Open navigation
Search
Search
All expertise
Explore our breadth of expertise.
International Desks
Helping you access overseas markets with support from our country and region-specific experts.
Sectors View all
Practice Areas View all
Offices
Discover the scope of our presence in the jurisdiction.
Global Reach
Learn about our capabilities beyond borders.
CMS United Kingdom
All insights
Leverage our expert analysis, intelligence and thought leadership for your strategic advantage.
Personalised updates
Receive tailored insights and intelligence that apply directly to your business.
Topics in Focus View all
Insights by type
CMS Spotlight: join our events and webinars!
CMS News
Stay up to date with our growth, evolution and our many successes.
CMS Press Office
Contact us
For all general enquiries.
About CMS
CMS Careers

Select your region

International Europe Africa Asia-Pacific The Americas Middle East
Legal Update

Emerging money laundering and terrorist financing risks bulletin published by the Gambling Commission

19 Aug 2025 England and Wales 10 min read

Under Licence Condition 12.1.1(3) of the Licence Conditions and Codes of Practice (“LCCP”), all licence holders (except those with gaming machine technical and gambling software licences) must keep up to date with emerging risks information published by the Gambling Commission (the “Commission”).

In April 2025, the Commission published a new money laundering and emerging risks bulletin which contains specific guidance on what operators need to do to mitigate those risks.

We summarise each risk and the Commission’s guidance below.

1. Money service business activity in remote and non-remote casinos

Risk: Money service business (“MSB”) facilities including foreign currency exchange, third-party cheque cashing and third-party money transfer (into and out of the casino).

Some casino customers have attempted to deposit large denomination notes of foreign currency (including €500 notes) into casinos and, according to the UK national risk assessment of money laundering and terrorist financing, criminals have been known to use currency exchange services to convert criminal cash into high denomination foreign currency notes.

What operators need to do: Conduct an appropriate money laundering and terrorist financing risk assessment and where MSB activity is offered, this must be covered. Operators must then implement appropriate controls and review these regularly. Customers using MSB facilities offered by casinos must be treated as high risk.

2. Artificial intelligence used to bypass customer due diligence

Risk: There has been an increase in the scale and sophistication of attempts to bypass customer due diligence checks using false documentation, deepfake videos and face swaps generated by artificial intelligence.

What operators need to do: Consider all information they hold on a customer and ensure that documents received are scrutinised. Staff must be appropriately trained to identify false and AI-generated documents.

3. Money in exchange for personal details and gambling accounts

Risk: Consumers are being targeted by companies who offer money in exchange for personal details to open multiple gambling accounts in the customer’s name. Consumers are directed to upload their documentation which is then used by the third-party to open large numbers of gambling accounts and are promised a financial reward in exchange. There is a risk that those gaining access to other people’s information and using it to gamble are acting as unlicensed betting intermediaries.

What operators need to do: Renew their processes for identity verification on a regular basis and take immediate action when any gaps are identified. They should consider whether checks on identity documents are sufficient to identify false, stolen or ‘mule’ identities. 

4. Third-party business relationships, including white-label partnerships and investments

Risk: Operators are failing to conduct sufficient due diligence measures in relation to third-party business relationships, including white-label partnerships and monies coming into the business in the form of loans or other investments.

What operators need to do: Ensure that they have appropriately risk assessed their dealings with third parties, including white-label partners and any entities providing loans and/or investments. The risk assessment should consider risks posed by jurisdiction of the third party, transactions and arrangements with business associates and third-party suppliers such as payment providers and processors, including their beneficial ownership and source of funds.

The Commission recently told TGP Europe, a white-label gambling operator, that it needed to pay a £3.3 million penalty and make significant improvements if it wanted to continue trading in Great Britain. The penalty was for failure to carry out sufficient checks on business partners and breach of anti-money laundering requirements. TGP surrendered its operating licence.

The Commission’s guidance is, as it stands, largely directed at business-to-consumer relationships but there is limited guidance available in relation to the due diligence required in respect of business-to-business relationships.

5. Open-loop payment processes

Risk: Some operators still operate open-loop payment processes which are a known money laundering risk as they allow the transfer of funds from one payment method to another. This can be used to disguise the origin and/or destination of funds.

What operators need to do: Closed-loop payment systems are considered best practice and mean operators process customer withdrawals and winnings to the same payment method used for the deposit.

6. Licenced software providers’ games available on websites not licensed by the Gambling Commission

Risk: Casino games that have been developed by software operators licensed by the Commission have become available on unlicensed websites and are accessible to British consumers illegally.

What operators need to do: Operators who only have a gambling software licence should monitor their business relationships to ensure that partners are not offering illegal gambling facilities to the British market. They should act promptly to take preventative measures and notify the Commission if such activity is detected.

Last year, the Commission commenced a licence review of live casino supplier Evolution Gaming because the Commission had concerns that its games were available in the UK via unlicensed websites. The review is ongoing.

7. Cryptoassets

Risk: There is an increasing interest in cryptoassets (also known as crypto currencies) within the licensed gambling industry. Cryptoassets present several vulnerabilities from a money laundering and terrorist financing perspective. The Commission expects more payment providers will offer crypto payment facilities as cryptoassets become more prevalent.

What operators need to do: Operators are reminded of the importance of conducting a money laundering and terrorist financing risk assessment upon the introduction of new products or technology or new methods of customer payment.

Operators must also submit a Key Event notification to the Commission under Licence Condition 15.2.1(8) wherever there are changes in payment methods.

If a customer indicates that their funds to gamble have come from cryptoasset trading or other means linked to cryptocurrencies, this should be fed into their high-risk profile as a high-risk indicator and sufficient due diligence should be completed.

Whilst the Commission has power to authorise its licensees to accept crypto payments, not one actually does so, given the high regulatory requirements with which licensees would likely need to comply. The Commission has expressed concerns about the difficulty of identifying source of funds in relation to crypto transactions and, in reality, will probably not go down this path before crypto assets are regulated in the UK.

8. Terminals used to facilitate payments in non-remote casinos

Risk: The Commission is aware of several types of terminals used to facilitate customer deposits in non-remote casinos that are not always scrutinised as closely as deposits via other methods.

What operators need to do: Operators’ risk assessment must consider different types of payment methods accepted by the business. Funds received via this method must be sufficiently scrutinised and operators should not rely on the third-party terminal provider and/or payment processor to conduct checks on the funds being transferred.

9. Changing customer demographics in the non-remote casino sector

Risk: Some non-remote casinos have experienced changes in the demographics of their customer base which have not been reflected in their risk assessment or policies, procedures and controls.

What operators must do: Operators must ensure that any change of circumstance is reviewed and reflected in their money laundering and terrorist financing risk assessment (along with their policies, procedures and controls).

10. Adult gaming centre premises converting to licensed bingo premises

Risk: Some adult gaming centre premise licence holders have converted to bingo premises. The Commission is concerned that when preparing their money laundering and terrorist financing risk assessment, operators may not consider all relevant risks if they only consult the bingo section and not the adult gaming centre section of the Commission’s risk assessment.

What operators need to do: Bingo licensees who operate adult gaming centre-style premises are urged to consider all relevant money laundering and terrorist financing risks to the premises. The Commission intends to update its risk assessment to reflect this industry trend.

11. Crash games

Risk: There is an increased interest in crash games within the legal, licensed casino sector. There are concerns that products of this nature can allow criminals to camouflage the high-risk behaviour of cashing out quickly with limited gameplay within the context of the crash game (where these behaviours are inherently more common) and that transactional monitoring controls may not be effective in detecting suspicious activity.

What operators need to do: When introducing any new products operators must assess the risks of that product being used to launder money and have appropriate procedures and controls in place to prevent this. In the case of crash games, this would include controls to identify and prevent suspicious wagering patterns, and processes to feed the use of crash games into a customer’s overall risk profile and commence appropriate due diligence.

12. Application Registration Cards

Risk: Application registration cards are issued by the Home Office to individuals who claim asylum. They are not evidence of identity. Those who present them may be at higher risk of exploitation and mule account activity.

What operators need to do: The fact that application registration cards are not an acceptable form of identification must be reflected in an operator’s policies, procedures and controls. Staff members must be trained and implement measures to ensure that policies and procedures in relation to customer identification and verification are followed.

13. Jurisdictions subject to increased monitoring by the Financial Action Task Force (FATF)

Risk: In February 2025, FATF updated its list of high-risk jurisdictions and the list of jurisdictions subject to increased monitoring.

What operators need to do: Review the lists referred to above and ensure they have effective policies, procedures and controls in place to identify customers and relationships with links to high-risk jurisdictions, including those subject to calls for action and enhanced monitoring. They must conduct robust enhanced customer due diligence checks in relation to any customer relationships which are associated with high-risk jurisdictions.

Comment

It is essential that operators read the Commission’s bulletin in full, ensure that the risks identified are considered in their money laundering and terrorist financing risk assessments and that they update their policies, procedures and controls to ensure that they remain appropriate and effective in light of the these risks. Per Licence Condition 12.1.1, the money laundering and terrorist financing risk assessment must be updated at least annually (meaning that operators should not wait for any annual review before doing so). The bulletin reflects the Commission’s wider enforcement activity and operators are well-advised to keep up to date with the Commission’s publications and consider their application to their money laundering and terrorist financing risk assessments.

More insights
Gambling Risk & Investigations Consumer Products Consumer Protection Defence FinTech FinTech Media TMT - Technology, Media & Telecommunications

Explore more

Event United Kingdom

CMS Update Morning: Media, Sports and Entertainment

29 Apr 2026
Publication United Kingdom

Gambling Law Reform Tracker

02 Feb 2026 11 min read
Back to top Back to top
You will now find all Law-Now content on CMS.law
Explore more
Law-Now, RegZone, LEXplicite and Blogtt have moved to CMS.law. Law-Now has moved to CMS.law. RegZone has moved to CMS.law. LEXplicite has moved to CMS.law. Blogtt has moved to CMS.law.
Learn more Learn more Learn more Learn more
If you want to use third party tools, please enable personalisation cookies as part of your cookie preferences. You can change this setting at any time via the button below or in our Cookie Notice.