Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
Latest Updates on the New German
Sports Betting Application
5th of September, 2019
09:30 – Registration
10:00 – Welcome and Introduction (Chevron)
10:05 – Status Quo of the German Interstate Treaty on Gambling (Redeker)
10:25 – Presentation of the Requirements (Chevron)
10:45 – Legal Criticals: Betting Program/Limit of 1,000 Euro (Redeker)
11:00 – Necessary Concepts (Sales, AML, RG) (Chevron)
11:15 – Legal Criticals: Advertising including Bonuses/Online Casino (Redeker)
11:30 – Necessary Concepts: Payment, ISMS (Chevron)
11:40 – Questions (Redeker / Chevron)
11:55 – Closing
Agenda
Application requirements for a
German Sportsbetting License
From the Presentation of the Regulator at the 13th of August 2019
Timeline
▪ Applications can be submitted in October
▪ Until the end of December the Interstate Treaty will go through the parliaments of the 16 states
(Bundesländer)
▪ 02nd of January 2020: the official application procedure starts
▪ After a short grace period letters will be send out to operators which did not submit an application
▪ The authority is aware of 160 operators operating on the German market
▪ “experimental phase” / license valid until 30st of June 2021
General Information/Formalia
Application Requirements
▪ (Official) Certificates / documents not in German must be accompanied by a German (certified) translation.
▪ Application documents must be submitted in paper form and be transmitted via email or upload.
▪ Only if the required documents from the country of origin have no equivalent legal provision, the
requirement may be waived. Regional Council has identified no. II. 5., 6., 9. and 10. as open to this waiver.
▪ Some documents (e.g. DD) must not be older than 3 months.
▪ Further application documents may be requested subsequently.
▪ References must indicate the exact location including page numbers.
▪ According to the presentation at the 13th of August forms of the requested declarations will be provided by
the authority.
▪ Questions will be answered within the F&Q section of the website of the regulator
List of Requirements
Application Requirements
1. General information / DD on the applicant and the authorised representatives
2. Designation of a receiving agent (local lawyer) located in Germany / PoA (original)
3. Copy of the commercial registration in Germany (Gewerbeanmeldung) if applicable
4. Foreign gambling licence if applicable
5. Excerpt from the register of companies
6. Certificate of good standing of the tax authorities from the applicant and the authorised representatives
7. Confirmation of the Tax Authority Frankfurt a. M. III / sports betting tax (“Bescheinigung in Steuersachen”)
8. Excerpt from the debtors register in Germany or outside of Germany an equivalent document
9. Excerpt from the Central Commercial Register in Germany or equivalent e.g. Certificate of Good Conduct /
police record from the applicant and the authorised representatives
List of Requirements
Application Requirements
11. Proof of expertise of the directors (commercial qualification and 2 years of betting operator activity)
12. Presentation of the complete ownership and shareholder structure
13. Disclosure of trustee relationships
14. Declaration / Commitment not to offer unauthorised gambling, also through affiliated (verbundene
Unternehmen) companies as e.g. members of the same group
15. Statement on how the security (e.g. bank guarantee) of 5-25 million Euro will be provided
16. Declaration of diligent recordkeeping for betting tax calculation purposes
17. Certificate of auditor / chartered accountant confirming of operating cash flow / funds and explanation of
how the business is funded
18. Statement from an independent auditor of the ringfencing of player balances and declaration on
insolvency insurance of customer funds
List of Requirements
Application Requirements
21. Acces to realtime data in ARGUS / XML format via webservice independent from operational databases
22. Transparency to the player concept, e.g. game description, complaint management, licensee information,
Gambling therapy information, data privacy policy
23. Business projection for 2020/2021 (relevant for calculation of application-/annual supervision fee, security)
24. Monitoring of match-fixing: internal measures and cooperations with external providers
25. General terms and conditions: online and through landbased agent networks
26. Contact person for the betting operation
27. Designation of a Data Protection Officer with sufficient knowledge of the German law
28. Declaration regarding notification of changes
29. Declaration regarding completeness of documents
Sales Concept
1. General requirements (Internet and Retail)
– List of all brands differentiated according to distribution channel
– Declaration reg. bet type restrictions
– Description of customer card functionality
2. Internet-specific Requirements
– Information as to whether the technical processing is performed by the company itself or by a service provider.
– Details regarding the service provider (name, address, e-mail, telephone number).
– List of the internet domain(s) and mobile internet application(s) or app/s
– Description of the website (in particular: customer hotline, language settings, data protection information, imprint, help options,
handling private mode, information about gambling licence valid in Germany).
3. Business projection for 2020/2021:
– Projection of the expected amount of stakes for sports betting operations in Germany (not explicitly part of the sales concept;
relevant for the calculation of the license application, annual supervision fee and security)
Sales ConceptMinimum Requirements for Application
Anti-Money Laundering
1. Identification
– The requirements of the German Anti-Money Laundering Act for the identification of business partners must be met at any times.
– Online:
– Full DD within 30 after registration with a wagering limit of 150 €
– Smart way of verification of players identity will be a competitive advantage; the Germany AML requirements request full DD on players
– Non-certified copies of identification documents are not seen as sufficient for the standard CDD procedure
– Land-based:
– Until now it is unclear if the monitoring requirements may allow anonymous betting in the future
2. Player Account
– A player account meeting the requirements of the German Anti-Money Laundering Act and subsidiary legislation (Anwendungs- und
Auslegungshinweise zum Geldwäschegesetz, AuA) must be established
3. Payment Transactions/Bank Account
– All payment transaction can only be performed through payment accounts according to the German payment service legislation
(ZAG) or recognised similar EU legislation
Anti-Money LaunderingMinimum Requirements for Application
▪ A full AML Concept including risk analysis is not explicitly required to be submitted as an application
document, but
▪ Requirements of the German AML legislation must be taken into consideration and will be evaluated by the
relevant supervisory authorities after granting of the license
▪ In brief, an Anti-Money Laundering Concept would have to cover:
– A risk analysis
– Internal security measures (e.g. Automated AML Monitoring System, Training, Employee DD …)
– Appointment of an German speaking AML officer and deputy
– Compliance with due diligence obligations under the AML Act
– KYC measures
– Internal revision
Anti-Money LaunderingAML Concept
▪ Risk analysis, AML measures and internal revision
are main parts of an ISO managemet system
▪ ISO 19600 provides a framework for a Compliance
Management System (ISO 31000 for Risk
Management)
▪ Details on the implementation of an „AML
Compliance Management System“ according to ISO
19600 and ISO 31000 for Malta, Germany and other
jurisdiction can be provided on request
Anti-Money LaunderingAML Management System
Player Protection
▪ Prevention is a key element of healthcare = avoiding the development of a disease
– Prevention is a generic term in public health care for targeted measures and activities to prevent diseases or damage to health, to
reduce the risk of the disease or to delay its occurrence. Preventive measures can be assigned to measures of the first, the second or the
third degree, all according to the time at which they are applied. Furthermore, preventive measures can be differentiated according to
whether they are based on individual behaviour (behavioural prevention) or on life circumstances (environmental prevention).
▪ Player Protection (how it is anticipated in Germany = Prevention of addiction in gambling)
▪ Player protection obligates different stakeholders in gambling
Player Protection ConceptWhat is prevention?
▪ There are two approaches to prevention in healthcare
1. Behavioural prevention
– Behavioural prevention refers directly to the individual person and his or her individual health behaviour. This includes, for example,
measures that strengthen one's own health competence. The aim is to reduce risk factors, e.g. through problematic or pathological
gambling.
2. Environmental prevention
– The environmental prevention takes life and work circumstances into account. This includes, for example, the life environment and
other factors which may influence health, such as the range of products on offer and the accessibility/availability of gambling services.
Player Protection ConceptWhat is prevention?
Player Protection ConceptWhat is prevention?
Individuals
at risk
at-risk groups
Population or specific population
groups
indicated prevention
selective prevention
universal preventiondensity and intensity of
interventions
Player Protection ConceptWhat is prevention?
social gamblers
• largest group
• inconspicuous gaming
behaviour
• no problems
problematic gamblers:
• are endangered
• in transition
• moderate problems
pathological gamblers:
• smallest group
• uncontrolled gambling
• severe problems
intervention
target
Information
and
enlightment
Early detection
and -intervention
Approach and
intervention
Promotion of
Responsible
Gaming
Promoting
low-risk and
controlled gambling
Protection
and
referral to help
system
▪ RG is a broad, holistic concept targeting key stakeholders in the field of gambling to the target of avoiding
and reducing gambling related harm from individuals (and from society) with specific and differentiated
measures. Its main areas:
Player Protection ConceptWhat is Responsible Gaming?
RG
Underage
Gambling
Vulnerable
players
Fraud
Fair gaming
payments
Responsible
marketing
Customer´s
satisfaction
Secure, save
and reliable
operations
▪ Player Protection is a special topic in the German gambling regulation, effects business development and
combines behavioural with environmental prevention measures.
– Limits, including time limits
– Exclusions with a duration from one day to permanent
– Legally required breaks
– Appropriate communication
– Short gateway to therapy
– Effectiveness checks
– Reviews by the authorities
Player Protection ConceptWhat is player protection?
▪ A Social Concept is a framework, which describes how (mandatory) requirements for player and minor
protection are implemented and executed. The regulator expects documentation containing transparent,
distribution-specific descriptions of how
– player and minor protection measures are implemented to the corporate structure,
– the mandatory, environmental measures for prevention (e.g. warranty for the exclusion of minors and excluded
players , monthly betting lim tof EUR 1.000,- per customer, connection to the database of blocked players, OASIS)
will be operated,
– players are guided to bet responsibly (e.g. by using delivered protection measures)
– measures and procedures are continuously improved
Player Protection ConceptWhat is „Sozialkonzept“?
▪ Operators (and betting agents) must take measures and procedures targeted
– to operational structure and procedures (e.g. by technical banning measures and an interface to the German
database of blocked players, “OASIS”),
– to personnel,
– to customers.
▪ The manual must take the risk specifics of the offered games of chance and its distribution channels (online
and/or stationary) into account!
Player Protection ConceptWhat is „Sozialkonzept“?
▪ Operators (and betting agents) must take measures and procedures and concrete circumstances are used
– to warren the exclusion of minors and excluded players (e.g. by technical banning measures and an interface to
the German database of blocked players, “OASIS”),
– to prevent customers from gambling-related harm (e.g. by ensuring that customers have adjustable limits on
stakes, deposits and losses, this in light of the statutory maximum monthly stakes of EUR 1000,-),
– to encourage players to
– gamble responsibly,
– use different measures to protect themselves,
– use professional help if needed.
▪ The manual must take the risk specifics of the offered games of chance and its distribution channels (online
and/or retail) into account!
▪ Guidelines and procedures for employees are to be forming part of the manual.
Player Protection ConceptWhat is „Sozialkonzept“?
Payment Processing
▪ Proof of bank account for game-related transactions held in Germany or with a credit instiution regulated
and residing in an EEA member state
▪ Separate accounting for all gaming transactions in Germany
▪ Overview of all payment methods offered
– Anonymous payment methods (e.g. Paysafe) are not allowed
– Anonymous credit card payments only up to an amount of 25 euro per transaction and 100 euro per month
▪ Prohibition of granting credits/loans
▪ For PSPs: Proof of compliance with PCI-DSS standard (if applicable further requirements imposed directly
by AML legislation
Payment Processing ConceptMinimum requirements
▪ The operator needs to guarantee, that
– any amounts deposited by the player will be credited to the player’s account immediately,
– any balance on the player account can be paid out upon request at any time,
– funds deposited in the player's accounts will be held and managed separately from other assets and will not be
used for risk balancing, and
– the entire customer funds are covered by liquid funds at all times.
Payment Processing ConceptMinimum requirements
IT Security
1. ISMS – Information Security Management System
• ISO 27001 certificate or equivalent standard for the systems used (including the protocols)
alternatively:
• proof of compliance with all standards contained in DIN ISO 27001 by certification of an auditor who is certified according to an
internationally recognized IT security standard, along with an audit report; or
• if no certificate exists: submission of an IT Security Concept based on the ISO-27001 standard (or an equivalent standard for IT
security).
2. Appointment of an ISMS responsible (name, adress, email, phone)
3. Appointment of an IT responsible (name, adress, email, phone)
Regulatory ISMS & IT requirementsFormal requirements
1. TLS 1.2 Usage
– Usage of at least TLS 1.2 for registration and communication with the customer after login
2. Minimal Field Requirements for Registration:
– Name, surname , address (street, street #, postal code, city), birth date, place of birth, nationality, self choosen password for later
authentication
3. IP logging
– In accordance with „Internetanforderungen nach § 4 Abs. 5 - Eckpunkte“ (as by 08.08.2018)
4. Authentication
– At registration stage, future authentication method must be choosen:
– Password or biometric or SmartCard
– In case of password usage: min 8 characters, at least 1 number, at least 1 special character, upper & lower case
Regulatory ISMS & IT requirementsIT specific requirements 1/2
5. Account Locking – risk mitigation for brute force attacks
– Locking of gamer account after 5 unsuccessful logins
– Manual or automatic de-lock after minimum 30 minutes
– Annual penetration tests
6. Website Security – OWASP (The Open Web Application Security Project)
7. OWASP Top 10 -2017 - The Ten Most Critical Web Application Security Risks – Standard to be adhered to
– Evidence of implemented controls OR
– Plan how to implement required controls
Regulatory ISMS & IT requirementsIT specific requirements 2/2
Contact
Chevron Consultants
Birkenwaldstr. 38
63179 Obertshausen (Germany)
Phone: +49 (0) 6104 775 1001
Fax: +49 (0) 6104 775 1009
Malta: +356 (0) 277 801 56
Email: [email protected]
URL: www.chevron-consultants.com
REDEKER / CHEVRON
Hilton, St. Julians 05.09.2019“Germany on the way to regulating sportsbetting ?
Ronald Reichert, Tobias Ody, Bonn/Berlin, 05.09.2019
34
Sportsbetting : What will we touch on today?
➢ What qualifies us to say something
➢ What disqualifies Germany to be able to do this ?
➢ What qualifies the incoming procedure to be successful ?
➢ Is this a Chairos Moment for Germany?
➢ Why we believe there is a high likelihood of enforceability
➢ What to expect on the practical issues …
➢ Betting program
➢ Limits
➢ Onlinecasino
➢ Advertising
35
II. What qualifies us for the job?
➢ Litigation expertise
➢ … and success
➢ Legislation Practice
➢ … continuous participation in Legislative practice
➢ Ongoing Consultation
➢ Experience with market leading and trendsetting clients
➢ Current Information
➢ First Hand with the Regulator
36
II. What qualifies us for the job?
➢ REDEKER won nearly all precedent decisions 1999 – 2019
Major Precedents:
➢ 2002: Legalising Crossboarder Horsebetting (OVG Hamburg)
➢ 2004: Stopping Enforcement in Germany (BVerfG)
➢ 2006: Toppling Sportsbetting Monopoly (BVerfG)
➢ 2010: Toppling 1st Interstate treaty (ECJ, Markus Stoß et. al.)
➢ 2010-13: Cancelling Interdiction Orders (Federal Administrative
Court Decisions - BVerwG)
➢ 2012-15: Stopping Sportsbetting Procedure (VG‘s; Hess. VGH)
➢ 2016: Preventing Tolaration regime in Germany (Hess. VGH)
➢ 2017: Legalizing Sportsbetting (OVG NW)
➢ 2017: Ending Threat of Criminal Law for Sportsbetting (ECJ Ince
– primarily Karpenstein)
➢ REDEKER advises market leaders in all areas of Gaming
37
What qualifies Germany for Gaming regulation ?
➢ History in General ? [No Pictures – for reasons of tact]
➢ Regulatory-History ? history of failing oppression; anekdote
➢ Resume: 6 failing regulatory regimes in 20 years
➢ Resume: 8 major defeats for the government before the
highest courts in 20 years
➢ Resume: A totally unregulated environment
➢ To sum it up: Room for improvement …
38
What qualifies RP Darmstadt and the sports betting procedure 2020?
➢ The mix of expertise – pragmatism - Favour
➢ Concentration of competency in Darmstadt
➢ political position of Hesse
➢ political constellation NRW, HE, S-H until 2022
Could this be a Chairos Moment for Online regulation ?
39
Why there is a high likelihood of enforceability?
➢ Why we won in the past?
➢ Monopoly 1999-2006 (BVerfG vs. ECJ);
➢ IST 2008-2011 (Sportsbetting Restriction vs. Arcades expansion)
➢ Permitting procedure 2012-2019: Limitation to 20
➢ Why we will not topple the procedure in the future?
➢ New Regulation => No denial of market entry (only restriction)
➢ ECJ: union law not against permitting requirement
➢ BVerwG: confirmed compatibillity of IST with Union Law
➢ RP Da: published nondiscriminating procedure
➢ Courts: Understanding Judges‘ Psychology
➢ Exeption: nitty gritty details of challening critical restrictions etc.
40
critical restrictions: Betting program
➢ A result to betting vs. event betting
➢ Differing positions 2012-2019
➢ concession procedure
➢ enforcement guidelines (2016)
➢ court proceedings (2015-18)
➢ länder-decision 2018)
➢ Likely outcome?
➢ Judicial remedy?
41
critical restrictions: Limits
➢ 1.000,00 Euro stakes
➢ possibility of exemptions
➢ Horse Betting model effective player protection
➢ Litigation
➢ Violation of union law
➢ injunctory proceedings?
42
critical restrictions: Consequences for Online casino ?
➢ favorable wording to declaration of compliance
➢ future of online casino?
➢ Hesse: Reading the “Glass Ball”
➢ Political Role of Hesse (+ S-H + NRW)
➢ Role of the market for success to channelling
➢ legal aspects ?
➢ next slide
43
critical restrictions: Online casino, here: legal Aspects
➢ unfavorable administrative court decisions 26.10.2017 and ff.
➢ legal flaws, but to no avail in litigation
➢ incoherency sportsbetting ./. onlinecasino
➢ no interim exemtions to union law
➢ lack of evidence
➢ no referral to ECJ in spite of need of interpretation
➢ new legal aspects:
➢ changes to regulation: prolongation experimental clause to 2021
➢ evaluations prove preference of regulation over prohibition: Hesse, S-H, DSWV, EU-Comm,
Fiedler
Berlin · Bonn · Brüssel · Leipzig · London · München www.redeker.de
Rechtsanwälte, Partnerschaftsgesellschaft mbB, Sitz Bonn, Essen PR 1947
your contact person:
Dr. Ronald Reichert Tobias Ody
Willy-Brandt-Allee 11, 53113 Bonn Leipziger Platz 3, 10117 Berlin
Tel +49 0228/72625-128 +49 030/885665-121
[email protected] [email protected]
thank you for your attention
Berlin · Bonn · Brüssel · Leipzig · London · München www.redeker.de
Rechtsanwälte, Partnerschaftsgesellschaft mbB, Sitz Bonn, Essen PR 1947
Leipziger Platz 3
10117 Berlin
Tel +49 30 885665-0
Fax +49 30 885665-99
Berlin
172, Av. de Cortenbergh
1000 Brüssel
Tel +32 2 74003-20
Fax +32 2 74003-29
Brüssel
Willy-Brandt-Allee 11
53113 Bonn
Tel +49 228 72625-0
Fax +49 228 72625-99
Bonn
Mozartstraße 10
04107 Leipzig
Tel +49 341 21378-0
Fax +49 341 21378-30
Leipzig
Maffeistraße 4
80333 München
Tel +49 89 2420678-0
Fax +49 89 2420678-69
München
4 More London Riverside
London SE1 2AU
Tel +44 20 740486 41
Fax +44 20 743003 06
London