• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
Impact Professional Services

Impact Professional Services

Pragmatic compliance and risk solutions.

  • Home
  • Services
    • Financial Services
    • E-Gaming Services
    • Compliance and Risk Training
  • Resources
    • Useful Articles
    • In Conversation With…
  • About Us
  • Contact Us
  • IOM Compliance Newsletter

Sustain the Success of Your Online Gambling Business with A Robust Business Risk Assessment

15 August 2024 by Impact Professional Services

Sustain The Success Of Your Online Gambling Business With A Robust Business Risk Assessment Aug 24

Nestled in the heart of the Irish Sea, the Isle of Man has emerged as a powerful launch pad for regulated gaming businesses.

The Island’s journey to becoming a global hub for online gambling and e-gaming has been one of relentless commitment to integrity and innovation, making it a go-to destination for businesses seeking a secure and thriving environment in the digital gaming realm.

A key principle for all regulated businesses should be to learn from past experiences. As long-term compliance experts working with various regulatory bodies, Impact Professional Services often seeks out best practices that can be applied across businesses, regardless of which regulatory body governs them.

In this blog, Nick Wait, Managing Director of Impact Professional Services, looks at key findings from the 2023 Isle of Man Financial Services Authority TSCP Business Risk Assessment Review and how these findings can be applied to businesses regulated by the Isle of Man’s Gambling Supervision Commission (‘GSC’).

What is a Business Risk Assessment and How Does It Help Your Business?

“A Business Risk Assessment (BRA) is a key part of a firm’s compliance and risk management framework to help detect and prevent money laundering and terrorist financing. The BRA needs to be checked regularly to ensure it is still fit for purpose, and it should be continuously reviewed and updated when circumstances change or new risks or threats emerge.” Ian Spence, Head of the IOMFSA AML/CFT Supervision Division.

A BRA ensures that everyone in your business understands the appetite for risk. A well communicated BRA informs a business’s culture, procedures, policies and checklists at every level of the business.

If Anti Money Laundering or Countering the Financing of Terrorism regulations are breeched it can result in public prosecution and serious damage to a business’s reputation.

When a business’s BRA is fit for purpose, it ensures operational efficiency and safety.

So, it’s in everyone’s interest to get it right.

The 2023 Thematic Review by the IOMFSA Relating to Trust and Corporate Service Providers (“TCSPs”)

The IOMFSA published the findings of phase one of a thematic review relating to Trust and Corporate Service Providers (“TCSPs”) on the 12 July 2023, with Phase 2 Findings published on 30th January 2024.

A Business Risk Assessment questionnaire was sent to a cohort of Island firms to assess how they are meeting their obligations in respect of the Anti-Money Laundering and Countering the Financing of Terrorism (“AML/CFT”) Code 2019.

The phase one report sets out the responses submitted by 106 licence holders, as well as the Authority’s observations on the data and some examples of best practice.

Phase two of the project, consisting of desk-based inspections focusing on a firm’s BRA, sets out the findings, including examples of best practice, case studies, and the Authority’s observations.

The TCSP sector is identified in the Isle of Man National Risk Assessment as one of the highest risk business sectors in the Island. The Authority is conducting the thematic review to test the strength of measures and controls put in place by firms to mitigate Money Laundering and Financing of Terrorism related risks and protect their businesses from potential abuse by criminals.

It also provides an opportunity for the Authority to enhance its engagement with firms and to share the findings and feedback with industry.

We recommend that all firms, whether regulated by the IOMFSA or by the Gambling Supervision Commission, read both phase 1 and 2 reports and take any action necessary to ensure their own risk-based compliance regimes in relation to BRAs are effective, up-to-date, and properly documented.

What Should Be Contained in a Business Risk Assessment (BRA) for an Online Gambling Business?

A BRA should clearly set out the risks a business faces in relation to customers and their activities and explain the basis of the assessment.

It should highlight how much, and what level of risk the business is prepared to take.  Additionally, the BRA should clarify what risk the firm is not prepared to take. 

Other Key Points to Include

  • There should be a documented Risk Appetite Statement or associated Policy. 
  • There should be a documented Anti-Money Laundering / Countering the Financing of Terrorism Policy in place. 

The BRA should:

  • be informed by other risk assessments required by the Gambling Anti-Money Laundering and Countering the Financing of Terrorism Code 2019 (the Code) as well as the Isle of Man National Risk Assessment. 
  • detail the composition of the customer base and where the risks are. For example, how many high & standard risk clients, Politically Exposed Persons split by domestic & foreign and high & standard risk ratings. 
  • incorporate the link to Customer Risk Assessments as a key source of information.   
  • contain evidence of the BRA’s review and approval, for example extracts of Board minutes. 
  • be communicated to the entire business. 
  • have clearly documented reviews and approvals, using a version control. 

Additionally:

  • there should be a process in place to ensure the timely supply of information or documentation requested by the Authority. 
  • there should be a documented Risk Assessment Methodology / Risk Scoring Matrix in place to:
    • assess the inherent risks relevant to the business.
    • identify mitigating factors and controls to manage the impact of the risks.
    • assess the risk impact.
    • assess the effectiveness of the controls in place.
    • assess whether the residual risk is within the documented risk appetite.
    • assess the likelihood / probability of the risks.
    • assess the cumulative risks.

Some Wider Points to Consider

  • If the business is part of a Group, the BRA should consider the specific risks relevant to the Isle of Man licence holder.
  • Any areas for development highlighted in the BRA should be reported to the Board / senior management team. 
  • It’s important to identify whether there any barriers in place to prevent the operation of effective systems & controls. 
  • Record keeping requirements should be followed.  Previous versions of the BRA should be kept for a minimum of 5 years. 
  • If the BRA would be reviewed and updated at a trigger event this should be documented

Important ‘Housekeeping’ tips for Ensuring a BRA Continues to Be ‘Fit for Purpose’.

  • Ensure a regular review of what is in your BRA and that it adequately reflects your business’s appetite to risk
  • Ensure that everything is documented and there is a central store for documents
  • Review who has, and should have, contributed to the BRA
  • Ensure that everyone in the business is aware of the BRA (trickier in larger organisations)
  • Ensure that the BRA has been reviewed in the last 12 months
  • Ensure that the board have taken time to review and digest the BRA in the last 12 months.

Conclusion

As e-gaming and i-gaming enterprises navigate the complex landscape of compliance and risk management, the recent IOMFSA review serves as a poignant reminder of the importance of a well-structured BRA.

Incorporating the insights gained from this review will not only safeguard consumers but also protect against financial crime, fostering and sustaining confidence in all regulated sectors through the vehicle of effective regulation.

While the costs associated with compliance are not insignificant, they pale in comparison to the potential consequences of non-compliance.

The Isle of Man’s regulatory journey stands as a testament to the fact that in the world of e-gaming, understanding, and implementing sound risk assessment practices are not just obligations but essential strategies for long-term success and sustainability.

As businesses look to thrive in the ever-evolving digital gaming sector, the Isle of Man provides a compelling blueprint for achieving both regulatory excellence and operational efficiency.

Impact Professional Services support regulated finance and e-gaming businesses in the Isle of Man with compliance and risk expertise. From license application and procedure documents to one off projects and Independent monitoring and oversight – we’re here to support your navigation of the regulatory landscape.

An initial chat costs nothing. If you’re ready to find more peace of mind when it comes to compliance for your organisation, contact us today – we’d be very happy to help.

Filed Under: Useful Articles

Primary Sidebar

Blog Categories

  • Useful Articles (38)

Latest Blog Posts

Compliance for isle of man accountants key risks & practical solutions featured image

Compliance Challenges for Accountants: Regaining Control and Reducing Risk

Fatca & crs classification what isle of man tcsps need to know

FATCA & CRS Classification: What Isle of Man TCSPs Need to Know

2025 Manx State Of The Nation Highlights And Takeaways

2025 Manx State of the Nation: Highlights & Takeaways

Blog Archives

Footer

Impact hlogo v2

Connect on LinkedIn   Connect on Facebook

Copyright © 2025 · All Rights Reserved. Privacy Policy

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies. Read More
Cookie SettingsAccept
Manage cookie consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT