The Registrar’s Standards for Internet Gaming (the “Standards”) are risk-based and outcome-focused.
Risk-based refers to the regulatory risks underlying the Standards. It is expected that by achieving the regulatory objectives reflected in the Standards, the registrant’s established control environment will address these regulatory risks.
Outcome-focused means that our Standards emphasize the results that igaming operators and GRSs are expected to achieve, rather than prescriptive activities that must be carried out. Accordingly, we expect operators and GRSs to have effective control activities in place to achieve the outcomes set out in the Standards.
This focus on risks and outcomes in the Standards provides greater flexibility for individual operators and GRSs to design control activities that fit their business operations and then to adapt those controls quickly and cost-effectively as those operations change over time – always ensuring that our outcome-based Standards are being met. It also means that our regulatory program maintains its relevance, even in sectors where change is fast paced, including where technology is deeply integrated in how the business is delivered.
The igaming compliance program is also risk and outcomes-based, and that has important implications for operators and GRSs as described below.
Operators and GRSs are expected to be familiar and in compliance with all requirements of the Gaming Control Act 1992 and all Standards that are relevant and applicable to them, given their type of business, role, and the products and services they provide.
For example: almost all of the Standards will apply to an igaming operator and their platform provider, while GRSs who run critical gaming systems or independent integrity monitors (IIM)2 in sport and event betting will be subject to more focused subsets of the Standards.
Information on which standards might be commonly applicable to different types of registrants is provided in Appendix B. This information is for general guidance purposes only and should not be taken as conclusive direction from the AGCO. The circumstances of each registrant are different and registrants are responsible for identifying the standards and requirements that apply to them.
The AGCO’s regulatory framework provides greater flexibility but also comes with heightened accountability for those we regulate. We expect igaming operators and GRSs to have control environments in place that are consistently capable of achieving the AGCO’s regulatory outcomes and that they:
Provide the AGCO with key indicators, information, and documentation to support our understanding of their risk profile.
Our compliance approach involves working collaboratively with operators and GRSs to maintain or, if necessary, re-establish compliance. Where regulatory expectations are not met, the AGCO may use a full spectrum of compliance responses to achieve those goals, including education, warnings, financial penalties, suspensions, and, in the most serious cases, revocations. In cases where severe incidents occur, the AGCO will act proportionately to ensure the public is protected.
Once an application is received, the AGCO assesses risks associated with that application. Considerations include operational and regulatory experience in other jurisdictions, track record of compliance, the applicant’s gap analysis with respect to the Standards (see below), and issues or concerns about individuals or technology. That risk assessment becomes part of the applicant’s ongoing compliance profile and will be used by our compliance teams to inform their monitoring activities.
As part of the registration process, all applicants must confirm they will abide by the Standards. This includes confirming that goods, services, and technology deployed by or provided to the applicant by third party GRSs will be in compliance.
In addition, because of their central role, operators are asked at this stage to submit an analysis of their current controls, processes, technology, etc., against the Standards, to identify any gaps, and provide evidence that they have developed a plan to address those gaps. This gap analysis also becomes part of the applicant’s ongoing compliance profile.
The Technology Regulation and iGaming Compliance Branch’s responsibilities include:
Identifying compliance themes and priorities that will be special areas of interest and focus for the AGCO and its compliance teams; and
Designing effective, targeted, and proactive compliance and risk mitigation activities to address these themes and priorities.
Our compliance priorities will be assessed and updated as the environment evolves. From time to time, the AGCO will communicate additional areas of interest and focus to operator and GRSs to help increase operational awareness.
While registrants are required to comply with the Gaming Control Act, 1992 and all relevant Standards, the following are some of the priority areas from the Standards that the AGCO will be paying particular attention to as we assess applications and review each operator’s Control Activity Matrix and Technology Compliance Confirmation (see Section 3), and then as we monitor ongoing compliance once the Ontario market is underway.
Priority |
Description |
---|---|
Effective Internal Control Environment |
|
Responsible Gambling |
|
Game Design and Integrity |
|
Suspicious or Criminal Activities |
|
Minors |
|
Security and Privacy |
|
In addition to the priorities identified in the table above, we will be closely monitoring for:
2 IIMs receive, assess, and distribute unusual/suspicious betting alerts to entities with which they have an information sharing relationship, including their member sport and event betting operators, the AGCO, and the relevant sport/event governing body. In addition, as directed by the Registrar, IIMs are responsible for facilitating collaboration and information sharing to support the investigation of, and response to, prohibited activity associated with suspicious betting. IIMs may provide their services to, among others, regulators, operators, or gaming related suppliers, but must not have any perceived or real conflicts of interests in performing their role (such as acting as an operator or oddsmaker).