1. Purpose
- To ensure the integrity, security, availability, and compliance monitoring of wagering data maintained by licensees, facilitating anti-money laundering (AML) and counter-terrorism financing (CTF) efforts.
2. Scope
- This policy applies to all VGA gaming licensees that handle, process, or store wagering data.
3. Definitions
- Wagering Data: Any information related to betting activities, including but not limited to bet amounts, bet types, outcomes, user transactions, and a unique user identifier for each transaction.
- Replica Repository: A complete and up-to-date copy of data held in a separate storage system, designed to ensure data preservation and facilitate compliance checks.
4. Policy Statement
- All VGA licensees are required to maintain a replica repository of all wagering data to ensure data redundancy, resilience against data loss, and to support the VGA’s efforts in monitoring and enforcing AML/CTF regulations.
5. Requirements
- Data Completeness: The replica repository must include a full copy of all wagering data to ensure that all aspects of data storage are replicated.
- Database Schema: Licensees must provide a complete and current database schema at the initiation of their license and update it whenever changes are made to the data structure.
- Frequency of Updates: The replica must be updated in real-time or near-real-time with a maximum lag time of 24 hours.
- Data Encryption: All stored data must be encrypted both in transit and at rest using industry-standard encryption protocols.
- Physical Location: The replica repository must be physically located in a jurisdiction specified by the VGA, ensuring compliance with relevant data protection laws.
- Access Controls: Access to the replica repository must be strictly controlled and limited to authorized VGA personnel, their agents, and other approved entities. Robust authentication mechanisms must be in place to secure access.
- Data Retention: Wagering data in the replica repository must be retained for a minimum period of five years to comply with regulatory requirements.
6. Compliance Monitoring
- Licensees must submit annual compliance reports to the VGA detailing the operational status of the replica repository and synchronization accuracy.
- VGA will conduct annual audits to verify the existence, security, and accuracy of the replica repository, as well as its effectiveness in facilitating AML/CTF monitoring.
7. Non-compliance
- Failure to meet the requirements of this policy may result in penalties such as fines, suspension, or revocation of the gaming license, or other actions as deemed appropriate by the VGA.
8. Implementation
- Licensees are given a transitional period of three months from the time of license issuance to establish and operationalize their replica repositories according to these guidelines.
9. Amendments
- This policy may be amended as necessary based on technological advancements, regulatory changes, or operational feedback. Licensees will be notified of any amendments at least three months prior to implementation.