Feb 06, 2024
11 min read

A Global Guide to AML Compliance in Gambling, Gaming, and Betting (2024)

Learn how to stay compliant with AML regulations in three closely related industries—gambling, gaming and betting.

Whether online or offline, casinos, bookkeepers, and other gambling institutions  have historically been used for money laundering and other criminal activity, leading many jurisdictions to impose restrictions. Despite all this, the regulatory landscape is quickly changing. And since such institutions generate millions in revenue, traditionally gambling-averse jurisdictions are starting to change their tune.

Vietnam, a country where gambling has been illegal for centuries, is thinking of legalizing sports betting. The Netherlands and Germany legalized online gambling in 2021, following moves by their European neighbors Spain, Italy, UK, Belgium, Switzerland, France, and Denmark. iGaming—a new internet gaming industry—began operating in Ontario, Canada just in April last year.

As similar as these activities may sound, this article considers the key differences between gaming, gambling, and betting, as well as how to comply with regulations in different countries.

Definitions: gaming, betting and gambling

The terms “gaming”, “betting” and “gambling” are often used as synonyms and they’re all regulated the same way. However, there are important differences. So let’s go over the definitions in more detail.

The main difference between all three lies in the degree of certainty and risk.

Gaming” and “gambling” are often used interchangeably, however the former depends on a certain degree of skill (i.e. Poker), whereas the latter is based entirely on games of chance (i.e. roulette and other online casino games).  

Suggested read: The 6 Most Popular Forms of Money Laundering in Casinos

Betting can involve strategic prediction of real-life events supported by data and research. The most common examples are bets on sporting events, reality shows and elections.

Crypto gambling is a type of online gambling that uses virtual currencies as a means of payment. The benefits of this method include the additional security offered by blockchain technology, and the ability for players to instantly withdraw money from their accounts, unlike in traditional online casinos.

Suggested read: Crypto Gambling Regulations in the US, UK, and Canada

Sumsub prepared a KYC guide for the gaming industry in the USA and Canada to help businesses understand the gaming laws in these countries and optimize their verification flows. You will learn how to combat fraud, build proper verification processes, screen users for money laundering, and maintain high conversion rates:

Why an Anti-Money Laundering (AML) program is a top priority for these industries

Gambling, gaming, and betting have always been attractive for illegal funds. 

In 2009, the Financial Action Task Force (FATF) revised its Recommendations to  further increase AML obligations for casinos. As a result, FATF member countries have strengthened the regulatory landscape for casinos, bookmakers, etc.

To comply, an appropriate AML program is essential. Its purpose is to prevent suspicious customers and transactions from entering the financial system. However, criminals constantly invent sophisticated methods of flying under the radar. Therefore, a truly effective AML program must handle new and complex fraud attempts. Otherwise, businesses expose themselves to financial and reputational losses.

Suggested read: 6 Key Components of an AML Compliance Program

Fundamental AML compliance in betting

Although AML laws are the same for online casinos and betting apps , betting still has its own specifics, and the chances of coming across money laundering are high.

Money laundering in betting takes the following forms:

  • Criminals leverage low-outcome bets to deposit dirty money and withdraw it as “winnings.” 
  • Money obtained from illegal sources is used to sponsor betting as a leisure activity.
  • Criminals directly invest in/ acquire betting shops. This is what allegedly happened in Bremen, Germany. As a result, the city’s authorities decided to shut down all betting shops.

AML compliance program. To prevent betting businesses from becoming a source of crime and comply with betting regulations, a thorough AML compliance program must be in place. Among other things, it should define how the company detects, assesses, and reports financial crime.  

  • Customer Due Diligence (CDD). Before a customer is allowed to bet, they must go through a Customer Due Diligence check. This involves obtaining the customer’s information to verify their identity, and in some instances their address, to evaluate whether they are involved in any crime.
  • Enhanced Due Diligence (EDD). In cases of higher money laundering risk, companies apply what is known as Enhanced Due Diligence. One of the most vital components of EDD is checking clients’ sources of funds to ensure that they don’t derive from illegal activity. Risk factors can be based on the client’s country, industry, employment type, PEP status, as well as the products or services provided. . This is an extra layer of risk management that involves ongoing due diligence checks on customers and scrutiny of their transactions.
  • Independent AML audits. Such audits allow businesses to detect deficiencies and failures in their AML strategies, correcting them before regulatory inspections. 

Suggested read: What Makes an AML Compliance Program Effective

Fundamental AML compliance in online casinos

Gambling operators must comply with laws and regulations aimed at preventing casino money laundering and terrorist financing (ML/FT). This is an especially vulnerable industry due to its high-risk nature, and online casinos often commit painful mistakes resulting in huge fines.

Suggested read: Casino Compliance: 6 Common Mistakes and How to Avoid Them

Let’s discuss what casino firms can do to safeguard themselves:

AML compliance program. Online casinos must develop their own compliance programs aimed at fraud prevention. Such programs must define how the company detects, analyzes, and reports criminal incidents such as gambling money laundering and fraud attempts. There is no one-size-fits-all compliance regime, so each online casino must develop one in accordance with the specifics of their business.

Like in betting, a reliable AML compliance program should include:

  • Customer Due Diligence (CDD) involves gathering basic information about the client (such as their name, address, and date of birth) and verifying it through a reliable source. Online casinos also have to check users (or “gamblers”) against databases containing Politically Exposed Persons (PEPs), sanctioned and blocklisted individuals, as well as adverse media.
  • Enhanced Due Diligence (EDD) is a more sophisticated check needed in the event that a client poses a high risk of money laundering. Online casinos, however, are almost always required to perform EDD given the high ML risks associated with the sector. EDD includes verification of source of funds (SoF) documents, which include debit/credit cards, bank statements, savings accounts, recent paychecks, etc. The types of accepted SoF documents can vary from casino to casino.
  • Employee training. If your team is not fully aware of AML-related red flags, even automated prevention tools won’t necessarily keep you safe. Therefore, online casinos must provide necessary training to their compliance officers, including annual refresher courses. Compliance teams must also be aware of the general requirements (such verifying SoF) as well as risk tolerances specific to their casinos.
  • Reporting. To avoid breaking the law, operators should always report instances of known or suspected money laundering and terrorist financing. Moreover, operators should be aware that there is no minimum financial threshold for reporting these activities.
  • Ongoing customer monitoring. Monitoring helps gambling operators see the big picture about  the customer, their business, and risk profile, including sources of funds if necessary. It pays to know your customer, as it’s not always at the registration stage when fraudsters or money launderers show their true selves.
  • Independent AML audits. Independent auditors should audit AML compliance programs to measure their efficiency and avoid possible regulatory fines. Such audits help businesses to detect their AML failures and correct them before regulatory inspections. Thus, companies can be protected from high regulatory fines.
  • Money lending prevention measures. In the UK, licensed casinos take appropriate measures to prevent organized money lending between customers on their premises. If detected money lending appears to be commercial and/or connected to ML activity, online casinos must be prepared to report such cases to the Gambling Commission.
  • Record Keeping. Record keeping and reporting are fundamental building blocks of Anti-Money Laundering (AML) compliance. With the onset of complex financial crimes, compliance professionals must have a system in place to keep track of all transactions.

The UK Gambling Commission has recently made onboarding and verification of clients even stricter. Without successful verification, casinos can neither allow users to deposit money, nor grant them access to free-to-play games, free bets, or bonuses.

Fundamental gambling/casino KYC requirements

In most jurisdictions online casinos are obliged to conduct a Know Your Customer (KYC) procedure as part of the local AML regulations. KYC requirements for casinos differ from one jurisdiction to another, but usually they include the following:

  • Verifying the identity of customers
  • Verifying the source of funds
  • Understanding the nature of customer relationships
  • Developing risk profiles
  • Monitoring transactions
  • Reporting suspicious transactions, when applicable
  • Developing a solid AML program

Suggested read: KYC for Gambling: What It Is and Why It’s Crucial

Suggested read: KYC Guide for the Gaming industry: US and Canada

Responsible gambling guidelines—from underage gambling to marketing ethics

Gambling is only fun when done sensibly; otherwise, it becomes dangerous. To make sure gamblers and gamers are not at risk, regulators demand that online casinos and betting shops keep up with responsible gambling requirements. 

This also concerns video games. In 2019 video game firms faced the risk of prosecution in the UK over gambling by children, with such products as skins and loot boxes in Counter-Strike and Call of Duty. Skins are in-game items that can be won in the game, while loot boxes invite players to pay a certain amount for a mystery reward. Such items aren’t defined as gambling under English law, due to the fact that the in-game items cannot be exchanged for cash within the game. However,  they can still be bought and traded with real money on other sites, and acquiring them may involve an element of chance, similar to placing a bet. The UK’s Gambling Commission said it is prepared to regulate this when the proper legislation is introduced.

Preventing of underage gambling

According to the UK’s Gambling Act 2005, it is illegal to permit any person under the age of 18 to enter a licensed gambling premises. Yet, a 2019 study conducted by GambleAware and the University of Bristol shows that 50% of 17-year-olds living in the UK are gambling on a regular basis. To protect themselves from underage gamblers and related regulatory fines, online casinos must ensure that new players submit their official IDs for verification to comply with casino KYC requirements.

The legal age for gambling varies across countries; most set it at 18, while in Greece and in most US states it’s 21. In Malta, the age is much higher, at 25 for locals. While Portugal has complicated laws, with different age requirements depending on the institution.

Controls for detecting problematic gambling behavior

An important aspect of responsible gambling is being able to stop damaging behavior before it seriously affects a player. Therefore, online casinos have to be on the lookout for warning signs. This means implementing three specific measures for detecting gambling addiction.

  1. Screening for self-excluded individuals. When onboarding players, online casinos must check if their names appear on self-excluded lists. If so, the casino must bar them from entry. Self-excluded lists may be specific to one casino or be part of broader, national self-restriction scheme, such as GAMESTOP in the UK.
  2. Ongoing monitoring and addictive gambling triggers. Detecting the signs of gambling addiction is an ongoing process, lasting throughout the customer lifecycle. Addictive behavior can manifest itself on multiple occasions, such as when players chase losses, play high stakes, or show erratic gambling patterns. Once problematic behavior is detected, online casinos must restrict the affected player from their service and, ideally, direct them towards help.
  3. Identify vulnerable clients based on pre-defined criteria such as age, financial ability, number of dependents, and gambling history showing signs of addiction and destructive behavior, subjecting them to increased monitoring.
  4. Source of funds (SoF) verification. When checking sources of funds/wealth for casino AML compliance, casinos must analyze whether players display behavioral patterns associated with problem gambling. For example, a warning sign could be when a person spends €3k ($3.1k) every month, while earning only €2k ($2.1k).

Special measures to prevent addiction

Casinos should have special programs to enable players to protect themselves 

  • Access limiting. Users can restrict their gambling activity to the amount of hours they consider appropriate.
  • Activity alerts. Notify users if they have been playing for too long. What’s considered ‘too long’ is also determined by the player. Some countries, like Sweden, make these alerts mandatory for all players.
  • Deposit limits. Players put a certain limit on their deposit amounts in order to stick to their budgets and avoid overspending.
  • Time-outs. Users have the option to put their accounts on temporary hiatus for an amount of time that works best for them.
  • Nationwide self-exclusion. Users enter their name onto a national self-exclusion list to block themselves from accessing any gambling website in their country. In the UK, for instance, all online casinos are required to have GAMESTOP membership.
  • Provide reality checks through pop-up reminders
  • Display information about support organizations for players adversely affected by gambling.
  • Permanent self-exclusion. Players can block themselves from an online casino forever and irreversibly, requesting to cease any contact and no longer receive marketing promotions.
  • Monitor marketing communications to prevent potential players from being influenced by aggressive and/or misleading marketing material that may be promising profits while disguising the risks of gambling.

There are many more initiatives that countries can take to protect their nationals. Denmark, for example, requires all online gamblers to pass an online test revealing if they are addicted to gambling.

During the COVID-19 pandemic, regulatory measures have toughened worldwide in a bid to further protect problem gamblers. For instance, Sweden imposed a weekly deposit limit of 5k SEK ($493) and the UK issued strengthened its guidance in response to data showing that players are spending more of their time and money on gambling.

Ethical marketing

Online casinos must avoid targeting vulnerable groups, such as children, teenagers, or self-excluded players.Thus, public advertising near schools, playgrounds or any other places that are usually visited by children must be avoided at all costs. Similarly, gambling can’t be normalized through sponsorship of sports or any other medium that could be associated with youth culture.

These marketing restrictions can also affect the timing of casino advertisements. For example, new rules for online gambling platforms in Germany forbid ads between 6 am and 9 pm. The UK is also ready to introduce curbs on advertising, given findings that 96% of 11-24 year olds in the UK had been exposed to gambling ads in February 2020, leading them to place bets soon after.

Problem gambling awareness

In September 2020, the UK made it mandatory to teach students about online gambling risks at school. The same is expected of online casinos, who must educate users on the dangers of gambling through videos, blog posts, webinars, and other initiatives aimed at raising gambling addiction awareness.

Key security standards and practices

Fraud has become a real menace for the gambling industry, with schemes like bonus hunting, multi-accounting, account takeovers and illicit chargebacks on the rise.

Sumsub is here to help.

With this guide, you’ll be able to:

  • build a proper KYC process in the EU and UK,
  • screen customers for money laundering,
  • enforce age verification requirements without slowing down the onboarding process.

Online casinos already have to deal with criminals attempting to steal unprotected data. Worse yet, data can be leaked due to poor management and frequent turnover of staff. That’s why online casinos must implement appropriate controls aimed at protecting players from unnecessary risk.

1) Information Security Management System (ISMS)

An Information Security Management System (ISMS) is a set of procedures to systematically manage a company’s sensitive data. The goal of an ISMS is to reduce risk and ensure business continuity by preemptively limiting the impact of a security breach.

In most online gaming jurisdictions, information security requirements are based on the ISO/IEC 27001:2013 standard, which specifies the requirements for establishing, implementing, and improving an ISMS within the entity.

ISO/IEC 27001:2013 lies at the heart of an Information Security Management System, since its main focus lies on the integrity, availability and confidentiality of sensitive company information. At the same time it covers information backup, along with access control, disaster recovery, incident management procedures, the security of the software cycle and network security controls, and security in supplier relationships. ISMS helps gambling and betting operators minimize security breaches and cyber attacks while reducing the costs associated with keeping information safe. If online casinos are ISO/IEC 27001 certified, jurisdictions such as Colombia, Denmark, Great Britain, the Czech Republic, Greece, Portugal, Romania, Spain, Sweden and Switzerland waive certain security auditing requirements if the company decides to operate abroad. 

2) Data processing responsibilities

Falling under the scope of digital service providers, online casinos must comply with certain data protection principles. Therefore, online casinos have to ensure players understand that their data is going to be processed and, in the case of suspected illegality, potentially shared. To stay compliant, casinos have to acquire explicit consent from players before onboarding them. The same goes for acquiring consent from players prior to sending them any marketing materials—something that the gambling sector is often blamed for neglecting.

3) Data Security Standards

Because online casinos process sensitive customer information, such as credit/debit card details, they have to monitor for security breaches, analyze criminal attacks, and identify potential vulnerabilities. It’s essential to conduct penetration tests at least twice a year in order to identify weaknesses and blindspots. Remember that, if there is a security breach, online casinos may be liable for any resulting damages, depending on applicable data protection regulations.

Based on what we observe, online casinos shouldn’t expect regulations to loosen in the near future. On the contrary, more countries are seeking to develop a more tightly regulated online casino industry, with the aim of protecting vulnerable users from problem gambling. So the best move would be to stay on top of these shifting regulatory demands and be ready for whatever comes next.

Regulations around the globe

As gambling regulations get stricter, some businesses consider moving to more “tolerant” jurisdictions. Other businesses choose the opposite route, moving to more reputable regions to attract more customers.We’ve broken down several popular betting jurisdictions below:

  • The US

    In 2018, the US government struck down the Professional and Amateur Sports Protection Act. Now each state can decide whether to make betting legal in its territory.

    Gambling regulation: The Unlawful Internet Gambling Enforcement Act and The Interstate Wire Act.

    Authority: Each state where gambling is legal has its own regulator. FinCEN supervises AML compliance in all sectors, including betting.

    Age restriction: 21 years (in majority of states).

    Overview: Since 2018, roughly 30 states have legalized sports betting, including 21 that allow online betting. Permitted forms of betting vary from state to state. For instance, in New York, you can only offer land-based betting services. See the list of allowed betting services and requirements by state here. Necessary responsible gambling measures also differ from state to state, with self-exclusion tools being the most common.

    When sports betting became legal in many states, regulation got much stricter. Nevertheless, the US is a promising place to open a sportsbook. At present, Americans illegally wage more than $150bn a year on sports, so the recent legalization of betting makes it possible for bookmakers to tap into this market. 

    Check out Sumsub’s KYC guide for the gaming industry in the USA and Canada.

  • Australia

    Australia is a reputable gambling jurisdiction with strict compliance requirements. All states and territories of Australia have their own gambling regulations.

    Gambling regulation: All states and territories of Australia have their own gambling regulations. Gambling, including poker machines, casinos, lotteries and online gambling is administered by State and Territory regulators.

    Authority: The Australian Communications & Media Authority (online betting).

    AML Regulator: Australian Transaction Reports and Analysis Centre (AUSTRAC)

    Age restriction: 18 years.

    Overview: Since there is no single regulator for land-based gambling, the difference in terminology between betting and gambling, as well as different requirements, vary from state to state. The law known as the Interactive Gambling Act prohibits online gambling but allows online betting.

    Bookmakers need a state-issued license to operate in Australia. You can consider Australia if you want to run a company in a very reputable region where people are highly engaged in betting.

    AML-obliged activities: 

    • Betting accounts and services
    • Exchanging gaming chips, tokens or currency
    • Paying out winnings, or awarding a prize, in respect of a game or bet
    • Games of chance, or a mix of chance and skill that are played for money (not including lotteries, raffles or bingo games)

  • Gibraltar

    Gibraltar is one of the most popular and well-established gambling jurisdictions Some of the most popular gambling operators, such as Ladbrokes and Betfair, are based there.

    Gambling regulation: The Gambling Act.

    Authority: The Gibraltar Regulatory Authority.

    Age restriction: 18 years.

    Overview: Gambling in Gibraltar includes betting, gaming (casinos, etc.), and lotteries. The territory is one of the most reputable betting jurisdictions with a well-developed infrastructure for remote betting and gambling. Also, Gibraltar offers low taxes and no VAT charges. All these factors make Gibraltar an attractive spot for gaming and betting operators. 

    Gibraltar-licensed bookmakers can provide remote services globally. Previously, the Licensing Authority had only considered licensing blue chip businesses with a proven track record in gambling in other jurisdictions. However, the jurisdiction currently considers licensing of appropriately funded start-ups. Gibraltar also proposes that gaming/betting businesses and startups relocate fully or partially to its jurisdiction.

    The Anti-Money Laundering Code of Practice is an “interpretive guidance” to the Gibraltar gambling industry in respect of the requirements of the Gambling Act, the Gibraltar Proceeds of Crime Act, and the EU Anti-Money Laundering Directives. This Code applies to all financial transactions associated with defined gambling activities undertaken under the authority of a Gibraltar remote gambling license.

  • The UK

    The UK is famous for its strict requirements, transparency, and thorough protection of vulnerable gamblers.

    Gambling regulation: The Gambling Act

    Authority: The UK Gambling Commission.

    Age restriction: 18 years.

    Overview: The Gambling Act divides gambling into gaming, betting, and lottery. All gambling operators, including offshore bookmakers, must obtain a local license. Starting from April 2020, UK citizens will not be able to use credit cards to wage bets, since credit cards pose a financial risk to problem gamblers, allowing them to spend more than they can afford.

    The UK is known for its high AML compliance standards and well-developed responsible gambling policies. Therefore, you can consider the UK if you are not afraid of strict requirements and huge penalties for non-compliance. The benefit is that you’ll be  operating  in one of the most globally recognized gambling jurisdictions.

  • The European Union (EU)

    Gambling regulation: There is no single gambling regulation in the EU, but 4th , 5th and 6th Anti-Money Laundering Directives (AMLD) prescribes AML requirements for all financial institutions throughout the Union.

    Authority: Every country within the EU has its own regulator. Organizations are not obliged to join the European Gaming and Betting Association, but it is still quite a respectable entity that promotes AML compliance and safe gambling.

    Age restriction: 18 years (in most countries).

    Overview: The Directives unite all gambling, betting, and other similar activities under the term “gambling”. The so-called 4AMLD, 5AMLD and 6AMLD are now in force. While the Directives are a common regulation for all European countries, each country has  local AML regulation that aligns with the Directives.

    Jurisdictions within the EU vary significantly in terms of reputation and affordability. Some of them make it easy to obtain a license, while others, like Malta, have more costly but more reputable licenses.

  • Malta

    Malta is a prestigious betting and gambling jurisdiction.

    Gambling regulation: The Gaming Act.

    Authority: The Malta Gaming Authority.

    Age restriction: 25 years (locals), 18 years (foreigners).

    Overview: In Malta, the term “game” in reference to gambling. The term encompasses two types of games: a game of chance (an activity with an outcome determined by chance), and a game of skill (an activity with an outcome determined by the use of skill). Betting belongs to games of chance.

    Malta is famous for its secure business environment, high AML standards, and strong player protection. Therefore, requirements for a Maltese license are quite strict and include several independent compliance audits. You can consider Malta if you want to operate in one of the most established gambling jurisdictions.

  • Cyprus

    Both gambling and betting are legal in Cyprus. However, when it comes to online gambling, only remote betting is allowed, while other forms are prohibited.

    Authority: The National Betting Authority (NBA).

    AML Regulator: CySEC

    Age restriction: 18 years.

    Overview: Gambling (casino, poker, etc.) and betting (wagers on sporting and other events) are regulated separately in Cyprus. The Betting Law supervises online and offline betting, requiring companies to not only obtain a local license, but also open an office in Cyprus in order to offer betting services in the country. Also, all applicants are required to have a paid-up capital of at least €500k ($515k). This way, the country’s government ensures that only established businesses enter the market. 

  • Curaçao

    Curaçao is among the most attractive jurisdictions for bookmakers. The island is famous for low gambling taxes (only 2%, no VAT) and simple license application process.

    Gambling regulation: Remote gaming is regulated by the National Ordinance Offshore Games of Hazards, while non-remote services are regulated by the National Ordinance Curaçao Casino Sector.

    Authority: The Curaçao Gaming Control Board (GCB).

    Age restriction: 18 years.

    Overview: In Curaçao, betting and gambling are united under the term “gaming”, with both online and offline gaming being legal. A company can obtain just one all-inclusive license for all gambling and betting services. The GCB encourages operators to adopt measures for responsible gambling compliance, but it is more a recommendation than a requirement, and no fines are imposed.

    Both Malta and Curaçao are popular targets for bookmakers that want to offer remote services all around the world. However, since so many companies can easily set up in Curaçao, its license is not as reputable as a Maltese license. What’s more, many European countries prohibit Curaçao-licensed operators from offering services to their citizens.

  • Costa Rica

    Costa Rica is well-known among bookmakers for its rather lenient gambling laws.

    Gambling regulation: There is no law or government body that supervises gambling in Costa Rica.

    Overview: Gambling regulations in Costa Rica can be considered convenient, with online gambling not being regulated at all. Since there are no gambling laws, gambling and betting are not separated. Offering gambling and betting services to the locals is prohibited, but companies can provide remote services for residents of other countries. The authorities do not monitor remote bookmakers for AML or KYC gambling compliance, let alone responsible gambling.

    In Costa Rica, there is no such thing as a gambling license. If you want to provide betting or gambling, you just need an ordinary business license. No one checks the applicant’s background or gambling software.

Countries where gambling is prohibited

While gambling is allowed in most countries, there are still regions where gaming activities are completely prohibited. The reasons behind this vary from social, to political, to cultural aspects. For example, in Kosovo and Cuba, the ban was introduced in order to confront organized crime and corruption. 

Here we provide the list of countries where gaming is officially banned. 

  • North America


    Before 1959, Cuba was known as a major destinations for tourists wishing to gamble. However, after Fidel Castro came to power, he banned all forms of gambling. As a result, no company can enter the Cuban market.


    While gambling is legal in the US, Hawaii remains the only state with a complete prohibition. The ban was introduced in the 19th century and hasn’t been lifted since. There were many attempts to reintroduce gambling to the state, making some forms of gambling legal. However, each time they were met with strong opposition. The main reason is the fear of the increasing crime and addiction that may come with gaming.

  • Africa


    The main reason behind gambling prohibition in Algeria is religion, as the country’s constitution declares Islam as the state religion. Both online and on-site gambling are banned, in addition to all forms of betting. Therefore, the country doesn’t authorize any casinos or gambling websites. It should be noted that Algeria isn’t the only country in Africa that prohibits gambling due to religious reasons. Other countries on the continent include Eritrea, Libya, Mauritrea, Somalia, and Sudan.

  • Europe


    Kosovo is the only country in Europe that has completely banned all forms of gambling. The law was introduced in 2019 by Prime Minister Ramush Haradinaj. His objective was to eradicate crime that often took place through casinos. Before that, gambling was a vital part of the country’s economy. The prohibition will be in force until 2029.

  • Asia

    UAE (West Asia/Middle East)

    The country follows the Islamic law, according to which gambling is forbidden. The penalty for participating in such activities can lead to two years in jail and a fine for up to 50,000 AED (approximately $13,612). Organizing gambling activities can lead to 10 years of prison and 100,000 AED (approximately $27,226).

    While such strict regulations have been present for decades, the last year has shown a clear shift in the country’s gaming regulations. In 2023, the UAE introduced a new regulatory body called the General Commercial Gaming Regulatory Authority (GCGRA), which is supposed to oversee all types of commercial gaming. This step signals changes to come in the UAE’s longstanding position on gaming over the next few years.

    The UAE isn’t the only country that banned gambling due to religious reasons. Other countries that have done so in the region include Afghanistan, Brunei, Bahrain, Malaysia (certain practices allowed for tourists), Maldives, Pakistan, Qatar, Saudi Arabia, and Syria. Thailand also bans gambling as part of its Buddhist values; however, the country allows state-run lotteries and horse race betting.


    All forms of gambling have been banned in China since 1949. The only exceptions include state-approved lottery games. Yet, there are special administrative regions in Macau and Hong-Kong which permit land-based gambling. This attracts many customers both from China and other countries, making them some of the biggest gambling havens in the world.

  • Oceania

    The majority of Oceania, including New Zealand and Australia, allow gambling. The only two exceptions are Marshall Islands and Tokelau. The Marshall Islands, however, does allow non-profit organizations to practice bingo, raffles, and cakewalks.

It’s clear that some countries still prefer to prohibit gambling instead of creating a comprehensive set of regulations to allow citizens to safely practice such activities. If you want to learn more about the current regulatory framework in the UAE and get updated on major gambling changes in the country, check out our complete guide on the topic

Yet, as we can see in the United Arab Emirates, which is taking steps to allow some form of gaming activities, the situation might change in these regions. 

Regardless of the jurisdiction you choose, it’s always advisable to stay KYC & AML compliant. More customers will be attracted to your company if they know you’ll protect them from gambling addiction and won’t use their money for illegal activities.

Suggested read: Top 10 Countries Where Casinos and Gambling are Legal.


  • What is gaming compliance?

    Gaming AML compliance is a set of procedures and controls gaming providers develop to prevent and combat money laundering, terrorist financing and other financial crimes. This usually includes KYC, which falls into the CDD program required by the regulators. It can also include transaction monitoring and a number of other procedures (like record keeping and suspicious activity reports), depending on the jurisdiction.

  • What is casino compliance?

    Casino compliance is a set of procedures and controls an online or offline casino develops to prevent and combat ML/TF. This usually includes KYC as part of the CDD program required by the regulators, and a number of other procedures (like record keeping and suspicious activity reports), depending on the jurisdiction.

  • Are bookmakers AML regulated?

    Yes. In most jurisdictions bookmakers are AML regulated and have to follow AML legal requirements.

  • What are the red flags for casino AML?

    • Transactions inconsistent with the customer’s profile

    • Depositing multiple amounts of cash and receiving multiple checks drawn on that account

    • Multiple individuals sending funds to one beneficiary

    • Checks issued to a family member of a gambler

    • Funds transferred into third-party accounts

    Details are available in this article.

Looking for a tailored solution to KYC/AML compliance, age verification, and source of funds checks? Onboard new players with bank-grade security and in compliance with the latest regulatory guidelines using Sumsub. Get a free demo today.

AMLFraud PreventionGamingKYCRegulatory Compliance