With this document you can:

This box is not visible in the printed version.

The money laundering and terrorist financing risks within the British gambling industry

Our money laundering and terrorist financing risk assessment: 2020

Published: 18 December 2020

Last updated: 16 August 2021

This version was printed or saved on: 21 September 2021

Online version: https://www.gamblingcommission.gov.uk/guidance/The-money-laundering-and-terrorist-financing-risks-within-the-British-gambling-industry

Executive Summary

The Gambling Commission’s (the Commission) Money Laundering (ML) and Terrorist Financing (TF) risk assessment 2020 highlights the key risks associated with each of the sectors within licensed land-based and remote activity in Great Britain’s gambling industry. This assessment builds on the previous risk assessment (PDF opens in new tab) (including the Money Laundering (ML) and Terrorist Financing (TF) risks associated with COVID-19) and fulfils the Commission’s requirement under Regulation 17 (1) of the Money Laundering (ML), Terrorist Financing (TF) and Transfer of Funds (Information on the Payer) 2017 (the Regulations).

The purpose of this risk assessment is to:

  1. act as a resource for the industry in informing their own Money Laundering (ML) and Terrorist Financing (TF) risk assessments
  2. to provide the Commission’s support to HM Treasury’s National Risk Assessment and the rating of low risk in the context of the wider regulated financial sector and advise HM Government on risks in the industry
  3. inform and prioritise our licensing, compliance, and enforcement activity to raise standards in the industry and meet our duties under Regulation 46 (2)(c).

The Commission has considered a wealth of information and intelligence when assessing the key threats identified within the British gambling industry and providing revised risk ratings in this publication. In consultation with in-house and external subject matter experts, this assessment has been developed with input from a wide range of sector and industry specialists. This includes law enforcement, such as the National Crime Agency (NCA), and considered approaches taken by other AML (Anti Money Laundering) supervisory authorities, such as the Financial Conduct Authority (FCA) and HM Revenue and Customs (HMRC). We have also analysed information from various other sources to inform our understanding of risks such as:

  1. The EU Supranational Risk Assessment on Money Laundering and Terrorist Financing (SNRA) (PDF opens in new tab)
  2. HM Treasury’s National Risk Assessment (NRA) of Money Laundering and Terrorist Financing 2020 (opens in a new tab)
  3. Financial Action Task Force (FATF's) recommendations (opens in new tab) (the global standard setter on combating Money Laundering and Terrorist Financing)
  4. FATF's Terrorist Financing (TF) Risk Assessment Guidance July 2019 (PDF) (opens in new tab)
  5. The Home Office July 2019 Asset Recovery Action Plan (opens in new tab)
  6. FATF’s Mutual Evaluation Report (MER) (opens in new tab) of the UK’s AML and CTF framework
  7. The UK government’s Economic Crime Plan 2019 (opens in new tab)
  8. The Anti-Corruption Strategy 2017 (opens in new tab)
  9. The Serious and Organised Crime Strategy 2018 (opens in new tab)
  10. The UK’s Anti-Money Laundering and Counter-Terrorist Financing Action Plan 2016 (opens in new tab).

The reporting period this assessment is based on is from 1st November 2018 to 31st May 2020. The methodology used to assess the risks in Great Britain’s gambling industry remains the same as for the previous year’s risk assessment. For more detail on the methodology and terminology used, please refer to the methodology section of this report.

In summary, the risk ratings for each gambling sector are as follows and range from high risk to low risk. The gambling sector, however, in HM Treasury’s National Risk Assessment is rated as low, and it is important to understand why this is the rating allocated. The National Risk Assessment captures the risk of Money Laundering (ML) and Terrorist Financing (TF) occurring across all regulated financial sectors and Designated Non-Financial Businesses and Professionals (DNFBPs), which includes:

When gambling is put into the wider financial context of being vulnerable to money laundering and terrorist financing in comparison to other regulated sectors, the risk is lower; thereby explaining HM Treasury’s rationale for rating gambling as low risk for Money Laundering (ML) and Terrorist Financing (TF). However, the Commission in this risk assessment compares individual gambling sub-sector risks of being vulnerable to money laundering and terrorist financing and rates them appropriately in comparison to each other. Whilst some of the ratings have changed in individual sub-sector risk areas, the overall risk ratings for each gambling sector have not changed since the previous risk assessment (with the exception of the overall risk of terrorist financing to Great Britain’s gambling industry which has decreased from medium to low risk).

The following gambling sectors are being assessed separately (compared to previous risk assessments) as they are separate and distinct sectors with differing risk areas and levels:

  1. Remote Betting
  2. Remote Bingo
  3. The National Lottery (Remote and Non-Remote)
  4. Society Lotteries and External Lottery Managers (Remote and Non-Remote)
  5. Gambling Software (Remote and Non-Remote)
  6. Gaming Machine Technical (Remote and Non-Remote).

External Lottery Managers are being assessed for the first time.

Table actions:
Sector Previous overall risk rating
Remote (casino, betting, and bingo) High
Casino (Non-Remote) High
Betting (Non-Remote, off-course) High
Betting (Non-Remote, on-course) Medium
Bingo (Non-Remote) Medium
Adult Gaming Centres Medium
Family Entertainment Centres (FECs) Low
Society Lotteries and External lottery Managers (Remote and Non-Remote) Low
The National Lottery (Remote and Non-Remote) Low
Gambling Software (Remote and Non Remote) Low
Gaming Machine Technical (Remote and Non-Remote) Low
Sector Current overall risk rating
Terrorist financing Low

The assessment of the terrorist financing risk is partially based on information from HM Treasury’s National Risk Assessment, which has assessed this area as low risk for gambling. The Commission has also collaborated closely with external stakeholders when arriving at its risk rating, such as the UK’s counter terrorism teams, to help us understand the terrorist financing typologies and vulnerabilities that are applicable to the gambling industry.

This assessment recognises that there are many risks and typologies or vulnerabilities in the gambling industry related to Money Laundering (ML) or Terrorist Financing (TF). The gambling industry is fast paced and is constantly evolving with new innovative products to cater for customer needs. However, with any changes, these can bring new methods for criminals to launder illicit funds which the gambling industry needs to be alert to.

This document is intended to act as a valuable resource for the industry in informing their own Money Laundering (ML) and Terrorist Financing (TF) risk assessments, and must be taken into account when doing so, as required under Licence Condition 12 of the Licence Conditions and Codes of Practice (LCCP).1

It is mandatory for gambling operators from all gambling sectors to comply with the licensing objective, keeping crime and its proceeds out of gambling as set out in the Gambling Act 2005 (the Act) (opens in a new tab) and the Commission’s LCCP. Furthermore, all gambling operators have legal duties under the Proceeds of Crime Act 2002 (POCA) and the Terrorism Act 2000 (TACT) (opens in a new tab) to mitigate financial crime. Casinos (both land-based and remote) have an enhanced set of legal responsibilities, as they must comply with the Regulations2 for casino gaming, gaming machines and money service business activities offered. However, it is imperative for all gambling operators (regardless of gambling sector) to ensure they have effective risk assessments identifying Money Laundering (ML) and Terrorist Financing (TF) risks, along with robust policies, procedures and controls in place to prevent Money Laundering (ML)/Terrorist Financing (TF) and continue to raise standards in that regard.

Introduction

Regulation 17 places an obligation on supervisory authorities to carry out a risk assessment of their supervised sector. The Commission is the supervisory authority for casinos and this obligation is met by this risk assessment. The Commission will also continue to use this risk assessment to inform HM Government of the level of risk of Money Laundering (ML) and Terrorist Financing (TF) within the entire gambling industry in Britain.

The Government acknowledges that a variety of factors can cause vulnerabilities and risks attributed to a particular gambling sector to become higher or lower risk over time. Consequently, where a gambling sector can no longer be deemed low risk (including where the sector fails to effectively manage the Money Laundering (ML) and Terrorist Financing (TF) risks within that sector), then it will likely lead to their inclusion within the provisions of the Regulations, subjecting that sector to its requirements.

A risk assessment is extensively recognised as the key requirement to understanding the Money Laundering (ML) and Terrorist Financing (TF) risks that a business is exposed to. This is done through the identification, assessment, management and where possible, the mitigation to control and, or as well as, prevent ML and TF. By knowing and understanding the risks to which the gambling industry is exposed, HM Government, law enforcement, the Commission and operators can work together to ensure that gambling in Britain is a hostile place for money launderers and terrorist financers seeking to exploit it.

In June 2019 we published our previous Money Laundering (ML) and Terrorist Financing Risk Assessment (TF). The money laundering vulnerabilities in the previous assessment were evidence-based and achieved through analysis of a variety of information sources. Each assessment builds upon the previous one. It its therefore recommended that this year’s assessment should be read in conjunction with the previous risk assessment: Money laundering and terrorist financing risk assessment within the British gambling industry: 2019 (PDF) as the previous publications provide further information on the inherent risks within Great Britain’s gambling industry by sector.

This report is set out by firstly reviewing existing inherent and emerging risks, which the previous risk assessment highlighted. Then the report assesses any additionally applicable inherent and new emerging risks.

Each of the risks have been reassessed using internal and external information sources such as enforcement, licensing and intelligence case work, compliance assessment analysis, HM Treasury’s National Risk Assessment, FATF recommendations, combined with qualified professional judgement by the Commission’s AML/CTF experts.

The threat of money laundering and terrorist financing in the gambling industry

The risk of Money Laundering (ML) and Terrorist Financing (TF) threatens the United Kingdom’s (UK) national security, the economy and international standing. Such risks can have a detrimental impact on society, can damage communities and undermines the integrity of both public and private sector organisations. The Money Laundering (ML) and Terrorist Financing (TF) threats that the gambling industry faces are diverse, complex and are rapidly evolving.

Serious and organised crime has been estimated to cost the UK tens of billions of pounds every year. That is why we must continue to crack down on illicit crime and ‘dirty’ money seeking to exploit the British gambling sector.

Money launderers and terrorist financers use similar methods to store, move and obtain funds, although their motives differ. Depriving terrorist groups of funds is an essential aspect of preventing these groups from recruiting and committing terrorist acts. There are various reasons as to why criminals or organised crime groups may engage in Money Laundering (ML) such as:

If left unimpeded, this may result in:

  • significant potential for Money Laundering (ML) and Terrorist Financing (TF) exploitation
  • significant potential for criminal exploitation and detriment to society
  • a major threat to the business environment and wider industry
  • potential for serious breaches that can lead to significant penalties, fines or sanctions which will need punitive outcomes
  • cost to implement AML (Anti Money Laundering) and CTF controls anticipated to be a significant percentage of an operator's budget
  • international concern, resulting in governmental inquiry or sustained adverse national and international media
  • critical failure of gambling operations and businesses i.e. the survival of the operator is under imminent or severe threat, ultimately harming consumers and, or as well as, negatively impacting the gambling industry.

Regulatory Framework

The Gambling Act 2005 (‘the Act’) and the National Lottery Act 1993

Section 1(a) of the Act (opens in a new tab) places responsibility on all gambling operators to prevent gambling from being a source of, being associated with crime or disorder, or being used to support crime.

The Commission also regulates the National Lottery under the National Lottery Act 1993 (opens in a new tab) which requires that the National Lottery is (including every lottery that forms part of it) run with all due propriety, and the interests of every participant in a lottery that forms part of the National Lottery are protected.

The Proceeds of Crime Act 2002 (POCA)

The Proceeds of Crime Act 2002 (POCA) places a further obligation on all gambling operators to be alerted to attempts by customers to gamble with or launder money acquired unlawfully and to report such activity to the appropriate authorities. This applies to all forms of money laundering including, for example, ‘washing’ criminal money, attempting to disguise the criminal source of the funds, or simply using criminal proceeds to fund gambling. It applies to all persons, including gambling operators and their staff, and includes specific obligations to report suspected money laundering to the United Kingdom’s Financial Intelligence Unit (UKFIU).

The Terrorism Act 2000 (TACT)

The Terrorism Act 2000 (TACT) (opens in a new tab) establishes several offences concerned with engaging in or facilitating terrorism, as well as raising or possessing funds for terrorist purposes. It applies to all persons, including gambling operators and their staff, and includes specific obligations to report suspected terrorist financing to the United Kingdom’s Financial Intelligence Unit (UKFIU).

The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (the Regulations)

The Regulations (PDF) (opens in a new tab) came into effect on 26 June 2017 (which replaced the Money Laundering Regulations 2007).

The Regulations require remote and non-remote casinos to, for example:

As part of the regulated sector, casinos licensed by the Commission are placed under an enhanced set of legal duties as set out under the Regulations (PDF)(opens in a new tab). The Regulations were amended on 10th January 2020 because of the implementation of the 5th Money Laundering Directive into UK law, through the updated Money Laundering Regulation’s Statutory Instrument (opens in a new tab). For further information on casino businesses’ legal duties, please refer to our comprehensive casino guidance. Casino businesses are also reminded that they should have already reviewed and accordingly amended their Money Laundering (ML) and Terrorist Financing (TF) risk assessments as well as the associated policies, procedures, and controls because of the 5th Money Laundering Directive’s implementation.

The Gambling Commission’s Licence Conditions and Codes of Practice (LCCP)

The risk of crime affects all gambling operators, including those not specified in the Regulations, and they too are required to have regard to Proceeds of Crime Act (POCA) and The Terrorism Act 2000 (TACT), and adopt a risk-based approach consistent with the Commission’s Licence Conditions and Codes of Practice (LCCP), guidance and advice.

Licence condition 12.1.1 requires all operating licensees (except for gaming machine technical and gambling software licensees) to assess the risks of their businesses being used for Money Laundering (ML) and Terrorist Financing (TF). Licensees must also ensure they have appropriate policies, procedures, and controls to prevent Money Laundering (ML) and Terrorist Financing (TF), taken into account in their risk assessment. They must ensure that such policies, procedures, and controls are implemented effectively, kept under review, revised appropriately to ensure that they remain effective, and consider any applicable learning or guidelines published by the Commission.

Financial Action Task Force (FATF)

The Commission continues to base its framework for this and previous assessments upon the Financial Action Task Force (FATF)’s risk assessment methodology. The Financial Action Task Force (FATF) published its Mutual Evaluation Report (opens in a new tab) (MER) of the UK’s Anti Money Laundering (AML) and CTF framework, which is evaluated every ten years. Their report, which assessed technical compliance with Financial Action Task Force (FATF) standards (the 40 Recommendations) and effectiveness of a country’s Anti Money Laundering (AML)/CTF regime (the 11 Immediate Outcomes) rated the Commission positively and identified us as displaying “…a very strong understanding of risks both at a sector and firm-specific level.”

The Sanctions and Anti-Money Laundering Act 2018

At the end of the EU Exit transition period, sanctions will continue to be implemented through the new powers as set out in the Sanctions and Anti-Money Laundering Act 2018 (opens in a new tab) (SAMLA). This will be used to fulfil our international obligations under the UN and impose further sanctions domestically. Sanctions and Anti-Money Laundering Act (SAMLA) provides the power for the UK to impose sanctions, including against a person involved in gross human rights abuses or anti-corruption violations.

Risk based approach

A risk-based approach focuses effort where it is most needed and will have the most impact. It requires the full commitment and support of senior management and the active co-operation all employees.

A risk-based approach involves several steps to assess the most proportionate way to manage and mitigate the risks faced by an operator:

  1. identifying the Money Laundering (ML) and Terrorist Financing (TF) risks relevant to the operator
  2. designing and implementing policies, procedures, and controls to manage and mitigate the risks
  3. monitoring and improving the effective operation of these controls
  4. recording what has been done and why.

For further information regarding the steps gambling operators should take in applying a risk based approach, please see our guidance for casino operators and other operators.

COVID-19

The Commission has been issuing regular industry alerts in order to inform and educate the gambling industry regarding the emerging risks we have come across due to the current COVID-19 pandemic (including steps businesses should take to mitigate these risks). Please see our website for further information.

Casino (Remote)

Table actions:

Sector rating

Sector Previous overall risk rating Current overall risk rating
Remote Casino High High

Inherent risks

There has been an increase in the risk levels for the inherent risks for the remote casino sector. For further information relating to the inherent risks, including vulnerabilities, consequences and controls, see our previous risk assessments:

Vulnerability Risk Previous likelihood of event occurring Previous impact of event occurring Current likelihood of event occurring Current impact of event occurring Change in risk
Operator Control Operators failing to comply with prevention of money laundering and terrorist financing legislation and guidance High High High High No change
Licensing and integrity Gambling operations run by organised criminals to launder funds Medium High Low High Decrease
Licensing and integrity White label providers High High High High No change
Customer Customer not physically present for identification purposes High High High High No change
Customer False or stolen identity documentation used to bypass controls to facilitate the laundering of criminal funds Medium High High High Increase
Customer Accessibility to multiple remote casinos High High High High No change
Customer Customers from high risk jurisdictions using casino facilities to launder criminal funds Low Very High Medium High No change
Customer Customers who appear on sanctions lists laundering criminal funds Low Very High Low High Decrease
Customer International politically exposed persons (PEPs) using casinos to launder illicit or criminal funds Medium Very High Medium High Decrease
Customer Domestic PEPs using casinos to clean criminal funds identification & verification Medium Medium Low Medium Decrease
Customer Customers making numerous low-level transactions to minimise suspicion and evade CDD requirements at the threshold (smurfing) High High High High No change
Customer Use of third parties or agents to obscure the source or ownership of money gambled by customers & their identities High High High High No change
Means of payment Pre-paid cards Medium Medium High High Increase
Means of payment E-wallets Medium Medium Medium Medium No change
Means of payment Cryptoasset transactions Medium Medium Medium High Increase
Product Peer to Peer gaming (poker)-B2B and B2C High High High High No change

All of the following areas have been given a high risk rating which signifies the importance of operators carrying out robust due diligence checks on customers.

Additional inherent risks

Organised crime gangs (OCGs)

There is a significant risk of OCGs infiltrating remote casino businesses using ‘mule accounts’ (for example). This has been rated high risk.

Mule accounts

Illicit funds can be transferred (either willingly or unwillingly), through a third party’s bank account (known as a ‘money mule’) to break the audit trail of transactions. This can be used as a primary method of laundering criminal proceeds. There is evidence that mule accounts have been used for gambling purposes with mainly vulnerable individuals or university students being targeted. There is evidence that OCGs are using this method, with links to drug and people trafficking, to move large amounts of illicit proceeds through a dispersed network of accounts to ensure financial threshold triggers are not alerted.

The decrease of international students residing in the UK (due to COVID-19) may have led to reductions in activity through those types of mule accounts, however UK resident 3 students remain vulnerable. There is the risk that OCGs may coerce vulnerable individuals into becoming money mules, as has been observed in the US. This has been given a high risk rating due to both the likelihood and impact of it occurring within gambling and the high collateral impact upon victims. Linked to this risk area, please see the Betting (remote) section for further information regarding ‘mule betting accounts'.

High monetary thresholds

Through compliance and enforcement work the Commission carries out, we have seen numerous instances of operators imposing high financial triggers which need to be met before any customer interaction takes place. For example, one remote casino operator had a £3,500 ‘customer trigger’ before any CDD checks would take place. Having high arbitrary financial thresholds in place before CDD or EDD (if required) checks are carried out, means that casino operators are failing to consider any Money Laundering (ML) and Terrorist Financing (TF) risks below these levels. These arbitrary thresholds will not allow the operator to consider any unusual patterns of transactions below these high thresholds (which requires increased monitoring of the business relationship) to determine whether the transaction or business relationship appears to be suspicious. 4

‘High value’ customer schemes

There is evidence to suggest that membership schemes provide incentives to high spending customers such as free holidays, bets, cashback, and prizes. Evidence suggests that ‘VIP’ or high value customers are more likely to be problem gamblers. Some 2.3% of the country’s online 47,000 VIPs are estimated to be problem gamblers 5. From a Money Laundering (ML), Terrorist Financing (TF), and problem gambling perspective this raises significant concerns regarding how adequately CDD or KYC checks are conducted by gambling businesses. Operators are repeatedly failing to understand that problem gambling may be interlinked with Money Laundering (ML) and Terrorist Financing (TF) risks in that if sufficient CDD/EDD 6 checks or KYC checks 7 are not undertaken, this is a breach of the Regulations 8, the LCCP and Commission guidance.9 Problem gambling risk indicators include, but are not limited to:

  1. chasing losses
  2. reluctance to provide their occupation
  3. spend that is inconsistent with the customer’s apparent legitimate income.

This is not the exhaustive list and casino operators need to satisfy themselves that they have asked the necessary questions when deciding whether to establish customer relationship, maintaining the relationship or if deciding to terminate the relationship. Further information on operators legal duties can be found in our comprehensive guidance for casino and all other operators.

Potential mitigations that operators can implement in this area include setting deposit limits along with a clear risk assessment of this area and effective policies, procedures and controls in place for high value customers (to include mandating regular, meaningful customer interaction with all high value customers).

The Commission has undertaken a consultation on high value customers, and released guidance to operators on high value customers in September 2020, setting out areas that gambling businesses must comply with to reduce harm and mitigate risks.

The Commission holds significant evidence of cases where problem gamblers have stolen monies to fund gambling activities (along with cases where those in positions of trust and high risk professions have fraudulently obtained money from employers or vulnerable victims for gambling purposes due to problems with gambling). Customers may also undertake non-traditional types of crimes such as ‘lonely heart’ scams to use money derived from this to gamble. These type of gambling typologies are increasing which makes it vital that operators undertake the necessary checks to establish a customer’s source of funds and affordability levels to gamble.

Social responsibility code provision 3.4.1 of the LCCP sets out requirements for effective policies and procedures for customer interaction and indicators of problem gaming (including VIP or high-value customers). The Commission’s Customer interaction – guidance for remote gambling operators Guidance note (PDF) (opens in a new tab) also clearly sets out our expectations in this area.10

The Commission takes any breaches of social responsibility and Anti Money Laundering (AML)/CTF provisions seriously. This is evidenced by our recent targeted investigation into online casinos where we have conducted licence reviews under s.116 of the Act and imposed regulatory settlements where we have seen evidence of non-compliance11. As part of our remote casino compliance and enforcement work, we have also reviewed 22 Personal Management Licences. This has been given an overall ‘high’ risk rating due to high customer spending levels and high levels of human collateral impact. The risk in this area also apply to all customer contact operators (casino, betting, bingo, arcade).

Failure to implement a ‘closed loop’ system

Where operators do not have a ‘closed loop’ system in place, there is a significant risk of criminals being able to exploit the use of fraudulent or stolen debit cards across multiple premises of the same operator with monies derived from the proceeds of crime. It is strongly recommended that payments are made to the same customer card to mitigate this risk. This has been given a high risk rating.

Emerging risks

Payment providers

Operators are reminded not to rely on payment providers to conduct KYC checks. Further information on this risk can be found on the Commission’s website.

High-stakes gambling/Feature buy-in slots

These are online slot games which allow players to stake significant amounts of money to access a bonus feature without playing the initial stages of the game. There is significant concern about this bonus feature as it appears to encourage higher stake gambling with reports that players can stake £1000+ at a time to directly access bonus features. There was evidence that one game was charging more than £3,000 to enter the bonus feature. As well as appearing to be potential breaches of the Remote Technical Standards (RTS) 12, it also raises concerns regarding how customer due diligence (CDD) checks (or if needed, EDD checks) are carried out to ensure compliance with the Regulations if customers are permitted to play for high stakes in short periods of time as online games are instantaneous and can encourage fast, addictive play. All high-stakes gambling is susceptible to abuse because it is common for players to gamble with large volumes of cash, the source and ultimate ownership of which may not be readily discernible.

The Commission regularly issues industry alerts so that operators are aware of the standards expected of them in relation to gambling law 13. The Commission has actively pursued these operators so that these features are removed, and they subsequently have been. This area has been given a ‘high’ risk rating due to the significant Money Laundering (ML) and Terrorist Financing (TF) risks due to the high spending potential.

Casino (Non-Remote)

Table actions:
Sector Previous overall risk rating Current overall risk rating
Casino (Non-Remote) High High

Existing inherent risk rating

There has been an increase in the risk levels for some of the inherent risks for the non-remote casino sector. For further information relating to the inherent risks, including vulnerabilities, consequences and controls, see our previous risk assessments:

Vulnerability Risk Previous likelihood of event occurring Previous impact of event occurring Current likelihood of event occurring Current impact of event occurring Change in risk
Operator Control Operators failing to comply with prevention of money laundering and terrorist financing legislation and guidance High High High High No change
Operator Control Undermining of the Money Laundering Reporting Officer (MLRO) role which can intentionally/unintentionally lead to exploitation by money launderers High High High High No change
Operator Control Lack of competency of key personnel and licence holders which can then be exploited by criminals seeking to launder the proceeds of crime Low High High High Increase
Operator Control Lack of adequate and relevant due diligence checks conducted resulting in criminals laundering money Medium High High High Increase
Licensing & Integrity Gambling operations being acquired by organised crime to launder criminal proceeds Medium High Medium High No change
Licensing & Integrity Ultimate Beneficial Ownership Medium High Medium High No change
Licensing & Integrity Employees colluding with criminals Medium High High High Increase
Licensing & Integrity Individuals with known criminal records/or suspected criminal activities High High High High No change
Customer Customer from high-risk jurisdictions using casino facilities to launder money Medium Very High Medium High Decrease
Customer Customers appearing on international sanctions list laundering corrupt or criminal funds Medium Very High Low High Decrease
Customer International politically exposed persons (PEPs) using casinos to clean criminal funds High Very High Medium High Decrease
Customer Domestic PEPs using casinos to clean criminal funds Medium Medium Low Medium Decrease
Customer False/fraudulently obtained or stolen ID docs used to bypass controls Medium High Medium High No change
Customer Customers breaking up large amounts of cash into small transactions to minimise suspicion and evade CDD requirements at the threshold (‘smurfing’) High High Medium High Decrease
Customer Use of third parties or agents to obscure the source or ownership of money gambled by customers & their identities High High Medium High Decrease
Means of Payment Cash Transactions High High High High No change
Means of Payment Casinos acting as money service businesses (MSBs) High High High High No change
Means of Payment TITO enabled gaming machines used to launder funds when used with ATR machine High High Medium High Decrease
Product Electronic roulette - when used with TITO & ATRs High High Medium High Decrease
Product Gaming Machines (all) High High High High No change
Product Peer to peer gaming (poker) B2C High High High High No change

Additional inherent risks

Cashless payments

The use of cashless payments in general has increased in popularity in recent years. This presents a risk where Money Laundering (ML) or Terrorist Financing (TF) could be facilitated using fraudulently obtained and stolen cards. Whilst there are controls in place through closed loop systems, this mitigation is wholly reliant on the operator and its employees’ effective application and there is a monetary cap on each transaction, currently £45.

The associated risks with cashless payment include:

  1. operators failing to undertake KYC checks on customers
  2. transactions not being monitored in real time, and
  3. ‘smurfing’: a common Money Laundering (ML) method where a customer will make numerous low level transactions to avoid suspicion.

These risks associated with cashless payments further increase where a customer uses multiple premises and there is a lack of customer interaction. However due to cashless payments increasing in popularity, especially due to COVID-19, this has been given a high risk rating in relation to the casino sector.

Emerging risks

Cryptoasset payments

The Commission has become aware of instances of non-remote casinos accepting cryptoassets as a form of customer payment. Operators are reminded that their Money Laundering (ML) and Terrorist Financing (TF) risk assessment must be reviewed if certain circumstances change, including new methods of payment by customers14. This has been rated medium risk as there is no widespread evidence of this specific risk area. For further information on this risk area, see our information on digital technologies and anti-money laundering.

Bank drafts

Bank drafts are being viewed as the latest Money Laundering (ML) method for criminals. These are guaranteed cheques issued by a bank and are being used as a form of customer payment by some remote casino operators. Cash payments have typically been favoured by criminals for money laundering purposes. This may be because criminal activities generate cash profits or because cash is used as an instrument to disguise the criminal origin of profits as the benefits of this method include lack of traceability.

There is a risk that there could be a shift from cash payments to bank drafts as a form of payment due to the following reasons:

  1. they are an inconspicuous payment method compared to carrying bulk cash in non-remote casinos

  2. cash payments are viewed less favourably by criminals due to increased media and government intervention.

Other countries have recently seen a surge in the number of suspicious related casino transactions involving bank drafts and operational alerts regarding the money laundering risks of this have been issued. The alert includes evidence that bank drafts have been associated to ‘mule bank accounts’15. In this regard, it is vital that gambling businesses are alert to customers who regularly use this as a payment method or deposit a high volume of bank drafts.

Licence Condition 5.1.1. of the LCCP mandates that there needs to be appropriate policies and procedures concerning the use of cash equivalents (including bank drafts). Furthermore, bank drafts can increase the risk of ‘smurfing’.

The use of bank drafts has been given a medium risk rating as the Commission is not aware of widespread use by Commission licensed casino operators accepting bank drafts as a form of customer payment.

Bring your own devices’ (BYODs)

Recent product innovations in the gambling industry include cashless apps that can be used on analogue and digital machines. The advantages for customers include ease of play and convenience, however there are associated risks.

These include:

The risks associated with cashless apps further increase where a customer uses multiple premises and there is a lack of customer interaction. The Commission is not aware of any licensed casino operator currently providing this facility. However due to cashless payments along with digital payment methods increasing in popularity due to continuing innovation in the industry, as well as the drive towards cashless payment due to COVID-19, this has been given a high risk rating should this be implemented in the future in relation to the casino sector.

Transfer of funds between casino customers

There is evidence that in the non-remote casino sector, customers can transfer funds between themselves via their gambling accounts. Operators should have policies, procedures, and controls in place to mitigate the risk of money lending between customers 16. This has been rated medium risk.

Unlicensed employees carrying out ID checks

There is growing evidence that non-licensed employees, for example, casino receptionists (who are not required to hold Personal Licences under the LCCP) are carrying out customer ID checks. Casino operators are reminded that they are ultimately responsible for compliance with the LCCP, the Act and the Regulations. This is rated high risk.

Key person responsible for regulatory compliance

A requirement of the Regulations is for casino operators to appoint, where appropriate with regard to the size and nature of their business, an individual who is either a member of the board of directors (or if there is no board, of its equivalent management body) or of its senior management, as the officer responsible for the operator’s compliance with the Regulations. This could be the same person as the nominated officer if the operator considers this a suitable arrangement.17

The Commission has received evidence that some casino operators are not complying with this requirement and will view any non-compliance with the Regulations seriously. This has been rated as high risk.

Casinos offering money service businesses (MSBs)

The Regulation’s designate the Commission as the supervisory authority for casinos in the UK. While under the Regulations HMRC is the supervisory authority for money service businesses (MSB) activities, the Commission and HMRC have agreed, under Regulation 7(2), that the Commission will act as the supervisory authority for MSB activities carried out by casinos (which includes: foreign exchange, third-party money transmission and third-party cheque cashing).

The Commission found that around 14% of business to customer remote casinos offered some form of MSB activity. In the same period around 79% of non-remote casinos offered some form of MSB activity 18. Commission-based research found that the following types of MSBs were offered by casinos:

  • 33 casinos offered cheque cashing
  • 54 casinos offered foreign currency exchange
  • 35 offered third party money transfer
  • 20 casinos offered all the above three types

Some red flag risk indicators identified with MSB activity were:

Example case study:

Third party payment MSB activity for online casinos might include cases of a spouse’s card being used to fund the gambler’s account, or the money is paid out from the account to the third party. Clearly there are risks associated with this and we expect operators to have measures in place such as identification and source of fund checks.

The Commission found that some remote casino operators were unable to separate their financial data accurately in relation to MSB activity and other activity in customers’ e-wallets. Failing to do so means that operators are not sufficiently assessing, monitoring, and controlling the risks associated with MSB activity.

This highlights the importance of operators adopting a risk-based approach in order to mitigate the potential Money Laundering (ML) and Terrorist Financing (TF) risks associated with MSB activity.

Betting (Remote)

Table actions:

Sector rating

Sector Previous overall risk rating Current overall risk rating
Betting (Remote) High High

Existing inherent risk rating

There has been an increase in the risk levels for some of the inherent risks for the remote betting sector. For further information relating to the inherent risks (including vulnerabilities, consequences and controls), see our previous risk assessments:

Vulnerability Risk Previous likelihood of event occurring Previous impact of event occurring Current likelihood of event occurring Current impact of event occurring Change in risk
Operator Control Operators failing to comply with prevention of money laundering and terrorist financing legislation and guidance High High High High No change
Operator Control Operators staking and winning directly and indirectly on their own products Medium Medium Low Medium Decrease
Operator Control Lack of competency of key personnel and licence holders which can then be exploited by criminals seeking to launder the proceeds of crime High High High High No change
Operator Control Inadequate/lack of ‘know your customer’ (KYC) checks resulting in criminals laundering criminal proceeds or risk of this occurring Medium High High High Increase
Licensing and integrity Gambling operations run by organised criminals to launder criminally derived funds Medium High Medium High No change
Licensing and integrity White label providers High High High High No change
Customer Customer not physically present for identification Medium High High High Increase
Customer False or stolen documentation used to bypass controls to launder criminally derived funds Medium High High High Increase
Customer Accessibility to multiple remote accounts High High High High No change
Customer Customers from high risk or non-cooperative jurisdictions using remote facilities to launder criminally derived funds Medium Very High High High Decrease
Customer Customers who appear on international sanctions lists laundering criminally derived funds Very Low High Low High Increase
Means of payment E-wallets N/A (no risk rating provided in previous risk assessment) N/A (no risk rating provided in previous risk assessment) Medium Medium N/A
Means of payment Cryptoasset transactions Medium Medium Medium High Increase
Means of payment Pre-paid cards Medium Medium High High Increase

The following additional inherent and new emerging risks highlight the importance of operators conducting robust due diligence checks on customers. The new or additional areas have their own individual risk ratings.

Additional inherent risks

Peer to peer betting

This method of gambling allows customers to bet directly against each other. There is the potential for betting sites to be used by criminals to facilitate match fixing and therefore generate criminal proceeds19. The risks in this area have been further compounded over recent years with the introduction of peer to peer betting applications which allows for instantaneous, convenient play. Betting exchanges are typically a global product meaning customers located within Great Britain can be matched with customers from different countries who may not be necessarily be subject to same, stringent Anti Money Laundering (AML) checks as those in Britain. This means that criminal monies may be filtering into Britain. This risk in this area increases where a customer is from a high risk geographical area20. This has been given a medium risk rating.

‘Closed loop’ system

With COVID-19 seeing an increase in cashless payments, there is the risk of operators not operating a ‘closed loop’ system i.e., payment to the customer is made on the same card that was used by the customer to deposit funds. This coupled with the increased evidence the Commission is seeing of card fraud/theft means that operators should implement effective policies, procedures and controls involving a ‘closed loop system’. This has been rated high risk.

Use of third parties or agents to obscure the source or ownership of money gambled by customers & their identities

There have been examples in the remote betting sector of customers’ gambling being funded by third parties which has facilitated Money Laundering (ML). This highlights the importance of operators having a robust Money Laundering (ML) and Terrorist Financing (TF) risk assessment in place to mitigate such risks. This has been given a high risk rating.

‘High value’ customer’ schemes

This has been given a high risk rating as previously discussed. See the Casino (Remote) section for further information.

High monetary thresholds

There is substantial evidence that remote betting operators have high customer spending triggers in place before conducting any due diligence checks on customers. This means that for customers that do not hit this threshold, it has been found that only basic checks are being carried out i.e., proof of name, address, and date of birth. Operators are reminded that this is a potential breach of Licence Condition 12.1.1.(1) which requires that licensees must assess the risks of their business being used for Money Laundering (ML) and Terrorist Financing (TF). This is a high risk area.

Emerging risks

Unregulated betting events

The Commission has received reports from licenced operators relating to suspicious betting activity on sporting events taking place predominantly outside of Britain. A number of these events were organised as ‘friendly’ or ‘exhibition’ matches outside of the jurisdiction of a recognised Sports Governing Body (SGB). Media reports indicated that some of these events had been set up purely for betting purposes, with confusion over whether some of the matches had taken place at all. It is vital to maintain and protect the integrity of betting and with no Sports Governing Body (SGB) oversight, these unregulated events present a much greater risk for corruption and match fixing. We expect licensees to have robust systems in place to manage these risks. They should also ensure that markets are offered on events that are genuine and are settled fairly. This has been rated high risk. For further information see our reminder to licensees to manage risks associated with unregulated events (opens in new tab)

Customer identity verification

Licence Condition 17 of the LCCP stipulates that online gambling businesses are not permitted to allow a customer to gamble before they have verified the customer’s identity21. This LCCP change is consistent with our guidance to operators which states that operators need to give due consideration to ‘whether it is necessary to do KYC or due diligence checks on the customer’22. The Commission has seen evidence in the remote betting sector that licensees are asking for customer ID when a withdrawal request for winnings is submitted by the customer. From a Money Laundering (ML) perspective, this has been given an overall ‘high’ risk rating as it means that insufficient due diligence checks are being carried out early enough in the consumer’s gambling journey.

‘Smurfing’

There is evidence of customer ‘smurfing’ in the remote betting sector. ‘Smurfing’ is a common Money Laundering (ML) method where multiple launderers will make numerous small transactions to minimise suspicion and evade KYC requirements at the threshold of gambling. This has been given a medium risk rating.

‘Mule’ betting accounts

'Mule' accounts are the creation of online betting accounts via the misuse of personal details belonging to third parties. This can be done both with or without third-parties’ knowledge and their personal data can be used to open both online betting accounts and e-wallet accounts with payment service providers. Large numbers of mule accounts are typically controlled by individuals or groups for the purposes of placing large volumes of bets and or as well as to disguise who is placing the bets and or as well as disguise the sources of funds being gambled.

Third-party or “mule” accounts could arguably be used by the following groups to name but a few:

  1. Bonus abusers
  2. Affiliate commission agents
  3. Professional gamblers, betting syndicates, Courtsiders, Arbitrage bettors
  4. Problem gamblers
  5. Money launderers (including organised criminal groups: OCGs)
  6. Match fixers.

It is a well-known gambling typology that OCGs have targeted students and the vulnerable for setting up mule accounts.

Mule accounts can be used to:

  1. to facilitate money laundering (i.e. enabling criminal groups to spread large amounts of money over numerous accounts on relatively low-risk bets)

  2. to monetise match-fixing (getting as much money on as possible [via mule accounts] to capitalise on the knowledge of known sporting outcomes)

  3. to support pro-gambling (i.e. courtsiders providing fast data feeds and the use of mule accounts by savvy gamblers to capitalise on this knowledge).

The following are some red flag indicators for the use of mule betting accounts:

Case example 1:

An 85-year-old female opening a new betting account at 3am (placing large or max bets on obscure markets relating to a third-tier South American basketball match). Large deposits and withdrawals are made via online payment providers . This can lead to a possible suspicion that the customer details may have been subject to ID theft.

Case example 2:

During a house search, Police identify a carrier bag of approximately 7000 pre-paid payment cards. A dip sample of 200 of the cards identifies all are registered in different people’s names. A review of the transactions identifies all have been used to fund online gambling activity (not known at this stage whether sports betting or another online games/casino). It is suspected that large volume of personal data is likely to have been harvested, via unknown means, for the purpose of opening multiple betting accounts.

Case example 3:

Multiple betting accounts in different names identified placing suspicious bets on sporting outcomes. The betting on all accounts are linked to the same device and IP address with all accounts appearing to be related to university students. It is suspected that students’ details may have been used or purchased, in some cases with their knowledge, to facilitate large-scale online betting.

Other ‘red-flag’ indicators that operators should be aware of include (but not limited to):

  1. newly opened accounts with a third party payment set-up
  2. first and only bets placed using the accounts on this fixture
  3. using total funds deposited to place the bets
  4. disguising the main bet by creating an accumulator with short odds selection
  5. taking an early cash-out before the settlement and (attempted to) withdraw their funds.

Whilst the above relates to betting accounts, it is easy to see how some of the above examples could also equally apply to the other remote sectors (casino, bingo). This has been given a high risk rating.

Politically exposed persons (PEP)

There is evidence in the remote betting sector of insufficient controls in place to identify Politically Exposed Persons (PEPs), which is concerning as they can present (although not always) a higher risk of Money Laundering (ML). A Politically Exposed Person (PEP) generally presents a higher risk for potential involvement in bribery and corruption by virtue of their position and the influence that they may hold. Due to the risks associated with Politically Exposed Persons (PEPs), the Financial Action Task Force (FATF) recommendations require the application of additional Anti Money Laundering (AML)/CTF measures to business relationships with PEPs23. These requirements are preventive (not criminal) in nature and should not be interpreted as meaning that all Politically Exposed Persons (PEPs) are involved in criminal activity. Operators are required to have effective controls in place to manage high risk customers and this should form part of their Money Laundering (ML) and Terrorist Financing (TF) risk assessment. Suggested mitigations in this area include (but are not limited to) operators comparing new and existing customers against Politically Exposed Person (PEP) databases and sanctions lists. Currently there is limited evidence of the risk of Politically Exposed Persons (PEPs) using remote betting facilities to launder funds and has been given a medium risk rating.

Betting (Non-remote)

Table actions:

Sector rating

Sector Previous overall risk rating Current overall risk rating
Betting (Non-remote) High High
Off-course High High
On-course Medium Medium

Existing inherent risk rating

There has been an increase in the risk levels for some of the inherent risks for the non-remote betting sector. For further information relating to the inherent risks (including vulnerabilities, consequences and controls), see our previous risk assessments:

Vulnerability Risk Previous likelihood of event occurring Previous impact of event occurring Current likelihood of event occurring Current impact of event occurring Change in risk
Operator Control Operators failing to comply with prevention of money laundering and terrorist financing legislation and guidance (off-course only) High High High High No change
Operator Control Operators failing to comply with prevention of money laundering and terrorist financing legislation and guidance (on-course only) High High Medium Medium Decrease
Operator Control Lack of effective customer interaction resulting in a failure to prevent/detect ML or TF (off course only) Medium High Medium High No change
Operator Control Lack of effective customer interaction resulting in a failure to prevent/detect ML or TF (on course only) Medium High Medium Medium Decrease
Operator Control Inadequate/lack of ‘know your customer’ (KYC) checks resulting in criminals laundering criminal proceeds (off course only) Medium High High High Increase
Operator Control Inadequate/lack of ‘know your customer’ (KYC) checks resulting in criminals laundering criminal proceeds (on course only) Medium High Medium Medium Decrease
Licensing & Integrity Betting operations being acquired by organised crime to launder criminal proceeds (off course only) Medium High Low High Decrease
Licensing & Integrity Betting operations being acquired by organised crime to launder criminal proceeds (on course only) Medium High Low High Decrease
Licensing & Integrity Betting employees acting in collusion with organised criminals to launder criminal funds (off course only) Medium High Medium High No change
Licensing and Integrity Betting employees acting in collusion with organised criminals to launder criminal funds (on course only) Medium High Low Medium Decrease
Customers Unverified customers laundering proceeds of crime through betting (off-course only) High High High High No change
Customers Unverified customers laundering proceeds of crime through betting (on-course only) High High Medium Medium Decrease
Customers Accessibility to multiple premises/operators (off-course only) High High High High No change
Customers False or stolen identification documentation used to bypass controls to launder criminal funds (off-course only) Medium Medium Medium Medium No change
Product Gaming machines used to launder criminal funds (off course only) High High High High No change
Product Self Service Betting Terminals and Ticket-in-Ticket Out Machines used to launder criminal funds (off-course only) High High Medium High Decrease
Means of Payment Cash Transactions High High High High No change
Means of Payment Cashless Transactions Medium Medium Medium Medium No change

Additional inherent risks

Dyed notes

There have been reported instances that betting shops have noticed dyed notes in gaming machines. It is vital that operators remain vigilant in this area. The Commission has recently issued an industry alert to operators to report this to the relevant local police force (through non-emergency contact options) where they have found dyed notes on their premises. At the same time it is a mandatory requirement that operators submit suspicious activity reports (SARs) to the National Crime Agency (NCA) in all cases where they have knowledge or suspicion of money laundering or terrorist financing where dyed bank notes are detected. This has been given an overall ‘medium’ risk rating.

New emerging risks

‘Closed loop’ system

As discussed earlier in this document, the pandemic has seen an increase in cashless payments. There is the risk of non-remote operators not operating a ‘closed loop’ system i.e., payment to the customer is made on the same card that was used by the customer to deposit funds. This coupled with the increased evidence the Commission is seeing of card fraud or theft means that operators should implement effective policies, procedures and controls involving a ‘closed loop system’. Whilst there is a limit placed on contactless transactions (currently maximum of £45), there is also the risk of ‘smurfing’. This has been given a high risk rating.

Organised Criminal Gangs (OCGs)

There is a risk that Organised Criminal Gangs (OCGs) are using multiple land based betting premises to place bets with funds that have been derived from the proceeds of crime. Operators are reminded to remain vigilant and report any such matters to the police as well as submit suspicious activity reports (SARs) to the UKFIU where there is knowledge or suspicion of Money Laundering (ML) (including criminal spend) or Terrorist Financing (TF). This has been given a medium risk rating.

Unlicensed gambling activities

There is the risk of on-course bookmakers providing gambling facilities that they are not licensed to provide i.e., accepting bets over the phone without having the required ancillary betting licence. Operators are reminded that where the Commission finds evidence of non-licensed activities, we will undertake compliance and enforcement action which might then lead to a review of the licence and possible revocation under s.116 of the Act. This has been given a low risk rating.

Scottish notes

The Commission has become aware of instances in this time-period where betting customers have tried to provide large quantities of Scottish notes to place their bets, which have well established Money Laundering (ML) vulnerabilities. Operators must remain vigilant in identification of customers depositing large quantities of Scottish notes, and if suspicious report their concerns to law enforcement and the UKFIU24. This has been given a medium risk rating.

Existing emerging risks

‘Bring your own devices’ (BYODs)

There is the technology available for customers to use their own device (for example, mobile phone) to place bets through non-account based play either in off-course or on-course venues. Recent product innovations include cashless apps that can be used on analogue and digital machines. The advantages for customers include ease of play and convenience, however there are associated risks. These include:

  1. operators failing to undertake KYC checks on customers
  2. transactions not being monitored in real time
  3. anonymity: customers could place bets without needing an account or interacting with employees of the operator
  4. ‘smurfing’: a common Money Laundering (ML) method where a customer will make numerous low level transactions with the proceeds of crime to avoid suspicion.

The above risks associated with cashless apps further increase where a customer uses multiple land based premises and there is a lack of customer interaction. The Commission currently understands that licensed betting operators are not providing this facility, therefore our below risk rating must be taken account of should operators choose to offer this facility. Due to cashless payments (along with digital payment methods) increasing in popularity and due to continuing innovation in the industry (as well as the drive towards cashless payment due to COVID-19), this has been given a theoretical high risk rating in relation to the betting sector and will be kept under review through this publication.

Bingo (Remote)

Table actions:

Sector rating

Sector Previous overall risk rating Current overall risk rating
Bingo (Remote) High High

The remote bingo and betting sector will be assessed separately for the purposes of this publication as the risks differ for both sectors.

Existing inherent risks

There has been an increase in the risk levels for some of the inherent risks for the remote bingo sector. For further information relating to the inherent risks (including vulnerabilities, consequences and controls), see our previous risk assessments:

Vulnerability Risk Previous likelihood of event occurring Previous impact of event occurring Current likelihood of event occurring Current impact of event occurring Change in risk
Operator Control Operators failing to comply with prevention of money laundering and terrorist financing legislation and guidance High High High High No change
Operator Control Operators staking and winning directly and indirectly on their own products Medium Medium Low Medium Decrease
Licensing and integrity Gambling operations run by organised criminals to launder criminally derived funds Medium High Low High Decrease
Customer Customer not physically present for identification Medium High High High Increase
Customer False or stolen documentation used to bypass controls to launder criminally derived funds Medium High Medium High No change
Customer Accessibility to multiple remote accounts High High High High No change
Means of payment Cryptoasset transactions Medium Medium Medium High Increase
Means of payment Pre-paid cards Medium Medium High High Increase
Means of payment E-wallets N/A (no risk rating provided in previous risk assessment) N/A (no risk rating provided in previous risk assessment) Medium Medium N/A

The following additional inherent and new emerging risks all highlight the importance of operators conducting sufficient due diligence checks on customers and have all been given a high risk rating due to potential for significant monies to be laundered online.

Additional inherent risks

Poor source of funds checks

There is evidence of instances where customers have used stolen or fraudulently obtained money for gambling with remote bingo operators. Operators need to ensure that they have robust policies and procedures in place to establish source of funds. This has been given a high risk rating.

Smurfing

‘Smurfing’ is a common money laundering method where money launderers break up large amounts of illicit money into smaller transactions to evade suspicion. There is evidence that this has been occurring in the remote bingo sector and has been given a high risk rating due to the potential monies that can be laundered if due diligence checks are not carried out by operators. .

Customers on the sanctions list

The Commission has become aware of isolated instances where remote bingo operators have had customers that have been on a sanctions list, although the sanctioned individual did not deposit monies. Operators must be vigilant in identifying customers who appear on relevant sanction lists and if breaches have occurred report this to the Commission and the Office of Financial Sanctions Implementation (OFSI). They must prevent financial transactions and report suspicions of Money Laundering (ML) and Terrorist Financing (TF) to the UK Financial Intelligence Unit. This has been rated as low risk .

Inadequate/lack of ‘know your customer’ (KYC) checks

There is evidence that remote bingo operators are failing to undertake sufficient KYC checks which can result in operators accepting illicit funds. Failure to undertake adequate affordability checks, including knowledge of customers’ occupations and delayed identification checks, i.e. at the point of withdrawing winnings, all contribute towards illicit finance washing through gambling accounts online. This is viewed as a high risk area.

New emerging risks

Use of third parties or agents to obscure the source or ownership of money gambled by customers and their identities

There have been examples in the remote bingo sector of customers’ gambling being funded by third parties which has facilitated money laundering. This highlights the importance of operators having a robust money laundering and terrorist financing risk assessment in place to mitigate such risks. This has been given a medium risk rating.

Bingo (Non-Remote)

Table actions:

Sector rating

Sector Previous overall risk rating Current overall risk rating
Bingo (Non-Remote) Medium Medium

Existing inherent risk ratings

There has been some change in the risk levels for the inherent risks for the non-remote bingo sector. For further information relating to the inherent risks (including vulnerabilities, consequences and controls), see our previous risk assessments:

Vulnerability Risk Previous likelihood of event occurring Previous impact of event occurring Current likelihood of event occurring Current impact of event occurring Change in risk
Operator Control Operators failing to comply with prevention of money laundering and terrorist financing legislation and guidance Medium Medium Medium Medium No change
Operator Control Removal of membership schemes Medium Medium Low Medium Decrease
Operator Control Lack of or inadequate ‘know your customer’ (KYC) checks conducted resulting in criminals laundering criminal proceeds Medium Medium Medium Medium No change
Licensing & Integrity Gambling operations being acquired by organised crime to launder criminal proceeds Medium Medium Low Medium Decrease
Licensing & Integrity Employees colluding with criminals Medium Medium Low Medium Decrease
Customer Anonymous customers laundering proceeds of crime through gaming machines Medium Medium Low Medium Decrease
Means of Payment Ticket-in-ticket-out (TITO) facilities used to launder funds when used in conjunction with ATR machines Medium Medium Medium Medium No change
Product Electronic Betting Terminals (EBTs) incl. table-top gaming (either traditionally or via EBT content) Low Medium Low Medium No change
Product Gaming Machines, Cat B3 Medium Medium Low Medium Decrease

Additional inherent risks

Cash payments

Cash is globally recognised as being attractive for money launderers because of its anonymity, being difficult to trace and it is easily transferrable. The Financial Action Task Force (FATF) recognises that cash is widely used in the criminal economy25. The vulnerability associated with cash transactions include; criminal lifestyle spending, use of Scottish and Irish notes, and fraudulent notes and coins. However, the shift to cashless payment due to COVID-19 mitigates the risks associated with cash payments to a certain extent. This has been given a medium risk rating in relation to the non-remote bingo sector26.

Cashless payment

As discussed previously, the use of cashless payments in general has increased in popularity in recent years. This presents a risk where Money Laundering (ML) could be facilitated using fraudulently obtained and stolen cards. Whilst there are controls in place through closed loop systems, this mitigation is wholly reliant on the operator and its employees effective application and there is a monetary cap on each transaction (currently £45).

The associated risks with cashless payment include:

  1. operators failing to undertake KYC checks on customers
  2. transactions not being monitored in real time
  3. ‘smurfing’: a common ML method where a customer will make numerous low level transactions to avoid suspicion.

The above risks associated with cashless payments further increase where a customer uses multiple premises and there is a lack of customer interaction. Due to cashless payments increasing in popularity (especially due to COVID-19), this has been given a medium risk rating in relation to the non-remote bingo sector.

Arcades

Table actions:

Sector rating

Sector Previous overall risk rating Current overall risk rating
Adult Gaming Centres Medium Medium
Family Entertainment Centres (FECs) Low Low

Existing inherent risks

There has been some change in the risk levels for the inherent risks for the arcade sector. For further information relating to the inherent risks (including vulnerabilities, consequences and controls), see our previous risk assessments:

Vulnerability Risk Previous likelihood of event occurring Previous impact of event occurring Current likelihood of event occurring Current impact of event occurring Change in risk
Operator Control Operators failing to comply with prevention of money laundering and terrorist financing legislation and guidance Medium Medium Low Medium Decrease
Licensing & Integrity Arcade businesses being acquired by organised crime to launder criminal proceeds (AGCs only) Low Medium Low Medium No change
Licensing & Integrity Arcade businesses being acquired by organised crime to launder criminal proceeds (FECs only) Low Medium Low Low Decrease
Operator Control Lack of competency of key personnel and licence holders which can then be exploited by criminals seeking to launder the proceeds of crime (AGCs only) Low Medium Low Medium No change
Operator Control Lack of competency of key personnel and licence holders which can then be exploited by criminals seeking to launder the proceeds of crime (FECs only) Low Medium Low Medium No change
Customer Anonymous customers laundering proceeds of crime through gaming machines (AGCs only) Medium Medium Medium Medium no change
Customer Anonymous customers laundering proceeds of crime through gaming machines (FECs only) Medium Medium Low Low Decrease
Product Automated ticket redemption (ATR) machines used to facilitate the laundering of criminally derived funds (AGCs only) Medium Low Low Medium Decrease
Product Gaming machines, category B3 being used to launder criminally derived funds (AGCs only) Medium Medium Medium Medium No change
Product Privacy booths (AGCs only) Medium Medium Medium Medium No change
Product Privacy booths (FECs only) Medium Medium Medium Low Decrease
Means of Payment Cash transactions Medium Medium Low Medium Decrease
Means of Payment Cashless payments N/A (no rating provided in previous Risk Assessment) N/A (no rating provided in previous Risk Assessment) Medium Medium N/A
Means of Payment Ticket-in-ticket-out (TITO) facilities used to launder funds when used in conjunction with ATR machines (AGCs only) Medium Medium Low Medium Decrease

Additional inherent risks

Dyed notes

As previously mentioned, there have been reported instances where AGCs have noticed dyed bank notes in gaming machines. As well as the importance of reporting any dyed notes found on premises to the relevant local police force, it is also a mandatory requirement to submit Suspicious Activity Reports (SARs) to the UKFIU in all cases where there is knowledge or suspicion of Money Laundering (ML) and Terrorist Financing (TF) in relation to any dyed bank notes detected. This has been given a medium risk rating.

New emerging risks

‘Bring your own devices’ (BYODs)

Recent product innovations in the gambling industry include cashless apps that can be used on analogue and digital machines. The advantages for customers include ease of play and convenience, however there are associated risks. These include:

  1. operators failing to undertake Know Your Customer (KYC) checks on customers
  2. transactions not being monitored in real time
  3. anonymity: customers could gamble without needing an account or interacting with employees of the operator
  4. ‘smurfing’: a common money laundering method where a customer will make numerous low level transactions with illicit monies to avoid suspicion.

The risks associated with cashless apps further increase where a customer uses multiple premises and there is a lack of customer interaction. The Commission sees cashless payments (along with digital payment methods) increasing in popularity due to continuing innovation in the industry, as well as the drive towards cashless payment due to COVID-19. This has been given a medium risk rating in relation to the arcade sector.

Society Lotteries and External Lottery Managers (Remote and Non-Remote)

Table actions:

Sector rating

Sector Previous overall risk rating Current overall risk rating
Society Lotteries (Remote and Non-Remote) Low Low
External Lottery Managers (Remote and Non-Remote) N/A: Not assessed previously Low

Society lotteries and The National Lottery are being assessed separately for the purposes of this publication as they are two separate sectors and the risks posed in both differ. External Lottery Managers (ELMs) are being assessed for the first time as part of this risk assessment.

Existing inherent risk rating

The inherent risk ratings have changed for this assessment. There has been some change in the risk levels for the inherent risks for the arcade sector. For further information relating to the inherent risks (including vulnerabilities, consequences and controls), See our 2019 publication: Money laundering and terrorist financing risk assessment within the British gambling industry: 2019 (PDF).

Vulnerability Risk Previous likelihood of event occurring Previous impact of event occurring Current likelihood of event occurring Current impact of event occurring Change in risk
Operator Control Operators failing to comply with prevention of money laundering and terrorist financing legislation and guidance Low Low Medium Low Increase
Licensing and integrity Operator being acquired by organised crime to launder criminal funds Low Medium Low Low Decrease
Customer Anonymous customers (non-remote) Medium Very Low Low Very Low Decrease
Customer False and stolen identity documentation Low Low Low Low no change
Customer Customer not physically present (remote) Low Low Low Low No change
Products Scratch cards/interactive instant win games Low Very Low Low Very Low no change
Means of Payment Cash transactions (non-remote only) Low Medium Low Low Decrease

NB: previous overall risk ratings and the section in the table above relating to ‘movement’ are not applicable to ELMs as this is the first time this sector is being assessed separately.

New emerging risks (applicable to ELM sector only)

Failure to transfer lottery proceeds

ELMs make arrangement for a lottery on behalf of a society. The potential Money Laundering (ML) and Terrorist Financing (TF) risks are that lottery proceeds might not be passed on by the ELM to the society lottery they are working on behalf of, however some of these risks are partially mitigated as ELMs are required to be licensed by the Commission and by the scrutiny the society will implement for lottery proceeds between itself and the ELM. As there is no widespread evidence of this occurring, this has been given an overall low risk rating with a further update to be provided in the next risk assessment.

National Lottery (Remote and Non-Remote)

Table actions:

Sector rating

Sector Previous overall risk rating Current overall risk rating
National Lottery Low Low

For this publication, The National Lottery and society lotteries have been assessed separately.

Existing inherent risk rating

There have been a few changes to the inherent risk ratings this year for the National Lottery For further information relating to the inherent risks (including vulnerabilities, consequences and controls), see our 2019 publication: Money laundering and terrorist financing risk assessment within the British gambling industry: 2019 (PDF).

Vulnerability Risk Previous likelihood of event occurring Previous impact of event occurring Current likelihood of event occurring Current impact of event occurring Change in risk
Operator Control Operators failing to comply with prevention of money laundering and terrorist financing legislation and guidance Low Low Low Low No change
Licensing and integrity National Lottery acquired by organised crime to launder criminal funds Low Medium Low Medium No change
Customer Anonymous customers (non-remote) Medium Medium Low Medium Decrease
Customer False and stolen identity documentation Low Low Low Low no change
Customer Customer not physically present (remote) Low Low Low Low no change
Products Scratch cards/interactive instant win games Low Very Low Low Very Low no change
Means of Payment Cash transactions Low Medium Low Low Decrease

New emerging risks

Know Your Customer (KYC) checks

There is a risk of insufficient KYC checks being carried out on high spending customers which could potentially breach the requirement for Camelot to guard against excessive customer play, however due to limited evidence this has been given a low risk rating.

Gambling Software (Remote and Non-Remote)

Table actions:

Sector rating

Sector Previous overall risk rating Current overall risk rating
Gambling Software (Remote and Non-Remote) Low Low

The gambling software and gaming machine technical sectors have been assessed separately for this document as they are two separate gambling sectors.

Existing inherent risk rating

For further information relating to the inherent risks (including vulnerabilities, consequences and controls), see 2019 publication: Money laundering and terrorist financing risk assessment within the British gambling industry: 2019 (PDF).

Vulnerability Risk Previous likelihood of event occurring Previous impact of event occurring Current likelihood of event occurring Current impact of event occurring Change in risk
Operator Control Operators failing to comply with prevention of money laundering and terrorist financing legislation and guidance Low Low Low Low No change
Operator Control Inadequate/lack of due diligence checks on any third party providers (e.g., test houses) N/A (no risk rating provided in previous risk assessment) N/A (no risk rating provided in previous risk assessment) Medium Low No change

There are no emerging or additional inherent risks for this sector.

Gaming Machine Technical (Remote and Non-Remote)

Table actions:

Sector rating

Sector Previous overall risk rating Current overall risk rating
Gaming Machine Technical (Remote and Non-Remote) Low Low

Existing inherent risk rating

As previously explained, the gambling software and gaming machine technical sectors have been assessed separately for this document as they are two separate gambling sectors.

For further information on the inherent risks (including consequences and controls), see our 2019 publication: Money laundering and terrorist financing risk assessment within the British gambling industry: 2019 (PDF).

Vulnerability Risk Previous likelihood of event occurring Previous impact of event occurring Current likelihood of event occurring Current impact of event occurring Change in risk
Operator Control Operators failing to comply with prevention of money laundering and terrorist financing legislation and guidance Low Low Low Low No change
Product Gaming machines Cat B,C and D, FOBT, SSBT, TITO used to launder the proceeds of crime Low Low Low Low No change
Product TITO enabled gaming machines used to launder funds when used with ATR machine Low Low Low Low No change
Means of payment TITO used in conjunction with ATR machines in casinos, bingo halls and AGCs (machine operator issue, but provides an opportunity for manufacturers and retailers to cooperate to mitigate the risks) Low Low Low Low No change
Means of payment Cashless payments N/A (no risk rating provided in previous risk assessment) N/A (no risk rating provided in previous risk assessment) Medium Low N/A
Operator Control Inadequate/lack of due diligence checks on any third-party providers (e.g., test houses) N/A (no risk rating provided in previous risk assessment) N/A (no risk rating provided in previous risk assessment) Medium Low N/A

New emerging risks

Lack of adherence with Technical Standards

All gaming machine technical licensees are required to comply with the Commission’s Technical Standards27. The purpose of these Standards is to set out in detail the Commission’s requirements with respect to game features, display notices and general machine operation. These have been developed to help ensure the three licensing objectives under the Act are met (which includes ‘keeping crime out of gambling’). The Technical Standards state that gaming machines must have an ID plate permanently attached (which must include the manufacturer’s details) 28. There is evidence that some gaming machines are being supplied without any ID plates attached to them which raises money laundering and terrorist financing concerns as there is no verified information regarding where these machines originated from for example if they have been purchased from the proceeds of crime. This has been given a low risk rating as there is no current widespread evidence of this practice.

Terrorist Financing Vulnerabilities

Table actions:

Sector rating

Sector Previous overall risk rating Current overall risk rating
Terrorist financing Medium Low

Existing inherent risks

This year’s risk assessment builds upon the previous one relating to the current terrorist financing vulnerabilities the gambling industry faces.

There is a change in the overall risk rating relating to terrorist financing in Great Britain’s gambling industry. This is due to evidence the Commission is aware of to support the change in risk levels (including HM Treasury’s National Risk Assessment which was published in December 2020).

For further information on the inherent risks (including consequences and controls), see our 2019 publication: Money laundering and terrorist financing risk assessment within the British gambling industry: 2019 (PDF).

Vulnerability Risk Sector Previous likelihood of event occurring Previous impact of event occurring Current likelihood of event occurring Current impact of event occurring Change in risk
Operator Control Operators failing to understand or take consideration of terrorist financing vulnerabilities and applicable legislation All Low High Low Medium Decrease

Additional inherent risks

The risk levels and typologies relating to terrorist financing differ in comparison to Money Laundering (ML). For this reason, even though some of the below risks (such as pre-paid cards and cryptoasset transactions) are high for ML purposes, they have been rated lower in relation to Terrorist Financing (TF).

As discussed previously, criminals and terrorists have changed the way they operate to take advantage of the vulnerabilities that have emerged as a result of COVID-19. The current situation has seen an increase in the use of pre-paid cards, mule accounts and cryptoassets being used for ML purposes. For further information, see the Commission’s website. However, these risks can be transferrable in relation to TF and the United Nations has warned that terrorist groups may see opportunities for increased TF activity while government attention is focused on COVID-1929. However, the known risks within the UK for gambling and TF remains low as demonstrated within HM Treasury current National Risk Assessment.

Cash transactions

It is well known that terrorist financers use mechanisms such as bulk cash smuggling to move money 30. Even though the pandemic has seen a restriction in cash movements, it is still vital that gambling businesses remain curious and be alert to large cash transactions. This has been rated low risk currently.

Money service businesses

It has been recognised that terrorist financers have used different channels to move funds and assets including using money service businesses (MSBs). 31. However, due to current limited evidence levels for this typology in gambling this has been given a low risk rating.

Pre-paid cards

‘Smurfing’ (using pre-paid cards) has been known to be used to fund terrorist activities. Here OCGs and those supporting terrorism can employ people (‘smurfs’) to purchase pre-paid cards which are then loaded with illicit money. Such money can then be legalised through transfer to a bank account. The ‘smurfs’ are careful to deal with amounts below the legal monetary thresholds. This money can then be used to fund terrorism and other legitimate activities, for example gambling. Due to current limited evidence levels this has been given an overall low risk rating.

‘Mule’ accounts

Illicit funds can be transferred (either willingly or unwillingly), through a third party’s bank account (known as a ‘money mule’) to break the audit trail of transactions. This can be used as a primary method of laundering criminal proceeds. As previously discussed, the pandemic has seen an increase in mule account activity with criminals seeking to recruit money mules through social media to launder cash from human trafficking, terrorist financing or drug dealing. The Commission has become aware of instances where money from mule accounts have been used for gambling purposes. Whilst this has been given a high risk rating in relation to ML (where criminals have then laundered money through gambling activities), there is limited current evidence that mule account gambling activities have been used for TF purposes. Therefore, this has been given a low risk rating.

Cryptoasset transaction

There is evidence that some terrorist groups use cryptoassets for funding purposes32. This digital currency is likely to be used due to lack of options for cashing out funds in or near conflict locations and the anonymity this product provides for individuals or groups33. Before the pandemic, there were reports of terrorist groups increasingly using cryptoassets for funding purposes. The pandemic has also reported increases in the use of cryptoasset transactions in South Asia to fund terrorist-related activity. Whilst there is currently limited evidence that the use of cryptoassets for terrorist financing purposes in the UK is widespread, gambling businesses are reminded not to be complacent in fulfilling their legal duties to report suspicion or knowledge of terrorist financing to the UKFIU under the Terrorism Act 2000 (opens in new tab).

Charities and terrorist financing

The abuse of charities for terrorist financing is a well-known methodology and can occur in the following ways34:

  1. abusing charity assets
  2. infiltration by members of terrorist groups within organisations
  3. cash and asset exchange within conflict zones from the charity
  4. misusing a charity name and status
  5. setting up a charity for an illegal or improper purpose
  6. inappropriate expressions of support by a trustee for a proscribed terrorist organisation or designated person or entity.

Lotteries are frequently associated with charities and may share board structures, aims and employees. They therefore need to ensure that they have strong governance arrangements, financial controls and risk management policies and procedures in place that fit their needs, and will better safeguard them against a range of potential abuse, including the financing of terrorism. Trustees must also consider and manage risks to the lotteries (whether operational, financial, or reputational) ensuring they exercise proper control over financial affairs and keeping accurate records. Trustees must also ensure they and their charity comply with the law, including counter-terrorist financing law. Due to current evidence levels in this area for gambling, it has been given an overall low risk rating.

All of the above risk areas relating to terrorist financing highlights the importance of operators ensuring they conduct sufficient KYC checks along with Suspicious Activity Reports (SARs) submissions where there is knowledge or suspicion of terrorist financing and submitting Defence Against Terrorist Financing SARs (DATF) if operators suspect they have received, kept or transferred monetary sums associated with terrorism.

Domestic and international terrorism

Increase in right-wing terrorism

There is a growing threat of right-wing extremism in the UK.35 It has been reported that out of the six terror plots foiled by the UK intelligence agencies in 2019, half involved those on the far-right wing of extremism. It has been reported that far-right extremists are building international funding networks including funding from high risk geographical areas, which makes it even more vital for gambling businesses to ensure that they conduct sufficient checks on the origin of customer funds upon deposit and withdrawal and identify their customers.

International terrorism

International terrorism remains a dominant threat in the UK. However, there is limited current evidence that funding is entering the UK from hostile locations for attack planning.

Both of the above risk areas (right wing and international terrorism) have been given a low risk rating in relation to their impact on the gambling industry due to evidence levels.

Terrorism 'red flag' indicators

Some potential ‘red flag’ indicators that operators should be alert to, based on evidence reviewed regarding the risk of TF are:

  1. a customer’s income or expenditure which is inconsistent with their occupation
  2. unusual or suspicious religious quotes, or single words/phrases relating to known terrorist ideology or known numerical associations to terrorism in financial transactions and customer details (social media ‘handle’, web chat, email addresses etc)
  3. use of multiple foreign bank accounts to conduct transactions
  4. unexpected large withdrawals or complete withdrawal of sums and sudden account closure
  5. transactions are structured to avoid internal threshold or SAR reporting (‘smurfing’)
  6. MSB usage, including indicators such as: multiple overseas geographical locations destination for transfers, use of third parties in the transaction chain, open loop for foreign exchange transactions i.e. deposits in one currency and requests to withdraw in a different currency and missing details on money transfers
  7. accounts linked to pre-paid cards
  8. customer IP address being used by other customers.

Methodology

As per our last published risk assessment, the methodology we have adopted to analyse the risks in the gambling industry remains the same. The methodology uses an approach that can be represented as likelihood X impact = risk rating. See our 2019 publication: Money laundering and terrorist financing risk assessment within the British gambling industry: 2019 (PDF) for further information about our methodology.

Previous editions of the Money laundering and terrorist financing risk assessment

As part your commitment to anti-money laundering and the prevention of terrorist financing, you need to refer to 2018 (PDF) (opens in new tab) and 2019 (PDF) (opens in new tab) editions of the Money laundering and terrorist financing risk assessment.