Isle of Man GSC updates AML/CFT guidance

Operators on the Isle of Man now face updated and clarified AML/CFT expectations. The Gambling Supervision Commission (GSC) has published new guidance aimed specifically at licence-holders with Network Services Permissions, detailing anti-money laundering, terrorist-financing and proliferation-financing controls. As a gambling-industry regulation specialist, I believe this guidance is pivotal – it closes ambiguity in the network-services space and reinforces the Isle of Man’s status as a top-tier regulated jurisdiction. Read on—I’ll break down the essentials, offer my analytical take and discuss what operators should prioritise now. Key Points

• The GSC released enhanced AML/CFT guidance specifically tailored for licence-holders with Network Services Permissions.
• The guidance covers due-diligence, risk-based approaches, record-keeping, monitoring and third-party relationships in the network-services environment.
• Network-services permissions allow one licence-holder to host or provide infrastructure to other licensed operators—raising unique AML risks.
• The document aligns with the island’s Proceeds of Crime Act 2008, the Anti-Terrorism and Crime Act 2003, and the Gambling (AML-CFT) Code 2019.
• The update reinforces the Isle of Man’s commitment to international AML/CFT standards, including FATF and MONEYVAL frameworks.

Isle of Man GSC Issues New AML/CFT Guidance for Network Services – Clarity at Last

From the vantage of someone tracking gambling regulation, the GSC’s new guidance for network-services permissions is a smart move—and long overdue in some respects. Let me explain why.

Why the Focus on Network Services?

The gambling sector’s infrastructure has grown more complex. Traditional operators were once just “site licence-holders.” Now, many firms operate as hosts or platforms that serve multiple operators. Under a network services model, one licence-holder provides the core infrastructure, software or platform for other operators. This structure introduces layered risks. For example, the host may have little direct relationship with end-players, yet is responsible for infrastructure, data flows and connectivity. Without clear AML/CFT controls, poor host diligence can create blind spots.

What the Guidance Adds

According to the GSC’s published documents, the guidance for network services covers:

• A clear risk-based approach, requiring licence-holders to identify, assess and mitigate risks tied to their network-services role—both upstream and downstream.
• Due diligence on third-party partners, sub-operators or clients that access the platform. Licence-holders must understand who they host, their jurisdictions and AML histories.
• Suspicious transaction monitoring and reporting obligations—even for network-service hosts who may not take player stakes directly. The GSC emphasises that hosting does not exempt you from AML compliance.
• Record-keeping and audit trails of platform services, hosting contracts, data flows, funds transfers and player–agent relationships.
• Ongoing monitoring of hosted clients, periodic reviews of risk profiles and adjustment of AML/CFT controls as part of a living compliance regime.
• Alignment with manx-legislation such as the Proceeds of Crime Act and the Anti-Terrorism and Crime Act, ensuring host infrastructure can’t become a conduit for illicit funds or proliferation activity.

Why It Matters for Operators

Since many UK/European operators and software suppliers choose the Isle of Man for its regulatory reputation and UK-white-list standing, the enhanced clarity is commercially significant. In my view:

1. Compliant infrastructure becomes a selling point. If you host your platform on the Isle of Man under clear AML/CFT terms, you can leverage that across markets.
2. Inspection readiness improves. The GSC has emphasised that inspections increasingly focus on suppliers and hosts, not just operator front-ends.
3. Cross-jurisdiction risk is better managed. Operators using hosted services linked to multiple jurisdictions must ensure their AML chain is intact; this guidance helps.
4. Regulators value transparency. The GSC’s clearer expectations reduce ambiguity and thereby reduce licence-holder risk of enforcement for “unknown unknowns.”

My Analytical Take

In my professional opinion, this update underscores how the regulatory landscape is evolving: the supply chain is under the microscope. Regulators formerly focused on operators and player protection—now they look at platforms, hosting, sub-licensing models and the entire ecosystem. For the Isle of Man, the guidance strengthens its reputation as a high-quality jurisdiction. The island has already implemented technology tools like the STRIX system to enhance AML/CFT supervision. From an operational viewpoint, if you are a network-services licence-holder—or you rely on one—you should review your AML/CFT risk assessment, update your training programmes, ensure due-diligence of all clients, and ensure you have visibility over all funds and data flows passing via your infrastructure. The GSC’s new guidance for operators with Network Services Permissions clarifies AML and CFT expectations in the Isle of Man gambling ecosystem. It emphasises that hosting infrastructure does not exempt firms from anti-money laundering, terrorist-financing or proliferation-financing responsibilities. From my perspective, this is a strong signal: suppliers, hosts and infrastructure providers must adopt the same rigour traditionally applied to operators. The Isle of Man has once again raised the bar—and those in the supply chain would do well to follow. Tags: IsleOfManGambling, GSCAML, NetworkServicesPermissions, OnlineGamblingRegulation, AMLCFTGuidance

📢 Join the Conversation!

Want to share your thoughts or ask questions about our latest articles? Stay connected and be part of the discussion by joining our Telegram and WhatsApp channels!

🔹 Get real-time updates
🔹 Share insights with industry peers
🔹 Ask questions & get expert answers

👉 Join us on Telegram 👉 Join us on WhatsApp

Let’s keep the conversation going!