The Isle of Man has positioned itself as one of the most rigorously supervised gambling jurisdictions in the world, and its latest AML/CFT guidance confirms that position. Released in October 2025, the document issued by the Gambling Supervision Commission (GSC) targets online gambling licence holders operating under network permissions. This niche but critical segment of the e-gaming ecosystem often sits at the intersection of high-velocity financial transactions and opaque corporate structures, creating fertile ground for laundering risks if unchecked.
Table of Contents
The Isle of Man Gambling Supervision Commission’s AML Oversight
The guidance, formally tied to the Gambling (Anti-Money Laundering and Countering the Financing of Terrorism) Code 2019, expands the obligations for operators that provide network services to other gambling businesses. It clarifies how risk-based controls, due diligence, and monitoring mechanisms must evolve in parallel with the growing sophistication of digital gambling networks.
While the Isle of Man has historically maintained strong FATF and MONEYVAL ratings, the GSC’s decision to issue a specific framework for network models indicates its recognition that the business-to-business layer of gambling poses unique threats. These models, in which one licensed operator provides its platform to multiple partners, can obscure beneficial ownership and complicate AML monitoring.
The new guidance makes it clear that the days of minimalist due diligence in the gambling network sector are over. Operators must now prove, not just claim, that they have control of the financial flows and risk exposures running through their systems.
Risk-Based Supervision and MONEYVAL Compliance
The updated framework draws heavily from the Financial Action Task Force’s (FATF) risk-based methodology. The FATF’s Recommendation 1 requires jurisdictions to identify and assess money-laundering and terrorist-financing risks across sectors, and the Isle of Man’s 2025 update follows that template precisely.
The GSC’s supervisory model now integrates both inherent and dynamic risk factors. Inherent risks are tied to the operator’s business model, customer base, and products. Dynamic risks evolve from compliance history, enforcement outcomes, and exposure to higher-risk jurisdictions.
Inspections are conducted in three stages: a desk review of AML documentation, an on-site evaluation, and a post-inspection report. This structure ensures that the GSC does not merely assess technical compliance but also operational effectiveness. The regulator explicitly links this to its objective of keeping the gambling industry crime-free, aligning domestic supervision with FATF’s global standards.
The MONEYVAL peer-review process has historically been demanding for smaller jurisdictions. However, by 2025 the Isle of Man achieved positive ratings in 39 of FATF’s 40 recommendations, placing it among the top tier of technically compliant countries. The latest guidance is designed to maintain that momentum and reinforce confidence in the island’s integrity as a gambling hub.
The FATF-aligned approach means that network licence holders are no longer viewed as passive technology providers. Instead, they are deemed active gatekeepers of the financial system, required to integrate AML/CFT obligations into their contractual and operational models.
Money Laundering Exposure in Network Models
The core challenge addressed by the guidance lies in how online gambling networks facilitate third-party transactions. Under the Online Gambling Regulation Act (OGRA), a network permission allows an operator to offer its platform to other casinos, known as network partners. Those partners, in turn, interact directly with end customers across multiple jurisdictions.
This business model introduces a multi-layered chain of financial flows, often spanning different regulatory regimes. Without effective oversight, it can create opportunities for illicit actors to inject and recycle criminal proceeds.
The GSC identifies several typologies that heighten laundering and terrorist-financing risk in network operations. These include:
• unwillingness of network partners to disclose beneficial ownership;
• use of complex or rapidly changing corporate structures;
• reliance on payment intermediaries operating in jurisdictions with weak AML controls;
• unexplained third-party transactions and correspondent banking routed through high-risk states; and
• increasing use of virtual assets for settlement between partners.
The regulator explicitly warns that network relationships may present elevated terrorist-financing risks, particularly where end-user activity is indirectly linked to the licence holder. Operators are urged to assess not only their direct exposure but also the exposure of their partners’ customers, a requirement that effectively extends the scope of due diligence beyond contractual boundaries.
Case studies appended to the guidance illustrate the consequences of neglecting such vigilance. In one example, a licence holder failed to screen its network partners adequately. One of those partners, controlled by an organised crime group, laundered proceeds of fraud through the operator’s Isle of Man-based infrastructure. Another case showed how insufficient monitoring allowed both illicit and legitimate funds to flow through a platform, undermining the integrity of the licence holder and the jurisdiction alike.
The message is unambiguous: every licence holder bears ultimate responsibility for what transits through its network, regardless of delegation.
Building Effective AML Controls and Compliance Culture
To address these vulnerabilities, the GSC prescribes a series of measures aimed at embedding a culture of compliance within the gambling ecosystem. The guidance requires network permission holders to conduct comprehensive risk assessments that consider product vulnerabilities, jurisdictional exposure, and technological threats.
Due diligence must extend to all third-party relationships, including business-to-business partnerships, suppliers, and affiliates. This goes beyond customer identification, demanding that operators verify the AML standards of their partners and ensure equivalence with Isle of Man requirements.
Monitoring obligations are equally stringent. Licence holders must implement systems capable of detecting suspicious transactions, verifying partner controls, and maintaining real-time awareness of red-flag indicators. These include discrepancies in fund sources, excessive revenue flows compared with projections, and resistance to sharing documentation.
Operators must also perform independent assurance testing, either through external audits or internal compliance reviews. The objective is to ensure that AML controls are not merely theoretical but demonstrably effective.
The GSC’s emphasis on record retrieval and retention further underlines the regulator’s expectation of accountability. Where network agreements stipulate access to customer data or transaction records, operators must be able to produce such information promptly upon request. Failure to do so may result in escalated supervision or enforcement action.
Training represents another critical component of compliance culture. Staff engaged in compliance or operational oversight must receive tailored instruction on AML typologies specific to networked gambling. This includes understanding how criminal organisations use legitimate-looking front companies or exploit differences in international licensing regimes.
Ultimately, the guidance calls for continuous improvement. Network licence holders are advised to conduct periodic reviews of their frameworks in light of national risk assessments, technological evolution, and emerging threats such as crypto-asset laundering and proliferation-financing schemes.
By requiring a documented rationale for every risk-management decision, the GSC aims to replace subjective judgment with demonstrable governance.
A Stronger Model for Global Integrity
The Isle of Man’s updated approach illustrates how smaller jurisdictions can exert disproportionate influence in the global fight against financial crime. By combining FATF compliance with sector-specific enforcement, the island’s framework provides a template that balances economic competitiveness with regulatory rigor.
The guidance’s closing section articulates the wider benefits of adherence: operators that demonstrate strong AML performance will not only avoid regulatory penalties but also gain reputational advantages, attract legitimate partners, and contribute to the island’s long-term credibility.
The regulator’s vision extends beyond deterrence. It seeks to create a self-reinforcing system in which compliant businesses benefit from reduced inspection frequency, while those with repeated failings face intensified scrutiny. This incentive model reflects the maturity of the jurisdiction’s supervisory philosophy.
From a global perspective, the Isle of Man’s model aligns with the evolving expectations of FATF and MONEYVAL. As cross-border gambling platforms proliferate, the distinction between gaming and financial services continues to blur. The GSC’s proactive stance ensures that the sector remains part of the solution rather than a vulnerability.
The 2025 framework also underscores a broader lesson: that financial integrity depends not just on the strength of laws but on the culture that enforces them. For network permission holders, this means transforming AML obligations from compliance checklists into operational habits. The guidance effectively elevates AML from a regulatory burden to a strategic differentiator.
Related Links
- FATF – International Standards on Combating Money Laundering and Terrorist Financing
- MONEYVAL – Council of Europe Committee of Experts
- Isle of Man Gambling Supervision Commission – AML Guidance
- Isle of Man National Risk Assessment 2020
- Isle of Man National Risk Appetite Statement 2025
Other FinCrime Central Articles About Isle of Man’s Tougher Stance on Gambling-Related Money Laundering
Source: Isle of Man Gambling Supervision Commission
Some of FinCrime Central’s articles may have been enriched or edited with the help of AI tools. It may contain unintentional errors.
Want to promote your brand, or need some help selecting the right solution or the right advisory firm? Email us at info@fincrimecentral.com; we probably have the right contact for you.
