The Fourth Anti-Money Laundering Directive: key developments and impact on the gambling sector – (EEGReport – Magazine – Issue2 – February – May 2016)

The Fourth Anti-Money Laundering Directive[1] (hereinafter the “Directive”), which was approved by the European Parliament on 20 May 2015, will introduce significant changes in the European legislation aiming to prevent the abuse the financial system  to launder money or finance terrorism. These changes, intended to adapt AML legislation to new and ever evolving forms of financial crime, will also include the entire gambling sector in the scope of the Directive for the first time; a move that has been welcomed by, for example, the European Gaming and Betting Association[2].

As is well known European Directives need to be transposed by Member States into national legislation: the Directive must be implemented by 26 June 2017 from which moment the new rules will apply.

This article focuses on the key developments introduced by the Directive, in particular as concerns the new obligations that will be binding to providers of gambling services. After presenting an overview of the new risk-based approach used by the Directive, it will discuss the provisions that will apply specifically to the gambling sector. Next, an overview of other key elements of the Directive, applicable to all obliged entities, will be given. Finally, comments on the potential impact of the Directive on the provision of online gambling services will be discussed.

New risk-based approach

“The risk of money laundering and terrorist financing is not the same in every case. Accordingly, a holistic, risk-based approach should be used.”[3]  This statement, contained in Recital 22 of the Directive, summarizes well one of the main developments brought by this new piece of legislation: the risk-based approach. As the same Recital establishes, this approach involves the use of evidence-based decision-making in order to target the risks of money laundering and terrorist financing facing the Union and those operating within it more effectively. In other words, the measures taken in order to fight money laundering and terrorist financing must be based on evidence of the level of the threat posed by a given transaction.

To implement this risk based approach, firstly the European Commission (hereinafter the “EC”) will, by 26 June 2017, issue a report (“hereinafter the “EC report”) identifying and evaluating the risks of money laundering and terrorist financing at Union level.[4] On the basis of that report, the EC will recommend to the Member States a wide range of measures addressing the identified risks.

The Member States, in turn, will conduct their own risk assessments making use of the findings of the EC report. Based on those risk assessments, the Member States are meant to improve their policies to fight money laundering and terrorist financing inter alia by identifying “sectors or areas of lower or greater risk”, and ensuring “that appropriate rules are drawn up for each sector or area.”[5]

In turn, ‘obliged entities’, that is the entities to which the Directive applies (including gambling operators), will be required totake appropriate steps to identify and assess the risks of money laundering and terrorist financing, taking into account risk factors including those relating to their customers, countries or geographic areas, products, services, transactions or delivery channels”.[6] In other words, gambling operators must conduct their own risk assessments, as well as document and keep records of the latter, which shall be made available to the relevant authorities.[7]

Obliged entities will be also required to establish policies, controls and procedures, to address the relevant risks identified by the EC report, by their own risk assessments as well as by the ones of the relevant Member State(s).[8] These shall include: the development of internal policies, controls and procedures, including model risk management practices, customer due diligence, reporting, record-keeping, internal control, compliance management including, where appropriate with regard to the size and nature of the business, the appointment of a compliance officer at management level, and employee screening;”.[9] In addition, an independent audit will be required in some situations.[10]

Gambling provisions

There are three groups of provisions dealing specifically with gambling in the Directive, and they deal with 1) an exemption for some gambling services, 2) establishing a special threshold for customer due diligence (hereinafter “CDD”) requirements, and 3) the attribution of enhanced supervisory powers to regulatory agencies when controlling the activities of gambling operators. It is important to note that all gambling providers, except casinos[11], are treated the same under the Directive. These groups of provisions are the following:

First of all, the Directive rightly understands that not all gambling services entail the same risks of money laundering and terrorist financing, and, for this reason, allows Member States to exempt “in strictly limited and justified circumstances[12] individual gambling services “where the risks of money laundering or terrorist financing are low”.[13] By means of that exemption, Member States are allowed to fully or partly release the providers of a given gambling service from the obligations stemming from the Directive following a risk assessment carried out by the Member State. This risk assessment shall address and prove the “low risk posed by the nature of the given service, as well as, in some situations, its scale of operations.[14] The risk assessment, which shall take into account any relevant findings contained in the EC Report, shall asses, in particular,the degree of vulnerability of the applicable transactions, including with respect to the payment methods used, and shall be notified to the EC, which will in turn notify the exemption to the other Member States.[15] The activities of physical casinos cannot, however, under any circumstances be exempted from the provisions of the Directive, which additionally states that they must ensure CDD if it is taken at the point of entry to the premises, can be linked to the transactions conducted by the customer on those premises.”[16]

Secondly, the economic threshold that triggers the obligation to apply CDD measures is significantly lower for gambling operators than for other obliged entities. The Directive does not give a clear definition of customer due diligence measures, but those may be defined as a wide range of measures, the purpose of which is, to determine and verify the identity of a player. Article 13 of the Directive describes some of the measures that CDD measures shall contain, as for instance identifying the customer and verifying the customer’s identity on the basis of documents, data or information obtained from a reliable and independent source”,[17] or “assessing and, as appropriate, obtaining information on the purpose and intended nature of the business relationship”.[18]

According to the Directive, obliged entities are required to undertake CDD measures in a number of situations, for instance, “when there is a suspicion of money laundering or terrorist financing”.[19] They are also required to apply such measures when they carry out transactions above a given threshold, which as a general rule is 15.000€,[20] and 10.000€ (in case of traders of goods).[21] When it comes to gambling, however, this threshold is 2.000€.[22] Therefore, gambling operators will be obliged to apply CDD measures when performing operations amounting to 2000€ “whether the transaction is carried out in a single operation or in several operations which appear to be linked”.[23] Furthermore, as recital 21 states, gambling operators will be required to “apply the same threshold to the collection of winnings, wagering a stake, including by the purchase and exchange of gambling chips, or both.

Finally, the Directive establishes the obligation for Member States to guarantee supervisory bodies have “enhanced supervisory powers” on the activities of gambling operators in the same way as with credit and financial institutions.[24] While how these enhanced supervisory powers will work in practice remains to be seen once the new legislation is implemented into national law, the Directive already requires on the one hand, that gambling operators are regulated”,[25]  and on the other that supervisory bodies ensure that the managers and beneficial owners of such operators are “fit and proper persons”.[26] The rationale behind this is that there exists the need to protect such entities from being misused by their managers or beneficial owners for criminal purposes.”[27]

Other key elements of the Directive

The Directive will also bring developments in a wide range of fields related to the fight against money laundering and terrorist financing. As a result of these modifications, the following will apply to all obliged entities, including all gambling providers (unless exempted as discussed above):

  • The definition of “criminal activity” will also cover tax crimes.[28] While the definition of the actual behaviors that are to be considered “tax crimes” is left to the Member States, the inclusion of such crimes in the scope of the Directive will enhance coordination between the relevant authorities dealing with money laundering and terrorist financing, as well as the ones dealing with tax offences. In particular, it is stated that “differences between national law definitions of tax crimes shall not impede the ability of [relevant authorities] to exchange information or provide assistance to another [relevant authority], to the greatest extent possible under their national law”.[29]

  • Enhanced CDD will be required when facing operations with “complex and unusually large transactions, and all unusual patterns of transactions, which have no apparent economic or lawful purpose[30]as well as with clients based in “high risk third countries”[31] designated by the EC. Firms will be required to perform special CDD measures requiring senior management approval[32] when performing operations involving politically exposed persons,[33] or their relatives and close associates.[34] In turn, Politically Exposed Persons are defined as natural persons who have been “entrusted with prominent public functions.”[35]
  • Companies shall “obtain and hold adequate, accurate and current information on their beneficial ownership, including the details of the beneficial interests held.”[36] This information shall be made available to the relevant authorities[37] and be included in a central register held by the Member State in which the firm is based.[38] This register shall only be accessed by relevant authorities, obliged entities applying CDD measures, or “any other person or organization that can demonstrate a legitimate interest”.[39] By June 2019 the EC will issue a report “assessing the conditions and the technical specifications and procedures for ensuring the safe and efficient interconnection” of the different national registers.[40]
  • Considering that fragmentation might hinder the fight against money laundering and terrorist financing,[41] the Directive provides for more harmonization regarding sanctions for failure to comply with the obligations contained therein. In that regard, the sanctions include not only high fines for firms infringing the provisions of the Directive,[42] but also the publication of the name of the infringer.[43]
  • The Directive will also provide for improvements in the cooperation between relevant national authorities (FIUs).

  • Benefits and risks

As pointed out above, the inclusion of gambling in the scope of the Directive has been welcomed by industry associations. Contrary to popular belief, it is not easy to launder money through EU-regulated online gambling providers[44]. This is not only due to the lack of cash money involved and the digital finger print that provides for easy traceability of financial transactions performed online, but also to the fact that EU-regulated online gambling operators are already obliged to comply with anti-money laundering legislation passed by their host EU Member States. Accordingly, the EC has concluded:

As for money laundering, there is currently very limited information or evidence suggesting that licensed online gambling operators in Europe are subject to money laundering activities.  The prevailing problem is linked to unregulated operators who are offering their services at a distance from outside of the EU with either no or a very low degree of regulation and supervision.[45]

However, experience shows that occasionally some Member States may use fraud prevention regulations to protect the local gambling offer, for instance, by requiring foreign companies to operate land-based facilities, [46] contrary to the freedom to provide services as well as case law from the Court of Justice of the European Union.[47]  Nevertheless, if the Directive is correctly implemented, without unnecessary gold plating, it is unlikely that EU-regulated online gambling operators will face a significant increase in compliance costs. In fact, harmonization in this field is very likely to bring costs down, as dealing with a single anti-money laundering regime is logically more cost-efficient than dealing with twenty-eight separate ones.

For these reasons, the inclusion of gambling in the scope of the Directive has been welcomed. However, the implementation of the Directive entails some risks and potential pitfalls if not done correctly. These risks stem from possible disparities in the implementation of the Directive in different Member States, and from the possibility of discrimination against cross-border operators.

With respect to potential implementation disparities, the Directive allows a degree of discretion to Member States in the implementation of the measures that obliged entities have to carry out to prevent money laundering and terrorist financing. Consequently, it is possible that Member States will require different types of measures to address those threats. For instance, national provisions implementing the aforementioned Article 8(1) will require online gambling operators to take “appropriate steps to identify and assess the risks of money laundering and terrorist financing” in their activities. But what these “appropriate steps” will mean may change from one Member State to another, and the same goes for the “policies, controls and procedures” mentioned above, as well as some other provisions of the Directive.

This results from the fact that Member States may identify varying potential sources of money laundering and terrorist financing, and require different measures to be taken by obliged entities. Diverse national business and crime prevention cultures may also make these disparities become more pronounced as countries have diverse ways of addressing these threats.

These disparities, in turn, may oblige online gambling operators to comply, as pointed out before, with varying sets of rules, and reduce the benefits of the harmonization that the Directive is intended to bring. This is due to the fact that the Directive requires obliged entities to comply not only with the national provisions implementing the Directive of their home Member State, but also with the ones of other Member States where they have local agents.[48] With respect to that, recital 52 of the Directive states:

Where an obliged entity operates establishments in another Member State, including through a network of agents, the competent authority of the home Member State should be responsible for supervising the obliged entity’s application of group-wide AML/CFT policies and procedures. This could involve on-site visits in establishments based in another Member State.”

  • Conclusion

As it has been shown, the Directive brings a wide range of developments in order to improve the fight against money laundering and terrorist financing. Based on a risk-based approach, the actors involved in this fight shall conduct a wide range of risk assessments so as to adapt their measures to the level of threat that their activities may face.

Gambling services will, for the first time, be subject to EU legislation intended to combat such threats. While allowing Member States to exempt some services entailing low risk of crime, the Directive simultaneously stipulates a lower CDD threshold for gambling operators, compared to other services, and grants enhanced supervisory powers to national relevant authorities to monitor their activities.

Overall, the new Directive is seen as a positive move by many in the EU-regulated online gambling industry. If its implementation is done in a proper way, EU-regulated operators will be obliged to comply with a single anti money laundering regime, reducing the compliance costs that they nowadays face because of fragmented legislation. However, disparities in the implementation of the Directive by Member States, or unnecessary gold plating may unnecessarily create difficulties. This underlines the importance of the current phase of implementation, which needs to be carefully monitored.



  • [1] Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/E
  • [2] See Press release of the European Gaming and Betting Association of 20 May 2015 :
  • [3] Recital 22
  • [4] Article 6(1)
  • [5] Article 7(4)
  • [6] Article 8(1)
  • [7] Article 8(2)
  • [8] Article 8(3)
  • [9] Article 8(4)(A)
  • [10] Article 8(4)(B)
  • [11] Casinos were already included in the scope of the 3rd AMLD as they were judged as posing higher risk. It is generally considered that this is due to the cash transactions carried out.
  • [12] Recital 21
  • [13] Recital 21
  • [14] Article 2(2)
  • [15] Article 2(2)
  • [16] Recital 21
  • [17] Article 13(1)(A)
  • [18] Article 13(1)(C)
  • [19] Article 11(E)
  • [20] Article 11(B)(i)
  • [21] Article 11(C)
  • [22] Article 11(D)
  • [23] Article 11(D)
  • [24] Article 48(3)
  • [25] Article 47(1)
  • [26] Article 47(2)
  • [27] Recital 51
  • [28] Article 3(4)(F)
  • [29] Article 57
  • [30] Article 18(2)
  • [31] Article 18(1)
  • [32] Article 20(B)(i).
  • [33] Article 20
  • [34] Article 23
  • [35] Article 3(9)
  • [36] Article 30(1)
  • [37] Article Article 30(2)
  • [38] Article 30(3)
  • [39] Article 30(5)
  • [40] Article 30(10)
  • [41] Recital 59
  • [42] Article 59(2)(E), Article 59(3)
  • [43] Article 59(A).
  • [44] MHA Financial Crime support report for the Remote Gambling Association
  • [45] COMMISSION STAFF WORKING DOCUMENT Online gambling in the Internal Market Accompanying the document Communication from the Commission to the European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions Towards a comprehensive framework for online gambling /* SWD/2012/0345 final, page 89.
  • [46] See for instance EC Press release  “Commission requests Member States to comply with EU law when regulating gambling services” (20 November 2013) available at:
  • [47] Judgment of the Court (Third Chamber) of 21 January 2010. European Commission v Federal Republic of Germany. Case C-546/07, paragraph 39.
  • [48] Article 45(2)