Gambling Commission flags over-reliance on financial threshold in operator AML measures
Summary
Great Britain’s Gambling Commission has warned that some operators rely too heavily on financial thresholds when activating anti-money laundering (AML) and counter-terrorist financing (CTF) checks. A Commission bulletin (3 October) highlighted that risk-based customer due diligence is often only triggered once players hit a monetary trigger, ignoring other clear non-spend risk indicators. The regulator found thresholds set too high for the risks present, gaps in customer risk-profiling, weak scrutiny of documentation, poor record-keeping, inadequate staff training and misuse or misconfiguration of AI and algorithmic controls.
The Commission recommends ongoing risk-based monitoring, properly set thresholds tied to each operator’s risk assessment and better staff training and controls — including ensuring AML algorithms escalate genuine red flags.
Key Points
- Regulator found operators often only start risk profiling or enhanced due diligence once a financial threshold is met.
- Financial thresholds were sometimes set at an unacceptably high level for the risks present, leaving risky customers unchecked.
- Non-financial risk indicators — e.g. suspicious third-party deposits or documentation anomalies — were missed or identified too late.
- Operators frequently lacked adequate staff training to spot false or fraudulent documents and other AML red flags.
- Poor record-keeping and insufficient due diligence on third-party relationships were common shortcomings.
- Use of AI, algorithms and behavioural models for AML is rising, but some operators don’t understand or configure them correctly, so high-risk indicators aren’t always escalated.
Context and relevance
This bulletin matters to licence holders and compliance teams across the UK gambling sector. The Gambling Commission is signalling that mechanical, spend-only controls are no longer acceptable on their own — firms must take a holistic, risk-based approach. With regulatory scrutiny continuing to tighten, shortcomings flagged here can lead to enforcement action and reputational damage. The guidance also highlights operational risks when using automated tools without clear validation and oversight.
Author style
Punchy: If you manage AML, compliance or product risk at an operator, this is urgent. The Commission’s findings point to structural weaknesses that can be fixed, but only if firms update policies, train staff and validate their tech properly.
Why should I read this?
Short version — don’t be the operator relying on a magic money number. Read this if you want to avoid regulatory headaches: it tells you what the regulator is seeing in the market, what you should fix (thresholds, profiling, docs, training, algorithm checks) and why those fixes actually matter for keeping licences and customers safe. We’ve skimmed the bulletin and pulled out the bits you need to act on.
