AGLC Player-Protection Controls: Deposit Limits, Loss Limits, and Reality Checks Under the SRIG
Every mandatory responsible gambling control in the AGLC SRIG decoded: deposit limits, loss limits, cooling-off flows, reality checks, and the audit trail Alberta expects at go-live.
The Alberta Gaming, Liquor and Cannabis Commission’s Standards and Requirements for Internet Gaming (SRIG), issued January 14, 2026 and revised March 17, 2026 under authority of the Board Chair, places responsible gambling controls at the core of every registered operator’s product obligations. Section 3 of the SRIG, Social Responsibility, is not a general policy statement. It prescribes specific mechanics for deposit limits, loss limits, break-in-play flows, cooling-off periods, periodic reminders, and risk profiling that must be built into platform architecture before any wager is accepted on Alberta’s market, which opened July 13, 2026.
Product and compliance teams treating Section 3 as a checkbox exercise risk a non-trivial problem: the SRIG’s RG requirements are system-level obligations. They govern what the gaming system must enforce, not merely what a help page must say. The distinction matters enormously for teams scoping build timelines and ATF certification against Alberta’s Go-Live Compliance Guide.
Source: AGLC, Standards and Requirements for Internet Gaming (SRIG), Section 3: Social Responsibility, issued January 14, 2026, authority: Board Chair. Revised version dated March 17, 2026.
What Does the SRIG Require at Account Registration?
Players must be offered the option to set deposit limits and loss limits at the point of account registration. This is not a post-registration prompt. The SRIG requires the offer to be made during the account-opening flow itself. Registered Operators must also make financial and time limit functions easy to find, reach, and initiate or change at any time after the player has registered and opened an account.
The SRIG defines loss limits as restricting the amount lost, calculated as winnings subtracted from the amount spent. Deposit limits restrict the total amount a player deposits into their account over a chosen period. Both types must be available. Offering only one does not satisfy the standard.
The periods or durations that must be available for financial and time-based limits are 24 hours, 7 days, and one month. Where a player sets simultaneous periods, for example a daily deposit limit alongside a monthly deposit limit, the lowest applicable limit must be enforced. Limits must be enforced by the gaming system, not left to the player to self-police.
“Registered Operators must have responsible gambling policies and procedures in place which reflect industry best practices to prevent harm and to minimize the risk of harm from internet gaming.”
Registration requirement: Deposit limit and loss limit options must be presented to players during the account registration flow, not deferred to a post-registration settings menu. Both limit types must be available with durations of 24 hours, 7 days, and one month at a minimum.
Opt-Down vs Opt-Up: The Cooling-Off Rule Explained
The asymmetry between tightening and loosening limits is one of the most operationally significant features of the SRIG’s RG framework. A player who wants to reduce their deposit or loss limit can do so immediately. A player who wants to relax or eliminate a previously established limit faces a mandatory delay: the request can only be implemented after a cooling-off period of at least 24 hours, and only the player may initiate that request.
The requirement that only the player may request a limit relaxation has a specific product implication. Operators must not design flows that allow customer support agents or any internal process to override or soften a player’s previously set limit without an explicit player-initiated request. Operator-side limit adjustments that bypass the 24-hour window would constitute a direct breach of Section 3.3 of the SRIG.
In practice, this creates a clean two-branch architecture. The opt-down path (stricter limit) takes effect immediately upon the player’s request. The opt-up path (looser limit or removal) triggers a 24-hour holding state during which the system must continue enforcing the existing lower limit. The SRIG does not prescribe a maximum cooling-off period, so operators may choose to implement longer voluntary delays. Many operators with Ontario experience apply 24 to 72 hours, but the 24-hour minimum is a hard floor that operator policy cannot shorten.
Break-in-Play: Prescribed Durations and Permitted Account Access
The SRIG establishes a break-in-play mechanism distinct from the centralised self-exclusion program under Section 3.5. Registered Operators must provide players with the option to take a short-term break in play, and the available durations are specified by name: one day, one week, one month, two months, and three months.
Once a player initiates a break, they must be unable to place further wagers for the full duration. The SRIG permits continued account access during a break for specific purposes: players may still access their account balance, profile, and responsible gambling features. The system design implication is a selective access model rather than a full account lockout. Wagering functions must be disabled, but read-only account access and RG tool access must remain available.
The SRIG is explicit that break-in-play is an addition to, not a substitute for, AGLC’s centralised self-exclusion program. Operators cannot present the break-in-play function as an equivalent option when a player is seeking to self-exclude. The two mechanisms serve distinct purposes in the player-protection architecture, and the centralised self-exclusion system under Section 3.5 carries its own integration obligation as a precondition for market participation.
Reality Checks and Periodic Reminders: Frequency Requirements
The SRIG does not use the phrase “reality check” in the same narrow sense as the UKGC’s Remote Technical Standards, which mandate an on-screen pop-up message during active play. Alberta’s framework addresses session awareness through a periodic reminder obligation with two distinct cadences.
Players must receive reminders to review their ability to set limits using the responsible gambling controls. This reminder must be provided at least quarterly for time and finance-based limits. A separate, more frequent reminder covers financial activity: players must be prompted at least monthly to review their financial activity.
The practical product design requirement is therefore two separate reminder flows, not one. A combined quarterly pop-up does not satisfy the monthly financial activity review obligation. Compliance teams should map these as two independently triggered notifications, each with its own frequency, delivery channel documentation, and audit log entry.
Responsible gambling information must also be readily available, visible, and accessible to all players at all times. The SRIG specifies the minimum content that information must include: how games work and common misconceptions, lower-risk gambling behaviours and how responsible gambling tools work, gambling harms, support services including self-assessment tools, information about financial and time-based limits, provision of financial activity statements, and information about the self-exclusion program.
Risk Profiling and Attachment 3.3: The Operator-Side Obligation
Beyond the player-facing limit and reminder mechanics, the SRIG places a proactive monitoring obligation on Registered Operators through Attachment 3.3, Additional Requirements for Identifying and Supporting Players at Risk of Harm. This attachment is not an aspirational standard. It forms part of the enforceable SRIG framework and specifies the minimum components of an operator’s risk-profiling program.
Registered Operators must use both automated and manual tools to monitor player behaviour in a manner that enables timely and effective provision of support. Monitoring must occur either continuously or at a rate that reflects the dynamic nature of player behaviour. A schedule-based batch review that misses real-time harm indicators would not satisfy this obligation. Operators must use available information from various sources to effectively identify indicators of harm, incorporating player behaviour indicators, financial data, session data, and interaction history into a comprehensive approach to player risk profiling.
Where an operator identifies a player as being at risk, the intervention must be calibrated to the assessed level of risk and designed to have the desired effect of reducing that player’s risk of harm. Operators are also required to build processes to evaluate the impact of interventions to support ongoing improvement. A static response playbook without feedback loops and efficacy measurement does not meet the standard.
“Operators are expected to build processes to evaluate the impact of the intervention to support ongoing improvement.”
The SRIG requires Registered Operators to maintain a documented program for assessing and monitoring player risk profiles. AGLC compliance reviews will expect this as a standalone deliverable, not as a paragraph embedded in a broader responsible gambling policy.
Alberta vs UKGC: Where the Affordability Regimes Diverge
Operators with dual Alberta and Great Britain licences need to understand the structural difference between Alberta’s player-protection framework and the UKGC’s parallel regime under the Licence Conditions and Codes of Practice and the post-White Paper reforms.
| Feature | AGLC (SRIG, Section 3) | UKGC (LCCP / RTS) |
|---|---|---|
| Deposit limit prompt at registration | Mandatory offer during registration flow | Mandatory prompt for new customers (from 31 October 2025) |
| Loss limit at registration | Mandatory offer during registration flow | Not separately mandated at registration (player-set) |
| Cooling-off for limit relaxation | Minimum 24 hours, player-initiated only | Minimum 24 hours, player-initiated only |
| Affordability / financial risk checks | No mandatory affordability check framework | Frictionless financial vulnerability checks (£150/£500 thresholds piloted); Financial Risk Assessment framework under development |
| Reality check / session reminder | Quarterly for limits, monthly for financial activity | RTS mandated on-screen session notification during play |
| Break-in-play durations | Prescribed: 1 day, 1 week, 1 month, 2 months, 3 months | Operator-defined take-a-break, minimum durations not prescribed in the same way |
| Centralised self-exclusion | AGLC Centralized Self-Exclusion Program (API integration mandatory) | GAMSTOP (national self-exclusion scheme) |
| Risk profiling obligation | Attachment 3.3 mandatory automated and manual monitoring | LCCP Social Responsibility Code, Customer Interaction requirements |
The most significant divergence is the absence of any Alberta equivalent to the UKGC’s financial risk assessment framework. Under the UKGC’s post-White Paper programme, a pilot running since August 2024 triggered frictionless checks through credit reference agencies at net monthly deposit thresholds of £500 initially, reduced to £150 in February 2025. These checks are designed to flag financial vulnerability without requiring players to submit documentation such as bank statements. The UKGC’s Tim Miller described the approach as explicitly not an assessment of what each customer can afford to gamble, but rather a flag for financial risk indicators.
Alberta’s SRIG contains no equivalent threshold-triggered external data check. The operator’s obligation under Attachment 3.3 is to build an internal risk profiling system drawing on player behaviour, financial activity, and interaction data. This is the functional equivalent of the UKGC’s Customer Interaction obligations under the LCCP Social Responsibility Code, but without any externally triggered affordability or financial vulnerability layer. Operators running dual UK and Alberta operations should not assume that a UKGC-compliant customer interaction process automatically satisfies Alberta’s Attachment 3.3 obligations, which carry their own documentation, escalation, and efficacy-evaluation requirements.
The RG Check Accreditation Requirement
All Registered Operators in Alberta must hold RG Check accreditation, issued by the Responsible Gambling Council (RGC) of Canada. RG Check is an independent certification programme that assesses operator responsible gambling policies, staff training, messaging, tools availability, and player interaction processes against a defined standard.
RG Check accreditation is a market-participation requirement, not a voluntary quality mark. Operators who hold RG Check accreditation from Ontario operations under the AGCO framework are not automatically accredited for Alberta. Each site or brand registered with AGLC requires its own certification status, and compliance teams should treat the RG Check assessment process as running in parallel with technical ATF certification rather than after it, to avoid go-live delays. According to iGamingBusiness, BetMGM’s Connor McDavid campaign in Alberta reported a 38% increase in deposit limit usage and a 55% increase in stake limit usage, evidence that ambassador-led responsible gambling communications can materially move player tool engagement rates when restricted to the RG messaging format Alberta’s advertising rules require.
Audit Trail and Data Retention: What AGLC Expects to See
The SRIG’s data retention obligations apply to both the RG control records and the underlying system logs. Event and security logs must be retained for at least one year online and seven years in archive, or as otherwise required by applicable regulation. Operators subject to FINTRAC requirements under the AML framework managed by AiGC may face longer retention obligations for financially relevant records.
For RG-specific audit purposes, the gaming system must maintain accurate and complete records of all transactions and game state information. All limit changes, whether a tightening or a cooling-off period-gated relaxation, constitute player account events that must be captured in an auditable trail available for AGLC inspection. An operator whose limit-change logs are incomplete, overwritten before the seven-year archive period, or inaccessible to regulators on request would have a direct compliance gap under both Section 3.3 and the records-retention requirements of Section 4.16 of the SRIG.
Player personal information, including limit history and financial activity records, must meet the requirements of applicable Alberta privacy legislation, specifically the Personal Information Protection Act (PIPA Alberta). Player personal information must only be used for the lottery schemes conducted and managed by AGLC or AiGC. Limit-change data cannot be repurposed for commercial profiling or marketing optimisation without a separate legal basis under PIPA.
Audit trail minimum: Event and security logs must be retained for at least 1 year online and 7 years in archive under the SRIG. All limit changes, reminder deliveries, and break-in-play initiations are player account events that must appear in the auditable record available to AGLC on request.
OASIS and Centralised Self-Exclusion: The API Integration Obligation
AGLC’s Centralized Self-Exclusion Program is a fully digital, API-integrated system covering registered iGaming operators, land-based casinos, and racing entertainment centres. Integration with the program is a mandatory precondition for go-live, not a post-launch enhancement.
The program offers players three exclusion scopes: exclusion from all registered iGaming only, exclusion from all land-based casinos and racing entertainment centres only, and exclusion from both iGaming and land-based venues simultaneously. Operators must ensure their platform is technically capable of recognising and enforcing exclusion statuses received from AGLC’s central system in near real-time.
Once a player self-excludes, any active wager must be brought to an end. Where a player enrols in the self-exclusion program before the commencement of an event or series of events on which a wager outcome is determined, the operator must refund that wager. Where self-exclusion is initiated after the commencement of the relevant event or events, the operator is not required to refund the wager. Self-excluded players must be excluded from all marketing efforts immediately once the operator has been notified of the exclusion status. The mechanism for returning the balance of unused funds must be available to self-excluded players who request it.
Operators familiar with Germany’s OASIS system, the national cross-operator self-exclusion register, will recognise the architectural concept. Alberta’s centralised system differs in scope, covering both online and land-based venues within the province, but shares the API-first integration model that makes cross-operator enforcement operationally reliable. Alberta’s exclusion status feed comes from AGLC’s central database, and the operator’s platform must act on that status with no manual intervention step between the notification and the enforcement action.
Credit Prohibition and Cryptocurrency Restriction
Two prohibitions in the SRIG have direct product-design implications that fall outside the deposit-limit framework but sit adjacent to it in any payment architecture review.
Registered Operators and their employees are prohibited from extending credit in any form, lending money to players, referring players to credit providers, or inferring that a player should seek additional credit to play games. The prohibition does not apply to a player using a credit card issued in their own name by a financial institution as a payment method. Any operator-side credit facility, buy-now-pay-later integration, or third-party credit referral is prohibited under Section 3.2 of the SRIG.
Cryptocurrency is not legal tender and must not be accepted as a deposit or withdrawal method. This is an unambiguous prohibition under Section 4 of the SRIG and eliminates any potential design question about crypto deposit limits or crypto wallet integrations for the Alberta market. Operators whose global platforms support cryptocurrency deposits must gate that functionality at the Alberta geolocation level.
Key Resources
AGLC Standards and Requirements for Internet Gaming (SRIG), issued January 14, 2026, revised March 17, 2026, is the primary source for all Section 3 responsible gambling obligations. Available at aglc.ca/igaming.
AGLC iGaming Application Guide and Go-Live Compliance Guide sets out the three-step registration process and the pre-launch compliance checklist against which AGLC assesses go-live readiness, including self-exclusion integration and RG policy documentation.
AGLC Notification Matrix specifies the information Registered Operators must provide to AGLC, the frequency of that information, and the prescribed format. It is relevant to RG incident notification and limit-change reporting obligations.
For a broader comparison of Alberta’s framework against Ontario’s responsible gambling architecture, see our analysis of AGCO vs AGLC regulatory differences. For the full picture of Alberta’s go-live technical and commercial requirements, see what registered operators must know about the SRIG framework.
Operators should consult qualified legal counsel in Alberta for jurisdiction-specific application of the SRIG’s responsible gambling requirements, particularly in relation to the interaction between AGLC registration obligations and AiGC commercial agreement terms.
Matt Denney
Editorial · gamingcompliance.io
Reads the primary source so you don't have to. Fifteen years inside iGaming compliance: operator, supplier, and crown-corporation lottery.
The Tuesday brief, every week.
One email. Every regulator change we surface, every standard we re-index, every enforcement decision we read. No marketing, no fluff.
Unsubscribe with one click. We'll never share your address.