Cookies on the Gambling Commission website

The Gambling Commission website uses cookies to make the site work better for you. Some of these cookies are essential to how the site functions and others are optional. Optional cookies help us remember your settings, measure your use of the site and personalise how we communicate with you. Any data collected is anonymised and we do not set optional cookies unless you consent.

Set cookie preferences

You've accepted all cookies. You can change your cookie settings at any time.

Skip to main content
  1. Public register
  2. Public statements
  3. Statement
Print statement
Public statement

Octopus Game Limited Public Statement

Published:
25 March 2026
Search or save this guide

Search this guide by:

  1. pressing Ctrl+f on your keyboard if you’re using a PC or ⌘+f if you’re using a Mac.
  2. typing the word or search term that you’re looking for.

Save a copy of this guide by:

  1. choose the 'save page' option in your browser
  2. save the HTML file in your chosen location.

You can also save this page as a PDF by:

  1. selecting the 'print this guide' button or use your browser print option
  2. in the print settings window, select 'Save as PDF'
  3. save the PDF file in your chosen location.

Our public statements make reference to breaches of the Licence Conditions and Codes of Practice (LCCP) requirements which were in effect at the time of the breach. In some cases, the requirements have since been updated.

Operators are expected to consider the issues outlined below and review their own practices to identify and implement improvements in respect of the management of customers’ accounts.

Introduction

Licensed gambling operators have a legal duty to ensure their gambling facilities are provided in compliance with the Gambling Act 2005 (opens in new tab)(the Act), the conditions of their licence and in accordance with the licensing objectives, which are to:

  • prevent gambling from being a source of crime or disorder, being associated with crime or disorder or being used to support crime
  • ensure that gambling is conducted in a fair, safe and open way
  • protect children and other vulnerable people from being harmed or exploited by gambling.

Operators are expected to consider the issues outlined below and review their own practices to identify and implement improvements in respect of the management of customers’ accounts.

Octopus Game Limited Executive Summary

A licence review under section 116 of the Act was commenced following a Compliance Assessment, conducted in November 2024 of the remote operating licence of Octopus Game Limited trading as Octopus Game (licence number 000-062545-R-337248-006).

The review found failings in Octopus Game Limited’s Anti-Money Laundering / Counter Terrorism Financing (AML/CTF) and Social Responsibility (SR) controls.

Octopus Game Limited failed to comply with the following Licence Conditions and Codes of Practice (LCCP):

In line with our Statement of Principles for Licensing and regulation, Octopus Game Limited will make a payment in lieu of a financial penalty of £26,000. Details of this are set out under the heading Octopus Game Limited Regulatory Settlement.

Octopus Game Limited Findings

A Commission compliance assessment and subsequent regulatory review found:

Breach of Paragraphs 1 and 2 of Licence Condition 12.1.1

LCCP 12.1.1(1) requires:

"Licensees must conduct an assessment of the risks of their business being used for money laundering and terrorist financing. Such risk assessment must be appropriate and must be reviewed as necessary in the light of any changes of circumstances, including the introduction of new products or technology, new methods of payment by customers, changes in the customer demographic or any other material changes, and in any event reviewed at least annually."

We found that Octopus Game Limited’s risk assessment was not appropriate between May 2024 and August 2025.

Some key risks were omitted from the Licensee’s risk assessment; for example, high value customer schemes, third party business relationships and business investors. There was no evidence that the risk assessment had been updated to take into account the Commission’s AML Guidance or Emerging Risks publications and there were no review dates to confirm that the risk assessment was being reviewed annually.

LCCP 12.1.1(2) requires:

"Following completion of and having regard to the risk assessment, and any review of the assessment, licensees must ensure they have appropriate policies, procedures and controls to prevent money laundering and terrorist financing."

We found that, between September 2024 and August 2025, Octopus Game Limited failed to ensure it had appropriate policies, procedures and controls to prevent money laundering and terrorist financing.

The Licensee was overly reliant on financial triggers to identify and mitigate the AML risks relating to a customer’s gambling activity, and the Enhanced Due Diligence process was insufficiently detailed.

Failure to Comply with Paragraphs 1, 2, 3, 5, 8, 9,11,12, and 13 of SRCP 3.4.3

Compliance with a SRCP is a condition of the licence by virtue of section 82(1) of the Act.

We found that between September 2024 and August 2025 Octopus Game Limited failed to comply with the following requirements relating to remote customer interaction.

SRCP 3.4.3 paragraph 1 requires:

"Licensees must implement effective customer interaction systems and processes in a way which minimises the risk of customers experiencing harms associated with gambling. These systems and processes must embed the three elements of customer interaction – identify, act and evaluate – and which reflect that customer interaction is an ongoing process as explained in the Commission’s guidance (see paragraph 2)."

The Licensee lacked effective customer interaction processes, which minimise the risk of customers experiencing gambling harms and embed the three elements of customer interaction – identify, act and evaluate.

SRCP 3.4.3 paragraph 2 requires:

“Licensees must take into account the Commission’s guidance on customer interaction for remote operators as published and revised from time to time (‘the Guidance”).”

The Licensee did not consider all aspects of the Commission’s guidance on customer interaction.

SRCP 3.4.3 paragraph 3 requires:

“Licensees must consider the factors that might make a customer more vulnerable to experiencing gambling harms and implement systems and processes to take appropriate and timely action where indicators of vulnerability are identified. Licensees must take account of the Commission’s approach to vulnerability as set out in the Commission’s Guidance.”

The Licensee had not considered all factors that might make a customer more vulnerable to experiencing gambling harms. For example, the Licensee had not considered factors such as physical or mental health, homelessness, or a customer adopting a high-risk strategy.

SRCP 3.4.3 paragraph 5 requires:

“Licensees must use a range of indicators relevant to their customer and the nature of the gambling facilities provided in order to identify harm or potential harm associated with gambling.

These must include:

  1. customer spend
  2. patterns of spend
  3. time spent gambling
  4. gambling behaviour indicators
  5. customer-led contact
  6. use of gambling management tools
  7. account indicators.”

The Licensee did not have controls for identifying all appropriate indicators of harm, such as customer-led contact and use of gambling management tools.

SRCP 3.4.3 paragraph 8 requires:

“Licensees must take appropriate action in a timely manner when they have identified the risk of harm.”

The Licensee received reports on customers who were at risk of gambling harm but was not undertaking customer interactions in a timely manner.

SRCP 3.4.3 paragraph 9 requires:

“Licensees must tailor the type of action they take based on the number and level of indicators of harm exhibited. This must include, but not be limited to, systems and processes which deliver:

  1. a tailored action at lowest levels of indicators of harm which seeks to minimise future harm
  2. increasing action where earlier stages have not had the impact required
  3. strong or stronger action as the immediate next steps in cases where that is appropriate, rather than increasing action gradually
  4. reducing or preventing marketing or the take-up of new bonus offers where appropriate
  5. ending the business relationship where necessary.”

The Licensee was not documenting customer interactions in much detail and it was not apparent that actions were being tailored based on the number and level of indicators of harm exhibited by customers.

SRCP 3.4.3 paragraph 11 requires:

“Licensees must ensure that strong indicators of harm, as defined within the licensee’s processes, are acted on in a timely manner by implementing automated processes. Where such automated processes are applied, the licensee must manually review their operation in each individual customer’s case and the licensee must allow the customer the opportunity to contest any automated decision which affects them.”

The Licensee did not identify customers who exhibited strong behavioural indicators of harm in a timely manner and that no automatic controls, other than financial backstops, were implemented to monitor behaviour and prevent gambling harm in real time.

SRCP 3.4.3 paragraph 12 requires:

“Licensees must implement processes to understand the impact of individual interactions and actions on a customer’s behaviour, the continued risk of harm and therefore whether and, if so, what further action is needed.”

The Licensee was not evaluating customer interactions and therefore was unable to determine if further interaction was needed.

SRCP 3.4.3 paragraph 13 requires:

“Licensees must take all reasonable steps to evaluate the effectiveness of their overall approach, for example by trialling and measuring impact, and be able to demonstrate to the Commission the outcomes of their evaluation.”

The Licensee was not evaluating the overall effectiveness of its customer interactions and was unable to demonstrate the outcomes of those interactions.

Octopus Game Limited Regulatory Settlement

This regulatory settlement consists of:

  • a payment in lieu of a financial penalty of £26,000. The money will be directed to the Consolidated Fund.
  • agreement to the publication of a statement of facts in relation to this case
  • payment towards the Commission’s costs of investigating the case.

In considering an appropriate resolution to this investigation, the Commission has had regard to the following aggravating and mitigating factors.

Aggravating factors

  • the Commission has previously issued public statements regarding similar issues which it has observed in relation to other operators.

Mitigating factors

Octopus Game Limited:

  • swiftly put in place an action plan designed to remedy the failings and provided updates
  • fully co-operated with the investigation and provided information by agreed deadlines
  • accepted the failings at an appropriately early stage in the investigation.

Good practice

Gambling operators should take account of the failings identified in this investigation to ensure industry learning. Operators should consider the following questions and take remedial action where required:

  • do you ensure that your ML/TF risk assessment is reviewed as necessary and at least annually? Does it include all of the risks relevant to the licensed activities?
  • do you update your ML/TF policies and procedures following a review of the risk assessment? do you provide training to staff when policies and procedures are changed?
  • would your safer gambling controls identify all of the potential indicators of harm, as required by SRCP 3.4.3?
  • do your safer gambling policies and procedures clearly define what you consider to be a strong indicator of harm? Do you have automated controls to act on these indicators in a timely manner? Do you tailor customer interactions based on the number and level of harm indicators exhibited by the customer?
  • can you demonstrate that you assess the impact of your customer interactions? Do you amend customer interactions procedures if the evaluation demonstrates that interactions have been ineffective?
Is this page useful?
Back to top