ACMA finds 500+ BetStop breaches across Entain Ladbrokes and Neds brands

An investigation by the Australian Communications and Media Authority (ACMA) has identified more than 500 breaches of Australia’s national self-exclusion framework by Entain, putting the spotlight on how effectively compliance systems operate across multi-brand wagering businesses.

The issues were found across Entain’s Australian brands, Ladbrokes and Neds. Customers who had registered with BetStop-the country’s central self-exclusion register were still able to access betting services or keep accounts open. The volume of breaches, and the fact that some persisted over extended periods, suggests this was not a one-off failure but a deeper systems issue.

This follows a broader pattern of enforcement, with the regulator previously taking action against multiple operators in similar cases, ACMA Takes Enforcement Action Against Six Wagering Providers Over BetStop Breaches, highlighting that compliance failures around self-exclusion are not isolated incidents.

Where the System Broke Down

At the centre of the problem was account matching. The regulator found cases where individuals held multiple accounts that were not properly linked within Entain’s systems. That disconnect meant some users who had chosen to self-exclude were still able to gamble through secondary accounts, sometimes for months.

This is a familiar pressure point for large operators running multiple brands. Customer data is often spread across different platforms, and unless identity resolution is tightly integrated, gaps can emerge. Small inconsistencies, such as variations in names, email addresses or incomplete records, can be enough to prevent accounts from being correctly matched.

There were also failures at the onboarding stage. In some cases, new accounts were opened by customers who were already on the BetStop register. That points to weaknesses not just in monitoring existing accounts, but in applying exclusion checks at the point of entry, where they matter most.

More Than Just a Technical Issue

The investigation didn’t stop at account controls. Entain was also found to have fallen short in how it promoted BetStop in its customer communications, which is a mandatory requirement under Australian regulations.

While this side of compliance is less complex from a systems perspective, it still reflects how well regulatory obligations are embedded across the business. In this case, it suggests gaps in marketing processes and CRM execution, rather than pure technology failure.

A Softer Regulatory Approach for Now

Instead of issuing a financial penalty, the ACMA has accepted a court-enforceable undertaking from Entain, which will run for 18 months. As part of this, the company must carry out an independent review of its compliance systems and implement any recommended changes.

There may be no immediate fine, but the undertaking carries legal force. If Entain fails to meet its commitments, the consequences could escalate quickly. In effect, the regulator has opted for supervision over punishment at least at this stage.

What This Means for Operators

For the wider industry, the takeaway is fairly direct. Regulators are no longer satisfied with operators having the right policies on paper. They want to see that those controls actually work, consistently, across every brand and every system.

For multi-brand operators in particular, that raises the bar. Self-exclusion needs to operate as a single, unified control, not a series of brand-level checks. That requires stronger data integration, real-time syncing between platforms, and more reliable identity matching.

Fixing this is unlikely to be quick or cheap. It often means reworking how customer data is structured across the business, investing in better infrastructure, and tightening internal audit processes.

At the same time, enforcement in Australia is expanding beyond operators alone, ACMA Blocks 19 Illegal Gambling Sites in Australia, signalling a broader regulatory push targeting both compliance failures and illegal market activity.

More broadly, the case reflects a shift in how compliance risk is being assessed. It’s no longer just about whether safeguards exist, but whether they hold up under the complexity of real-world operations. For operators with multiple brands, that complexity is exactly where the pressure is now building.

Source: ACMA