Game of chance or game of skill for money laundering

Vulnerabilities of online gambling

Gibraltar and Malta… What do these two jurisdictions have in common?

Great weather, beautiful landscapes, both could be considered as holiday destinations. But not only - both territories are well known online gambling hubs and both at some point of time were classified as jurisdictions under increased monitoring by the Financial Action Task Force (FATF).

Although Malta was removed from the FATF list in June 2022, Gibraltar still remains as a “grey-listed” country.1

As mentioned by FATF officials “Gibraltar needs to take a number of steps, including focusing on gatekeepers to the financial system, in particular gambling operators and lawyers”.2

In light of this statement, it is worth asking what are the main vulnerabilities of the online gambling sector.

In 2022 the European Commission issued the 3rd Supranational Risk Assessment (SNRA)

According to this report:3

“risks arising from online gambling have increased further since the publication of the last SNRA in 2019”.

The internet allows for a high degree of anonymity. The non face to face nature of online gambling is one of the main risks represented by this business. Identification and verification of the players require more complex CDD measures in order to detect use of false or stolen identities and ensure that the customer providing documentation is the one described in it. Nevertheless, given the evolution of digital ID technology, it is possible to put in place controls required to build robust KYC checks.

The European Gaming & Betting Association (EGBA) issued an overview of the identity verification methods for online gambling.4

The list presents various databases used by the EU countries for identity verification purposes such as e.g. eIDAS which is a framework allowing usage of digital ID for accessing online services and providing three levels of assurance for electronic identification.5

However, risks related to remote gambling are not only linked to the abovementioned false or stolen identities

As online gambling transactions are conducted over the internet and gambling platforms which are accessible 24/7, the volume of the transfers related to this activity is immense. Identification of the source of wagered funds might be difficult in some instances.

Although, in case of bank deposits, the risk can be reduced by the CDD measures implemented by particular banks, there are payment methods such as prepaid cards or virtual currencies which could be used to obscure the source of funds.

In 2020 the Isle of Man Gambling Supervision Commission issued AML/CFT Guidance for Virtual Currencies. The guidance references the risks related to virtual currencies and additionally highlights, among others:

  • difficulty in linking an “account” to a real world identity, 

  • potential use of anonymity software such as coin mixers and IP mixers, 

  • the fact that non-centralised “accounts” may be opened by anyone without CDD checks

  • lack of expertise to deal with new and rapidly developing technologies

  • lack of AML/CFT controls for virtual currencies in most jurisdictions.6

In this aspect it is necessary to mention that the introduction of 5th AML Directive was the first step in the EU towards regulating virtual currencies. 

These voices provide direction for further development of legislations, such as e.g. Markets in Crypto-Assets Regulation (MiCA) which should harmonise rules for crypto-assets at EU level.

Threats related to this market were lately highlighted by:

The Financial Stability Board (Regulation, supervision and oversight of Crypto-Asset activities and markets, 2022)

Basel Committee on Banking Supervision (Prudential treatment of crypto asset exposures, 2022)

FATF (Targeted update on implementation of the FATF standards on virtual assets and virtual asset providers, 2022; Updated guidance for a risk-based approach virtual assets and virtual asset providers, 2021)

Nevertheless, alternative payment methods are not the only risks in gambling business. Use of multiple accounts gives a chance to transfer funds from one account to another and further conceal the origin of funds.

As such gambling operators should limit the ability to create multiple accounts or at least identify customers with multiple accounts and determine the reason for opening more than one account.

Also transfer of funds between different customers should be considered as a red flag. This might be a way to send funds outside the regulated financial system (cross-border movements) and as such should be prohibited or limited.

Further, transactional risk is related to the multiple deposit sources as well as different methods used to deposit and withdraw the funds. The risk arises especially when gambling activity is very limited or there is no gambling activity at all.7

As a mitigating factor gambling operators should only allow deposits and withdrawals using payment methods that match the customer's account name in order to ensure the payment method belongs to the customer.

Moreover, whenever possible given the fact that some payments such as pre-paid cards do not allow return payment or refund, withdrawals should be paid to the account (or other payment method) used to make the deposit that resulted in the win.

Although cash is not a typical method of funding for online gambling, there is a risk that illicit funds could enter the remote gambling sector by money service businesses (crediting the accounts) or mixing gambling chains i.e. depositing funds through land-based casinos and transferring to the online gambling accounts.8

Discussing further vulnerabilities of the online gambling, VIP rooms and master accounts require additional considerations. It is significant for the compliance function to be independent from enterprise functions of the gambling operator to avoid conflict of interest in case of VIP customers. Also master account set-up requires effective control over land-based intermediary and access controls.

Enjoying this article?

Check out other publications in the “Transaction Monitoring” series:

  • a decorative picture

    What is Transaction Monitoring really about? A broader picture of fighting financial crime

    Read the article
  • a decorative picture

    AML Compliance in Gambling, Gaming, and Betting around the globe

    Read the article
  • a decorative picture

    Illegal raffles and lotteries in the UK - how to avoid facilitating illegal activities

    Read the article
  • a decorative picture

    Anti Money Laundering as a way to limit environmental crimes

    Read the article
  • a decorative picture

    Are we ready for automating transaction monitoring?

    Read the article
  • a decorative picture

    How to monitor credit cards transactions for money laundering activity

    Read the article

Online gambling represents various vulnerabilities related to money laundering. Fortunately, there are many mitigating factors which can be undertaken by the sector:

Risk based CDD measures

Transaction monitoring processes

Regular risk assessments of their products

Also competent authorities should implement appropriate steps in order to ensure regular cooperation with the online gambling operators, provide guidance, training sessions, and feedback

However, the educational role is one of the regulators’ responsibilities. There is also the controlling aspect.

In Malta, during January and June 2022, 16 compliance audits were conducted with 114 desktop reviews, accompanied by an additional 7 AML/CFT compliance examinations initiated by the Malta Gambling Authority on behalf of the Financial Intelligence Analysis Unit.9

Also the Gambling Commissioner in Gibraltar performed controls of remote gambling licence holders which resulted in financial penalties in respect of AML deficiencies.10

Probably more examples of gambling regulatory investigations are yet to come. Not only in Malta or Gibraltar.

Related content

Contact us

Marta Wójcik

Partner, Financial Crime Unit, PwC Poland


Anna Piwowarska

Director, Financial Crime Unit, PwC Poland


Katarzyna Chmara

Manager, Financial Crime Unit, PwC Poland

+48 519 507 829


Follow us