Skip to main content

Compliance considerations

To meet their obligations, wagering providers should consider at what points in the customer journey and interactions it makes sense to check BetStop – the National Self-Exclusion Register™ (the Register).

The Interactive Gambling Act 2001 and Register rules do not state that checks of the Register must be undertaken by wagering providers, or define when checks must occur if they are undertaken. Instead, the Interactive Gambling Act sets out when offences will occur. This provides flexibility for wagering providers to take a risk-based approach to their obligations.

For instance, wagering providers could check the Register before every account is opened, or before each bet is taken or before direct marketing occurs. However, a provider may consider this level of checking is not warranted when they review how customers interact with them, what they know about their customers and what controls or assurances are appropriate for their business systems.

For example, if a customer is placing a series of bets sequentially, a wagering provider may decide it is not appropriate to check the Register before each bet is placed. It may be better for a provider to instead check the Register before any bets are placed – for example, when the customer logs in to their account.

Please note these matters are provided for guidance only. They are not intended to be definitive, exhaustive or constitute legal advice. It is each wagering provider’s responsibility to have systems, processes and practices in place to ensure they are compliant.

Compliance obligation 1: A wagering provider must not open a licensed interactive wagering service account for a registered individual

Section of the Act: 61MA


  • What controls do wagering providers have in place to ensure there is integrity in their customer data sufficient to support business practices and meet obligations?
  • What records are retained to demonstrate the reasonable precautions and due diligence exercised?

Compliance obligation 2: A wagering provider must not provide a licensed interactive wagering service to a registered individual

Section of the Act: 61KA


  • Are there customer interaction points where a wagering provider can elicit information about whether they have self-excluded since a check was last made?
  • If this information is sought, how much weight is put on the response as part of risk management processes?
  • What blocks are in place on the account to prevent the customer from betting?
  • When are these reviewed and how often?
  • Do customer account systems have controls that require customers to log back in at regular intervals or establish a new session? 
  • Are those intervals such that it is unlikely that someone would log in, then self-exclude, then try to bet again while the login remains current?
  • What controls do wagering providers have in place to ensure there is integrity in their customer data sufficient to support business practices and meet obligations?
  • What arrangements are in place to maintain the currency of customer information? For example, are arrangements in place to check whether a customer has re-located (and therefore changed postcodes)?
  • To make a request to BetStop – the National Self-Exclusion Register, wagering providers need to provide their customer’s full name, date of birth, postcode, mobile phone number and email address for these to be checked against the register.
    • What processes are in place to validate the information provided by customers during the sign-up process?
    • Do customer databases contain reliable and complete information to enable a wagering provider to make a request to the Register operator? If not, how will this information be sought from customers?
    • Do processes and systems prevent a wagering provider from recording nonsensical names for a customer, for example, accuracy errors, keyboard smashes or fictional characters?
    • Do processes and systems prevent or provide exception reports if someone tries to sign up with a date of birth or other details that are impossible or unlikely?

Compliance obligation 3: A wagering provider must not conduct direct marketing to a registered individual

Section of the Act: 61LA, 61LB, 61LC


  • Are internal lists used to exclude customers from future marketing, including based on customer preferences, other self-exclusions and/or Gambling Incident Registers?
  • Do these inform if and when checks are undertaken for direct marketing?
  • Do check results inform these lists, for instance, if an individual returns a self-excluded result from the Register, can this information inform internal lists?
  • Do processes need to differ depending on the marketing channel?
  • If marketing targets individuals that do not have an active account, but have otherwise consented to receive marketing, how do wagering providers ensure direct marketing does not occur to people who have previously consented to receive marketing material but have subsequently self-excluded via BetStop – the National Self-Exclusion Register?

Compliance obligation 4: A wagering provider must not disclose information about a registered individual for marketing purposes

Section of the Act: 61LD


  • What processes and procedures are in place to safeguard information?
  • Do any third-party arrangements need to be reconsidered or amended?

Compliance obligation 5: A wagering provider must close and not reopen accounts for a registered individual (and pay any credit balance or pay any credit balance for subsequently resolved bets)

Section of the Act: 61MB, 61MC


  • What needs to be done to close an account, including refunding any credit in the customer’s account?
  • If there are pending bets, how is the account managed while those bets are being resolved?
  • How are changes communicated to the customer?

Compliance obligation 6: A wagering provider and their employees and contracted service providers and their employees must not disclose protected information

Section of the Act: 61NB


  • What processes and procedures are in place to safeguard sensitive information?
  • Who needs to know about this information?
  • Does the information need to be disclosed to third parties? If so, what arrangements are in place to ensure that the third party does not disclose information?

Compliance obligation 7: A wagering provider must take reasonable steps to have connectivity in place to enable connection to BetStop – the National Self-Exclusion Register

Section of the Act: 61NC


  • What changes have been made to a provider's system/s to make them capable of connecting to the Register?
  • If providers do not manage their own IT system, how have they managed any third-party arrangements, such as by reconsidering or amending these arrangements?

Other considerations: business systems, practice and processes

  • Have governance, oversight, risk management and compliance assurance processes been updated to reflect the obligations? It is unlikely to be enough to merely have processes in place and/or documented - they must be current, active and regularly reviewed to ensure they remain fit for purpose.
  • Have change management processes for compliance obligations, business processes or IT systems been updated to reflect the obligations?
  • Have any third-party arrangements been reconsidered or amended? For example, have any contractual arrangements with technology providers or other platforms been amended to comply? Are oversight and assurance processes in relation to third parties robust and appropriate for these arrangements?
  • Are the systems, processes and practices in place sufficient to demonstrate reasonable precautions have been taken and due diligence exercised? Are records available and credible?
  • Have terms of service or customer communications been updated to reflect BetStop – the National Self-Exclusion Register?
Back to top