Logo Logo
eGaming

Maintaining Compliance: AML/CFT Inspections by the Isle of Man Gambling Supervision Commission

Under the Gambling (Anti-Money Laundering and Countering the Financing of Terrorism) Act 2018, the Isle of Man Gambling Supervision Commission (GSC) have the power to carry out onsite inspections focused on Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT). These inspections aim to ensure that both operators and software suppliers uphold the highest standards of regulatory compliance. In recent years, the GSC has strengthened its regulatory oversight, leading to more frequent AML/CFT inspections.

It is essential that all licensed entities fully understand the serious consequences of failing to meet their AML/CFT obligations. Falling short of those accountabilities may result in enforcement action, substantial financial penalties, the suspension or revocation of licences, and potentially personal liability for members of senior management.

This article highlights key strategies to support ongoing compliance with the GSC’s regulatory framework.

The GSC’s Objectives

The GSC operates under a clear set of licensing objectives designed to ensure the integrity and safety of gambling activities within the jurisdiction. These objectives are:

  • To ensure that gambling is conducted in a fair and open way – This means maintaining transparency and fairness in all gambling operations, safeguarding the interests of players and maintaining public confidence in the sector.
  • To protect children and other vulnerable persons from being harmed or exploited by gambling – This includes preventing underage gambling, promoting responsible gambling, and ensuring that adequate safeguards are in place to support individuals at risk.
  • To prevent gambling from being a source of crime or disorder, being associated with crime or disorder, or being used to support crime – This objective underpins the GSC’s focus on robust Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) controls, as well as strong due diligence and operational integrity among licence holders.

These objectives guide the GSC’s approach to licensing, regulation, compliance inspections, and enforcement.

What to Expect During a GSC Onsite Inspection

Pre-Inspection Phase

Prior to the inspection, the GSC will contact the licence-holder’s appointed officials to agree a suitable date for the onsite visit. Once confirmed, the GSC will issue several requests for pre-inspection documentation. This typically includes a self-assessment, a sample of player data (covering approximately 1,000 players), and relevant company documents.

From the submitted player data, the GSC will select a subset of around 15 players for closer review. These will usually be higher-risk individuals who have undergone enhanced due diligence. The licence-holder will be expected to provide all associated documentation for these players within a specified timeframe. As these cases are likely to be reviewed during the onsite visit, it is advisable to thoroughly examine these player journeys in advance.

During the Onsite Inspection

The GSC will expect the Money Laundering Reporting Officer (MLRO) and the AML/CFT Compliance Officer to be present throughout the inspection, which can last up to two days. The inspection will follow the structure of the self-assessment, covering all ten key sections. The GSC will explore both the theoretical frameworks (such as policies and procedures), and the practical application of these within the business.

Licence-holders should be prepared to demonstrate their operational systems, including the back office, data channels, and any third-party technology used for player screening, monitoring, and verification.

Post-Inspection Process

Following the inspection, a draft report will be shared with the board of directors, giving the licence-holder an opportunity to review the findings and address any factual inaccuracies. Once confirmed, a final report will be issued outlining any required remediation measures along with deadlines for completion.

Where remedial action is necessary, the GSC must be satisfied that any issues presenting a risk to the public or the Island’s reputation are addressed promptly. Where appropriate, the GSC will continue to provide guidance and support through its regular supervisory processes to help resolve any identified shortcomings.

The GSC implements a staged approach to addressing AML/CFT failings:

  • Stage 1 – Typically, a report resulting from a supervisory inspection will include actions and deadlines to address any identified areas of weakness or contravention of the AML/CFT legislation
  • Stage 2 – The GSC will then work with the subject to ensure that actions are completed
  • Stage 3 – Where the GSC has particular concerns in relation to AML/CFT compliance (whether identified through an inspection or not), the matter will be referred to the GSC’s Enforcement Team for consideration of further action

Information regarding the GSC’s enforcement strategy can be found on the GSC’s website.

How to Prepare for AML/CFT Inspections by the GSC

Operators and software suppliers must take proactive steps to maintain strong AML/CFT controls and ensure they are well-positioned to pass an inspection by the Isle of Man Gambling Supervision Commission (GSC). The following practices can help you demonstrate compliance and reduce the risk of enforcement action:

Understand the GSC’s AML/CFT Supervision Methodology & Inspection Procedures

The GSC has published a Supervision Methodology which outlines how they [the GSC] supervises and inspects online gambling operators to ensure compliance with AML/CFT regulations. The document also explains to operators how they are risk assessed by the GSC, how frequently they can expect an inspection, as well as other useful guidance on the inspections process.

Conduct Regular Internal AML/CFT Audits

Regular internal reviews of your AML/CFT framework are essential to ensure your procedures remain current and effective. Consider undertaking mock inspections or engaging third-party experts to independently assess your compliance readiness. A helpful first step is completing the GSC’s self-assessment prior to the inspection.

Review customer due diligence (CDD) processes, transaction monitoring systems, and reporting procedures to identify and resolve any gaps before the GSC’s visit.

Stay Up to Date with Regulatory Developments

AML/CFT regulations continue to evolve, and staying informed is key to maintaining compliance. The GSC may refine its expectations in response to legal, financial, or industry changes.

Subscribe to regulatory updates, attend industry events such as the GSC’s AML Forum, and work closely with legal and compliance professionals to stay ahead of emerging requirements. Analysing previous enforcement actions can also provide valuable insights and lessons for your own compliance programme.

Strengthen AML/CFT Policies and Procedures

Ensure your AML/CFT policies are thorough, clearly written, and regularly reviewed. The GSC will expect comprehensive documentation covering your approach to CDD, monitoring, suspicious activity reporting, and staff training.

Policies should reflect current legislation and align with best practices, demonstrating a structured and well-informed approach to AML/CFT compliance.

Foster a Strong Compliance Culture

A culture of compliance must be embedded across your organisation, with responsibilities understood and taken seriously at all levels. Encourage staff to escalate concerns and ensure senior management is visibly engaged in AML/CFT oversight.

An organisation-wide commitment to compliance helps to identify issues early and significantly lowers the risk of regulatory breaches.

Maintain Effective Record-Keeping Practices

Robust record-keeping is vital to evidence decision-making and demonstrate your adherence to both your regulatory obligations and internal policies. Accurate and accessible records will support your position during an inspection and may prevent misunderstandings or misinterpretations.

Learn from Previous AML/CFT Inspections

Take time to reflect on previous inspections, including both your own and any publicly available outcomes. Pay close attention to the areas the GSC focused on and the feedback provided in draft reports. Understanding these patterns can help you anticipate future expectations and strengthen your preparation.

Explore the GSC’s YouTube Channel

In 2024 the GSC launched its official YouTube channel (@IOMGSC), offering a range of informative videos on AML/CFT inspections and regulatory topics. These resources provide valuable insights into the inspection process and can help you and your team better understand the GSC’s expectations.

Enforcement

In 2024, the GSC issued its first enforcement actions under the current framework, resulting in total net financial penalties amounting to £840,000:

  • BMO Manx Limited – A civil penalty of £1,000,000 was imposed (reduced to £700,000), for multiple compliance failures, including a lack of enhanced due diligence, failure to carry out a business risk assessment, and insufficient controls to identify Politically Exposed Persons (PEPs).
  • CyberHorizon Limited – A civil penalty of £200,000 (reduced to £140,000), was issued following breaches of AML/CFT obligations, including inadequate customer risk assessment processes, failure to meet technology risk assessment requirements, and not closing customer accounts where enhanced due diligence had not been provided.

These enforcement actions were the result of significant and persistent contraventions of the Gambling (Anti-Money Laundering and Countering the Financing of Terrorism) Code 2019 (the “Code”), identified during onsite AML/CFT inspections carried out by the GSC.

These cases serve as a clear reminder to the industry that full compliance with the Code – and all other relevant legal and regulatory requirements – must remain a top priority.

Conclusion

AML/CFT compliance remains a fundamental aspect of regulatory oversight for gambling operators and software suppliers licensed in the Isle of Man. Inspections conducted by the GSC are a key mechanism for verifying that businesses are meeting the obligations attached to their licence.

With the GSC maintaining a strong focus on the prevention of money laundering and related financial crime, being well-prepared for AML/CFT inspections is essential. Your vigilance in this process will not only help to protect your licence and reputation, but it may also mitigate the risk of financial penalties and enforcement action.

If you have any questions on the subject, please contact info@quadrantgaming.im.

 

Share this post:
Read More
eGaming
All In! Quadrant Gaming is heading to SiGMA Malta!
SiGMA Europe 2024 takes centre stage in Malta from 11-14 November 2024, and Quadrant Gaming is excited to attend, represented by Tammy Murray (Business Development Manager) and Tim Cox (Finance Director).
Read More
eGaming
Applying for an Isle of Man Gambling Licence
For Operators and Software Suppliers considering applying for an online gambling license in the Isle of Man, this article will…
Read More
eGaming
Why the Isle of Man Is an Attractive Place to Establish an Online Gambling Business
If you’re working in online gambling or considering entering the sector, the Isle of Man is a jurisdiction that should…
Read More
View All