Curaçao Post-LOK: What Operator-Level Self-Exclusion Now Actually Demands Under the CGA

The CGA’s Responsible Gaming Policy for Licensed Operators (Version 1.0, 17 April 2025) marks the sharpest structural break from the master-licence era that Curaçao’s player protection history has ever seen. Under the pre-LOK arrangement, a sub-licensee’s responsible gambling obligations ran to its master licensor, not to the government. Enforcement was inconsistent, standards varied across the four master licence holders, and the CGA had no direct supervisory relationship with the thousands of operators in the chain. The LOK, which entered into force on 24 December 2024, dissolves that structure. Every B2C licensee holding a direct Online Gambling Licence (OGL) from the CGA is now bound to nine mandatory RG elements, each enforceable under Chapter 13 of the LOK, which empowers the CGA to issue corrective orders, impose administrative fines, and revoke licences. Self-exclusion sits at the centre of this new regime, and its requirements are materially more demanding than anything the master-licence era ever imposed.

What the Master-Licence Era Actually Looked Like

Under the NOOGH 1993 framework, the four master licence holders, Antillephone N.V. (8048/JAZ), Cyberluck N.V./Curaçao eGaming (1668/JAZ), United Curaçao N.V. / Curaçao Interactive Licensing (5536/JAZ), and Gaming Curaçao N.V. (365/JAZ), each set their own minimum RG standards contractually. The sub-licensee’s compliance obligations were governed by private agreement, not by a statutory regulator. There was no binding government-issued RG policy document, no mandated minimum self-exclusion duration, no prescribed reactivation protocol, and no requirement for a dedicated RG Officer. What little existed operated as commercial best practice, with no standardised enforcement mechanism when breaches occurred. The CGA’s role was largely formal, the substantive regulatory relationship sat between operator and master licensor.

The LOK abolishes that model entirely. From the point at which an operator’s direct OGL is live, the CGA is the sole regulatory counterparty. Compliance submissions, enforcement actions, and RG reporting run directly between the operator and the Authority. The private contractual layer is gone.

The Nine Mandatory Elements: A Compliance Floor, Not a Menu

Section 3 of the CGA RG Policy sets out nine elements that are mandatory for operational compliance with a CGA gaming licence. These are not aspirational guidelines and operators cannot elect to implement a subset. The nine elements are: age verification (Section 5 of the Policy), information accessibility (Section 6), player self-assessments (Section 7), behaviour tracking (Section 8), cooling-off periods (Section 9.1), self-exclusion (Section 9.2), deposit limits (Section 10.1), consumer advertising and marketing controls (Section 12), and training of employees (Section 11). Adherence to all nine forms a condition of licence compliance. The CGA may initiate disciplinary action for violation of any element.

Operators engaged in high-risk business models, defined in Section 2.2 to include skin betting, agent or intermediary accounts, cryptocurrency, and high-roller or VIP programmes, must provide an RG policy that specifically accommodates those high-risk elements with proportionate enhanced controls. The non-retail exemption in Section 2.3 is narrow: it applies only to professional players and syndicates, and even these remain subject to general RG principles.

What Does the Self-Exclusion Requirement Actually Demand?

Section 9.2 of the CGA RG Policy operationalises the obligation under LOK clause 5.4(2). The core parameters break down as follows.

Minimum duration: Operators must offer self-exclusion periods of at least one year. The upper end is not capped by the Policy itself, the Legal 500 Country Comparative Guide for Curaçao (2025) notes that long-term or lifetime bans of one to ten years, or permanent exclusion, are the expected range.

Scope across brands: Self-exclusion covers all brands and domains operated under the same licence. A player who self-excludes from one brand of a multi-brand licensee is excluded from all brands. There is no mechanism for partial exclusion that limits scope to a single domain while the operator holds other properties under the same OGL.

Scope across verticals: Exclusion applies to all gambling activity, not to a single product vertical. A player cannot be excluded from casino while remaining active on sportsbook products held under the same licence.

Process requirements: The player must be able to initiate and complete self-exclusion entirely online, without requiring email correspondence or operator intervention to complete the process. The Policy specifies that the process must be straightforward and immediately effective upon completion. The operator may not persuade the player to reconsider during the self-exclusion process.

Marketing suppression, automatic: Marketing suppression is not opt-in and is not configurable by the player. Upon self-exclusion taking effect, all direct marketing and advertising is suppressed automatically. No bonuses, free play, or incentives of any kind may be sent to a self-excluded player. The duration of this suppression runs for the entire self-exclusion period without exception.

“No direct marketing or advertising can be sent to the player” during a self-exclusion period, with reactivation of account access only available upon a written request from the player via official customer support channels. The operator cannot re-initiate contact to prompt reactivation.

Account treatment: On self-exclusion taking effect, the account is closed and the player can no longer log in. The operator must have robust measures to identify, where reasonably possible, duplicate accounts and prevent self-excluded individuals from registering under different credentials. Ante-post bets must be voided and refunded, subject to AML/CFT obligations. In-running poker tournaments may be completed, progressive jackpot contributions made prior to the exclusion remain in-situ but the player forfeits any entitlement to participate after the exclusion is effective.

The Cooling-Off Tier: A Distinct Mechanism from Self-Exclusion

The CGA RG Policy draws a clear operational distinction between cooling-off periods (Section 9.1) and self-exclusion (Section 9.2). The account treatment, marketing rules, and reactivation protocols differ between them, and conflating the two in system design creates a compliance gap.

Cooling-off periods run from 24 hours to three months. During a cooling-off period, the account remains active but gambling features are disabled, and player funds remain accessible for withdrawal. Unlike self-exclusion, accounts are automatically reactivated at the end of the cooling-off period, no written request from the player is required. Marketing materials must not be sent to players during their cooling-off period if they have opted out, and no bonuses, free play, or incentives may be offered during the period regardless. The cooling-off interface must be available online only and confirmation prompts must be neutrally expressed, with the example wording provided in the Policy being: “You wish to cool off for one month. Please confirm.”

Self-exclusion is a different regime. The account is closed, not merely restricted. Reactivation requires an active written request from the player, by email or chat, and cannot be triggered automatically or by operator-initiated communication. The operator may prompt the player at the point of a login attempt after the period ends, but re-commencing outbound communications to solicit a reactivation request is prohibited.

Operator-Initiated Exclusion: A Non-Discretionary Obligation

Section 9.2 of the CGA RG Policy includes a requirement that goes beyond the player-initiated self-exclusion mechanism: exclusion by the operator must itself be functional. The Policy’s compliance schedule explicitly lists “Exclusion by the operator must be functional” as a separate mandatory element from the “Self-exclusion option must be functional” requirement. This distinction tracks the LOK’s broader prohibition in Article 1.4(e), which makes it unlawful for an operator to allow a person who can reasonably be assumed to be a vulnerable person the opportunity to play games of chance.

LOK clause 1.1(h) defines a Vulnerable Person as including: a person under 18, a person who has no, or insufficient, control over their gambling behaviour such that they are, or threaten to become, addicted, causing harm to themselves or others, a person who has been banned from playing games of chance whether by force or at their own request, and a person who has been declared bankrupt. The operator-initiated exclusion obligation therefore extends beyond reacting to self-exclusion requests. It requires the operator to act on its own assessment of vulnerability and to exclude where that threshold is reached.

Compliance teams should treat operator-initiated exclusion as a downstream output of the behaviour tracking function in Section 8. When monitoring identifies an at-risk player and internal escalation determines that the vulnerable person threshold under Article 1.4(e) is met, the operator must act, not merely document. The Policy’s requirement that this function be “functional” means it must be operationally embedded, not a theoretical capability sitting in a procedure manual.

Behaviour Tracking: The Upstream Obligation Feeding Self-Exclusion

Section 8 of the CGA RG Policy establishes that active monitoring for problematic gambling behaviour is a mandatory element, grounded in Article 1.4(e) of the LOK. The monitoring obligation is framed holistically: by analysing the player’s entire relationship with the operator, the licensee must be able to identify at-risk individuals and take proactive steps to prevent gambling-related harm.

The Policy acknowledges that no single indicator automatically classifies a player as a potential gambling addict. A determination of problematic behaviour typically requires multiple indicators occurring simultaneously and consistently. Behaviour tracking is expected to be conducted by frontline staff, including customer service representatives and VIP managers, who are in the strongest position to detect patterns through direct interaction. The Policy calls for a structured flagging process that serves as a trigger for more detailed behavioural analysis.

The Legal 500 Country Comparative Guide for Curaçao (2025) specifies that high-risk patterns warranting monitoring include frequent deposits, reversed withdrawals, and extended play sessions. High-risk operators are expected to deploy enhanced safeguards including links to website-blocking tools such as BetBlocker, GamBlock, and Gamban, AI-driven pop-ups, and direct human outreach to players exhibiting concerning behaviour. These enhanced measures scale with the operator’s own risk profile: cryptocurrency-heavy operations, agent-based models, and VIP programmes each carry an elevated obligation. To embed behaviour tracking protocols effectively into your compliance workflow, consult the Curaçao licence requirements profile for implementation guidance tailored to your business model.

Marketing Suppression: The Advertising Overlay on Exclusion

The CGA RG Policy’s Section 12 extends marketing restrictions well beyond the automatic suppression triggered by self-exclusion. All advertising and marketing materials must carry a Responsible Gaming message. The LOK prohibits operators from advertising in ways that target minors or Vulnerable Persons, use false or misleading claims about winning chances or risk levels, portray gambling as a solution to financial problems or a path to financial success, or advertise in a way that conceals the licensing requirement or misrepresents the Curaçao jurisdiction.

The CGA supervises all gambling advertising conducted “in or from Curaçao.” Violations can lead to administrative orders, suspension or revocation of licence, and fines or corrective orders under Chapter 13 of the LOK. The advertising regime is not a separate compliance silo from the self-exclusion framework: the same enforcement powers apply to a marketing breach involving a self-excluded player as to an unlicensed operation. Operators maintaining marketing suppression lists must ensure that the suppression logic is applied at the point of any outbound communication trigger, not just at the email level. Social media custom audience uploads, push notifications, and SMS campaigns all fall within the definition of “advertising” under the Policy.

A licensee may advertise, promote, or sponsor games of chance only in accordance with the principles of responsible, fair, and transparent communication, and advertising must not encourage excessive or irresponsible participation in any format.

The RG Officer Requirement and Reporting Structure

Section 3 of the CGA RG Policy requires each operator to appoint an individual who fulfils the Responsible Gaming function within the organisation. Until a dedicated RG Officer is in post, a Compliance Officer who is not the AML/CFT Compliance Officer must carry that responsibility. The explicit separation from AML/CFT functions is notable: the same individual cannot hold both roles simultaneously as a permanent arrangement.

The RG Officer must report annually to management on RG implementation and submit updates to the CGA. This creates a direct supervisory channel between the CGA and the RG function, bypassing the commercial relationship that previously sat between operator and master licensor. Annual reporting cycles mean the CGA will have a documented compliance record against which to assess any enforcement inquiry. Operators that appoint the RG Officer role to a junior or part-time function without genuine management access are exposed to a regulatory finding that the appointment did not satisfy the Policy’s intent.

Where operators run high-risk business models under Section 2.2, the RG Officer must be capable of overseeing enhanced controls proportionate to the specific risk elements. A VIP programme or cryptocurrency-accepting operator that appoints an RG Officer without knowledge of enhanced due-diligence procedures or AI-driven monitoring tools is unlikely to satisfy the CGA’s expectations during a supervisory review.

How the CGA Framework Compares to Peer Jurisdictions

Curaçao’s operator-level self-exclusion model sits in a distinct regulatory category from the national register systems operated by jurisdictions such as Sweden (Spelpaus), Denmark (ROFUS), Spain (RGIAJ), France (Interdiction Volontaire), and Germany (OASIS). Those regimes bind every licensed operator to a centralised register: exclusion at one operator excludes the player across the market. Curaçao’s model, like those of the MGA in Malta, several US state regulators, and pre-BetGuard Ontario, places the obligation at the individual licensee level. Cross-operator portability of self-exclusion does not exist as a mandatory requirement under the LOK or the CGA RG Policy.

The practical consequence is that a player who self-excludes with Operator A holding a CGA OGL is excluded only from Operator A’s brands. They remain free to play with Operator B, even if Operator B also holds a CGA licence. Compliance officers advising operators on their obligations should ensure that internal communications make this perimeter clear, particularly where operators maintain affiliate or white-label relationships that could blur brand boundaries within the same licence scope. The CGA RG Policy’s cross-brand requirement within a single licence is rigorous, cross-operator portability is not currently mandated.

Compared to the MGA’s Player Protection Directive (Directive 2 of 2018), the CGA framework is structurally similar in placing operator-level self-exclusion at the core, but diverges on some procedural details. The MGA requires notification to the player in writing within seven days if a request to decrease exclusion duration is accepted or rejected, the CGA RG Policy does not specify this granular sub-procedure but does require that reactivation be entirely player-initiated. For operators holding both a CGA OGL and an MGA B2C licence, the more prescriptive jurisdiction’s requirement will set the minimum standard for each market served. Operators should consult qualified legal counsel when mapping dual-jurisdiction obligations to ensure no requirement is subordinated to the other. A detailed side-by-side of MGA and comparable licensing frameworks is available in the Curaçao licence requirements profile.

Enforcement: What Happens When the Framework Is Breached

Under Chapter 13 of the LOK, the CGA has three primary enforcement tools. Corrective orders require an operator to stop or remedy unlawful activity. Administrative fines apply to breaches including RG violations. Non-compliance penalties attach where an operator ignores a corrective order. These administrative sanctions can be compounded by criminal prosecution, with the LOK providing for coordination between the CGA and the Public Prosecutor where both administrative and criminal enforcement are warranted for the same conduct.

The CGA’s legal architecture now closely mirrors the enforcement model of the MGA and, to a lesser extent, the UKGC, in that the regulator has direct statutory authority to escalate from corrective order to licence suspension or revocation without the intermediate step of engaging a master licensor. An operator that allows a self-excluded player to continue gambling, sends marketing to a self-excluded player, or fails to appoint a functional RG Officer faces an enforcement path that runs directly to the CGA’s supervisory team, not to a private commercial intermediary. The shift from the NOOGH era to the LOK era is, in enforcement terms, the difference between a contractual dispute and a regulatory action.

The RG compliance structure described in this article is grounded in primary regulatory documents as of mid-2025. The LOK was adopted on 20 December 2024 and the CGA RG Policy issued on 17 April 2025. The CGA has signalled that further supervisory guidance may follow as the direct-licensing regime matures. Operators should monitor CGA publications for updates and consult qualified legal counsel for jurisdiction-specific compliance advice, particularly where multi-jurisdiction operations create overlapping obligations.

For a broader introduction to the post-LOK structural reforms, including the OGL application process, AML requirements, and technical standards, see our overview of Curaçao’s LOK transition. Operators holding licences in multiple jurisdictions can benchmark CGA self-exclusion obligations against comparable frameworks through the Responsible Gambling Compliance hub, which covers the national register and operator-level models across all 17 regulated markets on this site.

Key Resources

CGA Responsible Gaming Policy for Licensed Operators, Version 1.0, 17 April 2025, Available via the Curaçao Gaming Authority website at cga.cw. This is the operative compliance document setting all nine mandatory RG elements.

LOK (Landsverordening op de Kansspelen), National Ordinance on Games of Chance, 20 December 2024, Official English translation certified by lic. Karel Thijs, LL.M. The statutory foundation for all CGA licensing and enforcement, including Articles 1.4(d), 1.4(e), and clause 5.4(2) governing the self-exclusion minimum duration.

Legal 500 Country Comparative Guide, Curaçao Gambling Law 2025, Practitioner-authored commentary cross-referencing the LOK’s operational requirements with the CGA’s published regulatory instruments.