The gaming and betting sector in Italy represents one of the industries most exposed to money laundering and terrorist financing risks, therefore requiring a particularly stringent system of controls and compliance measures.
At the beginning of 2026, the anti-money laundering regulatory framework for operators in this sector remains complex and continuously evolving, with a progressive strengthening of surveillance and prevention obligations, and several new developments on the horizon.
Navigating this complex stratification of national and European regulations is particularly difficult, especially for small and medium-sized organizations that characterize much of the retail network present throughout the territory.
In this article, we will attempt to clarify and provide a comprehensive overview of regulatory obligations and best practices that should be implemented to avoid incurring sanctionable behaviors and omissions.
Regulatory Framework
Let’s start from the general regulatory foundations.
The anti-money laundering discipline applicable to the gaming and betting sector finds its basis in Legislative Decree No. 231 of November 21, 2007, which transposed the third European directive on preventing the use of the financial system for money laundering purposes. This decree has undergone numerous and significant modifications over the years, particularly through Legislative Decree No. 90 of May 25, 2017, which transposed the fourth anti-money laundering directive (EU Directive 2015/849). More recently, Legislative Decree No. 76 of July 16, 2020 (Simplification Decree) introduced further important updates, including the use of SPID and CIE for customer identification, making the identity verification process simpler and more secure.
For specific legislation dedicated to the gambling sector, we had to wait until 2024, when Legislative Decree No. 41 of March 25, 2024 introduced a comprehensive reorganization of the remote gaming sector. This decree redefined licensing costs for online gaming operators, introduced new rules for Sales and Top-up Points (PVR), strengthened player protection measures and gambling addiction prevention, and provided for the adoption of advanced technological tools, such as artificial intelligence, to monitor gaming activities and prevent illicit behavior.
However, in 2025, Decree-Law No. 95 of June 30, 2025 (converted into Law No. 118/2025, known as the “Economy Decree”) made further amendments to Legislative Decree 231/2007, introducing for the first time, in a structured manner, the risk of financing the proliferation of weapons of mass destruction among the relevant risks for anti-money laundering purposes. This development significantly expands the scope of attention for obligated entities, requiring an update of risk assessment and customer due diligence procedures.
So much for the present, but on the horizon are already visible the first and imminent regulatory developments that are about to impose a new profound transformation on the gaming sector, due to the entry into force of the so-called “AML Package”, approved in May 2024.
This package consists of three main components: the Sixth Anti-Money Laundering Directive (EU Directive 2024/1640), EU Regulation 2024/1624 on the prevention of the use of the financial system for money laundering purposes, and EU Regulation 2024/1620 establishing the Anti-Money Laundering and Counter-Terrorism Financing Authority (AMLA).
The Sixth Directive must be transposed by Member States by July 10, 2027, while the main regulation will become directly applicable from the same date.
Obligated Entities in the Gaming and Betting Sector
Who are the obligated entities in the Gaming and Betting sector?
The Italian legislator identifies gaming and betting service providers as particularly exposed to possible criminal infiltration, imposing stricter controls on them compared to other categories of economic operators.
Specifically, in the gaming and betting sector with cash prizes, the following operators are considered subject to anti-money laundering regulations:
-
Casino operators, representing the most traditional and highly regulated category. These operators must apply customer identification and identity verification measures from the moment of purchasing or exchanging gaming chips or similar, as well as for cashing winnings, when the amount is equal to or greater than 2,000 euros. Casino operators subject to public oversight who identify and verify customer identity at entry to their premises must adopt procedures to link customer identification data to transactions performed.
-
Land-based gaming operators, offering games with cash prizes, i.e., games on VLT (Video Lottery Terminals), bingo and all types of betting (except those falling under sports and horse racing forecast competitions, which are expressly excluded from anti-money laundering regulations). This category includes licensees, distributors and retailers contracted under any title. In land-based gaming, the legislation places customer identification and data retention obligations directly on distributors and retailers.
-
Online gaming and betting operators, offering games and bets with cash prizes through the internet and other telematic or telecommunications networks. This category is subject to obligations even in the absence of authorizations granted by the Ministry of Economy and Finance – Autonomous Administration of State Monopolies, thus extending the scope of the regulation to irregular operators as well.
It is important to note that operators engaged exclusively in: Lotto games, instant or deferred draw lotteries, and forecast competitions are not subject to anti-money laundering regulations. This exclusion reflects an assessment of lower risk associated with these specific types of games, characterized by more standardized and traceable operating methods.
Main Obligations of Operators
Operators authorized by ADM (Customs and Monopolies Agency) must fulfill a series of fundamental obligations, governed by the basic reference legislation and in particular by articles 52-54 of Legislative Decree 231/2007. These obligations fall into three main categories:
- customer due diligence,
- suspicious transaction reporting,
- data and information retention.
Let’s examine them in more detail.
Customer Due Diligence
The due diligence obligation represents the core of anti-money laundering regulations and takes different forms depending on the type of game and distribution channel used.
For online gaming operators, due diligence must be performed at the time of opening or modifying the gaming account.
Operators must identify and verify customer identity using means that ensure the traceability of financial flows connected to gaming operations.
Since November 13, 2025, thanks to the determination of the Customs and Monopolies Agency of November 11, 2025, licensees authorized for remote collection can proceed with the identification of the contracting party/gaming account holder also through digital identification tools with at least second-level security, particularly SPID (Public Digital Identity System) and CIE (Electronic Identity Card). The use of these tools allows automatic acquisition of all information necessary to verify the player’s identity, including name, surname, residence, place and date of birth, tax code, identity document details, phone number and email address.
Identification via SPID or CIE is not mandatory as the possibility remains to proceed with identification through direct acquisition of a copy of front/back of a valid identity document and tax code.
For land-based gaming or through video terminals, distributors and retailers must acquire and retain customer identification data at the time of request or execution of the gaming operation.
The identification obligation applies every time the customer requests or performs, at the same operator, gaming transactions amounting to 2,000 euros or more, regardless of the number of bets placed to reach that amount.
It is essential to emphasize that the identification obligation also applies regardless of the transaction amount in cases where there is suspicion of money laundering or terrorist financing.
Regarding games offered through Video Lottery Terminal (VLT) machines, distributors and retailers must perform due diligence when the nominal ticket value is greater than or equal to 500 euros. However, licensees must ensure that distributors and retailers of VLT machines are equipped with functionality to enable verification of tickets that, while having a nominal value of 400 euros or more, present anomalous characteristics, such as: no winnings (win/wagered ratio = 0), or low percentage ratios between amount won and nominal ticket value (below 20%), between amount wagered and amount inserted (below 20%), or between amount wagered and nominal ticket value (below 20%). These differentiated thresholds reflect the high risk associated with the use of VLTs for money laundering operations, given the speed and ease with which cash can be converted into tickets and vice versa.
For casino operators, customer identification and identity verification must occur when the purchase/exchange of chips or similar and cashing of winnings are of an amount equal to or greater than 2,000 euros. In this case as well, identification is mandatory regardless of amount when there is suspicion of money laundering or terrorist financing.
Data acquired by gaming distributors and retailers must be sent to the reference licensee within 10 days of the transaction.
This timely transmission is essential to enable licensees, who maintain overall responsibility for compliance with due diligence and retention obligations, to exercise effective control over the distribution network.
Suspicious Transaction Reporting
Gaming and betting sector operators are required to submit without delay a suspicious transaction report to the Financial Intelligence Unit for Italy (UIF), when there is suspicion or reasonable grounds to suspect that money laundering or terrorist financing operations are in progress, have been carried out, or have been attempted.
The reporting obligation represents a fundamental instrument of active collaboration between economic operators and authorities, aimed at intercepting and blocking illicit financial flows, which however assigns important responsibilities to obligated entities on an activity subject to margins of discretion and interpretation.
For this purpose, to facilitate the identification of suspicious transactions, the UIF has issued specific anomaly indicators for the gaming sector, contained in the Communication of April 11, 2013.
These indicators describe possible anomalies attributable, from subjective and objective perspectives, to the land-based and/or online gaming sector.
With the Provision of May 12, 2023, effective January 1, 2024, the UIF updated and rationalized the system of anomaly indicators, introducing 34 general indicators articulated in approximately 400 exemplary sub-indices. Among these, codes G01 (anomalous operations related to gaming and betting) and P12 (operations in crypto-assets) can also be used by parties other than gaming service providers who detect suspicious operations attributable to these sectors.
This is a complex framework, but knowledge of it by operators is essential to avoid incurring violations and sanctions.
Some examples of anomalies specific to the gaming sector include:
- Attempts to enter casinos without documents or with counterfeit tickets
- Anomalous closing and opening of gaming accounts (typical of Internet gaming)
- Purchases and returns of large quantities of chips
- Movement of significant amounts on gaming accounts, especially if inactive for a long time
- Gaming transactions of significant amounts or excessively and unjustifiably fragmented
- Frequent use of electronic money instruments, especially non-nominative, for overall significant amounts
- Gaming account top-ups of significant amounts not used or little used for gaming activity, followed by withdrawal or account closure
- Multiple gaming accounts attributable to the same person
- Repeated gaming winnings, especially of significant amounts, made by the same player
- Concentration of winnings at the same gaming operator, especially for significant amounts or over a limited time period
Failure to report suspicious transactions can have significant economic consequences, resulting in an administrative sanction from 1% to 40% of the unreported amount.
Data Retention
Gaming and betting sector operators must ensure the retention of data and information acquired for a period of ten years from the date of acquisition, in compliance with privacy regulations. This long retention period reflects the need to guarantee competent authorities the ability to reconstruct suspicious operations and any illicit activities after the fact.
For online gaming operators, data to be retained includes:
- Customer identification data acquired at the time of opening or modifying the gaming account
- The date, value and payment methods used in each opening/top-up/collection operation on gaming accounts
- The date, time, duration of connection of gaming operations as well as the originating IP address
For land-based gaming and through video terminals, distributors and retailers must retain:
- Customer identification data
- The date of gaming operations, the value and payment methods used for each.
It is important to emphasize that anti-money laundering regulations require that all information collected during player onboarding and identification be stored securely and accessibly, including not only personal data, but also transaction documentation, suspicious activity reports and any other data relevant to regulatory compliance.
Anti-Money Laundering Training and Organization
Since, as evident from what has been said so far, the discretion and evaluation capacity of personnel involved in the obligations is a fundamental element, the legislation specifically mandates training obligations.
Article 16 of Legislative Decree 231/2007, as amended by the law transposing the fourth anti-money laundering directive (Legislative Decree 90/17), requires casino operators and land-based or internet gaming and betting operators to have all employees and collaborators attend periodic specialized anti-money laundering courses.
Anti-money laundering training is a mandatory training path for certain categories of professionals, employees and collaborators, known as “obligated entities”, and is fundamental to ensuring understanding and correct application of laws and regulations concerning money laundering.
Training courses must provide a clear and comprehensive overview of anti-money laundering regulations specific to the casino, gaming and cash prize betting sector.
Topics to be covered include:
- The national and international regulatory framework
- The obligations of the Anti-Money Laundering Officer and Anti-Money Laundering Officers in the gaming, betting and casino sector
- Customer due diligence for the gaming, betting and casino sector
- Remote identification and remote due diligence platforms
- Retention and registration obligations
- Anti-money laundering reporting
- Communication of cash limitation violations
- Administrative and criminal sanctions
Violation of anti-money laundering training obligations results in heavy administrative and criminal penalties for casino operators and land-based or internet gaming and betting operators.
Non-compliance with provisions on organization, registration, procedures (including personnel training) and controls can result in sanctions from 10,000 to 200,000 euros.
Organizational Measures to Ensure Anti-Money Laundering Compliance
Compliance with the complex anti-money laundering regulations requires the definition of an adequate organizational structure and business processes.
This is a particularly critical issue that must reconcile two different but equally important aspects: proper and profitable management of customer care policies aimed at business development, with surveillance, identification and reporting obligations regarding customers and transactions performed.
Given the complexity of the gaming and betting sector supply chain and the multi-level nature of obligations and responsibilities, the development of IT platforms and systems dedicated to anti-money laundering practices is an essential step.
The development of the SmartAML platform and its evolution to the current version 2.0 occurred in response to the complexity of this scenario, and today, with adoption by over 1,500 physical retail points throughout Italy and over 3,500 anti-money laundering cases handled every day, it represents the most widespread and comprehensive solution for controlling this increasingly critical process.