CLOSE

EN

Corbett Bookmakers is fined for AML failings. Is this a wake-up call for the gambling industry?

The recent fine of £686,070 imposed on Corbett Bookmakers by the UK Gambling Commission can be seen as a stark warning to the gambling industry. The investigation uncovered significant social responsibility and anti-money laundering (AML) failures, reinforcing the significance of regulatory compliance. 

This case not only highlights the consequences of non-compliance but also underscores the broader implications for AML policies, procedures and controls across the gambling sector.

What happened?

Corbett Bookmakers Limited, which operates 36 gambling premises, was fined for failures in both its social responsibility and AML compliance. The Gambling Commission’s assessment revealed:

  • Social responsibility breaches
    • Failure to identify and support customers showing signs of problem gambling, including one customer who staked £23,674 in just 13 days
    • Lack of adequate intervention in prolonged betting sessions, such as a customer placing 56 bets over four hours while losing £3,523
    • Insufficient interaction with high-staking customers, one of whom wagered £47,416 and lost £6,741 over a 10-week period
  • AML failings
    • Allowing customers to stake and lose large sums without sufficient Know Your Customer (KYC) verification or proper scrutiny of their source of funds
    • A failure to adopt a risk-based approach in the company’s money laundering and terrorist financing risk assessment, neglecting key risk factors such as customer behavior, geographic risks and payment methods
      • In one case, a customer was able to stake approximately £47,000 and lose £14,000 over an eight-month period without the firm verifying the legitimacy of the monies accepted

These breaches occurred between February 2022 to May 2024, an indication of systemic failings within the company’s compliance framework.

What does this mean to the industry?

This case has implications for the gambling industry, specifically in relation to AML policies and responsible gambling measures.

  • The fine and mandated third-party audit reinforce the Commission’s commitment to enforcing compliance. Other companies should take heed and conduct internal reviews to ensure they meet regulatory expectations. Failure to comply could result in hefty penalties and potential license suspensions.
  • With the Commission emphasising risk-based AML approaches, operators need to refine their risk assessments, strengthen KYC procedures and implement robust transaction monitoring systems. High-stakes gamblers must undergo thorough verification to prevent illicit funds from entering the gambling ecosystem.
  • The failure to identify problem gambling behaviours indicates a need for more proactive customer monitoring. Companies could, and should, leverage technology such as AI-driven analytics and real-time monitoring to detect at-risk players and intervene appropriately.
  • Beyond regulatory penalties, non-compliance can severely damage a company’s reputation, leading to loss of consumer trust and potential revenue declines. The financial and operational costs of remedial actions can far exceed the cost of preventive compliance measures.

In light of this case, gambling operators should reassess their compliance frameworks and take proactive measure:

  • Conduct independent audits to identify gaps in AML and social responsibility practices
  • Strengthen KYC and risk-based customer due diligence to prevent financial crime
  • Implement automated monitoring systems to flag unusual betting patterns
  • Train staff on early intervention strategies to support at-risk gamblers

A message to the gambling industry?

The fine levied on Corbett Bookmakers is more than just a financial penalty. It is a clear message to the gambling industry. Compliance with AML regulations and social responsibility requirements is non-negotiable. Gambling Commission’s enforcement director John Pierce even warned that if Corbett failed to fully implement the required audit recommendations, it would result in additional enforcement action.

As regulatory expectations tighten, gambling operators must be proactive in ensuring they meet regulatory standards or risk severe consequences.

Our suite of AML courses can help you stay protected.

AML courses and training
How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

Follow us

LinkedIn

YouTube

Phone

UK 020 8815 9308

Address

20 Grosvenor Place

London

SW1X 7HN

United Kingdom

Email

[email protected]

Experience Exceptional.

Contact us

Library

product

INDUSTRY

Resources

© 2025 VinciWorks

Learning that matters.

Software that works.

Explore
Request a demo

Follow us

LinkedIn
Youtube

Address

20 Grosvenor Place
London
SW1X 7HN
United Kingdom

Phone

UK 020 8815 9308

Email

[email protected]

Experience Excellence.

Contact us

Library

INDUSTRY

product

Resources

ABOUT US

© 2024 VinciWorks