Pennsylvania Code & Bulletin
COMMONWEALTH OF PENNSYLVANIA

• No statutes or acts will be found at this website.

The Pennsylvania Bulletin website includes the following: Rulemakings by State agencies; Proposed Rulemakings by State agencies; State agency notices; the Governor’s Proclamations and Executive Orders; Actions by the General Assembly; and Statewide and local court rules.

PA Bulletin, Doc. No. 18-1449

RULES AND REGULATIONS

Title 58—RECREATION

PENNSYLVANIA GAMING CONTROL BOARD

[ 58 PA. CODE CHS. 1401 and 1407—1411 ]

Conduct of Sports Wagering Generally; Sports Wagering Testing and Controls; Sports Wagering Accounting and Internal Controls; Sports Wagering Advertisements, Promotions and Tournaments; Sports Wagering Compulsive and Problem Gambling Requirements; and Sports Wagering Self-Excluded Persons—Temporary Regulations

[48 Pa.B. 5728]
[Saturday, September 15, 2018]

 The Pennsylvania Gaming Control Board (Board), under its general authority in 4 Pa.C.S. § 1202(b)(30) (relating to general and specific powers) and the specific authority in 4 Pa.C.S. § 13C03(b) (relating to temporary sports wagering regulations), adds temporary regulations regarding general provisions for the conduct of sports wagering; sports wagering testing and controls; sports wagering accounting and internal controls; sports wagering advertisements, promotions and tournaments; sports wagering compulsive and problem gambling requirements; and sports wagering self-excluded persons to read as set forth in Annex A.

Purpose of this Temporary Rulemaking

 This temporary rulemaking includes rules to ensure the integrity and security of sports wagering in this Commonwealth.

Explanation of §§ 1401.6—1401.8 and Chapters 1407—1411.

 Sections 1401.6—1401.8 (relating to permitted sports wagering activities; prohibited and restricted sports wagering activities; and persons prohibited from engaging in sports wagering activities) address the conduct of sports wagering generally—temporary regulations, including the following:

 • Definitions and guidelines for the types of events and types of wagers that will be permitted relative to sports wagering operations in this Commonwealth.

 • Prohibited sports wagering activities by sports wagering certificate holders and sports wagering operator licensees including accepting wagers on high school athletic events and accepting wagers from athletes, coaches and officials on events in which they participate or are under the same governing body.

 • Prohibited sports wagering activity by persons, including underage individuals placing wagers on athletic events.

 Chapter 1407 (relating to sports wagering testing and controls—temporary regulations) address the standards all sports wagering systems and equipment must meet to be operational in this Commonwealth. These temporary regulations also delineate the requirements for submission of sports wagering systems and equipment for review and approval to the Office of Gaming Laboratories.

 Chapter 1408 (relating to sports wagering accounting and internal controls—temporary regulations) addresses internal controls that include required reporting, data retention and system logging rules that, along with internal operation structures and player terms and conditions, shall be submitted to and approved by the Bureau of Gaming Operations. This chapter also addresses rules governing sports wagering player accounts.

 Chapter 1409 (relating to sports wagering advertisements, promotions and tournaments—temporary regulations) addresses the standards for review, submission and approval of advertisements, promotions and tournaments offered by sports wagering certificate holders and operators in this Commonwealth.

 Chapter 1410 (relating to sports wagering compulsive and problem gambling requirements—temporary regulations) addresses requirements for sports wagering certificate holder and sports wagering operator licensee compulsive and problem gaming plans.

 Chapter 1411 (relating to sports wagering self-excluded persons—temporary regulations) addresses the requirements for sports wagering certificate holder and sports wagering operator licensee self-exclusion guidelines.

Affected Parties

 An entity that operates a sportsbook, either onsite or through the internet or a mobile application in this Commonwealth, and an entity or individual that will interact with or participate in sports wagering operations in this Commonwealth will be affected by this temporary rulemaking.

Fiscal Impact

Commonwealth

 The Board expects that this temporary rulemaking will have minimal fiscal impact on the Board and other Commonwealth agencies. Impact should be confined to the additional personnel and expenses regarding implementing these temporary regulations as well as continued oversight of expanded gaming with portions of these costs absorbed by existing Board staff.

Political Subdivisions

 This temporary rulemaking will not have direct fiscal impact on political subdivisions of this Commonwealth. Host municipalities and counties benefit from the local share funding mandated by the act of January 7, 2010 (P.L. 1, No. 1).

Private Sector

 This temporary rulemaking includes rules regarding general provisions for the conduct of sports wagering; sports wagering testing and controls; sports wagering accounting and internal controls; sports wagering advertisements, promotions and tournaments; sports wagering compulsive and problem gambling requirements; and sports wagering self-excluded persons. It is anticipatedthat this temporary rulemaking will have an impact on those individuals seeking to operate sports wagering in this Commonwealth, those individuals and entities affiliated with the operation of sports wagering in this Commonwealth as well as persons seeking to participate in sports wagering activities in this Commonwealth. The fiscal impact to these parties will be offset by revenues collected through the conduct of sports wagering activities.

General Public

 This temporary rulemaking will not have direct fiscal impact on the general public.

Paperwork Requirements

 Sports wagering certificate holders, sports wagering individuals operator licensees and individuals and entities providing services to those entities in connection with sports wagering activities in this Commonwealth will be required to generate and maintain various types of information relative to their sports wagering operations, including records on player accounts, wagers placed and problem gambling compliance efforts. Sports wagering certificate holders, sports wagering operator licensees, and individuals and entities providing services to those entities in connection with sports wagering operations will also be required to draft, maintain and submit documents related to internal controls and accounting associated with interactive gaming in this Commonwealth.

Effective Date

 This temporary rulemaking will become effective upon publication in the Pennsylvania Bulletin and expires 2 years after publication.

Public Comments

 While this temporary rulemaking will be effective upon publication, the Board is seeking comments from the public and affected parties as to how these temporary regulations might be improved.

 Interested persons are invited to submit written comments, suggestions or objections regarding this temporary rulemaking within 30 days after the date of publication in the Pennsylvania Bulletin to Laura R. Burd, Senior Counsel, Pennsylvania Gaming Control Board, P.O. Box 69060, Harrisburg, PA 17106-9060, Attention: Public Comment on Regulation # 125-220.

Contact Person

 The contact person for questions about this temporary rulemaking is Laura R. Burd, Senior Counsel, at (717) 346-8300, lburd@pa.gov.

Regulatory Review

 Under 4 Pa.C.S. § 13C03(b), the Board has the authority to promulgate temporary regulations to facilitate the prompt implementation of sports wagering in the Commonwealth. The temporary regulations adopted by the Board are not subject to sections 201—205 of the act of July 31, 1968 (P.L. 769, No. 240) (45 P.S. §§ 1201—1205) known as the Commonwealth Documents Law, the Regulatory Review Act (71 P.S. §§ 745.1—745.14) and section 204(b) of the Commonwealth Attorneys Act (71 P.S. § 732-204(b)). Under 4 Pa.C.S. § 13C03(b), these temporary regulations expire 2 years after publication in the Pennsylvania Bulletin.

Findings

 The Board finds that:

 (1) Under 4 Pa.C.S. § 13C03, the temporary regulations are exempt from the requirements of the Regulatory Review Act, sections 201—205 of the Commonwealth Documents Law and section 204(b) of the Commonwealth Attorneys Act.

 (2) The adoption of the temporary regulations is necessary and appropriate for the administration and enforcement of 4 Pa.C.S. Part II (relating to gaming).

Order

 The Board, acting under the provisions of 4 Pa.C.S. Part II order that:

 (1) The regulations of the Board, 58 Pa. Code, are amended by adding temporary §§ 1401.6—4101.8, 1407.1—1407.9, 1408.1—1408.13, 1409.1, 1410.1 and 1411.1 to read as set forth in Annex A.

 (2) The temporary regulations will be posted on the Board's web site.

 (3) The temporary regulations are subject to amendment as deemed necessary by the Board.

 (4) The Chairperson of the Board has certified this order and Annex A and shall deposit them with the Legislative Reference Bureau as required by law.

 (5) These temporary regulations are effective upon publication in the Pennsylvania Bulletin and expire on September 15, 2020.

DAVID M. BARASCH, 
Chairperson

Fiscal Note: 125-220. No fiscal impact; (8) recommends adoption.

Annex A

TITLE 58—RECREATION

PART VII. GAMING CONTROL BOARD

Subpart Q. Sports Wagering

CHAPTER 1401. GENERAL SPORTS WAGERING PROVISIONS—TEMPORARY REGULATIONS

Sec.

1401.6.Permitted sports wagering activities.
1401.7.Prohibited and restricted sports wagering activities.
1401.8.Persons prohibited from engaging in sports wagering activities.

§ 1401.6. Permitted sports wagering activities.

 (a) A sports wagering certificate holder or sports wagering operator licensee on behalf of a sports wagering certificate holder shall submit to the Board for approval the events and types of wagers it proposes offering to players prior to accepting any sports wagering bets.

 (b) The Board may permit a sports wagering certificate holder or sports wagering operator licensee on behalf of a sports wagering certificate holder to offer wagering on any of the following events:

 (1) Professional athletic events.

 (2) Collegiate athletic events.

 (3) Professional motor race events.

 (4) International team and international individual athletic events including those events governed by the International Olympic Committee and the International Federation of Association Football.

 (c) The Board may permit a sports wagering certificate holder or sports wagering operator licensee on behalf of a sports wagering certificate holder to offer the any of the following types of wagers on the events enumerated in subsection (b):

 (1) Exchange wagering—A marketplace which permits patrons to bet with or against each other through a gaming platform operated and managed by a sports wagering operator.

 (2) In-game wagers—Wagers placed on the outcome of an athletic event after the athletic event has started and can continue during the course of live play of the athletic event.

 (3) Parlay wagers—A wager on two or more outcomes in which all outcome wagers must win or cover for the patron to win or, a series of three or more teams in 2-team parlays. For the patron to win, all of the teams must cover/win.

 (4) Proposition wagering—Wagers placed on the occurrence or nonoccurrence of a specific outcome of events within a game not directly involving the game's final outcome.

 (5) Straight wagers—A wager on a single game or single event that will be determined by a point spread, money line or total score.

 (6) Other types of wagers as approved by the Board.

 (d) A sports wagering certificate holder or a sports wagering operator licensee shall make available to patrons a clear explanation of all types of wagers permitted by the Board and events on which those wagers are permitted.

 (e) A sports wagering certificate holder or sports wagering operator licensee on behalf of a sports wagering certificate holder may place a layoff wager with another sports wagering certificate holder or sports wagering operator licensee located in this Commonwealth for the purpose of offsetting patron wagers made under Subpart Q (relating to sports wagering) provided that:

 (1) The sports wagering certificate holder or sports wagering operator licensee placing the layoff wager discloses its identity to the sports wagering certificate holder or sports wagering operator licensee receiving the layoff wager and

 (2) The receiving sports wagering certificate holder or sports wagering operator licensee agrees to accept the layoff wager after receiving notification of the identity of the sports wagering certificate holder or sports wagering operator licensee placing the layoff wager.

§ 1401.7. Prohibited and restricted sports wagering activities.

 (a) The following sports wagering activity is prohibited:

 (1) Wagering on high school athletic events governed by the Pennsylvania Interscholastic Athletic Association or a similar governing body.

 (2) Wagering on amateur athletic events, other than collegiate athletic events, unless otherwise specifically approved by the Board.

 (3) Any other sports wagering activity as prohibited by the Board.

 (b) A sports wagering certificate holder or sports wagering operator licensee is prohibited from:

 (1) Knowingly accepting wagers from athletes on athletic events of the type in which the athlete participates as well as athletic events governed by the same governing body under which the athlete competes.

 (2) Knowingly accepting wagers from a person who holds a position of authority or influence sufficient to exert influence over the participants in an athletic event, or a person professionally connected to an athletic event or governing body including referees, officials, coaches, managers, handlers, athletic trainers or a person with access to certain types of exclusive information on any athletic event overseen by the governing body.

 (3) Knowingly accepting wagers from a person the certificate holder or licensee has reason to believe or suspect is placing the wager on behalf of or for the benefit of another individual that is prohibited from participating in sports wagering under these regulations or other applicable State or Federal law.

 (4) Encouraging or instructing a patron to attempt to or to structure wagers in any manner that is an attempt to evade or circumvent these regulations or other applicable State or Federal law.

 (5) Knowingly accept or hold cash or cash equivalents with the understanding that the moneys will be used to place a wager upon the occurrence of a specified future contingency unless a sports wagering ticket/voucher detailing the wager is immediately issued upon the sports wagering certificate holder's and sports wagering operator licensee's acceptance of the moneys.

 (6) Knowingly accept any wagers other than those permitted by the Board and shall only accept wagers on events and odds posted by the sports wagering certificate holder or sports wagering operator licensee.

 (c) An athlete or person who holds a position of authority or influence sufficient to exert influence over the participants in an athletic event, or a person professionally connected to an athletic event or governing body including coaches, managers, handlers, athletic trainers, team physicians or other physicians providing medical consultation or treatment of an athletic participant or a person with access to certain types of exclusive information on any athletic event overseen by the governing body is prohibited from having any ownership interest in or control of a sports wagering certificate holder or a sports wagering operator.

 (d) Sports wagering certificate holders and sports wagering operators are prohibited from having any ownership interest in or control of an athletic team, organization or governing body of an athletic team or organization upon which the sports wagering certificate holder or sports wagering operator accepts wagers.

§ 1401.8. Persons prohibited from engaging in sports wagering activities.

 (a) No person under 21 years of age of may engage in sports wagering with a sports wagering certificate holder or sports wagering operator licensee.

 (b) No collegiate or professional athlete, referee, official, coach, manager, handler or athletic trainer or employee or contractor of a team or athletic organization who has access to nonpublic information concerning an athlete or team may engage in sports wagering on an athletic event or the performance of an individual in the athletic event in which the person is participating or otherwise has access to nonpublic or exclusive information.

 (c) No collegiate or professional athlete, referee, official, coach, manager, handler, athletic trainer or employee of a team or athletic organization who has access to nonpublic information concerning an athlete or team may engage in sports wagering on an athletic event or the performance of an individual in athletic events in the sport or league in which the person is involved.

 (d) No person identified in subsections (a)—(c) may collect any winnings or recoup any losses from a sports wagering certificate holder or sports wagering operator licensee as a result of engaging in sports wagering in violation of this section.

 (e) Winnings of a person prohibited from engaging in sports wagering under this section shall be forfeited to the Board.

 (f) An athletic team or the governing body or league of an athletic team may provide to the Board a list of all persons within the teams' organization as well as all league officials or referees prohibited from engaging in sports wagering under this section, along with the specific type of athletic events from which the person is prohibited from participating in sports wagering activities. The Board shall provide that list of persons identified by the athletic team or governing body or league to sports wagering certificate holders and sports wagering operator licensees to facilitate these prohibitions on sports wagering activities.

CHAPTER 1407. SPORTS WAGERING TESTING AND CONTROLS—TEMPORARY REGULATIONS

Sec.

1407.1.Scope.
1407.2.Definitions.
1407.3.Testing and approval generally.
1407.4.Wagering device requirements generally.
1407.5.Self-service kiosks and point of sale system requirements.
1407.6.Ticket/Voucher requirements.
1407.7.Ticket/Voucher redemption requirements.
1407.8.Sports wagering interactive system requirements.
1407.9.Sports wagering system general requirements.

§ 1407.1. Scope.

 To ensure the integrity and security of sports wagering operations in this Commonwealth, the requirements of this chapter apply to all sports wagering certificate holders and sports wagering operator licensees seeking to offer sports wagering to patrons in this Commonwealth. The requirements in this chapter supplement, where not in conflict with and where applicable, existing Board regulations Subpart E (relating to slot machine, table game and associated equipment testing and control; accounting and internal controls) and Subpart L (relating to interactive gaming) applicable to slot machine licensees, interactive gaming certificate holders and interactive gaming operators unless the context clearly indicates otherwise.

§ 1407.2. Definitions.

 The following words and terms, when used in this chapter, have the following meanings, unless the context clearly indicates otherwise:

Authentication process—A method used by a system to verify the validity of software. The method requires calculation of an output digest, which is compared to a secure embedded value. The minimum output digest shall be of 128-bit complexity. Software shall be deemed to have been authenticated if the calculated digest equals the secure embedded value.

Communication technology—The methods used and the components employed to facilitate the transmission of information including transmission and reception systems based on wire, cable, radio, microwave, light, optics or computer data networks.

Onsite sportsbook—Sports wagering activities conducted by means of self-service kiosks or point of sale system in the sports wagering areas of a sports wagering certificate holder's approved locations.

Point of sale system—All the hardware, software and communications that comprises a stand-alone or integrated system capable of accepting sports wagers by means of terminals attended to by a cashier and is located at sports wagering certificate holder's approved locations.

Self-service kiosks—Unattended self-service booths or self-standing structure with computers, including touch-screen computers, at which a patron can place sports wagers and that dispenses sports wagering tickets/vouchers.

Sports wagering account—Electronic account that may be established by a patron at a casino property for the purpose of sports wagering or by means of a sports wagering certificate holder's or sports wagering operator's interactive sports wagering skin or interactive sports wagering web site for the purpose of wagering under these regulations, including deposits, withdrawals, wagered amounts and payouts on winning wagers.

Sports wagering communication—The transmission of a wager between a point of origin and a point of reception by aid of a communications technology.

Sports wagering device and associated equipment—A self-service kiosk, point of sale system or other device, including associated equipment, used to accept sports wagering as permitted for use in this Commonwealth by the Board.

Sports wagering interactive system—All hardware, software and communications that comprise a type of server-based sports wagering system for the purpose of offering authorized sports wagering, mobile sports wagering or interactive sports wagering in this Commonwealth when authorized by the Board.

Sports wagering operations—The business of accepting wagers on sports events or on the individual performance of athletes in a sporting event or combination of sporting events by any system or method of wagering, including over the internet, mobile applications and onsite sports wagering systems.

Sports wagering platform—The combination of hardware and software or other technology designed and used to manage, conduct and record mobile sports wagering or interactive sports wagering activity, as approved by the Board. The term shall include any emerging or new technology deployed to advance the conduct and operation of sports wagering, mobile sports wagering or interactive sports wagering activity, as approved through regulation by the Board.

Sports wagering system—All sports wagering devices, equipment, communication technology, software and hardware approved by the Board to conduct sports wagering in this Commonwealth.

Ticket/Voucher redemption device—Unattended self-service booths or self-standing structures with computers, including touch-screen computers, at which a patron can redeem sports wagering tickets/vouchers and that dispenses winnings in the form of cash or cash equivalent.

§ 1407.3. Testing and approval generally.

 (a) Prior to operating an onsite sportsbook or an online or mobile sportsbook (that is, an interactive sportsbook), all sports wagering devices and software used in conjunction with these operations must be submitted to the Board's Office of Gaming Laboratory Operations for review and testing and approved by the Board.

 (b) For purposes of this section, sports wagering devices and software that shall be submitted for testing and approval include:

 (1) Self-service kiosks.

 (2) Point of sale systems.

 (3) Ticket/Voucher redemption devices.

 (4) Sports wagering interactive system components, including all hardware, software and associated equipment that comprise a type of server-based sports wagering system for the purpose of offering authorized sports wagering, mobile sports wagering or interactive sports wagering.

 (5) Other related devices or systems as required by the Board.

 (c) The Board shall require the payment of all costs for the testing and approval of sports wagering devices and software used in conjunction with the operation of an onsite sportsbook or an online or mobile sportsbook prior to final approval of the devices and software.

 (d) Submissions to the Office of Gaming Laboratory Operations of sports wagering devices and software used in conjunction with the operation of an onsite sportsbook or an online or mobile sportsbook should adhere to the requirements in § 461a.4 (relating to submission for testing and approval) where applicable.

§ 1407.4. Wagering device requirements generally.

 (a) Wagering device programs shall contain sufficient information to identify the software and revision level of the information stored on the wagering device.

 (b) Wagering devices shall have the ability to authenticate that all critical components being utilized are valid upon installation of the software, each time the software is loaded for use and on demand as required by the Board. Critical components may include wagering information, elements that control the communications with the sports wagering system or other components that are needed to ensure proper operation of the wagering device. In the event of a failed authentication (that is, program mismatch or authentication failure), the wagering device shall cease all wagering operations and display an appropriate error message. The sports wagering system shall have the ability to disable the wagering device upon any unsuccessful verification.

 (c) Wagering devices shall be capable of recording all of the following information for each wager made:

 (1) Description of event.

 (2) Event number.

 (3) Wager selection.

 (4) Type of wager.

 (5) Amount of wager.

 (6) Date and time of wager.

 (7) Unique wager identifier.

 (8) An indication of when the ticket expires.

§ 1407.5. Self-service kiosks and point of sale system requirements.

 (a) Self-service kiosks and point sale devices shall have an identification badge affixed to the exterior of the device by the manufacturer. The identification badge shall not be removable without leaving evidence of tampering. This badge shall include all of the following minimum information:

 (1) The complete name of the manufacturer or some appropriate abbreviation for same.

 (2) A unique serial number.

 (3) The self-service kiosk or point of sale device model number.

 (4) The date of manufacture.

 (b) Self-service kiosks and point of sale devices shall meet all of the following basic hardware requirements:

 (1) Identification for any printed circuit board (PCB) that impacts the integrity of the self-service kiosk or point of sale device shall include all of the following:

 (i) Each PCB shall be clearly identifiable by an alphanumeric identification and, when applicable, a revision number.

 (ii) If track cuts, patch wires, or other circuit alterations are introduced to the PCB, then a new revision number shall be assigned.

 (2) If the self-service kiosk or point of sale device contains switches or jumpers, or both, they shall be fully documented for evaluation by the Board's Office of Gaming Laboratory.

 (3) The self-service kiosk or point of sale device shall be designed so that power and data cables into and out of the self-service kiosk or point of sale device can be routed so that they are not accessible to the general public.

 (4) Wired communication ports shall be clearly labeled and must be securely housed within the self-service kiosk or point of sale device to prevent unauthorized access to the ports or their associated cable connectors.

 (b) Self-service kiosks and point of sale devices shall meet all of the following basic power requirements:

 (1) The self-service kiosk and point of sale device shall not be adversely affected, other than resets, by surges or dips of ± 20% of the supply voltage. It is acceptable for the self-service kiosk or point of sale device to reset provided no damage to the equipment or loss or corruption of data is experienced.

 (2) The power supply used in a self-service kiosk or point of sale device must be appropriately fused or protected by circuit breakers. The amperage rating of all fuses and circuit breakers must be clearly stated on or near the fuse or the breaker.

 (3) An on/off switch that controls the electrical current supplied to the self-service kiosk or point of sale device shall be located in a place which is readily accessible within the interior of the self-service kiosk or point of sale device. The on/off positions of the switch shall be clearly labeled.

 (c) Self-service kiosks and point of sale device shall meet all of the following basic security requirements:

 (1) A self-service kiosk or point of sale device shall be robust enough to resist forced entry into any secured doors, areas or compartments. In the event that extreme force is applied to the cabinet materials causing a potential breach in self-service kiosk or point of sale device security, evidence of tampering must be conspicuous. ''Secured areas'' or ''secured compartments'' shall include the external doors such as the main door, cash compartment doors such as a drop box door, peripheral device access areas, or other sensitive access areas of the self-service kiosk or point of sale device.

 (2) The following requirements apply to the self-service kiosk's or point of sale device's external doors:

 (i) External doors shall be manufactured of materials that are suitable for allowing only legitimate access to the inside of the self-service kiosk cabinet or point of sale device. Doors and their associated hinges shall be capable of withstanding determined and unauthorized efforts to gain access to the interior of the self-service kiosk or point of sale device and shall leave conspicuous evidence of tampering if an attempt is made.

 (ii) The seal between the self-service kiosk cabinet or point of sale device and the door of a locked area shall be designed to resist the entry of objects. It shall not be possible to insert an object into the self-service kiosk or point of sale device that disables a door open sensor when the self-service kiosk's or point of sale device's door is fully closed, without leaving conspicuous evidence of tampering.

 (iii) External doors shall be secure and support the installation of locks.

 (iv) Doors that provide access to secure areas of the self-service kiosk or point of sale device shall be monitored by a door access detection system.

 (A) The detection system shall register a door as being open when the door is moved from its fully closed and locked position, provided power is supplied to the self-service kiosk or point of sale device.

 (B) When any door that provides access to a secured area or secured compartment registers as open, the self-service kiosk or point of sale device shall cease wagering operations, and display an appropriate error message.

 (d) Self-service kiosks and point of sale devices shall meet all of the following basic critical nonvolatile memory requirements:

 (1) Critical nonvolatile memory shall be used to store all data elements that are considered vital to the continued operation of the self-service kiosk or point of sale device, including self-service kiosk configuration and point of sale device data and state of operations.

 (2) Critical nonvolatile memory shall not store sensitive information outside of self-service kiosk and point of sale device operations; however, critical nonvolatile memory may be maintained by any component of the sports wagering system.

 (3) The self-service kiosk or point of sale device must have a backup or archive capability, which allows the recovery of critical nonvolatile memory should a failure occur.

 (4) Critical nonvolatile memory storage shall be maintained by a methodology that enables errors to be identified. This methodology may involve signatures, check sums, redundant copies, database error checks or other methods approved by the Board.

 (5) Comprehensive checks of critical nonvolatile memory data elements shall be made on startup. Nonvolatile memory that is not critical to self-service kiosk or point of sale device integrity is not required to be checked.

 (6) An unrecoverable corruption of critical nonvolatile memory shall result in an error. Upon detection, the self-service kiosk and point of sale device software shall cease to function. Additionally, the critical nonvolatile memory error shall cause any communication external to the self-service kiosk to cease.

 (e) Self-service kiosk and point of sale device software, after a program interruption, shall recover to the state it was in immediately prior to the interruption occurring. Any communications to an external device shall not begin until the program resumption routine, including any self-test, is completed successfully.

§ 1407.6. Ticket/Voucher requirements.

 (a) Tickets/vouchers generated by a self-service kiosk or by a point of sale system shall include all of the following general information:

 (1) Name and address of the party issuing the ticket/voucher.

 (2) A barcode or similar symbol or marking, as approved by the Board, corresponding to a unique wager identifier.

 (3) Method of redeeming a winning ticket/voucher by means of mail.

 (4) Identification of the self-service kiosk or cashier at the point of sale device that generated the ticket/voucher.

 (b) Tickets/vouchers generated by a self-service kiosk or by a point of sale system shall include all of the following specific information:

 (1) Amount of ticket/voucher.

 (2) Date, time and location of issuance.

 (3) Unique voucher identifier.

 (4) Expiration date of the ticket/voucher.

 (5) Date, time and location of redemption, if applicable.

 (c) Tickets/vouchers generated by a self-service kiosk or by a point of sale system shall be capable of processing lost, destroyed or expired wagering tickets/vouchers.

 (d) Tickets/vouchers generated by a self-service kiosk or by a point of sale system shall be capable of clearly indicating that a ticket/voucher is voided or cancelled and rendered nonredeemable.

§ 1407.7. Ticket/Voucher redemption requirements.

 (a) Winning sports wagering tickets/vouchers shall be redeemed by a point of sale cashier or a self-service kiosk after verifying the validity of the wagering ticket through the sports wagering system. The point of sale cashier or a self-service kiosk shall cause the sports wagering system to electronically redeem and cancel the wagering ticket upon redemption.

 (b) A patron may redeem by mail a winning sports wagering ticket/voucher to the address provided thereon in accordance with the sports wagering operator's internal controls.

 (c) Self-service kiosks shall be capable of recognizing payment limitations or payment errors such as bill out jams and insufficient funds. When a payment limitation or error occurs, the self-service kiosk shall be designed to electronically record the payout limitation or error and perform all of the following:

 (1) Reject the transaction.

 (2) Issue an error receipt.

 (3) Issue a replacement sports wagering ticket/voucher.

 (d) When an error receipt is issued from a self-service kiosk, the self-service kiosk or receipt shall advise the patron or employee to see a point of sale cashier for payment. Error receipts shall be designed to include all of the following, at a minimum:

 (1) The time and date.

 (2) Identification of the issuing self-service kiosks.

 (3) Specifies the amount of money that the self-service kiosks failed to dispense.

 (e) When used to redeem sports wagering tickets/vouchers, self-service kiosks shall work in conjunction with an approved sports wagering system and shall be designed to:

 (1) Accurately obtain the unique identification number of the item presented for redemption and cause the information to be accurately and securely relayed to the sports wagering system for the purpose of redemption.

 (2) Issue currency or a sports wagering voucher, or both, in exchange for the item presented only if the sports wagering system has authorized and recorded the transaction.

 (3) Return a sports wagering ticket/voucher to the patron when it cannot be validated by the sports wagering system or is otherwise unredeemable.

 (f) When used to redeem sports wagering tickets/vouchers, the self-service kiosk or kiosk computer system shall be capable of generating a ''Sports Pool Ticket/Voucher Redemption Machine Report'' for each gaming day. The report shall include the ticket/voucher's unique identifier, the date and time of redemption and the value of the ticket/voucher.

§ 1407.8. Sports wagering interactive system requirements.

 (a) Sports wagering platforms must adhere to the requirements in Chapter 809 (relating to interactive gaming platform requirements—temporary regulations) of these regulations.

 (b) Sports wagering interactive systems must adhere, where applicable, to the requirements in Chapter 810 (relating to interactive gaming testing and controls—temporary regulations) of these regulations.

§ 1407.9. Sports wagering system general requirements.

 (a) A sports wagering system shall, at least once every 24 hours, perform a self-authentication process on all software used to offer, record and process wagers to ensure there have been no unauthorized modifications. In the event of an authentication failure, at a minimum, the sports wagering system shall immediately notify the certificate holder's or operator's sports wagering manager and the Board within 24 hours. The results of all self-authentication attempts shall be recorded by the system and maintained for a period of not less than 90 days.

 (b) The sports wagering operator operating the sports wagering system shall provide access to wagering transaction and related data as deemed necessary by the Board in a manner approved by the Board.

 (c) A sports wagering system shall be capable of preventing any sports wager in excess of $10,000 or making a payout in excess of $10,000 until authorized by the sports wagering manager.

CHAPTER 1408. SPORTS WAGERING ACCOUNTING AND INTERNAL CONTROLS—TEMPORARY REGULATIONS

Sec.

1408.1.Scope.
1408.2.Definitions.
1408.3.Internal controls.
1408.4.Terms and conditions.
1408.5.Information to be displayed/provided.
1408.6.Segregation of bank accounts.
1408.7.Sports wagering certificate holder's or sports wagering operator licensee's organization.
1408.8.Risk management.
1408.9.Integrity monitoring.
1408.10.Mandatory logging.
1408.11.Records/data retention requirements.
1408.12.Required reports.
1408.13.Player accounts.

§ 1408.1. Scope.

 To ensure the integrity and security of sports wagering operations in this Commonwealth, the requirements of this chapter apply to all sports wagering certificate holders and sports wagering operator licensees seeking to offer sports wagering to patrons in this Commonwealth. The requirements in this chapter supplement, where not in conflict with and where applicable, existing Board regulations in Subpart E (relating to slot machine, table game and associated equipment testing and control; accounting and internal controls), Chapter 465a (relating to accounting and internal controls) and Subpart L (relating to interactive gaming) applicable to slot machine licensees, interactive gaming certificate holders and interactive gaming operators unless the context clearly indicates otherwise.

§ 1408.2. Definitions.

 The following words and terms, when used in this Chapter, have the following meanings, unless the context clearly indicates otherwise:

Integrity monitoring—Monitoring of sports wagering to identify unusual betting or suspicious sports wagering activities from a match-fixing and sporting corruption standpoint to then report the activities to required parties.

Onsite sportsbook—Sports wagering activities conducted by means of self-service kiosks or point of sale system in the sports wagering area of a sports wagering certificate holder's approved location.

Personal identifiable information—Any data or information that can be used, on its own or with other data or information, to identify, contact or otherwise locate a player or registered player, including a player's or registered player's name, address, date of birth and social security number.

Risk management—Processes and tools that sports wagering certificate holders or sports wagering operators use to manage the risk and liabilities associated with sports wagering.

Sports wagering device and associated equipment—Self-service kiosk, point of sale system or other device, including associated equipment, used to accept sports wagering as permitted for use in this Commonwealth by the Board.

Sports wagering operations—The business of accepting wagers on sports events or on the individual performance of athletics in a sporting event or combination of sporting events by any system or method of wagering, including over the internet, mobile applications and onsite sports wagering systems.

Sports wagering system—Sports wagering devices, equipment, communication technology, software and hardware approved by the Board to conduct sports wagering in this Commonwealth.

§ 1408.3. Internal controls.

 (a) At least 90 days prior to commencing sports wagering under this part, a sports wagering certificate holder or sports wagering operator licensee shall submit to the Board for approval internal controls for all aspects of sports wagering (that is, onsite sportsbook operations, interactive sportsbook operations and nonprimary location sportsbook operations) prior to implementation and any time a change is made thereafter. The internal controls shall include detailed procedures for system security, operations, accounting, reporting of compulsive and problem gamblers and other information as required by the Board.

 (b) Notwithstanding subsection (a), the procedures and controls may be implemented by a sports wagering certificate holder or sports wagering operator licensee upon the filing of the procedures and controls with the Board and written approval to commence operations by the Executive Director. Each procedure or control submission shall contain both narrative and diagrammatic representations of the system to be utilized and shall include the following:

 (1) Provide for reliable accounting controls, including the standardization of forms and definition of terms to be utilized in the sports wagering operations.

 (2) Procedures, forms and, where appropriate, formulas to govern any of the following:

 (i) Calculation of hold percentages.

 (ii) Revenue drops.

 (iii) Expense and overhead schedules.

 (iv) Complimentary services.

 (v) Cash-equivalent transactions.

 (3) Job descriptions and the system of personnel and chain of command, establishing a diversity of responsibility among employees engaged in sports wagering operations, including employees of a sports wagering operator and identifying primary and secondary management and supervisory positions for areas of responsibility.

 (4) Procedures for the registration of players and establishment of sports wagering accounts, including a procedure for authenticating the age, identity and physical address of an applicant for a sports wagering account and whether the applicant is a person prohibited from establishing or maintaining an account under applicable laws or regulations.

 (5) Procedures for terminating a registered player's sports wagering account and the return of any funds remaining in the sports wagering account to the registered player.

 (6) Procedures for suspending or terminating a dormant sports wagering account and the return of any funds remaining in the dormant sports wagering account to the registered player.

 (7) Procedures for the logging in and authentication of a registered player to enable the player to commence sports wagering and the logging off of the registered player when the registered player has completed play, including a procedure to automatically log a registered player out of the registered player's sports wagering account after a specified period of inactivity.

 (8) Procedures for the crediting and debiting of a registered player's sports wagering account.

 (9) Procedures for cashing checks, receiving electronic negotiable instruments and for redeeming cash equivalents.

 (10) Procedures for withdrawing funds from a sports wagering account by the registered player.

 (11) Procedures for the protection of a registered player's funds, including the segregation of a registered player's funds from operating funds of the sports wagering certificate holder or sports wagering operator.

 (12) Procedures for recording transactions pertaining to sports wagering.

 (13) Procedures for the security and sharing of personal identifiable information of a registered player, funds in a sports wagering account and other information as required by the Board. The procedures shall include the means by which a sports wagering certificate holder or sports wagering operator licensee will provide notice to a registered player related to the sharing of personal identifiable information.

 (14) Procedures and security for the calculation and recordation of revenue.

 (15) Procedures for the security of sports wagering devices and associated equipment.

 (16) Procedures and security standards as to receipt, handling and storage of sports wagering devices and associated equipment.

 (17) Procedures and security standards to protect and respond to suspected or actual hacking or tampering by any person with the sports wagering certificate holder's or sports wagering operator licensee's interactive sports wagering web site and sports wagering devices and associated equipment.

 (18) Procedures to verify each registered player's physical location each time a registered player logs into his or her sports wagering account and at appropriate intervals thereafter as determined by the Board.

 (19) Procedures and appropriate measures implemented to deter, detect and, to the extent possible, to prevent cheating, including collusion and use of cheating devices, including the use of software programs that make wagers according to algorithms.

 (20) Procedures to govern emergencies, including suspected or actual cyber-attacks, hacking or tampering with the sports wagering certificate holder's interactive sports wagering skin, interactive sports wagering platform, interactive sports wagering web site and sports wagering devices and associated equipment. The procedures shall include the process for the reconciliation or repayment of a registered player's sports wagering account.

 (c) The submission required under subsections (a) and (b) shall include a detailed description of the sports wagering certificate holder's or sports wagering operator licensee's administrative and accounting procedures related to sports wagering, including its written system of internal controls. Each written system of internal controls shall include:

 (1) An organizational chart depicting appropriate functions and responsibilities of employees involved in sports wagering.

 (2) A description of the duties and responsibilities of each position shown on the organizational chart.

 (3) The record retention policy of the sports wagering certificate holder or sports wagering operator licensee.

 (4) The procedure to be utilized to ensure that money generated from the conduct of sports wagering is safeguarded and accounted for.

 (5) Procedures to ensure that recorded accountability for assets is compared with actual assets at intervals required by the Board and appropriate action is taken with respect to discrepancies.

 (6) Procedures to be utilized by an employee of a sports wagering certificate holder or sports wagering operator licensee in the event of a malfunction of sports wagering certificate holder's interactive sports wagering skin, interactive sports wagering platform, interactive sports wagering web site and sports wagering devices and associated equipment used in the conduct of sports wagering.

 (7) Procedures to be utilized by the sports wagering certificate holder or sports wagering operator licensee to prevent persons under 21 years of age, self-excluded or involuntary excluded individuals and players outside this Commonwealth from engaging in sports wagering.

 (8) Other items the Board may request in writing to be included in the internal controls.

 (d) Prior to authorizing a sports wagering certificate holder or sports wagering operator licensee to commence the conduct of sports wagering, the Board shall review and approve the system of internal controls, security protocols and audit protocols submitted under this chapter to determine whether they conform to the requirements of this chapter and whether they provide adequate and effective controls for the conduct of sports wagering.

 (e) If a sports wagering certificate holder or sports wagering operator licensee intends to make a change or amendment to its system of internal controls, it shall submit the change or amendment electronically to the Bureau of Gaming Operations, in a manner prescribed by the Bureau of Gaming Operations. The sports wagering certificate holder or sports wagering operator licensee may implement the change or amendment on the 30th calendar day following the filing of a complete submission unless the sports wagering certificate holder or sports wagering operator licensee receives written notice tolling the change or amendment in accordance with this chapter or written notice from the Board's Executive Director rejecting the change or amendment.

 (f) If during the 30-day review period in this chapter, the Bureau of Gaming Operations preliminarily determines that a procedure in a submission contains an insufficiency likely to negatively affect the integrity of sports wagering or the control of revenue generated from sports wagering, the Bureau of Gaming Operations, by written notice to the sports wagering certificate holder or sports wagering operator licensee, will:

 (1) Specify the nature of the insufficiency and, when possible, an acceptable alternative procedure.

 (2) Direct that the 30-calendar day review period in this chapter to be tolled and that any internal controls at issue not be implemented until approved under this chapter.

 (g) Examples of submissions that may contain an insufficiency likely to negatively affect the integrity of sports wagering may include any of the following:

 (1) Submissions that fail to provide information sufficient to permit the review of sports wagering activities by the Board, the Bureau, the Department or law enforcement.

 (2) Submissions that fail to provide for the segregation of incompatible functions so that no employee is in a position to both commit an error or perpetrate a fraud and to conceal the error or fraud in the normal course of the employee's duties.

 (3) Submissions that do not include forms or other materials referenced in the submission or required under the act or this part.

 (4) Submissions that would implement operations or accounting procedures not authorized by the act or this part.

 (h) Whenever a change or amendment has been tolled under this chapter, the sports wagering certificate holder or sports wagering operator licensee may submit a revised change or amendment within 30 days of receipt of the written notice from the Bureau of Gaming Operations. The sports wagering certificate holder or sports wagering operator licensee may implement the revised change or amendment upon receipt of written notice of approval from the Board's Executive Director or on the 30th calendar day following the filing of the revision unless the sports wagering certificate holder or sports wagering operator licensee receives written notice tolling the change or amendment in accordance with this chapter or written notice from the Board's Executive Director rejecting the change or amendment.

 (i) A sports wagering certificate holder or sports wagering operator licensee shall submit to the Board a catalog of the type of events that it intends to accept wagers on as well as the type of wagers it intends to accept. A sports wagering certificate holder or sports wagering operator licensee shall notify the Board of any changes to the catalogue at least 72 hours in advance of implementation of these changes. A sports wagering certificate holder or sports wagering operator licensee must maintain a catalogue of all prior and current events and the types of wagers it offered on the events.

§ 1408.4. Terms and conditions.

 Nothing in this section shall be interpreted to prohibit onsite sportsbook from accepting anonymous sports wagers at self-service kiosks or point of sale terminals.

 (a) A sports wagering certificate holder or sports wagering operator licensee shall develop terms and conditions for sports wagering which shall be included in the internal controls. The terms and conditions and any changes thereto must be acknowledged by the player and the acknowledgment must be date and time-stamped by the sports wagering system.

 (b) The terms and conditions must address all aspects of the sports wagering operation, including all of the following:

 (1) Name of the party or parties with whom the player is entering into a contractual relationship, including any sports wagering certificate holder or sports wagering operator licensee.

 (2) Player's consent to have the sports wagering certificate holder or sports wagering operator licensee confirm the player's age, identity and, for purposes of interactive sports wagering, location.

 (3) Rules and obligations applicable to the player other than rules of sports wagering including all of the following:

 (i) Prohibition from allowing any other person to access or use his or her sports wagering account.

 (ii) Prohibition from engaging in sports wagering activity, unless the player is physically located in this Commonwealth.

 (iii) Consent to the monitoring and recording by the sports wagering certificate holder, the sports wagering operator licensee or the Board, or both, of any wagering communications and geographic location information.

 (iv) Consent to the jurisdiction of this Commonwealth to resolve any disputes arising out of sports wagering.

 (v) Prohibition against utilizing automated computerized software or other equivalent mechanism to engage in sports wagering.

 (4) Full explanation of fees and charges imposed upon a player related to sports wagering transactions.

 (5) Availability of account statements detailing player account activity.

 (6) Privacy policies, including information access and use of customer data.

 (7) Legal age policy, including a statement that it is a criminal offense to allow a person who is under 21 years of age to participate in sports wagering and a player who does so shall be prohibited from participating in sports wagering.

 (8) Notification that if the player's sports wagering account remains dormant for a period of 1 year any funds remaining on deposit and any pending wagers may be forfeited under applicable State and Federal laws.

 (9) Player's right to set responsible gaming limits and self-exclude.

 (10) Player's right to suspend his or her sports wagering account for a period of no less than 72 hours.

 (11) Actions that will be taken in the event a player becomes disconnected from the sports wagering system during active betting.

 (12) Notice that a malfunction voids all transactions.

 (13) Estimated time-period for withdrawal of funds from the sports wagering account.

 (14) Detailed information regarding compulsive and problem gaming and self-exclusion to be displayed on a player protection page.

 (15) Method for changing or retrieving a password or other approved access security feature and the ability to choose ''strong authentication'' log in protection.

 (16) Method for filing a complaint with the sports wagering certificate holder or sports wagering operator licensee and method for filing with the Board an unresolved complaint after all reasonable means to resolve the complaint with the sports wagering certificate holder or sports wagering operator licensee have been exhausted.

 (17) Method for obtaining a copy of the terms and conditions agreed to when establishing a sports wagering account.

 (18) Method for the player to obtain account and wagering history from the sports wagering certificate holder or sports wagering operator licensee.

 (19) Notification of Federal prohibitions and restrictions regarding sports wagering activity, specifically, any limitations upon sports wagering activity as set forth in The Wire Act (18 U.S.C.A. §§ 1081 et seq.) and the Unlawful Internet Gaming Enforcement Act (31 U.S.C.A. §§ 5361—5367). The notice shall explicitly state that it is a Federal offense for persons physically located outside of this Commonwealth to engage in sports wagering activity through a sports wagering certificate holder or sports wagering operator licensee, unless explicitly authorized by State or Federal law.

 (20) Any other information as required by the Board.

§ 1408.5. Information to be displayed/provided.

 A sports wagering certificate holder or sports wagering operator licensee shall provide for the prominent display of the following information at the certificate holder's onsite sportsbook and on a page which, by virtue of the construction of the web site, registered players must access before beginning a sports wagering session:

 (a) The full name of the sports wagering certificate holder and, as applicable, the sports wagering operator licensee and address from which it carries on business.

 (b) A logo, to be provided by the Board for display on the certificate holder's or licensee's online sportsbook, indicating that the sports wagering certificate holder, and as applicable, the sports wagering operator licensee on behalf of the sports wagering certificate holder, is authorized to operate sports wagering in this Commonwealth.

 (c) The license number of the sports wagering certificate holder or sports wagering operator licensee.

 (d) A statement that persons under 21 years of age are not permitted to engage in sports wagering.

 (e) Readily available information at the certificate holder's onsite sportsbook or active links on the sports wagering certificate holder's or sports wagering operator licensee's sports wagering web site that contains all of the following:

 (1) Information explaining how disputes are resolved.

 (2) Problem gaming information that is designed to offer information pertaining to responsible gaming.

 (3) Board's contact information.

 (4) Information that allows for a patron to choose to be excluded from engaging in sports wagering.

 (5) Comprehensive house rules governing wagering transactions with patrons. The house rules must be immediately available to patrons at a licensed facility's onsite, online and mobile application sportsbooks. The rules must include all of the following:

 (i) The types of wagers accepted.

 (ii) How winning wagers will be paid.

 (iii) The effect of schedule changes.

 (iv) The redemption period for winning tickets.

 (v) The method of noticing odds or line changes to patrons.

§ 1408.6. Segregation of bank accounts.

 (a) A sports wagering certificate holder or sports wagering operator licensee shall maintain a Commonwealth bank account for player's funds separate from all other operating accounts to ensure the security of funds held in the player's sports wagering accounts.

 (b) The balance maintained in this account shall be greater than or equal to the sum of the daily ending cashable balance of all player sports wagering accounts and unpaid wagers.

 (c) A sports wagering certificate holder or sports wagering operator licensee shall have unfettered access to all player sports wagering account and transaction data to ensure the amount of funds held in its independent account is sufficient. A sports wagering certificate holder's or sports wagering operator licensee's Chief Financial Officer shall file a monthly attestation with the Board, unless otherwise directed by the Board, that the funds have been safeguarded under this section.

§ 1408.7. Sports wagering certificate holder's or sports wagering operator licensee's organization.

 (a) A sports wagering certificate holder's or sports wagering operator licensee's systems of internal controls must include organization charts depicting segregation of functions and responsibilities and descriptions of the duties and responsibilities for each position shown on each organization chart. Sports wagering certificate holder or sports wagering operator licensee shall be permitted, except as otherwise provided in this section, to tailor organizational structures to meet the needs or policies of a particular management philosophy. A sports wagering certificate holder's or sports wagering operator licensee's organization charts must provide for:

 (1) A system of personnel and chain of command which permits management and supervisory personnel to be held accountable for actions or omissions within their areas of responsibility.

 (2) The segregation of incompatible functions, duties and responsibilities so that no employee is in a position to both commit an error or perpetrate a fraud and to conceal the error or fraud in the normal course of the employee's duties.

 (3) The performance of all functions, duties and responsibilities in accordance with sound financial practices by qualified personnel.

 (4) The areas of responsibility which are not so extensive as to be impractical for an individual to monitor.

 (b) In addition to other positions required as part of a sports wagering certificate holder's or sports wagering operator licensee's internal controls, a sports wagering certificate holder or sports wagering operator licensee must maintain an information technology department supervised by an individual and licensed as a key employee who functions, for regulatory purposes, as the information technology director. In addition, sports wagering certificate holder's or sports wagering operator licensee's must employ an information technology security officer and, if the certificate holder or licensee offers sports wagering online or through a mobile application, an interactive gaming manager, both of whom shall be licensed as a key employee.

 (c) The information technology director shall be responsible for the items listed in § 465a.11 (relating to slot machine licensee's organization; jobs compendium) as well as the integrity of all data, the quality, reliability, and accuracy of all computer systems and software used by the sports wagering certificate holder or sports wagering operator licensee in the conduct of sports wagering activities, whether the data and software are located within or outside the certificate holder's or licensee's facility, including, without limitation, specification of appropriate computer software, hardware, and procedures for security, physical integrity, audit and maintenance of:

 (1) Access codes and other computer security controls used to insure appropriately limited access to computer software and data.

 (2) Monitoring logs of user access, security incidents and unusual transactions.

 (3) Logs used to document and maintain the details of any hardware and software modifications.

 (4) Computer tapes, disks, or other electronic storage media containing data relevant to sports wagering operations.

 (5) Computer hardware, communications equipment and software used in the conduct of sports wagering.

 (d) The information technology security officer shall report to the information technology director and be responsible for:

 (1) Maintaining access codes and other computer security controls used to insure appropriately limited access to computer software and data.

 (2) Reviewing logs of user access, security incidents and unusual transactions.

 (3) Coordinating the development of the sports wagering certificate holder's or sports wagering operator licensee's information security policies, standards and procedures.

 (4) Coordinating the development of an education and training program on information security and privacy matters for employees and other authorized users.

 (5) Ensuring compliance with all State and Federal information security policies and rules.

 (6) Preparing and maintaining security-related reports and data.

 (7) Working with internal and external audit personnel to ensure all findings are addressed in a timely and effective manner.

 (8) Developing and implementing an Incident Reporting and Response System to address security breaches, policy violations and complaints from external parties.

 (9) Serving as the official contact for information security and data privacy issues, including reporting to law enforcement.

 (10) Developing and implementing an ongoing risk assessment program that targets information security and privacy matters by identifying methods for vulnerability detection and remediation and overseeing the testing of those methods.

 (11) Remaining current with the latest information technology security and privacy legislation, rules, advisories, alerts, and vulnerabilities to ensure the sports wagering certificate holder's security program and security software is effective.

 (e) The interactive gaming manager shall report to the information technology director, or other department manager as approved by the Board, and be responsible for ensuring the proper operation and integrity of interactive and mobile application sports wagering and reviewing all reports of suspicious behavior. The interactive gaming manager shall immediately notify the Bureau upon detecting any person participating in interactive and mobile application sports wagering who is:

 (1) Engaging in or attempting to engage in, or who is reasonably suspected of cheating, theft, embezzlement, collusion, money laundering or any other illegal activities.

 (2) A self-excluded person.

 (3) A person that is prohibited by the sports wagering certificate holder or sports wagering operator licensee from sports wagering.

§ 1408.8. Risk management.

 (a) A sports wagering certificate holder or sports wagering operator must implement risk management procedures. These procedures may be provided in-house or by an independent third party.

 (b) A sports wagering certificate holder's or sports wagering operator's internal controls must contain a description of its risk management framework including all of the following:

 (1) Automated and manual risk management procedures.

 (2) User access controls for all sportsbook personnel.

 (3) Information regarding segregation of duties.

 (4) Information regarding fraud detection.

 (5) Controls ensuring regulatory compliance.

 (6) Description of anti-money laundering compliance standards.

 (7) Description of all software applications that comprise the sports wagering system.

 (8) Description of all types of wagers available to be offered by the sports wagering system.

 (9) Description of all integrated third-party systems.

 (10) Any other information required by the Board.

§ 1408.9. Integrity monitoring.

 (a) A sports wagering certificate holder or sports wagering operator must implement integrity monitoring procedures. These procedures may be provided in-house or by an independent third party.

 (b) A sports wagering certificate holder or sports wagering operator must share information in timely manner of unusual betting activity or other suspicious activity regarding sports wagering in this Commonwealth with:

 (1) Other sports wagering certificate holders or sports wagering operators.

 (2) The Board.

 (3) Applicable sports governing bodies/leagues.

 (c) A sports wagering certificate holder or sports wagering operator must submit a yearly report to the Board detailing its integrity monitoring services and summarizing any unusual betting activity or other suspicious activity notifications issued during that time period.

 (d) A sports wagering certificate holder or sports wagering operator receiving a report of unusual betting activity or suspicious activity is permitted to suspend wagering on events related to the report and may only cancel related wagers under procedures previously approved by the Board, or its designee.

 (e) A sports wagering certificate holder or sports wagering operator must provide the Board with remote access to its integrity monitoring system which shall provide at a minimum:

 (1) Reports of unusual betting activity.

 (2) If the activity was determined to be suspicious.

 (3) The actions taken by the sports wagering certificate holder or sports wagering operator.

§ 1408.10. Mandatory logging.

 A sports wagering certificate holder's or sports wagering operator's sports wagering system must comply with the mandatory logging requirements in Subpart L (relating to interactive gaming) of the Board's regulations.

§ 1408.11. Records/data retention requirements.

 A sports wagering certificate holder's or sports wagering operator's sports wagering system must comply with the record/data retention requirements in Chapter 465a (relating to accounting and internal controls) and Subpart L (relating to interactive gaming) of the Board's regulations.

§ 1408.12. Required reports.

 Nothing in this section shall be interpreted to prohibit an onsite sportsbook from accepting anonymous sports wagers at self-service kiosks or point of sale terminals. These wagers should be included in the required reports detailed in this section and identified as ''anonymous player'' or a similar identifier.

 (a) A sports wagering certificate holder's or sports wagering operator's sports wagering system must comply with the reporting requirements in Subpart L (relating to interactive gaming) of the Board's regulations.

 (b) A sports wagering certificate holder or sports wagering operator must generate reports specific to its sports wagering operations as specified by the Board that shall include, at a minimum:

 (1) The report title.

 (2) The date or time period of activity, or description ''as of'' a point in time.

 (3) The date and time the report was generated.

 (4) Page numbering, indicating the current page and total number of pages.

 (5) Subtotals and grand totals as required by the Board.

 (6) A description of any filters applied to the data presented in the document.

 (7) Column and row titles, if applicable.

 (8) The name of the sports wagering certificate holder or sports wagering operator licensee.

 (c) All required reports shall be generated by the sports wagering certificate holder or sports wagering operator licensee, even if the period specified contains no data to be presented. The report generated shall indicate all required information and contain an indication of ''No Activity'' or similar message if no data appears for the period specified.

 (d) The sports wagering certificate holder or sports wagering operator licensee shall provide a mechanism to export the data generated for any report to a format approved by the Board and as often as required by the Board.

 (e) A sports wagering system shall generate, at a minimum, all of the following reports:

 (1) A ''Sports Wagering Account Transaction Report'' which shall include:

 (i) Date of activity.

 (ii) Player's name and account number.

 (iii) Date and time player's session started.

 (iv) Unique transaction number.

 (v) Type of event (for example, Super Bowl 2019).

 (vi) Date and time of each transaction.

 (vii) Amount of each transaction.

 (viii) Type of each transaction (for example, deposit, withdrawal, adjustment, and the like).

 (ix) Method of deposit/withdrawal (for example, cash, debit instrument, prepaid access instrument or credit card, personal check, cashier's check, wire transfer, money order and transfer to/from account).

 (x) User ID and employee name handling the transaction, if assisting player.

 (xi) Amount of outstanding account balance before and after each transaction.

 (xii) Date and time player session ended.

 (xiii) Subtotals by transaction type.

 (xiv) Ending account balance at the end of the player's session.

 (2) A ''Sports Wagering Account Balance Summary Report'' which shall include:

 (i) Date of activity.

 (ii) Player's name and account number.

 (iii) Status of account (for example, active, inactive, closed, suspended, and the like).

 (iv) Date account was opened.

 (v) Date registration information was provided by player.

 (vi) Date registration information was verified by the sports wager certificate holder or sports wagering operator licensee.

 (vii) Date of last activity.

 (viii) Amount of beginning account balance.

 (ix) Total amount of deposit transactions.

 (x) Total amount of withdrawal transactions.

 (xi) Total amount of account adjustment transactions.

 (xii) Amount of ending account balance.

 (3) A ''Daily Sports Wagering Player's Funds Transaction Report'' which shall include:

 (i) Player's name and account number.

 (ii) Amount of beginning account balance.

 (iii) Unique transaction number.

 (iv) Date and time of deposit/withdrawal or account balance adjustment.

 (v) Amount of deposit/withdrawal or account balance adjustment.

 (vi) Nature of deposit/withdrawal (for example, cash, debit instrument, prepaid access instrument or credit card, personal check, cashier's check, wire transfer, money order and transfer to/from casino account).

 (vii) Reason/description of adjustment to account balance, if applicable.

 (viii) User ID and name of employee handling the deposit, withdrawal or account balance adjustment transaction, if assisting authorized player.

 (ix) User ID and name of supervisor authorizing an adjustment to account balance, if applicable.

 (x) Totals for each type of transaction.

 (xi) Amount of ending balance.

 (4) A ''Daily Sports Wagering Account Adjustment Report'' which shall include:

 (i) Player's name and account number.

 (ii) Date and time of account balance adjustment.

 (iii) Unique transaction number.

 (iv) User ID and name of employee handling the account balance adjustment transaction, if applicable.

 (v) User ID and name of supervisor authorizing an adjustment to account balance.

 (vi) Amount of account balance adjustment.

 (vii) Type of account adjustment.

 (viii) Reason/description of adjustment to account balance.

 (5) A ''Sports Wagering Game Play Report'' which shall include all of the following:

 (i) Date of activity.

 (ii) Sport event name.

 (iii) Date and time session started for gaming day.

 (iv) Date and time for each session transaction.

 (v) Type of session transaction.

 (vi) Amount of session transaction.

 (vii) Compensation amount collected by sports wager certificate holder or sports wagering operator licensee.

 (viii) Amount of jackpot win, if applicable.

 (ix) Other amounts collected by sports wagering certificate holder or sports wagering operator licensee.

 (x) Description of other amounts collected.

 (xi) Amounts refunded.

 (xii) Description of amounts refunded.

 (xiii) Date and time session ended for gaming day.

 (xiv) Total amount by transaction type.

 (6) A ''Sports Betting Revenue Report'' which shall include all of the following:

 (i) Date.

 (ii) Type of event.

 (iii) Total wagered.

 (iv) Other amounts collected by sports wagering certificate holder or sports wagering operator licensee.

 (v) Description of other amounts collected.

 (vi) Amounts refunded.

 (vii) Description of amounts refunded.

 (7) A ''Sports Wagering Revenue Deposit Report'' which shall include all of the following:

 (i) Month/year of activity.

 (ii) Bank account number.

 (iii) Date of deposit.

 (iv) Amount of gaming day revenue collected by the sports wagering certificate holder or sports wagering operator licensee.

§ 1408.13. Player accounts.

 A sports wagering certificate holder's or sports wagering operator's sports wagering system must comply with the player account requirements in Subpart L (relating to interactive gaming) of the Board's regulations.

CHAPTER 1409. SPORTS WAGERING ADVERTISEMENTS, PROMOTIONS AND TOURNAMENTS—TEMPORARY REGULATIONS

Sec.

1409.1.General requirements.

§ 1409.1. General requirements.

 A sports wagering certificate holder or sports wagering operator licensee must comply with the advertisement, promotions and tournament provisions of Subparts C—E, I and L regarding its onsite, online and mobile application sportsbooks including those provisions that require certificate holders or licensees to submit all advertisements, promotions and tournament information to the Board.

CHAPTER 1410. SPORTS WAGERING COMPULSIVE AND PROBLEM GAMBLING REQUIREMENTS—TEMPORARY REGULATIONS

Sec.

1410.1.General requirements.

§ 1410.1. General requirements.

 (a) A sports wagering certificate holder or sports wagering operator licensee must comply with the compulsive and problem gambling provisions of Subpart I (relating to compulsive and problem gambling) and Subpart L (relating to interactive gaming) regarding its onsite, online and mobile application sportsbooks.

 (b) A sports wagering certificate holder or sports wagering operator licensee may amend its current compulsive gaming plans, programs, and the like to include sports wagering activities.

CHAPTER 1411. SPORTS WAGERING SELF-EXCLUDED PERSONS—TEMPORARY REGULATIONS

Sec.

1411.1.General requirements.

§ 1411.1. General requirements.

 (a) A sports wagering certificate holder or sports wagering operator licensee must comply with the self-exclusion provisions of Subpart I (relating to compulsive and problem gambling) and Subpart L (relating to interactive gaming) regarding its onsite, online and mobile application sportsbooks.

 (b) A sports wagering certificate holder or sports wagering operator licensee may amend its current self-exclusion plans, programs, and the like to include sports wagering activities.

[Pa.B. Doc. No. 18-1449. Filed for public inspection September 14, 2018, 9:00 a.m.]



No part of the information on this site may be reproduced for profit or sold for profit.

This material has been drawn directly from the official Pennsylvania Bulletin full text database. Due to the limitations of HTML or differences in display capabilities of different browsers, this version may differ slightly from the official printed version.