Philippines - PAGCOR: POGO and Locale

(Section: "Markets and Jurisdictions")

1) Market picture and terminology

• Offshore (POGO/IGL): licenses for operators targeting outside the Philippines (Filipino residents are denied access). In recent years, terminology has been migrating: POGO is increasingly being replaced by IGL (Internet Gaming Licensee), but the essence remains - offshore orientation and strict geo-blocking PH.
• Domestic (local): terrestrial casinos, as well as eGames/eBingo (regulated network access to content linked to licensed halls/terminals and local audience) - a separate rule loop, different from offshore.

Historically, there are alternative economy zones/regulators in the country (for example, CEZA, historically APECO, etc.), whose regimes may differ in procedures and requirements, but it is critical for the market to coordinate target geography, taxes/fees and cross-mode compatibility (including coordination with PAGCOR).

2) Institutions and roles

PAGCOR - licensing, supervision, audit, technical requirements, Responsible Gaming, advertising control, sanctions.
AMLC (Anti-Money Laundering Council) - AML/CFT: CDD/EDD, transaction monitoring, STR/CTR, training and auditing.
BIR/DOF - taxes and fees (gambling taxes, corporate, deductions from staff and non-residents).
NTC/communication providers - block measures by domain/application/mirror.
DILG/PNP/immigration/DOLE - enforcement, inspections, status of personnel (including foreign employees).

3) Offshore contour: POGO/IGL (export target)

Bottom line: the operator/provider receives a license to serve foreign markets. Residents/persons in the Philippines are prohibited from accessing the product.

• Geo-blocking PH: IP/telco/payment segregation, clear isolation of PH traffic, tests for "leaks."
• License structure: separately for operators (B2C) and suppliers (content, platforms, studios, BPO, hosting, anti-fraud, etc.).
• Technical circuit: certification of RNG/game modules, servers/mirrors/DR, NOC/SOC, WORM logging "stavka→raschet→vyplata→korrektirovka," protected API/uploads for supervision.
• KYC/AML: full CDD/EDD, sanctions/PEP, SoF/SoW by trigger, STR/CTR scenarios in AMLC; tight control of "pseudo-merchants" and anonymous routes.
• Personnel and premises: permits for foreign personnel, labor protection, access and CCTV according to regulations.
• Advertising and PR: PH targeting ban; white lists of creatives/channels for countries of destination; compliance log (screenshots/URL/dates/geo/target).
• Reporting: regular reports on GGR/NGR/handle, segregation by products and geo, SLA at the request of the regulator.

4) Domestic circuit: land casinos and eGames/eBingo network

Land casinos: PAGCOR-owned/operated and private based on agreements/concession models. Stringent space, checkout/cage, CCTV, reporting, juvenile restrictions, RG procedures and marketing requirements.

• "Hall + terminals" model: access to content with reference to a licensed location (not free "Internet for the whole country").
• Technical requirements: approved platforms/servers, content and log audits; retention logs; secure communication channels.
• Payments/cash registers: KYC at the entrance/for large operations; ticket/chip/credit accounting; limit control and anti-fraud.

5) Taxes, fees and corporate payments (framework level)

Gambling fees/taxes: different modes apply for offshore and locale; the offshore circuit historically used special gambling taxes/franchise fees on GGR.
Corporate tax/deductions: standard rates under the CREATE-frame (taking into account the status of the company), deductions from the income of foreign personnel, local LGU fees.
Licensing/reg fees: primary and annual fees by category (operator/content/platform/studio/VRO, etc.), as well as deposits/guarantees.
Accounting/invoicing: separate accounting by products, geo and channels (offshore vs local), correct reflection of bonuses, void/cashout, jackpots.

6) AML/KYC и Responsible Gaming

KYC 21 + (for local) and full identification offshore; sanctions/RAP; risk scoring; SoF/SoW by trigger.
Transaction monitoring: behavioral anomalies, device/card/wallet connectivity; prevention of "crushing" and cashing.
STR/CTR: AMLC escalation procedures; investigation logs, staff training, test case samples.
RG: deposit/loss/time limits, "time out "/" cooling, "self-exclusion (registers/flags), no marketing to vulnerable/self-excluded; displaying odds/risks.

7) Advertising, promo and affiliates

Offshore: targeting only permitted foreign jurisdictions, subject to their local rules; prohibition of PH-target (language/channels/creatives/influencers).
Local: outdoor/media advertising - with restrictions; prohibition of misleading claims ("no risk," "guaranteed gain"), mandatory RG disclaimers.
Affiliates: contractual obligations for geo-filters and compliance log; a mechanism for instant recall of creatives; banning cloaking/mirrors.

8) Technical requirements and supervision access

Platform/RNG/data stream certification; version control; secure SDLC.
WORM logs along the chain "contribution/bet → game/match → calculation → payment → adjustment," NTP synchronization, retention according to the standard.
Regulator access: secure APIs/uploads, test accounts, reporting showcases; SLAs on inquiries and incidents.
Information security/stability: encryption at rest/in transit, RBAC/SoD, secret management, penetration tests/scans, DR/BCP with target RPO/RTO.
Geo-compliance: provable PH block (for offshore), language/payment/channel filters; regular "punctures" of protection and their elimination.

9) Enforcement and block measures

NTC/communication providers: blocking domains/applications/mirrors, regulations for hosting and CDNs.
Financial routes: block/monitoring payments to illegal immigrants; sanctions on "pseudo-merchants" and the associated ecosystem.
Inspections and raids: office/studio/VRO inspections, migration status of employees, labor and tax issues.
Sanctions: fines, suspension/cancellation of license, inclusion of assets/domains/companies in blacklists, aggravated criminal cases.

10) Roadmap (operator & provider playbook)

A. Offshore (POGO/IGL, B2C)

1. Licensing: category, beneficiaries (fit & proper), financial support/deposits, office/premises.
2. Geo-contour: provable PH-block, map of destination countries, compliance with local target laws.
3. Technical circuit: RNG/platform certification, WORM logs, API/uploads, SOC/NOC, DR/BCP.
4. Payments/AML: KYC routes only; anti "pseudo-merchant"; SoF/SoW; STR/CTR procedures.
5. RG/Ads: limits/self-exclusion; creative magazine; PH target prohibition.
6. UAT/Go-Live: GGR/NGR/bonus tests; fault tolerance cases; off-switch by country/channel.

B. Offshore (providers: content/platform/studios/VRO)

1. License/accreditation category; SLA, IP rights, escrow, versions.
2. Security and data: DPIA/DTIA, access to environments, access log, segmentation.
3. Reporting: performance and compliance marts; Audit logs/releases.

C. Local (casino, eGames/eBingo)

1. Address permits, layout of premises/terminals; CCTV/cages/cassettes.
2. Accounting/taxes: model pcs. Fees + federal; separate accounting of tables/slots/eGames.
3. KYC/RG: age 21 +, limits, self-exclusion; personnel training.
4. UAT: Cash/Chips/Credits; otchetnost↔billing reconciliation; CCTV/IS stress test.

11) Compliance checklists

Legal perimeter

• Correct category (offshore IGL/POGO or local)
• Geo-target matrix and provable PH block (for offshore)
• Officers assigned: AML/Compliance, RG, Ads, Security, Grievance

Taxes/Fees

• Actual rates of gambling fees/franchise fees/taxes confirmed
• Separate accounting of GGR/NGR/bonuses/void/cashout by geo/channels
• Reporting and payment calendar; otchetnost↔billing reconciliation <0.5%

AML/KYC & RG

• Full CDD/EDD, Sanctions/PEP; SoF/SoW by Trigger
• STR/CTR procedures; training; log/dossier retention
• Limits/timeouts/self-exclusion; banning marketing to self-excluded

Engineering/Information Security

• RNG/Module/Platform Certification; WORM logs; NTP
• Encryption, RBAC/SoD, secret management, penetration tests/scans
• DR/BCP with target RPO/RTO; SLAs for offloads and incidents

Ads/Affiliates

• Prohibit PH-target (offshore), RG-disclaimer (local)
• Compliance log (creatives/URL/dates/geo/target)
• Off-switch by country/channel/site

12) First year KPIs

Fiscal: timely filing ≥99%; discrepancy otchetnost↔billing <0.5%

AML/KYC: mean KYC time; proportion of correct STR/CTR; reduction of "anonymous" routes

RG: share of accounts with active limits; Self-exclusion TTR <1 min

IS/resilience: MTTR incidents; closing high-vulns on time; successful DR tests

Marketing: 0 PH hits offshore; 100% compliance with guidelines on the local

13) FAQ

POGO and IGL are the same thing?
The meaning is close: we are talking about offshore licensing. Terms and category structure evolve - refine current rules and taxonomy.

Is it possible to serve Filipinos under an offshore license?
No, it isn't. Offshore implies a strict ban on PH access (geo/payments/creatives).

Is local eGames a full-fledged online for the whole country?
No, it isn't. This is a network model tied to licensed halls/terminals, with separate technical and cash rules.

What taxes should be included in the model?
Gambling fees/taxes for the selected category + corporate taxes/withholdings, local LGU fees. Base and rates vary by product and are updated.

Note

Fiscal parameters, terminology (POGO ↔ IGL), list of categories and enforcement practices are regularly updated. Check current PAGCOR/BIR/NTC rules, alternative economy zone terms and local LGU site/personnel requirements before making legally relevant decisions.