Peru Enforces New AML Regime for Online Gambling and Sports Betting Operators

Peru has introduced a comprehensive regulatory and supervisory framework governing online gambling and sports betting platforms, marking a significant evolution in the country’s approach to digital wagering oversight. Building upon prior legislation that established the legality of remote gaming and wagering, the new regime enforces strict mandates to prevent money laundering and terrorist financing. Under these rules, online gambling and sports-betting operators are now formally recognized as “obligated subjects” within the national anti-money laundering (AML) and counter-financing of terrorism (CFT) framework. Each operator must implement a full-scale compliance system encompassing internal policies, procedures, transaction monitoring, customer due diligence (CDD), and reporting mechanisms.

Before the reform, remote gaming was viewed as a high-risk channel for illicit finance. Unregulated platforms provided fertile ground for laundering, allowing criminal actors to layer funds, simulate winnings, or structure bets to avoid detection. The newly enacted laws aim to close these gaps by extending to online operators the same rigorous AML obligations that previously applied primarily to traditional financial institutions and physical casinos.

At the heart of the framework is the requirement for each operator to establish a “Sistema de Prevención de Lavado de Activos y Financiamiento del Terrorismo” (SPLAFT), or System for the Prevention of Money Laundering and Terrorist Financing. This system obliges operators to maintain risk-based policies designed to identify, assess, and mitigate financial crime risks specific to their business models. Compliance requirements extend beyond players to include verification of directors, managers, beneficial owners, employees, and suppliers or service providers. All transactions must be recorded and reported when deemed suspicious, with mandatory submissions to Peru’s Financial Intelligence Unit (FIU).

Operators are required to appoint both a primary and an alternate compliance officer, tasked with maintaining the integrity of the SPLAFT system, ensuring internal controls are effective, providing ongoing staff training, maintaining thorough record-keeping, and preparing annual assessments on system performance. Records must include comprehensive data on all operations, player identity information, bets, winnings, deposits, payouts, and user account histories. These records must be preserved for periods consistent with statutory retention or limitation rules.

The technical standards underpinning the new system also compel remote platforms to transmit key economic data—covering bets, wins, losses, deposits, and payouts—in real time to state-regulated databases. This real-time flow of information allows authorities to monitor financial movements across the gaming ecosystem and detect irregularities quickly. Furthermore, all gaming and betting software, progressive systems, and related platforms must undergo certification and homologation to ensure transparency and auditability.

The online gambling sector has historically been vulnerable to multiple money-laundering typologies. One of the most common schemes involves layering through fabricated winnings: criminals deposit illicit funds, place small or manipulated bets to guarantee nominal wins, and then withdraw those funds as “clean” money under the guise of legitimate gambling proceeds. This mechanism masks the origin of funds and lends them an appearance of legitimacy.

Structuring is another prevalent tactic, where criminals deposit smaller sums across multiple accounts, or use third-party or nominee accounts to disguise the source and ownership of funds. Because winnings can be transferred, reinvested, or cashed out, these platforms become efficient channels for layering and integration. High-risk individuals, including politically exposed persons (PEPs), may also exploit these platforms to channel funds across jurisdictions, particularly in regions with weaker AML supervision.

Many online gambling platforms rely on external payment processors or digital wallets, which can introduce additional risk if those intermediaries lack adequate regulation or oversight. Without robust identity verification, transaction monitoring, and audit mechanisms, such systems can be easily abused to move illicit proceeds.

The new Peruvian regulations establish a clear framework for enforcement and sanctions. Operators that fail to meet AML obligations or operate without authorization face severe penalties. Running unauthorized platforms or betting rooms, or using unapproved systems, can result in substantial fines, suspension, or the revocation of licenses. Authorities are also empowered to block domains, disable IP addresses, or confiscate assets used in unlicensed gambling activities. Operators must grant regulators full access to their servers, databases, and user data for inspection; any attempt to conceal, manipulate, or deny access to information constitutes a serious administrative infraction.

Sanctions can include monetary fines calculated in tax units, debarment from the industry, or total suspension of operations. Additionally, operators must furnish financial guarantees or bank deposits to ensure compliance with their regulatory obligations. From a compliance management perspective, staff must undergo formal training in AML/CFT and responsible gaming practices. Companies are also obligated to maintain detailed audit logs, transmit daily or real-time economic data to regulators, and obtain certification from independent laboratories. Regular internal and external audits are mandatory to ensure that systems and controls remain effective.

For AML professionals, Peru’s new framework offers several important takeaways. First, it underscores that online gambling represents a high-risk sector for financial crime, given the inherent ease of disguising transactions through bets, manipulated outcomes, or false winnings. Consequently, AML programs must incorporate risk assessments specifically tailored to remote gaming activities, taking into account vulnerabilities such as fixed betting, algorithm manipulation, collusion, and the use of third-party accounts.

Second, compliance officers must work closely with technical and operational teams to ensure that all relevant transactional data—bets, deposits, payouts, and account movements—are continuously captured and monitored. The requirement for real-time data transmission to regulators enhances oversight and supports early intervention.

Third, because many operators maintain cross-border relationships through branches, subsidiaries, or third-party service providers, verifying beneficial ownership and performing due diligence on external partners is crucial. Directors, shareholders, and associated vendors must be vetted under the same AML standards as clients.

Fourth, effective compliance programs must include ongoing audits and testing to identify irregularities, such as abnormal winning streaks, repetitive betting patterns, or deposit and withdrawal behaviors inconsistent with legitimate gaming. Early detection of such anomalies can prevent illicit flows from being fully integrated into the financial system.

Finally, compliance teams must remain alert to evolving regulatory expectations—particularly regarding reporting thresholds, due diligence requirements for PEPs, transaction limits, and deadlines for aligning systems within transitional grace periods. Peru’s regulatory overhaul signals a broader shift toward more rigorous supervision of digital gambling activity, with a clear message to the industry: transparency, traceability, and proactive compliance are now the baseline for operation.

By fLEXI tEAM