Isle of Man Tightens AML Controls for Online Gambling Networks

The Isle of Man has reinforced its reputation as one of the world’s most tightly supervised gambling jurisdictions, with its latest AML/CFT guidance underscoring that reputation. Released in October 2025 by the Gambling Supervision Commission (GSC), the document targets online gambling licence holders operating under network permissions—a niche but high-risk corner of the e-gaming ecosystem where rapid transaction flows and opaque corporate structures often converge. The guidance, formally linked to the Gambling (Anti-Money Laundering and Countering the Financing of Terrorism) Code 2019, expands the obligations of operators offering network services to other gambling businesses. It clarifies how risk-based controls, due diligence, and monitoring frameworks must evolve alongside the growing sophistication of digital gambling networks.

While the Isle of Man has long enjoyed strong FATF and MONEYVAL ratings, the GSC’s decision to issue a specific framework for network-based models signals recognition that the business-to-business layer of the industry carries unique threats. These arrangements, where one licensed operator provides its platform to multiple partners, can obscure beneficial ownership and complicate monitoring. The message from the regulator is clear: the era of minimal due diligence in gambling network operations is over. Operators must now demonstrate—rather than merely assert—that they maintain control over the financial flows and risk exposures passing through their systems.

The updated framework draws directly from the Financial Action Task Force’s (FATF) risk-based methodology, specifically reflecting Recommendation 1, which requires jurisdictions to identify and assess money-laundering and terrorist-financing risks across sectors. The GSC’s new supervisory model integrates both inherent and dynamic risk elements. Inherent risks are tied to the operator’s products, customer base, and business structure, while dynamic risks evolve from compliance records, enforcement outcomes, and exposure to higher-risk jurisdictions. The inspection process follows a three-stage structure: an initial desk review of AML documentation, a detailed on-site evaluation, and a post-inspection report. This layered approach ensures the GSC assesses not just technical compliance but operational effectiveness, aligning its domestic supervision with FATF’s global standards and its broader goal of keeping gambling crime-free.

MONEYVAL’s peer-review process has long been demanding for smaller jurisdictions, but by 2025 the Isle of Man achieved positive evaluations in 39 of FATF’s 40 recommendations, placing it among the most technically compliant nations. The new guidance seeks to maintain that momentum and reinforce global confidence in the island’s integrity as a leading gambling hub. The FATF-aligned model also redefines the role of network licence holders: they are no longer passive technology providers but active gatekeepers of the financial system, required to embed AML/CFT compliance into both contractual and operational structures.

At the heart of the guidance is the challenge of monitoring financial transactions within online gambling networks. Under the Online Gambling Regulation Act (OGRA), a network permission allows one operator to offer its platform to other casinos—network partners—who interact directly with end users across multiple jurisdictions. This layered business model can produce complex financial chains spanning different regulatory regimes, offering openings for illicit actors to inject and recycle criminal proceeds.

The GSC highlights several typologies that elevate laundering and terrorist-financing risks within these operations, including the “unwillingness of network partners to disclose beneficial ownership,” the “use of complex or rapidly changing corporate structures,” “reliance on payment intermediaries operating in jurisdictions with weak AML controls,” “unexplained third-party transactions and correspondent banking routed through high-risk states,” and “increasing use of virtual assets for settlement between partners.” The regulator explicitly warns that such network relationships may pose heightened terrorist-financing risks, especially when end-user activity is indirectly linked to the Isle of Man licence holder. Operators are therefore urged to assess not just their own exposure but also that of their partners’ customers, effectively extending due diligence beyond direct contractual boundaries.

Case studies attached to the guidance illustrate how neglecting such vigilance can have severe consequences. In one case, a licence holder failed to properly screen its network partners, one of which was controlled by an organised crime group that laundered fraud proceeds through the operator’s Isle of Man infrastructure. Another example showed that insufficient monitoring allowed both illicit and legitimate funds to flow unchecked through a network platform, undermining both the operator’s integrity and that of the jurisdiction. The GSC’s message leaves no room for ambiguity: every licence holder bears ultimate responsibility for all financial activity transiting its network, regardless of any delegation.

To mitigate these vulnerabilities, the GSC sets out a comprehensive series of measures designed to embed a culture of compliance within the gambling sector. Network permission holders are now required to conduct in-depth risk assessments addressing product vulnerabilities, jurisdictional exposure, and technological threats. Due diligence must cover all third-party relationships, extending to business partners, suppliers, and affiliates. This goes well beyond basic customer identification, requiring operators to verify the AML standards of their partners and ensure they meet Isle of Man equivalence.

Monitoring obligations are equally demanding. Licence holders must implement systems that can detect suspicious transactions, test partner controls, and maintain real-time visibility of risk indicators. Red flags include discrepancies in fund sources, excessive transaction volumes compared to projections, and resistance to information sharing. Operators must also conduct independent assurance testing—either through external audits or internal compliance reviews—to confirm that AML controls are not theoretical but demonstrably effective.

The GSC also places strong emphasis on record retrieval and retention. Where network agreements grant access to customer data or transaction histories, operators must be able to provide such information promptly upon request. Failure to comply may trigger escalated supervision or enforcement measures. Training is another central pillar: staff involved in compliance and oversight functions must receive tailored instruction on AML typologies specific to networked gambling, including how criminal groups exploit front companies or regulatory disparities across jurisdictions.

The guidance also calls for ongoing evolution. Network licence holders are advised to conduct regular reviews of their frameworks in light of national risk assessments, technological shifts, and emerging threats such as crypto-asset laundering and proliferation-financing. By requiring a documented rationale for every risk-management decision, the GSC aims to replace subjective judgment with verifiable governance, ensuring accountability at every stage.

The Isle of Man’s strengthened framework demonstrates how a smaller jurisdiction can wield outsized influence in the global fight against financial crime. By marrying FATF compliance with targeted sectoral enforcement, the island provides a model that balances economic competitiveness with regulatory discipline. The GSC’s concluding remarks make the benefits of compliance explicit: operators demonstrating strong AML performance not only avoid regulatory sanctions but also gain reputational advantages, attract legitimate partners, and enhance the island’s credibility.

The regulator’s long-term vision extends beyond deterrence. It seeks to foster a self-reinforcing ecosystem in which compliant businesses enjoy reduced inspection frequency, while those with recurring failings face heightened scrutiny. This incentive-based model reflects the maturity of the Isle of Man’s supervisory approach. On a global level, the island’s regime aligns closely with evolving FATF and MONEYVAL expectations. As cross-border gambling platforms proliferate and the lines between gaming and financial services blur, the GSC’s proactive stance ensures the sector remains part of the solution rather than a systemic risk.

The 2025 guidance ultimately reinforces a broader principle: financial integrity depends as much on regulatory culture as on legal frameworks. For network permission holders, this means transforming AML obligations from procedural checklists into core operational practice. In doing so, the Isle of Man elevates AML compliance from a regulatory requirement to a defining hallmark of credibility—and a strategic differentiator in the international gambling market.

By fLEXI tEAM