Cookies on the Gambling Commission website

The Gambling Commission website uses cookies to make the site work better for you. Some of these cookies are essential to how the site functions and others are optional. Optional cookies help us remember your settings, measure your use of the site and personalise how we communicate with you. Any data collected is anonymised and we do not set optional cookies unless you consent.

Set cookie preferences

You've accepted all cookies. You can change your cookie settings at any time.

Skip to main content


Licensing, compliance and enforcement under the Gambling Act 2005

The Commission’s approach to risk underpins its licensing, compliance and enforcement functions.

  1. Contents
  2. 2 - Assessing risk

2 - Assessing risk

The Commission’s approach to risk underpins its licensing, compliance and enforcement functions. This chapter sets out the key elements of the Commission’s risk methodology, including the processes for addressing and reviewing risk.

The Commission’s risk methodology is applied in order to establish a regulatory risk assessment for licence holders. This informs the level and nature of engagement by the Commission with those operators.

The methodology is based upon assessing the likelihood of risk presented by operators and the potential impact that the risk if realised will have upon the licensing objectives. The assessment of likelihood will relate to key regulatory risk groups within the operator’s control, whilst the assessment of impact will be related to the size and market scope of an operator’s activity.

Regulatory risk groups

The Commission has identified key regulatory risk groups: those related to the suitability of the licence holder; those which relate to the gambling facilities themselves; and finally those which relate to the manner in which the gambling facilities are provided. Each risk group will be informed by specific information upon which the risk assessment will be based.

The risks related to suitability of the licence holder include:

  • staff and management integrity and competence
  • controller integrity2
  • business integrity.

Business integrity include:

  • financial circumstances
  • governance, structure and resource.

The risks related to the type of gambling facility offered include:

  • gambling product or facility
  • market scope.

The risks presented through the provision of gambling facilities include:

  • location and operating environment
  • consistency with the licensing objectives.

Identifying risk

With any aspect of regulatory engagement (licensing, compliance etc.), an initial identification of the risk (or risks) presented will be made. For example, with a licence application the consideration will necessarily involve a wide range of risks. A compliance visit may involve a similar broad assessment or may relate to specific potential risks identified as a result of information received or previous operator engagement. The assessment of risk may focus upon any combination of the regulatory risk groups and the elements there within.

An example of risk related to employees or management integrity would be the risk posed by a personal management licence holder being convicted of a relevant criminal offence involving dishonesty. An example of risk related to the provision of gambling facilities would be the manner in which a licensed operator might seek to comply with the requirements of the Act and the Commission’s Licence Conditions and Codes of Practice (LCCP).

Assessing risk

Having identified relevant risks, the next consideration is the likelihood of a risk or risks occurring (provided it has not already occurred) and the likely impact.

The Commission will identify the risk categories and the information necessary to inform them. The information that will be sought as to likelihood of risk may include how compliant an operator is, or is likely to be, with the requirements of the Act and the LCCP. It will also include organisational matters such as accountability and governance, the competence and integrity of staff, and the effectiveness of policies and procedures designed to minimise the risk to the licensing objectives.

A significant part of this relates to the assessment of suitability. The assessment of suitability is a key element of the Commission’s licensing process and continues, after a licence has been granted, in the Commission’s compliance processes.

The Commission will assess the likely impact of a risk based primarily on the size and market scope of an operator (actual or potential) and their previous regulatory history. This may include size of customer base, number of premises, turnover or gaming yield, and extent of licensed activity. This latter consideration covers not only those operators which offer gambling across more than one sector but also those where the nature of a single licensed activity extends across multiple sectors. Gambling software development and gaming machine manufacture are examples of this where the potential market impact is high if the end product presents risk to the licensing objectives once it is made available.

Addressing the risk

The impact and likelihood of a given risk (or risks) is then taken into account as part of an overall risk assessment. This will determine the degree and type of regulatory engagement that may be required, although impact will be the primary consideration in this determination.

The Commission considers that some operators will always be higher impact because of the size and scale, or nature of their operations. Those who have extensive operations (in terms of impact) or a significant market share will always receive a greater degree of regulatory oversight due to the market impact (actual or potential) should regulatory risk materialise or be identified. This is why additional information may be required at the licensing application stage and also why the Commission has adopted a relationship management approach (through identified staff) for certain high impact operators.

Once an assessment has been completed, the Commission will, as appropriate, share with the operator its considerations as to the level of risk considered to exist. This will provide the basis of the Commission’s further engagement and operators should use the information to inform their risk controls. The Commission will, as appropriate, provide information about its assessments to operators. Assessments will not be shared with other operators or parties, although they may be shared with other regulators where appropriate. Operators that are the subjects of assessments are free to share such information as they see fit.

The approach will allow a focused approach to managing risk to the licensing objectives, and the Commission would expect this to facilitate a productive engagement and assist operators in developing effective risk management strategies. By building up a picture over time, the Commission would expect to be able to identify risk movements within individual operators and identify major issues within sectors or impact groups.

Those operators which demonstrate good governance and a high level of compliance at all levels are less likely to present a risk to the licensing objectives and will receive less regulatory oversight as a result, although this reduced oversight will be proportionate to their potential impact.

Reviewing the risk

Once any regulatory action is completed, the risk is re-assessed to determine whether the desired outcome has been met in addressing the risk (or risks) or further attention is needed.


2 Within the meaning of section 422 of the Financial Services and Markets Act 2000 (opens in new tab).

Previous section
1 - Introduction
Next section
3 - Licensing
Is this page useful?
Back to top