Gambling Commission Tells Operators: AML Policies Without Proof Will Cost You

June 12, 2026

3 min read

The Gambling Commission used the annual GAMLG conference in London on 10 June 2026 to send a pointed message to licensed operators. Director of Enforcement John Pierce said compliance has improved, but AML failings continue to appear in enforcement casework.

Pierce’s central point was direct. The Commission keeps finding a gap between what operators write in their AML policies and what actually happens inside the business. He told operators to check that their daily controls match their documented approach. The regulator is now testing whether controls work in practice, not just on paper.

Personal Management Licence holders received a specific warning. Pierce said the Commission has become tougher where senior staff fail to maintain proper oversight of AML controls. He confirmed some PML holders have not taken adequate steps to uphold licensing objectives.

Several recurring failures came up in the speech. Operators are ignoring a risk based approach, missing red flags in bank statements or payslips, applying weak due diligence on white-label and third-party investment partners, keeping poor records, and reviewing customer risk only after financial thresholds are crossed.

On AI, Pierce said the Commission is not opposed to new technology but expects operators to prove that algorithmic tools deliver compliance before deployment. Evidence seen by the regulator shows some systems are failing to do that.

The Commission’s updated money laundering and terrorist financing risk assessment is due in July 2026, with an emerging risks bulletin to follow in autumn. Both will give operators new material to update internal controls. Pierce also noted the UK faces a Financial Action Task Force assessment in 2027. He framed it as an industry wide test of whether AML processes stay aligned with current risks, not just a regulatory formality.

GAMLG chair Keith Bristow noted that unlicensed operators attract criminals precisely because they lack age checks, safer gambling controls and AML systems. Pierce said last year’s upstream interventions included 741 cease and desist notices, over 397,000 URLs reported to search engines, and 1,134 websites disrupted through takedowns or geo-blocking.

💡 TGJ Take

The real message from Pierce is not that AML compliance needs attention. It is that the Commission already knows where the gaps are and is building enforcement cases around them. PML holders are personally exposed if their team’s controls fail. On AI, using an algorithm does not transfer responsibility. If the system misses a red flag, the operator owns that miss.

The July risk assessment is the practical deadline. Operators that update internal controls before it lands will be in a stronger position if the same issues appear in future casework. The 2027 FATF assessment adds another layer. The Commission needs the industry to perform well. Firms that lag on AML will face pressure from two directions at once.