Consultation response
Changes to information requirements in the LCCP, regulatory returns, official statistics, and related matters
Parts I and II of the consultation response that sets out our position in relation to the information the Gambling Commission requires licensees to provide us.
Contents
- Executive Summary
- Introduction
- Part 1: Summary of responses - Changes to information requirements for licensees: Consultation Response
- - Proposal 1: Changes to licence condition 13.1.1 (Pool betting)
- - Proposal 2: Changes to licence condition 13.1.2 (Pool betting – football pools)
- - Proposal 3: Changes to licence condition 15.1.1 (reporting suspicion of offences)
- - Proposal 4: Changes to licence condition 15.1.2 (reporting suspicion of offences)
- - Proposal 5: Additional licence condition 15.1.3 (reporting of systematic or organised money lending)
- - Proposal 6: Changes to licence condition 15.2.1 (reporting key events – operator status)
- - Proposal 7: Changes to licence condition 15.2.1 (reporting key events – relevant persons and positions)
- - Proposal 8: Changes to licence condition 15.2.1 (reporting key events – financial events)
- - Proposal 9: Changes to licence condition 15.2.1 (reporting key events - legal or regulatory proceedings or reports)
- - Proposal 10: Changes to licence condition 15.2.1 (reporting key events – gambling facilities)
- - Proposal 11: Changes to licence condition 15.2.2 (other reportable events)
- - Proposal 12: Additional licence condition 15.2.3 (Other reportable events)
- - Proposal 13: Changes to licence condition 15.3.1 (general and regulatory returns)
- - Proposal 14: Changes to code 3.2.1, 3.2.3, 3.2.5 and 3.2.7 (access to gambling by children and young persons)
- - Proposal 15: Changes to social responsibility code provision 6.1.1 (complaints and disputes)
- - Proposal 16: Changes to ordinary code provision 4.2.8 (betting integrity)
- - Proposal 17: Changes to ordinary code provision 8.1.1 (information requirements – ordinary code)
- - Proposal 18: Changes to personal licence conditions
- Part 2: Summary of responses - Changes to information requirements for licensees: Consultation Response
- - Proposal 1: Reduce the amount of data we collect
- - Proposal 2: Remove the requirement for licensees to report premise acquisitions and disposals
- - Proposal 3: Remove the requirement for non-remote casino licenses to report data on a casino-by-casino basis
- - Proposal 4: Remove the requirement for gambling software licence holders to report individual gambling software titles
- - Proposal 5: Enhance the operational information section of regulatory returns with more consumer and safer gambling questions
- - Proposal 6: Link the requirement for licensees to submit quarterly or annual returns to the aggregate maximum GGY permitted by all their licences
- - Proposal 7: Improve our digital service for regulatory returns collection (eServices)
- - Proposal 8: Proposal to discontinue collecting monthly non-remote casino drop and win data
- - Proposal 9: Industry Statistics - review of user requirements
- Annex - Summary of changes to licence conditions and codes of practice
Proposal 10: Changes to licence condition 15.2.1 (reporting key events – gambling facilities)
Proposal
For key events concerning the provision of gambling facilities we proposed to:
- reassign licence condition 15.2.1 (26), concerning reporting of Alternative Dispute Resolution (ADR) entities, from key events to 'other reportable events' under Licence condition 15.2.2
- remove licence condition 15.2.1 (27) as we no longer need this information to be reported to us as a key event
- update licence condition 15.2.1 (28) for remote gambling to put beyond doubt that we expect domains covered by ‘white label’ arrangements to be included in the reporting to us of the commencement or cessation of trading on website domains. This will improve our ability to monitor the licensee’s compliance across all website domains through which gambling is being offered in reliance on a Gambling Commission licence
- amend the footnote for licence condition 15.2.1, to reinforce that key event submissions are to be made online via our eServices’ portal. This will enable us to capture and process key events faster and more efficiently.
Consultation question
Question 1.10. Do you agree with the proposed changes to the licence condition?
Respondents' views
Overall, respondents supported the proposal to reword our key events relating to information security (licence condition 15.2.1 (25a)). Some respondents preferred the explicitness of the original wording (for example 'for longer than 24 hours'), and viewed the new wording as open to interpretation (for example would we need to be notified of one minute of downtime during which customers could not access their accounts). Others commented that the existing wording is more aligned with reporting requirements for the Information Commissioner’s Office (ICO), in which the regulator only needed to be notified of instances that had an 'adverse impact' on the customer data.
It was suggested that the proposal to expand the requirement to all breaches that affect the confidentiality of customer data was disproportionate and burdensome; and is wider in scope than the requirements of the relevant legislation and guidelines on notifiable breaches issued by the ICO. One respondent sought clarity on what would constitute a 'licensee’s environment' and an acceptable amount of time for cyber-attacks that lasted beyond a 'licensee’s defined sustained period'.
Respondents welcomed our proposal to reassign key event 15.2.1 (26), concerning reporting of ADR entities, from key events to 'other reportable events' under licence condition 15.2.2. Respondents also agreed that the removal of key event 15.2.1 (27) will reduce regulatory burden and improve operational efficiency.
Respondents commented that the inclusion of domains covered by ‘white labels’ in the reporting to us of the commencement or cessation of trading on website domains reflected good practice.
There were no objections to our clarification that key events are to be reported to us via our eServices system, rather than by email or other means. A couple of respondents asked whether our eServices system would be updated with the revised set of key events. There was a suggestion that an ‘Other’ option be added to the available sub-categories for reporting of key events and another that the footnote relating to how key events are to be reported to us, be amended from 'Key events are to be reported' to 'Key events must be reported'.
Our position
We have considered comments received about the proposal to update our key event about information security (licence condition 15.2.1 (25a). We accept comments from licensees that the key event should be more explicit and less open to interpretation. Also, that if we focus it only on the reporting of breaches which cause adverse impacts, that this will be more proportionate, and risk based. We have revised the proposed wording in this light.
After the revised set of key events come into effect, we will update the eServices system reporting options in line with those. We will not add an ‘Other’ category for key events, as these are all explicitly defined, but we will do so for ‘other reportable events’.
If licensees do experience technical issues preventing them reporting key events to us via eServices within 5 days, they should capture evidence of the problems experienced and contact their Licensing Account Manager for assistance.
We will use the wording 'are to be reported' to us online via the eServices digital service, instead of 'must be reported', as this allows for exceptions to be made for accessibility reasons.
These changes will take effect from 31 October 2020. We will publish further guidance relating to the changes before that date. This will include updating our guidance on Notification of information security breaches (opens in new tab).
Final wording of amended licence condition 15.2.1 (Gambling facilities)
Gambling facilities
25a Any security breach to the licensee’s environment that adversely affects the confidentiality of customer data; or prevents the licensee's customers, staff, or legitimate users from accessing their accounts for longer than 12 hours.
25b [No change]
26 [Removed and renumbered]
27 [Removed and renumbered]
28 In the case of remote gambling, the commencement or cessation of trading on website domains (including mobile sites or mobile device applications) or broadcast media through which the licensee provides gambling facilities (including domains covered by ‘white label’ arrangements).
In this condition: ‘body corporate’ has the meaning ascribed to that term by section 1173 of the Companies Act 2006 or any statutory modification or re-enactment thereof:
- a. in respect of a company, ‘holding company’ and ‘subsidiary’ have the meaning ascribed to that term by section 1159 of the Companies Act 2006 or any statutory modification or re-enactment thereof
- b. a ‘group company’ is any subsidiary or holding company of the licensee and any subsidiary of such holding company
Proposal 9: Changes to licence condition 15.2.1 (reporting key events - legal or regulatory proceedings or reports) Next section
Proposal 11: Changes to licence condition 15.2.2 (other reportable events)
Last updated: 16 March 2023
Show updates to this content
No changes to show.