BetMGM fined US$100,000 in Pennsylvania for failure to prevent fraudulent behavior
The Pennsylvania Gaming Control Board on Wednesday approved a consent agreement presented by the Office of Enforcement Counsel, resulting in a US$100,000 fine to BetMGM.
The board agreed that BetMGM failed to put sufficient procedures in place to prevent fraudulent behavior on its BetMGM and Borgata wagering platforms.
This included insufficient know-your-customer protocols that allow for the creation, access and use of multiple accounts by people using personal identifying information of other people, and the funding of those accounts using stolen or fraudulently obtained payment devices.
The consent agreement identified four fraud rings that:
- Operated for about 25 months until January 2024 with 1,567 accounts created using personal identifying information of other people and US$229,580 of combined wagering.
- Operated for about 34 months until November 2024 with 34 accounts created using personal identifying information of other people and more than US$14,598 of combined wagering.
- Operated for about 29 months until November 2023 with 119 accounts created using personal identifying information of other people and US$895,092 of combined wagering.
- Operated for about 19 months until December 2023 with 304 accounts created using personal identifying information of other people and US$867,910 of combined wagering.
Copies of the approved consent agreement containing additional details is available upon request through the Board’s Office of Communications.
Also Wednesday, the board placed four patrons on the state’s Involuntary Casino Exclusion list for leaving minors unattended while they gambling in casinos.
Verticals:
Sectors:
Topics:
Dig Deeper
Related stories
2025/08/12: QuestBet fined AU$80,000 for failure to protect players
2025/05/16: PointsBet fined AU$500,000 for gambling advertising spam
2025/07/30: Betfair fined over AU$871,000 by Australian regulator for gambling violations
2025/09/29: New Zealand influencers fined NZ$125,000 over online gambling promotion
2025/08/12: QuestBet fined AU$80,000 for failure to protect players
2025/05/16: PointsBet fined AU$500,000 for gambling advertising spam
2025/07/30: Betfair fined over AU$871,000 by Australian regulator for gambling violations
2025/09/29: New Zealand influencers fined NZ$125,000 over online gambling promotion
The Backstory
Why a $100,000 fine lands in a bigger compliance story
Pennsylvania’s six-figure penalty against BetMGM for failing to stop organized account fraud is the latest entry in a widening ledger of enforcement actions that increasingly target the operational plumbing of online gambling — know-your-customer checks, marketing governance and harm-minimization systems. Regulators from the United States to Australia and the Isle of Man are pressing operators to prove they can identify customers, respect self-exclusion, intervene with at-risk players and keep illicit funds out. The common thread: regulators are shifting from headline-grabbing misconduct to the routine controls that determine whether a platform is safe and legal at scale.
Although each case turns on specific statutes, the arc is similar. When controls fail, regulators are moving quickly, levying sizable fines, ordering remediation and, in some jurisdictions, taking licenses. That posture raises near-term costs for operators and could reshape product design, affiliate oversight and VIP marketing. It also signals that investors should watch not just growth metrics but the durability of compliance systems under real-world stress.
Warning signs regulators now expect operators to catch
One key pillar is the requirement to detect and respond to visible signs of distress or abuse. In Australia, the Victorian Gambling and Casino Control Commission fined bookmaker QuestBet AU$80,000 after finding it failed to act when a customer repeatedly flagged losses and asked for bonus credits over several weeks in 2023. Rather than intervene with limits or support tools, the bookmaker offered incentives on multiple occasions, according to the regulator’s findings. The episode, detailed in a regulator summary of QuestBet’s penalty for failure to protect players, underscores a cultural and systems gap that watchdogs say cannot persist in a mature market.
The Victorian case also lines up with the regulator’s own public messaging. The commission has framed the matter as a failure of “adequate systems to protect at-risk players,” consistent with its media release outlining the AU$80,000 sanction. The takeaway for operators is that frontline decisions — whether to extend bonuses, how to respond to a customer’s plea, when to escalate to responsible gambling staff — now carry enforcement exposure, not just reputational risk.
Self-exclusion and spam: marketing lapses with legal consequences
Marketing compliance has become another flashpoint. Australia’s federal communications regulator has repeatedly penalized betting firms for contacting people who did not consent to promotions or had explicitly opted out. The Australian Communications and Media Authority found sports betting company PointsBet sent hundreds of messages that breached the country’s spam laws, including to people on BetStop, the national self-exclusion register launched in August 2023. The agency imposed a AU$500,000 fine, as reported in coverage of PointsBet’s advertising spam case. ACMA noted its concern that self-excluded customers received marketing, a point reiterated in ABC News reporting on the enforcement.
The pattern did not stop there. Betfair paid AU$871,660 after ACMA found it sent promotional messages to VIPs who had not consented or had withdrawn consent, with some communications lacking an unsubscribe option. The penalty, documented in reporting on Betfair’s fine for spam violations, also placed Betfair under a two-year enforceable undertaking that requires independent reviews, audits and staff training. ACMA’s official account of the case, including the undertaking’s terms, is contained in its investigation report and enforceable undertaking.
The through line to Pennsylvania is straightforward. Whether the trigger is a self-exclusion breach or fraudulent account creation, regulators are focusing on process integrity — consent capture, unsubscribe mechanics, customer identity checks and exception handling — where failure typically reflects weak systems rather than isolated employee error.
AML rigor and third-party risk under the microscope
Beyond customer safeguards, anti-money laundering and counter-terrorism financing standards are tightening, with regulators scrutinizing not only direct operations but also partner networks. The Isle of Man Gambling Supervision Commission levied a £3.9 million penalty against Celton Manx, the holding company behind Asia-facing SBOBET, for AML/CFT violations and accepted the surrender of its license in May 2025. Investigators found the company failed to ensure its network partners met Isle of Man standards, and identified shortcomings in customer verification, enhanced due diligence for high-risk clients and suspicious activity processes. Details are outlined in coverage of the SBOBET holding company’s AML failures, as well as the regulator’s public statement on Celton Manx and the applicable Gambling AML/CFT Code 2019.
The Celton Manx case shows how third-party exposure can cascade into headline risk and material penalties if oversight is weak. For U.S. operators that lean on affiliates, data vendors or payment partners, the message from offshore regulators is relevant: you are on the hook for consistent standards across your ecosystem. In practice, that means mapping data flows, testing partner controls and documenting escalation paths when red flags arise.
Influencers, offshore brands and the gray-market squeeze
Enforcement is also targeting the marketing edges where offshore casinos and social channels meet local consumers. In New Zealand, the Department of Internal Affairs fined four influencers a combined NZ$125,000 for illegally promoting overseas casinos and penalized Curacao-based operator Spinbet for advertising to a prohibited audience. The crackdown, covered in reporting on New Zealand’s influencer penalties, arrives ahead of 2026 legislation that will create a licensed online market and raise the ceiling on fines for unlicensed operators. The broader effect is to narrow the gray zone that offshore brands have long exploited via social media, making compliance with local advertising rules a strategic requirement rather than a legal footnote.
For licensed operators, that means increased scrutiny of affiliate content, influencer deals and geo-targeting controls. For regulators, success in this arena reduces consumer confusion between licensed and unlicensed offerings and shores up the credibility of responsible gambling tools that do not apply offshore.
The stakes for U.S. sportsbooks: controls as a competitive edge
Back in Pennsylvania, the BetMGM case centers on KYC gaps that allegedly allowed fraud rings to create and fund hundreds of accounts with stolen identities and payment instruments across multiple months. That type of failure can ripple far beyond a single consent agreement. It invites tighter board oversight, pushes vendors to prove their fraud models can spot synthetic IDs and device sharing, and raises questions about incident response times when patterns emerge.
It also lands alongside the state’s willingness to sanction irresponsible behavior at brick-and-mortar venues, where the board recently placed four patrons on the involuntary exclusion list for leaving minors unattended — an action reported by industry outlet CDC Gaming in coverage of the exclusion orders. The pairing of online fraud enforcement with on-property accountability signals a holistic approach to consumer and market integrity.
The lesson from parallel actions abroad is that the cost of inadequate controls is rising. Australian regulators have shown they will punish intrusive or unlawful marketing, even when companies self-report, as seen in the PointsBet and Betfair cases. Victoria’s fine against QuestBet for missing distress signals shows responsible gambling obligations have teeth. The Isle of Man’s action against SBOBET’s holding company illustrates AML expectations that extend to partner networks.
For U.S. sportsbooks, investing in identity verification, device fingerprinting, payment screening and rapid escalation is no longer just a compliance exercise. It is a competitive differentiator that can lower fraud losses, reduce regulatory exposure and protect brand equity. As regulators deepen their focus on day-to-day controls, operators that build auditable, proactive systems — and can show they work under pressure — will be better positioned for growth than those reacting after the fact.
