Remote Gambling – Lessons from a Small Jurisdiction

August 2, 2007

The past 12 months have been challenging times for the remote gambling industry.  The arrest of David Carruthers of BetOnSports in July 2006 the passing in the US of the Unlawful Internet Gambling Enforcement Act in October of last year and the action against the founders of the payment processing company NETeller (see box), has meant (to paraphrase a Chinese curse) that the industry does indeed live in interesting times.


NETeller etc


The US Department of Justice’s efforts include several complaints against remote gambling businesses including, for example, the widely reported indictment of BetOnSports PLC, and its founder, Gary Stephen Kaplan on 17 July 2006 on charges of racketeering, conspiracy and fraud and the arrest and detention of BetOnSports’ David Carruthers.  The Unlawful Internet Gambling Enforcement Act (UIGEA) is the first Federal US statute aimed specifically at the remote gambling industry.  In summary, UIGEA seeks to stem the flow of funds to remote gambling operators by regulating payment systems.  Federal regulators were given 270 days from the date UIGEA was signed into law (13 October 2006) to provide regulations dealing with the duties of payment processors under the Act but, as at the date of writing, they have not been forthcoming.  UIGEA has not been used to date as an avenue for the DOJ to proceed against payment processors and indeed it is hard to see how it could be used until the relevant regulations are in force. When the founders of NETeller PLC, Stephen Lawrence and John Lefebvre, were charged in New York in January it was under, inter alia, federal anti-money laundering legislation rather than under UIGEA. On 18 July 2007, NETeller agreed to forfeit $136,000,000 as part of an agreement to defer prosecution of NETeller.


In contrast to the stance taken in the United States in relation to remote gambling, the United Kingdom has taken a more pragmatic “regulate and tax” approach under its Gambling Act 2005, which comes into force on 1 September of this year.  In light of the Gambling Act 2005,[1] it is interesting to look at the legislative approach taken by a neighbouring jurisdiction, namely the Isle of Man, to some of the generic issues that arise in relation to remote gambling.[2] 


From a lawyer’s perspective, the remote gambling industry presents a whole host of legal issues covering data protection, multi-jurisdictional contractual and regulatory issues, systems verification, anti-money laundering issues, intellectual property issues and business continuity, hosting and disaster recovery issues –  to name but a few!  It is outside the remit of this article to look at all of these issues but a selection of some of the issues and how they have been addressed by the Isle of Man will be reviewed.


Background on the Isle of Man


The Isle of Man is recognised as a well regulated and reputable jurisdiction for remote gambling operators and for the companies that provide services to the industry.  Remote gambling is not new to the Isle of Man, which had its first wave of remote gambling companies back in 2000/2001.  The fact that these companies then moved out of the jurisdiction was perhaps seen by some as an indictment of the Isle of Man’s regulatory regime at the time, but in truth probably said more about the nascent stage of the industry at that point.  Undeterred by what may have been perceived as a false start in the remote gambling arena, the Island has continued to assess and where necessary amend its legislation in this area in an attempt to ensure that it meets the needs of the industry but also does not run counter to the needs of other key sectors of the Isle of Man’s economy such as its significant financial services sector.[3] 


The Isle of Man is not and never has been part of the United Kingdom, however, it is part of the British Isles and is a Crown Dependency and therefore has close ties with the UK.  The Island has its own Parliament, Tynwald, which is the oldest continuous Parliament in the world and therefore the Island has a significant degree of autonomy in relation to its domestic legislation and politically.  The Isle of Man is not part of the European Union but it has a special relationship with the European Union as set out in Protocol 3 to the UK’s Treaty of Accession, which allows free movement of industrial and agricultural goods in trade between the Island and the EU. 


E-gaming Legislation


Historically in the Isle of Man, online gaming fell under the Online Gambling Regulation Act 2001 (OGRA) and online betting fell under the terms of the Gaming, Betting and Lotteries Act 1988.  However, it was recognised that, from a practical point of view, it made more sense to consolidate both remote gaming and remote betting into one piece of legislation.  Accordingly, the Gambling (Amendment) Act 2006 was passed by Tynwald to effect the transfer of remote betting from the 1988 Act to OGRA.   Once the 2006 Act comes into force later this year, the legislation that will be relevant to both remote gaming and remote betting in the Isle of Man will be OGRA. 


Under the terms of s 1(1) of OGRA, “online gambling” is defined as:


“Any gaming, where any player enters or may enter the game, or takes or may take any step in the game by means of a telecommunication; the negotiating or receiving of any bet by means of a telecommunication or any lottery in which any participant acquires or may acquire a chance by means of a telecommunication.” 


Under s 1(2), a person “conducts” online gambling where:


“in the case of gaming or a lottery, he takes part in its organisation, management or promotion; in the case of a bet, he carries on any business involving the negotiating or receiving of the bet; or he maintains or permits to be maintained in the Island any computer or other device on or by means of which the game or lottery is operated or the bet is received as the case may be.” 


It is recognised that the terms of s 1(1) and (2) are wide and therefore s 1(3) has a specific carve-out for companies providing hosting services and provides that:


“any service provider shall not be treated as conducting online gambling by reason only that in the course of business it handles electronic communications on behalf of another party with whom he is not associated”. 


There are also exclusions in s 3 of OGRA for certain business carried out online such as insurance business and investment business.  In addition, certain activities are exempt from the licensing regime under OGRA, such as the provision of disaster recovery facilities and the provision of advertising services.


If a party is conducting online gambling in the Isle of Man and it is not subject to the carve out in s 1(3) or the exceptions noted above then such a party requires a licence under the terms of s 4 of OGRA. 


The Role of the Gambling Supervision Commission


The Gambling Supervision Commission (previously called the Gambling Control Commissioners) was originally established in 1962.  It is probably the longest established gambling regulatory body in the world and regulates the entire gambling industry in the Isle of Man (both remote and bricks and mortar), excluding the United Kingdom National Lottery.  The Commission:


  • is responsible for the undertaking of due diligence required before licences under OGRA are granted and will, once the Gambling (Amendment) Act comes into force later this year, be the body that will grant licences under OGRA;


  • ensures that gambling in and from the Isle of Man is fairly and properly conducted and that the provisions of OGRA and the secondary legislation made thereunder are complied with;


  • undertakes the supervision of remote gambling operators in the Isle of Man.


The Licensing Application Procedure under OGRA


Under the terms of OGRA, the Commission will undertake due diligence on any party applying for a licence or otherwise concerned with the operation of any potential licensee.


Any party applying for a licence must provide the Gambling Supervision Commission with information to allow the Commission to decide if the applicant is fit and proper.  The required information will include the following:


  • a detailed schematic of the corporate structure of the proposed licence holder which should include details of directors, company secretary and shareholders who have more than 5% of the issued share capital of any applicant company and should state the jurisdictions in which each company within the structure is located;


  • details of the percentage shareholding of each shareholder within each of the entities within the corporate structure;


  • a copy of the applicant’s business plan together with an indication of its forward projections (both financially and in remote gambling activity);


  • evidence that an effective mechanism to protect player funds will be established;


  • evidence that the applicant is socially responsible in respect of gambling addiction.


Under s 6 of OGRA, the Gambling Supervision Commission can impose certain conditions on the licence if they are appropriate to provide security and maintain such deposits and reserves for the payment of debts arising out of the remote gambling conducted by the licence holder. 


Systems Verification


An issue with remote gaming, as opposed to remote betting, is the requirement to test the true unpredictability of the relevant gaming software.  The provisions regarding this for Isle of Man operators are found in the Online Gambling (Systems Verification) Regulations 2007.  The 2007 Regulations distinguish between remote gaming and remote betting, with remote gaming software requiring to be approved by an accredited third party to ensure that the software is secure and that the data is randomly generated.  In relation to remote betting, the software does not need to be verified by a third party but there are regulations placed on the operator to ensure that players are given sufficient information to verify winnings due to them. 




No jurisdiction could provide services to the remote gambling industry without a first class telecoms infrastructure.  The Isle of Man was the world’s second and Europe’s first jurisdiction to have an operational 3G mobile network which was launched in December 2002 and the world’s first commercial HSDPA 3.5G service was launched in November 2005. The jurisdiction also has two self-healing (SDH) fibre rings and has 1.2 tera bits capacity with just 0.02% utilisation.  The Island also has resilient and reliable power supplies, something that is essential not just for remote gambling operators but for operators looking for jurisdictions within which to base their disaster recovery facilities.


Disaster Recovery


Business continuity and having processes in place to deal with denial of service attacks is essential for remote gambling operators.  Given its excellent technical infrastructure, the Isle of Man is keen to be a centre of excellence not just for remote gambling operators wishing to be licensed in the Isle of Man but also as a jurisdiction providing disaster recovery services.  In view of this, regulations to allow the provision of disaster recovery facilities from the Isle of Man were put in place in 2006 and then updated in 2007 in the form of the Online Gambling (Disaster Recovery) Regulations 2007. 


The 2007 Regulations do not provide a licensing regime for those providing disaster recovery services from the Isle of Man nor do they provide for an accreditation of disaster recovery providers, it being felt that it was best for this to be industry driven rather than driven by the regulator.  The core of the 2007 Regulations is that a disaster recovery provider in the Isle of Man does not need a licence under OGRA to provide disaster recovery facilities and services to an operator that is not licensed in the Isle of Man.  However, if the disaster recovery provider requires to provide this service to allow the overseas remote gambling operator to operate in a live environment from the Isle of Man for a period exceeding 30 days in any 24-month period, then the disaster recovery provider requires the consent of the Commission to an extension of this period.  In addition, the definition of “disaster” is wide enough to cover denial of service attacks, force majeure events or any other unplanned event beyond the reasonable control of the overseas operator.


Data Protection


The Isle of Man has its own Data Protection legislation, namely the Data Protection Act 2002.  Although the 2002 Act is an Act of Tynwald, it is based upon the United Kingdom Data Protection Act 1998 and is drawn up to be compliant with the EC Data Protection Directive 95/46/EC. The European Commission made a formal decision on 28 April 2004, recognising the Isle of Man as a jurisdiction with an adequate level of protection for personal data thereby aiding the transfer of personal data relating to players in and out of the Island.


Anti-money Laundering


It is often claimed – whether rightly or not – that remote gambling is a conduit for money laundering.  Whether this is the case or not, the Isle of Man has a significant financial services sector that it cannot afford to jeopardise and therefore the Island’s AML stance is a robust one.


The Island has had anti-money laundering legislation in place since 1987.   Although not a member of the Financial Action Task Force (“FATF”), the Island fully endorses the FATF’s 40 recommendations on Money Laundering and the 9 Special Recommendations on Terrorist Financing.


Given the nature of remote gaming and betting, AML provisions in relation to these sectors are governed by a Code that is separate to the AML provisions for other businesses.  The Code that applies to AML in the Isle of Man in relation to both remote gaming and remote betting is the Anti-Money Laundering (Online Gambling and Peer to Peer Gambling) Code 2006.  The 2006 AML Code was put in place to deal with peer-to-peer remote gaming models, such as poker.  The 2006 Code provides the usual provisions that satisfactory information is required regarding identity before a payment of 3000 euros is paid out to a player either in one payment or over a three-day period.  In relation to peer-to-peer remote gaming, payments from players may only be taken from banks licensed in the Isle of Man, money service operators in the Isle of Man or licensed banks in one of the jurisdictions noted in the schedule to the Code.




It is an impossible task for legislation to keep up with technology and ever increasingly changing business models – changing and adapting as technology advances and as the business model requires to meet the needs of emerging and, indeed, closing markets.  The Isle of Man has attempted to meet this balancing act.  It would never claim to have a perfect regulatory regime – indeed what folly it would be to claim such.  However, the online gambling genie is out of the bottle – jurisdictions can either hope that the genie goes back into his bottle or attempt to provide effective and realistic regulation.  To finish where this article started – we all do indeed live in interesting times.



Claire Milne is head of the E-business, IT and IP team at Dickinson Cruickshank.

[1] See section 4 of the UK Gambling Act 2005 for the definition of “remote gambling” under that Act.  The relevant Isle of Man legislation – the Online Gambling Regulation Act 2001 makes reference to “online gambling” rather than “remote gambling”.

[2] For copies of the Isle of Man’s legislation in this area, see

[3] The Isle of Man has had 22 years of unbroken economic growth and has maintained its AAA credit rating from both Standard and Poor’s and Moody’s credit rating agencies since such a rating was first awarded in 2000.  Growth in the economy has averaged more than 6% per year in real terms over the past five years.