional risk. These risks are heightened where gambling operators are conducting business or customer relationships with sanctioned jurisdictions as this is a breach of the Sanctions and Anti-Money Laundering Act 2018 (SAMLA) (opens in new tab) (for example) and international law. Further information can be found on the GOV.UK (opens in new tab) website.

Please see the April and July 2020 e-bulletins for more information on the risks associated with cryptoasset payments and the importance of operators conducting robust due diligence measures in their third-party business relationships.

By failing to consider the risks associated with such relationships, operators run the risk of breaching the following:

Scottish notes and pre-paid cards

The significant, potential money laundering risks associated with the use of Scottish notes and pre-paid cards have been highlighted separately in the Commission’s current money laundering and terrorist financing risk assessment of Britain's gambling industry. However, there is now also an increased risk of Scottish notes being used to top up pre-paid cards.

Operators should remain curious as to the source of customer funds and conduct ongoing customer monitoring to ensure that customer spending levels align with your knowledge of their affordability to gamble. The Commission’s Raising Standards for consumers - Compliance and Enforcement report 2019 to 2020 shows the ‘good practice’ techniques gambling operators should be conducting in order to ensure compliance with their legal responsibilities.

Emerging money laundering and terrorist financing risks from May 2021

28 May 2021

Our latest emerging risks bulletin looks at innovations in cryptoassets, the quality of suspicious activity report (SAR) submissions, insufficient due diligence checks, the threat of organised crime and the latest podcast from the UK’s Financial Intelligence Unit.

Innovations in the cryptoasset market

The Commission is reiterating the importance of operators’ responsibilities under Licence Condition 12.1.1 (1) of The LCCP which requires licensees to conduct an assessment of the risks their businesses face from money laundering and terrorist financing upon the introduction of new products or technology or new methods of customer payment.

The cryptoasset market is constantly evolving due to increasing popularity and product innovations e.g., ‘non-fungible tokens’. Licence Condition 12.1.1.(3) requires operators to take account of any applicable learning or guidelines published by the Commission on this subject. Cryptoasset payments have been rated high risk in our current publication of the money laundering and terrorist financing risks within Great Britain’s gambling industry (2020 version). Operators are also required to submit a Key Event to the Commission under Licence Condition 15.2.1(8) wherever there are changes in payment methods.

The UK's Crown Prosecution Service (CPS) (opens in new tab) expects to see an increase in the number of Bitcoin and cryptoasset related scams in the coming years and the Commission encourages operators to remain vigilant to such changes and update their money laundering and terrorist financing risk assessments accordingly.

Also, to assist with implementing a risk-based approach, the Financial Action Task Force (FATF), the inter-governmental watchdog that establishes standards for anti-money laundering and know-your-customer requirements, has published both new standards for implementation of a risk-based approach (opens in new tab) and new draft guidance (PDF) (opens in new tab) for decentralised platforms. Operators must familiarise themselves with FATF’s guidance to help combat money laundering and terrorist financing and implement such learning into their business.

Quality of suspicious activity report (SAR) submissions

The National Crime Agency (NCA) has published guidance (opens in new tab) providing information on submitting quality SARs. The guidance acts as a useful checklist for what information should be included in a SAR to ensure the maximum impact from the information provided. During the COVID-19 pandemic, the NCA has seen an increase in SAR submissions and it is vital that operators submit a SAR to the United Kingdom’s Financial Intelligence Unit (UKFIU) whenever there is knowledge or suspicion of money laundering or terrorist financing (as required under The Proceeds of Crime Act 2002 (opens in new tab) (‘POCA’) and The Terrorism Act 2000 (opens in new tab) (‘TACT’)). Failure to do so can result in committing a criminal offence.

Furthermore, operators are also reminded of the need to submit quality SARs as this will aid the UKFIU if further investigations need to be carried out i.e., with other law enforcement agencies. Operators are also reminded that failure to submit a Defence Against Money Laundering (DAML) SAR to the UKFIU (when needing to commit a prohibited act) could be a criminal offence under PoCA and TACT. Examples of prohibited acts include:

Operators are also reminded that a corresponding SAR Key Event which includes the SAR’s unique reference number (URN) must also be submitted under Licence Condition 15 of The LCCP.

Insufficient due diligence measures, the threat of organised crime and customers from high risk third jurisdictions

The Commission has come across various examples of operators failing to sufficiently scrutinise the source of customer funds. It is becoming increasingly important for operators to carry out sufficient due diligence checks as the threat of serious and organised crime increases globally. Failure to conduct sufficient due diligence checks becomes even more problematic (for example) as:

The UK government has added Pakistan to the list of undesirable 21 high-risk countries with unsatisfactory money laundering and terrorist financing controls. This list of 21 countries replicates the list of countries named by FATF as high-risk or under increased monitoring.

The full list of high-risk third countries under Schedule 3ZA of The Money Laundering and Terrorist Financing (Amendment) (High-Risk Countries) Regulations 2021 (opens in new tab) (‘MLTFR 2021’) includes (in order):

According to the UK government, the nations in this category pose a threat because of weak tax controls and lack of check and balance on terrorism financing and money laundering.

The MLTFR 2021 came into force on March 26th, 2021 after the definition of a high-risk third country identified in a new Schedule 3ZA and updates The Money Laundering Regulations 2017.

All operators are required to take a risk-based approach in order to mitigate the risk of money laundering and terrorist financing. Both our casino guidance and guidance for non-casino operators makes clear that, ‘higher risk customers should be subjected to a frequency and depth of scrutiny greater than may be appropriate for lower risk customers’.

Casino businesses are also required under The Money Laundering Regulations 2017 (opens in new tab) to carry out enhanced customer due diligence measures (ECDD) wherever there is a higher risk of money laundering or terrorist financing. Please refer to our comprehensive casino guidance for further information on the circumstances in which ECDD measures must be applied.

The risks associated with cryptoasset payments have been previously discussed in the Commission’s April 2020 emerging risks ebulletin. Please refer to this further below for more information.

Emerging money laundering and terrorist financing risks from July 2020

13 July 2020

Customer use of informal value transfer systems, Money Service Businesses, licensees’ reliance on third parties and conducting affordability checks.

The Commission is highlighting to gambling businesses that their policies, procedures and controls must be effective in establishing customers’ source of funds as well as the need to undertake sufficient ‘Know Your Customer’ (KYC) checks.

Increased use of informal value transfer systems (IVTS)

IVTS are used in some parts of the world to conduct legitimate remittances (most often by individuals seeking to send money to and from family members in their country of origin). However, IVTS (also known as ‘underground banking’) are attractive for money laundering (ML) and terrorist financing (TF) purposes for some of the following reasons:

Poor implementation of policies, procedures, and controls for KYC makes the use of IVTS easier and there is increased use of IVTS such as, ‘Hawala’ (a traditional system of money lending originating in South Asia); today it is used around the world to conduct legitimate remittances outside of the banking system. Increasing evidence of the risk that gambling businesses may be accepting customer funds that have been obtained through IVTS being exploited by criminals is emerging where criminals use IVTS for the purpose of transmitting illicit finance.

Our guidance for both casino and other operators highlight that customer monitoring is an ongoing process. Licence Condition 12 of The LCCP states that, ‘licensees must conduct an assessment of the risks of their business being used for money laundering and terrorist financing’.

Money Service Businesses (MSBs)

All casinos are required to comply with The Money Laundering Regulations 2017 (opens in new tab) in respect of MSBs and HMRC’s guidance for foreign currency exchange, cheque cashing and money transfer to minimise the risk of ML and TF. All casinos offering MSBs are required to have effective risk assessments, policies, procedures and controls in place to prevent ML and TF and continue to raise standards in this regard.

During COVID-19 there has been an increased use of MSBs in the wider economy and, for those online casinos offering foreign exchange and third party money transfer, awareness and compliance with The Regulations is a continued requirement.

Some of the ML and TF risks associated with MSBs are:

The use of MSBs has been recognised as high risk in both Her Majesty’s Treasury’s National Risk Assessment (opens in new tab) and our Risk Assessment (PDF) of the money laundering and terrorist financing risks within the British gambling industry (2019 version). Casinos must effectively scrutinise source of funds and source of wealth, and (whilst online casinos continue to offer MSB facilities) mitigations to combat the use of MSB facilities for the acceptance, processing and transfer illicit finance remains a priority.

Reliance on third parties

Gambling businesses are ultimately responsible for compliance with the conditions of their licence. This includes ensuring sufficient customer checks are carried out and that reliance is not placed on any third parties to conduct customer checks.

This includes (for example) relying on banks or any third party payment processors to conduct ‘KYC’ checks or reliance on other gambling businesses to establish source of funds (without further scrutiny) where a customer states that funds are winnings from another gambling business.

Carrying out sufficient customer checks become even more vital where there is a high risk of ML and TF in cases where (for example) a customer is from a high risk jurisdiction, as this will impact on the risk profile of the customer.

Operators should also give due consideration to the ML and TF risks posed by their business to business relations (including any third parties they contract with). Social Responsibility Code Provision 1.1.2 of The LCCP state that:

‘Licensees must ensure that the terms on which they contract with such third parties: require the third party to conduct themselves in so far as they carry out activities on behalf of the licensee as if they were bound by the same licence conditions and subject to the same codes of practice as the licensee’.

Importance of conducting affordability checks and customers occupation

Failure to conduct sufficient customer affordability checks offers opportunities for illicit finance to infiltrate licensees’ financial systems.

Licensees are reminded of the importance of assessing customer affordability when determining risk levels. Disposable income levels must be a starting point for assessing financial benchmark triggers and knowing a customer’s occupation is an important factor in determining income levels and compliments businesses ‘KYC’ knowledge.

Emerging money laundering and terrorist financing risks from June 2020

15 June 2020

Our latest emerging risks bulletin looks at the re-opening of land-based gambling businesses, the new £20 notes; new list of high-risk jurisdictions; increased levels of theft/fraud linked to gambling; vulnerable gamblers; online ID verification and Financial Action Task Force Advice.

Scheduled re-opening of land-based betting shops and arcades on 15th June and the new £20 notes 

The recent government announcement of the re-opening of ‘non-essential’ shops on 15th June 2020 includes land-based betting shops.

Gambling businesses are reminded of their mandatory responsibilities under The Gambling Act 2005 (opens in new tab), The Licence Condition and Codes of Practice (‘LCCP’), The Proceeds of Crime Act 2002 (opens in new tab) (‘POCA’), The Terrorism Act 2000 (opens in new tab) (‘TACT’) and other applicable laws in order to keep crime out of gambling.

Linked to the above point (regarding the re-opening of some land-based businesses), on the 20th February 2020, the Bank of England launched the new polymer £20 note. Although the old paper £20 note continues to be accepted as legal tender, it will eventually be removed from circulation.

During the transition from the paper note to the polymer note, individuals with quantities of the paper £20 note (including notes that may be the proceeds of crime) are likely to try to exchange them before they are removed from circulation.

Where gambling businesses and their frontline staff have knowledge or suspicion of money laundering or terrorist financing involving the old paper £20 note, they must submit suspicious activity reports (SARs) to the UKFIU in the normal way.

More information about the new polymer £20 note can be found on the Bank of England’s website (opens in new tab).

New list of high-risk jurisdictions available

On the 7th May 2020, the European Commission (EC) amended its list containing high risk third jurisdictions with strategic anti-money laundering deficiencies in their regime to include the following:

Customers that are associated with high risk third countries (because of citizenship, country of business or country of residence) may present a higher money laundering risk to your business. Licensees are reminded to ensure they have adequate ‘Know Your Customer’ (KYC) and/or customer due diligence checks in place. Additionally, casino businesses are required to conduct mandatory enhanced due diligence (EDD) checks where a customer resides or is situated in a high risk third country. This includes undertaking source of funds and source of wealth checks on the customer as required under The Money Laundering Regulations 2017 (opens in new tab). Please see our guidance for casino and other operators for further information regarding gambling businesses’ legal duties.

Increase in card fraud/theft

There has been a reported increase in card fraud/theft which has then been used for gambling purposes which are the proceeds of crime.

Gambling businesses are reminded to be vigilant on affordability and source of funds for their customers. Where there is knowledge or suspicion of money laundering (including criminal spend) or terrorist financing, a suspicious activity report (SAR) must be submitted to the United Kingdom’s Financial Intelligence Unit (UKFIU) as required under PoCA and TACT. Also, a Key Event must be submitted to the Commission (as required under Licence Condition 15.2.1 (15) of The LCCP) referencing the SAR’s unique reference number (URN).

Vulnerable gamblers seeking to increase self-imposed gambling limits

Licensees must remain vigilant to the increased risk that vulnerable gamblers may seek to break their self-imposed gambling limits because of the current pandemic. Gambling businesses should consider affordability as a starting point for benchmarking customer interaction triggers. Licensees should be vigilant that a customer attempting to spend criminal proceeds or launder money could also be a problem gambler. Patterns of increased spending or spend inconsistent with apparent source of income could be indicative of money laundering but also equally of problem gambling, or both. Licensees are directed towards the Commission’s recently published guidance for online and land-based gambling businesses which shows how they should conduct customer interaction.

Licence Condition 17 of The LCCP and Online ID Verification

Licence Condition 17 of The LCCP came into effect on 7th May 2019 and covers age and verification procedures for online gambling businesses. The change means that online gambling businesses are not permitted to allow a customer to gamble before they have verified the customer’s identity. This Licence Condition was implemented to improve industry standards by ensuring that ID checks are carried out at the start of the customer relationship and not only at a later stage. This revision is also consistent with The Money Laundering Regulations 2017 (opens in new tab) which requires ongoing monitoring of customer relationships (Regulation 28(11)) and our published guidance which states that risks should be considered at all stages of the customer relationship.

The Commission is reminding online businesses that only verifying a customer’s identity at the point of withdrawal is a high risk policy from a money laundering and terrorist financing perspective and may be in breach of Licence Condition 17, as it means that CDD or EDD checks (if required and applicable only to casinos) or KYC checks (applicable to all other operators) are carried out too late in the customer journey. This poses a risk to the Licensing Objective, ‘keeping crime out of gambling’ along with potential breaches of TACT (Part 3) and PoCA (Part 7) which requires that a SAR is submitted to the UKFIU where there is knowledge or suspicion of money laundering (including criminal spend) or terrorist financing. Failure to do so amounts to a criminal offence carrying a maximum penalty of up to 5 years imprisonment (s.330 and s.331 PoCA).

With the exception of low frequency or subscription lotteries, gaming machine technical, gambling software, host, ancillary remote casino and ancillary remote bingo.

Advice from the Financial Action Task Force (FATF)

FATF (the global standard-setter for combating money laundering and the financing of terrorism and proliferation) has published a paper (opens in new tab) which identifies the challenges, good practices and policy responses to new money laundering and terrorist financing threats and vulnerabilities arising from the coronavirus crisis. 

The Commission is drawing licensees’ attention to this advice paper, advising (where necessary) to revise their ML/TF risk assessment, policies, procedures, and controls in order to mitigate all relevant identifiable risks within their business, as set out by FATF in this paper.

Emerging money laundering and terrorist financing risks from April 2020

COVID-19 emerging risks bulletin - April 2020

Our latest emerging risks bulletin looks at the impact of coronavirus, the importance of checking digital identification and increases in online scams and fraud attempts.

Reminder to all licensed operators: impact of the coronavirus pandemic, and heightened money laundering and terrorist financing risks

The Gambling Commission recognises the major impact the current unprecedented coronavirus crisis is having on affected gambling sectors, including the closure of premises, employees furloughed and loss of business. To assist you in managing the risks this presents to your business, customers and employees, we will continue to advise you about emerging risks that we identify. Businesses will need to consider whether their money laundering and terrorist financing risk assessment needs updating as a result.

Operators are reminded to remain vigilant and comply with the LCCP, The Gambling Act 2005 (opens in new tab) and other relevant laws, i.e. the Proceeds of Crime Act 2002 (opens in new tab), the Terrorism Act 2000 (opens in new tab) and the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (opens in new tab). The Gambling Commission’s guidance to both casino and other operators along with our latest Risk Assessment of The Money Laundering and Terrorist Financing risks within the British Gambling industry (2019 version) will assist licensed operators in mitigating the emerging risks identified below.

Digital ID checks: emerging money laundering and terrorist financing risk

The associated shift to online gambling during the crisis makes it more vital for online gambling businesses to ensure they are carrying out robust digital ID checks upon customer registration. It is therefore even more essential that all operators conduct thorough ‘Know Your Customer’ checks, and customer due diligence checks in the case of the casino sector, to ensure they are not dealing with illicit funds.

Operators also need to have adequate customer risk profiles in place to ensure all potential money laundering and terrorist financing risks have been considered, and that operators consider making suspicious activity reports to the National Crime Agency in the following cases:

There is evidence suggesting gambling affiliates are exploiting the coronavirus pandemic to encourage gamblers to spend more money on gambling activities. Operators are reminded:

In addition to customer checks, operators are reminded that it is important to carry out sufficiently robust background checks on employees, referred to as ‘Know Your Employee’ checks.

Cryptoassets and prepaid cards: emerging money laundering and terrorist financing risk

The coronavirus crisis has seen criminals seeking to exploit the situation with an increase in cyber-attacks, along with the increased use of digital payments (such as cryptoassets and online prepaid cards, also known as vouchers). There are reports of more online scams and fraud targeting vulnerable people. This presents a high money laundering and terrorist financing risk to the gambling industry, as criminals will seek different ways to dispose of and use illicit funds from this fraudulent activity.

The current situation has also seen increased use of digital methods, such as cryptoassets and prepaid cards, as a form of customer payment. Cryptoasset transactions are attractive to criminals as they are fast, convenient and can be carried out anonymously. Evidence shows there is a high risk of ‘smurfing’ with the use of prepaid cards, and there is evidence that this money has then been used for gambling.

Both methods of payment (cryptoassets and prepaid cards) are viewed as high risk from a money laundering and terrorist financing perspective, and operators are reminded of the need to conduct thorough source of funds and source of wealth checks (where applicable), in order to keep crime out of gambling. Operators are reminded that it is even more vital that they should also submit suspicious activity reports (SARs) where there is knowledge or suspicion of money laundering (including criminal spend) or terrorist financing. When submitting a SAR, a Key Event should also be made to the Gambling Commission in accordance with Licence Condition 15 of the LCCP.

Operators are reminded of their responsibilities under Licence Condition 12.1.1 (1), which requires licensees to review their money laundering and terrorist financing risk assessments upon the introduction of new products or technology or new methods of customer payment.

Operators are also reminded that it is mandatory to submit a key event to the Commission under Licence Condition 15.2.1(8) where there are any changes to the methods by which, and/or the payment processors through which, the licensee accepts payment from customers using their gambling facilities. When notifying the Commission under Licence Condition 15, we expect the following information to be provided as a minimum:

If the payment method relates to cryptoassets:

If cryptoassets are being accepted directly:

‘Money mules’: emerging money laundering and terrorist financing risk

An increase in online scams and fraud targeting vulnerable people has seen illicit funds being transferred through third party bank accounts (‘mule’ accounts), to break the audit trail of transactions and complicate any investigation. There is evidence that ‘mule’ accounts have been used for gambling purposes by money mules, with mainly vulnerable individuals targeted.

Operators are reminded to be alert to this. A red flag indicator for this activity is the opening of a gambling account with a minimal deposit initially, which is soon followed by several larger deposits and withdrawn to an increased amount of accounts. This makes it even more vital for operators to conduct thorough source of funds and source of wealth checks (where applicable), as well as customer ID checks upon customer registration, as required under Licence Condition 17 (applicable to remote operators only).

Where appropriate, licensees should consider obtaining their own legal advice regarding the emerging risks discussed here.

For any further assistance please contact us.