You may be considering taking the steps to obtain an iGaming license from the Alcohol and Gaming Commission of Ontario (AGCO) to open your own iGaming business in the province. You should know from the outset that the steps to receiving this license are complex — requiring both a thorough understanding of the regulatory requirements and a commitment to meeting strict standards.
We’ve summarized the process of obtaining an iGaming license below to help you navigate your path forward:
How do I obtain an iGaming license in Ontario?
The AGCO is responsible for overseeing and regulating the province’s gaming industry, including the iGaming sector, to ensure the integrity, fairness, and social responsibility of gaming in Ontario.
To obtain an iGaming license, you must follow a seven-step process with both iGaming Ontario (iGO) and AGCO.
What are iGO’s licensing requirements?
We’ve summarized the steps you must take to obtain an iGO license below to help you on your journey toward opening your own iGaming business. According to iGO, multiple steps can be completed at the same time and the order of steps may vary based on each prospective operator’s circumstances.
- Step 1: Execute a non-disclosure agreement (NDA) with iGO — Prospective operators are required to register to obtain a copy of the NDA via AGCO’s website. According to iGO, this process takes approximately two business days.
- Step 2: Execute a letter of agreement — After executing the NDA, prospective operators are required to obtain a copy of the letter of agreement from iGO’s website and have it executed. This process takes approximately two business days according to iGO.
- Step 3: Access iGO’s secure data and information communication channels — Prospective operators will receive instructions on how to access iGO’s secure data exchange services to enable the secure exchange of information between operators and iGO. According to iGO, this process takes approximately two business days.
- Step 4: Complete iGO’s anti-money laundering (AML) information submissions — Prospective operators will be required to work with iGO’s AML unit and submit their AML program and related documents, including templates, configuration with FINTRAC’s web reporting tool, and attestations. iGO provides an estimated timeframe of two weeks to complete this process.
- Step 5: Submit financial information — iGO will assess your commercial financial obligations, conduct a bank due diligence process, and test the prospective operator’s gross gaming revenue data and funds transfer. This process takes approximately one week to complete according to iGO.
- Step 6: Engage in systems and data readiness testing — Before executing an operating agreement with iGO, prospective operators will undergo an assessment of their systems to ensure they meet iGO’s operational standards. According to iGO, this process takes approximately two business days.
- Step 7: Execute an operating agreement with iGO — Prospective operators will be invited to work with iGO’s legal team to complete this process as soon as the preceding steps have been completed.
Anti-Money Laundering Services (AML)
What are the AGCO’s licensing requirements?
Prospective operators can complete the AGCO licensing requirements at the same time as the iGO licensing requirements and both must be completed concurrently. We’ve summarized the steps you must take to obtain an AGCO license below:
- Step 1: Obtain independent testing laboratory (ITIL) certification — Operators are expected to work with an AGCO-licenced ITIL to certify all games and supporting critical gaming systems before going live.
- Step 2: Register with the AGCO — To apply for an iGaming license, you must first register with the AGCO by creating an account on the iAGCO online portal and paying the associated fees.
- Step 3: Comply with AGCO’s Registrar’s Standards for Internet Gaming — Prospective operators are required to read the Registrar’s Standard for Internet Gaming and implement controls to comply with the AGCO’s standards and requirements.
- Step 4: Participate in internet gaming notification matrix training — Working with the AGCO’s technology regulation and iGaming compliance teams, the AGCO will invite and train relevant members of your team on how to make submissions and use the iAGCO online portal.
- Step 5: Regulatory reporting in iAGCO — Once you have received training from the AGCO on the online portal, you will be required to provide information to the AGCO to enable the set-up of online authorized accounts for submitting and accessing regulatory submissions.
- Step 6: Secure data and information communication channels — The AGCO notes that a prospective operator will have received a certificate of registration at this stage and will be required to set up and configure access to the AGCO’s secure data exchange services to enable information exchange with the AGCO. This will include SharePoint and Secure File Transfer Protocol (SFTP).
- Step 7: Provide technology compliance confirmation to the AGCO — The AGCO expects prospective operators to provide confirmation that all gaming systems and technology are compliant with all applicable AGCO standards and requirements.
What are the risk-based standards and requirements?
Under the Gaming Control Act, 1992 (GCA), the registrar is authorized to establish risk-based standards to regulate Ontario’s gaming sector. A standards-based regulatory model shifts the focus from compliance with a prescriptive set of rules or processes, toward the broader regulatory outcomes or objectives a registrant is expected to achieve.
Standards are drafted at a high level of generality, with the aim being to capture the purpose behind the rule. This offers greater flexibility for regulated entities to determine the most efficient and effective way of meeting the required outcomes. This, in turn, helps reduce regulatory burden and support market innovation.
As an operator, you are accountable for ensuring the standards related to the operation of your gaming site are met, regardless of the entity that is carrying out the related activities. Depending on the circumstances, the registrar may hold an operator, a gaming-related supplier, or both, accountable for meeting a particular standard.
What are the risk themes?
The standards and requirements are divided into the six identified risk themes, with theme-specific standards and requirements provided under each. These include:
- Entity level
- Responsible gambling
- Prohibiting access to designated groups and player account management
- Ensuring game integrity and player awareness
- Information security and protection of assets
- Minimizing unlawful activity related to gaming
Certain standards also provide further and more explicit direction through one or more specific requirements. These requirements establish the minimum obligations you must achieve to fulfill the corresponding standard.
The registrar may direct any registered supplier to comply with any additional standards and requirements as considered necessary to enhance and preserve the public confidence and integrity of gaming in Ontario.
Enterprise risk
How an advisor can help
An advisor can support you to understand the purpose or intent behind a given standard or requirement. They can also help you evaluate your compliance to the registrar’s standards through several different types of independent review.
These reviews can range from independent readiness assessments to assurance engagements. Types of reviews advisors can offer include:
- Limited assurance engagements — Assesses the design and operating effectiveness of key controls for the operator platforms (operating systems, web server, application frameworks, and/or related infrastructure) by performing types of assurance engagements.
- SOC 2 readiness assessments — Evaluates an operator’s ability to maintain information assets, including data processing systems, communications processes, and physical facilities in a secure and compliant manner and to assess readiness for a subsequent SOC 2 (Type 2) audit.
- SOC 2 audit — Evaluates the design and operating effectiveness of internal controls connected to the security, availability, and processing integrity of the systems being used to process user data and the confidentiality and privacy of the information being processed by those systems.
Additionally, an AML advisor can help prospective operators develop an AML program in compliance with iGO’s requirements. This includes a risk assessment, attestation, training program, and policies and procedures.
An AML advisor can also help your business navigate the myriad of regulatory obligations required by iGO when it begins operations in the Ontario market. This includes regulatory reporting such as suspicious transaction reports, casino disbursement reports, electronic funds transfer reports, and extreme risk reporting.
Take the next steps
Obtaining an iGaming license through the AGCO is a comprehensive process that requires careful preparation, attention to detail, and a commitment to meeting strict standards. If you need support to understand the requirements to receive an iGaming license, contact a member of MNP’s Enterprise Risk team. We can conduct assurance engagements, readiness assessments, and provide advice to ensure you are prepared to meet the AGCO’s requirements.
MNP’s Anti-Money Laundering Services (AML) team can also assist you in developing an AML program and participate in your journey to obtain an iGaming license. Our advisors have experience working with operators in Ontario and can help ensure your business complies with the reporting obligations mandated by iGO.