United Kingdom Gambling Commission (UKGC)
The UKGC was setup to licence and regulate businesses that want to legally operate a gambling business within the United Kingdom. It was formed under the Gambling Act 2005 so any commercial gambling within the UK could be properly regulated in order to protect consumers.
Currently any online casino that wants to operate in the UK needs to obtain a licence from the UKGC to show trustworthiness and integrity. The UKGC is also the licensee that licenses and regulates the British National Lottery in the United Kingdom under the National Lottery Act 1993.
For those in the UK that want to gamble online, they have the protection of the UKGC, which guarantees that the online casinos, their games, financial handling of player accounts, and UK consumer rights are adhered to.
Consumer rights are protected by the UKGC with several regulations:
- Random Number Generators Regularly Checked
- Financial Handling of Player Accounts Regulated
- 10 Steps to Cyber Security Passed
- 128-bit SSL Encryption
- Privacy Polices are In Place
- ID Varication of Casino Members
- Responsible Gambling Policies
There is also regular news on which casinos or gambling establishments have been fined recently for breaking certain conditions to the UKGC rules, which is great to see. Also, you can read about how the UKGC interactively gets involved to prevent match fixing as well as how it governs the UK gambling industry. Plus, there is a wealth of other media resources available.
What would happen if the UKGC did not exist?
Without the UKGC, some casinos could and would operate as they wish. The games could easily be rigged to give the casino a higher edge, players may not be able to guarantee their winnings are paid out, and player accounts along with the money in those accounts could be shut down for no given reason.
Why is UKGC so Important to the British Public?
Thanks to the UKGC, online casinos cannot operate under their own terms. They must comply to strict rules and regulations put in place to protect the British public and guarantee the nation fair gaming practises are used by the online casinos operating with the UK.
It also gives a place for consumers:
- To find out more information about online casino
- Request a mediator regarding disputes of non-payment of winnings, or account closure
- Report the possibility of a casino producing unfair gaming results
- Report fraudulent activities
In addition to this, the UKGC also encourages employees of the online casinos to report any suspicious behaviour or unethical practises that an online casino may using.
Which types of businesses does the UKGC licence and regulate?
Overall, the UKGC is the main licencing authority for any business that wants to take bets, operate slots, roulette, blackjack, casinos both online and land-based, as well as poker.
Here are some examples:
- Remote gambling (online)
- Online Casinos
- Online Poker
- Online Lottery
- Online Sports Betting
- Any online betting
- Land Based Business
- Poker rooms
- Slot shops
- Gambling Clubs
- High Street Bookmakers
Why is the UKGC so Important for Online Casino Players?
If you decide that you want to play at an online casino for example, the one thing that you would like to guarantee is that you are not being cheated.
With computer software so advanced these days, it would be very easy for someone to create an online slot that says 98% Return to Player but manipulate that slot to pay out only 50%. Likewise, you could operate an online or video Roulette game and program the ball to land on the number that will pay the least amount.
The UKGC has measure in place to make sure that any online business in the UK is not fixing the results of the games made available for real money wagering. There are also financial restrictions as well as privacy policies that the UKGC regulators enforce and regularly check.
We’ll explain how the UKGC regulates each aspect of any website that wishes to offer and advertise online gambling services to the UK public.
- Regulating Random Number Generators (RNGs)
A Random Number Generator a.k.a. RNG is an algorithm used for online casino games. They mimic the results a live dealer or croupier would produce when spinning a Roulette wheel or dealing cards.
- What are RNGs?
They are mathematical codes that produce the same probability and variation of results that a land-based casino game would produce.
In fact, they were first introduced to slots before the internet existed. Back then they were very basic. The RNGs job was to tell the reels when to stop spinning. Each reel would randomly stop, and the slot’s computer would determine if the spin resulted in a win.
Slots are designed with a certain number of symbols on the reels. With X number of symbols, the probability of each combination landing after X number of spins is calculated. The overall probability of winning combinations landing is designed to be under 100%. On live slots it was about 85%, and therefore, slots always had the edge.
However, even a slot could have a bad day because the chip was programmed to stop the reels randomly. As with flipping a coin for heads and tails, we know that heads will not land 5 times out of 10 as probability suggests.
There are variations – known as upswings and downswings. Some days or even weeks a certain slot would lose cash – however, probability always evens out in the end, and over time the slot will have its own upswing and win.
Computerised RNGs are based on this exact concept.
- How does the UKGC regulate RNGs?
In order to regulate the RNGs of casinos that have licenses with the UKGC, third party specialists are used to randomly test online casino games.
The companies that run these tests are familiar with algorithms because they have long been testing the algorithms used in the financial industry; a vital task carried out to ensure that the wrong figures and stocks are avoided, or this could cause a financial crisis in the UK, which in turn would have a negative effect on the global economy.
Partnerships with the International Association of Gaming Regulators (IAGR) as well as the Independent Betting Adjudication Service Ltd (IBAS) determine and put systems in place to ensure those businesses holding online (remote) gambling licenses for games that use RNGs for gaming results are tested.
These tests are held regularly, and should an online casino fail to show that it was acting in according with the strict guidelines in place, severe penalties could be introduced – this could even lead to a suspension or complete revocation of the company’s UKGC licence.
- How do these tests benefit online casino players?
Online casinos make millions every year from UK players playing at their online casino. Land based casinos also make a lot of money! Hence Las Vegas, Atlantic City and other such places became so prevalent.
There is no need for an online casino to risk their license for several reasons:
- Casino games already have an edge
- Compliance failure penalties would be financially severe
- UK resident pump billions of pounds into casinos yearly
If you owned and online casino, what reason would you have to cheat?
Casino games already have the edge, and UK citizens already love to play online casino games as a leisurely activity. Those businesses lucky enough to have been able to open an online casino and obtain a license from the UKGC are already set to make millions in profit from the games alone.
For a few extra pounds in the short term, and getting caught for cheating RNGs is not good business practice for the long term.
This is exactly why the UKGC remote gambling licensing has been put in place. To regulate the online casinos and make sure they play fairly. As a result, if you play at a UKGC licensed casino, you can 100% guarantee that the casino is playing by the rules.
- Financial Handling of Player Accounts
Not all online casinos are guaranteed to be successful. Most will be because they have large marketing budgets and very attractive Welcome Bonus Incentives.
Nonetheless, many real money online gamers do not know what would happen to their casino balance if the casino was to suddenly go into liquidation or declare itself bankrupt.
- The UKGC protects online casino player’s financial balances
Any online casino or online gambling company operating within the UK must have a UK owned financial holding account. This account must hold a sum of cash equal to or more than the total balance of all its members’ account balances combined.
For anyone that plays real money games online this is welcoming news. It means that should their online casino go bankrupt; British laws protect their account balances. Should the casino go bankrupt of into liquidation, the holding account will still have all casino members’ cash, and members would be paid back their casino balances in full.
Having this policy in place also means that the casino cannot use player accounts for the casino’s own purposes such as marketing campaigns, paying out large jackpots and so on. This was a known flaw to online casinos before the UKGC started to regulate online casinos operating in the UK. Some would be using player account balances for marketing, bad investments, and so on.
With the UKGC always keeping checks on the online casinos’ financial status, consumer rights are fully protected. UK online real money gamers can make deposit into a UKGC licenses casino and have peace of mind that their cash is safe no matter what happens to the business that own the casino.
- 10 Steps to Cyber Security
For a remote online gambling operation to obtain a UKGC license, the company must have certain cyber security methods in place.
These rules are set by the National Cyber Security Centre (NCSC) which is part of the UK government: (www.ncsc.gov.uk).
As per the NCSC here are some of the 10 technical factors. Under each one of these factors are all the rules that a UK based online casino or gambling operation must abide to. They must submit evidence of these policies being put in place to the UKGC review team. The review team will make recommendations, and eventually the casino will have passed all 10 steps.
If for any reason one of these steps fails, the UKGC will launch a full investigation into why the casino’s cyber security had a leak. Accountability must be sort after, and if it is the casino’s lack of responsibility found at fault the punishment can be harsh – it could even result in the casino’s UKGC licence being suspended or revoked completely.
- Risk Management
Establish a governance framework, determine what risks an organisation is willing to tolerate and what is unacceptable, ineffective policy implementation, maintain board engagement, produce supporting policies, adopt a lifecycle approach to risk management, apply recognised standards, make use of endorsed assurance schemes, educate users and maintain awareness, and promote a risk management culture.
- Secure Configurations
Use supported software, develop and implement policies to update and patch systems, create and maintain hardware and software inventory, manage your operating systems and software, conduct regular vulnerability scans, establish configuration control and management, disable unnecessary peripheral devices and removable media access, implement white-listing and execution control, limit user ability to change configuration, and limit privileged user functionality.
- Network Security
Manage the network perimeter, use firewalls, prevent malicious content, protect the internal network, segregate networks as sets, secure wireless access, enable secure administration, configure the exception handling processes, monitor the network, and managing user privileges.
- Managing User Privileges
Misuse of privileges, prevent increased attacker capability, negating established security controls, establish effective account management processes, establish policies and standards for user authentication and access control, limit user privileges, limit the number and use of privileged accounts, monitor, limit access to the audit system and the system activity logs, and educate users, and maintain their awareness.
- User Education and Awareness
Produce a user security policy, establish a staff induction process, maintain user awareness of the security risks faced by the organisation, support the formal assessment of security skills, monitor the effectiveness of security training, promote an incident reporting culture, and establish a formal disciplinary process.
- Incident Management
Establish an incident response capability, provide specialist training, define the required roles and responsibilities, establish a data recovery capability, test the incident management plans, decide what information will be shared and with whom, collect and analyse post-incident evidence, conduct a lesson learned review, user awareness, and report criminal incidents to law enforcement.
- Malware Prevention
Develop and implement anti-malware policies, manage all data import and export, blacklist malicious web sites, provide dedicated media scanning machines, establish malware defences, end user device protection, deploy antivirus and malicious code checking solutions, deploy a content filtering capability on all external gateways, install firewalls where appropriate, and user education and awareness:
Detect attacks, react to attacks, account for activity, establish a monitoring strategy and supporting policies, monitor all systems, monitor network traffic, monitor user activity, fine-tune monitoring system, establish a centralised collection and analysis capability, provide resilient and synchronised timing, align the incident management policies, and conduct a ‘lessons learned’ review.
- Removable Media Controls
Prevent loss of information, prevent Introduction of malware, prevent reputational damage, produce corporate policies, limit the use of removable media, scan all media for malware, formally issue media to users, encrypt information held on media, actively manage the reuse and disposal of removable media, educate users and maintain constant awareness.
- Home and Mobile Working
Prevent loss or theft of mobile devices, inform staff they must prevent, being overlooked in public when working, have policies in place that prevent loss of system access credentials, prevent tampering, assess the risks and create a mobile working policy, educate users and maintain awareness, ensure secure storage and management of user credentials, encourage incident reporting, apply the secure baseline build, protect data at rest, protect data in transit and always review the corporate incident management plans.
- How does the 10 Steps to Cyber Security Protect UK Online Casino Players?
As you can see this not a small number of rules to follow. There is a lot of combined team effort that goes into guaranteeing cyber security at an online casino.
For the UK public, means that your data is held privately on the casino’s servers. There are policies in places to make sure the games are not at risk of being hacked. Plus, it means that the chances of hackers getting into your system via casino or financial fraud are limited.
With the UKGC governing any online gambling providers this guarantees the UK public that the casino is acting responsibly and taking cyber security seriously.
In the past, several online casinos have been hacked due to bad policies and not enough governance. The UKGC has put an end to any such risk for anyone that uses an online casino that is licences by the UKGC.
- 128-bit SSL Encryption
With the UKGC’s 10 steps to cyber security in place, all online casinos must use 128-bit encryption. Companies such as Thawte (www.thawte.com) issue enterprise level SSL encrypted certificates between users and the casino.
This creates a secure tunnel to the casino whether you are connecting to the casino via a desktop and broadband, a wireless connection, or via 3G or 4G networks.
It is worth noting that this level of encryption is not only expensive, it is the same grade of encryption used in the British financial industry.
- UK online casino players can play real money games on the move or at home securely!
Thanks to the UKGC’s insistence on using 10 steps to cyber security, anyone connecting to a UKGC licenced casino in the UK can guarantee that their connection is fully encrypted, so you can play at home via a broadband connection, via wireless connections as well as via 3G and 4G while on the move.
- Privacy Polices are In Place
Another rule that the UKGC are very strict about is that any site that offers online gambling must not only keep player information safe, but also ensure member financial credentials are also kept safe.
With the 10 steps to cyber security in place, the casino will have made every effort to ensure that even their own internal staff cannot access a member’s account with explicit privileged access levels and a good reason for needing access to a member account.
If a casino is found guilty of acting irresponsibly when it comes to player privacy, then there are sever consequences. The UKGC license could be at risk.
For this reason alone, no one with a criminal record can work at the online casino. There are strict interviewing and back ground checking procedures in place to guarantee that all personnel with access to the casino’s systems are qualified for the job and have the utmost integrity.
Fraud prevention teams are also necessary, and the casino is always in touch with local police agencies to report any suspicious activities or illegal actions from inside or outside the casino. The casino also guarantees that it will take legal action against any member of staff found guilty of grievance misconduct.
- With UKGC licensed casino your personal and financial information are safe
For an online casino to obtain a UKGC license strict data access, disciplinary, and hiring policies are aligned to the UKGC’s strict licencing rules.
Therefore, playing at a UKGC licensed casino means that you can be rest assured that the casino has had to make sure it has policies and procedures in place to protect you financially and personally.
- ID Varication of Casino Members
Admittedly, there are some people that report that the online casinos can over the top when it comes to ID verification. However, the UKGC has made this a non-negotiable policy that all online casinos that would like to obtain a UKGC license must follow.
- This prevents people under the age of 18 playing real money games online
- It is a fraud prevention measure to protect your financial interests
- It protects casino members from identity theft
These 3 measures have been put in place by the UKGC to align the casinos that they license with UK consumer protection acts.
- Responsible Gambling Policies
Gambling can become a problem for some people. Although online gambling is a leisurely hobby for the majority, it can also cause addiction. Those addicted to gambling do not always just harm themselves, but it can also harm others around them – such as close family – young children and so on.
This means that any online casino that wants to operate under a UKGC license must distinctly have in place ‘gambling awareness’ and ‘responsible gambling policies’.
- Gambling Awareness Policy
On every site with a UKGC license, you will notice that there is plenty of access to websites that help people assess whether they are addicted to gambling. Some of the gambling awareness agencies employ those that used to be addicted to gambling.
Players at an online casino can read up or even use one of the gambling awareness websites to chat to someone if the player believes that he/she may have a gambling problem.
Also, if a family member is concerned that their loved one may have a gambling problem, there is also help for them. Although the person may know the online casino that their loved one is playing on, there is also player privacy, so these websites are not there to ban player accounts. However, they are there to give advice to those being negatively affected by a family member’s gambling habits.
- Responsible Gambling Policies
Every UKGC licensed casino must give its players the option to ‘self-exclude’ themselves from the casino. Many casinos that are not licensed with the UKGC offer this anyway as another online casino gambling authority licenses them.
What is self-exclusion exactly?
It is software built into the casino that allows a player to ban their own account.
Here are some of the self-exclusion options you can expect:
- 24 Hour cool off
- 7 Days
- 14 Days
- 30 Days
- 90 Days
- 6 Months
- 1 Year
- For life
These self-exclusions do not prevent the casino player from logging on or making withdrawals. It just means that the player has self-excluded himself or herself from being able to access any real money games on the casino.
Self-Exclusion is Irreversible
Once the self-exclusion has been activated, this cannot be reversed. All support personnel are told to provide the player with the same answer – “We are very sorry, but this is irreversible”. There is literally zero chance of reversing a self-exclusion.
FINAL VERDICT: The UKGC Gives UK Online Gamblers a Safer Real Money Gaming Experience
Online casinos going unregulated can be a worry.
- Your cash is protected
Imagine winning a large sum of cash, or even depositing a large sum of money and then the casino just bans your account. Or if the casino is bankrupt, and you have a lot of cash in your casino account, and you are being told that the casino cannot pay you.
- An array of policies to protect consumers
There are numerous other scenarios that we could take you through that could negatively affect your online casino experience. Identity theft, your underage child playing at an online casino, unfair gaming results; essentially gaming results not as advertised.
- Consumer confidence
The UKGC has been put in place not for the casinos, but for the consumer. Anyone that wants to play real money online games or bet on their favourite sport can do this safely with any online gaming establishment that takes real money wagers in return for a cash reward on that wager.
- Prevention of rouge online casinos
Rouge casinos that do not follow rules will be refused a license, and those that are not following the rules can have their license suspended or revoked.
With the UK online gambling industry worth billions of pounds per year, the risk of not following the rules or the prospect of being refused a UKGC license is too much to take for any reputable online gambling website.
- Fair gaming results
Probably one of the most important policy put in place by the UKGC is the strict tests imposed on the online casino’s Random Number Generators (RNGs). This is the core of any virtual online casino’s offering. Games must produce the expected returns that you would find in a land-based casino.
Actually, most online games are designed today have been designed to give the player better odds. They can do this because they are not restricted to a local customer base as almost anyone with access to the internet from any location can play at the casino.
With some slots, video poker games and Blackjack games advertising Return to Players (RTPs) in excess of 98%, the UKGC also makes sure that the gaming results are ‘As Advertised’.
- A licensing body with experience
The UKGC licenses and regulates the UK’s very popular National Lottery. It also licenses many other land-based gambling establishments. Since the National Lottery etc. Act 1993, the UKGC has been in action ensuring consumers are protected and that they know exactly what they are spending their money on when it comes to placing bets – even the National Lottery is considered as a form of gambling.
- A resource for real money online gamers
If you visit the UKGC website, you can find out which establishments the licencing body regulates. Latest news on new regulations. Stats and research, how to become a licenced casino and ways that the UKGC is actively helping consumers.
- Casinos are held accountable
Lastly, if you visit the UKGC website, you will see the latest gambling establishments to have been fined for breaking the rules. This shows that the UKGC is actively holding online casino entities to take accountability.
You can contact the UK Gambling Commission at:
Phone From UK: 0121 230 6666
International callers: +44 121 230 6666
Address: Gambling Commission
Victoria Square House