Skip to content
Jurisdictions
Compliance
Insights
Tools
About
By Region
Regulator Profiles
Comparisons
Featured
Updated monthly
Ontario iGaming Market Dashboard
Live KPIs, product mix, anomalies + 3-month forecast from the latest iGaming Ontario release.
Data product · refreshed each month
 New cornerstone
Curaçao GCB Licence Regime
3,650 words on the post-LOK transition — explorer + cornerstone profile published this week.
19 jurisdictions · LATAM big-4 complete
 First three-way
Brazil vs Colombia vs Peru
Three LATAM regulatory philosophies side by side — fees, AML, RG, market entry.
Comparison · 3,650 words
2,151 standards indexed across 19 jurisdictions View the Atlas
Hubs
Standards & Frameworks
Top Topics
Featured Hub
Just launched
Responsible Gambling Hub
29 topics covering self-exclusion, deposit limits, RG officer training, treatment-helpline levies — daily fresh content via agentic generation.
Daily · 12:00 UTC pipeline
 62 topics
AML & Financial Compliance
PCMLTFA, BSA, FinCEN, AMLA, MGA-AML, UKGC-AML — statutory frameworks + jurisdiction-specific obligations.
Daily · 11:00 UTC pipeline
3 hubs live · 3 more in the pipeline See all compliance topics
By Category
Series
Browse
Latest
7 minutes ago
FINTRAC PEP and HIO Enhanced Due Diligence: Casino Obligations Under the PCMLTFR
Canadian casinos face distinct EDD obligations for foreign PEPs, domestic PEPs, and HIOs under PCMLTFR ss. 122-124. Know the triggers and approval…
AML & KYC
 1 hour ago
GLI-GSF-3: Security Controls Non-Gaming Vendors Must Satisfy to Integrate with a Gaming Enterprise
GLI-GSF-3 v1.0 defines binding VGIS security controls for vendors connecting non-gaming apps to a gaming production environment. Learn what payment processors and…
GLI Certification
Daily news + multi-week series Browse all insights
Live tools
Directory
Interactive — Coming soon
New
Just launched
iGaming Tax Calculator 2026
All-in tax burden across 10 jurisdictions. Live recalc, animated Pressure Map, every rate one click from the statute it came from. UK 40% RGD, France 59.3%, Curaçao 0% — primary-source verified.
10 jurisdictions · Verified May 2026
Shortcut
Cmd-K to search
From anywhere on the site, hit ⌘ K to open the standards palette. 1,524 indexed.
3 tools live · 4 interactive tools in development Roadmap
Alcohol and Gaming Commission of Ontario — Registrar's Standards for Internet Gaming

All 196 Ontario standards,
organised by risk theme

A searchable, filterable index of every Registrar's Standard for Internet Gaming in Ontario. Each standard is grouped by the risk theme the Registrar has published, tagged editorially for the player-protection categories our team tracks most closely, and presented with its principle and supporting requirements. Use it to orient on the rules that govern Ontario's regulated iGaming market.

Editorial summary, not legal advice. Every card on this page is a plain-English summary of the regulator's own rule, cross-checked against the primary source. Always verify against the published text before filing, launching, or advising.
Comprehensive coverage
196 Standards
199 Requirements
0 RG priority
5 Categories
Theme 1: Entity Level 22 Theme 2: Responsible Gambling 27 Theme 3: Player Account Management 23 Theme 4: Game Integrity and Player Awareness 39 Theme 5: Information Security and Protection of Assets 82 Theme 6: Minimizing Unlawful Activity 3
Showing all 196 standards
1
Theme 1

Entity Level

Ensure registered operators and gaming-related suppliers maintain sound governance, honest dealings with the Registrar, and a control environment that supports the integrity of Ontario's iGaming market.

22 standards 8 player-flagged
36%
player-flagged
Regulatory risks this theme addresses
  • Operators with weak governance or unclear accountability for compliance outcomes
  • Poorly screened personnel with access to player funds, data or game controls
  • Third-party marketers driving traffic to unregistered Ontario gaming sites
  • Inadequate complaint handling leaving players without recourse
Management Integrity 1
S1.01

Commitment to character, integrity and high ethical values

Applicable personnel must demonstrate character, integrity and high ethical values through attitude and action.

Requirements
  • Adhere to all applicable laws and regulations
  • Respond in a timely way to auditor letters and Registrar findings
  • Maintain a code of conduct addressing conflicts of interest and transparency
Sound Control Environment 3
S1.02

Development and implementation of formal control activities

Operators and suppliers must build formal control activities addressing regulatory risks, with periodic effectiveness reviews and adjustments.

Requirements
  • Establish periodic reviews and document remediations
  • Communicate substantial changes to the Registrar
  • Make controls available to the AGCO on request
S1.03

Documentation of management overrides

Any control activity override must be clearly documented, reported to governance, and approved by at least two senior managers.

Requirements
  • Minimum two senior-manager approvals
  • Report each override to the Board or governance structure
  • Retain documentation for audit
S1.04

Controls supporting financial reporting compliance

Operators must operate controls that ensure financial reports comply with applicable accounting standards and practices.

Organizational Structure and Capabilities 5
S1.05

Personnel security screening

A screening process appropriate to each role must cover directors, officers, employees, agents and consultants.

S1.06

Employee competence and training

Employees must have the competence, skills, experience and training needed to execute their assigned control activities.

Requirements
  • Train control-activity staff on the control environment and regulatory risks
  • Ensure staff understand the Standards and Requirements
S1.07

Organizational structure and duty segregation

Structures must promote sound control environments with duty segregation that minimizes collusion and unauthorized activities.

Requirements
  • Document authority and responsibility with appropriate supervision
  • Review segregation of duties via internal audit
  • Maintain current organizational charts for the Registrar
S1.08

Management accountability and authority

Management must understand its accountability and authority for the control environment through appropriate training and knowledge.

S1.09

Information and compliance documentation retention

Compliance logs and related information must be retained for a minimum of three years unless otherwise specified.

Oversight 5
S1.10

Organized compliance documentation and audit access

Standards compliance must be documented and organized so independent oversight functions can review and audit it.

Requirements
  • Management-approved analysis and review of documentation
  • Grant auditors access to relevant systems and documentation
  • Third-party audits may be directed by the Registrar at operator expense
S1.11

Board accountability for compliance

Primary compliance accountability sits with the Board or governance structure, with documented evidence of execution.

Requirements
  • Stand up an independent compliance oversight function
  • Internal audit regularly audits the compliance framework
  • Compliance and audit report directly to the Board with unrestricted access
S1.12

Independent whistleblowing process

An independent anonymous reporting process must let employees raise control deficiencies, non-compliance or legal violations.

Requirements
  • Whistleblower issues are addressed and communicated to the Board in a timely way
S1.13

Transparent engagement with the Registrar

Registrants must engage transparently with the Registrar on compliance, integrity and operations.

Requirements
  • Report integrity-affecting incidents per the notification matrix
  • Report non-compliance with corrective action plans
  • Make data, information and documents available on request
S1.14

Investigator access to monitor and participate in games

Operators must ensure OPP or Registrar investigators can monitor and participate in games.

Customer Service 3
S1.15

Player contact mechanism for issues and complaints

Player Rights

A timely mechanism must let players contact operators about accounts, funds, gameplay or Standards compliance, with Registrar notification per the matrix.

S1.16

Recording and timely resolution of complaints

Player Rights

Player complaints, disputes and inquiries must be recorded and addressed in a timely, fair, transparent and appropriate manner.

Requirements
  • Publish clear service standards accessible to players
  • Resolve disputes under Ontario and Canadian law
S1.17

AGCO information accessibility to players

Player Rights

Relevant information about the AGCO must be displayed and easily accessible to players.

Third-Party Management 4
S1.18

Contracting only with reputable suppliers

Affiliate Rules

Operators and suppliers must contract only with reputable counterparties.

S1.19

Operator responsibility for third-party conduct

Affiliate Rules

Operators bear responsibility for third-party actions and must require contractors to comply as if bound by the same laws, regulations and standards.

S1.20

Supplier list maintenance

Affiliate Rules

Operators and suppliers must maintain supplier lists for goods or services related to lottery schemes and make them available to the Registrar on request.

S1.21

Affiliate marketing restrictions

Affiliate Rules

Operators must ensure compensated third-party marketers do not provide direct-to-consumer services for unregistered Ontario gaming sites.

Unregulated Activities 1
S1.22

Cessation of unregulated activities requiring registration

Affiliate Rules Player Rights

Operators and suppliers must stop unregulated activities that require registration and not contract with unregistered providers of registrable goods or services.

2
Theme 2

Responsible Gambling

Prevent and minimize gambling-related harm through policy, marketing restraints, informed-decision tools, harm-identification monitoring, self-exclusion and game-design constraints that slow play and reveal net position.

27 standards 27 player-flagged
100%
player-flagged
Regulatory risks this theme addresses
  • Marketing that targets minors, high-risk or self-excluded persons
  • Game mechanics that accelerate losses or mask net position
  • Weak self-exclusion programs that fail to prevent excluded players from returning
  • Players unable to set or enforce deposit, loss and time limits
Policies and Culture 2
S2.01

Harm identification and prevention policies

RG Critical

Operators must implement policies identifying, preventing and minimizing gaming harms, reviewed regularly and communicated to all staff.

Requirements
  • Integrate RG policies into control activities
  • Evaluate current best practices and employee feedback
  • Consult stakeholders on harm impact
  • Assess staff understanding of policies
S2.02

OLG and iGaming Ontario responsible gambling policies

RG Critical

Provincial agencies must implement policies that identify and prevent player harm across their gaming operations.

Marketing and Advertising 5
S2.03

No targeting of high-risk, underage or self-excluded persons

Bonus & Ads RG Critical

Marketing materials cannot target minors, high-risk persons or self-excluded individuals, and cannot include underage imagery.

Requirements
  • No themes or language appealing primarily to minors
  • No placement near schools or youth venues
  • No cartoons, celebrities or athletes likely to appeal to minors
S2.04

Truthful and non-misleading marketing

Bonus & Ads

All marketing must be truthful and cannot mislead regarding products, odds or outcomes.

Requirements
  • Do not suggest gaming solves problems or fulfills obligations
  • Do not portray gaming as an employment alternative
  • Do not encourage loss recovery through continued play
S2.05

Restrictions on inducement advertising

Bonus & Ads RG Critical

Advertising gambling inducements, bonuses and credits is prohibited except on an operator's gaming site and to consenting direct-marketing recipients.

Requirements
  • Restricted to operator site and direct marketing with active consent
  • No public or algorithm-based advertising of bonuses
S2.06

Inducement and bonus disclosure

Bonus & Ads Player Rights

Any bonus or credit advertising must disclose material conditions prominently and avoid misleading "free" or "risk-free" language.

Requirements
  • Material terms displayed at first presentation; others one click away
  • Cannot claim "free" if player risks own money
  • Cannot claim "risk-free" if player incurs loss or risk
S2.07

Opt-in consent for direct marketing

Bonus & Ads Player Rights

Players must actively opt in to receive inducement marketing and must be able to withdraw consent at any time.

Requirements
  • Active consent required before direct marketing
  • Simple method to withdraw consent
Supporting Informed Decision Making 2
S2.08

Systematic dissemination of RG information

RG Critical

Operators must systematically provide accessible information enabling informed responsible-play choices.

Requirements
  • RG materials covering game mechanics, misconceptions, safer behaviours, harms and support
  • Financial and time limit information readily available
  • Self-exclusion information prominent and accessible
S2.09

Registration page RG resources display

RG Critical

Registration pages and pages within the player account must prominently display an RG statement, online link and the ConnexOntario number.

Requirements
  • Link to comprehensive RG resource page
Identifying and Assisting Individuals Experiencing Harm 2
S2.10

Player risk profile monitoring

RG Critical

Operators must monitor player risk profiles and behaviours to detect signs of potential harm.

Requirements
  • Include high-risk player profiles in monitoring systems
S2.11

Readily available assistance for harmed players

RG Critical Player Rights

Help for potentially harmed players must be readily available and systematically delivered.

Requirements
  • Staff knowledgeable about help resources
  • Contact for Ontario harm-treatment services
  • Tailored interventions by harm severity
  • 24/7 live customer support
Employee Training 1
S2.12

Employee understanding of RG principles

RG Critical

All staff must understand RG's importance and recognize problem-gambling signs.

Requirements
  • Mandatory, regularly refreshed training for all employees
  • Specialized training for player-facing staff
  • Training reflecting best practice research and feedback
Self-Exclusion and Breaks in Play 2
S2.13

Breaks in play (short-term)

RG Critical

Players must have access to short-term play breaks separate from formal self-exclusion.

Requirements
  • User-initiated breaks
  • 1-day, 1-week, 1-month, 2-month or 3-month options
  • Wagering prevented during break
S2.14

Voluntary self-exclusion program

RG Critical Player Rights

Operators must offer an accessible, well-promoted voluntary self-exclusion program letting players exclude themselves permanently or temporarily.

Requirements
  • Efficient, support-oriented registration
  • 6-month, 1-year and 5-year exclusion periods
  • Immediate logout and account lockdown on enrollment
  • Marketing prevention during exclusion
  • Active wager refund if excluded before event starts
Game Design and Features 11
S2.15

Clear game designs that do not mislead

Game Design RG Critical

Game designs must be clear and truthful, not misleading on outcome determinants or speed-of-play effects.

Requirements
  • No false perception that speed or skill affects outcomes
  • No variable secondary decisions altering displayed results
  • Free-to-play games must match money-play odds
S2.15.1

Straightforward sport and event betting methods

Game Design Player Rights

The method of making bets in sport and event betting must be straightforward and understandable, with clear player communication.

Requirements
  • Parlays clearly identified
  • Player notification of acceptance/rejection
  • Option to confirm or withdraw when odds change pre-confirmation
  • Manual opt-in for automatic change acceptance
S2.15.2

Access to betting information without placing bets

Game Design Player Rights

Players must access betting information without placing bets, including odds, payouts and current pool values.

S2.15.3

Reputable data sources for bet outcomes

Game Design

Reputable and legitimate data sources must be used to determine bet outcomes and must be disclosed on request.

S2.16

Prevent extended and impulsive play

Game Design RG Critical

Game features must prevent extended or impulsive play and encourage lower-risk behaviours.

Requirements
  • No features encouraging loss chasing or increased wagering
  • Auto-play prohibited for slots
  • Individual game commitment required per cycle
S2.17

No simultaneous multiple slots play

Game Design RG Critical

The gaming system must not offer functionality facilitating play of multiple slots games at the same time, including split-screen features.

S2.18

Minimum 2.5-second gap between game cycles

Game Design RG Critical

A minimum of 2.5 seconds must elapse between game cycles; players must consciously initiate each cycle through a button release-and-depress action.

Requirements
  • 2.5-second minimum between cycles
  • Start button release-and-depress required
S2.19

No reducing time to result presentation

Game Design RG Critical

For slots, the gaming system must not permit a customer to reduce the time until the result is presented (no turbo or quick-spin).

S2.20

Audio/visual win effects only for net wins

Game Design RG Critical

For slots, winning audio and visual effects cannot accompany returns equal to or less than the wager amount.

S2.21

Display net session position for slots

Game Design RG Critical

For slots, gaming sessions must clearly display the customer's net position (total winnings minus total losses since session start).

S2.22

Time passage tracking

Game Design RG Critical

Players must have a visible means to track elapsed time during gaming sessions.

Limit Setting Features 2
S2.23

Easy deposit and time-based limit setting

RG Critical Player Rights

Players must easily set financial and time-based limits at registration and at any time afterwards.

Requirements
  • Loss and deposit limit options during registration
  • Deposit, loss and time-based limit options
  • Duration options including 24 hours, 7 days, 1 month
S2.24

Cooling-off for relaxing limits

RG Critical Player Rights

Any player request to relax or remove a limit requires a 24-hour minimum cooling-off period before implementation.

Requirements
  • No limit modification without explicit player request
  • 24-hour waiting period enforced
3
Theme 3

Player Account Management

Restrict gaming to eligible individuals in Ontario, collect and validate registration data, authenticate players before play, maintain auditable account records, and provide deactivation and fund-recovery rights.

23 standards 13 player-flagged
57%
player-flagged
Regulatory risks this theme addresses
  • Minors or self-excluded persons obtaining accounts
  • Players accessing iGaming from outside Ontario
  • Insider betting by athletes, officials or governing-body personnel
  • Players unable to deactivate accounts or recover funds
Eligibility 4
S3.01

Restriction to eligible individuals

RG Critical Player Rights

Only eligible individuals are permitted to create a player account; only valid account holders are permitted to log on and gamble.

Requirements
  • Minors under 19 cannot play (18+ for lottery tickets); self-excluded prohibited
  • Court-ordered restrictions and AGCO exclusions enforced
  • Officers, board members, AGCO/OLG employees restricted
  • Ineligible individuals cannot claim prizes (except self-excluded)
S3.01.1

Prohibited insider betting

Operators must actively prevent individuals with insider information or decision-making authority from betting on events they influence, and meet sport-governing-body integrity standards.

Requirements
  • Persons with non-public information or influence cannot bet on relevant events
  • Athletes, coaches, managers, owners, referees prohibited from betting on sport-governing-body events
  • 10%+ owners of governing bodies or teams cannot bet on related events
  • Inform integrity monitors and governing authorities of violations
S3.02

Gaming limited to Ontario

Games on gaming sites may only be provided within Ontario, unless conducted jointly with another provincial government.

Requirements
  • Dynamic location detection; block unverified out-of-province play
  • Reasonable-interval location re-checks
  • Detection of software circumventing location verification
S3.03

Re-verification against prohibited lists

RG Critical

When prohibited/excluded lists change, all registered players must be re-verified for continued eligibility and removed if necessary.

Requirements
  • Re-verify players against updated lists
  • Prevent ineligible players from continuing to play
  • Periodically review accuracy of maintained lists
Registration and Account Creation 2
S3.04

Collection and validation of player information

Player Rights

Relevant player information must be collected and saved upon registration and demonstrated to be complete, accurate and validated before a player account is created.

Requirements
  • Collect name, date of birth, address, identification method, contact information
  • Gather AML/CTF-required information
  • Validate all information before account creation
S3.05

Player affirmation of information accuracy

Player Rights

Players must confirm that all registration information provided is complete and accurate before account creation.

Player Account Maintenance and Transactions 11
S3.06

Maintain complete and accurate player information

Player information must be kept complete and accurate.

Requirements
  • Processes to maintain current, accurate player records
S3.07

Player fitness-for-play affirmation

RG Critical

Players must confirm they are fit to participate before engaging in gameplay.

S3.08

Unique account identifiability

All player accounts must be uniquely identifiable.

S3.09

One account per player

RG Critical

Players may have only one player account per gaming site.

Requirements
  • System prevents creation of multiple accounts per player per site
S3.10

Auditable account event trails

There must be an auditable, logged trail of events relating to account creation, activation, deactivation and changes.

Requirements
  • Log identification and verification activities
  • Log player contracts and account modifications
S3.11

Terms acknowledgment and acceptance

Player Rights

Players must acknowledge and accept the account and gameplay terms before account creation, and accept material changes when logging in.

Requirements
  • Acknowledgment before account creation
  • Acceptance of material changes on login
  • Terms comply with Standards and Ontario law
S3.12

Player authentication and MFA option

Player Rights

All players must be authenticated before accessing their account and gambling; third parties may not access a player's account.

Requirements
  • Authentication required before account access
  • Multi-factor authentication offered to players
S3.13

Complete transaction recording

All player account transactions must be recorded and logged accurately and completely.

S3.14

Player access to account information

Player Rights

Player account information must be made readily available to the player.

S3.15

Clear transaction information availability

Player Rights

Players must easily access clear information about all account transactions and activities.

Requirements
  • Deposit/withdrawal history and current balance
  • Payment method, source of funds, login details
  • Gaming history, bets, settlement dates (sports)
  • Session and period-based wagering/winning/losing totals
S3.16

Unique and traceable transaction identification

All player account transactions must be uniquely identifiable and traceable to a single player account.

Deactivation and Dormant Accounts 6
S3.17

Notification of funds in dormant accounts

Player Rights

Reasonable efforts must be made to inform players of player funds remaining in dormant accounts.

S3.18

Player-initiated deactivation

RG Critical Player Rights

Players may deactivate their account at any time; once elected, the account is deactivated.

Requirements
  • Enable immediate deactivation on player request
S3.19

Operator-initiated deactivation authority

Operators may deactivate accounts when necessary for compliance or protection purposes.

Requirements
  • Document criteria and processes for operator-initiated deactivation
S3.20

Registrar-requested deactivation

Accounts must be deactivated upon Registrar direction.

S3.21

Information retention after removal

Removed player information must be retained per Standard 1.09 or other applicable retention requirements.

S3.22

Dormant/deactivated balance recovery

Player Rights

Players whose accounts become dormant or are deactivated must be able to recover the balance owing to them.

Requirements
  • Provide mechanisms for balance recovery
4
Theme 4

Game Integrity and Player Awareness

Ensure games are fair, honest and independently verifiable; that players get accurate pre-wager information; that outcomes are random, recoverable and settled per stated terms; and that betting integrity risks, faults and peer-to-peer manipulation are actively managed.

39 standards 28 player-flagged
72%
player-flagged
Regulatory risks this theme addresses
  • Games with uncertified RNGs or unverifiable outcomes
  • Speed, turbo and time-compression features that encourage impulsive play
  • Insider betting, match-fixing or coordinated peer-to-peer collusion
  • Fault-handling policies that favour the operator over the player
Game Integrity 16
S4.01

Fair, honest and independently verifiable gaming

Game Design

Gaming must be conducted fairly, honestly and independently verifiable through continuous monitoring.

Requirements
  • Continuous independent monitoring of lottery schemes and cash handling
  • Continuous logs for critical gaming systems covering accounting and game state
S4.02

Appropriate records of transactions and game state

Complete and accurate records must support investigations, dispute resolution and complaint handling.

Requirements
  • Records support Registrar investigations and dispute resolution
  • Track player information, gaming sessions and significant system events
S4.03

Compensating controls for logging interruption

When logging fails, compensating manual controls must be used where technically feasible.

S4.04

Custom and on-demand reporting

Gaming systems must provide flexible reporting capabilities to regulators in appropriate formats.

S4.05

Documented game specifications

Game Design

Game specifications must document objectives, wagers, operation methods, winning odds and operator advantage.

S4.06

Sufficient pre-wager player information

Game Design Player Rights

Players need comprehensive information about chances, gameplay and payouts before wagering.

Requirements
  • Accessible "how to play" pages
  • Odds, winning outcomes, restrictions, prize values
  • Circumstances for void games
S4.07

Accurate, non-misleading player information

Game Design RG Critical

In-play information must not misrepresent games or encourage harmful play patterns.

Requirements
  • No unachievable outcomes or "winning is probable" framing
  • No implication that chances increase with continued play
S4.08

Approval or certification of games and systems

Game Design

All games and RNG systems must be Registrar-approved or certified by an independent testing lab prior to provision.

S4.09

Secure provision and maintenance of gaming systems

Game Design

Gaming systems must be provided and maintained to ensure integrity, safety and security.

Requirements
  • Only approved/certified games and remote gaming servers
  • Immediately notify Registrar of integrity or security issues
  • Monitor, test and preserve logs throughout system lifespan
S4.10

Unavailability of games with suspected faults

Player Rights

Games with suspected fairness faults must be unavailable until resolved, with fair and reasonable decisioning.

S4.11

Logical separation of environments

Production, testing and development systems must be logically separated.

S4.12

Game outcome recoverability

Player Rights

Game outcomes should be recoverable where technically possible to enable fair player settlement.

S4.13

Defined fair-treatment fault policies

Player Rights

Operators must have defined, fair policies for treating players when faults occur.

Requirements
  • Policies are communicated clearly
S4.14

Game recreation to last communicated state

Games must be recreatable to their last communicated state to resolve incomplete transactions.

Requirements
  • Log elements and outcomes before display
  • Capture info to continue partially complete games
S4.15

Clear and timely display of bets and outcomes

Game Design Player Rights

Bets and outcomes must be clearly displayed with sufficient time for player review.

S4.16

Accurate and timely game payout

Player Rights

Games must pay out accurately, completely and within reasonable time after winning.

Collusion and Cheating 3
S4.17

Mechanisms to deter, prevent and detect collusion

Operators must have mechanisms to appropriately deter, prevent and detect collusion and cheating.

S4.18

Logging of detection activities

All detection activities must be logged for regulatory review and investigation.

S4.19

Clear player reporting process for cheating

Player Rights

Players need a clear, accessible process to report suspected cheating, collusion or bot activity.

Requirements
  • Simple, accessible reporting process
  • Investigate player complaints about unfair treatment
  • Make suspension/recovery policies available on request
Speed and Interruption 2
S4.20

Fair play despite system performance

Player Rights

Where interaction speed affects winning chances, operators must prevent unfair disadvantage from performance issues.

S4.21

Service interruption response

Player Rights

Service interruptions must be handled without disadvantaging players.

Requirements
  • Inform players that connection speed may affect games
  • Recover promptly; void bets where appropriate
  • Pay players the better outcome (winnings or refund)
Peer-to-Peer Games 2
S4.22

Measures to deter and detect bot use

Game Design

Operators must prevent the use of automated software providing unfair play advantages.

Requirements
  • Deter, prevent and detect bot software
  • Notify players that bot use constitutes cheating
S4.23

Fair treatment of peer-to-peer players

Player Rights

Peer-to-peer games must ensure players are treated fairly without disadvantage.

Requirements
  • Deter unfair behaviour, collusion and cheating
  • Prevent access to other players' information and self-play
  • Inform players accounts may close for cheating
Determination of Game Outcomes 5
S4.24

Game operation per specifications and terms

Game Design

Games must operate exactly as specified and bets settled per stated terms.

Requirements
  • Outcomes align with specifications and terms
  • All possible outcomes available unless clearly explained
S4.25

Bet commitment prior to outcome determination

Game Design

Bets must be committed before outcome determination; later wagers are voided and refunded.

S4.25.1

Fair and compliant sport/event bet settlement

Player Rights

Sport and event bets must settle fairly per terms and rules available to players when placed.

Requirements
  • Provide clear, prompt explanations for settlement decisions
S4.25.2

Results provision and account updates

Player Rights

Bet results and changes must be provided and account balances updated.

S4.25.3

Sport/event results data controls

Controls must ensure accuracy and timeliness of results data used for settlement.

Randomness of Game Outcomes 2
S4.26

Random selection mechanism for game elements

Game Design

A mechanism must randomly select game elements determining outcomes, independently and without correlation to play style or system load.

Requirements
  • Select seed values ensuring randomness
  • Uninfluenced by wager amount, play style or system load
  • Impervious to outside influences; failures detected quickly
S4.27

Monitoring and inspection of randomness mechanisms

Game Design

RNG mechanisms must be capable of being monitored and inspected to verify integrity.

Game Management 3
S4.28

Unchanging terms during sessions

Game Design Player Rights

Play terms must not change mid-session unless players are aware before wagering.

Requirements
  • Limit player-initiated interface changes
  • Display multi-state info; update jackpots and odds
  • Communicate odds changes (not retroactively)
S4.29

Secured and authenticated game sessions

Game sessions must be secured and verified as authentic.

S4.30

Player activity time-out

RG Critical

Automatic session time-outs must protect inactive players.

Downloadable Game Content 1
S4.31

Critical functions independent of end-user device

Game Design

All critical functions, including game outcome generation, must originate from the gaming system, not end devices.

Sport and Event Betting Integrity 3
S4.32

Risk management for betting integrity

Operators must mitigate integrity risks including insider betting and event manipulation.

Requirements
  • Controls identifying unusual/suspicious betting; report to monitors
  • Monitors disseminate reports to operators
  • Notify relevant entities on suspicious activity
S4.33

Authority to suspend betting or withhold funds

Player Rights

Operators may suspend betting or withhold funds for events with suspicious activity reports, fairly and reasonably.

S4.34

Sport and event betting criteria

Game Design

Only bets meeting criteria for outcome verification and integrity safeguards are permitted.

Requirements
  • Documentable, independently generated outcomes
  • Majority of participants 18+; supervised by sport body
  • No past-event, financial-market or synthetic-lottery bets
  • Exclude CHL minor-league sports
Live Dealer Game Integrity 2
S4.35

Restricted access to live dealer supplies

Access to live dealer gaming supplies must be restricted to those with a business need.

Requirements
  • Grant, modify, revoke access by employment and role with logging
  • Periodic independent review of privileges
S4.36

Controls preventing dealer compromise of integrity

Game Design

Controls must prevent live dealer presenters from compromising game integrity.

5
Theme 5

Information Security and Protection of Assets

Protect gaming data, systems and assets through an industry-standard IT control environment: access management, authentication, encryption, logging, change and incident response, resilience, and periodic assurance. Player funds deposits and withdrawals are gated on identity verification and financial-services authorization.

82 standards 15 player-flagged
18%
player-flagged
Regulatory risks this theme addresses
  • Unauthorized access to gaming systems or player data
  • Inadequate encryption of player PII or payment information
  • Service outages without tested disaster recovery or business continuity
  • Third-party suppliers operating below equivalent security standards
IT Control Environment 1
S5.01

Industry-standard IT control framework

A recognized industry standard framework shall be used to manage the information technology (IT) control environment to support compliance with the Standards and Requirements. (Also applicable to Gaming-Related Suppliers)

Security Management 11
S5.02

User access granted on business need

Users shall be granted access to the gaming system based on business need. (Also applicable to Gaming-Related Suppliers)

Requirements
  • Access privileges are granted, modified and revoked based on employment status and job requirements; all activities associated with these actions are logged
  • Access privileges are independently reviewed and confirmed on a periodic basis
S5.03

Access logging and traceability to individuals

Access to gaming information systems shall be monitored, logged and shall be traceable to a specific individual, either through the assignment of uniquely assigned accounts to individual users or such other reasonable method. (Also applicable to Gaming-Related Suppliers)

Requirements
  • All system accounts (or other accounts with equivalent privileges) shall be restricted to staff that provide IT support, and mechanisms shall be in place to secure and monitor use of those accounts
S5.04

Authorization to open system accounts

Processes shall be in place to ensure that only authorized individuals are permitted to open system accounts. (Also applicable to Gaming-Related Suppliers)

S5.05

Industry-accepted hardware and software components

Industry accepted components, both hardware and software, shall be used where possible. (Also applicable to Gaming-Related Suppliers)

S5.06

Security of interfaces and third-party connections

Any connection or interface between the gaming system and any other system, whether internal or external third party, shall be monitored, hardened and regularly assessed to ensure the integrity and security of the gaming system. (Also applicable to Gaming-Related Suppliers)

S5.07

Reliability, integrity and availability of the gaming system

Mechanisms shall be in place to ensure the reliability, integrity and availability of the gaming system. (Also applicable to Gaming-Related Suppliers)

Requirements
  • Operators shall ensure that a disaster recovery site is in place
S5.08

Physical security of gaming environment

There shall be a suitably secure physical environment in place to prevent unauthorized access to the gaming system and to ensure the protection of assets. (Also applicable to Gaming-Related Suppliers)

S5.09

Protection from threats, vulnerabilities, attacks and breaches

Gaming systems, infrastructure, data, activity logs and all other related components shall be protected from threats, vulnerabilities, attacks or breaches. (Also applicable to Gaming-Related Suppliers)

Requirements
  • All users shall be authenticated
  • The appropriateness and effectiveness of steps taken to harden technology components shall be regularly assessed
  • Patches to correct any security risks shall be updated regularly
S5.10

Security monitoring, logging and escalation

Security monitoring activities shall be logged in an auditable manner, monitored, promptly analyzed and a report prepared and escalated as appropriate. (Also applicable to Gaming-Related Suppliers)

Requirements
  • Attempts to attack, breach or access gaming system components in an unauthorized manner shall be responded to in a timely and appropriate manner
  • Intrusion attempts shall be actively detected and where possible prevented from causing disruption or outage of the gaming system
  • There shall be adequate logging to capture and monitor any attempts to attack, breach or access in an unauthorized manner any components of the gaming system
  • There shall be an appropriate escalation procedure
S5.11

Independent security assessments

Independent assessments shall be regularly performed by a qualified individual to verify the adequacy of gaming system security and all of its related components. (Also applicable to Gaming-Related Suppliers)

S5.12

Threat awareness and risk mitigation

Operators and gaming related suppliers must inform themselves of the current threats and risks to the security, integrity, and availability of the gaming systems and related components that they operate or supply. Operators must have in place policies and procedures to mitigate such risks and threats. Gaming related suppliers must inform their customers of any material threat or risk to the security or integrity of the gaming systems that they supply or operate. (Also applicable to Gaming-Related Suppliers)

Change Management 11
S5.13

Secure system development lifecycle

A system development lifecycle that considers security and processing integrity shall be in place for gaming system technology developed in-house. (Also applicable to Gaming-Related Suppliers)

S5.14

Due diligence on acquired gaming technology

Due diligence must be performed on all acquired gaming system technology to ensure security and processing integrity requirements are met. (Also applicable to Gaming-Related Suppliers)

S5.15

Testing strategy for technology changes

A testing strategy to address changes in technology shall be in place to ensure that deployed gaming systems operate as intended. (Also applicable to Gaming-Related Suppliers)

S5.16

Change documentation, review, testing and approval

All gaming system changes shall be appropriately, consistently and clearly documented, reviewed, tested and approved. (Also applicable to Gaming-Related Suppliers)

Requirements
  • All gaming system technology components are installed and maintained in accordance with the appropriate change management procedures
  • Requests for changes and maintenance of the gaming system are standardized and are subject to change management procedures
  • Emergency changes are approved, tested, documented, and monitored
  • Change management procedures shall account for segregation of duties between development and production
  • Only dedicated and specific accounts may be used to make changes
S5.17

Preventing unauthorized gaming system changes

Operators must have both preventative and detective measures in place to ensure that no unauthorized or unintentional changes are made to the gaming system.

Requirements
  • There must be a mechanism to validate that installed software is the certified software
S5.18

Post-implementation reviews

Post implementation reviews shall be performed to ensure that changes have been correctly implemented and the outcomes shall be reviewed and approved. (Also applicable to Gaming-Related Suppliers)

S5.19

Secure capture and storage of change documentation

All change related documentation and information shall be captured, stored and managed in a secure and robust manner. (Also applicable to Gaming-Related Suppliers)

S5.20

Software updates, patches and upgrades

The implementation of software related updates, patches or upgrades shall be regularly monitored, documented, reviewed, tested and managed with appropriate management oversight and approval. (Also applicable to Gaming-Related Suppliers)

S5.21

Hardware lifecycle and obsolescence

A mechanism shall be in place to regularly monitor, document, review, test and approve upgrades, patches or updates to all gaming-related hardware components as they become end of life, obsolete, shown to have weaknesses or vulnerabilities, are outdated or have undergone other maintenance. (Also applicable to Gaming-Related Suppliers)

S5.22

Release and configuration management

Appropriate release and configuration management processes with support systems shall be in place to support both software and hardware related changes. (Also applicable to Gaming-Related Suppliers)

S5.23

Use of dedicated accounts for changes

Only dedicated and specific accounts may be used to make changes. (Also applicable to Gaming-Related Suppliers)

Data Governance 5
S5.24

Data governance for integrity and protection

Data governance shall be in place to address data processing integrity and protection of sensitive data. (Also applicable to Gaming-Related Suppliers)

S5.25

Protection and backup of sensitive data

Sensitive data, including player information and data relevant to determining game outcomes, shall be secured and protected from unauthorized access or use at all times. (Also applicable to Gaming-Related Suppliers)

Requirements
  • The gaming system shall ensure that data is appropriately backed up in a manner that allows it to be completely and accurately restored
  • Data backups shall be stored off-site in a secure location and in accordance with applicable policies and laws
S5.26

Protection of player information (FIPPA)

Player Rights

Player information shall be securely protected and its usage controlled.

Requirements
  • Data collection and protection requirements for player personal information shall meet those set out in the Freedom of Information and Protection of Privacy Act (FIPPA)
  • Player personal information shall only be used for the lottery schemes conducted and managed respectively by the OLG or iGaming Ontario, unless there is prior approval
S5.27

Integrity of sensitive game data in transit

Communication of sensitive game data shall be protected for integrity. (Also applicable to Gaming-Related Suppliers)

S5.28

IT operations and incident management procedures

Procedures shall be established and documented for IT operations and incident management, including managing, monitoring and responding to security and processing integrity events. (Also applicable to Gaming-Related Suppliers)

Requirements
  • Proactive monitoring and detection of errors in the gaming system and related components shall be in place
  • Action shall be immediately taken to correct incidents of non-compliance with the Standards and Requirements or control activities
  • There shall be time synchronization of the gaming system environment and related components
  • Event data shall be retained to provide chronological information and logs to enable the reconstruction, review and examination of the time sequences of processing
Architecture and Infrastructure 7
S5.29

Security in depth across architecture

The gaming system architecture and all its related components shall demonstrate security in depth. (Also applicable to Gaming-Related Suppliers)

S5.30

Input validation

All gaming systems and devices shall validate inputs before inputs are processed. (Also applicable to Gaming-Related Suppliers)

S5.31

Minimal system disclosure to unauthorized users

The gaming system shall only display the minimum information about the gaming system to unauthorized users and during system malfunctions to minimize the risk of compromising the gaming system or the privacy of information. (Also applicable to Gaming-Related Suppliers)

S5.32

Secure remote access

All remote access methods shall be appropriately secured and managed. (Also applicable to Gaming-Related Suppliers)

S5.33

Wireless communication security

Use of wireless communication shall be secured and only used where appropriate. (Also applicable to Gaming-Related Suppliers) Guidance: the intent is to ensure that wireless communication is not present in areas where it could be potentially harmful (e.g. data centres).

S5.34

Hardening of components

All components shall be hardened as defined by industry and technology good practices prior to going live and as part of any changes. (Also applicable to Gaming-Related Suppliers)

Requirements
  • All default or standard configuration parameters shall be removed from all components where a security risk is presented
S5.35

Protection of DNS records

Access shall be appropriately restricted to ensure that the domain name server records are kept secure from malicious and unauthorized changes. (Also applicable to Gaming-Related Suppliers)

Data and Information Management 3
S5.36

Secure storage of private encryption keys

All private encryption keys shall be stored on secure and redundant media that are only accessible by authorized management personnel. (Also applicable to Gaming-Related Suppliers)

S5.37

Assessment of encryption algorithms and key lengths

Encryption algorithms and key lengths shall be regularly assessed for security vulnerabilities. (Also applicable to Gaming-Related Suppliers)

S5.38

Limiting loss of data and session information

The gaming system architecture shall limit the loss of data and session information. (Also applicable to Gaming-Related Suppliers)

System Account Management 10
S5.39

Timely account change, deactivation or removal

The gaming system shall be able to change, block, deactivate or remove system accounts in a timely manner upon termination, change of role or responsibility, suspension or unauthorized usage of an account. (Also applicable to Gaming-Related Suppliers)

S5.40

Secure authenticator and multi-factor authentication

A secure authenticator that meets industry good practices shall be used to identify users and their accounts to ensure that only authorized individuals are permitted to access their system account on the gaming system. (Also applicable to Gaming-Related Suppliers)

Requirements
  • The gaming system shall automatically lock out accounts where any identification and authorization requirement is not met after a defined number of attempts
  • Multi-factor authentication shall be implemented as part of a secure authenticator
S5.41

Unique user attribution for all access

The gaming system shall ensure that all access to the system is fully attributable to, and logged against, a unique user identification. (Also applicable to Gaming-Related Suppliers)

S5.42

Minimum access rights per account

Only the minimum access rights shall be granted to each system account on the gaming system and access rights shall be clearly documented. (Also applicable to Gaming-Related Suppliers)

S5.43

Disabling temporary and guest accounts

All temporary and guest accounts shall be disabled immediately after the purpose for which the account was established is no longer required. (Also applicable to Gaming-Related Suppliers)

S5.44

Periodic review of system accounts and access rights

System accounts and system access rights for the gaming system shall be regularly reviewed and updated. (Also applicable to Gaming-Related Suppliers)

S5.45

Log of account owners

A log of account owners shall be kept and regularly reviewed and updated. (Also applicable to Gaming-Related Suppliers)

S5.46

Approval and monitoring of administrator accounts

A mechanism shall be in place to ensure that the assignment of administrator accounts is approved by the Operator's management and that usage is monitored for appropriateness. (Also applicable to Gaming-Related Suppliers)

S5.47

Logging and response to inappropriate use

Inappropriate use of system accounts on the gaming system shall be logged, reviewed and responded to within a reasonable period of time. (Also applicable to Gaming-Related Suppliers)

S5.48

Reporting administrator account misuse

Inappropriate use of administrator accounts shall be reported to the Registrar in accordance with the notification matrix. (Also applicable to Gaming-Related Suppliers)

Software 20
S5.49

Software developed using industry good practices

Software used for the gaming system shall be developed using industry good practices. (Also applicable to Gaming-Related Suppliers) Note: these software Standards apply to modified commercial off-the-shelf software, proprietary developed software, and software specifically developed by the OLG or iGaming Ontario.

S5.50

Documented software development methodologies

Software development methodologies used shall be clearly documented, regularly updated and stored in an accessible, secure and robust manner. (Also applicable to Gaming-Related Suppliers)

S5.51

Software lifecycle management system

An appropriate system shall be in place to manage the software development and ongoing software management lifecycle. (Also applicable to Gaming-Related Suppliers)

S5.52

Segregation of software development roles

All software development roles shall be segregated during and after release of code to a production environment. (Also applicable to Gaming-Related Suppliers)

S5.53

Audit trail of code review and approval

An appropriate audit trail of authority and management review of code for software shall be established. (Also applicable to Gaming-Related Suppliers)

S5.54

Software security and access restrictions in development

Controls shall be in place to ensure software is appropriately secured and access is appropriately restricted throughout development. (Also applicable to Gaming-Related Suppliers)

S5.55

Management review and approval of software documentation

Authorized management staff shall review and approve software documentation to ensure that it is appropriately and clearly documented.

S5.56

Secure storage of source and compiled code

Source code and compiled code shall be securely stored. (Also applicable to Gaming-Related Suppliers) Guidance: compiled code could be digitally signed or hashed (including each time there is a change) in a manner that allows for external verification.

S5.57

Documented promotion of code through environments

The promotion or movement of code from testing through other environments to production shall be accompanied by the appropriate documentation and approvals. (Also applicable to Gaming-Related Suppliers)

S5.58

Production deployment by production support staff only

All promotion of code from development to production shall only be performed by production support staff and not by development staff. (Also applicable to Gaming-Related Suppliers)

S5.59

Testing environments separate from production

Appropriate testing environments shall be in place to allow for thorough testing of any code before it is put into production. (Also applicable to Gaming-Related Suppliers)

S5.60

Restricted developer access to production

Access to production environments shall be restricted from development personnel. (Also applicable to Gaming-Related Suppliers) Note: this does not preclude granting of temporary supervised access for conducting technical investigations that may only be performed on the production environment.

S5.61

No development code in production

Development code shall not be present in the production environment. (Also applicable to Gaming-Related Suppliers)

S5.62

Integrity verification of deployed software

A mechanism shall be in place to verify the integrity of the software that is deployed to production, including before changes are implemented, as well as on an ongoing basis. (Also applicable to Gaming-Related Suppliers)

S5.63

Release and configuration management for software

Appropriate release and configuration management systems shall be in place to support software development. (Also applicable to Gaming-Related Suppliers)

S5.64

Testing of third-party code

All code developed by a third party shall be tested to ensure it meets industry good practices and that it performs to meet its purpose prior to being added to the testing environment and prior to integration testing. (Also applicable to Gaming-Related Suppliers)

S5.65

Integration testing for third-party code

All code developed by a third party shall pass integration testing before it is added to production. (Also applicable to Gaming-Related Suppliers)

S5.66

Bug identification and remediation

Mechanisms shall be in place to ensure that bugs are identified and addressed prior to, and during, production. (Also applicable to Gaming-Related Suppliers)

S5.67

Quality assurance and testing during development

Quality assurance processes, including testing, shall take place during development and prior to the release of any code. (Also applicable to Gaming-Related Suppliers)

S5.68

Fit-for-purpose testing of components

All components, where appropriate, shall be tested for the purposes for which they will be used. (Also applicable to Gaming-Related Suppliers)

Deposits 1
S5.69

Deposit authorization and identity verification

RG Critical Player Rights

Players may be permitted to deposit funds into their player accounts only after the appropriate verifications and authorization.

Requirements
  • At a minimum, deposits shall be verified and authorized to ensure deposits made are appropriately authorized by a financial services provider
  • Cryptocurrency is not legal tender and shall not be accepted
Withdrawals 2
S5.70

Withdrawal authorization and identity verification

RG Critical Player Rights

Players are permitted to withdraw funds from their player account only after the appropriate verifications and authorization.

Requirements
  • Withdrawals shall be verified and authorized to ensure, before a withdrawal is permitted, that the withdrawal is being made by a holder of the account
  • Withdrawals shall be verified and authorized to ensure the withdrawal is being transferred to an account of which the player is a legal holder
S5.71

Timely and accurate withdrawals

Player Rights

Players are permitted to withdraw funds from their player account in an accurate and complete fashion and as soon as is practicable, subject to appropriate authorization and verification.

Funds Maintenance and Transactions 11
S5.72

Appropriate management of player funds

Player Rights

Player funds shall be clearly and appropriately managed.

S5.73

Holding of player funds in OLG / iGO accounts

Player Rights

All player funds deposited in respect of igaming lottery schemes conducted and managed by the OLG shall be held in an OLG account. iGaming Ontario shall take steps to ensure that all player funds deposited in respect of igaming lottery schemes conducted and managed by iGaming Ontario are subject to oversight by iGaming Ontario and available to players.

S5.74

No credit to players

RG Critical Player Rights

Operators shall not extend credit or lend money to players or refer players to credit providers or imply or infer that a player should seek additional credit to play games.

S5.75

No negative player balance

Player Rights

No player's account is permitted to have a negative funds balance. A player's account with a negative funds balance must be suspended and no transactions permitted after the negative funds balance arises. No transaction is permitted until the negative funds balance is eliminated. No bet will be accepted that could result in a negative funds balance. Guidance: this Standard is not intended to prohibit the resettlement of bets when reasonable and necessary.

S5.76

Clear, accessible display of player funds balance

Player Rights

Players shall be provided with a clear and accurate representation of their funds account balance that is easily accessible and readily available at all times. (Also applicable to Gaming-Related Suppliers)

Requirements
  • The player balance shall be displayed in Canadian dollars
S5.77

Disclosure of player account fees

Player Rights

Players shall be provided with unambiguous information about all player account fees prior to making a withdrawal or deposit.

S5.78

Disclosure of deposit and withdrawal rules

Player Rights

Players shall be informed clearly and specifically of all rules and restrictions regarding deposits and withdrawals and access to funds in connection with deposits and withdrawals.

S5.79

No transfers between player accounts

Player Rights

Funds shall not be transferred between player accounts.

S5.80

Accurate adjustments by authorized individuals

Player Rights

Adjustments to player accounts shall be made accurately and only by authorized individuals.

S5.81

Recording and logging of adjustments

Player Rights

Adjustments to player accounts shall be recorded and logged in an accurate and complete manner. (Also applicable to Gaming-Related Suppliers)

S5.82

Reasons provided for player account adjustments

Player Rights

Players shall be provided with accurate, clear and specific reasons for any adjustments made to their accounts. (Also applicable to Gaming-Related Suppliers)

6
Theme 6

Minimizing Unlawful Activity

Protect the integrity of Ontario's iGaming market from money laundering, terrorist financing and other unlawful activity through federal AML/CTF compliance, player identity verification, transaction monitoring and record retention.

3 standards
0%
player-flagged
Regulatory risks this theme addresses
  • Money laundering or terrorist financing through gaming accounts
  • Failure to verify player identity against government-issued ID
  • Suspicious transaction patterns going undetected
  • Insufficient record retention for FINTRAC and Registrar inspection
Anti-Money Laundering and Fraud Prevention 3
S6.01

Identify and prevent unlawful activities

Mechanisms shall be in place to reasonably identify and prevent unlawful activities at the gaming site.

Requirements
  • Conduct periodic risk assessments to determine the potential for unlawful activities, including money laundering, fraud, theft and cheat at play
  • Ensure that all relevant individuals involved in the operation, supervision or monitoring of the gaming site shall remain current in the identification of techniques or methods that may be used for the commission of crimes at the gaming site
  • Appropriately monitor player and employee transactions, including the ongoing analysis of incident reports and suspicious transactions for possible unlawful activity
  • Report suspicious behaviour, cheating at play and unlawful activities in accordance with the notification matrix
S6.02

AML policies aligned with PCMLTFA

Anti-money laundering policies and procedures to support obligations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) shall be implemented and enforced.

Requirements
  • Copies of all reports filed with FINTRAC and supporting records shall be made available to the Registrar in accordance with the established notification matrix
  • Operators shall ensure their anti-money laundering internal controls align with those of the designated reporting entity under the PCMLTFA
S6.03

Source of funds and suspicious activity

Reasonable measures shall be in place to identify and prevent suspected money laundering activities in the gaming site.

Requirements
  • Implement policies, procedures and controls that specify times and situations, based on the assessment of risk, where the Operator will ascertain and reasonably corroborate a player's source of funds
  • Implement risk-based policies and procedures that provide for escalating measures to deal with players who engage in behaviour that is consistent with money laundering indicators, including the refusal of transactions or exclusion of the player
  • Ensure that mechanisms are in place to share information, in a lawful manner, about high-risk or suspicious activities with other Operators which may also be subject to similar activities