Wallet Architecture for Multi-Jurisdiction iGaming Operators: Fund Segregation, Per-Jurisdiction Rules, and Settlement Patterns

Operating a remote gambling business in a single jurisdiction is hard enough. Operating across the UKGC, MGA, AGCO/iGaming Ontario, AGLC Alberta, and Spelinspektionen simultaneously means navigating at least five distinct fund-protection regimes, each with different definitions of what “segregated” means, different constraints on where funds may be held, and different obligations toward the regulator’s own audit access. A wallet architecture designed around one regime will satisfy the others only by accident.

This article maps the primary obligations across the major regulated markets, draws out the structural differences between “segregated” and “ringfenced” as those terms operate in practice, and sets out the reconciliation and FX considerations that arise when a single ledger must satisfy multiple simultaneous regulatory duties.

What “Holding Customer Funds” Actually Means: The UKGC Definition

The starting obligation under the UKGC Licence Conditions and Codes of Practice (LCCP, version effective 6 April 2026) is in Operating Licence Condition 4.1, which defines “holding customer funds” to include: deposits made by customers on account, winnings or prizes the customer has chosen to leave on deposit or for which the licensee has yet to account, and any crystallised but as yet unpaid loyalty or other bonuses. The definition applies regardless of whether the licensee is a party to the gambling contract.

That breadth matters for wallet architecture. Bonus credit that has converted to a real-money balance, accumulated but unclaimed loyalty points with a monetary equivalent, and winnings sitting in a pending withdrawal queue all constitute “customer funds” for LCCP purposes. Each of these must therefore be subject to whatever fund-protection arrangements the licensee has disclosed to players.

The UKGC’s Four-Tier Protection Rating System

LCCP Condition 4.2.1 requires every licensee who holds customer funds to disclose, in its terms and conditions, whether customer funds are protected in the event of insolvency, the level of that protection, and the method by which this is achieved. The Commission specifies the rating system, licensees must present it in the form the Commission prescribes and must ensure each customer acknowledges receipt before using deposited funds for gambling.

The four categories the Commission recognises are:

Rating	Mechanism	Insolvency outcome
High protection	Funds held in a statutory trust (or equivalent) with independent trustee and trust deed	Ringfenced, outside the insolvent estate
Medium protection	Funds held in a dedicated client-money bank account, separated from operational funds	Segregated but subject to insolvency proceedings, players are creditors
Not protected, customer funds segregated	Funds operationally separated but no independent protection structure	Players are unsecured creditors in an insolvency
Not protected, customer funds not segregated	No formal separation from operational funds	Players are unsecured creditors, funds may be commingled with operational liabilities

The UKGC does not mandate that licensees achieve “high” protection. It mandates disclosure, transparency to players, and re-disclosure at least every six months if funds are not at the highest protection level. The commercial and reputational implications of disclosing “not protected” status are considerable, and in practice the majority of sizeable remote operators target medium or high protection. Compliance teams should note that the LCCP update effective 6 April 2026 carries revised transparency requirements for insolvency-related disclosures arising from the government’s gambling reform programme.

What Distinguishes “Segregated” from “Ringfenced”

The two terms carry materially different legal weight. A segregated account holds player funds separately from operational funds in accounting terms, but the funds remain assets of the licensee. In an insolvency, creditors of the licensee may have a claim on those funds. A ringfenced or trust arrangement places the funds outside the licensee’s estate altogether. The operator has no beneficial ownership, the funds belong to the players. Statutory trust structures in England and Wales, or equivalent arrangements in other common-law jurisdictions, achieve this result.

The practical difference for a multi-jurisdiction operator is that UKGC’s “high protection” category requires the ring-fence, while most other regulators accept segregation. An operator that achieves UKGC high protection by creating a statutory trust will generally satisfy the segregation requirements of MGA, GLI-certified systems, and Spelinspektionen simultaneously. The reverse is not true: an operator whose MGA-compliant segregated account does not reach trust level will need separate disclosure and separate structures for UK players.

MGA Directive 2 of 2018: Segregation and the Viewing Rights Constraint

Under the MGA’s Player Protection Directive (Directive 2 of 2018, as amended to version 3 in January 2023), Article 32(3) requires that all player funds accounts provide access to funds sufficient to cover a licensee’s liabilities towards players at all times. Article 33(1) of the same Directive provides that player funds must be held in credit, financial, or payment institutions licensed in Malta, or licensed outside Malta but within the EU/EEA, or in other jurisdictions approved by the MGA.

“It is the responsibility of the licensee to ensure that the Authority remains in a position to exercise viewing rights over the common account of player funds.”, MGA, Player Protection Directive (Directive 2 of 2018), Article 33(1)

The viewing-rights obligation under Article 33(1) is an architectural constraint, not merely an administrative one. It means the licensee must have in place, before going live, written authorisations granted to its banking institution to release all account information to the MGA on request, together with a declaration from the bank that it will comply without undue delay. Article 33(2) extends the same viewing rights to funds in transit, not merely funds at rest.

For a multi-currency or multi-brand operator, this means each institution that touches player funds must be able to respond to an MGA viewing-rights request within the jurisdiction-specific timeframe. An operator routing player deposits through a non-EU/EEA payment intermediary that cannot provide the MGA with the required authorisation declarations is in breach of Article 33, regardless of whether the underlying funds eventually clear into an EU/EEA account.

The MGA’s Gaming Player Protection Regulations state clearly that player funds must be kept segregated and remain separately identifiable at all times. The Authority’s FAQ guidance further clarifies that the MGA may exercise viewing rights over the common account at its sole discretion. This “common account” terminology indicates that the MGA accepts a single pooled player-funds account that encompasses all players across all MGA-licensed brands operated by the same entity, provided the individual player balances are separately identifiable within the accounting system. A licensee holding funds for a casino brand and a sports-betting brand under the same MGA licence may use a single player-funds bank account, as long as the ledger can resolve each player’s balance individually.

GLI Standards: Anti-Commingling at the System Level

Both GLI-19 (Standards for Interactive Gaming Systems, version 3.0) and GLI-33 (Standards for Event Wagering Systems, version 1.1) contain the same binding requirement at section A.4.2. Player funds must be held either in trust for the player in a segregated account, or in a special-purpose segregated account controlled by a properly constituted corporate entity independent of the operator, with one or more independent corporate directors on its governing board. Section A.4.2 further requires that procedures are in place to prevent commingling of funds in the segregated account with any other funds, including, without limitation, funds of the operator.

Section A.4.1 of both standards separately addresses operator reserves: the operator must maintain and protect adequate cash reserves as determined by the regulatory body, with segregated accounts covering funds held for player accounts and operational funds used to cover liabilities such as unclaimed winning wagers and potential winning wagers for the gaming day.

The practical consequence is a minimum of two accounting pools: a player-funds pool (anti-commingling enforced, under A.4.2) and an operator-reserves pool (sized to cover all outstanding liabilities, under A.4.1). These are distinct concepts. The player-funds pool holds actual player deposits and winnings pending withdrawal. The operator-reserves pool holds the funds the operator needs to settle wagers that have not yet been paid out. GLI-certified systems must be able to demonstrate through auditable logs that neither pool is used to fund ordinary operating expenses, and that a draw from the reserves pool does not create an accounting entry against the player-funds pool.

How Does This Work in Practice: Does a Player’s Balance Need to Map to a Bank Account?

Compliance teams frequently face this question when designing multi-jurisdiction wallet systems. The answer across UKGC, MGA, and GLI standards is consistent: the player ledger balance must be reconcilable to a real bank-account balance, but the bank account need not mirror individual player accounts one-for-one.

A single pooled bank account holding the aggregate of all player balances is acceptable under each regime, provided the accounting system can produce a real-time reconciliation showing that the total funds on deposit equal the sum of all individual player balances. Any shortfall between the bank balance and the aggregate player ledger balance constitutes a compliance breach. Operators running intraday settlement cycles must document how the reconciliation is managed during the settlement window, because during that window a mismatch may technically exist between the bank account position and the ledger position. For detailed guidance on managing these settlement-window mismatches, see our technical guide on intraday settlement and reconciliation best practices.

Ontario’s Conduct-and-Manage Model: A Structurally Different Architecture

The Ontario framework introduces a model that differs fundamentally from European segregation regimes. Under the Operating Agreements between gaming operators and iGaming Ontario (iGO), operators accept bets and pay winnings on behalf of and as agent for iGO. iGO is the principal gaming entity, conducting and managing gaming pursuant to the Gaming Control Act, 1992. The operator is iGO’s agent.

The fund-flow consequence is significant. Gaming operators remit all wagers less winnings and eligible deductions to iGO, which then remits 80% back to each operator as variable compensation for online services. iGO’s own published financial statements for 2024, 2025 confirm that performance security submitted by gaming operators is held by iGO in a segregated bank account at a federally regulated chartered bank insured by the Canadian Deposit Insurance Corporation. Performance security may be provided as cash deposits, letters of credit, surety bonds, or other instruments acceptable to iGO.

iGO “maintains the required balance in a segregated bank account for amounts due to Gaming Operators” and holds “letters of credit or cash deposited by the Gaming Operators… as part of performance security pursuant to the Operating Agreement with each operator.”, iGaming Ontario Financial Statements, year ended 31 March 2025.

This architecture means an Ontario-registered operator does not directly “hold” player funds in the European sense. Player balances are liabilities of the operator-as-agent toward iGO and toward players, but iGO itself is the entity that maintains the segregated institutional account. Operators entering Ontario from a UKGC or MGA background need to model this explicitly in their group wallet architecture, because the UKGC’s LCCP condition 4.1 definition of “holding customer funds” does not map cleanly onto the Ontario agency model.

Alberta’s AGLC framework, launching from 13 July 2026 under the Standards and Requirements for Internet Gaming (SRIG, dated 17 March 2026), closely mirrors the Ontario conduct-and-manage model. The AML obligations in AGLC SRIG require operators to maintain AML/TF programs compliant with the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and align internal controls with those of the designated reporting entity under PCMLTFA. These controls interact with the wallet architecture because suspicious transaction reporting (STR) obligations require the system to flag and hold transactions pending investigation, which creates a temporary mismatch between the player’s displayed balance and the funds available for withdrawal.

Sweden’s Spellag: One Account, One Payment Service, No Transfers

Chapter 13 of Sweden’s Spellag (2018:1138) imposes structural constraints that go beyond fund protection into account architecture itself. Section 5 of Chapter 13 provides that a licensee may only receive deposits to a player account from a payment service provider operating under the Payment Services Act (2010:751). Cash deposits are prohibited entirely. Section 6 provides that funds, gaming tokens, or similar instruments may not be transferred between player accounts. Section 7 requires that funds a player has deposited with a licensee must be paid out to the player immediately upon request.

The no-transfer-between-accounts rule in Chapter 13, Section 6 has a direct architectural implication for multi-brand operators. A player’s balance on Brand A cannot be moved programmatically to Brand B even if both brands operate under the same Swedish licence, unless the licensee offers games under different web addresses. LIFS 2018:5 (the predecessor technical standards from Lotteriinspektionen) confirmed that a player may hold more than one account under a licence that operates multiple web addresses, but the licensee must still be able to identify and consolidate all accounts belonging to the same player. The practical outcome is that transfers between a player’s accounts on different brands must be routed as a withdrawal from one account and a deposit to the other via the registered payment service, not as an internal ledger transfer.

Spelinspektionen’s SIFS 2022:3 and LIFS 2018:4 guidelines further require that when a player deposits, the licensee must be able to verify that the declared bank account or payment service holder is the same person as the player account holder. This verification must be repeated when the player changes a bank card, bank account, or other payment service. For multi-jurisdiction operators with centralised KYC systems, this verification step must be triggered per-jurisdiction, not satisfied by a group-level KYC clearance that was completed under a different regulator’s standard.

FX Handling and Multi-Currency Reconciliation

Operators serving players in multiple currency zones must adopt an explicit FX policy that addresses three problems: which rate applies when a player deposits or withdraws in a currency different from the licensee’s functional currency, how unrealised FX gains or losses are treated relative to the player’s notional balance, and how each jurisdiction’s player-funds total is reconciled against the relevant bank account when both are denominated in different currencies.

No major regulator prescribes the specific FX mechanism. UKGC LCCP Condition 4.2.1 requires disclosure of the protection method but does not mandate a currency treatment. MGA Directive 2 of 2018 requires that player funds accounts be sufficient to cover liabilities toward players, which implicitly requires FX risk to be managed so that the bank balance (in whatever currency it is held) always equals or exceeds the aggregate player ledger at the applicable exchange rate. An operator holding EUR-denominated player funds against GBP player balances introduces currency risk into what is functionally a player-protection reserve: if sterling strengthens between deposit and withdrawal, the EUR account may be insufficient to cover all sterling liabilities at the withdrawal-time rate.

In practice, operators operating at scale use a functional-currency approach: each jurisdiction’s player funds pool is held in the local currency of that jurisdiction (GBP for UK players, EUR for MGA players, CAD for Ontario and Alberta players, SEK for Swedish players), with intraday sweeps used to maintain each pool above 100% of aggregate player liability in that jurisdiction. The FX gain or loss on any residual conversion is treated as an operational item, never as a charge against the player-funds pool. Settlement between the player-funds pools and the group treasury account occurs after, not before, the reconciliation confirms that each pool is fully covered.

Reconciliation Patterns for Multi-Jurisdiction Operators

Multi-jurisdiction operators typically structure their reconciliation cycle around three layers. The player-level reconciliation confirms that each player’s ledger balance matches the sum of their recorded transactions, typically run in real time or near-real time by the gaming platform. The jurisdiction-level reconciliation confirms that the aggregate of all player balances in a given jurisdiction matches the dedicated bank account for that jurisdiction, typically run at least daily and more frequently during periods of high transaction volume. The group-level reconciliation consolidates across jurisdictions, confirms the overall player-liability exposure in functional currency terms, and feeds the performance security or trust calculations that each regulator requires.

Audit trails must capture not only the current state of each reconciliation but also any intraday mismatches, the reason for each mismatch, and the time taken to resolve it. GLI-19 section A.4.2 requires that procedures are “reasonably designed” to ensure funds are safeguarded and accounted for. Spillemyndigheden’s certification standards for online casino (SCP.02.03) require that all released funds be paid out following a self-exclusion closure, which means the reconciliation must be able to identify and ring-fence a specific player’s balance pending payout in real time. These jurisdiction-specific triggers need to be built into the group reconciliation framework, not treated as edge cases to be handled manually.

Regulator	Minimum protection standard	Bank location constraint	Regulator audit access
UKGC	Disclosure required, four-tier rating, high = statutory trust	None specified (domestic or offshore)	Rating disclosure to players, Commission may inspect records
MGA	Segregated and separately identifiable at all times	Malta, or EU/EEA, or MGA-approved jurisdiction	Viewing rights over common account and funds in transit at sole MGA discretion
AGCO / iGO	Performance security held by iGO in segregated bank account	Federally regulated chartered bank in Canada (CDIC-insured)	iGO holds and controls the performance security pool
AGLC (Alberta)	AML/TF program aligned with PCMLTFA, FINTRAC reporting entity model	Canada (consistent with PCMLTFA obligations)	AGLC inspection rights, FINTRAC reporting obligations
Spelinspektionen	Deposits from licensed payment service only, no inter-account transfers, immediate on-request payout	Licensed payment service under Payment Services Act (2010:751)	Licensing and inspection rights, SIFS compliance verification

AML Intersections: When Fund Holds Conflict with Segregation Obligations

AML transaction monitoring creates a specific tension in wallet architecture. When a suspicious transaction report is generated or an account is placed under review, the operator typically places a hold on the player’s balance pending investigation. Under UKGC LCCP, funds subject to a Proceeds of Crime Act tipping-off restriction must not be disclosed to the player, but the funds themselves must continue to be properly accounted for. Under MGA Directive 2 of 2018, the player funds remain subject to the segregation and identifiability requirements even when an account is frozen. Under PCMLTFA in Canada, a reporting entity must file an STR with FINTRAC within 30 days of detecting a suspicious transaction, but the obligation to hold the funds pending law enforcement direction is separate and requires specific legal authority.

The reconciliation implication is that a frozen balance must remain visible in the player-funds pool reconciliation, not reclassified as an operational item. Operators who reclassify frozen funds pending AML investigation, even temporarily, create a reportable mismatch between the player ledger and the player-funds bank account. The correct treatment is to maintain the frozen balance within the player-funds pool, flag it as restricted, and document the restriction reason and authority in the audit trail.

Operators holding multi-jurisdiction licences and running centralised AML systems must also be aware that Gibraltar’s AML Code of Practice for Remote Gambling (2026 update) and the MGA’s FIAU-aligned implementing procedures treat cross-border fund flows between player accounts (for example in peer-to-peer games or poker chip-dumping) as a specific ML/TF risk category, separate from ordinary deposit and withdrawal monitoring. This affects wallet architecture because peer-to-peer transfers between accounts on the same platform must be logged and flagged, not treated as internal ledger entries that bypass AML screening.

Designing the Multi-Jurisdiction Wallet: Practical Architecture Principles

A multi-jurisdiction operator seeking to satisfy all five regimes simultaneously should structure its wallet architecture around five principles, derived from the primary obligations identified above.

Per-jurisdiction currency pools. Maintain a dedicated bank account for player funds in each jurisdiction’s functional currency, sized at all times to cover 100% of aggregate player balances in that jurisdiction. This satisfies MGA Article 32(3), the UKGC’s implicit solvency requirement for any protection level above “not protected,” and the Spellag’s immediate-payout obligation.

Anti-commingling at the account level. No single bank account should contain both player funds and operational funds. GLI-19 and GLI-33 section A.4.2 require this explicitly. The operator-reserves account required by GLI A.4.1 should be separate from the player-funds account, funded from operating revenue after each reconciliation cycle confirms all player liabilities are covered.

MGA-compatible institutional selection. Every bank, payment institution, or clearing intermediary that holds or transits MGA player funds must be licensed in Malta, the EU/EEA, or an MGA-approved jurisdiction, and must have signed authorisations in place to comply with MGA viewing-rights requests. Routing MGA player funds through a non-compliant intermediary even temporarily breaches Article 33(1).

Agency-model accounting for Ontario and Alberta. Transactions through iGO and AGLC must be accounted for within the group wallet architecture as principal-agent flows, not as ordinary player-balance entries. The performance security held by iGO is not an asset of the operator, it is a contingent liability instrument. The group balance sheet and the player-liability reconciliation must reflect this distinction to avoid misrepresenting the operator’s own financial position to both its shareholders and its regulators.

Documented FX policy with rate-lock at deposit. For each currency pair, the group’s FX policy should specify a rate source, a rate-lock point (typically the exchange rate at time of deposit, applied to both the player’s nominal balance and the operator’s hedging position), and a settlement cycle that ensures no jurisdiction’s player-funds pool falls below 100% of aggregate liability at any intraday measurement point. The policy should be reviewed and approved by the compliance function and documented as a standing control in the AML/compliance policy framework.

Operators entering new jurisdictions should consult qualified legal counsel in each relevant jurisdiction to confirm that their group wallet architecture satisfies local law requirements, particularly where local insolvency law or consumer protection legislation may affect the legal characterisation of fund-protection arrangements beyond what the regulator’s licensing rules require. For practical examples of how to implement these principles, review our case study on multi-jurisdiction wallet deployment at multi-jurisdiction wallet architecture implementation.

Key Resources

UKGC Licence Conditions and Codes of Practice (LCCP), Operating Licence Condition 4, Protection of Customer Funds, version effective 6 April 2026. Available at gamblingcommission.gov.uk.

MGA Player Protection Directive (Directive 2 of 2018, version 3, January 2023), Articles 32, 34 on fund segregation and viewing rights. Available at mga.org.mt.

GLI-19 Standards for Interactive Gaming Systems, version 3.0, Section A.4 (General Operating Procedures, Operator Reserves, Protection of Player Funds). Available at gaminglabs.com.

GLI-33 Standards for Event Wagering Systems, version 1.1, Section A.4.1 and A.4.2 on segregated accounts and anti-commingling. Available at gaminglabs.com.

Spellag (2018:1138), Chapter 13 (Player Accounts), Sections 3, 7, on account architecture and payment-service restrictions. Available at riksdagen.se.

iGaming Ontario Financial Statements 2024, 2025, Note 4(d) and Note 5 on performance security and restricted cash. Available at igamingontario.ca.