Betfred Fined £825,000 for AML Failings on B3 Gaming Machines, Highlighting Sector-Wide Weaknesses

The £825,000 penalty imposed on Done Brothers Cash Betting Limited, trading as Betfred, has brought renewed attention to ongoing deficiencies in anti-money laundering (AML) controls within the retail gambling sector. According to the first paragraph of the regulatory report, the fine resulted from an investigation that concluded the operator had “failed to maintain effective anti-money laundering oversight for customers using B3 gaming machines.” Regulators determined that the firm lacked accurate visibility of customer spend and exposure throughout 2024, a shortcoming that “directly undermined its ability to identify suspicious patterns.” This enforcement action follows a prior regulatory intervention in 2023, reinforcing concerns about repeated weaknesses.

The findings revealed that Betfred was unable to form a coherent picture of machine-based customer behaviour, leaving the firm unable to apply proportionate controls. While machine alerts and daily reports were in place, the systems did not allow the operator to view aggregated spend across sessions. This meant staff “could not link individual machine events to a broader risk profile.” The regulator noted that without a unified view of customer exposure, it becomes difficult for operators to set risk-based thresholds or detect unusual activity that may indicate money laundering attempts.

The investigation also uncovered gaps in processes for screening and managing customers potentially subject to financial sanctions. As the report stated, a gambling operator “must be able to detect names that appear on official sanctions lists,” and failing to implement effective procedures constitutes a material compliance breach. Such deficiencies increase exposure to illicit finance risks and suggest insufficient alignment with legislative duties applicable to regulated entities handling customer funds.

Thresholds for reviewing the source of income were also deemed poorly calibrated. The regulator highlighted that “loss limits of £15,000 and stakes of £125,000 over 365 days were judged too high relative to the risks associated with machine gambling patterns.” Risk-based approaches require thresholds to consider the operator’s product mix and customer demographics. When thresholds allow prolonged high-value activity without scrutiny, the oversight framework becomes ineffective. These combined issues led the regulator to conclude that the operator “did not have a working model to detect or manage laundering risks linked to regular machine use.”

This case marks Betfred’s second enforcement outcome in two years. A previous settlement in 2023 addressed AML and customer protection failures, signaling that the firm had already been alerted to gaps in its compliance framework. The recurrence of issues indicates that post-2023 improvements were either insufficiently embedded or that processes failed to evolve with operational risks. Regulators emphasize sustained remediation, and repeated deficiencies “can be seen as an indicator that the compliance environment lacks resilience or adequate oversight.”

Although most failures observed in 2024 were classified as technical rather than tied to individual customer cases, the regulator stressed that “technical does not reduce materiality.” Structural weaknesses in process design can have a long-term impact, creating blind spots affecting large numbers of customers. For AML teams, technical weaknesses in machine monitoring or threshold design are particularly concerning because transactional patterns on machine-based products often differ from traditional sportsbook activity, necessitating tailored controls.

The regulator further noted that the requirement for a third-party audit underscores expectations for independent validation of operator-level improvements. Such audits assess whether remediation is stable and whether governance frameworks match operational complexity. In cases of repeated regulatory intervention, an audit serves to verify that compliance changes function as intended and that senior management oversight is sufficient to manage ongoing risks.

The investigation highlighted the operator’s inability to calculate total customer spend for B3 machine players, limiting its capacity to assess money laundering and terrorist financing exposure. Without consolidated spend data, staff could not differentiate normal activity from behaviour warranting scrutiny, creating a barrier to applying a risk-based approach. Insufficient processes for identifying sanctioned individuals presented an additional risk, as gambling transactions can be used by sanctioned persons to move funds or convert them into seemingly legitimate winnings. The regulator emphasized that without functioning sanctions processes, operators “cannot demonstrate compliance with national obligations that restrict the provision of financial services to sanctioned individuals.”

Risk-based source of income checks were similarly deficient. Thresholds that rarely triggered enquiries rendered the control environment largely symbolic rather than preventative. AML teams must apply thresholds aligned with the likelihood that high-value machine play could disguise the origin of funds. In this case, thresholds were “too distant from operational reality,” contributing to the conclusion that the firm lacked an understanding of the specific money laundering vulnerabilities associated with machine-based gambling.

While the operator has reportedly begun implementing improvements, the regulator stressed that this will only be confirmed upon completion of the third-party audit. The case reinforces the expectation that gambling operators must demonstrate consistent control effectiveness and ensure staff are equipped to manage higher-risk activity. Continuous enhancement remains crucial, particularly as machine-based products attract customers with diverse behaviours that can obscure abnormal activity when oversight is weak.

The enforcement also highlights broader regulatory emphasis on accountability for long-standing gaps. Regulators increasingly demand that firms with prior sanctions show sustained progress. Where initial actions fail to trigger permanent structural changes, subsequent penalties focus on operational robustness and the adequacy of management responses. The 2024 findings suggest that a combination of data fragmentation, outdated thresholds, and insufficient sanctions processes contributed to a risk environment that fell short of regulatory expectations.

For AML practitioners, the case underscores the importance of end-to-end visibility across machine activity. Effective monitoring frameworks must consolidate spend data, identify high-velocity play, and generate case reviews reflecting true customer exposure. The regulator’s findings make clear that when controls do not align with product risk, even well-designed systems cannot detect laundering attempts. The enforcement outcome demonstrates that machine-based gambling remains under regulatory scrutiny due to the inherent conversion risks that can be exploited by individuals seeking to move funds undetected.

By fLEXI tEAM