With this document you can:

This box is not visible in the printed version.

The 2023 money laundering and terrorist financing risks within the British gambling industry

The Gambling Commission's money laundering and terrorist financing risk assessment for the British gambling industry in 2023.

Published: 30 November 2023

Last updated: 30 November 2023

This version was printed or saved on: 13 June 2024

Online version: https://www.gamblingcommission.gov.uk/guidance/the-2023-money-laundering-and-terrorist-financing-risks-within-the-british

Executive summary

The Gambling Commission’s Money Laundering (ML) and Terrorist Financing (TF) risk assessment 2023 presents the key risks associated with each of the sectors and encompasses licensed land-based and remote activity in Great Britain’s gambling industry. This assessment builds on the previous 2020 risk assessment and, among other things, fulfils the requirements under Regulation 17 (1) of the Money Laundering and Terrorist Financing and Transfer of Funds (Information on the Payer) 2017 (the Regulations) (opens PDF).

The purpose of this risk assessment is to:

The Commission has considered a wealth of information and intelligence when assessing the key threats identified within the British gambling industry and provides revised risk ratings in this publication. In consultation with in-house and external subject-matter experts, this assessment has been developed with input from a wide range of sector and industry specialists, including law enforcement and the National Crime Agency (NCA). It also considered approaches taken by other Anti Money Laundering (AML) supervisory authorities.

The reporting period this assessment is based on is 1 June 2020 to 31 March 2023. The methodology used to assess the risks in Great Britain’s gambling industry has been developed from the previous risk assessment in 2020. For more detail on the methodology and terminology used, please refer to the methodology section of this report.

The following gambling sectors are assessed separately (compared to previous risk assessments), as they are separate and distinct sectors with differing risk areas and levels:

Table actions:
Sector Current overall risk rating
Casino, betting and bingo (remote) High
Casino (non-remote) High
Betting (non-remote, off-course) High
Betting (non-remote, on-course) Medium
Bingo (non-remote) High
Adult Gaming Centres (AGCs) Medium
Family Entertainment Centres (FECs) Low
Society lotteries and external lottery managers (remote and non-remote Low
The National Lottery (remote and non-remote) Low
Gambling software (remote and non-remote) Low
Gaming machine technical (remote and non-remote) Low

In the HM Treasury and Home Office National Risk Assessment, the gambling sector is rated as low risk. However, the National Risk Assessment captures the relative risk of ML and TF occurring across all regulated financial sectors and Designated Non-Financial Businesses and Professionals (DNFBPs), which includes:

When the vulnerability of gambling to ML and TF is considered in the context of those other sectors in the National Risk Assessment it is currently lower risk in relative terms. By contrast, the Commission’s risk assessment compares the ML and TF risks in individual gambling sub-sectors and rates them appropriately in comparison to each other, rating them high to low risk.

When compiling the National Risk Assessment, the Treasury and Home Office are required to ensure that the risk assessment is used to consider whether providers of gambling services other than casinos should continue to be excluded from the requirements of the Regulations. It is therefore imperative that the Commission and gambling operators sustain their efforts and remain on guard to the financial crime risks inherent in gambling.

In line with Licence Condition 12.1.1, gambling operators are required and must ensure that such policies, procedures and controls are implemented effectively, kept under review, revised appropriately to ensure that they remain effective, and take into account any applicable learning or guidelines published by the Gambling Commission from time to time.

Whilst some of the ratings have changed in individual sub-sector risk areas, the overall risk ratings for each gambling sector have not changed since the previous risk assessment.

Sector Current overall risk rating
Terrorist financing Medium

The impact of terrorist financing has increased from Low to High.

The assessment of the terrorist financing risk is partially based on information from the National Risk Assessment, which has assessed this area as low risk for gambling. The Commission has also collaborated closely with external stakeholders, such as the UK’s counter terrorism teams, when arriving at its risk rating to assist our understanding of the terrorist financing typologies and vulnerabilities that are applicable to the gambling industry.

This document is intended to act as a valuable resource for the industry in informing their own ML and TF risk assessments, and must be taken into account when doing so, as required under Licence Condition 12 of the Licence Conditions and Codes of Practice (LCCP)1.

It is mandatory for gambling operators from all gambling sectors to comply with the licensing objective of keeping crime and its proceeds out of gambling, as set out in the Gambling Act 2005 (the Act) (opens new tab) and the Commission’s LCCP. Furthermore, all gambling operators have legal duties under the Proceeds of Crime Act 2002 (POCA)and the Terrorism Act 2000 (TACT) (opens in a new tab) to mitigate financial crime. Casinos (both land-based and remote) have an enhanced set of legal responsibilities, as they must comply with the Regulations for casino gaming, gaming machines and any money service business activities offered2.

However, it is imperative for all gambling operators (regardless of gambling sector) to ensure they have effective risk assessments identifying ML and TF risks, and robust policies, procedures and controls in place to prevent money laundering and terrorist financing, and to continue to raise standards in these areas.


1 Licence Condition 12 requires that operators have appropriate policies, procedures and controls to prevent money laundering and terrorist financing and that such policies, procedures and controls take into account any applicable learning or guidelines published by the Gambling Commission.

2 This refers to the Regulations under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (opens in new tab) ('the Regulations') which are applicable to firms under the 'regulated sector'. Casinos are part of the 'regulated sector'.

Introduction

Regulation 17 places an obligation on supervisory authorities to carry out a risk assessment of their supervised sector. The Gambling Commission (the Commission) is the supervisory authority for casinos and this obligation is met by this risk assessment. The Commission will also use this risk assessment to inform HM Government of the level of risk of Money Laundering (ML) and Terrorist Financing (TF) within the entire British gambling industry.

There may be vulnerabilities and risks attributed to a particular gambling sector that cause it to become higher risk over time. Consequently, where a gambling sector can no longer be deemed low risk in terms of the National Risk Assessment, it will likely lead to their inclusion within the provisions of the Regulations.

A risk assessment is a key requirement to understanding the ML and TF risks that a business is exposed to. This is done through the identification, assessment, management and where possible, the mitigation to control and prevent ML and TF. By knowing and understanding the risks to which the gambling industry is exposed, HM Government, law enforcement, the Commission and operators can work together to ensure that gambling in Great Britain is a hostile place for money launderers and terrorist financers seeking to exploit it.

This risk assessment builds upon the previous one published in December 2020. It is therefore recommended that this year’s assessment should be read in conjunction with the previous risk assessment: Money laundering and terrorist financing risk assessment within the British gambling industry: 2020 as this previous publication provides further information on our previous risk ratings regarding the inherent risks within Great Britain’s gambling industry by sector.

The threat of money laundering and terrorist financing in the gambling industry

The Money Laundering (ML) and Terrorist Financing (TF) threats that the gambling industry faces are diverse, complex and are rapidly evolving.

Money launderers and terrorist financers use similar methods to store, move and obtain funds, although their motives differ.

If left unimpeded, the threats may result in:

Regulatory framework

Gambling operators must ensure they comply with the relevant legislation, and the regulatory licence conditions and codes of practice. These are:

Further information can be found within our anti-money laundering legislation page.

Operators are required to adopt a risk-based approach in the discharging of their legal obligations which focuses compliance effort where it is most needed and will therefore have the most impact. It requires the full commitment and support of senior management and the active co-operation all employees.

For further information regarding the steps gambling operators should take in applying a risk-based approach, please see our guidance on the prevention of money laundering and combating the financing of terrorism and our guidance on duties and responsibilities under the Proceeds of Crime Act 2002.

Proliferation financing

In September 2022, the Regulations were updated to require businesses in the regulated sector to risk assess and mitigate proliferation financing. Proliferation financing is defined as:

"The act of providing funds or financial services for use (in whole or in part) in the manufacture, acquisition, development, export, trans-shipment, brokering, transport, transfer, stockpiling of, or otherwise in connection with the possession or use of chemical, biological, radiological or nuclear weapons, including the provision of funds or financial services in connection with the means of delivery of such weapons and other Chemical, Biological, Radiological and Nuclear (CBRN)-related goods and technology1, in contravention of a relevant financial sanctions obligation2."

For further information on what casinos are required to do in relation to proliferation financing, please refer to the updates of the Commission’s casino guidance.

Russian financial sanctions

For information on how to comply with sanctions regulation, including the UK government’s financial sanctions against Russia, please refer to the Commission’s update on sanctions.


1 The meaning of 'biological weapon', 'chemical weapon', 'CBRN-related goods and technology', 'nuclear weapon' and 'radiological weapon' are set out in regulation 16A(10).

2 A relevant financial sanctions obligation is a prohibition or requirement in regulations made under section 1 of the Sanctions and Anti-Money Laundering Act 2018 (opens in new tab) and imposed for one or more of the purposes in section 3(1) and (2) of the Act so far as it relates to compliance with a relevant United Nations (UN) obligation.

Methodology

1 Introduction to Methodology

The reporting period for this risk assessment is 1 June 2020 to 31 March 2023. The risk assessment has been developed in consultation with sector and/or industry specialists. 

The Gambling Commission has adopted a methodology based on the Financial Action Task Force (FATF) Guidance on Money Laundering and Terrorist Financing Risk Assessments. FATF sets the global standards for anti-money laundering and counter-terrorist financing1.

It is important to note that the Commission’s assessment of risk within each sector or theme is considered in the context of the British gambling industry and not in comparison to other British industries regulated under the Money Laundering Regulations, for example, the retail banking sector2. Furthermore, the Commission may not have access to the confidential source materials available to HM Treasury and the Home Office when they produce the National Risk Assessment, limiting our assessment to our own data and specialists, and sources that are available externally. 


1 FATF Guidance “National Money Laundering and Terrorist Financing Risk Assessment” February 2013.

2 The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.

2 Stages of the money laundering and terrorism financing risk assessment 

The risk assessment is completed in the following stages: identification, assessment and evaluation, and management. 

Identification

In this stage, known or suspected threats and vulnerabilities are used to identify emerging risks and previously unidentified risks relating to money laundering and terrorist financing to the specific sectors within the gambling industry. Risks identified in this paper were gathered from a variety of sources, including:

Our identification of risk extends to both domestic and international evidence and best practice. 

Assessment and evaluation 

In this stage, an assessment of the likelihood and impact of those risks occurring is conducted, considering controls and consequences.  

The methodology uses an approach that can be represented as likelihood × impact = risk rating. This is conducted using the Commission’s Money Laundering and Terrorist Financing Risk Assessment Matrix (ML/TF RAM).  

In addition to considering risk in the context of individual licensees, we consider systemic risk in the context of the collective actions or vulnerabilities in sectors, thematic indicators or the wider industry.  

A moderation process, including reviews by qualified professionals, is utilised to evaluate the scores allocated to each risk, its likelihood of occurring and the impact should this occur. 

Management

The management process is conducted through reviewing The Gambling Commission's money laundering and terrorist financing risk assessment: 2020 and reporting on the current status of the risks previously identified. Each of the risks have been assessed using information sources as referred to above in the assessment section. New risks identified during the time parameter of this report, and previously identified risks have been assessed using consistent methodology. 

Application of Approach 

The application of relevant concepts in this assessment are set out as follows. 

Risk – risk is considered to be the potential that an event, action, or series of events or actions will have an adverse effect on the Money Laundering and Terrorist Financing and Transfer of Funds (Information on the Payer) 2017 (the Regulations), Proceeds of Crime Act (POCA), The Terrorism Act 2002 (TACT), the Gambling Commission Act 2005 (the Act) licensing objectives or the Licence Condition of Codes of Practice (LCCP). 

Threats – threats can manifest through the intentional ‘washing’ of criminal funds, through criminal spending or terrorist financing. They can relate to people seeking control of gambling businesses for illegal purposes or responsible people recklessly or unwittingly facilitating money laundering or terrorist financing through their failures to discharge their responsibilities effectively. 

Vulnerabilities – the Commission has grouped the relevant factors that are assessed as vulnerabilities into five categories: 

Controls – the assessment of vulnerabilities requires assessment of the effectiveness of the controls in place. The absence of, or ineffectual application of controls would indicate a high level of vulnerability. The Commission considers controls to include:  

Controls are primarily the responsibility of the licensees but may also include actions taken by the Commission through its licensing, compliance or enforcement actions and its supervisory authority role.

Consequences – this is a high-level commentary of what the Commission is seeing, to support the risk assessment produced by Commission specialists. It references information and evidence which depicts what is arising from the vulnerabilities in question. 

Likelihood – in assessing the likelihood of a threat materialising, the Commission may also consider:  

Impact – the impact is assessed to be the extent at which the risk materialising will influence the licensing objectives and the general interest of consumers. It also allows the Commission (as a supervisory authority) to: 

3 Gambling Commission’s risk assessment matrix (ML/TF RAM) 

The risk level is represented by a likelihood score multiplied by an impact score to provide and overall risk score.

Table actions:

Likelihood × Impact = Risk

Likelihood of event occurring Impact of event occurring Overall risk (Likelihood × Impact)
Low (1) Low (1) Low (1)
Low (1) Medium (2) Low (2)
Low (1) High (3) Medium (3)
Medium (2) Low (1) Low (2)
Medium (2) Medium (2) Medium (4)
Medium (2) High (3) High (6)
High (3) Low (1) Medium (3)
High (3) Medium (2) High (6)
High (3) High (3) High (9)

Indicators of low overall risk (likelihood and impact) (risk of 1 or 2) are:

Indicators of medium overall risk (likelihood and impact) (risk of 3 or 4) are:

Indicators of high overall risk (likelihood and impact) (risk of 6 or 9) are:

Changes in risk

To note how the risk ratings compare to the ratings of the previous assessment, the following descriptions are used in the assessment.

New risk – this refers to identified emerging risks and previously unidentified risks that were not in the previous assessment.

New risk rating – this refers to risks that were previously given an overall risk rating and have now been assigned a likelihood and impact rating.

Decrease or increase in likelihood and impact – noting a change in the risk rating.

Changes to the methodology 

The methodology in this edition of the Gambling Commission’s risk assessment has been amended from previous versions to simplify the risk ratings. The risk ratings used in this assessment are low, medium and high. The ratings of very low and very high have been removed, with such risks now being rated low or high.

Casino (remote)

Sector rating

Sector Previous overall risk rating Current overall risk rating
Casino (remote) High High

For further information relating to the inherent risks (including vulnerabilities, consequences and controls), see our previous 2020 risk assessment.

Inherent risks

Vulnerability Risk Likelihood of event occurring Impact of event occurring Overall risk Change in risk
Operator control Operators failing to comply with prevention of money laundering and terrorist financing legislation and guidance High (3) High (3) High (9) No change
Operator control High monetary thresholds High (3) High (3) High (9) New risk rating
Operator control High value customer schemes Medium (2) High (3) High (6) Decrease in likelihood
Operator control Failure to implement a closed loop system Medium (2) High (3) High (6) New risk rating
Operator control Over reliance on payment providers for carrying out customer due diligence (CDD) measures Medium (2) High (3) High (6) New risk rating
Operator control Third party business relationships and business investors Medium (2) High (3) High (6) New risk
Operator control Lack of competence of key personnel and licence holders which can then potentially be exploited by criminals seeking to launder the proceeds of crime Medium (2) High (3) High (6) New risk
Licensing and integrity Gambling operations being acquired by organised crime to launder criminal proceeds or the Ultimate Beneficial Ownership is a criminal or involved in criminal activity Low (1) High (3) Medium (3) No change
Licensing and integrity White label providers High (3) High (3) High (9) No change
Customer Customer not physically present for identification purposes High (3) High (3) High (9) No change
Customer False or stolen identity documentation used to bypass controls to facilitate the laundering of criminal funds High (3) High (3) High (9) No change
Customer Accessibility to multiple remote casinos High (3) High (3) High (9) No change
Customer Customers who appear on financial sanctions lists laundering funds which are subject to an asset freeze Low (1) High (3) Medium (3) No change
Customer Foreign politically exposed persons (PEPs) using casinos to launder illicit or criminal funds Medium (2) High (3) High (6) No change
Customer Domestic PEPs using casinos to clean criminal funds identification and verification Low (1) Medium (2) Medium (2) No change
Customer Customers making numerous low-level transactions to minimise suspicion and evade CDD requirements at the threshold (‘smurfing’) High (3) High (3) High (9) No change
Customer Use of third parties or agents to obscure the source or ownership of money gambled by customers and their identities High (3) High (3) High (9) No change
Customer Organised crime gangs Medium (2) High (3) High (6) New risk rating
Customer Mule accounts High (3) High (3) High (9) New risk rating
Means of payment E-wallet Medium (2) Medium (2) Medium (4) No change
Means of payment Crypto asset transactions Medium (2) High (3) High (6) No change
Means of payment Pre-paid cards High (3) High (3) High (9) No change
Means of payment Multiple methods of payment Medium (2) High (3) High (6) New Risk
Means of payment Casinos acting as Money Service Businesses (MSBs) High (3) High (3) High (9) New risk
Product Peer to Peer Gaming (poker) - Business to Business and Business to Customer High (3) High (3) High (9) No change
Product High-stakes gambling and feature buy-in slots Medium (2) High (3) High (6) New risk rating
Geographic Customers from high-risk jurisdictions using casino facilities to launder criminal funds Medium (2) High (3) High (6) No change

Case studies

Pre-paid cards
An individual made large deposits using pre-paid cards. When the operator attempted to determine the source of the individual’s funds, the customer claimed that they received their salary in cash.

An individual deposited several thousand pounds with pre-paid cards. Subsequent checks revealed that they were unemployed.

Smurfing
An individual had several failed deposit attempts and then made a series of deposits in low amounts. Once the deposits had been made, the customer requested an immediate withdrawal without any gameplay and then made a further small deposit.

Casino (non-remote)

Sector Risk

Sector Previous overall risk rating Current overall risk rating
Casino (non-remote) High High

For further information relating to the inherent risks (including vulnerabilities, consequences and controls), see our previous 2020 risk assessment.

Inherent Risk

Vulnerability Risk Current likelihood of event occurring Current impact of event occurring Overall risk Change in risk
Operator control Operators failing to comply with prevention of money laundering and terrorist financing legislation and guidance High (3) High (3) High (9) No change
Operator control Undermining of the Money Laundering Reporting Officer (MLRO) role by senior management which can intentionally or unintentionally lead to exploitation by money launderers Medium (2) High (3) High (6) Decrease in likelihood
Operator control Lack of competence of key personnel and licence holders which can then potentially be exploited by criminals seeking to launder the proceeds of crime Medium (2) High (3) High (6) Decrease in likelihood
Operator control Lack of adequate and relevant due diligence checks conducted resulting in criminals laundering money High (3) High (3) High (9) No change
Operator control Lack of key person in place responsible for regulatory compliance (as required under regulation 21(1) (a)) Medium (2) High (3) High (6) New risk rating
Operator control Employees who do not hold a personal licence being responsible for ID checks Medium (2) High (3) High (6) New risk rating
Operator control Third party business relationships and business investors Medium (2) High (3) High (6) New risk
Operator control Unlicensed casino employees with known criminal records or suspected criminal activities Medium (2) High (3) High (6) Decrease in likelihood
Licensing and integrity Gambling operations being acquired by organised crime to launder criminal proceeds, or the Ultimate Beneficial Ownership is a criminal or involved in a criminal activity Medium (2) High (3) High (6) No change
Licensing and integrity Employees colluding with criminals High (3) High (3) High (9) No change
Geographic Customer from high-risk jurisdictions using casino facilities to launder money Medium (2) High (3) High (6) No change
Customer Customers who appear on financial sanctions list laundering funds which are subject to asset freeze Low (1) High (3) Medium (3) No change
Customer Foreign politically exposed persons (PEPs) using casinos to clean criminal funds Medium (2) High (3) High (6) No change
Customer Domestic PEPs using casinos to clean criminal funds Low (1) Medium (2) Low (2) No change
Customer False or fraudulently obtained or stolen ID docs used to bypass controls Medium (2) High (3) High (6) No change
Customer Customers breaking up large amounts of cash into small transactions to minimise suspicion and evade customer due diligence (CDD) requirements at the threshold (‘smurfing’) High (3) High (3) High (9) Increase in likelihood
Customer Use of third parties or agents to obscure the source or ownership of money gambled by customers and their identities Medium (2) High (3) High (6) No change
Means of payment Cash transactions High (3) High (3) High (9) No change
Means of payment Casinos acting as Money Service Businesses (MSBs) High (3) High (3) High (9) No change
Means of payment Cryptoasset payments Medium (2) High (3) High (6) No change
Means of payment Cashless payments Medium (2) High (3) High (6) New risk rating
Means of payment Transfer of funds between casino customers Medium (2) High (3) High (6) No change
Means of payment Scottish notes Low (1) High (3) Medium (3) New risk rating
Product Bring your own devices (BYODs) Low (1) High (3) Medium (3) New risk rating
Product Electronic roulette - when used with ticket in ticket out and automatic ticket redemption machines Medium (2) High (3) High (6) No change
Product Gaming machines (all) Medium (2) High (3) High (6) Decrease in likelihood
Product Peer to peer gaming (poker) business to customer (B2C) High (3) High (3) High (6) No change

Case studies

Scottish notes
An individual attempted to exchange a large quantity of Scottish notes at a casino cash desk and their request was denied. They were later seen on the casino’s CCTV inserting large quantities of cash into an electronic gaming machine. The machine was later checked and found to contain several thousand pounds in Scottish notes.

Casinos offering Money Service Businesses (MSBs)

The Regulations designate the Gambling Commission as the supervisory authority for casinos in the United Kingdom (UK). While under the Regulations HMRC is the supervisory authority for authority for money service businesses facilities (MSBs), the Commission and HMRC have agreed, under Regulation 7(2), that the Commission will act as the supervisory authority for MSB activities carried out by casinos (which includes foreign exchange, third-party money transmission and third-party cheque cashing).

The Commission found that around 2 percent of business to customer remote casinos offered some form of MSB activity. In the same period, around 66 percent of non-remote casinos offered some form of MSB activity1.

Commission-based research found that:

All types of MSB activity are seen as carrying Money Laundering and Terrorist financing (ML/TF) risk as they could be used by criminals to break their funds up and conceal its source or destination, which makes it harder for the flow of funds to be tracked and disrupted.

Specific risks include:

Some red flag risk indicators identified with MSB activity are:

Case studies


Third party payment MSB activity for online casinos may include cases of a spouse’s card being used to fund the gambler’s account, or the money is paid out from the account to a third party. Clearly there are risks associated with this and we expect operators to have measures in place such as identification and source of fund checks.

The Commission found that some remote casino operators were unable to separate their financial data accurately in relation to MSB activity and other activity in customers’ e-wallets. Failing to do so means that operators are not sufficiently assessing, monitoring, and controlling the risks associated with MSB activity.

This highlights the importance of operators adopting a risk-based approach in order to mitigate the potential money laundering and terrorism financing risks associated with MSB activity.


1 In the period between 1 January 2020 to 31 December 2021. Please note this time frame includes the COVID-19 lockdown period, and so may not be fully reflective of the number of casinos that offer MSB activities.

Betting (remote)

Sector Risk

Sector Previous overall risk rating Current overall risk rating
Betting (remote) High High

For further information relating to the inherent risks (including vulnerabilities, consequences and controls), see our previous 2020 risk assessment.

Inherent Risk

Vulnerability Risk Current likelihood of event occurring Current impact of event occurring Overall risk Change in risk
Operator control Operators failing to comply with prevention of money laundering and terrorist financing legislation and guidance High (3) High (3) High (9) No change
Operator control Operators staking and winning directly and indirectly on their own products Low (1) Medium (2) Low (2) No change
Operator control Lack of competence of key personnel and licence holders which can then be exploited by criminals seeking to launder the proceeds of crime Medium (2) High (3) High (6) Decrease in likelihood
Operator control Inadequate or lack of ‘know your customer’ (KYC) checks resulting in criminals laundering criminal proceeds or risk of this occurring High (3) High (3) High (9) No change
Operator control ‘High value’ customer schemes Medium (2) High (3) High (6) No change
Operator control High monetary thresholds High (3) High (3) High (9) New risk rating
Operator control KYC completed at the point of withdrawal Medium (2) High (3) High (6) New risk rating
Operator control Third party business relationships and business investors Medium (2) High (3) High (6) New risk rating
Licensing and integrity Gambling operations run or acquired by organised criminals to launder criminally derived funds Low (1) High (3) Medium (3) Decrease in likelihood
Licensing and integrity White label providers High (3) High (3) High (9) No change
Customer False or stolen documentation used to bypass controls to launder criminally derived funds High (3) High (3) High (9) No change
Customer Accessibility to multiple remote accounts Medium (2) High (3) High (6) Decrease in likelihood
Customer Customers from high risk or non-cooperative jurisdictions using remote facilities to launder criminally derived funds Medium (2) High (3) High (6) Decrease in likelihood
Customer Customers who appear on international financial sanctions lists laundering criminal funds Low (1) High (3) Medium (3) No change
Customer ‘Smurfing’ High (3) High (3) High (9) Increase in risk
Customer ‘Mule’ betting accounts High (3) High (3) High (9) No change
Customer Politically exposed persons (PEPs) Medium (2) High (3) High (6) New risk rating
Customer Business customers (betting exchange) Medium (2) High (3) High (9) New risk rating
Customer Use of third parties or agents to obscure the source or ownership of money gambled by customers and their identities High (3) High (3) High (9) No change
Means of payment E-wallets Medium (2) Medium (2) Medium (4) No change
Means of payment Cryptoasset transactions Medium (2) High (3) High (6) No change
Means of payment Pre-paid cards High (3) High (3) High (9) No change
Means of payment Lack of ‘closed loop’ system Medium (2) High (3) High (6) New risk rating
Means of payment Multiple methods of payment Medium (2) High (3) High (6) New risk
Product Peer to peer betting High (3) High (3) High (9) Increase score
Product Unregulated betting events Medium (2) High (3) High (6) New risk rating

Case studies

Mule accounts
A student with no formal employment was asked for source of funds information by an operator as part of Know your customer (KYC) checks. The student provided a bank statement which showed them making large cash deposits into their bank account, which was followed by smaller transfers to other individuals with the payment references naming other gambling operators.

Smurfing
An individual was identified as having made regular deposits in relatively low increments, which were then placed on low-risk bets with an almost guaranteed return. The customer attempted to withdraw using an e-wallet and was asked for evidence that they were the legitimate owner of the wallet. At this point, the individual confirmed their e-wallet account had been closed.

Betting (non-remote)

Sector rating

Sector Previous overall risk rating Current overall risk rating
Betting (non-remote) High High
Off-course High High
On-course Medium Medium

For further information relating to the inherent risks (including vulnerabilities, consequences and controls), see our previous 2020 risk assessment.

Inherent risks

Vulnerability Risk Likelihood of event occurring Impact of event occurring Overall risk Change in risk
Operator control Operators failing to comply with prevention of money laundering and terrorist financing legislation and guidance (off-course only) High (3) High (3) High (9) No change
Operator control Operators failing to comply with prevention of money laundering and terrorist financing legislation and guidance (on-course only) Medium (2) Medium (2) Medium (4) No change
Operator control Lack of effective customer interaction resulting in a failure to prevent and/or detect Money Laundering or Terrorist financing (ML/TF) (off-course only) Medium (2) High (3) High (6) No change
Operator control Lack of effective customer interaction resulting in a failure to prevent and/or detect ML or TF (on-course only) Medium (2) Medium (2) Medium (4) No change
Operator control Inadequate or lack of 'know your customer' (KYC) checks resulting in criminals laundering criminal proceeds (off-course only) High (3) High (3) High (9) No change
Operator control Inadequate or lack of KYC checks resulting in criminals laundering criminal proceeds (on-course only) Medium (2) Medium (2) Medium (4) No change
Operator control Third party business relationships and business investors (off-course only) Medium (2) High (3) High (6) New risk
Operator control On-course bookmakers providing unlicensed gambling activities (for example, accepting bets over the phone without having the required ancillary betting licence) Low (1) Medium (2) Medium (2) No change
Licensing and integrity Betting operations being acquired by organised crime to launder criminal proceeds (off-course only) Low (1) High (3) Medium (3) No change
Licensing and integrity Betting operations being acquired by organised crime to launder criminal proceeds (on-course only) Low (1) High (3) Medium (3) No change
Licensing and integrity Betting employees acting in collusion with organised criminals to launder criminal funds (off-course only) Medium (2) High (3) High (6) No change
Licensing and integrity Betting employees acting in collusion with organised criminals to launder criminal funds (on-course only) Low (1) Medium (2) Low (2) No change
Customer Unverified customers laundering proceeds of crime through betting (off-course only) High (3) High (3) High (9) No change
Customer Unverified customers laundering proceeds of crime through betting (on-course only) Medium (2) Medium (2) Medium (4) No change
Customer Accessibility to multiple premises and operators (off-course only) High (3) High (3) High (9) No change
Customer False or stolen identification documentation used to bypass controls to launder criminal funds (off-course only) Medium (2) High (3) High (6) Increase in impact
Customer Organised criminal gangs (OCGs) Low (1) High (3) Medium (3) No change
Product Gaming machines used to launder criminal funds (off-course only) Medium (2) High (3) High (6) Decrease in likelihood
Product Self service betting terminals and ticket-in-ticket-out (TITO) machines used to launder criminal funds (off-course only) Medium (2) High (3) High (6) No change
Product Bring your own device (BYOD) Low (1) Medium (2) Low (2) Decrease in impact and likelihood
Means of payment Cash transactions High (3) High (3) High (9) No change
Means of payment Cashless transactions Medium (2) High (3) High (6) Increase in impact
Means of payment Dyed notes Low (1) Medium (2) Low(2) No change
Means of payment Lack of ‘closed loop’ system Medium (2) High (3) High (6) No change
Means of payment Multiple methods of payment Medium (2) High (3) High (6) New risk
Means of payment Scottish notes Low (1) High (3) Medium (3) No change

Case studies

Dyed Notes
Two individuals deposited several hundred pounds of bank notes into a self-service betting terminal which were later found to be stained with what appeared to be anti-theft dye. The individuals were then able to withdraw clean notes from counter staff

Lack of 'closed loop' system and access to multiple premises
An individual deposited several thousand pounds on a self-service betting terminal using a debit card and made bets on several events. The bets were cashed out early before the events had started and the customer was able to withdraw the funds at a different store in the form of cash.

Bingo (remote)

Table actions:

Sector rating

Sector Previous overall risk rating Current overall risk rating
Bingo (Remote) High High

The remote bingo and betting sector will be assessed separately for the purposes of this assessment as the risks differ for both sectors.

For further information relating to the inherent risks (including vulnerabilities, consequences and controls), see our previous 2020 risk assessment.

Sector rating

Vulnerability Risk Likelihood of event occurring Impact of event occurring Overall risk Change in risk
Operator Control Operators failing to comply with prevention of money laundering and terrorist financing legislation and guidance High (3) High (3) High (9) No change
Operator control Operators staking and winning directly and indirectly on their own products Low (1) Medium (2) Low (2) No change
Operator control Poor source of funds checks High (3) High (3) High (9) No change
Operator control Inadequate or lack of 'know your customer' (KYC) checks High (3) High (3) High (9) No change
Operator control Third party business relationships and business investors Medium (2) High (3) High (6) New risk rating
Licensing and integrity Gambling operations run by organised criminals to launder criminally derived funds Low (1) High (3) Medium (3) No change
Customer Customer not physically present for identification High (3) High (3) High (9) No change
Customer False or stolen documentation used to bypass controls to launder criminally derived funds Medium (2) High (3) High (6) No change
Customer Accessibility to multiple remote accounts Medium (2) High (3) High (6) Decrease in likelihood
Customer Customers on the sanction list Low (1) High (3) Medium (3) New risk rating
Customer Use of third parties or agents to obscure the source or ownership of money gambled by customers and their identities Medium (2) High (3) High (6) New risk rating
Customer ‘Smurfing’ Medium (2) High (3) High (6) New risk rating
Means of payment Cryptoasset transactions Medium (2) High (3) High (6) New risk rating
Means of payment Pre-paid cards Medium (2) High (3) High (6) Decrease in likelihood
Means of payment Multiple methods of payment Medium (2) High (3) High (6) New risk
Means of payment E-wallets Medium (2) Medium (2) Medium (4) No change

Case studies

False or stolen ID
A criminal used stolen ID and debit cards with a gambling operator. The individual deposited funds from several stolen debit cards into the gambling account and then attempted to withdraw the funds to one debit card.

Multiple methods of payment
An individual made deposits into their gambling account from several different debit cards as well as an e-wallet. When withdrawing funds, they only used the e-wallet. A customer made multiple deposits using numerous debit cards within the first hour of opening their account.

Accessibility to multiple accounts
Following Know Your Customer (KYC) checks an individual was identified as having deposits and credits with several dozen online gambling operators and payment processors during only a few months.

Bingo (non-remote)

Sector rating

Sector Previous overall risk rating Current overall risk rating
Bingo (non-remote) Medium Medium

For further information relating to the inherent risks (including vulnerabilities, consequences and controls), see our previous 2020 risk assessment.

Inherent risks

Vulnerability Risk Likelihood of event occurring Impact of event occurring Overall risk Change in risk
Operator control Operators failing to comply with prevention of money laundering and terrorist financing legislation and guidance Medium (2) Medium (2) Medium (4) No change
Operator control Lack of or inadequate ‘know your customer’ (KYC) checks conducted resulting in criminals laundering criminal proceeds Medium (2) Medium (2) Medium (4) No change
Operator control Third party business relationships and business investors Medium (2) Medium (2) Medium (4) New risk
Licensing and integrity Gambling operations being acquired by organised crime to launder criminal proceeds Low (1) Medium (2) Low (2) No change
Licensing and integrity Employees colluding with criminals Low (1) Medium (2) Low (2) No change
Customer Anonymous customers laundering proceeds of crime through gaming machines Low (1) Medium (2) Low (2) No change
Product Electronic Betting Terminals (EBTs) including table-top gaming (either traditionally or via EBT content) Low (1) Medium (2) Low (2) No change
Product Gaming Machines, Category B3 Low (1) Medium (2) Low (2) No change
Product Bring your own device (BYOD) Low (1) Medium (2) Low (2) New risk rating
Means of payment Cash payments Medium (2) Medium (2) Medium (4) No change
Means of payment Ticket-in-ticket-out (TITO) facilities used to launder funds when used in conjunction with automatic ticket redemption machines (ATR) Medium (2) Medium (2) Medium (4) No change
Means of payment Cashless payment Low (1) Medium (2) Low (2) No change
Means of payment Scottish notes Low (1) Medium (2) Low (2) New risk

Case study

Scottish notes
A customer attempted to exchange a large amount of Scottish notes for English notes at the cash desk but was unable to explain the origin of the funds when asked.

Arcades

Sector rating

Sector Previous overall risk rating Current overall risk rating
Adult Gaming Centres (AGCs) Medium Medium
Family Entertainment Centres (FECs) Low Low

For further information relating to the inherent risks (including vulnerabilities, consequences and controls), see our previous 2020 risk assessment.

Inherent risks

Vulnerability Risk Likelihood of event occurring Impact of event occurring Overall risk Change in risk
Operator control Operators failing to comply with prevention of money laundering and terrorist financing legislation and guidance Low (1) Medium (2) Low (2) No change
Operator control Lack of competency of key personnel and licence holders which can then be exploited by criminals seeking to launder the proceeds of crime (AGCs only) Low (1) Medium (2) Low (2) No change
Operator control Lack of competency of key personnel and licence holders which can then be exploited by criminals seeking to launder the proceeds of crime (FECs only) Low (1) Medium (2) Low (2) No change
Operator control Third party business relationships and business investors Low (1) Medium (2) Low (2) New risk
Licensing and Integrity Arcade businesses being acquired by organised crime to launder criminal proceeds (AGCs only) Low (1) Medium (2) Low (2) No change
Licensing and Integrity Arcade businesses being acquired by organised crime to launder criminal proceeds (FECs only) Low (1) Low (1) Low (1) No change
Customer Anonymous customers laundering proceeds of crime through gaming machines (AGCs only) Medium (2) Medium (2) Medium (4) No change
Customer Anonymous customers laundering proceeds of crime through gaming machines (FECs only) Low (1) Low (1) Low (1) No change
Product Automated ticket redemption (ATR) machines used to facilitate the laundering of criminally derived funds (AGCs only) Low (1) Medium (2) Low (2) No change
Product Gaming machines, Category B3 being used to launder criminally derived funds (AGCs only) Medium (2) Medium (2) Medium (4) No change
Product Privacy booths (AGCs only) Medium (2) Medium (2) Medium (4) No change
Product Privacy booths (FECs only) Medium (2) Low (1) Low (2) No change
Product Bring your own device (BYOD) Low (1) Medium (2) Low (2) No change
Means of payment Cash transactions Medium (2) Medium (2) Medium (4) Increase in likelihood
Means of payment Cashless payments Medium (2) Medium (2) Medium (4) No change
Means of payment Ticket-in-ticket-out (TITO) facilities used to launder funds, when used in conjunction with ATR machines (AGCs only) Low (1) Medium (2) Low (2) No change
Means of payment Dyed notes Low (1) Medium (2) Low (2) No change
Means of Payment Scottish notes Low (1) Medium (2) Low (2) New risk

Case studies

Dyed notes
Several hundred pounds of stained notes were found in gaming machines located at an AGC.

Scottish notes
Counterfeit Scottish notes have been found in gaming machines at several venues across the UK.

Society Lotteries and external lottery managers (remote and non-remote)

Sector rating

Sector Previous overall risk rating Current overall risk rating
Society lotteries (remote and non-remote) Low Low
External Lottery managers (remote and non-remote) Low Low

Society lotteries and the National Lottery are being assessed separately for the purposes of this assessment as they are two separate sectors and the risks posed differ.

For further information relating to the inherent risks (including vulnerabilities, consequences and controls), see our previous 2020 risk assessment.

Inherent risk

Vulnerability Risk Likelihood of event occurring Impact of event occurring Overall risk Change in risk
Operator control Operators failing to comply with prevention of money laundering and terrorist financing legislation and guidance Low (1) Low (1) Low (1) Decrease in likelihood
Operator control Third party business relationships and business investors Low (1) Low (1) Low (1) No change
Operator control Licensee failing to transfer lottery proceeds to charities Low (1) Medium (2) Low (2) Increase in impact
Licensing and integrity Operator being acquired by organised crime to launder criminal funds Low (1) Low (1) Low (1) No change
Customer Anonymous customers (Non-Remote) Low (1) Low (1) Low (1) No change
Customer False and stolen identity documentation Low (1) Low (1) Low (1) No change
Customer Customer not physically present (remote) Low (1) Low (1) Low (1) No change
Product Interactive instant win games (online) Low (1) Low (1) Low (1) No change
Products Scratch cards or interactive instant win games Low (1) Low (1) Low (1) No change
Means of payment Cash transactions (non-remote only) Low (1) Low (1) Low (1) No change

Case study

Licensee failing to transfer lottery proceeds to charities
An External Lottery Manager (ELM) was convicted of misusing lottery proceeds. The Chief Executive Officer (CEO) used lottery proceeds to cover the costs of running the business and failed to pass on the proceeds to charities.

National Lottery (remote and non-remote)

Sector rating

Sector Previous overall risk rating Current overall risk rating
National Lottery Low Low

For this assessment, the risks associated with the National Lottery and society lotteries have been assessed separately.

For further information relating to the inherent risks (including vulnerabilities, consequences and controls), see our previous 2020 risk assessment.

Inherent risk

Vulnerability Risk Likelihood of event occurring Impact of event occurring Overall risk Change in risk
Operator control Operators failing to comply with prevention of money laundering and terrorist financing legislation and guidance Low (1) Low (1) Low (1) No change
Operator control 'Know your customer' (KYC) checks Low (1) Low (1) Low (1) New risk rating
Licensing and integrity National Lottery acquired by organised crime to launder criminal funds Low (1) Medium (2) Low (2) No change
Customer Anonymous customers (non-remote) Low (1) Medium (2) low (2) No change
Customer False and stolen identity documentation Low (1) Low (1) Low (1) No change
Customer Customer not physically present (remote) Low (1) Low (1) Low (1) No change
Product Scratch cards or interactive instant win games Low (1) Low (1) Low (1) No change1
Means of payment Cash transactions Low (1) Low (1) Low (1) No change

1 Previously rated ‘very low’ - the change reflects changes to the methodology rather than the overall risk.

Gambling software (remote and non-remote)

Sector rating

Sector Previous overall risk rating Current overall risk rating
Gambling software (remote and non-remote) Low Low

The gambling software and gaming machine technical sectors have been assessed separately in this assessment as they are two separate gambling sectors.

For further information relating to the inherent risks (including vulnerabilities, consequences and controls), see our previous 2020 risk assessment.

Table actions:

Inherent risk

Vulnerability Risk Likelihood of event occurring Impact of event occurring Overall risk Change in risk
Operator control Operators failing to comply with prevention of money laundering and terrorist financing legislation and guidance Low (1) Low (1) Low (1) No change
Operator control Inadequate or lack of due diligence checks on any third-party providers (for example, test houses) Low (1) Medium (2) Low (2) No change
Operator control Third-party business relationships and business investors Low (1) Medium (2) Low (2) New risk

Gaming machine technical (remote and non-remote)

Sector rating

Sector Previous overall risk rating Current overall risk rating
Gaming machine technical (remote and non-remote) Low Low

For further information relating to the inherent risks (including vulnerabilities, consequences and controls), see our previous 2020 risk assessment.

Inherent risk

Vulnerability Risk Likelihood of event occurring Impact of event occurring Overall risk Change in risk
Operator control Operators failing to comply with prevention of money laundering and terrorist financing legislation and guidance Low (1) Low (1) Low (1) No change
Operator control Inadequate or lack of due diligence checks on any third-party providers (for example, test houses) Medium (2) Low (1) Low (2) No change
Operator Control Lack of adherence with Technical Standards Low (1) Low (1) Low (1) No change
Operator control Third-party business relationships and business investors Low (1) Medium (2) Low (2) New risk
Product Gaming machines Category B, C and D, fixed odds betting terminals (FOBTs), self-service betting terminals (SSBTs), ticket-in-ticket-out (TITO) used to launder the proceeds of crime Low (1) Low (1) Low (1) No change
Product TITO-enabled gaming machines used to launder funds when used with Automated ticket redemption machines (ATR) Low (1) Low (1) Low (1) No change

Terrorist financing

Sector rating

Sectors Previous overall risk rating Current overall risk rating
All sectors Low Medium

For further information relating to the inherent risks (including vulnerabilities, consequences and controls), see our previous 2020 risk assessment.

Inherent risks

Vulnerability Risk Likelihood of event occurring Impact of event occurring Overall risk Change in risk
Operator control Operators failing to understand or take consideration of terrorist financing vulnerabilities and applicable legislation Low (1) High (3) Medium (3) Increase in impact
Product Money Service Businesses (MSB) Low (1) High (3) Medium (3) Increase in impact
Product Charities and terrorist financing Low (1) High (3) Medium (3) Increase in impact
Customer Mule accounts Low (1) High (3) Medium (3) Increase in impact
Customer Increase in right-wing terrorism Low (1) High (3) Medium (3) Increase in impact
Means of payment Cryptoasset transactions Low (1) High (3) Medium (3) Increase in impact
Means of payment Pre-paid cards Low (1) High (3) Medium (3) Increase in impact
Means of payment Cash transactions Low (1) High (3) Medium (3) Increase in impact
Geographic International terrorism Low (1) High (3) Medium (3) Increase in impact

Terrorism 'red flag' indicators

Some potential ‘red flag’ indicators that operators should be alert to, based on evidence reviewed, are:

Previous editions of the Money laundering and terrorist financing risk assessment

As part their commitment to anti-money laundering and the prevention of terrorist financing, operators need to refer to The Gambling Commission's Money laundering and terrorist financing risk assessment: 2019 (opens in new tab) (PDF) and the money laundering and terrorist financing risk assessment: 2020.