Registrar's Standards for Gaming
Introduction
The Registrar's Standards for Gaming — Composition
This document includes only the Registrar’s Standards for Gaming, applicable to Casinos and cGaming. This document should be considered separate from the Registrar’s Standards for Gaming: Lottery Sector (as that document includes only Standards applicable to the Lottery Sector) and from the Registrar’s Standards for Internet Gaming (as that document is made up of Standards only applicable to the igaming sector).
The January 2022 version of the Registrar’s Standards for Gaming is replaced and superseded by this document.
The “Standards and Requirements” covered in sections 1 through 6 apply to the casino and cGaming sectors and are divided into the six (6) identified risk themes, under which theme-specific Standard and Requirements are provided. The six (6) identified risk themes which make up the “Common Standards and Requirements” include:
- Entity
- Responsible Gambling
- Prohibiting Access to Designated Groups
- Ensuring Game Integrity and Player Awareness
- Public Safety and Protection of Assets
- Minimizing Unlawful Activity Related to Gaming.
Requirements
For certain Standards, further and more explicit direction is provided through one or more specific “Requirements”. These Requirements establish the minimum obligations a registrant must achieve to fulfill the corresponding Standard.
Guidance
Included as part of a number of the Standards and Requirements is a corresponding section which provides regulatory guidance specific to the given standard or requirement. Guidance serves to provide registrants with greater clarity as to the purpose or intent behind a given Standard or Requirement. If, in the future additional guidance is necessary, the AGCO plans to work in collaboration with industry and other key stakeholders, when necessary, to facilitate compliance, ease of application and to ensure a consistent and shared understanding as to the meaning and intent of the Standards and Requirements.
The Standards-Based Approach
Under the Gaming Control Act, 1992 (GCA) and Regulation 78/12, the Registrar is authorized to establish risk-based standards to regulate Ontario’s gaming sector. The objective of a standards-based regulatory model is to shift the focus from requiring registrants to comply with a specific set of rules or processes, which tend to be prescriptive in nature, towards the broader regulatory outcomes or objectives they are expected to achieve. These regulatory outcomes are reflected in the “Standards” established herein.
In most cases, these Standards are drafted at a high level of generality, with the aim being to capture the purpose behind the rule. This offers greater flexibility for regulated entities to determine the most efficient and effective way of meeting the outcomes required, which in turn helps reduce regulatory burden and support market innovation. Further, the flexibility inherent in a Standards-Based model allows the Alcohol and Gaming Commission of Ontario (AGCO) to focus its resources on key risks and to deliver a modernized approach to gaming regulation in a rapidly evolving industry.
The Standards were developed based on a comprehensive risk assessment conducted in consultation with key stakeholders, including the Ontario Lottery and Gaming Corporation (OLG), and social responsibility groups. The resulting risk themes are outlined in the next section and the risk inventory is attached as Appendix A. Going forward, risk assessments will be conducted periodically to ensure that the Standards continue to be relevant, and that the highest standards of integrity for gaming in Ontario are maintained.
Standards and Requirements for Sport and Event Betting
The AGCO recognizes that Casino Operators may offer sport and event betting. The AGCO has taken an integrated approach where the standards and requirements for sport and event betting are embedded within the Registrar’s Standards for Gaming. This integrated structure means that the Registrar’s Standards for Gaming will generally apply to sport and event betting. The standards and requirements apply to all sports, esports, novelty, betting exchange, and fantasy sports products, and includes various bet types such as single-event, in-game, pool, parlay, and exchange bets. Betting on virtual sports is not a type of sport and event betting, thus standards specific to sport and event betting do not apply.
Registrar's Authority
OLG, Operators, gaming-related suppliers and gaming assistants are required to comply with the GCA and Regulation 78/12. Specifically, Sections 3.8 and 3.9 of the GCA require registrants, employees and other persons retained by OLG to comply with the Standards and Requirements established by the Registrar. The GCA provides the Registrar with the authority to establish Standards and Requirements for the conduct, management and operation of gaming sites, lottery schemes or businesses related to a gaming site or a lottery scheme or for related goods or services.
To Whom the Standards Apply
Standards and Requirements established by the Registrar will apply to OLG and to all Casino and cGaming Operators in Ontario. Additionally, certain Standards and Requirements also apply to registered gaming-related suppliers and gaming assistants.
Specifically, the Standards and Requirements concerning registrants other than OLG and Casino and cGaming Operators are included below.
- Gaming-Related Suppliers:
- 1.1, 1.2, 1.3, 1.4, 1.5, 1.6, 1.7, 1.9, 1.10, 1.11, 1.12, 1.14, 1.15, 1.16, 1.17, 1.18, 1.22, 1.24, 1.25, 1.26, 1.27, 1.28, 1.29, 1.30, 1.31, 1.32, 1.33, 1.34, 1.35, 1.37, 1.38, 1.39, 1.41, 1.42, 1.43, 1.44, 1.45, 1.46.
- 2.4, 2.8, 2.8.1, 2.8.2, 2.8.3, 2.11, 2.11.1.
- 4.2, 4.3, 4.5, 4.6, 4.7, 4.8, 4.10, 4.10.1, 4.11, 4.11.1, 4.11.2, 4.11.3, 4.11.4, 4.13, 4.18, 4.19.
- 5.2, 5.8.
- Registered Non-Gaming-Related Suppliers and Trade Unions:
- 1.1, 1.46.
- Registered gaming assistants:
- 1.4, 1.6, 1.46.
The Registrar may direct any registered supplier or registered gaming assistant to comply with any additional Standards and Requirements, as considered necessary to enhance and preserve the integrity of and public confidence in gaming in Ontario. The Registrar may also propose additional terms of registration specific to an Operator or other registrant to give effect to the purposes of the GCA.
These Standards and Requirements will not apply to lottery schemes conducted and managed by charitable organizations in accordance with section 207(1)(b) of the Criminal Code (Canada) or to suppliers, gaming assistants or other persons engaged in such lottery schemes. Existing standards, policies and terms and conditions will continue to apply to such lottery schemes, until such time as the Registrar determines.
Registrar's Expectations
An Operator’s control environment and operating principles form an integral part of the standards-based framework. This section includes information from the Registrar to help guide Operators in the development and implementation of their control environment, as well as to establish key operating principles from a forward-looking industry perspective.
Control Environment
- Operators will have appropriate and effective control activities in place to meet the Standards and Requirements.
- Operators will develop control activities based on the regulatory risks identified by the AGCO, taking into account how these risks apply or could manifest at their particular gaming site. The AGCO recognizes that control environments will vary across gaming sites based on their specific risk profile and the context in which they carry on business (e.g. urban casino versus rural bingo hall).
- Operators will use control activities that can be audited or periodically reviewed for compliance with the Standards and Requirements, and will use systems-based solutions where appropriate.
- In developing their control environment, Operators will consider the Standards and Requirements in their entirety, as one control activity may be used to mitigate the risks associated with multiple Standards and Requirements.
- Operators shall develop an implementation and compliance plan for review by the Registrar prior to transitioning to a standards-based framework. An Operator’s plan must cover at a minimum the following elements: its process for developing control activities, including any industry standards or good practices it utilizes as part of its compliance framework; its corporate governance structure; the roles and activities of its internal and external auditors; and the timing for each phase of implementation and anticipated full implementation date.
Utilize Established Effective Practices
- Operators are encouraged to adopt industry standards, good practices and governance frameworks established by relevant standards-setting and standards-administering institutes and bodies to support an efficient and effective compliance framework. Similarly, Operators are encouraged to obtain certifications and accreditation, over time, to support continuous improvement of their operations and to contribute a degree of independent validation to their control environment and its design effectiveness.
Oversight and Audit
- An Operator’s control activities must be reviewed by an independent oversight function for compliance with the Standards and Requirements. Independent oversight practices may vary by Operator depending on a number of factors, including the size, structure and complexity of the Operator’s organization. Whatever the case, the Registrar expects that there will be an appropriate role for both internal and external auditors in assessing the ongoing effectiveness and efficiency of internal controls.
- In addition to reviewing controls for compliance with the Standards and Requirements, audits should also take into account whether controls are consistent with appropriate and relevant industry standards, good practices and governance frameworks.
- Operators, gaming-related suppliers, and other registrants will facilitate any investigation conducted under the Gaming Control Act, 1992, and will grant appropriate access to AGCO OPP Casino Enforcement Unit and any individual with a certificate of appointment from the Registrar.
Definitions
Words and phrases in these Standards and Requirements shall have the same meaning as in the GCA and Regulation 78/12, unless indicated otherwise.
- AGCO means the Alcohol and Gaming Commission of Ontario
- A Bet is an amount risked in a wager.
- Board refers to either the entire Board of Directors of an Operator or gaming-related supplier (as the case may be) or a committee of the Board that has been delegated a particular element of Board oversight (e.g. audit, compliance, etc.) For purposes of clarity, “Board” does not include the OLG Board unless the gaming site is operated by OLG.
- Casino is a type of gaming site in which lottery schemes conducted and managed by OLG are played in a physical premises that is not a cGaming site.
- cGaming or cGaming site is a type of gaming site maintained for the purpose of offering lottery schemes conducted and managed by OLG, a portion of whose profits are shared with eligible charitable organizations.
- Controls or control activities are the individual policies, procedures, business processes, monitoring systems, structures, accountabilities, tools and instruments, etc., that comprise the control environment management establishes to address the regulatory risks identified by the AGCO and achieve the regulatory objectives reflected in the Standards and Requirements.
- A Dual authorization access system is an approach to granting access whereby two or more authorized individuals must operate in concert in order to authorize an individual to obtain access to a sensitive area.
- Eligible individuals are those persons who are not prohibited from accessing gaming sites or playing lottery schemes under Standards 3.1 or 3.2.
- Fantasy Sports are any pay-to-play sport betting product (fantasy sports contests are considered a type of sport betting for the purpose of these Standards) provided by an Operator wherein consumers can assemble a virtual team composed of real players in a given sport and compete against other virtual teams based on the performance of those players in real matches.
- Esports are video games played competitively; eSports are considered a sport for the purpose of these Standards.
- FINTRAC means the Financial Transactions and Reports Analysis Centre of Canada.
- Free-to-play games refer to games, typically offered for promotional purposes, that provide players the option to play without paying or betting.
- Gaming-related supplier means a person who manufacturers, provides, installs, tests, maintains or repairs gaming equipment or who provides consulting or similar services directly related to the playing of a lottery scheme or the operation of a gaming site.
- Gaming site means a premises or an electronic channel maintained for the purpose of playing or operating a lottery scheme.
- Gaming supplies refers to gaming equipment that could influence or is integral to the conduct, management or operation of a lottery scheme.
- Gaming system includes hardware, software, applications and all associated components of gaming supplies and the technology environment.
- GCA means the Gaming Control Act, 1992.
- Independent Integrity Monitor is any supplier registered by the Registrar to perform the Independent Integrity Monitor role pursuant to Standard 4.19, which provides services to, among others, regulators, or Operators to receive, assess, and distribute unusual/suspicious betting alerts and has the expertise to analyze and evaluate the accuracy and severity of received unusual/suspicious betting alerts.
- Independent oversight function has the meaning ascribed to it in Standard 1.2.
- Live Table Games refers to a game which requires a “live” dealer, where the dealer may have a potential impact on the outcome of the game.
- Lottery scheme has the same meaning as in subsection 207(4) of the Criminal Code (Canada).
- Manual controls are non-system, human-performed control activities.
- A Metamorphic game is a game where features or prizes are triggered by the cumulative result of a series of plays.
- Novelty Events are any bet placed on a non-sporting event where real-world factual occurrences are the contingency on which an outcome is determined and in accordance with Standard 4.21.
- OLG means the Ontario Lottery and Gaming Corporation. For purposes of these Standards and Requirements, OLG is also an Operator.
- Operator means a person who operates a gaming site, and includes OLG.
- Peer-to-peer games are a type of lottery scheme where players gamble against each other rather than against the house.
- Randomness or Chance is observed unpredictability and absence of a pattern in a set of events that have definite probabilities of occurrence.
- Registrar means the Registrar of Alcohol and Gaming under the Alcohol and Gaming Commission of Ontario Act, 2019.
- Self-excluded persons are individuals who participate in a process established by OLG to exclude themselves voluntarily from gaming sites.
- Sensitive inventories are assets that require strict access controls to ensure gaming integrity and protection of assets, and include at a minimum cash and cash equivalents, cash boxes, controller chips, keys that enable access to sensitive areas of a gaming machine or premises or items that affect the outcome of a game including but not limited to cards, dice, roulette and bingo balls, tiles and bingo paper.
- Single player games are any games which are not considered to be peer-to-peer games.
- Sport and Event Betting is any bet on occurrences related to sports, competitions, matches, and other types of activities which meet the criteria articulated in Standard 4.21, and which excludes games or events where the outcome is determined or controlled by a random number generator, peer-to-peer play, or an Operator. Sport and event betting includes:
- Bets on fantasy sports, esports, and novelty events, but does not include bets on virtual sports.
-
Sport and Event Bets include, but are not limited to, single-game bets, teaser bets, parlays, over- under, moneyline, pools, exchange betting, in-game betting, proposition bets, and straight bets.
- A Sport/Event Governing Body is an organization that prescribes final rules and enforces codes of conduct (including prohibitions on betting by insiders on events overseen by the sport governing body) for a sporting event and the participants in the event.
- A Synthetic Lottery Product is any bet that is part of a scheme operated by a third-party where the outcome is derived from a separate underlying lottery draw operated by a different Operator.
- System accounts are all accounts that are used to manage the system.
- A Two factor access system is an approach to authentication that requires the use and verification of two of the following authentication factors in order for an individual to gain access to a sensitive area: something they have (e.g. a key or card); something they know (e.g. a password or combination); or a biometric indicator (e.g. fingerprint).
- A Virtual Sport is a computer-generated presentation of a random number draw that provides sport-like visual presentation for entertainment purposes only. The outcome of the “event” is determined by a random number generator, rather than real-world sport or novelty events or players. Virtual sports are not considered a type of sport and event betting.
Standards and Requirements
1. Entity Level
Management Integrity
1.1 There shall be a commitment to character, integrity and high ethical values demonstrated through attitude and actions.
Requirements – At a minimum:
- Matters identified in management letters from internal and external auditors and matters identified by the Registrar shall be responded to in a timely manner.
- All applicable laws and regulations shall be adhered to.
- Operators and gaming-related suppliers shall create and abide by a code of conduct which addresses at a minimum conflicts of interest and transparency in dealings with the Registrar. The code of conduct must be regularly reviewed by the organization’s senior management.
Guidance: Management in the context of this Standard refers to executives and senior level management who have the day-to-day responsibility of managing the business of
the organization.
Sound Control Environment
1.2 Formal control activities shall be submitted to the Registrar which have been assessed by an independent oversight function acceptable to the Registrar for alignment with the Standards and Requirements and authorized by the appropriate level of management.
Requirements – At a minimum:
- A process shall be in place to periodically review control activities for effectiveness in fulfilling the Standards and Requirements and to document, remedy and adjust the controls where deficiencies or gaps are found.
- Substantial changes to the control environment shall be communicated to the Registrar in a timely manner.
- Control activities must be available to the AGCO (or its designate) for regulatory assurance purposes.
Guidance: Independent oversight may be exercised by an internal audit body and/or external auditor, as considered appropriate by the Operator or gaming-related supplier and as acceptable to the Registrar. The Registrar recognizes that oversight practices may vary by Operator / gaming-related supplier depending on their size, ownership structure, scope and complexity of operations, corporate strategy and risk profile. Whatever the case, the independent oversight function should be responsible for auditing the organization’s compliance management framework, identifying, managing and reporting on risks the organization is or might be exposed to and exercising oversight that is independent from operational management. It should also have direct and unrestricted access to the Board.
Additional Guidance for Gaming-Related Suppliers: In the application of the entity level Standards and Requirements, it is recognized that some gaming-related suppliers, particularly suppliers of gaming equipment, operate in jurisdictions in addition to Ontario and may be limited in their ability to design and implement control activities based solely on the Standards and Requirements. The intent is that these Standards and Requirements apply to gaming-related suppliers in respect of their conduct in Ontario. At a minimum, the entity level Standards and Requirements seek assurance that gaming-related suppliers, including suppliers operating in multiple jurisdictions, will have acceptable control activities and that periodic review for gaps in control activities is carried out and that the suppliers ensure that the control activities are followed where such control activities affect the respective supplier’s conduct in Ontario.
1.2.1 Removed, March 2022.
1.3 Removed, September 2020.
1.4 Removed, September 2020.
1.5 Removed, September 2020.
1.6 Removed, September 2020.
1.7 Management overrides of the control activities shall be clearly documented and made available to the Registrar upon request.
Requirements – At a minimum:
- Approval from at least two senior-level managers is required in order to override any
control activity, and in each instance the override shall be reported to the Board or other
governance structure where a Board does not exist
Guidance: The intent of this Standard is to allow senior-level management to override
controls on a one-off basis in necessary circumstances and to ensure that appropriate
documentation is maintained for auditing purposes. This Standard is not intended to
address permanent changes to the control environment.
1.8 Operators must establish, implement and maintain controls to support preparation of financial reports which comply with all applicable accounting standards, rules and good practices.
Organizational Structure and Capabilities
1.9 Employees must have the competence, skills, experience and training required to execute control activities that are relevant to their responsibilities.
Requirements – At a minimum:
- Employees involved in performing control activities must be trained and have knowledge of the organization’s control environment, the regulatory risks that the controls are designed to mitigate and the regulatory objectives reflected in the Standards and Requirements.
1.10 Organizational structures shall be designed to promote a sound control environment and proper segregation of duties to ensure that the possibility for collusion or unauthorized or illegal activities is minimized.
Requirements – At a minimum:
- Employees shall be given the appropriate and documented authority and responsibility to carry out their job functions, subject to supervision.
- The adequacy of segregation of duties as they relate to player protection, game integrity and protection of assets shall be regularly reviewed by the organization’s internal audit group or other independent oversight function acceptable to the Registrar.
- Operators must maintain an up to date organizational chart showing key reporting lines and relationships, and make it available to the Registrar upon request.
1.11 Management clearly understands its accountability and authority for the control environment.
Requirements – At a minimum:
- Management shall have been trained and have knowledge of the organization’s control environment, the regulatory risks that the controls are designed to mitigate and the regulatory objectives reflected in the Standards and Requirements.
1.12 Information, including logs, related to compliance with the law, the Standards and Requirements and/or adherence with control activities shall be retained for a minimum of three (3) years, unless otherwise stated.
1.13 All surveillance recordings shall be retained for a minimum period as specified by the Registrar.
Oversight
1.14 Compliance with the Standards and Requirements shall be documented in an organized manner to ensure that the information is capable of being reviewed and audited by an independent oversight function.
Requirements – At a minimum:
- Documentation shall be reviewed and analyzed to ensure compliance with the Standards and Requirements, and approved by management.
- Internal and external auditors shall be granted access to all relevant systems, documentation (including control activities) and resources for the purpose of conducting an audit.
- Where directed, Operators and gaming-related suppliers shall retain an independent auditor acceptable to the Registrar to carry out audits required by the Registrar and provide copies of the audit reports to the Registrar.
Guidance: The intent of this Requirement is to allow the Registrar to direct third party audits where he considers necessary for regulatory assurance purposes. Although the auditor would be retained by the Operator or gaming-related supplier in these circumstances, it would report directly to the Registrar. - In reviewing control activities for compliance with the Standards and Requirements, internal and external auditors shall take into account the Registrar’s expectations, as articulated herein.
1.15 Primary accountability for compliance resides with the Board, or other governance structure, where a Board does not exist, and there shall be evidence that the Board, or other governance structure, has carried out its responsibility in this respect.
Requirements – At a minimum:
- A compliance oversight function shall be established that is independent of the activities it oversees.
Guidance: Overall responsibility for compliance monitoring should ideally rest with a chief compliance officer or if such person does not exist, a member of senior management. - An internal audit function shall be established that regularly audits the organization’s control environment and compliance management framework and exercises oversight that is independent from operational management. The internal audit function shall have the authority to independently review any aspect of the operations.
Guidance: Where this is not feasible given the organization’s size or structure, audits should be carried out by another independent oversight function. - The compliance oversight function and internal audit or other independent oversight function shall have direct and unrestricted access to the Board, or other governance structure, and shall report on all important issues regarding compliance on a regular basis or as necessary.
- The Board, or other governance structure, shall establish a committee or committees to oversee the organization’s compliance and audit oversight functions, with appropriate terms of reference addressing composition and accountabilities.
- Members of the Board, or other governance structure, and of any committees established to oversee the organization’s compliance and audit oversight functions shall understand the business’s operations, initiatives and major transactions, and shall have the skills, training, experience and independence to carry out their fiduciary responsibilities.
1.16 There shall be an independent “whistleblowing” process to allow employees to anonymously report deficiencies or gaps in the control environment as well as incidents of possible non-compliance with the controls, Standards and Requirements, or the law.
Requirements – At a minimum, Operators shall:
- Issues raised through the “whistleblowing” process must be addressed and communicated to the Board in a timely manner.
1.17 Registrants shall engage with the Registrar in a transparent way.
Requirements – At a minimum, Operators shall:
- Provide reports regarding any incident or matter that may affect the integrity or public confidence in gaming, including any actions taken to prevent similar incidents from occurring in the future, in accordance with the established notification matrix.
- Provide reports regarding any incident of non-compliance with the law, Standards and Requirements or control activities, including any actions taken to correct the cause of noncompliance, in accordance with the established notification matrix.
- [Removed September 2020.]
- Make available any data, information and documents requested by the Registrar.
- [Removed September 2020.]
Information Technology
1.18 A recognized industry standard framework shall be used to manage the information technology (IT) control environment to support compliance with the Standards and Requirements.
Security Management
1.19 Users shall be granted access to the gaming system based on business need.
Requirements – At a minimum:
- Access privileges are granted, modified and revoked based on employment status and job requirements and all activities associated with these actions are logged.
- Access privileges are independently reviewed and confirmed on a periodic basis.
1.20 Access to gaming information systems shall be monitored, logged and shall be traceable to a specific individual.
Requirements – At a minimum:
- All accounts for business users shall be uniquely assigned to an individual.
- All system accounts (or other accounts with equivalent privileges) shall be restricted to staff that provide IT support, and mechanisms shall be in place to secure and monitor use of those accounts.
1.21 Processes shall be in place to ensure that only authorized individuals are permitted to open system accounts.
1.22 Industry accepted components, both hardware and software, shall be used where possible.
1.23 Any connection or interface between the gaming system and any other system, whether internal or external third party, shall be monitored, hardened and regularly assessed to ensure the integrity and security of the gaming system.
1.24 Mechanisms shall be in place to ensure the reliability, integrity and availability of the gaming system.
1.25 There shall be a suitably secure physical environment in place to prevent unauthorized access to the gaming system and to ensure the protection of assets.
1.26 Gaming systems, infrastructure, data, activity logs and all other related components shall be protected from threats, vulnerabilities, attacks or breaches.
Requirements – At a minimum:
- All users shall be authenticated.
- All components shall be hardened in accordance with industry and technology good practices prior to going live and prior to any changes.
- The appropriateness and effectiveness of steps taken to harden technology components shall be regularly assessed.
- Patches to correct any security risks shall be updated regularly
1.27 Security activities shall be logged in an auditable manner, monitored, promptly analyzed and a report prepared and escalated as appropriate.
Requirements – At a minimum:
- Attempts to attack, breach or access gaming system components in an unauthorized manner shall be responded to in a timely and appropriate manner.
- Intrusion attempts shall be actively detected and where possible prevented from causing disruption or outage of the gaming system.
- There shall be adequate logging to capture and monitor any attempts to attack, breach or access in an unauthorized manner any components of the gaming system. There shall be an appropriate escalation procedure.
1.28 Independent assessments shall be regularly performed by a qualified individual to verify the adequacy of gaming system security and all of its related components.
1.29 Operators and gaming-related suppliers shall stay current on security trends, issues and solutions.
Change Management
1.30 A system development lifecycle that considers security and processing integrity shall be in place for gaming system technology developed in-house.
1.31 Due diligence must be performed on all acquired gaming system technology to ensure security and processing integrity requirements are met.
1.32 A testing strategy to address changes in technology shall be in place to ensure that deployed gaming systems operate as intended.
1.33 All gaming system changes shall be appropriately, consistently and clearly documented, reviewed, tested and approved.
Requirements – At a minimum:
- All gaming system technology components are installed and maintained in accordance with the appropriate change management procedures.
- Requests for changes and maintenance of the gaming system are standardized and are subject to change management procedures.
- Emergency changes are approved, tested, documented, and monitored.
- Change management procedures shall account for segregation of duties between development and production.
- Only dedicated and specific accounts may be used to make changes.
1.34 The gaming system shall be able to detect unauthorized changes.
Data Governance
1.35 Data governance shall be in place to address data processing integrity and protection of sensitive data.
1.36 Sensitive data, including player information and data relevant to determining game outcomes, shall be secured and protected from unauthorized access or use at all times.
Requirements – At a minimum:
- The gaming system shall ensure that data is appropriately backed up in a manner that allows it to be completely and accurately restored.
- Data backups shall be stored off-site in a secure location and in accordance with applicable policies and laws.
1.37 Player information shall be securely protected and its usage controlled by OLG.
Requirements – At a minimum:
- Data collection and protection requirements for player personal information shall meet those set out in the Freedom of Information and Protection of Privacy Act.
- Player information shall only be used for OLG’s business unless there is prior approval from OLG.
1.38 Removed January 2022.
1.39 Communication of sensitive game data shall be protected for integrity.
1.40 Procedures shall be established and documented for IT operations and incident management, including managing, monitoring and responding to security and processing integrity events.
Requirements – At a minimum:
- Proactive monitoring and detection of errors in the gaming system and related components shall be in place. Action shall be immediately taken to correct incidents of non-compliance with the Standards and Requirements or control activities.
- There shall be time synchronization of the gaming system environment and related components.
- Event data shall be retained to provide chronological information and logs to enable the reconstruction, review and examination of the time sequences of processing.
1.41 Gaming applications on all portable devices shall be appropriately secured.
Guidance: This Standard is not intended to capture players using their own portable devices such as their smartphones, but rather employees or players using portable devises to access the Operator’s gaming system.
Third Party Management
1.42 Operators and gaming-related suppliers shall only contract with reputable suppliers.
1.43 Removed, September 2020
1.44 Operators and gaming-related suppliers shall provide the Registrar with a list of suppliers that provide them with goods or services in relation to lottery schemes and shall ensure that this list is kept up to date.
Compliance with Technical Standards
1.45 Operators and gaming-related suppliers shall comply with applicable technical standards issued by the Registrar.
Compliance with OLG Policies and Procedures
1.46 All registrants and non-gaming-related suppliers who are exempt from registration will comply with all applicable OLG policies and procedures to the extent that they are consistent with these Standards and Requirements.
2. Responsible Gaming
2.1 Advertising and marketing materials and communications shall not target underage or self-excluded persons to participate in lottery schemes and shall not include underage individuals.
Requirements – At a minimum, materials and communications shall not:
- Be based on themes, or use language, intended to appeal primarily to minors.
- Appear on billboards or other outdoor displays that are directly adjacent to schools or other primarily youth-oriented locations.
- Contain cartoon figures, symbols, role models, and/or celebrity/entertainer endorsers whose primary appeal is to minors.
- Use individuals who are, or appear to be, minors to promote gambling.
- Appear in media and venues directed primarily to minors, or where most of the audience is reasonably expected to be minors.
2.2 Advertising and marketing materials and communications shall not be misleading.
Requirements – At a minimum, materials and communications shall not:
- Imply that playing a lottery scheme is required in order to fulfill family or social obligations or solve personal problems.
- Promote playing a lottery scheme as an alternative to employment, as a financial investment, or as a requirement for financial security
- Contain endorsements by well-known personalities that suggest that playing lottery schemes has contributed to their success.
- Encourage play as a means of recovering past gambling or other financial losses.
- Be designed so as to make false promises or present winning as the probable outcome.
- Imply that chances of winning increase:
- The longer one plays;
- The more one spends; or
- Suggest that skill can influence the outcome (for games where skill is not a factor).
2.2.1 Advertising and marketing materials that communicate gambling inducements, bonuses and credits related to sport and event betting are prohibited, except in the following:
- on operator websites, including the landing page;
- the gaming site;
- signage inside the premises, on the property on which the premises are situated, or immediately adjacent to the premises; or
- through direct advertising and marketing, after receiving active player consent.
Guidance:
- This standard does not prohibit the use of inducements, bonuses and credits.
- Except as outlined in the Standard, all public advertising of gambling inducements, bonuses and credits related to sport and event betting is otherwise prohibited, including targeted advertising and algorithm-based ads.
- Direct marketing and advertising includes but is not limited to direct messaging via social media, emails, texts, and phone calls.
2.2.2 Permitted advertising and marketing materials that communicate gambling inducements, bonuses and credits must, at a minimum:
- Disclose all material conditions and limitations of the offer at its first presentation.
- Not be described as free unless the inducement, bonus or credit is free. If the player has to risk or lose their own money or if there are conditions attached to their own money, the offer must disclose those terms and may not be described as free.
- Not be described as risk-free if the player needs to incur any loss or risk their own money to use or withdraw winnings from the risk-free bet.
2.2.3 Players must be provided an opt-in process whereby they actively consent to receiving any direct advertising and marketing of inducements, bonuses and credits, and must be provided a method to withdraw their consent at any time, where such marketing and advertising materials are available.
Guidance:
- Direct marketing and advertising includes but is not limited to: direct messaging via social media, emails, texts, and phone calls.
2.3 Information about the risks of gambling and where to obtain additional information or assistance shall be made readily available to all patrons.
Requirements – At a minimum:
- Responsible gambling materials and information about obtaining help, including the number for Connex Ontario, shall be available, visible and accessible to all patrons.
- Information about setting betting limits, if applicable, shall be made available to all patrons.
- Information about self-exclusion programs shall be available, visible and accessible to all patrons.
- Advertising and marketing materials shall, where effective, contain a responsible gambling message.
- All information related to responsible gambling shall be regularly and periodically reviewed and updated to ensure that it is accurate, up to date and in line with industry good practice.
2.4 Patrons shall be provided with meaningful and accurate information to enable them to make informed choices.
Requirements – At a minimum:
- Meaningful and accurate information on the rules of play shall be clearly stated and made available to patrons.
- Meaningful and accurate information on the odds of winning, payout odds or returns to patrons shall be clearly stated and made available to patrons.
-
Odds in sport and event betting sometimes change prior to or during an event. Changes in odds must be updated and publicly available to all players. This is not intended to entitle a player who has previously placed a bet to receive new odds on that bet.
- For games that include progressive awards, Operators shall provide notice to patrons of the disposition of accumulated progressive prizes prior to a progressive game being converted or removed.
- For live table games, game specific minimum and maximum wagers shall be clearly posted and visible to patrons playing the game (applicable to Casinos only).
- For sport and event betting, provide any other information on elements that will affect play or results (e.g., the method of placing bets).
- Cash out options and how to redeem winning bets in sport and event betting.
2.5 Support shall be provided to persons showing signs of potentially problematic gambling behavior.
Requirements – At a minimum:
- All employees who interact with players shall receive training in a Registrar-approved program designed to identify and respond appropriately to players who may be showing signs of problem gambling.
- Players shall be provided with easily accessible contact information of at least one organization dedicated to treating and assisting problem gamblers.
- OLG shall develop and enforce responsible gambling policies, procedures and training, ensure they are available, kept up to date and relevant, and that the Operator complies with them.
- Responsible gambling policies shall be reviewed periodically for effectiveness.
2.6 OLG shall provide a common voluntary self-exclusion program.
Requirements – At a minimum:
- At the time of signing up for self-exclusion, individuals shall have the option to be excluded from any or all gaming sectors (e.g. Casino, cGaming).
- Despite requirement 1, if a player self-excludes from a Casino, the player is not eligible to gamble on OLG’s iGaming site for the duration of the self-exclusion period.
- Individuals shall have the option to sign up for the self-exclusion program at gaming sites or at an off-site location.
- Self-exclusions shall have a clearly defined term length.
- Operators shall take active steps to identify, and if required, remove self-excluded persons from the gaming site when they are found to be in breach of their self-exclusion agreement.
Guidance: OLG’s self-exclusion program may be executed in each of the gamingsectors using different processes and technologies to reflect the distinct operational circumstances of that sector.
2.7 Individuals who have decided to voluntarily self-exclude shall be removed from mailing lists and shall not receive incentives or promotions for any products and services during the period of self-exclusion.
2.8 Game designs and features shall be clear and shall not mislead the player. This Standard does not apply to sport and event betting products.
Requirements – At a minimum:
- Where a game simulates a physical device, the theoretical probabilities and visual representation of the game shall correspond to the features and actions of the physical device, unless otherwise disclosed to the player.
- Game design shall not give the player the perception that speed of play or skill affects the outcome of the game when it does not.
- After the selection of game outcome, the game shall not make a variable secondary decision which affects the result shown to the player. If the outcome is chosen that the game will lose then the game shall not substitute a particular type of loss to show to the player (i.e. near miss).
- Where the game requires a pre-determined pattern (for example, hidden prizes on a map), the locations of the winning spots shall not change during play, except as provided for in the rules of play.
- Games shall not display amounts or symbols that are unachievable.
- Games shall not contain intentionally programmed subliminal messaging.
- Where games involve reels:
- For single line games, jackpot symbols shall not appear in their entirety more than 12 times on average, adjacent to the pay-line, for every time they appear on the pay-line;
- For multi-line games, jackpot symbols shall not appear in their entirety more than 12 times, on average, not on any pay-line, for every time they appear on any pay-line.
- Free-to-play games shall not misrepresent or mislead players as to the likelihood of winning or prize distribution of similar games played for money.
- The denomination of each credit shall be clearly displayed on game screens.
2.8.1 The method of making bets in sport and event betting must be straightforward and understandable. Information must be made available so that the player is clearly informed of the details of the bet prior to making the bet. All selections in a bet must be made clear to the player.
Requirements – At a minimum:
- Bets on multiple events (parlays) must be identified as parlays.
- The player must be informed that a bet selected by the player has or has not been accepted.
- Where the player has placed a bet and the odds, payout odds, or prices of the bet change prior to the bet being confirmed by the Operator, the player must have the option of confirming or withdrawing the bet (with refund of the bet). This requirement may not apply to an option for automatic acceptance of changes in bets described in Requirement 4 below.
- Where the Operator offers an option of automatic acceptance of changes in bets, the player must manually opt in to activate this functionality and must be able to opt out at any time. The details of this auto-accept function and any options for the function must be clearly explained to the player prior to their consent to the application of the function.
- The player must be informed of the period in which bets can be made on an event or series of events and bets cannot be placed after the close of the betting period.
- Free to play sport and event betting games must not mislead players about the odds, payouts or any element of a bet for value available in sport and event betting.
- All bets and payouts must be expressed in Canadian currency.
Guidance: This Standard is not intended to prohibit or preclude in-play betting.
2.8.2 Players must be able to access information regarding available sport and event bets without having to place a bet. This information includes:
- Information on the bets available;
- Odds, payouts and prices for available bets;
- In a dynamic betting environment, including those where individuals’ wagers are gathered into pools:
- The most up-to-date odds and payouts;
- The up-to-date total value of the pool for market pools and pool bets that are offered.
2.8.3 Reputable and legitimate data source(s) must be used to determine the outcome of a bet. These data source(s) shall be made available to the player upon request.
2.8.4 In sport and event betting, bets shall not be given a commonly accepted name, such as “moneyline”, if the bet does not operate as a player would reasonably expect.
2.9 Free-to-play games shall provide the same responsible gambling and player protection information as games played for money.
2.10 Removed, July 2019.
2.11 Games shall not encourage players to chase their losses, or increase the amount they have decided to gamble, or continue to gamble after they have indicated that they want to stop.
2.11.1 Where an account is used, no player’s account is permitted to have a negative funds balance. A player’s account with a negative funds balance must be suspended and no transactions permitted after the negative funds balance arises. No transaction is permitted until the negative funds balance is eliminated. No bet will be accepted that could result in a negative funds balance.
Guidance: This Standard is not intended to prohibit the resettlement of bets when reasonable and necessary.
2.12 Players shall have the means to track the passage of time.
2.13 Games that are located in gaming sites that are not age-restricted shall not appeal primarily to, nor be associated with, underage individuals.
2.14 Credit shall not be extended or lent to patrons to gamble (not applicable to Casinos).
2.15 Operators shall ensure that credit services provided to patrons are carried out in a responsible manner (applicable to Casinos only).
Requirements – At a minimum:
- Operators shall not extend credit to individuals who display problem gambling behavior.
- If a player requests a credit limit increase, the Operator shall not increase the player’s credit limit until at least 24 hours have passed since the request.
3. Prohibiting Access to Designated Groups
3.1 Only eligible individuals are permitted access to a gaming site.
Requirements – At a minimum:
- A policy on eligibility of access to the gaming site, play and payment of prizes shall be established, implemented and made public.
- The following individuals shall not be permitted access to the gaming site:
- An individual under 19 years of age where the gaming site is a Casino, except in the course of employment;
- An individual under 18 years of age where the gaming site is a cGaming site, except in the course of employment;
- Individuals who appear to be intoxicated if the site is a physical premises;
- Every individual who advises the Operator or OLG that the individual is participating in a self-exclusion process established by OLG that applies to the site, unless the individual is accessing the gaming site in the course of their employment;
- An individual who is known by the Operator to have been restricted from accessing the gaming site or playing a lottery scheme as a condition of a court order;
- Individuals who the Operator or OLG have reason to believe have been excluded from the site under subsection 3.6(1) of the GCA
3.2 Only eligible individuals are permitted to play a lottery scheme.
Requirements – At a minimum:
- The following individuals shall not be permitted to play lottery schemes
- An individual under 19 years of age where the gaming site is a Casino
- An individual under 18 years of age where the gaming site is a cGaming site;
- Individuals who appear to be intoxicated if the site is a physical premises;
- Every individual who advises the Operator or OLG that the individual is participating in a self-exclusion process established by OLG that applies to the site;
- An individual who is known by the Operator to have been restricted from accessing the gaming site or playing a lottery scheme as a condition of a court order;
- Individuals who the Operator or OLG have reason to believe have been excluded from the site under subsection 3.6(1) of the GCA;
- Officers, members of the board of directors or partners of the Operator;
- Registered gaming assistants of an Operator or OLG employed at any gaming site operated by the Operator or OLG;
- Executives or staff of a trade union who represent or negotiate on behalf of employees employed at the site;
- Employees of registered suppliers who maintain or repair gaming equipment at the site;
- Members or employees of the AGCO;
- Officers, members of the board of directors, or employees of OLG, unless they are within the description set out in subsection 22(6) of Ontario Regulation 78/12 (ie. they are registered as category 2 gaming assistants or otherwise not required to be registered by the AGCO).
- Individuals described in paragraphs 1. a. and b. and e. to l. shall not be permitted to win prizes.
Note: This Standard does not preclude the AGCO from participating in games for regulatory assurance purposes.
3.2.1 Operators shall not knowingly permit an individual to engage in any of the following prohibited activities and shall take steps to actively monitor and prevent such prohibited activity from occurring:
- An individual with access to non-public information related to an event or an individual who may impact the outcome of an event or bet type is prohibited from betting on any event overseen by the relevant sport/event governing body.
- Athletes, coaches, managers, owners, referees, and anyone with sufficient authority to influence the outcome of an event are prohibited from betting on events overseen by the relevant sport or event governing body.
- Owners (any person who is a direct or indirect legal or beneficial owner of 10 percent or greater) of a sport governing body or member team are prohibited from betting on any event overseen by the sport governing body or any event in which a member team of that sport or event governing body participates.
- Those involved in a sport or event may not be involved in compiling betting odds for the competition in which they are involved.
Requirements – At a minimum:
- Operators must make reasonable efforts to inform any entity with which they have an information sharing relationship, including independent integrity monitors, other sport betting Operators, the appropriate governing authority for the sport or event, and any other organizations or individuals identified by the Registrar if an individual is found to have engaged in prohibited activity under Standard 3.2.1.
- Individuals found to have engaged in prohibited activity in Standard 3.2.1 shall not be eligible for prizes.
3.3 Lottery schemes shall be provided only within Ontario, unless the lottery scheme is conducted in conjunction with the government of another province.
4. Ensuring Game Integrity and Player Awareness
4.1 All gaming activities and financial transactions shall be conducted fairly and honestly, and must be independently verifiable.
Requirements – At a minimum:
- Continuous independent monitoring and recording of lottery schemes and cash (and cash equivalent) handling must be in place to support the verification of:
- Adherence to required rules of play by players and employees or, in sport and event betting, the processing and redemption, if any, of the bet fairly, honestly and in accordance with the terms of the bet placed by the player, including applicable betting rules;
- Confirmation of outcomes of lottery schemes;
- Prize payment to the proper person;
- Accuracy of financial transactions.
- Continuous logs shall be maintained for critical gaming systems including to track financial accounting and game state history.
- [Removed September 2018.]
4.2 Rules of play, including any subsequent modifications, shall be submitted to the Registrar for approval. This Standard is not applicable to sport and event betting.
Requirements – At a minimum, the rules of play shall contain:
- Odds of winning, payout odds or returns to players.
- A description of how the game is played.
- Circumstances in which a game can be declared void.
Guidance: Sport and event betting rules of play do not need to be submitted to the Registrar for approval.
4.3 Lottery schemes must be conducted in accordance with the approved rules of play. Sport and event betting must be conducted fairly, honestly and in accordance with the terms of the bet placed by the player.
Requirements – At a minimum:
- All bets shall be accepted, processed and settled in accordance with the approved rules of play.
- Adequate supervision of the lottery scheme is in place to ensure adherence to required procedures.
- Devices that compromise or affect the integrity of lottery schemes shall not be permitted.
- Sport and event bets shall be accepted, processed, and settled in accordance with the terms of the bet placed by the player, including any applicable betting rules.
4.4 [Removed, April 2017]
4.5 All gaming systems and gaming supplies, including any subsequent modifications, shall be submitted to the Registrar for assessment and approval, at the expense of the supplier, prior to being provided to any gaming site.
Requirements:
- [Removed, July 2019].
- Chips and tokens which meet the following specifications are deemed to be approved for play in Ontario (applicable to Casinos only):
- Designed and manufactured to minimize the possibility of counterfeiting in accordance with industry good practice;
- Bear the manufacturer’s name or a distinctive logo or other mark identifying the manufacturer;
- Bear the name of the issuer; and
- Except in the case of non-value chips used exclusively for the playing of roulette, indicate the value of the chip or token.
- Tokens must possess attributes that distinguish them from other tokens and coins (e.g. alloy composition, security marks, patterns) to permit acceptance of only valid coins by coin acceptors.
Guidance: Non-electronic or non-electromagnetic gaming supplies used in operation with table games in accordance with the Rules of Play (e.g. dice, cards) do not require additional assessment or approval by the Registrar, and can be made available for play.
- Playing cards used for gaming are imprinted with an identifier unique to the gaming site (applicable to Casinos only)
4.6 Gaming systems and gaming supplies shall be provided, installed, configured, maintained, repaired, and operated in a way that ensures the integrity, safety and security of the approved gaming supplies and systems, and in accordance with the Registrar’s approval.
Requirements – At a minimum:
- Only gaming systems and gaming supplies approved by the Registrar shall be used at a gaming site.
- The Registrar shall be immediately notified where there is any problem with the integrity or security of the gaming system or gaming supplies.
- Monitoring shall be performed throughout the life of the gaming system and gaming supplies to ensure they are operating as approved.
- In the event of any suspected integrity or security problem with a gaming system or gaming supply, the current state of the gaming system and gaming supply, and any supportive evidence shall be preserved until investigators (OPP or AGCO) have provided direction.
- [Removed, September 2020.]
4.7 Production, testing and development systems shall be logically separated.
4.8 Game outcomes shall be recoverable, where technically possible, so that player bets can be settled appropriately.
4.9 Where game outcomes or sport and event betting transactions are not recoverable, the Operator shall have clearly defined policies in respect of treating the player fairly when resolving the player’s transactions. These policies and processes shall be made available to players.
4.10 Mechanisms shall be in place to allow a game to be recreated up to and including the last communicated state to the player.
Requirements – At a minimum:
- Selected electronic game elements and game outcomes shall be logged before they are displayed to the player.
- Information shall be captured that is needed to continue a partially complete game within a reasonable period of time.
4.10.1 Where there are suspected game or system faults that may impact game integrity or fairness including the integrity or fairness of sport and event betting (e.g., influencing a player’s chances of winning or the return to players), Operators shall make the game unavailable to players until the issue has been resolved. In the case of sport and event betting, making a game unavailable may include the suspension of betting, the withholding of funds, and the refund of any bet until a gaming system fault has been resolved. Operator decisions must be fair, reasonable, and made in good faith.
4.11 A player’s bet and the outcome of the game shall be clearly displayed and easy to understand.
4.11.1 In sport and event betting, details on placed bets shall be made readily available and clear to the player.
Requirements – At a minimum, the betting system shall give the player a record including the following information:
- The gaming site or brand with which the bet was made.
- The gaming event and outcome upon which the bet was placed.
- The date and time of the bet.
- The payout odds and total monies bet.
- How to redeem a winning bet.
Guidance: Indicating where redemption instructions can be found satisfies the redemption portion of this requirement.
4.11.2 The results of a bet on a sport or event must be provided to players. Any change to the results of a sport or event must be made available. Sport and event bets must be settled fairly and in accordance with the terms of the bet placed by the player. Where raised, the reasons for the settlement must be clearly and promptly provided to the player.
4.11.3 If players are playing using an account, account balances will be updated as the results of bets are confirmed.
4.11.4 Sport and event betting Operators shall have controls in place to ensure the accuracy and timeliness of sport and event results data.
4.12 Patron complaints and any inquiries related to game integrity must be recorded and addressed in a timely and appropriate manner.
4.13 Games shall pay out accurately, completely and within a reasonable time of winning, subject to checks and verifications.
4.14 Operators shall have mechanisms in place to appropriately deter, prevent and detect collusion and cheating.
4.15 All relevant activities related to the detection of collusion and cheating shall be logged.
4.16 Players must be able to easily and readily report activities related to collusion and cheating.
4.17 Removed, July 2019.
4.18 Live table game (non-electronic) layouts must at a minimum display the following information in a manner identifiable through surveillance recording (applicable to Casinos only):
- Unique Property Identifier
- Specific Game Name (Game Type)
- Wagering Positions
- Bonus Pay tables
- Unique Game Options
Guidance: This Standard is not intended to capture gaming layouts that are displayed electronically via a terminal, display, etc.
Unique Game Options was intended to capture any options unique to the game which is important for understanding how the outcome of the game will be determined. As an example, in Blackjack an indication of whether the Dealer stands on all point totals of seventeen (17) or hits on soft seventeen (17).
4.19 Sport and event betting Operators shall have risk management measures in place to mitigate the betting integrity risk associated with sport and event betting, including insider betting and event manipulation.
Requirements – At a minimum:
- Operators shall establish controls to identify unusual or suspicious betting activity and report such activity to an independent integrity monitor.
Unusual betting activity is a betting pattern that deviates, including statistically, from the activity otherwise exhibited by patrons and reasonably expected by an Operator or independent integrity monitor, which may indicate potential suspicious activity in the betting or the underlying sport or other event. Unusual betting activity may include the size of a patron's wager or increased wagering volume on a particular event or wager type.
Suspicious betting activity is unusual betting activity that cannot be explained and is indicative of match fixing, the manipulation of an event, misuse of inside information, or other illicit activity. - Independent integrity monitors shall not have any perceived or real conflicts of interests in performing the independent integrity monitor role, including such as acting as an Operator or as an oddsmaker.
- Independent integrity monitors shall promptly disseminate reports of unusual betting activity to all member sport betting Operators.
- All sport and event betting Operators shall review such reports and notify their independent integrity monitor of whether they have experienced similar activity.
- If an independent integrity monitor finds that previously reported unusual betting activity rises to the level of suspicious activity, they shall immediately notify any entity with which they have an information sharing relationship, including independent integrity monitors, sport betting Operators, the appropriate governing authority for the sport or event, and any other organizations or individuals identified by the Registrar.
- All independent integrity monitors receiving such a report shall share such report with their member sport betting Operators.
- Independent integrity monitors shall facilitate collaboration and information sharing to enable the investigation of and response to prohibited activity associated with the suspicious betting activity as directed by the Registrar.
- Independent integrity monitors shall provide, in accordance with the notification matrix, the Registrar with:
- All reports of unusual betting activity;
- If the activity was determined to be suspicious; and
- The actions taken by the independent integrity monitor.
Guidance: The Registrar will publish a list of registered independent integrity monitors.
4.20 An Operator receiving a report of suspicious activity under Standard 4.19 may suspend or cancel sport and event betting on events related to the report or withhold associated customer funds. To this end, an Operator must ensure that it has reserved itself the authority to suspend betting, void bets, and withhold associated customer funds. The Operator’s decision to suspend or cancel sport and event betting, or withhold associated customer funds, on events related to the report must be fair, reasonable, and made in good faith.
4.21 An Operator offering sport and event betting products shall ensure that all bets offered meet the following criteria:
- The outcome of the event being bet on can be documented and verified;
- The outcome of the event being bet on can be generated by a reliable and independent process;
- The outcome of the event being bet on is not affected by any bet placed;
- The majority of participants in the event or league are 18 years of age or older; event shall be broadly defined as assessing total participants in the event/league, rather than in a particular heat, game, match or final contest in the overall sporting event;
- For sporting events being bet on, the event must be effectively supervised by a sport governing body which must, at minimum, prescribe final rules and enforces codes of conduct that include prohibitions on betting by insiders (not applicable to novelty bets);
- There are integrity safeguards in place which are sufficient to mitigate the risk of match-fixing, cheat- at-play, and other illicit activity that might influence the outcome of bet upon events;
- The bet is not on a past event for which the outcome is publicly known;
- The bet is not reasonably objectionable;
- The event being bet on does not involve animal fighting or cruelty;
- Bets on assets and financial markets (e.g., stocks, bonds, currencies, real property) are prohibited;
- Bets which expose players to losses greater than the amount wagered are prohibited;
- Bets which mimic the structure of financial instruments, products, or markets are prohibited;
- Bets on synthetic lottery products and bets on lottery outcomes are prohibited;
- The event being bet on is conducted in conformity with all applicable laws;
- Bets on minor league sports in Canada, including the Canadian Hockey League (CHL), are prohibited.
Guidance:
- For the purpose of Req. 8, reasonably objectional bets include bets on events which are unethical, allow entertainment to be derived from human suffering or death or involve non-consensual violence or injury.
- Req. 12 applies to contracts for difference including spread betting.
5. Public Safety and Protection of Assets
5.1 Operators shall have available for review by the AGCO accurate floor plans of the premises.
Requirements – At a minimum:
- Floor plans shall identify the sensitivity level of each area of the premises including:
- Areas within the premises at which lottery schemes are offered, showing the current inventory and location of games;
- Financial control areas;
- Areas containing sensitive inventories.
- Floor plans or other documentation shall identify areas where a dual authorization access system or two factor access system is appropriate, given the sensitivity level of the area.
- Floor plans or other documentation shall include the maximum capacity approved for the gaming site.
5.2 Only authorized individuals shall be permitted access to sensitive areas.
Requirements – At a minimum, Operators shall:
- Adopt a dual authorization access system or two factor access system for those sensitive areas of the premises or sensitive parts of gaming supplies identified by the Operator.
Guidance: There may be various levels of sensitivity in a gaming site. Dual authorization access will be appropriate for the highest risk areas, such as playing card vaults and cash count rooms, where strict controls are necessary to secure the gaming site and/ or safeguard gaming integrity or assets. Two factor access, on the other hand, may be appropriate for other types of sensitive areas or equipment. Each gaming site is unique and should define its sensitive areas as it deems appropriate. The Registrar, however, retains the authority to direct an Operator to adopt a certain form of access authorization for a certain area or equipment, as deemed necessary.
5.3 Individuals suspected of, or engaged in, creating a disturbance that could be harmful to the individual, to the public or to gaming-related assets shall be removed from the premises, and the occurrence shall be reported in accordance with the established notification matrix.
5.4 A policy and process shall be in place to provide individuals with security escorts to and from vehicles, where it is requested.
5.5 Areas under the control of the Operator shall be monitored for the presence of unattended children. All occurrences of unattended children shall be addressed and reported in accordance with the established notification matrix.
5.6 There shall be site emergency procedures to protect the public from personal harm and limit the damage to or loss of gaming-related assets
Requirements – At a minimum:
- Employees or persons retained by the Operator shall be competent in implementing site emergency procedures and evacuation plans.
5.7 Security and surveillance shall be in place to protect the public and gaming-related assets and to record transactions.
Requirements – At a minimum:
- Floor plans must show surveillance equipment positioning for each area including:
- location(s) of the lottery schemes (including the camera coverage for each);
- areas containing cash or cash equivalents such as cages, count rooms, armoured car pickups and deliveries;
- areas containing sensitive inventories;
- all entrances and exits (points of egress).
Guidance: The intent of Requirement 1(d) is to ensure that all points of access, which directly or indirectly lead to the gaming floor or sensitive areas at a minimum have camera coverage or an alarm, which is actively monitored for unauthorized access.
- Surveillance plans must include activities that address the following:
- camera coverage and control systems for all lottery schemes;
- secure movement of cash, cash equivalents and sensitive inventories within the gaming site;
- interventions related to persons suspected of conducting illegal activities at the gaming site.
- [Removed, September 2020.]
- Continuous independent monitoring must be provided even if the premises is closed to the public.
- Video/digital recordings shall be made and retained for a minimum period as specified by the Registrar.
- The handling of sensitive inventories shall be conducted securely at all times, to prevent loss or misuse.
-
The AGCO OPP Casino Enforcement Unit, a unit of the OPP Bureau assigned to the AGCO, must be provided with independent monitoring equipment with override capability within the Casino Enforcement Unit work area (applicable to Casinos only).
5.8 There shall be timely and accurate maintenance of gaming-related financial transactions, accounting information and data.
5.9 Lottery schemes shall be played only within designated areas of the premises.
6. Minimizing Unlawful Activity Related to Gaming
6.1 Mechanisms shall be in place to reasonably identify and prevent unlawful activities at the gaming site.
Requirements – At a minimum, the Operator shall:
- Conduct periodic risk assessments to determine the potential for unlawful activities, including money laundering, fraud, theft and cheat at play.
- Ensure that all relevant individuals involved in the operation, supervision or monitoring of the gaming site shall remain current in the identification of techniques or methods that may be used for the commission of crimes at the gaming site.
- Appropriately monitor player and employee transactions and analyze suspicious transactions for possible unlawful activity.
-
Not knowingly permit the structuring of transactions designed to avoid or circumvent reporting, record-keeping and patron identification requirements contained within these Standards or other regulations.
-
Report suspicious behaviour, cheating at play and unlawful activities in accordance with the established notification matrix.
6.2 Anti-money laundering policies and procedures to support obligations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act shall be implemented and enforced.
Requirements – At a minimum:
- Copies of all reports filed with the FINTRAC and supporting records shall be made available to the Registrar in accordance with the established notification matrix.
- Removed, July 2019.
-
Operators shall ensure their anti-money laundering internal controls align with those of the designated reporting entity under the PCMLTFA.
6.3 Reasonable measures shall be in place to identify and prevent suspected money laundering activities at the gaming site. *
Requirements – At a minimum:
- Maintain logs for single transactions of $3,000 or more involving the receipt of funds from, and payments to, patrons. At a minimum, the logs must include the transaction date, amount, currency and the patron’s name, account number, home address, date of birth, occupation, the date identity was ascertained, the type of ID document reviewed, ID number, issuing jurisdiction and expiry date (if applicable).
- Implement policies, procedures and controls that specify times and situations, based on the assessment of risk, where the Operator will ascertain and reasonably corroborate a patron’s source of funds.
- Implement risk-based policies and procedures that provide for escalating measures to deal with patrons who engage in behaviour that is consistent with money laundering indicators, including the refusal of transactions or exclusion of the patron.
- Ensure that mechanisms are in place to share information, in a lawful manner, about high risks or suspicious activities with other Operators which may also be subject to similar activity.
*Section 6.3 does not currently apply to cGaming sites.
iGaming — Standards and Requirements
Standards 7 – 12 removed April 2022; see the Registrar’s Standards for Internet Gaming.
7. Player Account Management (iGaming)
Registration and Account Creation
7.1 Relevant player information shall be collected and saved upon registration and shall be demonstrated to be complete, accurate and validated before a player account is created for the player.
Requirements – At a minimum, the following information shall be gathered upon registration:
- Name.
- Date of birth.
- Address.
- Method of identification for subsequent log on.
- Player contact information.
- Information required by the Proceeds of Crime (Money Laundering) and Terrorist Financing Act and to be filed with FINTRAC.
7.2 Before a player account is created, players shall affirm that all player information provided upon registration is complete and accurate.
7.3 Only eligible individuals are permitted to create a player account and gamble.
Note: This Standard does not preclude the AGCO and OLG from being granted access to accounts for purposes of testing and/or monitoring.
Player Account Maintenance and Transactions
7.4 Player information shall be kept complete and accurate.
7.5 Prior to participating in game play, players must affirm that they are fit for play.
7.6 Only eligible individuals who hold a valid player account are permitted to log on to their account and gamble.
Note: This does not preclude the AGCO and OLG from being granted access to accounts for purposes of testing and/or monitoring.
7.7 All player accounts shall be uniquely identifiable.
7.8 Players may have only one player account with an Operator.
7.9 The list of prohibited and excluded individuals may change from time to time. Player information shall be re-verified at the time of change and at regular intervals thereafter.
Guidance: The intent is to ensure that each time the list of individuals who are prohibited from accessing gaming sites or playing lottery schemes under Standards 3.1 and 3.2 changes, all registered player information is checked to ensure that all registered players are still eligible to play and, if they are not eligible, they are prohibited from gambling.
7.10 There shall be an auditable trail of events that is logged and available relating to account creation and activation and account changes.
Requirements – At a minimum, an auditable trail of events shall be available for the following:
- Information relating to player identification and verification.
- Information related to any contractual agreements entered into between the OLG and the player.
7.11 Players shall acknowledge and accept the terms of the contract between the player and OLG prior to account creation and shall acknowledge and accept any subsequent changes to the terms of the contract when the player logs onto their account.
7.12 All players shall be authenticated prior to accessing their player account and being permitted to gamble.
7.13 All player account transactions shall be recorded and logged in an accurate and complete manner.
7.14 Player account information shall be made readily available to the player.
7.15 All player account transactions shall be made readily available and clear to the player.
Requirements – At a minimum, the gaming system shall give the player access to the following player account transactions:
- Deposit/withdrawal history, and current balance.
- Log in time, last log in time and last log out time.
- Gaming event and transaction history.
- Method and source of funds used for transactions.
- Total monies wagered for session and/or period of time.
- Total monies won or lost for session and/or period of time.
- Account balance at start and end of session.
Guidance: Player account transactions under this Standard would not include logs of game play activity (e.g. log for each hand played).
7.16 All player account transactions shall be uniquely identifiable and traceable to a unique individual player account.
Deactivation and Dormant Accounts
7.17 Reasonable efforts shall be made to inform players of player funds remaining in dormant accounts.
7.18 Players may elect to deactivate their player account at any time and, once the election is made, the account is deactivated.
7.19 There shall be an auditable trail of events logged and available regarding account deactivation.
7.20 Where necessary, a player account may be deactivated by the Operator.
7.21 A player account shall be deactivated if requested by the Registrar.
7.22 If player information is removed, OLG shall ensure that it is archived in accordance with records retention schedules.
7.23 Where an account becomes dormant, the player shall be able to recover the balance of their account owing to them.
7.24 Where an account is deactivated, by a player or another authorized individual, the player shall be able to recover the balance of their account owing to them.
8. Funds Management (iGaming)
Deposits
8.1 A player may be permitted to deposit funds into his/her player account only after the appropriate verifications and authorization.
Requirements – At a minimum, deposits shall be verified and authorized to ensure the following:
- Deposits made are appropriately authorized by a financial services provider.
Withdrawals
8.2 Players are permitted to withdraw funds from their player account only after the appropriate verifications and authorization.
Requirements – At a minimum:
- Withdrawals shall be verified and authorized to ensure the following, before a withdrawal is permitted:
- The withdrawal is being made by a holder of the account;
- The withdrawal is being transferred to an account of which the player is a legal holder;
- Where winnings are equal to $10,000 or more, additional verification shall take place to ensure that the player is eligible to receive the winnings.
8.3 Players are permitted to withdraw funds from their player account in an accurate and complete fashion and within a reasonable timeframe.
Funds Maintenance and Transactions
8.4 Player funds shall be clearly and appropriately managed.
8.5 All player funds deposited shall be held in an OLG account.
8.6 Operators shall not extend credit or lend money to players or refer players to credit providers or imply or infer that a player should seek additional credit to play games.
8.7 A player shall never have a negative funds balance.
8.8 Players shall be provided with a clear and accurate representation of their funds account balance that is easily accessible and readily available at all times.
Requirements – At a minimum:
- The player balance shall be displayed in Canadian dollars.
8.9 Players shall be provided with unambiguous information about all player account fees prior to making a withdrawal or deposit.
8.10 Players shall be informed clearly and specifically of all rules and restrictions regarding deposits and withdrawals and access to funds in connection with deposits and withdrawals.
8.11 Funds shall not be transferred between player accounts without the Registrar’s approval.
8.12 Adjustments to player accounts shall be made accurately and only by authorized individuals.
8.13 Adjustments to player accounts shall be recorded and logged in an accurate and complete manner.
8.14 Players shall be provided with accurate, clear and specific reasons for any adjustments made to their accounts.
9. Security (iGaming)
Architecture and Infrastructure
9.1 The gaming system architecture and all its related components shall demonstrate security in depth.
9.2 All gaming systems and devices shall validate inputs before inputs are processed.
9.3 The gaming system shall only display the minimum information about the gaming system to unauthorized users and during system malfunctions.
Guidance: The intent is to ensure that the gaming system does not display unnecessary information to unauthorized individuals that may be used to compromise the gaming system or privacy of information.
9.4 All remote access methods shall be appropriately secured and managed.
9.5 Use of wireless communication shall be secured and only used where appropriate.
Guidance: The intent is to ensure that wireless communication is not present in areas
where it could be potentially harmful (e.g. data centres).
9.6 All components shall be hardened as defined by industry and technology good practices prior to going live and as part of any changes.
Requirements – At a minimum:
- All default or standard configuration parameters shall be removed from all components where a security risk is presented.
- The appropriateness and effectiveness of steps taken to harden technology components shall be regularly assessed and, if appropriate, changes must be made to improve the hardening.
9.7 Access shall be appropriately restricted to ensure that the domain name server records are kept secure from malicious and unauthorized changes.
Data and Information Management
9.8 All private encryption keys shall be stored on secure and redundant media that are only accessible by authorized management personnel.
9.9 Encryption keys must be appropriately rotated at regular intervals.
9.10 The gaming system architecture shall limit the loss of data and session information.
System Account Management
9.11 The gaming system shall be able to change, block, deactivate or remove system accounts in a timely manner upon termination, change of role or responsibility, suspension or unauthorized usage of an account.
9.12 A secure authenticator that meets industry good practices shall be used to identify a user and his or her account to ensure that only authorized individuals are permitted to access their system account on the gaming system.
Requirements – At a minimum:
- The gaming system shall automatically lock out accounts should identification and authorization requirements not be met after a defined number of attempts.
9.13 The gaming system shall ensure that all access to the system is fully attributable to, and logged against, a unique user identification.
9.14 Only the minimum access rights shall be granted to each system account on the gaming system and access rights shall be clearly documented.
9.15 All temporary and guest accounts shall be disabled immediately after the purpose for which the account was established is no longer required.
9.16 System accounts and system access rights for the gaming system shall be regularly reviewed and updated.
9.17 A log of account owners shall be kept and regularly reviewed and updated.
9.18 A mechanism shall be in place to ensure that the assignment of administrator accounts is approved by the Operator’s management and that usage is monitored for appropriateness.
9.19 Inappropriate use of system accounts on the gaming system shall be logged, reviewed and responded to within a reasonable period of time.
9.20 Inappropriate use of administrator accounts shall be reported to the Registrar in a timely manner.
Software
Note: The following Standards apply to the following types of software: 1) Commercial off the shelf software, 2) Modified commercial off-the-shelf software, 3) Proprietary developed software, and 4) OLG specific developed software.
9.21 Software used for the gaming system shall be developed using industry good practices.
9.22 Software development methodologies used shall be clearly documented, regularly updated and stored in an accessible, secure and robust manner.
9.23 An appropriate system shall be in place to manage the software development and ongoing software management lifecycle.
9.24 All software development roles shall be segregated during and after release of code to a production environment.
9.25 The Operator shall establish an appropriate audit trail of authority and management review of code for software.
9.26 Controls shall be in place to ensure software is appropriately secured and access is appropriately restricted throughout development.
9.27 The Operator’s authorized management staff shall review and approve software documentation to ensure that it is appropriately and clearly documented.
9.28 Source code and compiled code shall be securely stored.
Guidance: Compiled code could be digitally signed or hashed (including each time there is a change) in a manner that allows for external verification.
9.29 The promotion or movement of code from testing through other environments to production shall be accompanied by the appropriate documentation and approvals.
9.30 All promotion of code from development to production shall only be performed by production support staff and not by development staff.
9.31 Appropriate testing environments shall be in place to allow for thorough testing of any code before it is put into production.
9.32 Access to production environments shall be restricted from development personnel.
Note: This does not preclude granting of temporary supervised access for conducting technical investigations that may only be performed on the production environment.
9.33 Development code shall not be present in the production environment.
9.34 A mechanism shall be built into the gaming system to verify the integrity of the software that is deployed to production, including before changes are implemented, as well as on an ongoing basis.
9.35 Appropriate release and configuration management systems shall be in place to support software development.
9.36 All code developed by a third party shall be tested to ensure it meets industry good practices and that it performs to meet its purpose prior to being added to the testing environment and prior to integration testing.
9.37 All code developed by a third party shall pass integration testing before it is added to production.
9.38 Mechanisms shall be in place to ensure that bugs are identified and addressed prior to, and during, production.
9.39 Quality assurance processes, including testing, shall take place during development and prior to the release of any code.
9.40 All components, where appropriate, shall be tested for the purposes for which they will be used.
Change Management
9.41 Post implementation reviews shall be performed to ensure that changes have been correctly implemented and the outcomes shall be reviewed and approved.
9.42 All change related documentation and information shall be captured, stored and managed in a secure and robust manner.
9.43 The implementation of software related updates, patches or upgrades shall be regularly monitored, documented, reviewed, tested and managed with appropriate management oversight and approval.
9.44 A mechanism shall be in place to regularly monitor, document, review, test and approve upgrades, patches or updates to all gaming-related hardware components as they become end of life, obsolete, shown to have weaknesses or vulnerabilities, are out-dated or have undergone other maintenance.
9.45 Appropriate release and configuration management processes with support systems shall be in place to support both software and hardware related changes.
9.46 Only dedicated and specific accounts may be used to make changes.
10. Game Play and Management (iGaming)
Display and Game Information
10.1 The player shall be provided with accurate information to enable the player to make informed choices.
Requirements – At a minimum:
- For each game, the theoretical payout shall be provided:
- For games that include progressive awards, limited time awards, metamorphic elements or game-within-a-game awards, the variable contribution of such awards to the theoretical payout percentage shall be clearly disclosed;
- For games which have different theoretical payout percentages for different betting options, the lowest theoretical payout percentage of all betting options shall be disclosed, as a minimum;
- For games that have skill and/or strategy components, the theoretical payout percentage shall be calculated using a disclosed, generally known and/or publicly available strategy. If there is no such standard/published strategy, the theoretical payout percentage shall be calculated using a blind strategy (random choice).
- Games with elements of skill or strategy shall either disclose the optimal strategy or provide other information to the player that is sufficient to derive the optimal strategy.
- For any top award that has a probability of less than 1 in 17 million to win, the probability shall be disclosed to the player.
- For any other award that has a probability of less than 1 in 34 million to win, the probability shall be disclosed to the player.
10.2 Information shall be displayed for a length of time that is sufficient for the player to understand their bet and the result of the game.
Speed and Interruption
10.3 Where speed of interaction has an effect on the player’s chances of winning, the Operator shall take reasonable steps to ensure the player is not unfairly disadvantaged due to gaming system related performance issues.
10.4 Service interruptions shall be responded to and dealt with in a way that does not disadvantage players.
Requirements – At a minimum, the gaming system shall:
- Inform players that the speed of connection or processor may have, or appear to have, an effect on the game;
- Recover from failures that cause interruptions to the game in a timely fashion;
- Where appropriate, void bets;
- Retain sufficient information to be able to restore events to their pre-failure state, if possible;
- Return bets to players where a game cannot be continued after a service interruption.
10.5 For all single player games, a mechanism shall be in place to require a player to complete an incomplete game before a player is allowed to participate in any other games, where possible.
Peer-to-Peer Games
10.6 For all peer-to–peer games, the player shall be made aware of possible communication loss and the impact to the player in such an event.
10.7 Operators shall ensure that no programs are used to participate in peer-to-peer games with players (e.g. robots).
10.8 Mechanisms shall be in place to detect and prevent situations where players in peerto- peer games may be using software/programs (e.g. robot play) to create an unfair advantage during game play.
Requirements – At a minimum:
- OLG shall require the player to enter into an agreement which clearly states that using software or programs to play games on a player’s behalf is prohibited.
10.9 A mechanism shall be in place to allow players to report suspected use of robots.
10.10 A mechanism shall be in place to ensure that a player cannot play against himself/herself.
10.11 Players shall not be unjustly treated or unfairly disadvantaged by the actions of other players.
10.12 Where players are unjustly treated or unfairly disadvantaged by the actions of other players, a mechanism shall be in place to detect, log and respond appropriately to this behaviour.
Determination of Game Outcomes
10.13 All possible game outcomes (winning and losing outcomes) shall be available in each play, unless clearly explained in the rules of play.
10.14 The probability of game outcomes in virtual games shall be the same as in the associated live game (e.g. card games), unless the differences are set out in the rules of play and communicated to players.
10.15 The probability of achieving any specific game outcome shall be constant and independent of game history, player or any other factor.
Guidance: The intent is to ensure that where the outcome of a game should be truly random (i.e. dice games, slot games), the outcome is not dependent or based upon any game history or other factors. This Standard is not meant to prohibit games which are based on cumulative play i.e. metamorphic games.
10.16 Bets shall be committed before the selection of game elements and associated game outcomes. Any wager received after the selection of game elements or associated game outcomes associated with the wager shall be voided and returned to the player.
Randomness of Game Outcomes
10.17 A mechanism shall be in place to randomly select game elements used to determine game outcomes.
10.18 The mechanism used to select game elements and their associated game outcomes shall be impervious to outside influences: including electro-magnetic interference; devices within or external to the gaming system; characteristics of the communications channel between the gaming system and the end player device; players; and the Operator.
10.19 Mechanical and electrical devices used to select game elements and their associated game outcomes shall meet the following:
- Components shall be constructed of materials that will not degrade or impact the randomness of the selection before their scheduled replacement lifecycle;
- The devices shall be capable of being monitored and inspected to ensure the integrity of the device and randomness of the generated outcomes.
10.20 The selected game elements and their associated game outcomes shall not be influenced, affected or controlled by the amount wagered, or by the style or method of play unless the conditions of play are changed and are clearly disclosed to the player.
10.21 The selected game elements and their associated game outcomes shall not be altered, discarded or otherwise manipulated through a secondary decision by the game program.
10.22 There shall be a mechanism in place to ensure that the randomness of selected game elements is not impacted by load on the gaming system.
10.23 Selected game elements shall not be supplied to more than one player, unless required by the rules of play.
10.24 Initial values and conditions shall be selected and used to seed the random selection process in a way that ensures the randomness of the resulting game outcomes, and avoids any correlation of selected game elements with elements selected by any other instances of the mechanism.
10.25 Re-initialization of initial values shall be kept to a minimum. Initial values shall be reinitialized, if corrupted.
10.26 Where the random selection process is interrupted, the next selection shall be a function of the selection produced immediately prior to the interruption, where possible.
10.27 Any failure of the mechanism used to select game elements shall be quickly identified and responded to in an appropriate and timely manner in order to minimize the effect on players.
10.28 Where there is a failure of the mechanism used to select game elements, games that rely upon that mechanism shall be made unavailable until the failure has been rectified.
Automated Functionality
10.29 A mechanism shall be in place to ensure that the player retains control of betting where auto-wagering functionality is provided.
Requirements – At a minimum, the auto-wagering functionality shall:
- Enable the player to choose the bet, and either the number of auto-wagering bets or the total amount to be bet.
- Enable the player to stop the auto-wagering regardless of how many auto-wagering bets were initially chosen or how many remain.
- Not override any of the display requirements, e.g. the result of each bet shall be displayed for a reasonable length of time before the next bet commences.
- Enable the player to limit the dollar amount gambled and/or length of play.
- Provide reasonable limits to the length of time auto-wagering can continue.
Game Management
10.30 Where applicable, game interface changes made by the player shall be appropriately limited by the gaming system to ensure that information and representation of the game remains fair and accurate and in accordance with the rules of play.
10.31 Rules of play shall not be changed during a game session unless the player is made aware of the change and no bets have been placed by the player.
10.32 Where games have been changed, players shall be notified of the changes and the impact on the rules of play before the game is played.
10.33 All game sessions shall be appropriately secured and checked for authenticity.
10.34 There shall be a player inactivity time-out that automatically logs the player out or ends the player’s session after a specified period of inactivity.
Downloadable Game Content
10.35 All downloadable games shall be set up and provided to the player in a secure manner with all relevant information provided to the player.
Requirements – At a minimum, downloadable games shall include:
- Separate and distinct rules of play.
- Separate and distinct security parameters.
10.36 All critical functions, including the generation of the outcome of any game, shall be generated by the gaming system, independently of the end player device.
Guidance: The intent is for the Operator to maintain control (i.e. security, integrity) of all critical game functions.
Collusion and Cheating
10.37 Mechanisms shall be in place in order to facilitate investigation of collusion and cheating and, if necessary, deactivation of player accounts or player sessions in a timely fashion when detected.
11. Responsible Gaming (iGaming)
11.1 All lottery schemes shall be entered into willingly by the player.
Guidance: The intent is to ensure that the player is not forced into game play simply by
selecting the game.
11.2 Players shall be provided with an easy and obvious way to set gaming limits (financial or time based) upon registration and at any time after registration.
Requirements – At a minimum:
- Players shall be provided with the option to set loss and deposit limits during registration.
11.3 Where a gaming limit has been previously established by a player, a request to relax or eliminate that limit shall only be implemented after a cooling-off period.
Requirements – At a minimum:
- The cooling-off period shall be 24 hours.
11.4 Where a gaming limit has been previously established by a player, it may not be relaxed by an Operator acting unilaterally, without instructions from the player.
11.5 Gaming limits, however imposed, shall be enforced by the gaming system.
Requirements – At a minimum:
- Players shall be clearly notified that the game or gaming session has come to an end due to a gaming limit.
11.6 The registration page and pages within the player account shall prominently display a responsible gambling statement.
11.7 A mechanism shall be in place to monitor and detect game and account transactions which may indicate signs of problem gambling.
11.8 Removed, July 2019.
11.9 There shall be reasonable and appropriate breaks in play.
11.10 Advertising and marketing materials that communicate gambling inducements, bonuses and credits are prohibited, except on an operator’s gaming site and through direct advertising and marketing, after receiving active player consent. [New: December, 2021]
Guidance: This standard does not prohibit the use of inducements, bonuses and credits.
This standard prohibits all public advertising, including targeted advertising and algorithm-based ads.
Direct marketing and advertising includes but is not limited to: direct messaging via social media, emails, texts, and phone calls.
12. Other Operator Standards (iGaming)
General
12.1 Employees shall receive training appropriate to their role and be competent in carrying out their duties.
12.2 The contract between the player and OLG shall clearly state that all applicable laws must be complied with.
12.3 Relevant information about the AGCO shall be displayed and easily accessible to the player.
Incident Management
12.4 The Registrar shall be notified about incidents in accordance with the established notification matrix.
Guidance: The intent is only to inform the Registrar of incidents which are of a regulatory concern. These may include:
- Incidents related to gaming system integrity
- Incidents related to security
- Incidents related to accounting improprieties
- Incidents related to cheat at play
Logging Management and Reporting
12.5 There shall be appropriate, accurate and complete records of transaction and game state and play information kept and made available for the purposes of:
- Ensuring timely investigations can be performed by the Registrar.
- Capturing information needed to continue a partially complete game within a reasonably defined time
- Resolving disputes in a fair and timely manner.
- Ensuring player complaints can be resolved.
- Tracking all relevant player information (including funds information).
- Tracking all relevant individual gaming sessions and game play information.
- Tracking all relevant information related to events (including significant events).
- Tracking of game enabling, disabling and configuration changes.
Guidance: There should be an adequate amount of storage, capacity and retention of logged information.
The appropriate capacity, design and monitoring of the logging facilities should be in place to ensure that logging is not interrupted for a technical reason that could have been prevented.
The following are EXAMPLES ONLY of what should be recorded and logged.
Recorded and logged information should include the following:
Information that could be used in investigations
- Amending player balances
- Changing game rules or pay-tables
- Changing administrator or root level access
Player Account Information
- Player identity details (including player identity verification results)
- Account details and current balance
- Changes to account details, such as change of address, change of credit card, or change of name
- Any self-imposed player protection limitations
- Any self-imposed player protection exclusions
- Details of any previous accounts, including reasons for deactivation
- Deposit/withdrawal history
- Game play history (e.g. games played, amounts bet, amounts won, progressive jackpots won, etc.)
Gaming Session and Game Play Information
- Unique player ID
- Unique game identifier
- Game session start and end time
- Player account balance at start of game
- Amount wagered
- Contributions to progressive jackpot pools (if any)
- Current game status (i.e. in progress / complete)
- Game result/outcome
- Progressive jackpot wins (if any)
- Game end time
- Amount won
- Player account balance at end of game
Event Information
- Player registration or player account creation and deactivation
- Changes to player registration (e.g. address) or account details (e.g. balance, player configurable parameters)
- Changes made to game parameters
- Changes made to jackpot parameters
- New jackpot created
- Jackpot retired
- Large wins
- Jackpot wins
- Any large transfer of funds
- Loss of communication with a player device
- Player exclusion (including exclusion, requests to lift exclusion, and actual lifting of exclusion)
Significant Event Information
- Changes made to game parameters
- Changes made to progressive jackpot parameters
- New progressive jackpots created
- Progressive jackpot shutdowns
Note: The above are examples only and are not to be considered a complete list.
12.6 There shall be a mechanism in place to ensure that if logging is interrupted, compensating manual controls are used, where reasonable.
12.7 The gaming system shall be capable of providing unfettered custom and on- demand reports to the Registrar.
Guidance: The intent is to ensure that the Registrar can receive information in the appropriate format when necessary.
The following are EXAMPLES ONLY of the types of reports that may be generated:
- A list of all currently (or previously) active player accounts
- A list of all currently (or previously) dormant player accounts
- A list of all accounts for which the player has currently (or previously) imposed a player protection self-exclusion
- A list of all accounts for which the player has currently (or previously) been excluded from the site (i.e. involuntary exclusion)
- A list of all accounts for which the player’s funds have currently (or previously) been inactive for a period of time exceeding 90 days
- A list of all accounts for which one or more of the player’s deposits and/or withdrawals have exceeded a configurable limit (i.e. large deposits/withdrawals. The limit shall be configurable for single transactions, as well as aggregate transactions over a defined time period.
- A list of all accounts for which one or more of the player’s wins have exceeded a configurable limit (i.e. large wins). The limit shall be configurable for single wins, as well as aggregate wins over a defined time period.
- A list of all currently active gaming sessions
- A list of all games hosted by the website, including approved game/paytable
versions
Note: The above are examples only and are not to be considered a complete list.
12.8 Information regarding specific game elements (such as a player’s hand or cards) shall not be accessible to give advantage to any player during games, unless by the player themselves.
12.9 The Operator shall ensure that investigators (OPP or Registrar) are able to monitor and participate in games.
Complaints and Help Management
12.10 A mechanism shall be in place to allow players to contact the Operator in a timely fashion with issues or complaints relating to their player account, funds management, game play or any matter related to compliance with the Standards and Requirements. The Registrar shall be notified of any such issues or complaints, in accordance with the established notification matrix.
12.11 A ‘help’ function shall be made readily available and easily accessible to players to provide gaming-related assistance.
Appendix
Regulatory Risks
Risk Theme | Regulatory Risk |
---|---|
Entity Level |
|
Responsible Gambling |
|
Prohibiting Access to Designated Groups |
|
Ensuring Game Integrity and Player Awareness |
|
Public Safety and Protection of Assets |
|
Minimizing Unlawful Activity Related to Gaming |
|