The Gambling Commission has intensified its enforcement against non-compliant gambling operators, with a recent £1 million fine imposed on ProgressPlay Limited underscoring the critical need for robust Anti-Money Laundering (“AML”) frameworks. The online gambling operator was penalised following a compliance assessment that uncovered significant AML and social responsibility failings between August 2021 and August 2024.
Key failings included the absence of an appropriate Money Laundering and Terrorist Financing (“MLTF”) risk assessment and inadequate implementation of controls to mitigate MLTF risks. This case highlights the Gambling Commission’s zero-tolerance stance and the essential role of a tailored Business Wide Risk Assessment (“BWRA”) or MLTF risk assessment in ensuring compliance with relevant legislative and regulatory requirements.
Identified Failures
- Lack of Appropriate MLTF Risk Assessment
ProgressPlay failed to undertake an appropriate MLTF risk assessment and did not adequately assess the risks of their business being used for money laundering and terrorist financing. The MLTF assessment must be reviewed at least annually or in response to changes like new products, technologies, payment methods or customer demographics. Without this, the operator could not identify or address all relevant risks, leading to a non-risk-based approach to AML and a breach of relevant requirements.
- Inadequate Implementation of Controls
The operator failed to implement and regularly review appropriate AML policies, procedures, and controls. This included not testing the effectiveness of existing measures. As a result, the firm remained exposed to significant risks from its business model, customer profile and transaction patterns, without appropriate mitigation.
- Insufficient Transaction Scrutiny and Source of Funds Verification
ProgressPlay also failed to adequately scrutinise customer transactions, including verifying the Source of Funds (“SoF”) where required. This oversight meant customer activity was not sufficiently aligned with their known profile, business activities, or risk level.
Common Themes in AML Failures
The failings observed in this case reflect broader themes seen across the sector, such as:
- Absence of a comprehensive, tailored MLTF risk assessment;
- Inadequate implementation of risk-based controls; and
- Weak ongoing monitoring and due diligence.
ProgressPlay’s failure to maintain an appropriate BWRA meant that key risk areas, such as those outlined in the Gambling Commission’s 2023 MLTF Risk Assessment for the British Gambling Industry, were not adequately considered. These include emerging risks such as the use of cryptoassets and large-value transactions.
Notably, the Gambling Commission’s National Strategic Assessment emphasises that operators must adopt a bespoke approach to risk assessments, avoiding ‘one-size-fits-all’ models. Emerging risks publications serve as triggers for operators to review and update their assessments and policies promptly. Firms are expected to conduct and document a BWRA or MLTF risk assessment that identifies risks related to customers, products, delivery channels, geographies and technologies. Failures in these areas, including not implementing proportionate controls or verifying SoF, resulted in the penalty, a formal warning and a mandated third-party audit within six months to verify effective AML implementation.
Compliance Lessons for Regulated Firms
The Gambling Commission’s enforcement signals a rigorous approach to AML failures, with no leniency for repeat offenders. Key takeaways include:
- Conduct and Review Risk Assessments Annually: Firms must conduct and annually review a tailored BWRA or MLTF risk assessment, factoring in the Commission’s national risk assessments, business-specific vulnerabilities, and emerging threats to identify and mitigate MLTF risks effectively.
- Implement and Test Controls: Firms must implement and regularly test policies, procedures and controls based on the risk assessment, ensuring they address identified risks like transaction scrutiny and SoF verification.
- Staff Training: Firms must train employees on AML obligations, including recognising red flags for money laundering, to prevent human error and support a risk-based approach.
- Ongoing Monitoring and Due Diligence: Firms should establish and maintain systems for continuous transaction monitoring and customer due diligence, with prompt updates in response to changes in business operations or external risks.
A Wake-Up Call for All Operators
The Gambling Commission’s actions against ProgressPlay demonstrate that no operator, regardless of size or online presence, is immune to scrutiny. As MLTF threats evolve, operators must adopt a proactive stance, integrating advanced monitoring tools, such as transaction analytics and automated risk scoring, with thorough risk assessments and robust governance frameworks.
How Complyport Can Help
Complyport offers tailored solutions to strengthen AML and compliance frameworks, supporting firms develop appropriate systems and controls to address and mitigate financial crime risks. Our services include:
- Business Wide Risk Assessment preparation and review;
- AML Audits and Gap Analyses;
- AML Policy Reviews and Systems and Controls Implementation Assessment;
- Transaction Monitoring Support and review of existing systems and arrangements; and
- Staff Training on Financial Crime, Risks and Customer Due Diligence.
Book a Meeting with a Complyport SME
To learn how to enhance your firm’s AML framework and ensure compliance with regulatory expectations, book a consultation with a Complyport Subject Matter Expert today.
Ask ViCA, your Virtual Compliance Assistant.
Access instant answers on regulatory changes.
Claim your complimentary 20 queries today! Register here: https://vica.chat
