The story behind a £4m AML fine, the risks staff overlooked and how you can avoid the same mistakes.

A giant falls

For 17 years, Celton Manx Limited operated under the Isle of Man’s Gambling Supervision Commission (GSC), building a reputation as a leading online bookmaker through its brand SBOBet. The company appeared polished, profitable and, significantly, compliant. That is, until it wasn’t.

In May 2025, Celton Manx abruptly surrendered its gaming licence. Shortly after, the GSC revealed why: Systemic failures in anti money laundering (AML) compliance, a collapsed governance structure and breaches that were serious enough to warrant a £5.6m fine. This was later discounted to £3.9m due to early cooperation.

This was not a single oversight. It was an institutional failure years in the making

What happened? 

The unraveling began in October 2024, when the GSC conducted a routine AML inspection. This quickly escalated into a formal investigation. Regulators uncovered widespread AML/CTF breaches. 

It appeared that Celton Manx had failed to carry out even basic customer risk assessments, a core requirement for preventing money laundering and terrorist financing. High-risk customers, particularly those from jurisdictions known for financial crime, were onboarded without enhanced due diligence. Even when there were obvious warning signs, such as unexplained sources of funds or complex ownership structures, the company failed to act.

One of the most critical shortcomings was that the company did not perform enhanced due diligence (EDD) on clients identified as higher risk. This means that customers who should have been subject to more rigorous scrutiny were treated no differently from low-risk individuals. For a business operating internationally, this created major exposure.

Celton Manx also lacked adequate systems for monitoring customer activity. There was no reliable mechanism in place to detect suspicious transactions or unusual betting patterns. As a result, red flags that should have triggered internal reviews or suspicious activity reports (SARs) were missed. Worse still, the company’s compliance team was unprepared and underqualified. The money laundering reporting officer (MLRO) and the AML compliance officer lacked sufficient expertise for the roles. That meant policies were poorly designed, rarely updated and inconsistently applied. On at least one occasion, an SAR wasn’t filed promptly, an error that could have had legal implications had actual criminal activity been involved.

Additionally, Celton Manx failed to oversee its network partners, many of whom operated in high-risk jurisdictions. The company could not prove that these partners followed AML standards equivalent to those mandated in the Isle of Man. In effect, this opened a back door for illicit funds to flow through the platform unchecked.

Training, too, was a failure point. The content was generic, out of date and not tailored to the company’s business model or risk profile. As a result, staff were ill-equipped to recognise warning signs or respond appropriately when issues arose.

Perhaps most shockingly, there was no risk assessment on record, something so fundamental that its absence suggests not just neglect, but a complete breakdown in compliance culture.

Why were red flags missed?

What makes this case especially instructive is that these weren’t subtle or obscure failures. They were basic lapses that would be caught by any robust compliance programme.

So how did they go unnoticed for so long? Either no one was looking closely enough or those who noticed didn’t feel empowered to speak up. When risk assessments aren’t documented, monitoring systems are weak and staff aren’t trained, red flags can appear as routine as in just another customer, another deposit and another oversight. Without a clear framework and active oversight, signs of trouble are easy to miss. 

The truth is AML and corruption risks rarely reveal themselves in dramatic ways. They show up in small details such as a customer who hesitates to provide ID, a sudden change in transaction behaviour or an overseas payment that doesn’t match a player’s profile. If staff don’t recognise these moments for what they are, nothing gets reported. And if no one is reporting, compliance systems may look functional but in reality, they’re not working.

It’s critical that all staff, not just compliance officers, understand what high-risk behaviour looks like, how to escalate concerns quickly and that they play a crucial role in protecting the company, not just from fines but from being misused by criminals.

How to avoid compliance fails  

The lessons from Celton Manx apply far beyond the gaming industry. Here’s how you can ensure your organisation doesn’t breach compliance rules:

Perform and document risk assessments
Assess every customer’s risk profile and keep clear, up-to-date records. This is your first line of defence.

Apply enhanced due diligence (EDD)
When you’re dealing with high-risk individuals or regions, standard checks aren’t enough. EDD is non-negotiable.

Monitor actively
Implement systems that flag unusual activity and make sure someone is reviewing those alerts regularly.

Appoint trained compliance staff
Your MLRO and compliance leads must have the expertise to design and enforce robust AML processes.

File SARs promptly
If you suspect something’s wrong, report it. Delays can have serious consequences and are often viewed harshly by regulators.

Tailor your training
Generic training won’t cut it. Employees need practical guidance based on your business model and risk exposure.

Hold partners to the same standard
You’re responsible for your network. Make sure third parties meet the same compliance standards you’re held to.

The cost of ignoring signs

Celton Manx’s £4m penalty is a financial blow but the greater damage may be reputational. For a company that once held a 17-year licence, to lose it over preventable failings sends a powerful message.

AML and corruption risks are not abstract threats. They are operational vulnerabilities. They exploit weak governance, inattentive staff and underfunded compliance teams. The best defence is to know your risks, train your staff and always be monitoring your systems.

Our AML training courses will ensure compliance through engaging e-learning. Our interactive modules help staff stay compliant, reduce risk, and meet regulatory obligations across all industries. Learn more here. 

Be sure to also check out our new conversational learning courses on AML. They transform passive training into active engagement and allow staff to explore rich, multimedia scenarios with our expert AI assistants. Learn more here.