Gamble Hub Legal Directory

1) Mission and scope of the handbook

• Fast navigation to country/state requirements
• operational applicability through checklists, matrices, templates;
• transparent audit of decisions made and license statuses.

The directory addresses Legal, Compliance, Product and Payment Teams, Marketing, BI/Finance, and Management.

2) Taxonomy and structure

1. Licensing and regulators: types of licenses, admission criteria, terms, cost.

2. Taxes and financial statements: GGR/NNR/Turnover-taxes, deductions, contributions to funds, audit requirements.

3. KYC/AML/sanctions: verification levels, SoF/SoW triggers, sanctions lists, STR/SAR.

4. Payments and disbursements: available methods, same-method, limits, TtW/SLA.

5. Responsible game: limits, timeouts, self-exclusion, age control.

6. Advertising and promotion: restrictions on creatives, bonuses, age-gating, influencers.

7. Data protection and security: GDPR/UK GDPR/other, DPIA, DPA, encryption, logs.

8. Disputes, supervision and sanctions: claims procedure, arbitration/courts, standard fines.

Each block is linked to a jurisdiction card and common document templates.

3) Jurisdiction Card - Unified Template

Use this structure for each country/state/territory.

3. 1 Passport of jurisdiction

Regulator (s) and official website: [name/contacts]

Allowed types of online services: casino, slots, live, betting, P2P/PvP, eSports, etc.

Market Status: Regulated/Monopoly/Grey/Prohibited

Server/data localization requirement: yes/no/conditional

Restrictions on game providers: yes/no (list)

3. 2 Licensing

Types of licenses: B2C (operator), B2B (studios/aggregators/platform), special sub-licenses

Key criteria: Substance (office, employees), authorized capital, reputation of beneficiaries

Timing: filing → audit → issuance (range in weeks/months)

Cost: state duty, annual fee, audit/tests (ranges)

Reporting: Financial/Gaming/Responsible Gaming/IT Audit

3. 3 Taxes and fees

Base: GGR/Turnover/Gross Margin

Rates: basic, vertical/rate differentiation, benefits

Add. fees: contributions to responsible funds, municipal fees

Reporting and timing: monthly/quarterly; format; currency rules

3. 4 KYC/AML/Sanctions

Minimum age, mandatory KYC levels

SoF/SoW threshold triggers, revision rate

Sanctions lists and moment of screening (registration/a deposit/conclusion/change of data)

Document retention and deadlines

3. 5 Payments/disbursements

Allowed methods by currency

same-method rule; prohibition of third parties

Limits and frequency; standard SLAs by method

Local PSP/bank requirements

3. 6 Advertising/Marketing/Bonuses

Allowed channels and formats (TV, OOH, social networks, affiliates)

Restrictions on PTC (blind, cashback, "free"), requirements for disclaimers

Temporary "watershed" windows, age marking

Register of creatives/approvals and shelf life

3. 7 Responsible play

Limits (deposit/loss/time), cool-off, self-exclusion (local registries)

UX requirements for alerts and help links

RG Incident Reporting

3. 8 Privacy/Security

Legal Framework (GDPR/Local Law), DPO/Representative

Cross-border transmission mechanisms (SCC/adequacy)

DPIA/pen test/certification (ISO/GLI/iTech Labs if applicable)

Incident Responsibilities (Notice Periods)

3. 9 Disputes/Sanctions/Applicable Law

Claim procedure, response time

Arbitration/Courts, Local Jurisdiction

Typical fines and grounds for suspension/revocation of license

3. 10 Control matrix

License Status: None/In Process/Received/Suspended

Next deadlines: tax → report → audit → extension

RAG status of risks: legal/payment/advertising/RG/data privacy

4) Matrices and checklists (universal)

4. 1 Licensing (Go/No-Go)

• Target Products Allowed (Slots/Live/Bids)
• Confirmed substance (office, employees)
• Transparent beneficiaries; no sanctions/POP risks
• Confirmed duty/audit budget
• Interim roadmap ≤ 6-9 months

4. 2 Taxes and finance

• Tax Model (GGR/Sales Volume) and Vertical Rate
• Reporting and currency requirements
• Provisions for taxes/penalties
• Procedure "late filing" and penalties

4. 3 KYC/AML/sanctions

• KYC age and levels are described in Terms
• Sanction screening on key events
• SoF/SoW Triggers and Query Patterns
• STR/SAR regulation (who/when/where)
• Retention and Access (RBAC)

4. 4 Payments/disbursements

• Method table by country/currency
• Same-method and payment ownership
• SLA/ETA by Link and Queue
• chargeback/dispute policy
• TtW p95 Report

4. 5 Advertising and bonuses

• Age marking and "gamble responsibly"
• Prohibited messages (easy money/social proof for minors)
• Brief conditions in creative (WR/Max Bet/term/contribution)
• Register of creatives/affiliates and contracts
• Campaign Feedback Procedure

4. 6 Privacy/Security

• DPA with processors, Processing Registry
• CMP for cookie and consent log
• DPIA for high-risk streams (KYC biometrics, behavioral anti-fraud)
• Incident Response Plan (24/72h)
• Annual Pen Test/Certification

4. 7 Disputes and Oversight

• Complaint Template and Response SLA
• Complaint registers, solutions and trends
• Roadmap for remediation
• Risk matrix of fines and supervision measures

5) Compliance calendar

• Monthly: tax returns, RG and marketing reports, payment/chargeback reconciliation.
• Quarterly: internal audit of AML/KYC, revision of bonus rules, DPIA update with changes.
• Annual: license renewal, financial audit, pen test, DPA/CMP revision, training (AML/RG/ads).
• Ad-hoc: incidents, changing provider, launching a new vertical/market, changing the law.

For each jurisdiction, keep a local calendar with deadlines, responsible, trusted advisers and budget reservations.

6) Document templates (core)

6. 1 Terms & Conditions (User Agreement) - acceptance, age/geo, KYC/AML, payments/conclusions, bonuses, liability, disputes.
6. 2 Privacy Policy - goals/reasons, cookies/CMP, cross-border transfers, rights of subjects, DPA, retention periods.
6. 3 Bonus Rules - WR, Max Bet, game contributions, deadlines, prohibited strategies, logs.
6. 4 Within & Verification Policy - same-method, KYC thresholds, SLA, grounds for refusal, disputes.
6. 5 Ads & Affiliates Code - age and content restrictions, creative requirements, partner control.
6. 6 Responsible Gaming Policy - limits, self-exclusion, procedure for seeking help.
6. 7 Data Processing Addendum (DPA) - roles, sub-processors, SCC, audits, incidents.

7) Risk models and RAG dashboards

Legal risk: license status, open inspections, fines.
Payment risk: PSP refusal, chargeback growth, sanctions coincidences.
Advertising risk: complaints from the regulator/ombudsman, violations of affiliates.
RG risk: an increase in self-exclusions, miscalculations of limits.
Privacy/IT risk: incidents, DPIA/pen test delay.

Each risk has metrics (KPI/KRI), an "escalation threshold," an owner, and a mitigation plan.

8) Operational playbooks (brief)

P-AML-01: Received STR signal → data collection → legal evaluation → submission of report → account decision.
P-PAY-02: High output amount → ownership check → SoF on triggers → payout/rejection.
P-ADS-03: Complaint about advertising → stop campaign → adjustment of creatives → report to the regulator (if necessary).
P-PRIV-04: Data leakage → notifications within the law → correction of post-mortem →.
P-RG-05: Self-exclusion → instant block of games → payment authorization → support notification.

9) Directory navigation (proposed)

/ legal/overview - how to read cards and matrices.
/ legal/jurisdictions/- list of countries/states with filters (market status, tax, license).
/ legal/templates/- all document templates.
/ legal/checklists/- checklists by function (AML, Ads, Payments, Privacy, RG).
/ legal/calendar/- compliance calendar with deadlines.
/ legal/glossary/- glossary of terms.
/ legal/changelog/- changelog.

10) Glossary (sample)

GGR - gross gaming income (bets − winnings).
Substance - "substantial presence" in the jurisdiction (office, employees, management).
SoF/SoW - source of funds/origin of wealth.
Same-method - output to the replenishment method.
PEP is a politically exposed person.
DPIA - Data protection impact assessment.
CMP is a cookie consent management platform.

11) Editorial policy and data quality

Sources: laws/regulations/official guides, letters from regulators, court decisions.
Attribution: keep a reference to the standard and revision date inside the cards.
Reliability: at least two independent confirmations in controversial interpretations.
Versioning: each card has an owner, vX. Y, date and list of changes.
Expiration date: critical fields (taxes/licenses/SLA) - mandatory quarterly revision.

12) Data frame (recommended by YAML for card)

yaml jurisdiction: "Country/State"
status: "regulated    monopoly    grey    prohibited"
regulator:
name: "Name"
contacts: "email/tel/address"
licences:
- type: "B2C    B2B    vertical"
fees: {application: 0, annual: 0}
timeline_weeks: "8-20"
taxation:
basis: "GGR    turnover    mixed"
rates:
casino: 0. XX sports: 0. XX reporting:
frequency: "monthly    quarterly"
kyc_aml:
age: 18 levels: ["L1","L2","L3"]
sanctions_checks: ["signup","deposit","withdrawal"]
payments:
methods: ["cards","bank","ewallet","crypto? "]
withdrawal_sla_hours: {auto: 6, manual: 24}
ads:
channels_allowed: ["search","social"]
bonus_rules: {wr: "30x bonus", max_bet: 5}
rg:
tools: ["limits","self-exclusion"]
privacy:
law: "GDPR    local"
dpo_required: true disputes:
pretrial_days: 30 forum: "arbitration/court"
notes: "special conditions/exceptions"
version: "v1. 0"
updated: "2025-11-05"
owner: "Legal/Compliance"

13) Mini Implementation Guide

1. Define the market line (Tier 1/2/3) and license priority.
2. Create cards according to the template, fill in the compliance calendar.
3. Apply checklists to KYC/AML, payments, advertising, privacy processes.
4. Peer and publish document templates (Terms/Privacy/Bonus/Within) with local reservations.
5. Include RAG dashboards and quarterly revisions.
6. Set up training for teams (AML/RG/ads/privacy) and escalation rules.

14) Test questions for self-audit

Are all markets covered by vX cards. Y not older than 90 days?
Do the limits/fees/payment methods in the cards and in the interface match?
Are anti-abuse procedures and sanctions described in Terms/Bonus?
Is there a response plan to the regulator's request/privacy incident?
Is there a log of complaints and their outcomes by market?

15) Conclusion

The Gamble Hub Legal Handbook is not a static document, but a compliance operating system. Its value lies in regular revision, transparency of sources, unification of templates and close connection with the product: from onboarding KYC screens to bonus banners and a withdrawal page. Follow the card structure, maintain the calendar, measure KPIs - and the directory will become a reliable compliance outline in all target markets.