Background

The UK Gambling Commission (UKGC / Commission) has published a reminder to Operators that a new offence (Offence) will come into force under The Economic Crime and Corporate Transparency Act 2023 (ECCTA).

Proposed by the Law Commission in June 2022, the Offence will hold businesses accountable for fraud committed by their employees and other associated persons/bodies. The aim is to encourage proactive fraud-prevention measures and procedures.

The Offence [1]

From 1 September 2025, Operators [2] face criminal liability for a failure to prevent fraud if an employee, agent, subsidiary or ‘associated person’ commits a ‘base fraud’ offence [3], intended to benefit the organisation (regardless of whether a benefit was actually received).

A complete defence (Defence) can be established by proving (on the balance of probabilities) that reasonable fraud prevention procedures were in place. Home Office guidance suggests following six principles to strengthen chances of being able to rely upon the Defence:

1. Top level commitment: promotion of fraud prevention culture by senior management;
2. Risk assessment: regular identification / evaluation of risks (general / specific to the business);
3. Proportionate risk-based prevention procedures: tailoring of measures to the business;
4. Due diligence: i.e., on those performing services for / on behalf of the organisation;
5. Communication: regular training for employees and relevant third parties;
6. Monitoring and review: continual reassessment and refinement of procedures.

Implications for Gambling Operators

In practice, ECCTA essentially adds an extra layer of liability applying to organisations in the gambling industry (Operators), which already must meet a high standard of fraud prevention under the LCCP. Operators failing to establish the Defence may face fines determined by the prosecutor. Beyond financial penalties, considerable damage could be suffered to reputation and customer trust. It may also trigger a broader investigation of anti-fraud and AML compliance by the Commission.

The emphasis is on active fraud prevention, requiring robust detection and deterrence practices. Reliance on policies and procedures alone is unlikely to meet the bar set by the Defence. Practical implementation is, therefore, essential. Staff training, effective monitoring, routine risk assessments and thorough record-keeping should be among the key areas of focus for Operators (see more below).

An important note: measures should be proportionate to the Operator’s size, scale, and risk profile, with larger Operators handling vast betting volumes expected to maintain more sophisticated systems.

Note also that Operators based outside of the UK are not off the hook. The Home Office guidance states that, “…whether it is appropriate to adopt group wide policies could depend on the extent to which the activities of organisations within the group take place in the UK or give rise to a risk of fraud involving victims in the UK.”

Financial Conduct Authority (FCA) Guidance

While targeted at companies or ‘firms’ regulated under their remit, the FCA has published guidance of use to Operators on fraud prevention, too. The Financial Crime Guide largely reflects the themes already discussed above, with suggestions for effective prevention measures including:

• Engaging in ‘cross-industry efforts’ to combat fraud including data-sharing initiatives;
• Ensuring staff at all levels (especially senior management) keep across new fraud threats, incidents, and trends; and
• Conducting effective due diligence.

Whilst Operators are not FCA-regulated, the guidance can be extremely useful from a best practice perspective.

Next Steps for Operators

1. Comprehensive Review and Integration of Controls

Review existing fraud-prevention measures, ensuring they are integrated with other compliance requirements such as AML and KYC, across all business areas including customer onboarding, payment processing, and third-party relationships.

2. Third Party Due Diligence

Apply rigorous due diligence to all partners, suppliers, and agents, matching internal anti-fraud standards. Maintain a comprehensive paper trail to support the Defence if needed in future.

3. Targeted Training

Deliver regular, role-specific training on gambling-specific fraud risks, ensuring staff can identify suspicious activity and follow proper reporting procedures.

4. Clear Reporting Lines and Accountability

Create clear, confidential reporting channels for staff concerns, with designated senior management responsible for fraud prevention and oversight.

5. Ongoing Risk Assessment

Implement a proportionate, risk-based approach with enhanced controls for high-risk areas specific to the business. The frequency of risk assessments could be crucial to the Defence, but this should, as with all other measures, be proportionate to each Operator’s size and risk profile.

References

[1] See s.199 ECCTA.

[2] Although the Offence will apply to ‘large organisations’ (defined under s.201 ECCTA), the Offence should encourage good practice in fraud prevention for all Operators. In any case, measures implemented should be proportionate to the size and shape of the Operator in question.

[3] See s.199 ECCTA.