How to Report Suspected Money Laundering and Illegal Gambling Websites to the AMLC and NTC (Philippines)

How to Report Suspected Money Laundering and Illegal Gambling Websites to the AMLC and NTC (Philippines)

This practical legal guide explains what to report, where to report, and how to do it correctly—with step-by-step playbooks for citizens, compliance officers, and ISPs. Philippine law is cited in plain language. This is general information, not legal advice.

1) Why this matters—and who does what

  • AMLC (Anti-Money Laundering Council) is the Philippines’ financial intelligence unit (FIU). It receives and analyzes reports on suspicious/covered transactions, conducts investigations, applies for freeze/bank-inquiry/forfeiture orders, and coordinates domestically and abroad. The AMLC enforces the Anti-Money Laundering Act (AMLA), R.A. 9160, as amended (notably R.A. 9194, 10167, 10365, 10927 for casinos, 11521, among others).
  • NTC (National Telecommunications Commission) regulates telcos and ISPs under R.A. 7925 and related issuances. It can order or facilitate blocking of unlawful online content (e.g., illegal gambling sites) consistent with due process, court/competent authority directives, and the Cybercrime Prevention Act (R.A. 10175).
  • Illegal gambling is criminalized (e.g., P.D. 1602, as amended by R.A. 9287 on numbers games), while unauthorized online gambling implicates PAGCOR’s charter (P.D. 1869, as amended), and other penal/special laws. Illegal gambling proceeds are potential “dirty money,” making money laundering and AML reporting relevant.

2) Key legal concepts (in one page)

  • Covered Persons (AMLA): banks, non-bank financial institutions, money service businesses, securities/broker-dealers, insurance entities, casinos (R.A. 10927), certain DNFBPs, and others designated by law/regulators.
  • Covered Transaction Reports (CTR): generally, cash/monetary instrument transactions exceeding statutory thresholds (for many covered persons, ₱500,000 in one banking day; for casinos, ₱5,000,000 or equivalent single/linked transactions). Check your sector’s specific rules.
  • Suspicious Transaction Reports (STR): regardless of amount when “red flags” exist (e.g., unusual/structuring, no lawful purpose, use of nominees/shells, links to unlawful activities including illegal gambling).
  • Safe harbor: Covered persons and their officers/employees who submit reports in good faith are shielded from civil/criminal liability under AMLA.
  • Confidentiality: STRs/CTRs are confidential. AMLC typically won’t confirm or discuss investigations with the public.
  • Website blocking: NTC can direct ISPs to restrict access upon lawful basis (e.g., court/competent authority order, inter-agency directives). Expect due-process safeguards, especially for domain owners/operators.

3) What to collect before you report (evidence checklist)

A. Website/technical details

  • Full URL(s), known mirror domains, and access dates/times (PH time).
  • Screenshots of home pages, sign-up/“deposit” pages, and any disclaimers (include visible URL + timestamp in the capture).
  • WHOIS/domain metadata (registrar, registration date) and any hosting/IP indicators (from lawful, public tools only).
  • Any advertising or social-media posts linking to the site.

B. Money flow artifacts

  • Bank/e-wallet/over-the-counter receipts; transaction IDs; account names/numbers; narratives/remarks fields.
  • Crypto: wallet addresses, TX hashes, network, time, and amounts captured from a blockchain explorer.
  • Chat/email instructions on how to pay (do not intercept communications; avoid violating R.A. 4200 Anti-Wiretapping).

C. Parties and context

  • Usernames/handles, referral codes, affiliate links.
  • Any representation about PAGCOR licensing or “offshore” status.
  • For businesses: internal logs, onboarding/KYC notes, risk flags.

D. Preserve integrity

  • Keep original electronic files; compute a hash (e.g., SHA-256) and record the hash + timestamp in a simple chain-of-custody log (who collected, when, where stored).

4) Where to report—and how

4.1 Report to the AMLC

Who should file what

  • Covered persons (banks, MSBs, casinos, VASPs, etc.):

    • File STRs/CTRs through the AMLC’s goAML/AMLC Portal within regulatory timelines (commonly within five (5) working days, or your sector’s prescribed period).
    • Use your internal AML compliance workflow: case file, approvals, quality checks, KYC/EDD documents attached.

  • Non-covered persons / citizens / victims / whistleblowers:

    • Submit an information referral/complaint to AMLC with your evidence pack. Provide your contact information for follow-ups (anonymous tips are often received, but traceable contact helps).

AMLC submission essentials

  • Subject/Title: “Referral: Suspected Illegal Online Gambling and Money Laundering – [Site/Operator].”
  • Allegations: Clear, numbered facts; how the site operates; why it’s likely unlicensed and laundering proceeds.
  • Transactions: Tabulate dates, amounts, channels, counterparties, account/wallet identifiers, and narratives.
  • Legal hook: Cite relevant laws in plain terms (e.g., suspected violations of P.D. 1602/R.A. 9287 and AMLA).
  • Relief sought: Financial intelligence analysis, dissemination to law enforcement/regulators, asset-freezing where warranted, and domestic/foreign coordination.
  • Attachments: Evidence list with file names/hashes; chain-of-custody log.

Tip for compliance teams: If you blocked a transaction or filed an internal SAR, include that case ID. If funds are at risk, note any “hold” placed per your customer agreement/regulatory guidance.

4.2 Report to the NTC (for site blocking/ISP action)

Who

  • Any person, company, or government agency affected, as well as covered persons and ISPs escalating for coordinated action.

What you file

  • A sworn complaint/request (notarized if possible) addressed to the NTC (Central Office or Regional Office with jurisdiction), attaching your evidence.
  • Identify the URL(s)/domain(s)/IP(s), narrate why they are illegal gambling fronts (e.g., claim of PAGCOR license is false, no PH authorization, accepts PH bettors), and how access harms the public.

What NTC can do

  • Evaluate the referral; coordinate with PAGCOR, DOJ-Office of Cybercrime, PNP-ACG, NBI-CCD, DICT/CICC; and, upon lawful basis, direct ISPs to block access to listed domains/URLs/IPs (including mirrors) with specified compliance timelines.
  • Due process: Operators may contest; NTC typically relies on court/competent authority orders or inter-agency validation to guard against over-blocking.

Good practice

  • Keep the list precise (exact URLs) and updated; flag mirrors and redirectors; request periodic revalidation to address domain hopping.

5) Optional—but smart—cross-reports

  • PAGCOR: to confirm license status and request enforcement for unlicensed online gaming targeting PH residents.
  • PNP-Anti-Cybercrime Group / NBI-Cybercrime Division: for criminal investigation, seizures, arrests.
  • BSP/SEC/IC (for supervised institutions), VASPs/e-wallets/banks that processed deposits/withdrawals: request internal reviews, freezes, or KYC re-verification per their rules.
  • Domain/hosting providers (lawful, terms-based takedown requests), and ad platforms carrying the promotions.

6) Step-by-step playbooks

A) Quick path for a private citizen or victim

  1. Collect: URLs, screenshots (with timestamps), payment receipts/records, chat instructions, TX hashes.
  2. Write a short narrative: who, what, when, where, how much, how you found the site, why you think it’s illegal.
  3. File with AMLC: submit a referral/complaint with attachments.
  4. File with NTC: sworn request for blocking (cite public harm, attach evidence).
  5. Optional: file a criminal complaint with PNP-ACG/NBI-CCD; alert your bank/e-wallet and ask about dispute/freeze procedures.

B) For compliance officers of covered persons

  1. Open a case in your AML system; preserve evidence; risk-rate the customer/transaction.
  2. STR/CTR via AMLC goAML within the prescribed timeline; link transactions, add red-flag indicators.
  3. Parallel referrals: AMLC (narrative + evidence), NTC (for blocking), PAGCOR (license check), and law enforcement if needed.
  4. Immediate controls: enhanced due diligence, account reviews, temporary holds per law/contract, monitor for structuring or mule behavior.
  5. Document everything: decision memos, approvals, timestamps, and safe-harbor note.

C) For ISPs/hosting/CDNs (Philippine-facing)

  1. Triage: confirm the request source (court/NTC/competent authority/customer).
  2. Log and preserve: access logs relevant to the request, consistent with privacy/data-retention law.
  3. Implement blocks only upon lawful direction; narrowly tailor to listed domains/URLs/IPs; maintain an allow/deny record and expiry/review dates.
  4. Notify: internal legal/compliance; establish appeal/unblock channels for mistaken listings.

7) Templates you can adapt

7.1 AMLC referral cover (citizen or corporate)

Subject: Referral – Suspected Illegal Online Gambling & Money Laundering (Site: [domain])

To the Anti-Money Laundering Council:

I am submitting information concerning [domain/brand], which appears to operate illegal online gambling targeting Philippine residents and to launder its proceeds.

Facts:
1) As of [date/time PH], the website at [full URL] solicits bets from users in the Philippines. Screenshots (Annexes A–C) show deposit channels and payout methods.
2) Payments were made/solicited via [bank/e-wallet/crypto], with the following details: [tx table or Annex D].
3) The operator claims [license text]. [If applicable] PAGCOR’s public materials do not show this entity as licensed.

Legal Concern:
These activities appear to violate laws against illegal gambling (e.g., PD 1602 as amended by RA 9287; PAGCOR charter) and constitute predicate offenses to money laundering under the AMLA.

Request:
Kindly evaluate, disseminate intelligence to law enforcement/regulators as appropriate, and consider asset-freezing/other measures. I am available for follow-up at [contact].

Attachments:
Annex A – Screenshots; Annex B – WHOIS/domain info; Annex C – Payment records; Annex D – Chain-of-custody log.

[Name, signature, date]

7.2 NTC request for blocking (sworn complaint)

Subject: Request to Restrict Access to Illegal Online Gambling Website(s)

To the National Telecommunications Commission:

I respectfully request the blocking/restriction of the following domains/URLs/IPs:
1) [domain1], [specific paths if needed]
2) [domain2], [mirrors/redirects]

Grounds:
The above facilitate illegal online gambling targeting Philippine users. Evidence (Annexes) shows solicitation of bets and payment channels. Blocking will mitigate ongoing harm while competent authorities proceed.

Relief:
Please coordinate with ISPs and relevant agencies (e.g., PAGCOR, DOJ-OOC, PNP-ACG) and, upon lawful basis, direct the restriction of access including mirrors/redirectors.

[Sworn statement, signature, date, notarization details]

8) Digital-evidence hygiene (that courts and regulators respect)

  • Do not hack or access systems without authority. Only capture what is publicly visible or lawfully provided to you.

  • Use original files (PNG/JPG/PDF/CSV), avoid recompression.

  • Hash files (e.g., SHA-256) and keep a chain-of-custody table:

    • Column headers: Item, Description, Source/URL, Date/Time (PH), Collected by, Hash, Storage location, Transfers (who/when).

  • Time-sync your device; note Asia/Manila time in all records.

  • Redact by default when sharing broadly; provide unredacted versions only to competent authorities over secure channels.

9) Frequently asked questions

Q1: Can ordinary citizens file STRs? No. STRs/CTRs are for covered persons via the AMLC reporting portal. Citizens can file referrals/complaints with AMLC and separate criminal complaints with law enforcement.

Q2: Is illegal online gambling a predicate offense to money laundering? Yes, where the unlawful gambling activity is an offense under Philippine law. Proceeds of such unlawful activity, when transacted to conceal or disguise origin/ownership or to facilitate the offense, can constitute money laundering under the AMLA.

Q3: Will I get updates from AMLC? Unlikely. Confidentiality rules restrict disclosures. You may receive an acknowledgment; investigations and inter-agency actions are typically non-public.

Q4: Can NTC block a site without a court order? Expect NTC to act upon lawful basis—often a court/competent authority directive or inter-agency validation—balanced against due-process and over-blocking risks. Your sworn, well-documented complaint helps trigger coordinated action.

Q5: What if the site is “offshore”? AMLC can coordinate via Egmont-style FIU channels; law enforcement can use MLATs and international cooperation. NTC/ISPs can still restrict local access to domains/URLs/IPs.

Q6: Can I stay anonymous? Anonymous tips are commonly received by agencies, but investigations may benefit from reachable contact details. If you fear retaliation, discuss options such as DOJ’s Witness Protection Program with counsel; there is no single, omnibus whistleblower law applicable to all situations.

10) Common mistakes that delay action

  • Vague reports (“this looks shady”) without URLs, timestamps, or payment proof.
  • Mixing opinion with fact; keep allegations factual and link them to exhibits.
  • Sending edited/annotated screenshots only; include originals too.
  • Mass lists of domains without evidence that they actually target PH users.
  • For compliance teams: late STRs/CTRs and missing risk rationale.

11) Quick compliance crib notes (by sector)

  • Banks/e-wallets/VASPs: monitor for structuring, mule accounts, rapid in-out flows, third-party deposits, crypto on/off-ramps tied to gambling brands; KYC refresh and EDD for gaming exposure; sanctions screening as usual.
  • Casinos (incl. online/remote gaming authorized in PH): align with R.A. 10927 rules; watch chips-in/chips-out (or their digital analogs), third-party cash, junket/affiliate flows.
  • Payment gateways: merchant onboarding and continuous monitoring; verify PAGCOR authority if a merchant indicates “gaming.”
  • ISPs/hosts: maintain blocking execution playbooks, appeal processes, and audit trails for any technical restrictions.

12) Final reminders

  • Laws and agency procedures evolve. Confirm the current filing channels and timelines with AMLC/NTC or your regulator.
  • When in doubt, file. Good-faith reporting is encouraged; preserve evidence and protect your safety.
  • Consider consulting Philippine counsel—especially if you represent a covered person, an ISP, or a payment provider facing potential exposure.

Annex A — Minimal evidence pack (one-pager)

  • 3–5 key screenshots (homepage, deposit page, payout page, T&Cs).
  • URL list with access times (PH).
  • Transaction table (date, amount, channel, account/wallet, TX ID).
  • WHOIS/domain printout.
  • Chain-of-custody and hashes.

Annex B — Sample transaction table

# Date/Time (PH) Channel Amount Reference/TX From/To (Acct or Wallet) Notes
1 2025-08-10 14:32 [Bank/E-wallet] ₱5,000 [Ref123] [Acct/Wa-…] Deposit to [domain]
2 2025-08-12 21:04 Crypto (USDT TRC-20) 200 [TX hash] [Wallet…] Payout

If you’d like, I can turn your facts into ready-to-file AMLC and NTC documents (with your names/details left blank for privacy) and a chain-of-custody log you can print.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login