Open navigation
Search
Search
All expertise
Explore our breadth of expertise.
International Desks
Helping you access overseas markets with support from our country and region-specific experts.
Sectors View all
Practice Areas View all
Offices
Discover the scope of our presence in the jurisdiction.
Global Reach
Learn about our capabilities beyond borders.
CMS United Kingdom
All insights
Leverage our expert analysis, intelligence and thought leadership for your strategic advantage.
Personalised updates
Receive tailored insights and intelligence that apply directly to your business.
Topics in Focus View all
Insights by type
CMS Spotlight: join our events and webinars!
CMS News
Stay up to date with our growth, evolution and our many successes.
CMS Press Office
Contact us
For all general enquiries.
About CMS
CMS Careers

Select your region

International Europe Africa Asia-Pacific The Americas Middle East
Legal Update

Increase in regulatory action by the Gambling Commission

20 May 2025 England and Wales 10 min read

Introduction 

In March 2025, the Gambling Commission (the “Commission”) announced regulatory action against three smaller operators for anti-money laundering (“AML”) and social responsibility (“SR”) failings dating back several years. In particular:

  1. a regulatory settlement reached with AG Communications Limited (“AG Communications”) following a licence review under s.116 of the Gambling Act 2005 (the “Act”) in respect of breaches that occurred between May 2023 and October 2024;
     
  2. a regulatory settlement reached with Football Pools Limited (“Football Pools”) following a licence review in respect of breaches that occurred between September 2022 and August 2023; and
     
  3. a financial penalty imposed on Corbett Bookmakers Limited (“Corbett”) following a licence review in respect of breaches that occurred across various periods between February 2022 and May 2024.

There was significant overlap in the operators’ failings. We consider this in more detail below.

1. Anti-money laundering breaches

The Commission identified AML failings by all three operators, as follows:

  • Breach of paragraphs 1, 2 and 3 of Licence Condition (“LC”) 12.1.1

Paragraph 1 requires licensees to assess the risks of their business being used for money laundering and terrorist financing. The risk assessment must be appropriate and must be reviewed as necessary in light of any changes of circumstances.

Paragraph 2 requires licensees to ensure they have appropriate policies, procedures and controls in place to prevent money laundering and terrorist financing, following completion and having regard to the risk assessment.

Paragraph 3 requires operators to ensure that policies, procedures and controls are implemented effectively, kept under review, revised appropriately to ensure they remain effective, and take into account any applicable learning or guidelines published by the Commission from time to time.

The Commission found that AG Communications had breached paragraph 3 because:

  • its AML/counter-terrorism financing policies and procedures were too reliant on financial thresholds;
     
  • when customer accounts hit a medium, medium/high or high money laundering risk score they were not subject to a manual ‘enhanced customer due diligence’ (“ECDD”) check;
     
  • when financial thresholds were reached there were delays in completing ECDD checks; and
     
  • it did not follow its policy regarding ECDD checks.

The Commission found that Football Pools had breached paragraphs 2 and 3 because:

  • its AML policy was overly reliant on financial triggers to identify when customers presented higher money laundering or terrorist financing risks;
     
  • processes in place at the time of the assessment did not automatically apply hard stops when AML thresholds were reached and were only applied when resulting manual reviews took place;
     
  • manual reviews did not always occur promptly; and
     
  • there were incidents of delays in the creation of customer risk profiles, incidents where risk profiles were not created and incidents where they were not completed for a significant period.

Corbett was found to be in breach of all three paragraphs (although the Commission did not explain why in its public statement).

2. Social Responsibility breaches

The Commission also identified SR failings by all three operators, as follows:

  • Breach of paragraphs 1, 4, 5, 7, 8, 9 and 11 of SRCP 3.4.3

Paragraph 1

Paragraph 1 requires operators to implement effective customer interaction systems and processes in a way that minimises the risk of customers experiencing gambling-related harm. These systems and processes must embed the three elements of customer interaction – identify, act and evaluate – which reflect that customer interaction is an ongoing process.

The Commission found that AG Communications did not always ensure that its policies, procedures and controls were effectively implemented. For example, it had failed to fully and effectively implement a protocol which meant telephone calls that should have occurred when customers were identified as medium high-risk did not always happen. It also failed to ensure that a backstop daily loss figure designed to protect customers from significant losses was working correctly for certain account holders.

In Football Pools’ case, the Commission found examples where customers were not identified for safer gambling interactions due to an ineffective internal system which focused heavily on financial triggers, some of which were set too high.

Paragraph 4

Paragraph 4 requires licensees to have in place effective systems and processes to monitor customer activity to identify harm or potential harm associated with gambling, from the point when the account is opened.

The Commission found that AG Communications did not have effective systems in place to prevent customers spending significant amounts of money in a short period of time before an assessment was made as to whether the customer was potentially at risk of gambling-related harm. One customer was able to deposit and lose c.£7,000 in just over four hours and a manual review did not identify the fact that they had played through a backstop trigger.

Football Pools was reliant on its system to monitor activity and identify harm or potential harm. The process dictated that when a customer reached a financial trigger, they should receive a safer gambling interaction. However, a number of safer gambling risk profiles were not created immediately after a trigger was hit.

Paragraph 5

Paragraph 5 requires licensees to use a range of indicators relevant to their customers and the nature of the gambling facilities provided to identify harm or potential harm associated with gambling.

In Football Pools’ case, the Commission found that customers gambling at high velocity or placing large bets were not always identified for interaction early enough and the system in place at the time was not sensitive enough to identify long periods of gambling as a potential marker of harm.

Paragraph 7

Paragraph 7 requires that a licensee’s systems and processes for customer interaction flag indicators of harm in a timely manner for manual intervention, and feed into automated processes (required by paragraph 11).

However, the Commission found that whilst AG Communications used automated financial trigger thresholds as a potential indicator of harm, these were calculated in Euro currency only, meaning players who deposited in other currencies were not always identified for manual interaction in a timely manner.

Paragraph 8

Paragraph 8 requires licensees to take appropriate action in a timely manner when they have identified the risk of harm.

The Commission found that Football Pools did not always comply with this requirement. For example, whilst it has a range of safer gambling financial triggers in place to identify potential harm in relation to customer spend, it did not always interact with customers when they reached those financial triggers.

Paragraph 9

Paragraph 9 requires licensees to tailor the type of action they take based on the number and level of indicators of harm exhibited.

However, the Commission found that AG Communications did not always comply with this requirement. Failures included:

  • not tailoring the type of action it took based on the number and level of indicators of harm. For example, there was evidence of customers being sent multiple emails, but this not affecting their behaviour and AG Communications not increasing its action in response;
     
  • not keeping a detailed record of interactions it conducted with a customer identified as high-risk and that customer being able to raise their monthly loss limit from £1,000 to £4,000 without justification; and
     
  • not conducting a safer gambling interaction despite a customer losing approximately £6,000 in 48 hours.

Paragraph 11

Paragraph 11 requires that licensees must implement automated processes to ensure strong indicators of harm, as defined within the licensee’s process, are acted on in a timely manner. Where such processes are applied, the licensee must manually review their operation in each individual customer’s case and the licensee must allow the customer the opportunity to contest any automated decision which affects them.

However, AG Communications’ automated process failed a customer identified as high-risk and a manual process was not undertaken until a day later.

  • Failure to comply with paragraphs 1(a), (b) and (c) and 2 of SRCP 3.4.1

Paragraph 1 requires licensees to interact with customers in a way which minimises the risk of customers experiencing harms associated with gambling, including identifying and interacting with customers who may be at risk, as well as understanding the impact of that interaction on the customer.

Paragraph 2 requires licensees to take into account the Commission’s guidance on customer interaction.

Corbett failed to comply with both paragraphs (although again the Commission did not explain why in its public statement).

3. Other breaches

AG Communications also failed to comply with other LCCP requirements, for example, in relation to key events notification, and information that should be contained in an operator’s terms and conditions. More information about such breaches can be found in the Commission’s public statement here.

Outcome

The regulatory settlement reached between AG Communications and the Commission consisted of (i) a payment of £1,407,834 in lieu of a financial penalty (including a divestment of £220,334 and which will be directed to socially responsible purposes); (ii) agreement to the publication of a statement of facts in relation to the case; and (iii) payment towards the Commission’s investigative costs.

The regulatory settlement reached with Football Pools consisted of (i) a payment of £375,000 in lieu of a financial penalty, which will be directed to socially responsible purposes; (ii) agreement to the publication of a statement of facts in relation to the case; and (iii) payment towards the Commission’s investigative costs.

In both decisions, the Commission considered various aggravating factors. For example, the fact that the operators’ failings were serious and potentially impacted on the licensing objectives and that the breaches arose in circumstances that were similar to previous cases the Commission has dealt with and published about. It was also significant that AG Communications had already been subject to two compliance assessments and a licence review.

In terms of mitigating factors, both operators had swiftly implemented an action plan to remedy the failings and mitigate risk to customers and had fully cooperated with the investigation. AG Communications had also accepted the failings at an early stage and voluntarily agreed to a third-party audit.

In Corbett’s case, the Commission imposed a financial penalty of £686,070 and attached an additional condition to its licence under s.117 of the Act, requiring it to conduct a third-party audit within 12 months of conclusion of the review. Although it was significant that the Commission had previously imposed a financial penalty on Corbett following a licence review in 2022, it did note that Corbett was cooperative during the investigation and took corrective steps to address identified failings.

Comment

These decisions represent a spate of regulatory action by the Commission, having turned its attention to smaller operators. Between them, they make clear that the Commission remains committed to:

  • imposing escalated enforcement action on repeat offenders of regulatory breaches;
     
  • taking action against land-based as well as online gambling operators who have failed to meet their AML and SR obligations;
     
  • imposing additional obligations on operators following licence reviews (such as warnings or additional licence conditions); and
     
  • investigating and holding to account smaller operators as well as larger.

As always, all gambling operators should ensure that:

  • AML and SR policies, procedures and controls are not only in place, but are implemented effectively and continuously developed and improved, and that staff are effectively trained to follow and implement them.
     
  • Staff receive adequate initial and refresher training. This should be recorded and demonstrable.
     
  • Accounts are fully investigated, and risks are mitigated when links are identified between them.
     
  • Customer information is scrutinised in a timely manner, properly assessed and steps are taken to mitigate potential AML and SR risks.
     
  • Staff act quickly when customers display potential markers of harm and procedures specify appropriate timescales for actions and interactions.
More insights
Gambling

Explore more

Publication United Kingdom

Gambling Law Reform Tracker

02 Feb 2026 11 min read
Event United Kingdom

IP Insights webinar series 2026

28 Apr 2026
Back to top Back to top
You will now find all Law-Now content on CMS.law
Explore more
Law-Now, RegZone, LEXplicite and Blogtt have moved to CMS.law. Law-Now has moved to CMS.law. RegZone has moved to CMS.law. LEXplicite has moved to CMS.law. Blogtt has moved to CMS.law.
Learn more Learn more Learn more Learn more
If you want to use third party tools, please enable personalisation cookies as part of your cookie preferences. You can change this setting at any time via the button below or in our Cookie Notice.