Alberta iGaming Payment Processing Compliance: Deposits, Withdrawals, and Restricted Methods Under the AGLC SRIG

Alberta’s regulated iGaming market opens on July 13, 2026. The primary compliance instrument for registered operators is the Alberta Gaming, Liquor and Cannabis Commission’s Standards and Requirements for Internet Gaming (SRIG), issued January 14, 2026 and updated March 17, 2026. Payments teams and product managers configuring cashier flows for day one need to understand what the SRIG mandates on permitted rails, prohibited instruments, withdrawal processing, player funds protection, and the split between AGLC regulatory obligations and AiGC financial obligations. This article covers each of those areas from the SRIG text, with the institutional context that shapes which entity you report to and when.

The Regulatory Split That Defines Payment Oversight

Before mapping individual payment obligations, payments teams must understand a structural feature of the Alberta model that directly affects compliance workstream ownership. AGLC is the regulator responsible for registration, standard-setting, and ongoing regulatory oversight of all registered operators and goods or services suppliers. AiGC, the Alberta iGaming Corporation, holds responsibility for commercial agreements, anti-money laundering compliance, public complaints, and financial and income reporting.

Deposit and withdrawal controls, permitted methods, and player funds management sit under AGLC’s SRIG and are therefore AGLC obligations. AML transaction monitoring, suspicious transaction reporting to FINTRAC, and financial reporting are AiGC-directed obligations under the commercial agreement. These are parallel compliance workstreams, not sequential ones. An operator that builds out SRIG-compliant payment flows without simultaneously implementing the PCMLTFA-aligned AML program required under the AiGC commercial agreement is not in a position to operate lawfully on day one.

What Payment Methods Are Permitted?

The SRIG does not publish an approved payment-method whitelist in the way some jurisdictions do. Instead, it establishes a permissibility standard: deposits may only be accepted after they have been authorized by a financial services provider and verified. This authorization-and-verification requirement means every deposit rail in the cashier must be routed through a recognised financial services provider. Anonymous instruments that cannot provide financial-institution authorisation signals fail this standard by design.

In practice, Interac e-Transfer is the dominant Canadian-regulated payment rail and fully satisfies the authorization-and-verification requirement. Visa and Mastercard debit and credit card transactions processed through a financial institution equally meet the standard. E-wallets and digital payment services offered by recognised financial services providers are compliant where they can confirm authorization. The key compliance question for any payment method under review is whether the transaction carries a confirmed financial-services-provider authorisation signal that the operator can verify and retain.

Interac e-Transfer warrants particular attention for the Alberta launch. It is real-name linked, tied to Canadian bank accounts, and generates both the authorization signal the SRIG requires and the transaction-level identity data that supports KYC and AML monitoring. For the same reasons, it is the method most likely to achieve day-one approval under AiGC’s commercial agreement process.

Is Cryptocurrency Permitted in Alberta iGaming?

No. The SRIG states without qualification, in the Funds Management provisions of Section 4: “Cryptocurrency is not legal tender and must not be accepted.” No registered operator may accept cryptocurrency deposits or process cryptocurrency withdrawals, regardless of the payment processor or technical arrangement used to route the transaction.

“Cryptocurrency is not legal tender and must not be accepted.”

This prohibition covers all forms of cryptocurrency and digital assets that are not legal tender, including Bitcoin, Ether, stablecoins, and any instrument of equivalent character. Grey-market operators serving Alberta players under Curaçao or other offshore licensing have routinely offered cryptocurrency cashier options. Registered operators in Alberta’s legal market face no such flexibility. Payment processor integrations that include crypto rails as a routing option must disable those rails for all Alberta-domiciled sites prior to launch.

Are Credit Cards Allowed for Alberta iGaming Deposits?

Yes, with a critical boundary. The SRIG’s credit and lending prohibition, set out in Section 3.2, prohibits registered operators and their employees from extending credit in any form, lending money to players, referring players to credit providers, or inferring that a player should seek additional credit to play. That prohibition carries no exceptions.

The same section then states explicitly that the credit prohibition does not prohibit a player from using a credit card issued in their name by a financial institution as a form of payment. Credit card deposits, where the card is the player’s own and issued by a recognised financial institution, are therefore permitted. The operative compliance boundary is not the method itself but the source of credit: an operator cannot establish a credit facility, advance funds, or direct players to obtain credit for play. A player choosing to use their own credit card is exercising their own financial decision.

This position is worth noting against the Ontario context. The AGCO Registrar’s Standards for Internet Gaming take the same structural approach: credit extension by the operator is prohibited, but credit card use by the player is not. Alberta has followed this architecture consistently. Compliance teams operating in both provinces can maintain a consistent internal policy framework on this point, though operators should consult qualified legal counsel before finalising payment-method policies for either jurisdiction.

Withdrawal Processing: Verification, Identity, and the Destination Account Rule

The SRIG sets two mandatory conditions that must be satisfied before any withdrawal is permitted. The withdrawal must be verified and authorized to confirm that it is being made by a holder of the account, and that it is being transferred to an account of which the player is a legal holder. Both conditions must be satisfied, neither alone is sufficient.

The legal-holder-of-destination-account requirement has direct consequences for how operators configure withdrawal routing. A player cannot instruct a withdrawal to a bank account or payment account that belongs to a third party, even a spouse or family member. Operators must implement technical controls that enforce this restriction, not merely display a terms and conditions warning. In practice, this means the payment account used for withdrawals must be verified as belonging to the registered player, and that verification must be retained as an auditable record.

Withdrawals must be verified and authorized to confirm the withdrawal is being made by a holder of the account and transferred to an account of which the player is a legal holder.

The SRIG also requires that players receive their funds as soon as is practicable, subject to appropriate authorization and verification. The SRIG does not prescribe a fixed processing window in the manner of some European frameworks, but the “as soon as is practicable” standard is not a licence for open-ended processing queues. Internal controls documents and the Control Activity Matrix (CAM) submitted to AGLC will need to demonstrate that withdrawal processing timelines are subject to defined service levels and that any delays are attributable to required verification steps, not operational convenience.

Player Funds Management and Segregation

The SRIG requires that player funds be clearly and appropriately managed. This language, drawn from Section 4’s funds management provisions, establishes a principle that is given operational content by the GLI technical standards that apply to Alberta-registered platforms. Under GLI-19 Standards for Interactive Gaming Systems and GLI-33 Event Wagering Systems, both of which apply to Alberta-certified platforms, operators must maintain segregated accounts holding player funds separately from operational funds, with processes in place to ensure those funds are safeguarded, properly accounted for, and not commingled with the operator’s own capital.

The practical implication is that the player liability balance, the total amount owed to all players across all accounts at any point in time, must be covered by segregated funds held in an account structure that makes clear those funds do not belong to the operator and are not available to creditors other than the players themselves. Operators whose treasury and banking arrangements do not currently support this segregation requirement should treat establishing a compliant account structure as a pre-launch prerequisite, not a post-launch remediation item.

Account balance protection extends to dormant and deactivated accounts. Where an account becomes dormant or is deactivated by a player or another authorised individual, the player must retain the ability to recover the balance owed to them. Operators must have procedures in place to protect dormant account balances from unauthorised access, change, or removal, and to return funds when the player seeks recovery.

Player Account Notifications for Payment-Related Changes

Payments and fraud teams must understand the SRIG’s account change notification requirements, which apply directly to payment and banking information. Any change to a player’s payout or banking information triggers a mandatory notification obligation. Under the SRIG’s Section 4 account management provisions, the notification must be sent to the last known verified contact point on file, not solely to the newly provided contact point. Where feasible, operators must send notifications via more than one channel. Notification content must not include clickable links and must instruct the player to sign in directly to the site or app to review the change.

This is an anti-fraud requirement as much as a consumer-protection one. An attacker who gains access to a player account and updates banking details to redirect a withdrawal is the threat model this provision is designed to address. Operators must treat any change to payout or banking information as a high-sensitivity event and log all notifications and follow-up actions in accordance with the SRIG’s records retention requirements.

Responsible Gambling Controls at the Payment Layer

Under the SRIG’s Section 3 Social Responsibility provisions, registered operators must have responsible gambling policies and procedures in place that reflect industry best practices to prevent and minimise harm. The RG controls directly relevant to payments teams are deposit limits and the centralized self-exclusion integration.

Deposit limits are not optional player-facing tools in the Alberta framework. The SRIG’s responsible gambling architecture, aligned with the broader RG control pattern established across both Alberta and Ontario, treats deposit-limit expectations as system and workflow requirements. A player’s elected deposit limit must be enforced at the platform level, and the system must prevent transactions that would breach a limit the player has set or that the operator has applied as a protective measure.

Centralized self-exclusion integration is a mandatory third step in the AGLC registration process. Every registered operator must integrate with AGLC’s centralized Self-Exclusion Program before receiving go-live clearance. The compliance consequence at the payment layer is that a player who is recorded in the self-exclusion program must not be permitted to deposit or wager, and the system must check exclusion status at every deposit attempt, not only at login. The SRIG requires operators to integrate the exclusion check at the point of transaction as a system control, not a manual review process.

AML Obligations at the Payment Level

The SRIG requires registered operators and goods or services suppliers to implement and maintain a comprehensive AML and terrorist financing (AML/TF) program in compliance with the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA), associated FINTRAC regulations and guidelines, and the policies and procedures of the designated reporting entity. AML internal controls must align with those of the designated reporting entity under the PCMLTFA.

At a minimum, the SRIG requires operators to implement risk-based policies, procedures and controls that provide for escalating measures when players exhibit behaviours consistent with money laundering, terrorist financing, or sanctions evasion indicators, including the refusal of transactions or exclusion of the player. Operators must specify, based on risk assessment, the times and situations where they will ascertain and reasonably corroborate a player’s source of funds. Operators must also have mechanisms to share information about high-risk, suspicious, or criminal activity with other registered operators who may be subject to similar activity.

Suspicious transaction reporting under the SRIG requires operators to report to FINTRAC and to follow the Notification Matrix prescribed by AGLC. Suspicious behaviour, attempted or completed, must be reported in accordance with the Notification Matrix. Illegal or suspected illegal activity must be reported immediately to AGLC’s Customer Care Centre. Operators must also facilitate staff participation in any AGLC or police investigation.

A critical structural point: the AGLC Application Guide and Go-Live Compliance Guide assign AML and financial reporting to AiGC, not AGLC. In practice, the SRIG’s AML program requirement and AiGC’s commercial-agreement AML obligations are complementary, not duplicative. The SRIG establishes the minimum program standards, while AiGC operationalises PCMLTFA reporting and financial oversight within the commercial framework. Operators must build both layers. AML and KYC compliance is therefore a two-regulator coordination task in Alberta, unlike the single-regulator models in MGA Malta or UKGC-licensed operations where AML supervision and licensing oversight sit with the same body.

Payment Processor Due Diligence and Supplier Registration

Payment service providers and e-wallet suppliers that provide goods or services to Alberta-registered operators are themselves subject to AGLC registration as goods or services suppliers. Under the SRIG’s definitions and the Gaming, Liquor and Cannabis Regulation, the goods or services supplier registration category covers entities providing equipment or services used to operate or support an iGaming site. A payment processor providing direct cashier integration falls within this definition.

E-wallet providers are explicitly listed in the AGLC fee schedule as a goods or services supplier subcategory and carry an annual registration fee of CAD 3,000. Platform providers and critical gaming systems suppliers pay CAD 15,000 annually. This registration requirement means that operators cannot onboard an unregistered payment processor for Alberta operations. Due diligence on payment partners must confirm their AGLC registration status before any technical integration is built for the Alberta site.

Operators must also ensure that their Control Activity Matrix (CAM) accurately reflects payment controls as documented and operational. The CAM is a required regulatory artifact subject to AGLC review at registration, go-live, and ongoing oversight. Payment-layer controls, including deposit authorization flows, withdrawal verification steps, self-exclusion checks at transaction level, and deposit limit enforcement logic, must be mapped in the CAM with the same precision as game-integrity and cybersecurity controls.

The Grey-Market Contrast and What It Means for Compliance Design

Grey-market operators who have served Alberta residents under offshore licensing, primarily Curaçao sublicensee arrangements under the pre-LOK master-sublicensee model, have not been subject to these payment obligations. Cryptocurrency cashiers, anonymous prepaid card top-ups, and payment-method rosters designed to obscure transaction origins have been common features of grey-market play. The July 13 launch draws a clear regulatory perimeter: operators registered with AGLC and AiGC are subject to the full SRIG payment framework from day one of operation.

This contrast matters for compliance design in two ways. Operators transitioning player bases from grey-market environments will encounter players whose payment habits were shaped by unregulated availability. The transition to a SRIG-compliant cashier that refuses cryptocurrency, enforces destination-account verification on withdrawals, and applies deposit limits as hard controls will require clear player communication. Second, operators whose technology stack has been built to serve grey-market player segments may need to retrofit payment-layer controls, not just configure the front end differently. The SRIG’s system-level enforcement expectations mean that responsible gambling and AML controls must be embedded in transaction logic, not layered as post-processing policy reviews.

For a comparative view of how Alberta’s payment and broader operational standards relate to Ontario’s framework under the AGCO Registrar’s Standards, see AGCO vs AGLC: Key Differences in Ontario and Alberta Internet Gaming Regulation. Operators new to the Alberta framework should also review the full Alberta iGaming Market Opening: What Registered Operators Must Know About the AGLC SRIG Framework for broader registration and go-live obligations.

Key Resources

AGLC Standards and Requirements for Internet Gaming (SRIG), issued January 14, 2026, authority: AGLC Board Chair (updated March 17, 2026). Available at aglc.ca/igaming.

AGLC Application Guide for iGaming Registration, including the Go-Live Compliance Guide and AGLC Notification Matrix. Available at aglc.ca/igaming.

Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and associated FINTRAC guidelines. Operators and suppliers with AML obligations under the commercial agreement with AiGC must comply with the PCMLTFA as designated reporting entities under FINTRAC supervision.

iGaming Alberta Act and Gaming, Liquor and Cannabis Act (Alberta). The dual statutory foundation for AGLC’s regulatory authority and operator registration requirements in the Alberta iGaming scheme.