Latest Updates on the New German

Sports Betting Application

5th of September, 2019

09:30 – Registration

10:00 – Welcome and Introduction (Chevron)

10:05 – Status Quo of the German Interstate Treaty on Gambling (Redeker)

10:25 – Presentation of the Requirements (Chevron)

10:45 – Legal Criticals: Betting Program/Limit of 1,000 Euro (Redeker)

11:00 – Necessary Concepts (Sales, AML, RG) (Chevron)

11:15 – Legal Criticals: Advertising including Bonuses/Online Casino (Redeker)

11:30 – Necessary Concepts: Payment, ISMS (Chevron)

11:40 – Questions (Redeker / Chevron)

11:55 – Closing

Agenda

Application requirements for a

German Sportsbetting License

From the Presentation of the Regulator at the 13th of August 2019

Timeline

▪ Applications can be submitted in October

▪ Until the end of December the Interstate Treaty will go through the parliaments of the 16 states

(Bundesländer)

▪ 02nd of January 2020: the official application procedure starts

▪ After a short grace period letters will be send out to operators which did not submit an application

▪ The authority is aware of 160 operators operating on the German market

▪ “experimental phase” / license valid until 30st of June 2021

General Information/Formalia

Application Requirements

▪ (Official) Certificates / documents not in German must be accompanied by a German (certified) translation.

▪ Application documents must be submitted in paper form and be transmitted via email or upload.

▪ Only if the required documents from the country of origin have no equivalent legal provision, the

requirement may be waived. Regional Council has identified no. II. 5., 6., 9. and 10. as open to this waiver.

▪ Some documents (e.g. DD) must not be older than 3 months.

▪ Further application documents may be requested subsequently.

▪ References must indicate the exact location including page numbers.

▪ According to the presentation at the 13th of August forms of the requested declarations will be provided by

the authority.

▪ Questions will be answered within the F&Q section of the website of the regulator

List of Requirements

Application Requirements

1. General information / DD on the applicant and the authorised representatives

2. Designation of a receiving agent (local lawyer) located in Germany / PoA (original)

3. Copy of the commercial registration in Germany (Gewerbeanmeldung) if applicable

4. Foreign gambling licence if applicable

5. Excerpt from the register of companies

6. Certificate of good standing of the tax authorities from the applicant and the authorised representatives

7. Confirmation of the Tax Authority Frankfurt a. M. III / sports betting tax (“Bescheinigung in Steuersachen”)

8. Excerpt from the debtors register in Germany or outside of Germany an equivalent document

9. Excerpt from the Central Commercial Register in Germany or equivalent e.g. Certificate of Good Conduct /

police record from the applicant and the authorised representatives

List of Requirements

Application Requirements

11. Proof of expertise of the directors (commercial qualification and 2 years of betting operator activity)

12. Presentation of the complete ownership and shareholder structure

13. Disclosure of trustee relationships

14. Declaration / Commitment not to offer unauthorised gambling, also through affiliated (verbundene

Unternehmen) companies as e.g. members of the same group

15. Statement on how the security (e.g. bank guarantee) of 5-25 million Euro will be provided

16. Declaration of diligent recordkeeping for betting tax calculation purposes

17. Certificate of auditor / chartered accountant confirming of operating cash flow / funds and explanation of

how the business is funded

18. Statement from an independent auditor of the ringfencing of player balances and declaration on

insolvency insurance of customer funds

List of Requirements

Application Requirements

21. Acces to realtime data in ARGUS / XML format via webservice independent from operational databases

22. Transparency to the player concept, e.g. game description, complaint management, licensee information,

Gambling therapy information, data privacy policy

23. Business projection for 2020/2021 (relevant for calculation of application-/annual supervision fee, security)

24. Monitoring of match-fixing: internal measures and cooperations with external providers

25. General terms and conditions: online and through landbased agent networks

26. Contact person for the betting operation

27. Designation of a Data Protection Officer with sufficient knowledge of the German law

28. Declaration regarding notification of changes

29. Declaration regarding completeness of documents

Sales Concept

1. General requirements (Internet and Retail)

– List of all brands differentiated according to distribution channel

– Declaration reg. bet type restrictions

– Description of customer card functionality

2. Internet-specific Requirements

– Information as to whether the technical processing is performed by the company itself or by a service provider.

– Details regarding the service provider (name, address, e-mail, telephone number).

– List of the internet domain(s) and mobile internet application(s) or app/s

– Description of the website (in particular: customer hotline, language settings, data protection information, imprint, help options,

handling private mode, information about gambling licence valid in Germany).

3. Business projection for 2020/2021:

– Projection of the expected amount of stakes for sports betting operations in Germany (not explicitly part of the sales concept;

relevant for the calculation of the license application, annual supervision fee and security)

Sales ConceptMinimum Requirements for Application

Anti-Money Laundering

1. Identification

– The requirements of the German Anti-Money Laundering Act for the identification of business partners must be met at any times.

– Online:

– Full DD within 30 after registration with a wagering limit of 150 €

– Smart way of verification of players identity will be a competitive advantage; the Germany AML requirements request full DD on players

– Non-certified copies of identification documents are not seen as sufficient for the standard CDD procedure

– Land-based:

– Until now it is unclear if the monitoring requirements may allow anonymous betting in the future

2. Player Account

– A player account meeting the requirements of the German Anti-Money Laundering Act and subsidiary legislation (Anwendungs- und

Auslegungshinweise zum Geldwäschegesetz, AuA) must be established

3. Payment Transactions/Bank Account

– All payment transaction can only be performed through payment accounts according to the German payment service legislation

(ZAG) or recognised similar EU legislation

Anti-Money LaunderingMinimum Requirements for Application

▪ A full AML Concept including risk analysis is not explicitly required to be submitted as an application

document, but

▪ Requirements of the German AML legislation must be taken into consideration and will be evaluated by the

relevant supervisory authorities after granting of the license

▪ In brief, an Anti-Money Laundering Concept would have to cover:

– A risk analysis

– Internal security measures (e.g. Automated AML Monitoring System, Training, Employee DD …)

– Appointment of an German speaking AML officer and deputy

– Compliance with due diligence obligations under the AML Act

– KYC measures

– Internal revision

Anti-Money LaunderingAML Concept

▪ Risk analysis, AML measures and internal revision

are main parts of an ISO managemet system

▪ ISO 19600 provides a framework for a Compliance

Management System (ISO 31000 for Risk

Management)

▪ Details on the implementation of an „AML

Compliance Management System“ according to ISO

19600 and ISO 31000 for Malta, Germany and other

jurisdiction can be provided on request

Anti-Money LaunderingAML Management System

Player Protection

▪ Prevention is a key element of healthcare = avoiding the development of a disease

– Prevention is a generic term in public health care for targeted measures and activities to prevent diseases or damage to health, to

reduce the risk of the disease or to delay its occurrence. Preventive measures can be assigned to measures of the first, the second or the

third degree, all according to the time at which they are applied. Furthermore, preventive measures can be differentiated according to

whether they are based on individual behaviour (behavioural prevention) or on life circumstances (environmental prevention).

▪ Player Protection (how it is anticipated in Germany = Prevention of addiction in gambling)

▪ Player protection obligates different stakeholders in gambling

Player Protection ConceptWhat is prevention?

▪ There are two approaches to prevention in healthcare

1. Behavioural prevention

– Behavioural prevention refers directly to the individual person and his or her individual health behaviour. This includes, for example,

measures that strengthen one's own health competence. The aim is to reduce risk factors, e.g. through problematic or pathological

gambling.

2. Environmental prevention

– The environmental prevention takes life and work circumstances into account. This includes, for example, the life environment and

other factors which may influence health, such as the range of products on offer and the accessibility/availability of gambling services.

Player Protection ConceptWhat is prevention?

Player Protection ConceptWhat is prevention?

Individuals

at risk

at-risk groups

Population or specific population

groups

indicated prevention

selective prevention

universal preventiondensity and intensity of

interventions

Player Protection ConceptWhat is prevention?

social gamblers

• largest group

• inconspicuous gaming

behaviour

• no problems

problematic gamblers:

• are endangered

• in transition

• moderate problems

pathological gamblers:

• smallest group

• uncontrolled gambling

• severe problems

intervention

target

Information

and

enlightment

Early detection

and -intervention

Approach and

intervention

Promotion of

Responsible

Gaming

Promoting

low-risk and

controlled gambling

Protection

and

referral to help

system

▪ RG is a broad, holistic concept targeting key stakeholders in the field of gambling to the target of avoiding

and reducing gambling related harm from individuals (and from society) with specific and differentiated

measures. Its main areas:

Player Protection ConceptWhat is Responsible Gaming?

RG

Underage

Gambling

Vulnerable

players

Fraud

Fair gaming

payments

Responsible

marketing

Customer´s

satisfaction

Secure, save

and reliable

operations

▪ Player Protection is a special topic in the German gambling regulation, effects business development and

combines behavioural with environmental prevention measures.

– Limits, including time limits

– Exclusions with a duration from one day to permanent

– Legally required breaks

– Appropriate communication

– Short gateway to therapy

– Effectiveness checks

– Reviews by the authorities

Player Protection ConceptWhat is player protection?

▪ A Social Concept is a framework, which describes how (mandatory) requirements for player and minor

protection are implemented and executed. The regulator expects documentation containing transparent,

distribution-specific descriptions of how

– player and minor protection measures are implemented to the corporate structure,

– the mandatory, environmental measures for prevention (e.g. warranty for the exclusion of minors and excluded

players , monthly betting lim tof EUR 1.000,- per customer, connection to the database of blocked players, OASIS)

will be operated,

– players are guided to bet responsibly (e.g. by using delivered protection measures)

– measures and procedures are continuously improved

Player Protection ConceptWhat is „Sozialkonzept“?

▪ Operators (and betting agents) must take measures and procedures targeted

– to operational structure and procedures (e.g. by technical banning measures and an interface to the German

database of blocked players, “OASIS”),

– to personnel,

– to customers.

▪ The manual must take the risk specifics of the offered games of chance and its distribution channels (online

and/or stationary) into account!

Player Protection ConceptWhat is „Sozialkonzept“?

▪ Operators (and betting agents) must take measures and procedures and concrete circumstances are used

– to warren the exclusion of minors and excluded players (e.g. by technical banning measures and an interface to

the German database of blocked players, “OASIS”),

– to prevent customers from gambling-related harm (e.g. by ensuring that customers have adjustable limits on

stakes, deposits and losses, this in light of the statutory maximum monthly stakes of EUR 1000,-),

– to encourage players to

– gamble responsibly,

– use different measures to protect themselves,

– use professional help if needed.

▪ The manual must take the risk specifics of the offered games of chance and its distribution channels (online

and/or retail) into account!

▪ Guidelines and procedures for employees are to be forming part of the manual.

Player Protection ConceptWhat is „Sozialkonzept“?

Payment Processing

▪ Proof of bank account for game-related transactions held in Germany or with a credit instiution regulated

and residing in an EEA member state

▪ Separate accounting for all gaming transactions in Germany

▪ Overview of all payment methods offered

– Anonymous payment methods (e.g. Paysafe) are not allowed

– Anonymous credit card payments only up to an amount of 25 euro per transaction and 100 euro per month

▪ Prohibition of granting credits/loans

▪ For PSPs: Proof of compliance with PCI-DSS standard (if applicable further requirements imposed directly

by AML legislation

Payment Processing ConceptMinimum requirements

▪ The operator needs to guarantee, that

– any amounts deposited by the player will be credited to the player’s account immediately,

– any balance on the player account can be paid out upon request at any time,

– funds deposited in the player's accounts will be held and managed separately from other assets and will not be

used for risk balancing, and

– the entire customer funds are covered by liquid funds at all times.

Payment Processing ConceptMinimum requirements

IT Security

1. ISMS – Information Security Management System

• ISO 27001 certificate or equivalent standard for the systems used (including the protocols)

alternatively:

• proof of compliance with all standards contained in DIN ISO 27001 by certification of an auditor who is certified according to an

internationally recognized IT security standard, along with an audit report; or

• if no certificate exists: submission of an IT Security Concept based on the ISO-27001 standard (or an equivalent standard for IT

security).

2. Appointment of an ISMS responsible (name, adress, email, phone)

3. Appointment of an IT responsible (name, adress, email, phone)

Regulatory ISMS & IT requirementsFormal requirements

1. TLS 1.2 Usage

– Usage of at least TLS 1.2 for registration and communication with the customer after login

2. Minimal Field Requirements for Registration:

– Name, surname , address (street, street #, postal code, city), birth date, place of birth, nationality, self choosen password for later

authentication

3. IP logging

– In accordance with „Internetanforderungen nach § 4 Abs. 5 - Eckpunkte“ (as by 08.08.2018)

4. Authentication

– At registration stage, future authentication method must be choosen:

– Password or biometric or SmartCard

– In case of password usage: min 8 characters, at least 1 number, at least 1 special character, upper & lower case

Regulatory ISMS & IT requirementsIT specific requirements 1/2

5. Account Locking – risk mitigation for brute force attacks

– Locking of gamer account after 5 unsuccessful logins

– Manual or automatic de-lock after minimum 30 minutes

– Annual penetration tests

6. Website Security – OWASP (The Open Web Application Security Project)

7. OWASP Top 10 -2017 - The Ten Most Critical Web Application Security Risks – Standard to be adhered to

– Evidence of implemented controls OR

– Plan how to implement required controls

Regulatory ISMS & IT requirementsIT specific requirements 2/2

Contact

Chevron Consultants

Birkenwaldstr. 38

63179 Obertshausen (Germany)

Phone: +49 (0) 6104 775 1001

Fax: +49 (0) 6104 775 1009

Malta: +356 (0) 277 801 56

Email: info@chevron-consultants.com

URL: www.chevron-consultants.com

REDEKER / CHEVRON

Hilton, St. Julians 05.09.2019“Germany on the way to regulating sportsbetting ?

Ronald Reichert, Tobias Ody, Bonn/Berlin, 05.09.2019

34

Sportsbetting : What will we touch on today?

➢ What qualifies us to say something

➢ What disqualifies Germany to be able to do this ?

➢ What qualifies the incoming procedure to be successful ?

➢ Is this a Chairos Moment for Germany?

➢ Why we believe there is a high likelihood of enforceability

➢ What to expect on the practical issues …

➢ Betting program

➢ Limits

➢ Onlinecasino

➢ Advertising

35

II. What qualifies us for the job?

➢ Litigation expertise

➢ … and success

➢ Legislation Practice

➢ … continuous participation in Legislative practice

➢ Ongoing Consultation

➢ Experience with market leading and trendsetting clients

➢ Current Information

➢ First Hand with the Regulator

36

II. What qualifies us for the job?

➢ REDEKER won nearly all precedent decisions 1999 – 2019

Major Precedents:

➢ 2002: Legalising Crossboarder Horsebetting (OVG Hamburg)

➢ 2004: Stopping Enforcement in Germany (BVerfG)

➢ 2006: Toppling Sportsbetting Monopoly (BVerfG)

➢ 2010: Toppling 1st Interstate treaty (ECJ, Markus Stoß et. al.)

➢ 2010-13: Cancelling Interdiction Orders (Federal Administrative

Court Decisions - BVerwG)

➢ 2012-15: Stopping Sportsbetting Procedure (VG‘s; Hess. VGH)

➢ 2016: Preventing Tolaration regime in Germany (Hess. VGH)

➢ 2017: Legalizing Sportsbetting (OVG NW)

➢ 2017: Ending Threat of Criminal Law for Sportsbetting (ECJ Ince

– primarily Karpenstein)

➢ REDEKER advises market leaders in all areas of Gaming

37

What qualifies Germany for Gaming regulation ?

➢ History in General ? [No Pictures – for reasons of tact]

➢ Regulatory-History ? history of failing oppression; anekdote

➢ Resume: 6 failing regulatory regimes in 20 years

➢ Resume: 8 major defeats for the government before the

highest courts in 20 years

➢ Resume: A totally unregulated environment

➢ To sum it up: Room for improvement …

38

What qualifies RP Darmstadt and the sports betting procedure 2020?

➢ The mix of expertise – pragmatism - Favour

➢ Concentration of competency in Darmstadt

➢ political position of Hesse

➢ political constellation NRW, HE, S-H until 2022

Could this be a Chairos Moment for Online regulation ?

39

Why there is a high likelihood of enforceability?

➢ Why we won in the past?

➢ Monopoly 1999-2006 (BVerfG vs. ECJ);

➢ IST 2008-2011 (Sportsbetting Restriction vs. Arcades expansion)

➢ Permitting procedure 2012-2019: Limitation to 20

➢ Why we will not topple the procedure in the future?

➢ New Regulation => No denial of market entry (only restriction)

➢ ECJ: union law not against permitting requirement

➢ BVerwG: confirmed compatibillity of IST with Union Law

➢ RP Da: published nondiscriminating procedure

➢ Courts: Understanding Judges‘ Psychology

➢ Exeption: nitty gritty details of challening critical restrictions etc.

40

critical restrictions: Betting program

➢ A result to betting vs. event betting

➢ Differing positions 2012-2019

➢ concession procedure

➢ enforcement guidelines (2016)

➢ court proceedings (2015-18)

➢ länder-decision 2018)

➢ Likely outcome?

➢ Judicial remedy?

41

critical restrictions: Limits

➢ 1.000,00 Euro stakes

➢ possibility of exemptions

➢ Horse Betting model effective player protection

➢ Litigation

➢ Violation of union law

➢ injunctory proceedings?

42

critical restrictions: Consequences for Online casino ?

➢ favorable wording to declaration of compliance

➢ future of online casino?

➢ Hesse: Reading the “Glass Ball”

➢ Political Role of Hesse (+ S-H + NRW)

➢ Role of the market for success to channelling

➢ legal aspects ?

➢ next slide

43

critical restrictions: Online casino, here: legal Aspects

➢ unfavorable administrative court decisions 26.10.2017 and ff.

➢ legal flaws, but to no avail in litigation

➢ incoherency sportsbetting ./. onlinecasino

➢ no interim exemtions to union law

➢ lack of evidence

➢ no referral to ECJ in spite of need of interpretation

➢ new legal aspects:

➢ changes to regulation: prolongation experimental clause to 2021

➢ evaluations prove preference of regulation over prohibition: Hesse, S-H, DSWV, EU-Comm,

Fiedler

Berlin · Bonn · Brüssel · Leipzig · London · München www.redeker.de

Rechtsanwälte, Partnerschaftsgesellschaft mbB, Sitz Bonn, Essen PR 1947

your contact person:

Dr. Ronald Reichert Tobias Ody

Willy-Brandt-Allee 11, 53113 Bonn Leipziger Platz 3, 10117 Berlin

Tel +49 0228/72625-128 +49 030/885665-121

reichert@redeker.de ody@redeker.de

thank you for your attention

Berlin · Bonn · Brüssel · Leipzig · London · München www.redeker.de

Rechtsanwälte, Partnerschaftsgesellschaft mbB, Sitz Bonn, Essen PR 1947

Leipziger Platz 3

10117 Berlin

Tel +49 30 885665-0

Fax +49 30 885665-99

berlin@redeker.de

Berlin

172, Av. de Cortenbergh

1000 Brüssel

Tel +32 2 74003-20

Fax +32 2 74003-29

bruessel@redeker.de

Brüssel

Willy-Brandt-Allee 11

53113 Bonn

Tel +49 228 72625-0

Fax +49 228 72625-99

bonn@redeker.de

Bonn

Mozartstraße 10

04107 Leipzig

Tel +49 341 21378-0

Fax +49 341 21378-30

leipzig@redeker.de

Leipzig

Maffeistraße 4

80333 München

Tel +49 89 2420678-0

Fax +49 89 2420678-69

muenchen@redeker.de

München

4 More London Riverside

London SE1 2AU

Tel +44 20 740486 41

Fax +44 20 743003 06

london@redeker.de

London