I The French technical regulation strategy
II The Frontal
III. Securing the gaming experience
IV. The extended control of the gaming transactions
V. Benefits and drawbacks of the Frech technical regulation system
VI. Points of contact/Useful links
2. 2
I. The French technical regulation strategy
***
A controlled opening of the online gaming market serving the strong regulatory objectives
defined by French Law no.2010‐476 dated May 12th 2010:
Prevent excessive or compulsive gambling and protect minors.
Ensure integrity, reliability and transparency of gambling operations.
Prevent fraud or crime, as well as money laundering and financing terrorism.
Technical choices adapted to regulatory issues:
Autonomous access by the regulatory authority to every elementary gaming data
besides data provided by gaming operators, which enables to determine:
Detailed amount of the stakes:
o Global amount on the market
o Detailed amount for each operator/player‐account/gaming
transaction
Gaming transaction details: poker games, betting types, allocation of the bets
Geographical distribution of the bets (IP addresses)
Market transparency for the regulatory authority:
In‐depth control of the gaming transactions
Detection of unusual behaviours:
o Money laundering
o Fraud including sport fraud
o Compliance with problem gambling prevention programs
Secure online gaming operations for consumers with respect to the protection of
personal data (feasibility of the data treatment without disclosure of the players’
identity):
Gaming application type‐approval/certification, security audit of the gaming
platforms (analysis of vulnerabilities)
Player‐accounts control:
o Excluded players
o Moderators (temporary or final self‐exclusion, limitation of deposits,
automatic transfer on paying accounts)
3. 3
The main device: the Frontal
Obligation for the gaming operators to put in place an electronic device entitled
« Frontal » between the player and their platform (cf II.)
Structure of the Frontal:
Sensor : data capture and formatting, transmission to the vault
Vault imperatively located on the Metropolitan French territory: securing and
storage in real time of the data, permanently available to ARJEL.
*
French technical regulatory system therefore enables to:
A. Secure the players’ gaming experience
B. Ensure overall extensive control of the gaming operations
The French technical regulatory system is detailed within technical requirements’ file (DET),
enumerating the operator’s general architecture obligations, and its appendix (technical
documentation), available on ARJEL’s website www.arjel.fr.
***
4. 4
II. FRONTAL
***
The frontal is a collection and storage device of the data exchanged between the player and the
operator’s platform during the gaming transactions. The gaming operator is liable for the
development and the operation of this device, accordingly to its general architecture obligations. The
frontal has to be based upon a framework located on the Metropolitan French territory, therefore
enabling in situ controls.
Every transaction between any player considered to be French (declared as a French citizen or
playing from the French territory) and the operator’s platform must pass through the frontal. To this
end, the gaming operator redirects all connections originating from players considered to be French
to its frontal which proxies the data flow.
The frontal device the operators must develop is composed of two main parts:
‐ A traces’ creation function (Sensor), which ensures the collection, the validation and the
formatting of data;
‐ A traces’ storage function (Vault) which ensures a secured storage of logged data. This
function guarantees comprehensiveness, integrity and confidentiality of the logged data
thanks to chaining, time stamping and encryption mechanisms.
Any elementary transaction between the player and a licensed operator will then create a specific
record in the frontal. Elementary transactions are of three types:
1. Financial transaction (deposits, withdrawals,…) ;
2. Player’s account linked transaction (opening, closing, definition of gaming moderators,…) ;
3. Gaming transaction (placing bets, playing poker games).
ARJEL is able to access data whether physically in situ, or remotely at all time.
6. 6
III. Securing the gaming experience
***
Regulation defined by Law and implemented by ARJEL aims at providing the player with a secured
gaming experience by:
1. Systematically homologating any new gaming application or any major evolution of the
gaming application, in each and every of its technical components, when the application
is made available to the player by the operator or through a website. The homologation
procedure enables to check the security level of the application, the unpredictability of
the random number generator used and the accordance of the rules implemented in
the application source code with the rules presented to the players. Homologation
concerns all the components of the application, including the part of it possibly directly
installed on the player’s terminal ;
2. Periodically auditing the gaming platforms of the operators. These audits are of two types:
a. Those performed by entities selected by ARJEL (certifiers) every year in order to
certify the conformity of the architectures implemented with the frame of reference,
b. Those periodically performed by ARJEL itself, in cooperation with the operators, in
order to enhance the security levels ;
3. Providing the operators with an online service allowing the interrogation of the excluded
players’ file, operated and updated by the French Ministry of Interior. This interrogation
must be completed when a player opens an account and then every month ;
4. Monitoring the frontal in order to check its conformity with the technical requirements and
its security level.
Outline of the procedures for securing the gaming experience
***
9. 9
III. Example : Monitoring a football match
In order to monitor football matches, ARJEL specified two indicators listings, “standard indicators”
and “advanced indicators”.
Examples of “standard indicators” used for the control of the bets placed on the final results of the
match are presented hereinafter. [Please note that equivalent indicators have been specified for the bets placed on
the several game stages]
Number of bets placed on the match ;
Global amount of bets placed on the match ;
Distribution between single and multiple bets;
Number of single bets placed on the match ;
Global amount of single bets placed on the match ;
Average amount of single bets placed on the match ;
Number of 1X2 bets placed on the match [single bets aiming at giving the final result of the
match : victory of the hosting team (1), tie (X), victory of the hosted team (2)] ;
Global amount of 1X2 bets placed on the match ;
Average amount of 1X2 bets placed on the match ;
Number ratio of 1X2 bets in comparison to single bets ;
Amount ratio of 1X2 bets in comparison to single bets ;
Respective number ratios of bets 1, X and 2 in comparison to 1X2 bets ;
Respective amount ratios of bets 1, X and 2 in comparison to bets 1X2 ;
Analysis of most active IP addresses ;
Analysis of most active player‐accounts ;
Geographical distribution of bets in number ;
Geographical distribution of bets in amount ;
Temporal allocation of bets in numbers ;
Temporal allocation of bets in amounts.
The results obtained on the considered match are automatically or manually compared to “standard
values” and any gap is pointed out. A match is considered as requiring an alert when a certain
number of indicators depart from “standard values”.
Besides, controls of players, and not only player‐accounts, are completed. Such controls enable to
follow any transaction occurring on all the player‐accounts belonging to the same player on the
platforms of several operators.
An example of bets control completed on the final result of the match is synthetically presented
hereinafter through the detail of some standard indicators. Indicators are qualified by colors
specifying if the value corresponds (green) or not (yellow – orange – red) to standard values.