Banks and EMIs scrutinise iGaming AML programmes before approving accounts. Learn exactly what they check and how to prepare a compliant framework.
Opening a business bank account for an online gambling operation is one of the most compliance-heavy processes in financial services. Banks and EMIs do not simply check your licence — they run a detailed review of your Anti-Money Laundering (AML) programme before approving the relationship. Understanding exactly what they scrutinise gives you a decisive advantage at onboarding.
Online gambling sits on virtually every bank's enhanced due diligence list. The reasons are structural: large volumes of small transactions, customers spread across multiple jurisdictions, anonymous or pseudonymous payment methods, and a chronic history of the sector being used for money laundering and fraud.
The Financial Action Task Force (FATF) designates gambling as a high-risk activity in its guidance. Most banking regulators in Europe, the UK, and offshore jurisdictions require institutions to apply Enhanced Due Diligence (EDD) to gambling clients as a minimum. That means a deeper look at your business than any regular SME would receive.
Critically, the bank is not just assessing your risk — it is assessing whether your controls are strong enough that it will not become liable for the laundering that passes through your accounts.
When you approach a bank or EMI, expect a compliance questionnaire alongside a document request list. The core AML documentation typically includes:
Banks will read these documents carefully. Generic templates downloaded from the internet are immediately identifiable and will not pass scrutiny.
Know Your Customer (KYC) is where most iGaming AML programmes are weakest. Banks want to see:
Identity Verification: A defined process for verifying customer identity at account creation — not just collecting documents but actually confirming authenticity. Electronic verification via a regulated provider (such as Onfido, Jumio, or similar) is now standard.
Risk Tiering: Customers must be assigned a risk rating (typically low / medium / high). The triggers for enhanced due diligence on individual players — large deposits, unusual patterns, politically exposed persons — should be clearly defined.
Ongoing Monitoring: KYC is not a one-time event. Banks expect to see processes for periodic review of customer profiles, particularly for high-value players.
PEP and Sanctions Screening: Politically Exposed Persons (PEPs) and sanctioned individuals must be screened at onboarding and on an ongoing basis. You need a named screening provider and a policy for handling hits.
Age Verification: While primarily a licensing requirement, banks also view inadequate age verification as an AML risk indicator.
Banks want evidence that your transaction monitoring system is calibrated for iGaming-specific risks. Key elements they look for:
Rule-Based Alerts: Defined thresholds that trigger investigation — for example, deposits above a certain amount within a rolling period, rapid deposit-withdraw cycles without gameplay, or geographic anomalies.
Behavioural Analytics: More sophisticated programmes use behavioural analytics to detect structuring (deliberately breaking transactions into smaller amounts to avoid thresholds) and other evasion techniques.
Case Management: When an alert fires, there must be a documented process for investigating, escalating, or clearing it. Banks want to see this is actually happening — not just that rules exist on paper.
Dormant Account Controls: Procedures for accounts that go inactive and then suddenly reactivate with large transactions.
Third-Party Payment Risks: If customers can deposit via e-wallets, crypto, or other third parties, the bank needs to see specific controls around the layering risk these methods introduce.
Source of Funds (SoF) and Source of Wealth (SoW) checks are a significant focus for banks evaluating iGaming businesses. These apply at two levels:
For High-Value Players: Your programme must define triggers for requesting SoF/SoW from players — typically when a player's cumulative deposits or losses exceed defined thresholds. Banks want to see that these thresholds are reasonable and enforced.
For the Business Itself: The bank will also want to understand the source of funds used to capitalise your operation. If initial capital came from other business activities, investment, or personal wealth, you need documentation tracing the origin of those funds clearly.
Weaknesses here — particularly absence of player SoF checks or inability to document your own capital — are among the most common reasons iGaming businesses are declined at onboarding.
Banks take governance extremely seriously. An AML programme on paper is only as strong as the people running it. Expect scrutiny on:
MLRO Qualifications: Your Money Laundering Reporting Officer should have demonstrable compliance experience — not just a job title. Banks may ask for a CV. A founder-MLRO with no compliance background is a red flag.
Segregation of Duties: The MLRO should not be reporting to the same person whose transactions they are responsible for reviewing. Independence matters.
Board-Level AML Oversight: There should be documented evidence that your board or senior management reviews AML reports, risk assessments, and SAR statistics at regular intervals.
Training Records: Staff who handle payments or customer accounts should have documented AML training — ideally annual, with a record of completion.
Independent Audit: Mature programmes include an independent AML audit function — either internal or via an external specialist. Banks at the institutional end will increasingly expect this.
Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs) are your statutory obligations, and banks view them as a signal of programme effectiveness.
If you have been operating for any length of time and have filed zero SARs, that is a concern — it suggests either your monitoring is not catching anything, or reports are not being filed when they should be. Banks will ask how many SARs you have filed in the past 12 months.
Conversely, an implausibly high SAR rate suggests poor underlying controls. The bank wants to see a number proportionate to your player base and risk level, with evidence that each report was properly investigated before filing.
Based on the patterns seen when iGaming businesses are declined or asked for extensive remediation:
Banks are reviewing dozens of applications. A well-organised, clearly presented compliance pack materially improves your chances:
Executive Summary: A one-page summary of your AML programme, key metrics (player base, average transaction size, SAR rate), and the name and background of your MLRO. This gives the compliance reviewer immediate context.
Document Index: Provide a clear index so the reviewer can locate each document without searching.
Acknowledge Your Risks: Do not present your business as low risk — every iGaming operator has real AML risks. Demonstrating that you understand and have mitigated those risks is far more persuasive than claiming they do not exist.
Evidence Operational Effectiveness: Where possible, include anonymised examples — a sample monitoring alert and how it was investigated, a sample SoF request sent to a player. Proving the programme is operational, not just documented, is powerful.
Use a Specialist: If your team does not have deep compliance expertise, engaging a specialist iGaming AML consultant to review and present your programme before submission is a worthwhile investment.
Ready to open a compliant bank account for your iGaming operation? Contact our team — we specialise in banking solutions for licensed gambling businesses and can help you prepare a compliance pack that passes muster.
Related Articles
Submit a free pre-approval in 2 minutes. We respond within 24 hours with a realistic outcome.
Get Free Pre-Approval