Isle of Man Regulator Fines Shelgeyr Limited £200,000 Over Major AML and CFT Compliance Failures

The Isle of Man Gambling Supervision Commission has released a public enforcement statement detailing serious regulatory violations committed by Shelgeyr Limited, the company behind the Maverick Games brand. The action followed a comprehensive regulatory inspection that uncovered numerous breaches of the Gambling Anti Money Laundering and Countering the Financing of Terrorism Code 2019. Investigators determined that the operator did not sustain adequate safeguards against financial crime throughout the duration of its license. As a result, the Commission imposed a discretionary civil penalty of 200,000 pounds, reflecting what regulators described as widespread systemic failings. Authorities noted that the company cooperated during the investigation process, which ultimately contributed to a reduction in the total fine imposed.

Regulators identified fundamental weaknesses in the firm’s application of enhanced due diligence procedures. The inspection revealed that certain customer accounts were permitted to remain active or were even reopened despite insufficient documentation verifying the origin of deposited funds. In some cases, accounts that had previously been suspended because of missing information were not properly converted to fully closed accounts, directly violating local regulatory obligations. These failures created conditions in which the legitimacy of customer wealth could not be verified to the standard required by law. By failing to properly assess high-risk transactions and customer profiles, the operator weakened broader regulatory efforts aimed at protecting the Isle of Man financial system from criminal exploitation.

The investigation also uncovered major gaps in the company’s handling of politically exposed persons. The operator could not demonstrate that it had carried out appropriate background checks to confirm or eliminate potential matches with global monitoring databases. This shortcoming raised particular concern within the gambling industry, where politically exposed persons are considered higher risk for corruption or bribery-related activities. Without properly documented verification procedures, the company risked becoming a channel for moving funds linked to suspicious or illicit origins. The Commission further observed that the company failed to adhere to its own compliance manuals, suggesting that internal policies existed largely in theory rather than in practical application.

Beyond high-risk customer categories, the regulator found broader weaknesses in standard customer due diligence processes. The company showed an ongoing inability to gather and maintain basic identification details for many of its customers. Regulators determined that some users were allowed to conduct transactions without submitting complete personal information, effectively enabling anonymous account activity. Such practices are strictly prohibited under modern financial compliance frameworks because they obstruct effective monitoring of financial flows. Additionally, the operator failed to properly preserve records of customer communications and automated monitoring outputs outside of its main operational systems. This lack of backup documentation meant regulators could not independently review or verify the reasoning behind certain compliance decisions.

The quality of the firm’s ongoing monitoring procedures was also heavily criticized. Although some monitoring activities appeared to exist, these were not consistently incorporated into official compliance documentation. This created a situation where the effectiveness of operational safeguards could not be properly measured or enhanced. The regulator stressed that financial institutions must maintain continuous testing and review cycles to ensure their controls remain effective against emerging financial crime threats. By neglecting to systematically evaluate its operational processes, the company allowed vulnerabilities to remain in its day-to-day risk management operations, particularly as digital transaction methods continue to evolve.

Investigators also highlighted serious shortcomings in the company’s enterprise-wide risk assessment practices. The operator failed to demonstrate sufficient awareness of risks specific to its business model and the jurisdictions from which it accepted customers. National risk assessments issued by the Isle of Man and other relevant territories appeared to have been largely overlooked during corporate risk planning. This lack of geographic and sector-specific risk awareness left the firm poorly prepared to manage the challenges associated with servicing a global gambling customer base. The company’s failure to align internal risk tolerance with real-world international market risks was identified as a major governance deficiency.

The Commission also examined the company’s technological risk planning, particularly in relation to virtual currency acceptance. The technology risk assessment did not adequately address risks associated with convertible virtual currency payments. Without dedicated controls to mitigate the anonymity and speed of crypto-based transactions, the company increased its vulnerability to money laundering schemes. Regulators emphasized that non-face-to-face service delivery models require stricter verification standards than traditional customer interactions. The absence of a clear operational framework to manage digital asset risks demonstrated a disconnect between the company’s technological offerings and its legal compliance obligations.

Organizational leadership structures also came under scrutiny. Both the Money Laundering Reporting Officer and the Compliance Officer were found to lack sufficient authority and technical expertise to perform their roles effectively. In several situations, these compliance officials did not have the organizational power needed to address conflicts of interest, a key requirement for maintaining independent compliance oversight. Regulators concluded that when individuals tasked with preventing financial crime lack adequate authority or knowledge, the entire compliance structure becomes compromised. This structural weakness contributed significantly to the repeated regulatory failures documented during the inspection period.

The investigation further revealed shortcomings in staff education and training programs. Evidence indicated that some key employees had not received updated financial crime training for more than twelve months. In a sector where criminal tactics evolve rapidly, outdated training significantly increases operational risk. The Commission expects licensed operators’ boards to actively supervise staff training and ensure systems are updated regularly to reflect emerging threats. By failing to maintain staff competency through continuous professional development, the company did not establish a strong internal compliance culture capable of detecting or preventing regulatory breaches before they escalated into enforcement action.

By fLEXI tEAM