The Technical Regulations with Respect to the Central IT System of Remote Gambling Operators in Romania: No Longer a Mystery
Published in “Casino Inside”, issue 57
Following the numerous discussions on the IT software requirements that remote gambling operators in Romania should fulfill, the longawaited technical regulations were published on August 12th, 2015, on the National Office for Gambling (NOG) website – thus removing the uncertainty of this subject and providing a first support to online gambling operators who want to apply for a license to organize and an authorization to operate remote gambling in Romania.
Thus, the NOG prepared and published a Draft Order on its official website for approving the content, reports and access to the information transmitted by remote gambling operators, intended to provide the remote gambling operators with the necessary information in order to be able to meet the requirements of art. 15 par. (2) letter i) of the Emergency Government Ordinance no. 77/2009 on the organization and operation of gambling. According to the above-mentioned article, in view of obtaining an authorization to operate remote gambling activities in Romania, the operators must prove that “they hold all the technical equipment that provides the support for organizing and transmitting these types of games of chance mandatorily in Romania, with respect to remote gambling, with the obligation of connecting them to a mirror IT central system connected to the NOG. The IT central system will be connected, by care and on behalf of the organizer, to a terminal located at the NOG, provided for free by the organizers, and will contain, will report and give access to information that will be established by order of the NOG President “.
The above-mentioned Draft Order approves the content of the authorized IT system for remote gambling on Romanian territory, stating that it consists of a central IT system (through which the gaming account is recorded and updated, the gaming is carried on and the payments to the gaming account and revenues are revealed), of a terminal placed at the NOG; for the foreign remote gambling operators which do not have a central IT system in Romania, a centralized mirror system must be added, containing a safe server and a mirror server placed in a location which can be inspected by NOG’s authorized representatives.
Further, the three Addendums included in the Draft Order in question regulate the content, reports and access to the data transmitted by the remote gambling operators to the terminal placed at the NOG (Addendum no. 1), to the mirror server (Addendum no. 2) and to the safe server (Addendum no. 3).
Since the regulations in question are purely technical, we shall briefly present the overall reporting requirements that must be met with respect to the mirror server and the safe server.
General terms on reporting in connection with the mirror server:
- (i) when the game session is closed, the central IT system authorized for the remote operator will generate a report, using a time stamp, with the requested information, which will be submitted in real time to the mirror server;
- (ii) the central IT system will have a mechanism to export or transmit the reported data in the mirror server to the NOG, in CSV format, in order to analyze and inspect/verify the data;
- (iii) the system should be able to store data from the report for a period of 5 years from the date of their collection and processing;
- (iv) the operator will ensure the identity, authenticity, confidentiality and non-repudiability of
the data in the mirror server; - (v) the operator will provide the verification method of the electronic signature and decryption key to the Authority and will let the Authority know how the information on this server is complete and can be found in the central IT system;
- (vi) the report will be signed with an electronic signature, in line with the legal provisions in force (Act no. 455/2001 on the electronic signature and subsequent amendments) and the generated report will be time stamped, in line with the legal provision in force (Act no. 451/2004 regarding the time stamp);
- (vii) the mirror server will be able to generate centralized reports for selectable time periods;
- (viii) the report transmitted to the mirror server will include at least the following data about the game sessions: the game session for bets starts when a player registers as a participant to the game and ends when the winner is decided. For the other types of gaming, the session starts when the player registers as a participant to the game and ends when he or she leaves the game;
- (ix) the game session report will include at least the following information: type of game; unique ID of the game session; unique ID of the player; starting time of the session; ending time of the session; relevant information about geo-location; the amount wagered during the session; the amount won during the session; the amount lost during the session; operator revenue; promotions or bonuses received during the session; promotions or bonuses wagered during the session; funds deposited in the authorized account of the player during the session; funds withdrawn from the authorized account of the player during the session; reason for suspending the session; account balance related to the game at the beginning of the session; account balance related to the game at the end of the session; funds remaining in incomplete games.
General terms on reporting in relation to the safe server:
In addition to the above-mentioned rules at points (iv) – (vi), applicable to the safe server as well, there are several more requirements:
- when a transaction (operation) takes place, the central IT system authorized for the remote gambling operator will generate a report containing the requested information, which will be transmitted in real time to the safe server;
- a transaction means any recording in the central IT system of the operator referring to: the personal data of the participant to the game; his/her financial operations; any operation during a game session (including each hand played, each bet placed); aspects about player protection (self-exclusion, exclusion etc.) related to the Romanian players or to the players using a Romanian IP;
- the information contained on this server and the requested reports about safe server functioning will be accessible from the terminal located at NOG;
- after transmitting data in the safe server, the gambling operator cannot modify the transmitted data.
To conclude, these necessary technical regulations were published at an appropriate time, leaving remote gambling operators the chance to come up with related proposals for amendments and additions (the Order regulating them is currently in draft version). However, they, along with their support teams, have a short deadline for drawing up proposals, most likely until the adoption of the secondary legislation.
It remains to be seen whether these proposals will arrive to the NOG’s attention for debates and whether the latter will consider adopting amendments and / or additions to the Draft Order in question.