Introduction

In July 2025, HM Treasury issued its response (“Response”) to a consultation that ran between March and June 2024 on improving the effectiveness of The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (“MLRs”).

The foreword of the Response, which was published on the same day that HM Treasury and the Home Office jointly published the National Risk Assessment of Money Laundering and Terrorist Financing 2025 (see our blog post on that here), rightly acknowledges that “Regulations cannot be truly effective unless they are as clear and targeted as possible”. It is clear that HM Treasury accepts within the Response that key aspects of the MLRs and sector guidance on the same currently fall short of meeting that key principle and need for clarity that underpins the UK’s risk-based approach to tackling money laundering and terrorist financing.

HM Treasury sets out a number of changes it will be introducing to bring greater clarity to the MLRs, which it says, “represent a balanced approach to mitigating illicit finance risks and supporting businesses to invest and grow”.  Certain changes will be introduced through amendments to the MLRs (with the intention to publish a draft Statutory Instrument “in the coming months”) while others will be brought about by engaging with regulators to improve existing sectoral guidance.

The Changes

We set out below those key changes that will be of particular relevance and interest to gambling operators licensed by the Gambling Commission (“Commission”) below.

1. Customer Due Diligence (“CDD”) & Establishing a Business Relationship

The Response sets out that “…there was a desire for clarity across a range of sectors about when a business relationship with a customer is established for the purposes of applying CDD”. Interestingly, the Response goes on to state (emphasis added) that “It is likely that differing interpretations of these concepts are resulting in inconsistent application of CDD both within and across different sectors…”

The very concept of when a business relationship is established is not straightforward and – per the Commission’s guidance on anti-money laundering (“AML”) – operators are told to form their own view on the same. Despite this, we have seen the Commission, in certain licence review processes, adopt the view that operators are somehow falling short of their obligations by not adopting CDD measures at registration. We have seen the Commission form that view despite, again, its own guidance accepting that whether a business relationship has been established should be informed by whether there will be an element of duration to that relationship (mirroring the definition in Regulation 4(1) of the MLRs).

This is a vital point for the gambling industry as many operators will have experienced a significant number of individuals creating an account with them but not necessarily then going on to gamble. If all gambling operators are required to adopt CDD measures on account creation that would create a significant burden, disproportionate to the risk they are mitigating. This point has been brought into repeated focus when the Commission suggests within compliance assessments that operators should adopt certain CDD measures from registration, including obtaining occupation information (see our previous article on this – What’s a job worth? – Obtaining occupation information from customers and the friction it causes).

It is therefore welcome that HM Treasury will be asking all supervisors – which includes the Commission – to “review its guidance in relation to the establishment of a business relationship, and to consider whether additional detail or case studies would help firms to apply the Regulations in a consistent and proportionate way”.

2. CDD & Source of Funds (“SoF”) & Ongoing Monitoring

The MLRs set out that, distinct from the requirement to carry out SoF checks as part of enhanced due diligence, SoF checks should also be carried out “where necessary” as part of the ongoing monitoring of a business relationship.

HM Treasury will, again, be asking supervisors to improve sector-specific guidance on this concept, including potentially within such guidance non-prescriptive examples to clarify what is meant by ‘where necessary’. It is worth noting, however, that the Response points out that the effect of the relevant regulation in the MLRs (regulation 28(11)(a)) is that SoF checks “are necessary when a transaction appears to be inconsistent with the firm’s knowledge of the customer, the customer’s business and risk profile”.

3. CDD & Digital Identity Verification

The Response highlights that there was strong support on a proposal to make it easier to comply with identity verification requirements by encouraging the use of digital identity technologies.

As such, HM Treasury, together with the Department for Science, Innovation and Technology, will be publishing guidance on the use of digital identity for MLRs identity verification checks. That guidance is anticipated to clarify what is meant by ‘digital identity’ and how it may be deployed in accordance with the MLRs.

4. Enhanced Due Diligence (“EDD”) & Complex or Unusually Large Transactions

HM Treasury’s consultation queried whether the requirement to apply EDD to all transactions that are “complex or unusually large” was disproportionate and, as such, led to a greater than necessary application of EDD. Whilst only a minority of respondents (albeit 41%) considered the current requirement led to “over risk-averse behaviour”, a majority of respondents (54%) supported the proposal to amend the MLRs such that EDD need only be carried out with respect to ‘unusually complex transactions.

The MLRs will, therefore, be amended such that EDD will be required in relation to ‘unusually complex’ transactions (instead of all complex transactions) and maintain the requirement to carry out EDD with respect to ‘unusually large’ transactions.

It is interesting to note that the Response points out that certain respondents were already interpreting ‘complex’ to mean ‘unusually complex’, but HM Treasury makes no attempt to explain – or commit to explain in guidance – what the difference is between ‘complex’ and ‘unusually complex’, with the Response suggesting that change to the MLRs achieves that aim.

5. Enhanced Due Diligence (“EDD”) & High-risk Third Countries

 The MLRs currently impose a requirement to carry out EDD on customers established in, or transactions linked to, a ‘high-risk third country’. The MLRs defines a high-risk third country by reference to the Financial Action Task Force’s (“FATF”) Increased Monitoring List and those territories subject to a ‘Call for Action’ (which currently include North Korea, Myanmar and Iran).

HM Treasury posed the question as to whether mandating EDD by reference to a customer established in, or a transaction linked to, such countries was effective. The Response acknowledged feedback and concern from respondents that “…the mandatory EDD requirements for customers and transactions linked to countries listed by the FATF often did not reflect illicit finance risk to the UK specifically”, and respondents instead supported a more targeted approach to risk by reference to what is known about a particular customer and a focus on those countries that actually pose the greatest illicit finance risk to the UK.

Significantly, the MLRs will be amended to mandate EDD checks “only where the relevant transactions or customer relationships involve a person established in a Call for Action country, not an Increased Monitoring List country”. HM Treasury, does, however stress in its Response that both FATF lists must be considered by those in the regulated sector when carrying out a customer risk assessment. In addition, HM Treasury will be inviting supervisors to review their guidance on high-risk jurisdictions to ensure that those that are regulated under the MLRs continue to apply robust, risk-based measures with respect to high-risk jurisdictions.

Aside from the changes outlined above, which are addressed in Chapter 1 of the Response, the Response also sets out that:

• HM Treasury will “…work with relevant stakeholders, particularly supervisors, to ensure that guidance is sufficiently clear on how to carry out risk assessments, encouraging the production of sector-specific guidance and case studies where possible”.

The Commission does, of course, publish its own risk assessment, and operators are expected to take account of the same when forming their own. In the past we have seen, on multiple occasions, the Commission criticise an operator’s risk assessment because it did not expressly cite certain items that are included in the Commission’s risk assessment (even if irrelevant to the operator’s business). That criticism has ultimately led to the impression that the Commission conducts a ‘box ticking’ exercise when reviewing an operator’s risk assessment. Operators, in the hope of guarding against further criticism, will often include items that are, in fact, of no relevance to their business to simply demonstrate to the Commission that they have considered and disregarded such risk.

That the Commission reviews, or has in the past reviewed, operators’ risk assessments in such a manner goes to the heart of why HM Treasury’s consultation is welcome – it is not only the MLRs that need to be clear and targeted, but also the approach of supervisors like the Commission when regulating their respective industries. HM Treasury’s commitment to work with supervisors to ensure guidance is ‘sufficiently clear’ will, hopefully, lead to acceptance or, at the very least, an acknowledgment by the Commission that operators are able to construct a risk assessment that is specific to their business and need not include irrelevant noise that is only included through fear of unwarranted criticism.

• References to the Euro (€ / EUR) in the MLRs will be amended to Sterling (£ / GBP) and where a specific figure is cited (e.g., €2,000), that figure will be converted on a one-to-one basis (e.g., £2,000) unless such conversion would create potential non-alignment with FATF-recommended thresholds.

Application to Operators

Strictly speaking, it is only those gambling operators that maintain a casino licence from the Commission that are included within the “regulated sector” for AML purposes, and it is therefore particularly important that casino operators digest the Response and the outcomes outlined above given its direct application.

However, in practical terms the principled outcomes of the Response will undoubtedly have broader application to operators’ wider businesses by virtue of the fact such operators are nevertheless subject to obligations under the Proceeds of Crime Act 2002 (“POCA”) as well as Licence Condition 12 of the Commission’s Licence Conditions and Codes of Practice, which imposes requirements on operators to address money laundering risk by conducting a risk assessment and ensuring that appropriate policies, procedures and controls are in place, and that such policies, procedures and controls are effective and take account of guidance issued by the Commission. To illustrate the point, the Commission’s guidance on POCA (which is addressed to all operators save for casino operators) speaks to country / geographic risk and the establishment of a business relationship, both are items that HM Treasury consulted on and addressed within the Response, as outlined above.

Comment

We have commented above on how certain elements of the consultation and HM Treasury’s Response touch on specific topics – namely, the establishment of a business relationship and operators’ approach to constructing their risk assessment – that have, for some time, been a potential thorn whenever the Commission comes calling.

It can only, therefore, be a good thing that the Response and the outcomes following it – be that through legislative change or HM Treasury working with supervisors – may prompt a reset within the gambling industry, including the Commission’s approach to regulation, to ensure that all stakeholders are clear on what the MLRs say, the purpose of the MLRs and – crucially – that the Commission’s expectations in its published guidance and approach to licence review align with what the MLRs say and the purpose of the MLRs.

It is important that operators and the Commission take the time to reflect on the Response. HM Treasury has deemed it necessary to introduce change, through regulation or potentially sector-specific guidance, to address loopholes in the MLRs and remove uncertainty. In our view, it is critical that the Commission acknowledges that the MLRs and, by extension, its guidance on the MLRs would benefit from careful review and amendment, and it must therefore be right, given the uncertainty and the fundamental principle of adopting a ‘risk based approach’, that the Commission demonstrates a willingness – especially in light of the Response – to meaningfully engage with operators on the nuance of the MLRs and how the technicalities impact the industry.