Spreadex Hit with £2 Million Penalty Over Serious AML and Safer Gambling Failures

Spreadex Limited has been issued a £2,022,000 penalty by the UK Gambling Commission following an investigation that revealed serious anti-money laundering (AML) and social responsibility failings. The operator, which offers casino and fixed-odds betting through Spreadex.com in addition to financial trading services, has also been ordered to undergo a mandatory third-party audit. This audit will assess whether the company’s AML and safer gambling policies, procedures, and controls are now adequate and fully implemented. This marks the second time in just three years that Spreadex has come under regulatory scrutiny for similar breaches, reinforcing the Commission’s intent to impose strict compliance standards across the gambling industry.

The Commission’s compliance assessment, carried out in July 2023, exposed critical deficiencies in Spreadex’s handling of AML obligations. Specifically, the company’s risk assessment for money laundering and terrorist financing failed to consider essential factors such as customer risk profiles, product types, geographic exposure, and payment methods. These omissions contravened the Commission’s expectations for operators to adopt a dynamic, risk-based approach to AML controls.

Spreadex’s reliance on customer-provided financial information without independent verification was seen as a significant vulnerability. One customer deposited around £64,000 over a short period and lost £50,000 in a single month. Despite clear risk indicators, the company failed to request any Source of Funds (SOF) documentation. This case exemplified a broader pattern of failure to escalate due diligence procedures in response to increasing levels of customer risk. The operator maintained a static level of scrutiny even as deposit amounts and gambling intensity rose—an approach the Commission strongly condemns.

The failings were not limited to AML controls. The Commission also found substantial breaches of social responsibility obligations. In one instance, a customer exceeded a daily deposit cap of £3,340 on twelve occasions within a fourteen-day period, a strong indicator of potential gambling-related harm. Spreadex responded solely with four automated pop-up messages and did not initiate any human interaction to assess the customer’s wellbeing. This fell well short of regulatory expectations, which require licensees to escalate from automated alerts to personalised interventions when signs of harm are evident.

These issues are particularly concerning given Spreadex’s recent history. In 2022, the company reached a £1.36 million settlement with the Commission for similar failures. In that case, a customer deposited £1.7 million and lost £500,000 in one month without appropriate intervention, despite repeated financial alerts. The recurrence of such failings signals a lack of internal cultural change and raises serious questions about the operator’s commitment to regulatory compliance.

Spreadex’s conduct constitutes a breach of several key legal frameworks, including the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs 2017) and the Gambling Commission’s Licence Conditions and Codes of Practice (LCCP). The MLRs 2017 require gambling businesses to conduct effective customer due diligence (CDD), maintain ongoing monitoring, and implement enhanced due diligence (EDD) where higher risks are present. Spreadex’s failure to collect and verify SOF information placed it in direct violation of these obligations.

Additionally, under section 327 of the Proceeds of Crime Act 2002 (POCA 2002), it is a criminal offence for an operator to facilitate or fail to report the concealment or disguise of criminal property. Together with the MLRs 2017, POCA 2002 forms the foundation of the UK’s AML framework. Licensees are expected to maintain a risk-based approach, proactively adapt to evolving risks, and collaborate with regulatory bodies such as the Financial Conduct Authority (FCA) to ensure comprehensive oversight of customer behaviour.

In response to the investigation, the Gambling Commission has mandated that Spreadex commission an independent third-party audit. The audit will evaluate whether AML and safer gambling policies are functioning effectively across all areas of the business, including financial trading operations overseen by the FCA. The audit must scrutinise elements such as the application of risk-based CDD, SOF verification processes, transaction monitoring thresholds, and the effectiveness of interventions related to gambling harm. Findings must be reported directly to the Commission, and any identified shortcomings must be addressed through a clear and timely remediation plan.

John Pierce, the Gambling Commission’s Head of Enforcement, commented: “Operators must not only implement and maintain robust anti-money laundering policies, procedures, and controls, but also act swiftly in response to any indicators of suspicious activity. … Operators should be in no doubt: repeated regulatory failings will result in escalating enforcement action.”

The outcome of this enforcement action against Spreadex is a clear signal to all UK-licensed gambling operators. Regulatory compliance is not optional, and repeated failings will carry increasingly severe consequences. Operators are expected to independently verify customer financial data, apply dynamic AML processes, and escalate from automated alerts to human intervention when red flags emerge. Failure to embed these principles into daily operations risks not only financial penalties but also long-term reputational damage and erosion of public trust in the gambling sector. Spreadex’s case serves as a cautionary tale and a call to action for the entire industry to treat AML and social responsibility not as tick-box exercises, but as central components of ethical business conduct.

By fLEXI tEAM