Emerging money laundering and terrorist financing risks from April 2025

The U.K. Gambling Commission Sanctions Victoria Gate Casino Leeds
Counter Terrorist Financing, Money Launderinggracechurchfcp

Licence Condition 12.1.1(3) of the Licence Conditions and Codes of Practice (LCCP), requires operators to keep up-to-date with emerging risks information published by the Gambling Commission.

This emerging risks publication is a trigger for operators to review their money laundering and terrorist financing risk assessments and related policies, procedures and controls to ensure that they remain appropriate and effective.

Money service business activity in remote and non-remote casinos

Risk information

Some remote and non-remote casinos offer money service business (MSB) facilities, which include:

foreign currency exchange
third-party cheque cashing
third-party money transfer (into and out of the casino)
We are aware of casino customers attempting to deposit large denomination notes of foreign currencies (including €500 notes) into casinos. As noted in HMRC’s document Understanding risks and taking action for money service businesses – GOV.UK (opens in new tab), the sale of high value notes, in any currency, entails a significant money laundering risk and any request to buy or sell €500 notes or quantities of other high denomination notes should be treated as high risk. The UK national risk assessment of money laundering and terrorist financing (opens in new tab) also states that criminals have been known to use currency exchange services to convert criminal cash into high denomination foreign currency notes.

The Commission surveyed the MSB activity offered by casinos and we noted a reduction in the number of casinos offering MSB activity, as well as a reduction in the number and value of MSB transactions. However, numerous high-value transactions are still completed via MSB facilities in casinos, and MSB activity within casinos is still rated as high risk in our risk assessment.

As noted in our risk assessment, other risks linked to MSB activity include:

payments received from politically exposed persons (PEPs) or persons appearing on financial sanction lists
customers may buy in using a number of different payment methods
high reliance on due diligence information from third party due diligence providers
funds transferred into accounts from unknown sources 
funds transferred from unlicensed MSBs.
What operators need to do

To ensure that they meet the requirements of the money laundering regulations and the conditions of their licence, casino operators must conduct an appropriate money laundering and terrorist financing risk assessment. Where MSB activity is offered, risk assessments must include an assessment of the money laundering and terrorist financing risks associated with the MSB activity offered. Following this risk assessment, operators must implement appropriate controls to prevent money laundering and terrorist financing and must review these regularly to ensure they remain effective.

Where foreign currency exchange services are offered, operators must have appropriate controls to address the risks associated with large denomination notes.

Due to the risks associated with MSB activity, it is our expectation that customers using MSB facilities offered by casinos are treated as high risk, and are subject to appropriate enhanced customer due diligence measures. More information about enhanced customer due diligence can be found in our guidance The prevention of money laundering and combating the financing of terrorism.

Operators offering MSB facilities must also review and consider HMRC’s MSB guidance (opens in new tab).

Artificial intelligence used to bypass customer due diligence

Risk information

The Commission is aware of an increase in the scale and sophistication of attempts to bypass customer due diligence checks using false documentation, deepfake videos and face swaps generated by artificial intelligence. As noted by the National Crime Agency (NCA) in issue 30 of their SARs in Action publication (opens in new tab)(PDF), accounts successfully created using AI are more likely to be used for criminality, such as money laundering or terrorist financing.

What operators need to do

Operators must consider all information they hold on a customer and, where documents are received from a customer, must ensure that these documents are appropriately scrutinised. Operators need to ensure their staff are appropriately trained to assess customer documentation, including how to identify false and AI generated documents.

Our guidance (opens in new tab)(PDF) contains more information about what operators must do when a customer is found to have submitted false documentation.

When submitting a SAR in relation to AI generated documents, the NCA has requested that the reference 0752-NECC is included in the relevant field. Please see SARs in Action Issue 30 (opens in new tab)(PDF) for more information.

Money in exchange for personal details and gambling accounts

Risk information

The Commission has been made aware of consumers being targeted by companies who offer money in exchange for personal details to open multiple gambling accounts in the customer’s name. Consumers are directed to upload their documentation which is then used by the third-party to open large numbers of gambling accounts. Customers are promised a financial reward in exchange for their personal details and documents, but there are reports of customers not receiving the money promised to them. Customers are also told that the documents will be treated securely, however, there is a concern that the documents may be used for other purposes or sold on.

There is a risk that those gaining access to other people’s information and using it to gamble may be acting as unlicensed betting intermediaries. We are also concerned about the risk of illicit mule account activity with accounts opened in this way.

What operators need to do

We urge operators to proactively review their processes for ID verification on a regular basis to ensure they remain effective. Operators must take immediate action when any gaps are identified or when learnings suggest improvements are required to tighten processes.

Licensees are required to have robust customer due diligence and onboarding checks in place. Licensees are also required to consider whether checks on ID documents are sufficient to identify false, stolen or ‘mule’ (third party) IDs. Licence Condition 17.1.1.(1) and (4) of the LCCP states that:

‘Licensees must obtain and verify information in order to establish the identity of a customer before that customer is permitted to gamble. Information must include, but is not restricted to, the customer’s name, address and date of birth.’

‘Licensees must take reasonable steps to ensure that the information they hold on a customer’s identity remains accurate.’

Third-party business relationships, including white-label partnerships and investments

Risk information

We are aware of gambling operators failing to conduct sufficient due diligence measures in relation to their third-party business relationships, including white-label partnerships and monies coming into the business in the form of loans or other investments.

White-label partnerships and business investments have both been noted as high risk within the Commission’s latest risk assessment.

What operators need to do

Operators must ensure that they have appropriately risk assessed their dealings with third-parties, including white-label partners and any entities providing loans and/or investments.

The assessment of these risks should include consideration of the risks posed to the operator by the jurisdictional location of their third-party, transactions and arrangements with business associates, and third-party suppliers such as payment providers and processors, including their beneficial ownership and source of funds. Effective management of third-party relationships should assure operators that the relationship is a legitimate one, and that they can evidence why their confidence is justified.

Licensees should also consider risks to the licensing objectives in their due diligence on white-label partners. This would include giving consideration to any activity the third-party is involved in outside of GB that the Commission considers medium or high risk as defined by our ML/TF risk assessment, as well as activity that is illegal in either GB or the territory in which it is conducted.

When accepting loans into their business, licensees are reminded of licence condition 15.2.1(3) LCCP Condition 15.2.1 – Reporting key events and the licensing objective to prevent gambling from being a source of crime or disorder, being associated with crime and disorder or being used to support crime. We are also able to request additional information about any loans or other money coming into the business, as per our Licensing, Compliance and Enforcement statement.

AML guidance and advice

Statement of principles for licensing and regulation

Open-loop payment processes

Risk information

In our latest risk assessment of the gambling industry, we noted that a ‘lack of closed loop’ payment systems is high risk. The Commission is aware of some operators (particularly non-remote betting operators) still operating open-loop payment processes.

Open-loop payment systems are a known money laundering risk as they allow the transfer of funds from one payment method to another, which can be used to disguise the origin and/or destination of funds. There is also a risk that criminals use open-loop systems to gamble with fraudulent or stolen cards.

What operators need to do

Closed-loop systems are considered best practice and mean operators process customer withdrawals and winnings to the same payment method that was used for the deposit. Where operators do not have a closed-loop system in place, there is a significant risk of criminals being able to use the business to launder money. Therefore, it is strongly recommended that gambling operators operate a closed-loop payment system.

Where operators continue to operate an open-loop payment system, they must include this risk within their money laundering and terrorist financing risk assessment and implement appropriate and effective controls to prevent money laundering and terrorist financing.

Licenced software providers’ games available on websites not licensed by the Gambling Commission

Risk information

We are aware of casino games that have been developed by software operators licensed by the Commission becoming available on unlicensed websites and accessible to British consumers illegally.

Operators conducting business (either directly, or indirectly through third-party resellers) with websites that are operating illegally are at risk of accepting funds derived from criminal activity.

What operators need to do

Operators who only have a gambling software licence must consider their obligations to uphold the licensing objectives, including preventing gambling from being a source of crime or disorder, being associated with crime and disorder or being used to support crime. Operators with casino host licences are additionally required to comply with licence condition 12.1.1. (including the requirement to conduct a risk assessment of the business being used for money laundering and terrorist financing, and implement appropriate controls), as well as the Money Laundering Regulations and the Commission’s guidance for casino operators (opens in new tab) (PDF).

The Commission advises operators to actively monitor their business relationships to ensure that partners are not offering illegal gambling facilities to the GB market. Where such non-compliance is identified, operators must terminate these relationships immediately. It is crucial that licensees also engage proactively with the Commission when such activity is detected, providing details of the preventative measures taken to ensure the activity ceases without delay. Actively notifying the Commission and presenting a clear and prompt plan to mitigate the issue is a minimum requirement: Industry warning notice: licensed software appearing on illegal market.

Cryptoassets

Risk information

We are aware of an increasing interest in cryptoassets (also known as crypto currencies) within the licensed gambling industry.

As noted by HM Treasury, cryptoassets present several vulnerabilities from a money laundering and terrorist financing perspective. For further detail please see: HM Treasury National risk assessment of money laundering and terrorist financing 2020 (opens in new tab) (PDF) chapter 8. The Commission rates cryptoassets as a high-risk payment method: The 2023 money laundering and terrorist financing risks within the British gambling industry.

We are also aware of a large theft of cryptoassets from the ByBit exchange which took place in February 2025. The group alleged to be responsible for the theft are suspected to use complex online money laundering systems which, in the past, have been thought to include remote gambling operators around the world.

What operators need to do

We remind operators that the use and/or acceptance of cryptoassets presents challenges. As cryptoassets potentially become more prevalent, we expect that more payment providers will offer crypto payment facilities. Operators need to have a full understanding of the services provided by their payment providers. 

The Commission is reiterating the importance of operators’ responsibilities under Licence Condition 12.1.1 (1), which requires licensees to conduct an assessment of the risks their businesses face from money laundering and terrorist financing upon the introduction of new products or technology or new methods of customer payment.

Operators are also required to submit a Key Event to the Commission under Licence Condition 15.2.1(8) wherever there are changes in payment methods.

When customers indicate their funds to gamble have come from cryptoasset trading or other means linked to cryptocurrencies, it is the Commission’s expectation that this feeds into a customer’s risk profile as a high-risk indicator with sufficient due diligence then completed. Additionally, operators are encouraged to be mindful of the recent theft of cryptoassets (as discussed above) and consider their vulnerabilities and controls in this area.

Further detail about our position on cryptoassets can be found here: Blockchain technology and crypto-assets.

Terminals used to facilitate payments in non-remote casinos

Risk information

We are aware of several types of terminals used to facilitate customer deposits into non-remote casinos, and we have seen cases where funds received via this method are not scrutinised as closely as deposits via other methods.

What operators need to do

Operators must assess the risks of their businesses being used for money laundering and terrorist financing. This risk assessment must include considerations of the different types of payment methods accepted by the business, including any payment terminals within the casino. Following this risk assessment, operators must implement effective policies, procedures and controls to prevent money laundering and terrorist financing. In the case of payment terminals in the casino, operators must ensure they are appropriately scrutinising funds received via this method, and not relying on the third-party terminal provider and/or payment processor to conduct checks on the funds being transferred.

We are aware that some terminal providers provide the receiving casino with the details of the bank account where the money has been sent from. Operators should consider whether the account belongs to the customer, and whether it matches with other information known about the customer, including other bank accounts they have used.

When money is received via terminals within the casinos, operators must consider how the use of this payment method feeds into the rest of the customer’s risk profile and complete an appropriate level of customer due diligence, including enhanced customer due diligence for high-risk customers.

Changing customer demographics in the non-remote casino sector

Risk information

Some non-remote casinos have experienced changes in the demographics of their customer base, which has not been reflected in their risk assessment or policies, procedures and controls.

Prior to 2020, high-end non-remote casinos had many international ultra-high-net-worth individuals as customers. During the pandemic, casino premises in Great Britain (GB) were closed, and many of the customers who previously came to GB to gamble in high-end casinos shifted their preference to other global gambling centres. This shift in behaviour was also thought to be consolidated by changes to VAT regulations in the UK.

It is believed that this caused some non-remote casinos to change their entry and membership criteria to attract a wider range of customers from within GB. However, we have seen cases where operators have not updated their risk assessment and policies to account for the changed customer base, which has meant the procedures in operation are insufficient in mitigating the risks present within the business.

What operators need to do

As per licence condition 12.1.1, operators must ensure their money laundering and terrorist financing risk assessments are appropriate and reviewed in light of any changes of circumstances, including changes in the customer demographic. They must then have appropriate policies, procedures and controls to prevent money laundering and terrorist financing.

Adult gaming centre premises converting to licensed bingo premises

Risk information

The Commission is aware of some adult gaming centre (AGC) premise licence holders converting to bingo premises, and there is a concern that when preparing their money laundering and terrorist financing risk assessment, and reviewing the Commission’s risk assessment (as per licence condition 12.1.1(1) and (3)), operators may not consider all relevant risks if they only consult the bingo section, and not the AGC section, of the Commission’s risk assessment.

What operators need to do

The Commission intends to update its risk assessment to reflect this industry trend, but in the meantime, we urge bingo licensees who operate AGC-style premises to consider all relevant money laundering and terrorist financing risks to the premise, including those noted in the bingo and arcade sections of the Commission’s risk assessment.

Useful links

Arcades: The 2023 money laundering and terrorist financing risks within the British gambling industry – Arcades.

Bingo: The 2023 money laundering and terrorist financing risks within the British gambling industry – Bingo (non-remote).

Further information can be found in our advice document (opens in new tab) (PDF).

Licence condition 12.1.1: LCCP Condition 12.1.1 Anti-money laundering – Prevention of money laundering and terrorist financing.

Crash games

Risk information

Crash games have been offered within crypto casinos (which are not licenced by the Commission and are illegal if accessible via GB) for a number of years.

Crash games may have differing graphics and premises, but typically the mechanics of the games mean that, once the initial bet is made, the round begins with a starting multiplier, which grows as the game progresses. Customers have the option to cash out at any point, but if the game crashes before a customer has cashed out, they will lose the money from the multiplier as well as their stake. Rounds can last anywhere from a few seconds to a couple of minutes before either the game crashes or the customer cashes out. Crash games are highly volatile and can lead to significant losses for players.

We have been made aware of an increased interest in crash games within the legal, licensed casino sector, so we are drawing operators’ attention to the risks of this game type.

There are concerns that products of this nature can allow criminals to camouflage the high-risk behaviour of cashing out quickly with limited gameplay within the context of the crash game (where these behaviours are inherently more common), and that transactional monitoring controls may not be effective in detecting suspicious activity.

What operators need to do

When introducing any new products (including crash games) operators must assess the risks of that product being used to launder money. Operators must then ensure they have appropriate procedures and controls in place to prevent money laundering. In this case, this would include controls to identify and prevent suspicious wagering patterns, and processes to feed the use of crash games into a customer’s overall risk profile and commence appropriate due diligence. Where operators know or suspect money laundering has occurred, they must submit a suspicious activity report (SAR).

More information about appropriate policies, procedures and controls can be found in our guidance document (opens in new tab) (PDF).

Application Registration Cards

Risk information

Application registration cards (ARCs) are issued by the Home Office to individuals who claim asylum. ARCs contain information about the holder but are not evidence of identity and must not be accepted as a form of identity documentation.

Those presenting ARCs when attempting to open a gambling account, or access gambling premises, may also be at a higher risk of exploitation and mule account activity.

What operators need to do

Operators are reminded that they must have appropriate policies, procedures and controls in place to ensure the requirements for customer identification and verification are met. This includes detailing acceptable forms of identification documentation in line with the Commission’s guidance and the government guidance (see links below). An ARC is not an acceptable form of identification.

Operators then need to train their staff members and implement measures to ensure that policies and procedures in relation to customer identification and verification are followed.

If an operator believes that someone is being exploited, they can report it to the Modern Slavery and Exploitation Helpline on 08000 121 700 or via the online form but, if they think someone is in immediate danger, they should contact the police.

Risk information

In February 2025, FATF updated its list of high-risk jurisdictions (sometimes known as the FATF “black list”) and the list of jurisdictions subject to increased monitoring (sometimes known as the FATF “grey list”).


What operators need to do

Operators need to review the lists above and ensure they have effective policies, procedures and controls in place to identify customers and relationships with links to high-risk jurisdictions, including those subject to calls for action and subject to enhanced monitoring.

Operators are reminded to conduct robust enhanced customer due diligence checks in relation to any customer relationships which are associated with high-risk jurisdictions, including those subject to enhanced monitoring by FATF in order to mitigate the risk of money laundering and terrorist financing, including proliferation financing.

More information about managing geographical risk can be found in our guidance: Anti-money laundering responsibilities for casino businesses.

Article Credit: https://www.gamblingcommission.gov.uk/licensees-and-businesses/guide/page/emerging-money-laundering-and-terrorist-financing-risks-from-april-2025/