Open banking has moved from a regulatory experiment into a practical payment rail for online gambling, but its compliance implications remain underappreciated by many operators. For compliance officers and brand owners navigating this shift in October 2025, understanding how account-to-account transfers interact with AML obligations, source-of-funds checks and responsible gambling controls is no longer optional.
What Open Banking Means for Gambling Operators
Open banking allows players to authorise a direct payment from their bank account to an operator's nominated account, bypassing card networks entirely. The payment is initiated through a regulated third-party payment initiation service provider, known as a PISP, operating under frameworks derived from PSD2 in Europe and equivalent legislation in other jurisdictions. For operators, this translates into lower transaction fees, near-instant settlement and a reduction in chargebacks. It also means the operator is receiving funds that originate directly from a verified bank account, which carries specific compliance consequences.
AML and Source-of-Funds Implications
Because each open banking transaction is linked to a named bank account, the payment method inherently provides a layer of identity verification that card payments and e-wallets often do not. The account holder's name returned by the bank can be matched against the player's registered details in real time, strengthening name-matching controls without adding friction.
However, this should not be confused with a complete AML solution. Key considerations include:
- Affordability signals: The bank account link can, with player consent under open banking data-sharing provisions, surface account balance and income data. Operators running enhanced due diligence programmes should explore whether AISP (account information service provider) consent flows can inform affordability assessments at onboarding or during high-volume play periods.
- Third-party funding risk: A player may grant another person access to their bank account or use a joint account. Policies must address how operators detect and respond to payments that appear to originate from a third party, since this is a recognised money laundering typology in gambling contexts.
- Velocity and structuring: Open banking's low friction can enable rapid, repeated deposits. Transaction monitoring rules must account for the speed at which account-to-account payments can be executed, particularly in jurisdictions where deposit limits are self-imposed rather than regulatory.
KYC Integration and Verification Timing
A common operational error is treating the bank account match as a substitute for formal KYC. Regulators in the UK, Netherlands and Malta consistently hold that payment method verification is a complement to identity verification, not a replacement. The practical implication is that operators should complete KYC before allowing open banking deposits above de minimis thresholds, and should record the bank account IBAN or equivalent as a verified funding source in the player's compliance profile.
Where players use multiple bank accounts across different sessions, each new account should trigger a source-of-funds review consistent with the operator's risk-based approach. Flagging this at the system level prevents compliance gaps that only appear during audits.
Responsible Gambling Controls Specific to Open Banking
Open banking removes some of the friction that card processors naturally introduce, such as three-domain secure authentication delays or soft declines. Operators must compensate for this reduced friction at the product level. Practical controls include:
- Mandatory cooling-off periods between successive open banking deposit attempts within a defined time window.
- Real-time deposit limit enforcement that applies before the payment initiation request is sent to the PISP, rather than after.
- Behavioural triggers that escalate a player to a safer gambling review when open banking deposit frequency exceeds defined thresholds.
Regulatory Licensing and PISP Due Diligence
Operators are responsible for the compliance posture of the PISPs they contract with. Before onboarding any open banking provider, compliance teams should confirm the PISP holds appropriate authorisation, review its own AML and fraud controls, and document that assessment in a third-party risk management file. Some gambling regulators are beginning to request evidence of PISP due diligence as part of licence renewal submissions.
Open banking payments offer genuine compliance advantages when implemented deliberately, but the compliance architecture must be built before the payment method goes live, not retrofitted after the first audit finding.
Practical Next Steps for Operators
Operators considering open banking adoption should conduct a gap analysis against their current AML programme, update their payment method risk assessment, and revise their transaction monitoring rule sets before launch. Engaging external compliance specialists who understand both PSD2-derived frameworks and gambling-specific regulatory expectations is the most efficient route to a defensible implementation.



