This box is not visible in the printed version.
Our money laundering and terrorist financing risk assessment: 2020
Published: 18 December 2020
Last updated: 16 August 2021
This version was printed or saved on: 27 April 2024
Online version: https://www.gamblingcommission.gov.uk/guidance/The-money-laundering-and-terrorist-financing-risks-within-the-British-gambling-industry
The Gambling Commission’s (the Commission) Money Laundering (ML) and Terrorist Financing (TF) risk assessment 2020 highlights the key risks associated with each of the sectors within licensed land-based and remote activity in Great Britain’s gambling industry. This assessment builds on the previous risk assessment (PDF opens in new tab) (including the Money Laundering (ML) and Terrorist Financing (TF) risks associated with COVID-19) and fulfils the Commission’s requirement under Regulation 17 (1) of the Money Laundering (ML), Terrorist Financing (TF) and Transfer of Funds (Information on the Payer) 2017 (the Regulations).
The Commission has considered a wealth of information and intelligence when assessing the key threats identified within the British gambling industry and providing revised risk ratings in this publication. In consultation with in-house and external subject matter experts, this assessment has been developed with input from a wide range of sector and industry specialists. This includes law enforcement, such as the National Crime Agency (NCA), and considered approaches taken by other AML (Anti Money Laundering) supervisory authorities, such as the Financial Conduct Authority (FCA) and HM Revenue and Customs (HMRC). We have also analysed information from various other sources to inform our understanding of risks such as:
The reporting period this assessment is based on is from 1st November 2018 to 31st May 2020. The methodology used to assess the risks in Great Britain’s gambling industry remains the same as for the previous year’s risk assessment. For more detail on the methodology and terminology used, please refer to the methodology section of this report.
In summary, the risk ratings for each gambling sector are as follows and range from high risk to low risk. The gambling sector, however, in HM Treasury’s National Risk Assessment is rated as low, and it is important to understand why this is the rating allocated. The National Risk Assessment captures the risk of Money Laundering (ML) and Terrorist Financing (TF) occurring across all regulated financial sectors and Designated Non-Financial Businesses and Professionals (DNFBPs), which includes:
When gambling is put into the wider financial context of being vulnerable to money laundering and terrorist financing in comparison to other regulated sectors, the risk is lower; thereby explaining HM Treasury’s rationale for rating gambling as low risk for Money Laundering (ML) and Terrorist Financing (TF). However, the Commission in this risk assessment compares individual gambling sub-sector risks of being vulnerable to money laundering and terrorist financing and rates them appropriately in comparison to each other. Whilst some of the ratings have changed in individual sub-sector risk areas, the overall risk ratings for each gambling sector have not changed since the previous risk assessment (with the exception of the overall risk of terrorist financing to Great Britain’s gambling industry which has decreased from medium to low risk).
The following gambling sectors are being assessed separately (compared to previous risk assessments) as they are separate and distinct sectors with differing risk areas and levels:
External Lottery Managers are being assessed for the first time.
| Sector | Previous overall risk rating |
|---|---|
| Remote (casino, betting, and bingo) | High |
| Casino (Non-Remote) | High |
| Betting (Non-Remote, off-course) | High |
| Betting (Non-Remote, on-course) | Medium |
| Bingo (Non-Remote) | Medium |
| Adult Gaming Centres | Medium |
| Family Entertainment Centres (FECs) | Low |
| Society Lotteries and External lottery Managers (Remote and Non-Remote) | Low |
| The National Lottery (Remote and Non-Remote) | Low |
| Gambling Software (Remote and Non Remote) | Low |
| Gaming Machine Technical (Remote and Non-Remote) | Low |
| Sector | Current overall risk rating |
|---|---|
| Terrorist financing | Low |
The assessment of the terrorist financing risk is partially based on information from HM Treasury’s National Risk Assessment, which has assessed this area as low risk for gambling. The Commission has also collaborated closely with external stakeholders when arriving at its risk rating, such as the UK’s counter terrorism teams, to help us understand the terrorist financing typologies and vulnerabilities that are applicable to the gambling industry.
This assessment recognises that there are many risks and typologies or vulnerabilities in the gambling industry related to Money Laundering (ML) or Terrorist Financing (TF). The gambling industry is fast paced and is constantly evolving with new innovative products to cater for customer needs. However, with any changes, these can bring new methods for criminals to launder illicit funds which the gambling industry needs to be alert to.
This document is intended to act as a valuable resource for the industry in informing their own Money Laundering (ML) and Terrorist Financing (TF) risk assessments, and must be taken into account when doing so, as required under Licence Condition 12 of the Licence Conditions and Codes of Practice (LCCP).1
It is mandatory for gambling operators from all gambling sectors to comply with the licensing objective, keeping crime and its proceeds out of gambling as set out in the Gambling Act 2005 (the Act) (opens in a new tab) and the Commission’s LCCP. Furthermore, all gambling operators have legal duties under the Proceeds of Crime Act 2002 (POCA) and the Terrorism Act 2000 (TACT) (opens in a new tab) to mitigate financial crime. Casinos (both land-based and remote) have an enhanced set of legal responsibilities, as they must comply with the Regulations2 for casino gaming, gaming machines and money service business activities offered. However, it is imperative for all gambling operators (regardless of gambling sector) to ensure they have effective risk assessments identifying Money Laundering (ML) and Terrorist Financing (TF) risks, along with robust policies, procedures and controls in place to prevent Money Laundering (ML)/Terrorist Financing (TF) and continue to raise standards in that regard.
1Licence Condition 12 requires operators have appropriate policies, procedures, and controls to prevent money laundering and terrorist financing and that such policies, procedures, and controls take into account any applicable learning or guidelines published by the Gambling Commission.
2This refers to the Regulations under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (opens in new tab)(‘the Regulations’) which are applicable to firms under the ‘regulated sector’. Casinos are part of the ‘regulated sector’.
Regulation 17 places an obligation on supervisory authorities to carry out a risk assessment of their supervised sector. The Commission is the supervisory authority for casinos and this obligation is met by this risk assessment. The Commission will also continue to use this risk assessment to inform HM Government of the level of risk of Money Laundering (ML) and Terrorist Financing (TF) within the entire gambling industry in Britain.
The Government acknowledges that a variety of factors can cause vulnerabilities and risks attributed to a particular gambling sector to become higher or lower risk over time. Consequently, where a gambling sector can no longer be deemed low risk (including where the sector fails to effectively manage the Money Laundering (ML) and Terrorist Financing (TF) risks within that sector), then it will likely lead to their inclusion within the provisions of the Regulations, subjecting that sector to its requirements.
A risk assessment is extensively recognised as the key requirement to understanding the Money Laundering (ML) and Terrorist Financing (TF) risks that a business is exposed to. This is done through the identification, assessment, management and where possible, the mitigation to control and, or as well as, prevent ML and TF. By knowing and understanding the risks to which the gambling industry is exposed, HM Government, law enforcement, the Commission and operators can work together to ensure that gambling in Britain is a hostile place for money launderers and terrorist financers seeking to exploit it.
In June 2019 we published our previous Money Laundering (ML) and Terrorist Financing Risk Assessment (TF). The money laundering vulnerabilities in the previous assessment were evidence-based and achieved through analysis of a variety of information sources. Each assessment builds upon the previous one. It its therefore recommended that this year’s assessment should be read in conjunction with the previous risk assessment: Money laundering and terrorist financing risk assessment within the British gambling industry: 2019 (PDF) as the previous publications provide further information on the inherent risks within Great Britain’s gambling industry by sector.
This report is set out by firstly reviewing existing inherent and emerging risks, which the previous risk assessment highlighted. Then the report assesses any additionally applicable inherent and new emerging risks.
Each of the risks have been reassessed using internal and external information sources such as enforcement, licensing and intelligence case work, compliance assessment analysis, HM Treasury’s National Risk Assessment, FATF recommendations, combined with qualified professional judgement by the Commission’s AML/CTF experts.
The risk of Money Laundering (ML) and Terrorist Financing (TF) threatens the United Kingdom’s (UK) national security, the economy and international standing. Such risks can have a detrimental impact on society, can damage communities and undermines the integrity of both public and private sector organisations. The Money Laundering (ML) and Terrorist Financing (TF) threats that the gambling industry faces are diverse, complex and are rapidly evolving.
Serious and organised crime has been estimated to cost the UK tens of billions of pounds every year. That is why we must continue to crack down on illicit crime and ‘dirty’ money seeking to exploit the British gambling sector.
Money launderers and terrorist financers use similar methods to store, move and obtain funds, although their motives differ. Depriving terrorist groups of funds is an essential aspect of preventing these groups from recruiting and committing terrorist acts. There are various reasons as to why criminals or organised crime groups may engage in Money Laundering (ML) such as:
Financial trails from offences to criminals are incriminating evidence. They will try and obscure or hide the source of their wealth or funds, or alternatively disguise ownership or control to ensure that illicit proceeds are not used to associate them to a predicate offence.
Proceeds of crimes can become the target of investigation and seizure. To protect the criminal and their illicit finances from seizure, they will try and conceal their existence or, alternatively, make them look legitimate.
Section 1(a) of the Act (opens in a new tab) places responsibility on all gambling operators to prevent gambling from being a source of, being associated with crime or disorder, or being used to support crime.
The Commission also regulates the National Lottery under the National Lottery Act 1993 (opens in a new tab) which requires that the National Lottery is (including every lottery that forms part of it) run with all due propriety, and the interests of every participant in a lottery that forms part of the National Lottery are protected.
The Proceeds of Crime Act 2002 (POCA) places a further obligation on all gambling operators to be alerted to attempts by customers to gamble with or launder money acquired unlawfully and to report such activity to the appropriate authorities. This applies to all forms of money laundering including, for example, ‘washing’ criminal money, attempting to disguise the criminal source of the funds, or simply using criminal proceeds to fund gambling. It applies to all persons, including gambling operators and their staff, and includes specific obligations to report suspected money laundering to the United Kingdom’s Financial Intelligence Unit (UKFIU).
The Terrorism Act 2000 (TACT) (opens in a new tab) establishes several offences concerned with engaging in or facilitating terrorism, as well as raising or possessing funds for terrorist purposes. It applies to all persons, including gambling operators and their staff, and includes specific obligations to report suspected terrorist financing to the United Kingdom’s Financial Intelligence Unit (UKFIU).
The Regulations (PDF) (opens in a new tab) came into effect on 26 June 2017 (which replaced the Money Laundering Regulations 2007).
The Regulations require remote and non-remote casinos to, for example:
As part of the regulated sector, casinos licensed by the Commission are placed under an enhanced set of legal duties as set out under the Regulations (PDF)(opens in a new tab). The Regulations were amended on 10th January 2020 because of the implementation of the 5th Money Laundering Directive into UK law, through the updated Money Laundering Regulation’s Statutory Instrument (opens in a new tab). For further information on casino businesses’ legal duties, please refer to our comprehensive casino guidance. Casino businesses are also reminded that they should have already reviewed and accordingly amended their Money Laundering (ML) and Terrorist Financing (TF) risk assessments as well as the associated policies, procedures, and controls because of the 5th Money Laundering Directive’s implementation.
The risk of crime affects all gambling operators, including those not specified in the Regulations, and they too are required to have regard to Proceeds of Crime Act (POCA) and The Terrorism Act 2000 (TACT), and adopt a risk-based approach consistent with the Commission’s Licence Conditions and Codes of Practice (LCCP), guidance and advice.
Licence condition 12.1.1 requires all operating licensees (except for gaming machine technical and gambling software licensees) to assess the risks of their businesses being used for Money Laundering (ML) and Terrorist Financing (TF). Licensees must also ensure they have appropriate policies, procedures, and controls to prevent Money Laundering (ML) and Terrorist Financing (TF), taken into account in their risk assessment. They must ensure that such policies, procedures, and controls are implemented effectively, kept under review, revised appropriately to ensure that they remain effective, and consider any applicable learning or guidelines published by the Commission.
The Commission continues to base its framework for this and previous assessments upon the Financial Action Task Force (FATF)’s risk assessment methodology. The Financial Action Task Force (FATF) published its Mutual Evaluation Report (opens in a new tab) (MER) of the UK’s Anti Money Laundering (AML) and CTF framework, which is evaluated every ten years. Their report, which assessed technical compliance with Financial Action Task Force (FATF) standards (the 40 Recommendations) and effectiveness of a country’s Anti Money Laundering (AML)/CTF regime (the 11 Immediate Outcomes) rated the Commission positively and identified us as displaying “…a very strong understanding of risks both at a sector and firm-specific level.”
At the end of the EU Exit transition period, sanctions will continue to be implemented through the new powers as set out in the Sanctions and Anti-Money Laundering Act 2018 (opens in a new tab) (SAMLA). This will be used to fulfil our international obligations under the UN and impose further sanctions domestically. Sanctions and Anti-Money Laundering Act (SAMLA) provides the power for the UK to impose sanctions, including against a person involved in gross human rights abuses or anti-corruption violations.
A risk-based approach focuses effort where it is most needed and will have the most impact. It requires the full commitment and support of senior management and the active co-operation all employees.
A risk-based approach involves several steps to assess the most proportionate way to manage and mitigate the risks faced by an operator:
For further information regarding the steps gambling operators should take in applying a risk based approach, please see our guidance for casino operators and other operators.
The Commission has been issuing regular industry alerts in order to inform and educate the gambling industry regarding the emerging risks we have come across due to the current COVID-19 pandemic (including steps businesses should take to mitigate these risks). Please see our website for further information.
| Sector | Previous overall risk rating | Current overall risk rating |
|---|---|---|
| Remote Casino | High | High |
There has been an increase in the risk levels for the inherent risks for the remote casino sector. For further information relating to the inherent risks, including vulnerabilities, consequences and controls, see our previous risk assessments:
| Vulnerability | Risk | Previous likelihood of event occurring | Previous impact of event occurring | Current likelihood of event occurring | Current impact of event occurring | Change in risk |
|---|---|---|---|---|---|---|
| Operator Control | Operators failing to comply with prevention of money laundering and terrorist financing legislation and guidance | High | High | High | High | No change |
| Licensing and integrity | Gambling operations run by organised criminals to launder funds | Medium | High | Low | High | Decrease | Licensing and integrity | White label providers | High | High | High | High | No change | Customer | Customer not physically present for identification purposes | High | High | High | High | No change | Customer | False or stolen identity documentation used to bypass controls to facilitate the laundering of criminal funds | Medium | High | High | High | Increase | Customer | Accessibility to multiple remote casinos | High | High | High | High | No change | Customer | Customers from high risk jurisdictions using casino facilities to launder criminal funds | Low | Very High | Medium | High | No change | Customer | Customers who appear on sanctions lists laundering criminal funds | Low | Very High | Low | High | Decrease | Customer | International politically exposed persons (PEPs) using casinos to launder illicit or criminal funds | Medium | Very High | Medium | High | Decrease | Customer | Domestic PEPs using casinos to clean criminal funds identification & verification | Medium | Medium | Low | Medium | Decrease | Customer | Customers making numerous low-level transactions to minimise suspicion and evade CDD requirements at the threshold (smurfing) | High | High | High | High | No change | Customer | Use of third parties or agents to obscure the source or ownership of money gambled by customers & their identities | High | High | High | High | No change | Means of payment | Pre-paid cards | Medium | Medium | High | High | Increase | Means of payment | E-wallets | Medium | Medium | Medium | Medium | No change | Means of payment | Cryptoasset transactions | Medium | Medium | Medium | High | Increase | Product | Peer to Peer gaming (poker)-B2B and B2C | High | High | High | High | No change |
All of the following areas have been given a high risk rating which signifies the importance of operators carrying out robust due diligence checks on customers.
There is a significant risk of OCGs infiltrating remote casino businesses using ‘mule accounts’ (for example). This has been rated high risk.
Illicit funds can be transferred (either willingly or unwillingly), through a third party’s bank account (known as a ‘money mule’) to break the audit trail of transactions. This can be used as a primary method of laundering criminal proceeds. There is evidence that mule accounts have been used for gambling purposes with mainly vulnerable individuals or university students being targeted. There is evidence that OCGs are using this method, with links to drug and people trafficking, to move large amounts of illicit proceeds through a dispersed network of accounts to ensure financial threshold triggers are not alerted.
The decrease of international students residing in the UK (due to COVID-19) may have led to reductions in activity through those types of mule accounts, however UK resident 3 students remain vulnerable. There is the risk that OCGs may coerce vulnerable individuals into becoming money mules, as has been observed in the US. This has been given a high risk rating due to both the likelihood and impact of it occurring within gambling and the high collateral impact upon victims. Linked to this risk area, please see the Betting (remote) section for further information regarding ‘mule betting accounts'.
Through compliance and enforcement work the Commission carries out, we have seen numerous instances of operators imposing high financial triggers which need to be met before any customer interaction takes place. For example, one remote casino operator had a £3,500 ‘customer trigger’ before any CDD checks would take place. Having high arbitrary financial thresholds in place before CDD or EDD (if required) checks are carried out, means that casino operators are failing to consider any Money Laundering (ML) and Terrorist Financing (TF) risks below these levels. These arbitrary thresholds will not allow the operator to consider any unusual patterns of transactions below these high thresholds (which requires increased monitoring of the business relationship) to determine whether the transaction or business relationship appears to be suspicious. 4
There is evidence to suggest that membership schemes provide incentives to high spending customers such as free holidays, bets, cashback, and prizes. Evidence suggests that ‘VIP’ or high value customers are more likely to be problem gamblers. Some 2.3% of the country’s online 47,000 VIPs are estimated to be problem gamblers 5. From a Money Laundering (ML), Terrorist Financing (TF), and problem gambling perspective this raises significant concerns regarding how adequately CDD or KYC checks are conducted by gambling businesses. Operators are repeatedly failing to understand that problem gambling may be interlinked with Money Laundering (ML) and Terrorist Financing (TF) risks in that if sufficient CDD/EDD 6 checks or KYC checks 7 are not undertaken, this is a breach of the Regulations 8, the LCCP and Commission guidance.9 Problem gambling risk indicators include, but are not limited to:
This is not the exhaustive list and casino operators need to satisfy themselves that they have asked the necessary questions when deciding whether to establish customer relationship, maintaining the relationship or if deciding to terminate the relationship. Further information on operators legal duties can be found in our comprehensive guidance for casino and all other operators.
Potential mitigations that operators can implement in this area include setting deposit limits along with a clear risk assessment of this area and effective policies, procedures and controls in place for high value customers (to include mandating regular, meaningful customer interaction with all high value customers).
The Commission has undertaken a consultation on high value customers, and released guidance to operators on high value customers in September 2020, setting out areas that gambling businesses must comply with to reduce harm and mitigate risks.
The Commission holds significant evidence of cases where problem gamblers have stolen monies to fund gambling activities (along with cases where those in positions of trust and high risk professions have fraudulently obtained money from employers or vulnerable victims for gambling purposes due to problems with gambling). Customers may also undertake non-traditional types of crimes such as ‘lonely heart’ scams to use money derived from this to gamble. These type of gambling typologies are increasing which makes it vital that operators undertake the necessary checks to establish a customer’s source of funds and affordability levels to gamble.
Social responsibility code provision 3.4.1 of the LCCP sets out requirements for effective policies and procedures for customer interaction and indicators of problem gaming (including VIP or high-value customers). The Commission’s Customer interaction – guidance for remote gambling operators Guidance note (PDF) (opens in a new tab) also clearly sets out our expectations in this area.10
The Commission takes any breaches of social responsibility and Anti Money Laundering (AML)/CTF provisions seriously. This is evidenced by our recent targeted investigation into online casinos where we have conducted licence reviews under s.116 of the Act and imposed regulatory settlements where we have seen evidence of non-compliance11. As part of our remote casino compliance and enforcement work, we have also reviewed 22 Personal Management Licences. This has been given an overall ‘high’ risk rating due to high customer spending levels and high levels of human collateral impact. The risk in this area also apply to all customer contact operators (casino, betting, bingo, arcade).
Where operators do not have a ‘closed loop’ system in place, there is a significant risk of criminals being able to exploit the use of fraudulent or stolen debit cards across multiple premises of the same operator with monies derived from the proceeds of crime. It is strongly recommended that payments are made to the same customer card to mitigate this risk. This has been given a high risk rating.
Operators are reminded not to rely on payment providers to conduct KYC checks. Further information on this risk can be found on the Commission’s website.
These are online slot games which allow players to stake significant amounts of money to access a bonus feature without playing the initial stages of the game. There is significant concern about this bonus feature as it appears to encourage higher stake gambling with reports that players can stake £1000+ at a time to directly access bonus features. There was evidence that one game was charging more than £3,000 to enter the bonus feature. As well as appearing to be potential breaches of the Remote Technical Standards (RTS) 12, it also raises concerns regarding how customer due diligence (CDD) checks (or if needed, EDD checks) are carried out to ensure compliance with the Regulations if customers are permitted to play for high stakes in short periods of time as online games are instantaneous and can encourage fast, addictive play. All high-stakes gambling is susceptible to abuse because it is common for players to gamble with large volumes of cash, the source and ultimate ownership of which may not be readily discernible.
The Commission regularly issues industry alerts so that operators are aware of the standards expected of them in relation to gambling law 13. The Commission has actively pursued these operators so that these features are removed, and they subsequently have been. This area has been given a ‘high’ risk rating due to the significant Money Laundering (ML) and Terrorist Financing (TF) risks due to the high spending potential.
3Gambling Commission data.
4As required under Regulation 33(4) of the Regulations.
5Gambling Commission data 2020.
6Applicable to casino operators only.
7Applicable to all other gambling sectors.
8Applicable to casino operators only.
9LCCP 12.1 (requires operators to conduct an assessment of the ML and TF risks posed in their business). Not applicable to gambling software and gaming machine technical licences.
10Gambling Commission: Customer interaction guidance for remote gambling licensees (opens in new tab). See section 2.18 and section 4 of the guidance (accessed 23rd June 2020, updated July 2019).
11Gambling Commission news article: Betway to pay £11.6m for failings linked to 'VIP' customers.
12RTS 14A (need to ensure that products are designed responsibly and to minimise the likelihood that they exploit or encourage problem gambling behaviour and RTS 3A: an explanation of the applicable rules must be easily available to the customer before they commit to gamble.
13 Games warning for online operators (updated 17th January 2020, accessed 1st March 2020).
| Sector | Previous overall risk rating | Current overall risk rating |
|---|---|---|
| Casino (Non-Remote) | High | High |
There has been an increase in the risk levels for some of the inherent risks for the non-remote casino sector. For further information relating to the inherent risks, including vulnerabilities, consequences and controls, see our previous risk assessments:
| Vulnerability | Risk | Previous likelihood of event occurring | Previous impact of event occurring | Current likelihood of event occurring | Current impact of event occurring | Change in risk |
|---|---|---|---|---|---|---|
| Operator Control | Operators failing to comply with prevention of money laundering and terrorist financing legislation and guidance | High | High | High | High | No change |
| Operator Control | Undermining of the Money Laundering Reporting Officer (MLRO) role which can intentionally/unintentionally lead to exploitation by money launderers | High | High | High | High | No change |
| Operator Control | Lack of competency of key personnel and licence holders which can then be exploited by criminals seeking to launder the proceeds of crime | Low | High | High | High | Increase |
| Operator Control | Lack of adequate and relevant due diligence checks conducted resulting in criminals laundering money | Medium | High | High | High | Increase |
| Licensing & Integrity | Gambling operations being acquired by organised crime to launder criminal proceeds | Medium | High | Medium | High | No change |
| Licensing & Integrity | Ultimate Beneficial Ownership | Medium | High | Medium | High | No change |
| Licensing & Integrity | Employees colluding with criminals | Medium | High | High | High | Increase |
| Licensing & Integrity | Individuals with known criminal records/or suspected criminal activities | High | High | High | High | No change |
| Customer | Customer from high-risk jurisdictions using casino facilities to launder money | Medium | Very High | Medium | High | Decrease |
| Customer | Customers appearing on international sanctions list laundering corrupt or criminal funds | Medium | Very High | Low | High | Decrease |
| Customer | International politically exposed persons (PEPs) using casinos to clean criminal funds | High | Very High | Medium | High | Decrease |
| Customer | Domestic PEPs using casinos to clean criminal funds | Medium | Medium | Low | Medium | Decrease |
| Customer | False/fraudulently obtained or stolen ID docs used to bypass controls | Medium | High | Medium | High | No change |
| Customer | Customers breaking up large amounts of cash into small transactions to minimise suspicion and evade CDD requirements at the threshold (‘smurfing’) | High | High | Medium | High | Decrease |
| Customer | Use of third parties or agents to obscure the source or ownership of money gambled by customers & their identities | High | High | Medium | High | Decrease |
| Means of Payment | Cash Transactions | High | High | High | High | No change |
| Means of Payment | Casinos acting as money service businesses (MSBs) | High | High | High | High | No change |
| Means of Payment | TITO enabled gaming machines used to launder funds when used with ATR machine | High | High | Medium | High | Decrease |
| Product | Electronic roulette - when used with TITO & ATRs | High | High | Medium | High | Decrease |
| Product | Gaming Machines (all) | High | High | High | High | No change |
| Product | Peer to peer gaming (poker) B2C | High | High | High | High | No change |
The use of cashless payments in general has increased in popularity in recent years. This presents a risk where Money Laundering (ML) or Terrorist Financing (TF) could be facilitated using fraudulently obtained and stolen cards. Whilst there are controls in place through closed loop systems, this mitigation is wholly reliant on the operator and its employees’ effective application and there is a monetary cap on each transaction, currently £45.
The associated risks with cashless payment include:
These risks associated with cashless payments further increase where a customer uses multiple premises and there is a lack of customer interaction. However due to cashless payments increasing in popularity, especially due to COVID-19, this has been given a high risk rating in relation to the casino sector.
The Commission has become aware of instances of non-remote casinos accepting cryptoassets as a form of customer payment. Operators are reminded that their Money Laundering (ML) and Terrorist Financing (TF) risk assessment must be reviewed if certain circumstances change, including new methods of payment by customers14. This has been rated medium risk as there is no widespread evidence of this specific risk area. For further information on this risk area, see our information on digital technologies and anti-money laundering.
Bank drafts are being viewed as the latest Money Laundering (ML) method for criminals. These are guaranteed cheques issued by a bank and are being used as a form of customer payment by some remote casino operators. Cash payments have typically been favoured by criminals for money laundering purposes. This may be because criminal activities generate cash profits or because cash is used as an instrument to disguise the criminal origin of profits as the benefits of this method include lack of traceability.
There is a risk that there could be a shift from cash payments to bank drafts as a form of payment due to the following reasons:
they are an inconspicuous payment method compared to carrying bulk cash in non-remote casinos
cash payments are viewed less favourably by criminals due to increased media and government intervention.
Other countries have recently seen a surge in the number of suspicious related casino transactions involving bank drafts and operational alerts regarding the money laundering risks of this have been issued. The alert includes evidence that bank drafts have been associated to ‘mule bank accounts’15. In this regard, it is vital that gambling businesses are alert to customers who regularly use this as a payment method or deposit a high volume of bank drafts.
Licence Condition 5.1.1. of the LCCP mandates that there needs to be appropriate policies and procedures concerning the use of cash equivalents (including bank drafts). Furthermore, bank drafts can increase the risk of ‘smurfing’.
The use of bank drafts has been given a medium risk rating as the Commission is not aware of widespread use by Commission licensed casino operators accepting bank drafts as a form of customer payment.
Recent product innovations in the gambling industry include cashless apps that can be used on analogue and digital machines. The advantages for customers include ease of play and convenience, however there are associated risks.
These include:
The risks associated with cashless apps further increase where a customer uses multiple premises and there is a lack of customer interaction. The Commission is not aware of any licensed casino operator currently providing this facility. However due to cashless payments along with digital payment methods increasing in popularity due to continuing innovation in the industry, as well as the drive towards cashless payment due to COVID-19, this has been given a high risk rating should this be implemented in the future in relation to the casino sector.
There is evidence that in the non-remote casino sector, customers can transfer funds between themselves via their gambling accounts. Operators should have policies, procedures, and controls in place to mitigate the risk of money lending between customers 16. This has been rated medium risk.
There is growing evidence that non-licensed employees, for example, casino receptionists (who are not required to hold Personal Licences under the LCCP) are carrying out customer ID checks. Casino operators are reminded that they are ultimately responsible for compliance with the LCCP, the Act and the Regulations. This is rated high risk.
A requirement of the Regulations is for casino operators to appoint, where appropriate with regard to the size and nature of their business, an individual who is either a member of the board of directors (or if there is no board, of its equivalent management body) or of its senior management, as the officer responsible for the operator’s compliance with the Regulations. This could be the same person as the nominated officer if the operator considers this a suitable arrangement.17
The Commission has received evidence that some casino operators are not complying with this requirement and will view any non-compliance with the Regulations seriously. This has been rated as high risk.
14As required under Licence Condition 12.1.1 of the LCCP.
15Financial Transactions and Reports Analysis Centre of Canada Operational alert: Laundering the proceeds of crime through a casino-related underground banking scheme (opens in new tab) accessed 25 February 2020, updated December 2019.
16Ordinary Code Provision 3.8.1 of the LCCP states that operators should take steps to prevent systematic or organised money lending between customers on their premises.
17Regulation 21(1)(a).
The Regulation’s designate the Commission as the supervisory authority for casinos in the UK. While under the Regulations HMRC is the supervisory authority for money service businesses (MSB) activities, the Commission and HMRC have agreed, under Regulation 7(2), that the Commission will act as the supervisory authority for MSB activities carried out by casinos (which includes: foreign exchange, third-party money transmission and third-party cheque cashing).
The Commission found that around 14% of business to customer remote casinos offered some form of MSB activity. In the same period around 79% of non-remote casinos offered some form of MSB activity 18. Commission-based research found that the following types of MSBs were offered by casinos:
Some red flag risk indicators identified with MSB activity were:
Third party payment MSB activity for online casinos might include cases of a spouse’s card being used to fund the gambler’s account, or the money is paid out from the account to the third party. Clearly there are risks associated with this and we expect operators to have measures in place such as identification and source of fund checks.
The Commission found that some remote casino operators were unable to separate their financial data accurately in relation to MSB activity and other activity in customers’ e-wallets. Failing to do so means that operators are not sufficiently assessing, monitoring, and controlling the risks associated with MSB activity.
This highlights the importance of operators adopting a risk-based approach in order to mitigate the potential Money Laundering (ML) and Terrorist Financing (TF) risks associated with MSB activity.
18 In the period between 1st January 2018 to 31st December 2018.
| Sector | Previous overall risk rating | Current overall risk rating |
|---|---|---|
| Betting (Remote) | High | High |
There has been an increase in the risk levels for some of the inherent risks for the remote betting sector. For further information relating to the inherent risks (including vulnerabilities, consequences and controls), see our previous risk assessments:
| Vulnerability | Risk | Previous likelihood of event occurring | Previous impact of event occurring | Current likelihood of event occurring | Current impact of event occurring | Change in risk |
|---|---|---|---|---|---|---|
| Operator Control | Operators failing to comply with prevention of money laundering and terrorist financing legislation and guidance | High | High | High | High | No change |
| Operator Control | Operators staking and winning directly and indirectly on their own products | Medium | Medium | Low | Medium | Decrease | Operator Control | Lack of competency of key personnel and licence holders which can then be exploited by criminals seeking to launder the proceeds of crime | High | High | High | High | No change | Operator Control | Inadequate/lack of ‘know your customer’ (KYC) checks resulting in criminals laundering criminal proceeds or risk of this occurring | Medium | High | High | High | Increase |
| Licensing and integrity | Gambling operations run by organised criminals to launder criminally derived funds | Medium | High | Medium | High | No change |
| Licensing and integrity | White label providers | High | High | High | High | No change |
| Customer | Customer not physically present for identification | Medium | High | High | High | Increase |
| Customer | False or stolen documentation used to bypass controls to launder criminally derived funds | Medium | High | High | High | Increase |
| Customer | Accessibility to multiple remote accounts | High | High | High | High | No change |
| Customer | Customers from high risk or non-cooperative jurisdictions using remote facilities to launder criminally derived funds | Medium | Very High | High | High | Decrease |
| Customer | Customers who appear on international sanctions lists laundering criminally derived funds | Very Low | High | Low | High | Increase |
| Means of payment | E-wallets | N/A (no risk rating provided in previous risk assessment) | N/A (no risk rating provided in previous risk assessment) | Medium | Medium | N/A |
| Means of payment | Cryptoasset transactions | Medium | Medium | Medium | High | Increase |
| Means of payment | Pre-paid cards | Medium | Medium | High | High | Increase |
The following additional inherent and new emerging risks highlight the importance of operators conducting robust due diligence checks on customers. The new or additional areas have their own individual risk ratings.
This method of gambling allows customers to bet directly against each other. There is the potential for betting sites to be used by criminals to facilitate match fixing and therefore generate criminal proceeds19. The risks in this area have been further compounded over recent years with the introduction of peer to peer betting applications which allows for instantaneous, convenient play. Betting exchanges are typically a global product meaning customers located within Great Britain can be matched with customers from different countries who may not be necessarily be subject to same, stringent Anti Money Laundering (AML) checks as those in Britain. This means that criminal monies may be filtering into Britain. This risk in this area increases where a customer is from a high risk geographical area20. This has been given a medium risk rating.
With COVID-19 seeing an increase in cashless payments, there is the risk of operators not operating a ‘closed loop’ system, that is, payment to the customer is made on the same card that was used by the customer to deposit funds. This coupled with the increased evidence the Commission is seeing of card fraud/theft means that operators should implement effective policies, procedures and controls involving a ‘closed loop system’. This has been rated high risk.
There have been examples in the remote betting sector of customers’ gambling being funded by third parties which has facilitated Money Laundering (ML). This highlights the importance of operators having a robust Money Laundering (ML) and Terrorist Financing (TF) risk assessment in place to mitigate such risks. This has been given a high risk rating.
This has been given a high risk rating as previously discussed. See the Casino (Remote) section for further information.
There is substantial evidence that remote betting operators have high customer spending triggers in place before conducting any due diligence checks on customers. This means that for customers that do not hit this threshold, it has been found that only basic checks are being carried out i.e., proof of name, address, and date of birth. Operators are reminded that this is a potential breach of Licence Condition 12.1.1.(1) which requires that licensees must assess the risks of their business being used for Money Laundering (ML) and Terrorist Financing (TF). This is a high risk area.
The Commission has received reports from licenced operators relating to suspicious betting activity on sporting events taking place predominantly outside of Britain. A number of these events were organised as ‘friendly’ or ‘exhibition’ matches outside of the jurisdiction of a recognised Sports Governing Body (SGB). Media reports indicated that some of these events had been set up purely for betting purposes, with confusion over whether some of the matches had taken place at all. It is vital to maintain and protect the integrity of betting and with no Sports Governing Body (SGB) oversight, these unregulated events present a much greater risk for corruption and match fixing. We expect licensees to have robust systems in place to manage these risks. They should also ensure that markets are offered on events that are genuine and are settled fairly. This has been rated high risk. For further information see our reminder to licensees to manage risks associated with unregulated events (opens in new tab)
Licence Condition 17 of the LCCP stipulates that online gambling businesses are not permitted to allow a customer to gamble before they have verified the customer’s identity21. This LCCP change is consistent with our guidance to operators which states that operators need to give due consideration to ‘whether it is necessary to do KYC or due diligence checks on the customer’22. The Commission has seen evidence in the remote betting sector that licensees are asking for customer ID when a withdrawal request for winnings is submitted by the customer. From a Money Laundering (ML) perspective, this has been given an overall ‘high’ risk rating as it means that insufficient due diligence checks are being carried out early enough in the consumer’s gambling journey.
There is evidence of customer ‘smurfing’ in the remote betting sector. ‘Smurfing’ is a common Money Laundering (ML) method where multiple launderers will make numerous small transactions to minimise suspicion and evade KYC requirements at the threshold of gambling. This has been given a medium risk rating.
'Mule' accounts are the creation of online betting accounts via the misuse of personal details belonging to third parties. This can be done both with or without third-parties’ knowledge and their personal data can be used to open both online betting accounts and e-wallet accounts with payment service providers. Large numbers of mule accounts are typically controlled by individuals or groups for the purposes of placing large volumes of bets and or as well as to disguise who is placing the bets and or as well as disguise the sources of funds being gambled.
Third-party or “mule” accounts could arguably be used by the following groups to name but a few:
It is a well-known gambling typology that OCGs have targeted students and the vulnerable for setting up mule accounts.
Mule accounts can be used to:
to facilitate money laundering (that is, enabling criminal groups to spread large amounts of money over numerous accounts on relatively low-risk bets)
to monetise match-fixing (getting as much money on as possible [via mule accounts] to capitalise on the knowledge of known sporting outcomes)
to support pro-gambling (that is, courtsiders providing fast data feeds and the use of mule accounts by savvy gamblers to capitalise on this knowledge).
The following are some red flag indicators for the use of mule betting accounts:
An 85-year-old female opening a new betting account at 3am (placing large or max bets on obscure markets relating to a third-tier South American basketball match). Large deposits and withdrawals are made via online payment providers . This can lead to a possible suspicion that the customer details may have been subject to ID theft.
During a house search, Police identify a carrier bag of approximately 7000 pre-paid payment cards. A dip sample of 200 of the cards identifies all are registered in different people’s names. A review of the transactions identifies all have been used to fund online gambling activity (not known at this stage whether sports betting or another online games/casino). It is suspected that large volume of personal data is likely to have been harvested, via unknown means, for the purpose of opening multiple betting accounts.
Multiple betting accounts in different names identified placing suspicious bets on sporting outcomes. The betting on all accounts are linked to the same device and IP address with all accounts appearing to be related to university students. It is suspected that students’ details may have been used or purchased, in some cases with their knowledge, to facilitate large-scale online betting.
Other ‘red-flag’ indicators that operators should be aware of include (but not limited to):
Whilst the above relates to betting accounts, it is easy to see how some of the above examples could also equally apply to the other remote sectors (casino, bingo). This has been given a high risk rating.
There is evidence in the remote betting sector of insufficient controls in place to identify Politically Exposed Persons (PEPs), which is concerning as they can present (although not always) a higher risk of Money Laundering (ML). A Politically Exposed Person (PEP) generally presents a higher risk for potential involvement in bribery and corruption by virtue of their position and the influence that they may hold. Due to the risks associated with Politically Exposed Persons (PEPs), the Financial Action Task Force (FATF) recommendations require the application of additional Anti Money Laundering (AML)/CTF measures to business relationships with PEPs23. These requirements are preventive (not criminal) in nature and should not be interpreted as meaning that all Politically Exposed Persons (PEPs) are involved in criminal activity. Operators are required to have effective controls in place to manage high risk customers and this should form part of their Money Laundering (ML) and Terrorist Financing (TF) risk assessment. Suggested mitigations in this area include (but are not limited to) operators comparing new and existing customers against Politically Exposed Person (PEP) databases and sanctions lists. Currently there is limited evidence of the risk of Politically Exposed Persons (PEPs) using remote betting facilities to launder funds and has been given a medium risk rating.
19 RUSI: Occasional paper: Play Your Cards Right: Preventing Criminal Abuse of Online Gambling (opens in new tab) (accessed 7th March 2020, updated November 2019). Author: Anton Moiseienko.
20 For a list of high risk third countries see: European Commission: EU policy on high-risk third countries (opens in new tab) (accessed 6th July 2020, updated May 2020).
21Except for low frequency or subscription lotteries, gaming machine technical, gambling software, host, ancillary remote casino and ancillary remote bingo.
22 Duties and responsibilities under the Proceeds of Crime Act 2002 (updated October 2020, accessed December 2020).
23 FATF Guidance: Politically exposed persons (Recommendations 12 and 22)(PDF opens in new tab) (accessed 11th August 2020, updated June 2013).
| Sector | Previous overall risk rating | Current overall risk rating |
|---|---|---|
| Betting (Non-remote) | High | High |
| Off-course | High | High |
| On-course | Medium | Medium |
There has been an increase in the risk levels for some of the inherent risks for the non-remote betting sector. For further information relating to the inherent risks (including vulnerabilities, consequences and controls), see our previous risk assessments:
| Vulnerability | Risk | Previous likelihood of event occurring | Previous impact of event occurring | Current likelihood of event occurring | Current impact of event occurring | Change in risk |
|---|---|---|---|---|---|---|
| Operator Control | Operators failing to comply with prevention of money laundering and terrorist financing legislation and guidance (off-course only) | High | High | High | High | No change |
| Operator Control | Operators failing to comply with prevention of money laundering and terrorist financing legislation and guidance (on-course only) | High | High | Medium | Medium | Decrease | Operator Control | Lack of effective customer interaction resulting in a failure to prevent/detect ML or TF (off course only) | Medium | High | Medium | High | No change | Operator Control | Lack of effective customer interaction resulting in a failure to prevent/detect ML or TF (on course only) | Medium | High | Medium | Medium | Decrease |
| Operator Control | Inadequate/lack of ‘know your customer’ (KYC) checks resulting in criminals laundering criminal proceeds (off course only) | Medium | High | High | High | Increase |
| Operator Control | Inadequate/lack of ‘know your customer’ (KYC) checks resulting in criminals laundering criminal proceeds (on course only) | Medium | High | Medium | Medium | Decrease |
| Licensing & Integrity | Betting operations being acquired by organised crime to launder criminal proceeds (off course only) | Medium | High | Low | High | Decrease |
| Licensing & Integrity | Betting operations being acquired by organised crime to launder criminal proceeds (on course only) | Medium | High | Low | High | Decrease |
| Licensing & Integrity | Betting employees acting in collusion with organised criminals to launder criminal funds (off course only) | Medium | High | Medium | High | No change |
| Licensing and Integrity | Betting employees acting in collusion with organised criminals to launder criminal funds (on course only) | Medium | High | Low | Medium | Decrease |
| Customers | Unverified customers laundering proceeds of crime through betting (off-course only) | High | High | High | High | No change |
| Customers | Unverified customers laundering proceeds of crime through betting (on-course only) | High | High | Medium | Medium | Decrease |
| Customers | Accessibility to multiple premises/operators (off-course only) | High | High | High | High | No change |
| Customers | False or stolen identification documentation used to bypass controls to launder criminal funds (off-course only) | Medium | Medium | Medium | Medium | No change |
| Product | Gaming machines used to launder criminal funds (off course only) | High | High | High | High | No change |
| Product | Self Service Betting Terminals and Ticket-in-Ticket Out Machines used to launder criminal funds (off-course only) | High | High | Medium | High | Decrease |
| Means of Payment | Cash Transactions | High | High | High | High | No change | Means of Payment | Cashless Transactions | Medium | Medium | Medium | Medium | No change |
There have been reported instances that betting shops have noticed dyed notes in gaming machines. It is vital that operators remain vigilant in this area. The Commission has recently issued an industry alert to operators to report this to the relevant local police force (through non-emergency contact options) where they have found dyed notes on their premises. At the same time it is a mandatory requirement that operators submit suspicious activity reports (SARs) to the National Crime Agency (NCA) in all cases where they have knowledge or suspicion of money laundering or terrorist financing where dyed bank notes are detected. This has been given an overall ‘medium’ risk rating.
As discussed earlier in this document, the pandemic has seen an increase in cashless payments. There is the risk of non-remote operators not operating a ‘closed loop’ system i.e., payment to the customer is made on the same card that was used by the customer to deposit funds. This coupled with the increased evidence the Commission is seeing of card fraud or theft means that operators should implement effective policies, procedures and controls involving a ‘closed loop system’. Whilst there is a limit placed on contactless transactions (currently maximum of £45), there is also the risk of ‘smurfing’. This has been given a high risk rating.
There is a risk that Organised Criminal Gangs (OCGs) are using multiple land based betting premises to place bets with funds that have been derived from the proceeds of crime. Operators are reminded to remain vigilant and report any such matters to the police as well as submit suspicious activity reports (SARs) to the UKFIU where there is knowledge or suspicion of Money Laundering (ML) (including criminal spend) or Terrorist Financing (TF). This has been given a medium risk rating.
There is the risk of on-course bookmakers providing gambling facilities that they are not licensed to provide i.e., accepting bets over the phone without having the required ancillary betting licence. Operators are reminded that where the Commission finds evidence of non-licensed activities, we will undertake compliance and enforcement action which might then lead to a review of the licence and possible revocation under s.116 of the Act. This has been given a low risk rating.
The Commission has become aware of instances in this time-period where betting customers have tried to provide large quantities of Scottish notes to place their bets, which have well established Money Laundering (ML) vulnerabilities. Operators must remain vigilant in identification of customers depositing large quantities of Scottish notes, and if suspicious report their concerns to law enforcement and the UKFIU24. This has been given a medium risk rating.
There is the technology available for customers to use their own device (for example, mobile phone) to place bets through non-account based play either in off-course or on-course venues. Recent product innovations include cashless apps that can be used on analogue and digital machines. The advantages for customers include ease of play and convenience, however there are associated risks. These include:
The above risks associated with cashless apps further increase where a customer uses multiple land based premises and there is a lack of customer interaction. The Commission currently understands that licensed betting operators are not providing this facility, therefore our below risk rating must be taken account of should operators choose to offer this facility. Due to cashless payments (along with digital payment methods) increasing in popularity and due to continuing innovation in the industry (as well as the drive towards cashless payment due to COVID-19), this has been given a theoretical high risk rating in relation to the betting sector and will be kept under review through this publication.
24 Large numbers of Scottish notes have been known to be linked to cash seizures in drug investigations.
| Sector | Previous overall risk rating | Current overall risk rating |
|---|---|---|
| Bingo (Remote) | High | High |
The remote bingo and betting sector will be assessed separately for the purposes of this publication as the risks differ for both sectors.
There has been an increase in the risk levels for some of the inherent risks for the remote bingo sector. For further information relating to the inherent risks (including vulnerabilities, consequences and controls), see our previous risk assessments:
| Vulnerability | Risk | Previous likelihood of event occurring | Previous impact of event occurring | Current likelihood of event occurring | Current impact of event occurring | Change in risk |
|---|---|---|---|---|---|---|
| Operator Control | Operators failing to comply with prevention of money laundering and terrorist financing legislation and guidance | High | High | High | High | No change |
| Operator Control | Operators staking and winning directly and indirectly on their own products | Medium | Medium | Low | Medium | Decrease | Licensing and integrity | Gambling operations run by organised criminals to launder criminally derived funds | Medium | High | Low | High | Decrease | Customer | Customer not physically present for identification | Medium | High | High | High | Increase |
| Customer | False or stolen documentation used to bypass controls to launder criminally derived funds | Medium | High | Medium | High | No change |
| Customer | Accessibility to multiple remote accounts | High | High | High | High | No change |
| Means of payment | Cryptoasset transactions | Medium | Medium | Medium | High | Increase |
| Means of payment | Pre-paid cards | Medium | Medium | High | High | Increase |
| Means of payment | E-wallets | N/A (no risk rating provided in previous risk assessment) | N/A (no risk rating provided in previous risk assessment) | Medium | Medium | N/A |
The following additional inherent and new emerging risks all highlight the importance of operators conducting sufficient due diligence checks on customers and have all been given a high risk rating due to potential for significant monies to be laundered online.
There is evidence of instances where customers have used stolen or fraudulently obtained money for gambling with remote bingo operators. Operators need to ensure that they have robust policies and procedures in place to establish source of funds. This has been given a high risk rating.
‘Smurfing’ is a common money laundering method where money launderers break up large amounts of illicit money into smaller transactions to evade suspicion. There is evidence that this has been occurring in the remote bingo sector and has been given a high risk rating due to the potential monies that can be laundered if due diligence checks are not carried out by operators. .
The Commission has become aware of isolated instances where remote bingo operators have had customers that have been on a sanctions list, although the sanctioned individual did not deposit monies. Operators must be vigilant in identifying customers who appear on relevant sanction lists and if breaches have occurred report this to the Commission and the Office of Financial Sanctions Implementation (OFSI). They must prevent financial transactions and report suspicions of Money Laundering (ML) and Terrorist Financing (TF) to the UK Financial Intelligence Unit. This has been rated as low risk .
There is evidence that remote bingo operators are failing to undertake sufficient KYC checks which can result in operators accepting illicit funds. Failure to undertake adequate affordability checks, including knowledge of customers’ occupations and delayed identification checks, i.e. at the point of withdrawing winnings, all contribute towards illicit finance washing through gambling accounts online. This is viewed as a high risk area.
There have been examples in the remote bingo sector of customers’ gambling being funded by third parties which has facilitated money laundering. This highlights the importance of operators having a robust money laundering and terrorist financing risk assessment in place to mitigate such risks. This has been given a medium risk rating.
| Sector | Previous overall risk rating | Current overall risk rating |
|---|---|---|
| Bingo (Non-Remote) | Medium | Medium |
There has been some change in the risk levels for the inherent risks for the non-remote bingo sector. For further information relating to the inherent risks (including vulnerabilities, consequences and controls), see our previous risk assessments:
| Vulnerability | Risk | Previous likelihood of event occurring | Previous impact of event occurring | Current likelihood of event occurring | Current impact of event occurring | Change in risk |
|---|---|---|---|---|---|---|
| Operator Control | Operators failing to comply with prevention of money laundering and terrorist financing legislation and guidance | Medium | Medium | Medium | Medium | No change |
| Operator Control | Removal of membership schemes | Medium | Medium | Low | Medium | Decrease | Operator Control | Lack of or inadequate ‘know your customer’ (KYC) checks conducted resulting in criminals laundering criminal proceeds | Medium | Medium | Medium | Medium | No change | Licensing & Integrity | Gambling operations being acquired by organised crime to launder criminal proceeds | Medium | Medium | Low | Medium | Decrease |
| Licensing & Integrity | Employees colluding with criminals | Medium | Medium | Low | Medium | Decrease |
| Customer | Anonymous customers laundering proceeds of crime through gaming machines | Medium | Medium | Low | Medium | Decrease |
| Means of Payment | Ticket-in-ticket-out (TITO) facilities used to launder funds when used in conjunction with ATR machines | Medium | Medium | Medium | Medium | No change |
| Product | Electronic Betting Terminals (EBTs) including table-top gaming (either traditionally or via EBT content) | Low | Medium | Low | Medium | No change |
| Product | Gaming Machines, Cat B3 | Medium | Medium | Low | Medium | Decrease |
Cash is globally recognised as being attractive for money launderers because of its anonymity, being difficult to trace and it is easily transferrable. The Financial Action Task Force (FATF) recognises that cash is widely used in the criminal economy25. The vulnerability associated with cash transactions include; criminal lifestyle spending, use of Scottish and Irish notes, and fraudulent notes and coins. However, the shift to cashless payment due to COVID-19 mitigates the risks associated with cash payments to a certain extent. This has been given a medium risk rating in relation to the non-remote bingo sector26.
As discussed previously, the use of cashless payments in general has increased in popularity in recent years. This presents a risk where Money Laundering (ML) could be facilitated using fraudulently obtained and stolen cards. Whilst there are controls in place through closed loop systems, this mitigation is wholly reliant on the operator and its employees effective application and there is a monetary cap on each transaction (currently £45).
The associated risks with cashless payment include:
The above risks associated with cashless payments further increase where a customer uses multiple premises and there is a lack of customer interaction. Due to cashless payments increasing in popularity (especially due to COVID-19), this has been given a medium risk rating in relation to the non-remote bingo sector.
25 FATF Report: Money Laundering through the physical transportation of cash’ (PDF opens in new tab) (accessed 27th July 2020, updated October 2015).
26 Licence Condition 5.1.1. of the LCCP (cash handling) places AML obligations on operators around the use of cash and cash equivalents by customers designed to minimise the risk of crimes such as money laundering.
| Sector | Previous overall risk rating | Current overall risk rating |
|---|---|---|
| Adult Gaming Centres | Medium | Medium |
| Family Entertainment Centres (FECs) | Low | Low |
There has been some change in the risk levels for the inherent risks for the arcade sector. For further information relating to the inherent risks (including vulnerabilities, consequences and controls), see our previous risk assessments:
| Vulnerability | Risk | Previous likelihood of event occurring | Previous impact of event occurring | Current likelihood of event occurring | Current impact of event occurring | Change in risk |
|---|---|---|---|---|---|---|
| Operator Control | Operators failing to comply with prevention of money laundering and terrorist financing legislation and guidance | Medium | Medium | Low | Medium | Decrease |
| Licensing & Integrity | Arcade businesses being acquired by organised crime to launder criminal proceeds (AGCs only) | Low | Medium | Low | Medium | No change | Licensing & Integrity | Arcade businesses being acquired by organised crime to launder criminal proceeds (FECs only) | Low | Medium | Low | Low | Decrease | Operator Control | Lack of competency of key personnel and licence holders which can then be exploited by criminals seeking to launder the proceeds of crime (AGCs only) | Low | Medium | Low | Medium | No change |
| Operator Control | Lack of competency of key personnel and licence holders which can then be exploited by criminals seeking to launder the proceeds of crime (FECs only) | Low | Medium | Low | Medium | No change |
| Customer | Anonymous customers laundering proceeds of crime through gaming machines (AGCs only) | Medium | Medium | Medium | Medium | no change |
| Customer | Anonymous customers laundering proceeds of crime through gaming machines (FECs only) | Medium | Medium | Low | Low | Decrease |
| Product | Automated ticket redemption (ATR) machines used to facilitate the laundering of criminally derived funds (AGCs only) | Medium | Low | Low | Medium | Decrease |
| Product | Gaming machines, category B3 being used to launder criminally derived funds (AGCs only) | Medium | Medium | Medium | Medium | No change |
| Product | Privacy booths (AGCs only) | Medium | Medium | Medium | Medium | No change |
| Product | Privacy booths (FECs only) | Medium | Medium | Medium | Low | Decrease |
| Means of Payment | Cash transactions | Medium | Medium | Low | Medium | Decrease |
| Means of Payment | Cashless payments | N/A (no rating provided in previous Risk Assessment) | N/A (no rating provided in previous Risk Assessment) | Medium | Medium | N/A |
| Means of Payment | Ticket-in-ticket-out (TITO) facilities used to launder funds when used in conjunction with ATR machines (AGCs only) | Medium | Medium | Low | Medium | Decrease |
As previously mentioned, there have been reported instances where AGCs have noticed dyed bank notes in gaming machines. As well as the importance of reporting any dyed notes found on premises to the relevant local police force, it is also a mandatory requirement to submit Suspicious Activity Reports (SARs) to the UKFIU in all cases where there is knowledge or suspicion of Money Laundering (ML) and Terrorist Financing (TF) in relation to any dyed bank notes detected. This has been given a medium risk rating.
Recent product innovations in the gambling industry include cashless apps that can be used on analogue and digital machines. The advantages for customers include ease of play and convenience, however there are associated risks. These include:
The risks associated with cashless apps further increase where a customer uses multiple premises and there is a lack of customer interaction. The Commission sees cashless payments (along with digital payment methods) increasing in popularity due to continuing innovation in the industry, as well as the drive towards cashless payment due to COVID-19. This has been given a medium risk rating in relation to the arcade sector.
| Sector | Previous overall risk rating | Current overall risk rating |
|---|---|---|
| Society Lotteries (Remote and Non-Remote) | Low | Low |
| External Lottery Managers (Remote and Non-Remote) | N/A: Not assessed previously | Low |
Society lotteries and The National Lottery are being assessed separately for the purposes of this publication as they are two separate sectors and the risks posed in both differ. External Lottery Managers (ELMs) are being assessed for the first time as part of this risk assessment.
The inherent risk ratings have changed for this assessment. There has been some change in the risk levels for the inherent risks for the arcade sector. For further information relating to the inherent risks (including vulnerabilities, consequences and controls), See our 2019 publication: Money laundering and terrorist financing risk assessment within the British gambling industry: 2019 (PDF).
| Vulnerability | Risk | Previous likelihood of event occurring | Previous impact of event occurring | Current likelihood of event occurring | Current impact of event occurring | Change in risk |
|---|---|---|---|---|---|---|
| Operator Control | Operators failing to comply with prevention of money laundering and terrorist financing legislation and guidance | Low | Low | Medium | Low | Increase |
| Licensing and integrity | Operator being acquired by organised crime to launder criminal funds | Low | Medium | Low | Low | Decrease | Customer | Anonymous customers (non-remote) | Medium | Very Low | Low | Very Low | Decrease | Customer | False and stolen identity documentation | Low | Low | Low | Low | no change |
| Customer | Customer not physically present (remote) | Low | Low | Low | Low | No change |
| Products | Scratch cards/interactive instant win games | Low | Very Low | Low | Very Low | no change |
| Means of Payment | Cash transactions (non-remote only) | Low | Medium | Low | Low | Decrease |
NB: previous overall risk ratings and the section in the table above relating to ‘movement’ are not applicable to ELMs as this is the first time this sector is being assessed separately.
ELMs make arrangement for a lottery on behalf of a society. The potential Money Laundering (ML) and Terrorist Financing (TF) risks are that lottery proceeds might not be passed on by the ELM to the society lottery they are working on behalf of, however some of these risks are partially mitigated as ELMs are required to be licensed by the Commission and by the scrutiny the society will implement for lottery proceeds between itself and the ELM. As there is no widespread evidence of this occurring, this has been given an overall low risk rating with a further update to be provided in the next risk assessment.
| Sector | Previous overall risk rating | Current overall risk rating |
|---|---|---|
| National Lottery | Low | Low |
For this publication, The National Lottery and society lotteries have been assessed separately.
There have been a few changes to the inherent risk ratings this year for the National Lottery For further information relating to the inherent risks (including vulnerabilities, consequences and controls), see our 2019 publication: Money laundering and terrorist financing risk assessment within the British gambling industry: 2019 (PDF).
| Vulnerability | Risk | Previous likelihood of event occurring | Previous impact of event occurring | Current likelihood of event occurring | Current impact of event occurring | Change in risk |
|---|---|---|---|---|---|---|
| Operator Control | Operators failing to comply with prevention of money laundering and terrorist financing legislation and guidance | Low | Low | Low | Low | No change |
| Licensing and integrity | National Lottery acquired by organised crime to launder criminal funds | Low | Medium | Low | Medium | No change | Customer | Anonymous customers (non-remote) | Medium | Medium | Low | Medium | Decrease | Customer | False and stolen identity documentation | Low | Low | Low | Low | no change |
| Customer | Customer not physically present (remote) | Low | Low | Low | Low | no change |
| Products | Scratch cards/interactive instant win games | Low | Very Low | Low | Very Low | no change |
| Means of Payment | Cash transactions | Low | Medium | Low | Low | Decrease |
There is a risk of insufficient KYC checks being carried out on high spending customers which could potentially breach the requirement for Camelot to guard against excessive customer play, however due to limited evidence this has been given a low risk rating.
| Sector | Previous overall risk rating | Current overall risk rating |
|---|---|---|
| Gambling Software (Remote and Non-Remote) | Low | Low |
The gambling software and gaming machine technical sectors have been assessed separately for this document as they are two separate gambling sectors.
For further information relating to the inherent risks (including vulnerabilities, consequences and controls), see 2019 publication: Money laundering and terrorist financing risk assessment within the British gambling industry: 2019 (PDF).
| Vulnerability | Risk | Previous likelihood of event occurring | Previous impact of event occurring | Current likelihood of event occurring | Current impact of event occurring | Change in risk |
|---|---|---|---|---|---|---|
| Operator Control | Operators failing to comply with prevention of money laundering and terrorist financing legislation and guidance | Low | Low | Low | Low | No change |
| Operator Control | Inadequate/lack of due diligence checks on any third party providers (e.g., test houses) | N/A (no risk rating provided in previous risk assessment) | N/A (no risk rating provided in previous risk assessment) | Medium | Low | No change |
There are no emerging or additional inherent risks for this sector.
| Sector | Previous overall risk rating | Current overall risk rating |
|---|---|---|
| Gaming Machine Technical (Remote and Non-Remote) | Low | Low |
As previously explained, the gambling software and gaming machine technical sectors have been assessed separately for this document as they are two separate gambling sectors.
For further information on the inherent risks (including consequences and controls), see our 2019 publication: Money laundering and terrorist financing risk assessment within the British gambling industry: 2019 (PDF).
| Vulnerability | Risk | Previous likelihood of event occurring | Previous impact of event occurring | Current likelihood of event occurring | Current impact of event occurring | Change in risk |
|---|---|---|---|---|---|---|
| Operator Control | Operators failing to comply with prevention of money laundering and terrorist financing legislation and guidance | Low | Low | Low | Low | No change |
| Product | Gaming machines Cat B,C and D, FOBT, SSBT, TITO used to launder the proceeds of crime | Low | Low | Low | Low | No change | Product | TITO enabled gaming machines used to launder funds when used with ATR machine | Low | Low | Low | Low | No change | Means of payment | TITO used in conjunction with ATR machines in casinos, bingo halls and AGCs (machine operator issue, but provides an opportunity for manufacturers and retailers to cooperate to mitigate the risks) | Low | Low | Low | Low | No change |
| Means of payment | Cashless payments | N/A (no risk rating provided in previous risk assessment) | N/A (no risk rating provided in previous risk assessment) | Medium | Low | N/A |
| Operator Control | Inadequate/lack of due diligence checks on any third-party providers (e.g., test houses) | N/A (no risk rating provided in previous risk assessment) | N/A (no risk rating provided in previous risk assessment) | Medium | Low | N/A |
All gaming machine technical licensees are required to comply with the Commission’s Technical Standards27. The purpose of these Standards is to set out in detail the Commission’s requirements with respect to game features, display notices and general machine operation. These have been developed to help ensure the three licensing objectives under the Act are met (which includes ‘keeping crime out of gambling’). The Technical Standards state that gaming machines must have an ID plate permanently attached (which must include the manufacturer’s details) 28. There is evidence that some gaming machines are being supplied without any ID plates attached to them which raises money laundering and terrorist financing concerns as there is no verified information regarding where these machines originated from for example if they have been purchased from the proceeds of crime. This has been given a low risk rating as there is no current widespread evidence of this practice.
27 See Licence Condition 2.3.1. of the LCCP.
28 See paragraph 1.2 ‘Machine identification’ of the Technical Standards.
| Sector | Previous overall risk rating | Current overall risk rating |
|---|---|---|
| Terrorist financing | Medium | Low |
This year’s risk assessment builds upon the previous one relating to the current terrorist financing vulnerabilities the gambling industry faces.
There is a change in the overall risk rating relating to terrorist financing in Great Britain’s gambling industry. This is due to evidence the Commission is aware of to support the change in risk levels (including HM Treasury’s National Risk Assessment which was published in December 2020).
For further information on the inherent risks (including consequences and controls), see our 2019 publication: Money laundering and terrorist financing risk assessment within the British gambling industry: 2019 (PDF).
| Vulnerability | Risk | Sector | Previous likelihood of event occurring | Previous impact of event occurring | Current likelihood of event occurring | Current impact of event occurring | Change in risk |
|---|---|---|---|---|---|---|---|
| Operator Control | Operators failing to understand or take consideration of terrorist financing vulnerabilities and applicable legislation | All | Low | High | Low | Medium | Decrease |
The risk levels and typologies relating to terrorist financing differ in comparison to Money Laundering (ML). For this reason, even though some of the below risks (such as pre-paid cards and cryptoasset transactions) are high for ML purposes, they have been rated lower in relation to Terrorist Financing (TF).
As discussed previously, criminals and terrorists have changed the way they operate to take advantage of the vulnerabilities that have emerged as a result of COVID-19. The current situation has seen an increase in the use of pre-paid cards, mule accounts and cryptoassets being used for ML purposes. For further information, see the Commission’s website. However, these risks can be transferrable in relation to TF and the United Nations has warned that terrorist groups may see opportunities for increased TF activity while government attention is focused on COVID-1929. However, the known risks within the UK for gambling and TF remains low as demonstrated within HM Treasury current National Risk Assessment.
It is well known that terrorist financers use mechanisms such as bulk cash smuggling to move money 30. Even though the pandemic has seen a restriction in cash movements, it is still vital that gambling businesses remain curious and be alert to large cash transactions. This has been rated low risk currently.
It has been recognised that terrorist financers have used different channels to move funds and assets including using money service businesses (MSBs). 31. However, due to current limited evidence levels for this typology in gambling this has been given a low risk rating.
‘Smurfing’ (using pre-paid cards) has been known to be used to fund terrorist activities. Here OCGs and those supporting terrorism can employ people (‘smurfs’) to purchase pre-paid cards which are then loaded with illicit money. Such money can then be legalised through transfer to a bank account. The ‘smurfs’ are careful to deal with amounts below the legal monetary thresholds. This money can then be used to fund terrorism and other legitimate activities, for example gambling. Due to current limited evidence levels this has been given an overall low risk rating.
Illicit funds can be transferred (either willingly or unwillingly), through a third party’s bank account (known as a ‘money mule’) to break the audit trail of transactions. This can be used as a primary method of laundering criminal proceeds. As previously discussed, the pandemic has seen an increase in mule account activity with criminals seeking to recruit money mules through social media to launder cash from human trafficking, terrorist financing or drug dealing. The Commission has become aware of instances where money from mule accounts have been used for gambling purposes. Whilst this has been given a high risk rating in relation to ML (where criminals have then laundered money through gambling activities), there is limited current evidence that mule account gambling activities have been used for TF purposes. Therefore, this has been given a low risk rating.
There is evidence that some terrorist groups use cryptoassets for funding purposes32. This digital currency is likely to be used due to lack of options for cashing out funds in or near conflict locations and the anonymity this product provides for individuals or groups33. Before the pandemic, there were reports of terrorist groups increasingly using cryptoassets for funding purposes. The pandemic has also reported increases in the use of cryptoasset transactions in South Asia to fund terrorist-related activity. Whilst there is currently limited evidence that the use of cryptoassets for terrorist financing purposes in the UK is widespread, gambling businesses are reminded not to be complacent in fulfilling their legal duties to report suspicion or knowledge of terrorist financing to the UKFIU under the Terrorism Act 2000 (opens in new tab).
The abuse of charities for terrorist financing is a well-known methodology and can occur in the following ways34:
Lotteries are frequently associated with charities and may share board structures, aims and employees. They therefore need to ensure that they have strong governance arrangements, financial controls and risk management policies and procedures in place that fit their needs, and will better safeguard them against a range of potential abuse, including the financing of terrorism. Trustees must also consider and manage risks to the lotteries (whether operational, financial, or reputational) ensuring they exercise proper control over financial affairs and keeping accurate records. Trustees must also ensure they and their charity comply with the law, including counter-terrorist financing law. Due to current evidence levels in this area for gambling, it has been given an overall low risk rating.
All of the above risk areas relating to terrorist financing highlights the importance of operators ensuring they conduct sufficient KYC checks along with Suspicious Activity Reports (SARs) submissions where there is knowledge or suspicion of terrorist financing and submitting Defence Against Terrorist Financing SARs (DATF) if operators suspect they have received, kept or transferred monetary sums associated with terrorism.
There is a growing threat of right-wing extremism in the UK.35 It has been reported that out of the six terror plots foiled by the UK intelligence agencies in 2019, half involved those on the far-right wing of extremism. It has been reported that far-right extremists are building international funding networks including funding from high risk geographical areas, which makes it even more vital for gambling businesses to ensure that they conduct sufficient checks on the origin of customer funds upon deposit and withdrawal and identify their customers.
International terrorism remains a dominant threat in the UK. However, there is limited current evidence that funding is entering the UK from hostile locations for attack planning.
Both of the above risk areas (right wing and international terrorism) have been given a low risk rating in relation to their impact on the gambling industry due to evidence levels.
Some potential ‘red flag’ indicators that operators should be alert to, based on evidence reviewed regarding the risk of TF are:
29 United Nation’s Secretary-General: Secretary-General’s remarks to the Security Council on the Covid-19 Pandemic(opens in new tab) (accessed 5th July 2020, updated 9th April 2020).
30 Money Laundering and Terrorist Financing Awareness handbook for Tax Examiners and Tax Auditors (PDF opens in new tab) OECD (2019).
31 FATF Report: Terrorist Financing Risk Assessment Guidance July 2019 (PDF opens in new tab)(accessed 5th July 2020, updated July 2019).
32 FATF: Financing of Recruitment for Terrorist Financing Purposes (opens in new tab)(updated January 2018, accessed March 2nd, 2020).
33 Tom Keatinge, David Carlisle, Florence Keen: Virtual currencies and terrorist financing: assessing the risks and evaluating responses (PDF opens in new tab) (updated June 4th 2018, accessed March 2nd, 2020).
34 The Charity Commission for Northern Ireland: ‘Controlling against terrorist financing and money laundering (opens in new tab)(accessed 27th April 2020, updated 2014).
35 GOV.UK: Factsheet: right-wing terrorism (opens in new tab)(accessed 5th July 2020, updated 20th September 2019).
As per our last published risk assessment, the methodology we have adopted to analyse the risks in the gambling industry remains the same. The methodology uses an approach that can be represented as likelihood X impact = risk rating. See our 2019 publication: Money laundering and terrorist financing risk assessment within the British gambling industry: 2019 (PDF) for further information about our methodology.
As part your commitment to anti-money laundering and the prevention of terrorist financing, you need to refer to 2018 (PDF) (opens in new tab) and 2019 (PDF) (opens in new tab) editions of the Money laundering and terrorist financing risk assessment.