The Gambling Commission said the operator’s automated monitoring failed to trigger timely interventions, a warning that will land well beyond gambling compliance teams and into the wider world of payments risk controls.
Paddy Power Betfair will pay £2m ($2.67m) to the UK Gambling Commission after an investigation found social responsibility failures in how customers were identified and contacted when signs of harm emerged.
The settlement covers four remote licensees trading under the Paddy Power and Betfair brands: PPB Entertainment Limited, PPB Counterparty Services Limited, Betfair Casino Limited and TSE Malta LP.
The regulator’s findings focused on late interactions despite what it described as clear indicators of problematic gambling. In one example, a customer deposited £12,000 in 15 days before being identified for review, while another deposited £25,000 in 25 days before any interaction took place.
In separate cases cited by the Commission, one customer lost £12,300 in five weeks before being flagged, and another staked £86,000 over 16 days, losing £6,000, with no manual account review during the period of high-velocity spend.
The Commission also highlighted a case involving extended session behaviour: a customer’s longest session over a 17-day period lasted 7 hours 46 minutes, during which they placed 300+ bets worth £20,000. The behaviour was only identified as a harm indicator after a loss trigger was hit, prompting a manual review.
John Pierce, the Commission’s Director of Enforcement, said the payment “reflects the seriousness of the failings” and accused the operator of leaning too heavily on technology that did not escalate risk early enough.
“Operators must ensure systems to identify and address harm work effectively and at the right time,” he said, warning that “over-reliance on automation and failure to intervene when clear harm indicators are present exposes consumers to unnecessary risk.”
It is the second time the group has faced regulatory action in recent years. The Commission noted that in 2023 it fined the operator £490,000 for marketing to vulnerable consumers, linked to messages sent to self-excluded customers.
Flutter Entertainment, which owns Paddy Power Betfair, said its safer gambling controls have since evolved and pointed to “a next generation customer safety platform” with the “vast majority of checks now happening in real-time”, adding it was confident the issues cited “would not be repeated today”.
When “real-time” becomes a regulatory expectation
While the Commission’s action sits in gambling regulation, the language and the fact pattern will feel familiar to payments and fintech compliance teams. The core criticism is not that monitoring existed, but that it was not sensitive enough, escalations were too slow, and manual review did not cut in when behaviour showed obvious deterioration.
That argument maps closely onto the direction of travel in payments risk and financial crime controls: regulators are increasingly unimpressed by systems that can demonstrate alerts after the fact, but struggle to show timely intervention when the signals are loud. The Commission’s warning on “over-reliance on automation” is, in effect, a reminder that automation is meant to shorten decision cycles, not lengthen them.
“High velocity of spend” and changing patterns are the same kinds of behavioural markers used in fraud and AML monitoring. When a regulator lists examples as concrete as eight-hour sessions and rapid deposits, it is also setting an implicit benchmark for what it expects the ecosystem to detect quickly, including the payment flows that fund the activity.