Two online operators given substantial penalty packages following second licence reviews by Gambling Commission

United Kingdom

The Gambling Commission (the “Commission”) recently announced that it has taken further regulatory action against gambling operators Casumo Services Limited (“Casumo”) and InTouch Games Limited (“InTouch”), with both operators being required to undergo extensive auditing and pay multi-million pound fines. Between the two companies the fines total £9.405 million and come as a result of the Commission’s findings that they each failed to put in place effective safeguards to prevent money laundering and to keep consumers safe from gambling related harm.

Both Casumo and InTouch were subject to similar enforcement action in 2018 and 2019, respectively, and so this was the second time that each company’s operating licence has been subject to review by the Commission. The Commission determined that each operator was in breach of the Licence Conditions and Codes of Practice (“LCCP”) following both the first and second reviews, and with a number of repeated social responsibility (“SR”) and anti-money laundering failings (“AML”).


Following a review by the Commission into its remote operating licence in 2018, the Malta-based online gambling firm was found to have breached the social responsibility code provisions (“SRCP”) and AML measures in the Commission’s LCCP. As a result of the failings, Casumo was ordered to pay a financial penalty of £5.85 million, additional conditions were imposed on its remote operating licence and it was also issued with a warning in respect of the breaches. Our report on the Commission’s sanctions in 2018 is accessible here.

On 25 March 2021 the Commission announced that a further review of Casumo’s operating licence, undertaken between October 2019 and January 2020, had again revealed SR and AML failings. These breaches are as follows:

  • Social responsibility breaches

  • SRCP 3.4.1(e) and 3.4.1(1) and (2)

    The Commission determined that Casumo had failed to implement policies and procedures for customer interaction where it had concerns that a customer’s activity exhibited signs of problem gambling, particularly in respect of ‘VIP’ customers. In addition, Casumo failed to take into account the Commission’s guidance on customer interaction. This resulted in a number of customers losing significant amounts of money without being subject to a responsible gambling interaction (including one customer losing £1.1 million over three years without an interaction). Other players who did not receive an interaction included one who lost £65,000 in a month, another who lost £89,000 in a five-hour period and a further customer who lost £59,000 in 90 minutes.

  • Anti-money laundering breaches

  • Licence Conditions 12.1.1 (2) and (3) and 12.1.2

    The Commission found Casumo failed to implement its AML and terrorist financing policies effectively, they were not revised appropriately to ensure they remained effective, and they did not take into account guidance published by the Commission. As well as that, the Commission determined that Casumo had failed to comply with the Money Laundering Regulations 2017. In particular, the Commission highlighted that Casumo: (i) allowed customers to deposit significant sums of money without sufficient AML checks, (ii) failed to carry out adequate checks to ensure documents were authentic, (iii) carried out insufficient source of funds checks as payslips were not corroborated with bank statements and (iv) did not implement internal spending limits for customers based on their known income, wealth or other factors.

As a result of the findings, the Commission sanctioned Casumo as follows:

  • a financial penalty was imposed in the sum of £6.005 million;

  • a new condition was attached to Casumo’s operating licence that requires it to carry out an independent audit to ensure it has effectively implemented its new policies, procedures and controls in compliance with the LCCP; and

  • Casumo was given an official warning.

InTouch Games

Following a review of InTouch’s operating licence, which commenced on 16 April 2018, the Commission announced in May 2019 that it had sanctioned the operator for failing to put in place effective safeguards to prevent money laundering and keep consumers safe from gambling harm.

InTouch and the Commission reached a regulatory settlement for the various AML and SR breaches, which consisted of a payment of £2.2 million in lieu of a financial penalty, which was donated to a gambling harm related charity; InTouch’s agreement that the Commission publish a statement of facts; and payment of £14,565 towards the Commission’s costs.

On 17 March 2021, it was announced that the Commission had carried out a second review of InTouch’s remote operating licence and sanctioned the operator for further AML and SR breaches:

  • Social responsibility breaches

  • SCRP 3.1.1 and 3.4.1

    An operator must implement policies and procedures to promote socially responsible gambling and interact with customers to prevent gambling related harms. InTouch’s SR policies and procedures were found to be lacking in both these respects, as:

    1. the company’s responsible gambling interaction guidance stated that a bonus may be offered if a customer provides identification;

    2. the investigation revealed customer interaction procedures were inadequate and the operator’s policies were not followed for seven customers whose activity the company recognised showed signs of problem gambling; and

    3. in respect of those same seven customers, the company did not use all sources of information to ensure effective decision making and deliver effective interactions, in particular the Commission stated that if the company’s policy was followed then it should have considered placing mandatory limits on customer accounts.

  • Anti-money laundering breaches

  • Licence Conditions 12.1.1 (1) and (3) and 12.1.2

    InTouch had failed to conduct an appropriate money laundering and terrorist financing risk assessment for its business and in particular, it did not take into account the risk of allowing customers to use payment providers which also act as an exchange for crypto-currencies. The Commission also found that the company’s AML and terrorist financing policies and procedures were not implemented effectively as they (i) neglected to conduct appropriate levels of enhanced due diligence for customers and (ii) carried out inadequate reviews of source of funds information.

  • Fair licence practices and marketing breaches

  • Licence Condition 7.1.1 (1) and (2) and SCRP 5.1.9

    The terms on which gambling is offered and any notices to consumers must be fair and transparent and additionally, operators must ensure that any marketing communications or adverts must not be misleading. The Commission found InTouch to be in breach of these provisions as its investigation revealed the operator had omitted the minimum and maximum deposits in an offer’s terms and in addition did not state the time limit for which the bonus offer could be claimed.

As a result of the investigation, the Commission:

  • issued InTouch with a formal warning;

  • imposed a financial penalty of £3.4 million; and

  • similarly to Casumo, required InTouch to carry out an audit to ensure full compliance with the LCCP as part of a new licence condition.


These two cases are further examples of the Commission’s increasingly tough approach to enforcement and are illustrative of its focus on high financial penalties and extensive auditing, particularly where there are systemic or repeated failings.

These cases are not the first instances of an operator facing a second licence review. Noteworthy previous examples include a £5.9 million regulatory settlement with Ladbrokes Coral in July 2019 and a £13 million regulatory settlement with Caesars Entertainment in April 2020. The Commission has said that although some operators have improved their SR policies and customer interaction processes, it is still finding that operators are not taking appropriate action or acting quickly enough on spotting potential harm to a customer.

Richard Watson, the Commission’s Executive Director, said in respect of InTouch’s sanctions: “Through our challenging compliance and enforcement activity we will continue our work to raise standards in the industry and continue to hold failing operators to account.” This signals that where there are operators who repeatedly fail to comply, the Commission will take action and, as in these two cases, impose onerous fines. As set out by the “Statement of principles for determining financial penalties”, the Commission considers repeated failures by operators when determining the appropriate financial penalty.

This sends a clear message to operators that they should be diligent in updating, maintaining and actively enforcing their policies and processes if they want to avoid being faced with sanctions and additional licence conditions. Operators must treat this as an ongoing process to ensure they keep pace with the Commission’s new guidance and enforcement action.

Co-Authored by Alex Askew