This website publishes administrative rules on their effective dates, as designated by the adopting state agencies, colleges, and
universities.
Rule |
Rule 3775-16-01 | Sports gaming systems.
Effective:
October 15, 2022
(A) Sports gaming proprietors must use a
sports gaming system approved by the commission. No wagers may be accepted in
the event of a system failure or unavailability. (B) Sports gaming proprietors must use a sports gaming
system designed to prevent and detect the following: (1) Unauthorized use of an account by someone other than
the account holder; (2) Unauthorized withdrawals from patron
accounts; (3) Wagering by persons under the age of
twenty-one; (4) Wagering by members of the involuntary or voluntary
exclusion lists; and (5) Wagering by other prohibited persons. (C) Sports gaming proprietors must have procedures
governing its sports gaming system. The procedures must include: (1) A description of, and the inter-relationships and
dependencies of, the sports gaming system, hardware, software, and all
integrated supplier modules; (2) A description of physical and logical security of the
sports gaming servers; (3) How it will respond to a failure of the sports gaming
system; (4) Risk management procedures; (5) Change management procedures; (6) Procedures for complying with the data match
requirements of sections 3123.90 and 3775.16 of the Revised Code;
and (7) Procedures for the prevention and detection of attempts
to launder currency. (D) Each sports gaming proprietor must provide read-only
remote access to its sports gaming systems and any hardware or software
required to facilitate this access to the commission in a manner prescribed by
the executive director. All costs associated with providing this access are the
sole responsibility of the sports gaming proprietor. (E) Each sports gaming proprietor must test the recovery
procedures of the sports gaming system on a sample basis at least annually. The
results must be documented and available to the commission upon
request. (F) The executive director may require sports gaming
systems and equipment be verified by the commission at any time, or as
prescribed.
Last updated October 17, 2022 at 8:38 AM
|
Rule 3775-16-02 | Sports gaming system change management.
Effective:
August 15, 2022
(A) The responsible licensee for each
sports gaming system must implement change management policies and procedures
for tracking and controlling changes made to the system. The change management
policies and procedures must include: (1) Procedures for
testing proposed changes in a non-production environment. The non-production
environment must be segregated from the production environment and not have the
capability to alter data in the production environment; (2) Procedures for the
classification of changes in accordance with paragraph (B) of this
rule; (3) Procedures for the
installation of changes into the production environment; (4) Procedures for the
rollback of changes; (5) Procedures for
documenting each phase of the change management process; (6) Procedures for
logging all changes to the system; and (7) Policies to ensure
appropriate segregation of duties to prevent unintended changes from
occurring. (B) Changes made to sports gaming systems
must be reviewed and classified by the responsible licensee as
follows: (1) "High
Impact" is any change to, or addition of, components which impact the
operational integrity of the system. Components include, but are not limited
to, any component deemed to be critical by the certified independent test
lab. (2) "Low
Impact" is any other change to the sports gaming system. (C) High Impact changes require
commission notification at least five business days prior to installation. The
installation may be denied or delayed at the discretion of the executive
director. (D) Changes made to the sports gaming
system that are necessary to remediate an immediate threat or liability may be
installed immediately. The commission must be notified of the change within
forty-eight hours of implementation. (E) The executive director may require
any changes be tested by a certified independent testing laboratory, with
testing completed and a testing laboratory letter provided to the commission
within ninety days.
Last updated August 15, 2022 at 8:43 AM
|
Rule 3775-16-03 | Sports gaming accounts.
Effective:
October 15, 2022
(A) Online sports pool wagers may only be
placed through a sports gaming account compliant with the provisions of this
rule. (B) As required by paragraph (B) of
section 3775.12 of the Revised Code, a patron must register with a type B
sports gaming proprietor and place all wagers on sporting events with a type B
sports gaming proprietor through that registration. This registration is to be
a sports gaming account compliant with the provisions of this
rule. (C) Each sports gaming proprietor must
have procedures for ensuring sports gaming accounts comply with this rule and
any other requirements of Chapter 3775. of the Revised Code and the rules
adopted thereunder, including ensuring, through commercially reasonable means,
that: (1) An individual who
falls into a category of a prohibited person under section 3775.13 of the
Revised Code is not permitted to create a sports gaming account, or permitted
to continue to make wagers once they become prohibited, for as long as that
status applies; and (2) A patron's
identification is re-verified upon reasonable suspicion that the patron's
identification or account has been compromised. (D) Sports gaming proprietors must ensure
that all sports gaming accounts: (1) Include the following
information for each patron, and the sports gaming proprietor must update this
information each time it becomes aware of changes: (a) Full legal name; (b) Date of birth; (c) Primary address; (d) Sports gaming account number or username; (e) If obtained pursuant to paragraph (D)(2)(a) of this
rule, the type of government-issued identification examined, the
government-issued identification number on the identification, and a digital
copy of the identification; (f) The method and any other information used to verify the
patron's identity; (g) The date of identity verification; and (h) A history of the wagers placed; (2) Are only created for
patrons whose identities have been successfully verified and documented.
Verifying and documenting the patron's identity must include: (a) Digital or physical examination of the patron's
government-issued identification, including the use of verification software
designed to confirm the authenticity of the identification; or (b) Methodology for multi-source authentication, which may
include third party and governmental databases, as approved by the executive
director; (3) Provide for the
following upon account creation: (a) A patron must certify that the information provided to
the sports gaming proprietor is accurate and they are not an excluded or
otherwise prohibited sports gaming participant. The sports gaming proprietor
must document this certification; (b) A patron must acknowledge that the legal age for sports
gaming is twenty-one years of age, and that they are prohibited from allowing
any other person to access or use their sports gaming account. The sports
gaming proprietor must document this acknowledgment; and (c) A patron must be notified of available responsible
gaming resources; (4) Provide patrons with
a readily accessible method for closing an account through the sports gaming
proprietor's website or application or upon contact with the
proprietor's customer service team. Upon account closure, the patron must
be notified of available responsible gaming resources, including a helpline
number compliant with paragraph (A)(3) of rule 3775-16-08 of the Administrative
Code; and (5) Provide patrons with
on-demand access to a summary statement of all their patron account wagering
activity during the past year. In addition, a sports gaming proprietor must
provide patrons the ability to request a summary statement of all their patron
account wagering activity during the past five years. On-demand access and
requests must be accessible through the sports gaming proprietor's
website, application, or sports gaming facility. (E) A sports gaming proprietor may allow
a sports gaming account to be deposit-enabled. In addition to the listed
requirements, a deposit-enabled account must: (1) Allow, in accordance
with the proprietor's house rules, accounts to be funded only through the
use of: (a) Deposit of cash or vouchers at an approved cashiering
or kiosk location; (b) Credit or debit card; (c) Promotional credit; (d) Winnings; (e) Corrections made by the sports gaming proprietor with
documented notification to the patron; (f) ACH transfer; (g) Wire transfer; or (h) Any other means approved by the executive
director; (2) Notify the patron of
the establishment of a sports gaming account via electronic mail or regular
mail; (3) Provide patrons with
an easy and obvious method, immediately upon initial account registration and
at all times through the sports gaming proprietor's website or
application, to impose limitations for betting parameters including, but not
limited to, deposits, wagers, and time-based limitations. The self-imposed
limitation method must provide the following functionality: (a) Upon receiving any self-imposed limitation request, the
sports gaming proprietor must ensure that all specified limits are correctly
implemented immediately or at the point in time that was clearly indicated by
the patron; (b) The self-imposed limitations set by a patron must not
override more restrictive sports gaming proprietor-imposed limitations. The
more restrictive limitations must take priority; (c) Once established by a patron and implemented by the
sports gaming system, it must only be possible to reduce the severity of
self-imposed limitations upon the expiration of the self-imposed period;
and (d) An option must be available for patrons to set
automatically renewing self-imposed limits; (4) Include the following
additional information for each patron, and the sports gaming proprietor must
update this information each time it becomes aware of changes: (a) Telephone number; (b) Electronic mail address; and (c) Social security number, or the last four digits of the
social security number, or an equivalent identification number for a noncitizen
patron, such as a passport or taxpayer identification number; (5) Provide patrons the
option to protect access to funded sports gaming accounts with multi-factor
authentication as approved by the executive director; (6) Prohibit a patron
from transferring funds from a sports gaming account to another sports gaming
account; (7) Allow patrons to
withdraw the funds maintained in his or her account, whether such account is
open or closed, within five business days of the request. A request for
withdrawal will be considered honored if it processed by the sports gaming
proprietor notwithstanding a delay by a payment processor, credit card issuer
or the custodian of a financial account. If the sports gaming proprietor
believes in good faith that the patron engaged in either fraudulent conduct or
other conduct that would put the sports gaming proprietor in violation of the
law, the sports gaming proprietor may delay the withdraw of funds to
investigate or otherwise comply with the law. In such cases, the sports gaming
proprietor must: (a) Provide notice to the patron of the general nature of
the investigation of the account; and (b) Conduct its investigation in a reasonable and expedient
fashion, providing the patron additional written notice of the status of the
investigation at least every tenth business day starting from the day the
original notice was provided to the patron; and (8) Refund any balance
remaining in a sports gaming account closed by a patron according to the
account withdrawal requirements of this rule. (F) A sports gaming proprietor that
allows for deposit-enabled sports gaming accounts as described in paragraph (D)
of this rule must have procedures in place to ensure that the manual addition
or subtraction of funds, by the sports gaming proprietor, in a deposit-enabled
sports gaming account are either: (1) Reviewed for any
adjustments of five hundred dollars or less; or (2) Authorized in advance
by supervisory personnel for all other adjustments.
Last updated August 6, 2024 at 12:25 PM
|
Rule 3775-16-04 | Wager rules.
Effective:
October 15, 2022
(A) Sports gaming wagers must only be
accepted from a verified patron account unless otherwise permitted under
Chapter 3775. of the Revised Code and the rules adopted
thereunder. (B) A sports gaming wager must not be
knowingly accepted from a person who is placing the wager for the benefit of
another or is placing the sports wager in violation of state or federal
law. (C) A sports gaming wager must not be
accepted on events for which the outcome has already been
determined. (D) Sports gaming wagers may only be
funded through the funding means allowed in paragraph (E)(1) of rule 3775-16-03
of the Administrative Code. (E) The sports gaming proprietor may, but
need not, cancel an accepted wager for obvious error as defined in the
proprietor's house rules. If a wager is cancelled for obvious error, the
sports gaming proprietor must clearly convey the reason for cancellation to the
patron. (F) Except for obvious error or as
otherwise required under Chapter 3775. of the Revised Code and the rules
adopted thereunder, the sports gaming proprietor must not cancel any wager
without prior written approval of the executive director or at the request of a
patron in accordance with the proprietor's required
procedures. (G) If a patron wishes to void a ticket
written prior to the start of an event, and the void request is approved by the
sports gaming proprietor, the ticket must be verified by the sports wagering
system and a refund must be given to the patron. For printed tickets, a void
designation must be visible on the ticket. (H) Winnings from wagers placed from
sports gaming accounts, funded pursuant to paragraph (E)(1) of rule 3775-16-03
of the Administrative Code, must be deposited into the sports gaming account
upon verification by the sports gaming proprietor. (I) For type B sports gaming proprietors,
winnings from anonymous wagers, as described in paragraph (C) of rule
3775-18-05 of the Administrative Code, must be payable to the patron upon
validation of the ticket by the sports gaming system and verification by the
sports gaming proprietor. (J) For type B sports gaming proprietors,
in the case of a sports gaming system or power failure, tickets may be manually
paid. All manually paid tickets must be marked as "paid" and entered
into the sports gaming system as soon as possible to verify the accuracy of the
payout. All manually paid tickets must be reviewed as part of the daily audit
process. A log for all manually paid tickets must be maintained and
include: (1) The unique
transaction identified; (2) Date and time of the
transaction; (3) Amount of the payout;
and (4) Name of the
employee(s) who processed the transaction.
Last updated October 17, 2022 at 8:38 AM
|
Rule 3775-16-05 | Tickets.
Effective:
October 15, 2022
(A) Upon completion of a sports gaming
wager, the patron must receive an unalterable virtual or printed wager record
from the sports gaming system which must contain, at a minimum, the following
information: (1) Sports gaming proprietor name; (2) The date and time the wager was placed; (3) The date and time the event is expected to
occur; (4) Any patron choices involved in the wager,
including: (a) Wager
selection; (b) Type of wager and
line postings; (c) Any special
condition(s) applying to the wager; and (d) Pay out, applicable
at the time the wager is placed; (5) Total amount wagered, including any promotional
credits, if applicable; (6) The identifier for the sporting event or series of
sporting events; (7) Unique identification number of the wager
record; (8) Expiration period or expiration date (applicable to all
tickets not automatically paid pursuant to paragraph (H) of rule 3775-16-04 of
the Administrative Code); (9) A problem gambling message, including a helpline number
compliant with paragraph (A)(3) of rule 3775-16-08 of the Administrative Code;
and (10) The unique sports gaming device ID that issued the
wager record, if applicable. (B) As required under Chapter 3775. of the Revised Code,
all winning sports gaming tickets expire one year from the last day on which
the relevant sporting event is held. For tickets involving multiple sporting
events, the expiration date is one year from the last day on which the last
relevant sporting event on the ticket is held. Each sports gaming proprietor
must, on the last business day of each month, pay the winnings from all tickets
which have expired to the commission, which will deposit them into the sports
gaming revenue fund. (C) Unless otherwise approved by the executive director,
all payments required by paragraph (B) of this rule must be in the form of an
electronic funds transfer payable to the treasurer of the state of
Ohio. (D) The sports gaming proprietor must notify the commission
of payments made under paragraph (B) of this rule and provide supporting
information for the payments in the format prescribed by the executive
director.
Last updated October 17, 2022 at 8:38 AM
|
Rule 3775-16-06 | Reserve funds.
Effective:
October 15, 2022
(A) Each sports gaming proprietor must always maintain a
reserve in an amount that is equal to or greater than the amount necessary to
ensure the sports gaming proprietor's ability to cover the sum of all
amounts accepted by a sports gaming proprietor on sporting events whose
outcomes have not been determined, money owed but unpaid by the sports gaming
proprietor to patrons on winning wagers, and the funds held for patron
accounts. (B) Reserve funds must be held separate from operational
funds in a manner approved by the executive director. (C) The reserve funds must be held in the form of cash,
cash equivalents, payment processor reserves, payment processor receivables, an
irrevocable letter of credit, a bond, or a combination thereof. (D) Sports gaming proprietors must notify the commission no
less than ninety days prior to ceasing operations and provide a written plan to
settle any outstanding liabilities and refund player account
funds.
Last updated October 17, 2022 at 8:39 AM
|
Rule 3775-16-07 | Tournaments.
Effective:
October 15, 2022
(A) Sports gaming proprietors may conduct
sports gaming tournaments. Only sporting events and wager types listed as
approved in the commission's catalogue are authorized for use in a
tournament. (B) Sports gaming proprietors must maintain and make the
tournament rules available to all tournament patrons prior to the beginning of
the tournament. (C) The tournament rules and procedures must include but
are not limited to: (1) Qualification or selection criteria that limit the
eligibility of tournament patrons; (2) Regulations of the tournament (e.g., beginning and
ending times, number of events, entry fee, elimination factors, cash handling
procedures, etc.); and (3) The nature and value of prizes to be
awarded.
Last updated October 17, 2022 at 8:39 AM
|
Rule 3775-16-08 | Advertising.
Effective:
October 15, 2022
(A) All sports gaming advertisements
must: (1) Clearly convey the conditions under which sports gaming
is being offered, including information about the cost to participate and the
nature of any promotions and information to assist patrons in understanding the
odds of winning. Any material conditions or limiting factors must be clearly
and conspicuously specified. If an advertisement is not of sufficient size or
duration to permit inclusion of such information, that advertisement shall
refer to a website or application that does prominently include such
information within one click; (2) Disclose the identity of the sports gaming proprietor,
mobile management services provider, or management services provider, as
applicable; and (3) Clearly and conspicuously include messages designed to
prevent problem gambling and provide information about how to access resources
related to problem gambling, including one of the following: (a) The national council
on problem gambling's twenty-four hour confidential helpline; (b) The problem gambling
helpline number established under section 3772.062 of the Revised Code;
or (c) Another helpline
approved by the executive director that is free of charge to the
caller. (B) Sports gaming advertisements must not: (1) Depict any individual under the age of twenty-one,
except live footage or images of athletes in sporting events on which sports
gaming is permitted. Any individual under the age of twenty-one may not be
depicted in any way that may be construed as the underage individual
participating in or endorsing sports gaming; (2) Target individuals under the age of twenty-one, other
individuals who are ineligible to participate in sports gaming, individuals
with gambling problems, or other vulnerable individuals; (3) Obscure any material fact; (4) Be false, deceptive, or misleading; or (5) Promote irresponsible or excessive participation in
sports gaming, or suggest that social, financial, or personal success is
guaranteed by engaging in sports gaming. (C) Each direct advertisement, or an advertisement
disseminated to a specific individual or individuals, must clearly and
conspicuously describe a method by which an individual may opt out of receiving
future advertisements. If the direct advertisement is sent via electronic mail,
the described opt out method must include either electronic mail or a linked
online website. All other direct advertisements must include at least one of
the following methods to opt out: (1) Telephone; (2) Regular U.S. mail; (3) Online website or mobile application; or (4) Electronic mail. (D) A
sports gaming proprietor must act upon a request for opt out pursuant to
paragraph (C) of this rule within fifteen days of receipt to ensure the
individual will no longer receive advertisements. (E) A
sports gaming proprietor must not advertise or promote on college or university
campuses located in the state of Ohio except for generally available
advertising, including television, radio, and digital advertising. Any
advertisement shown to be targeting the area of a college or university campus
is not generally available and will be a violation of this
paragraph. (F) Sports gaming advertisements, including logos,
trademarks, or brands must not be used, or licensed for use, on products,
clothing, toys, games, or game equipment intended primarily for persons under
twenty-one years of age. (G) A
sports gaming proprietor must cease the dissemination of an advertisement upon
discovery that the advertisement fails to continue to comply with this rule or
if required by the executive director because the advertisement fails to comply
with Chapter 3775. of the Revised Code, or the rules adopted thereunder, or
otherwise undermines the integrity of sports gaming. (H) Sports gaming advertisements can only be disseminated
in Ohio for sports gaming proprietor applicants or licensees, unless the
advertisement disclaims that the offerings are not available in Ohio or
otherwise makes clear that the offerings are not intended for use in
Ohio. (I) Affiliate marketers need not obtain a supplier license
under rule 3775-4-08 of the Administrative Code solely as a result of their
conduct as an affiliate marketer but must comply with all aspects of this rule
and must not otherwise advertise forms of illegal gambling or gaming in Ohio.
The commission may require a sports gaming proprietor to terminate an affiliate
marketer contract if the affiliate marketer has violated Chapter 3775. of the
Revised Code or the rules adopted thereunder.
Last updated October 17, 2022 at 8:39 AM
|
Rule 3775-16-09 | Promotions and bonuses.
Effective:
October 15, 2022
(A) Sports gaming proprietors may offer
promotions and bonuses. (B) The promotion or bonus rules must be clear and
unambiguous, and include: (1) Date and time the promotion or bonus is active and
expires; (2) Rules of play; (3) Nature and value of prizes or awards; (4) Eligibility restrictions or limitations; (5) Wagering and redemption requirements, including any
limitations; (6) Eligible events or wagers; (7) Cancellation requirements; and (8) Terms and conditions that are full, accurate, concise,
transparent, and do not contain misleading information. (C) Promotions or bonuses described as free or risk-free
must not require the patron to incur any loss or risk their own money to use or
withdraw winnings from the free wager. (D) Promotions or bonuses may require promotion or bonus
funds be played through in order to be withdrawn but must not restrict the
patron from withdrawing their own funds or withdrawing winnings from wagers
placed using their own funds. (E) Sports gaming proprietors must make the promotion or
bonus rules available to patrons and the commission. (F) Sports gaming proprietors must have procedures for the
issuance, acceptance, and tracking of promotions or bonuses. (G) A
sports gaming proprietor must cease the offering of a promotion or bonus upon
discovery that the promotion or bonus fails to comply with this rule or if
required by the executive director because the promotion or bonus fails to
comply with Chapter 3775. of the Revised Code or the rules adopted thereunder
or otherwise undermines the integrity of sports gaming.
Last updated August 6, 2024 at 12:26 PM
|
Rule 3775-16-10 | Integrity monitoring.
Effective:
August 15, 2022
(A) Each sports gaming proprietor must
contract with a certified independent integrity monitor for the purposes of
monitoring sports gaming conducted in this state. The contract should include
any restrictions on dissemination of data by the certified independent
integrity monitor and the sports gaming proprietor. (B) Each sports gaming proprietor must have procedures for
monitoring all sports gaming activity and for identifying activity it believes
to be unusual, including reports of unusual sports gaming activity received
from its contracted certified independent integrity monitor. (C) Sports gaming proprietor employees conducting
monitoring activities must hold a sports gaming employee license when the
employee's duties are such that the individual has the ability to alter
material aspects of sports gaming conducted by a sports gaming
proprietor. (D) Each sports gaming proprietor must provide to its
contracted certified independent integrity monitor the underlying data for
sports gaming activity the proprietor deems to be unusual. Data must be
provided as soon as practically possible. The data must be provided in a format
and method approved by the executive director and include, at a minimum, the
following information for each related sports gaming transaction: (1) Time; (2) Odds; (3) Location; (4) Wager amount; (5) Win amount; (6) Wager type; (7) Team, side, total, or other statistic the wager was
placed upon; and (8) Any other information required by the executive
director. (E) A
sports gaming proprietor may provide the data required under this rule in a
manner which removes the personally identifiable information of
patrons. (F) A
sports gaming proprietor receiving a report of suspicious betting activity may
suspend their related offerings. Proprietors may not cancel previously accepted
related wagers unless the cancellation is approved by the executive
director. (G) All integrity monitoring reports and associated data
are not public records and can only be shared or used to the extent allowed
under Chapter 3775. of the Revised Code and the rules adopted
thereunder.
Last updated August 15, 2022 at 8:43 AM
|
Rule 3775-16-11 | Sports gaming event and wager type requests.
Effective:
October 15, 2022
(A) A list of pending and denied requests will be readily
available on the commission's website. (B) A sports gaming
proprietor must not submit a request for the addition of any item that is
currently in pending status. (C) If a request is denied by
the executive director, any substantially similar request may not be made for
the period of time designated in the sports gaming catalogue.
Last updated October 17, 2022 at 8:40 AM
|
Rule 3775-16-12 | Sports governing body prohibited persons; compliance with division (F) 3775.13 of the Revised Code.
Effective:
October 15, 2022
(A) As enumerated, described, and defined in division (F) of
section 3775.13 of the Revised Code: (1) A sports gaming proprietor must employ
commercially reasonable methods to prevent any person involved in a sporting
event with respect to which sports gaming is permitted from engaging in any
sports gaming with the sports gaming proprietor, based on publicly available
information and any information garnered under paragraph (A)(2) of this
rule. (2) A sports governing body must have a procedure
for providing to the commission a list of persons who are involved in sporting
events, including those persons' full legal names, dates of birth, and
social security numbers, for the purpose of preventing those persons from
engaging in sports gaming. The commission will make the list available to each
sports gaming proprietor and to the state lottery commission. The Ohio casino
control commission, the state lottery commission, and each sports gaming
proprietor must keep the information in the list confidential. (3) A person is considered to be involved in a
sporting event if the person is an athlete, participant, coach, referee, team
owner, or sports governing body with respect to the sporting event; any agent
or employee of such an athlete, participant, coach, referee, team owner, or
sports governing body; and any agent or employee of an athlete, participant, or
referee union with respect to the sporting event. (B) The executive director must approve the procedure in
paragraph (A)(2) of this rule. The procedure must adequately protect the
personally identifiable information of the persons involved in sporting
events.
Last updated October 17, 2022 at 8:40 AM
|
Rule 3775-16-13 | Sports governing body data requests.
Effective:
October 15, 2022
(A) A sports governing body may request
anonymized sports gaming data from a sports gaming proprietor if the sports
governing body believes that the integrity of one of its sporting events is in
question. This request must be appropriately tailored and must
include: (1) The name of the sports governing body; (2) The contact information of an individual who the sports
gaming proprietor or commission may contact if additional information is
needed; (3) The particular sporting event or events at
issue; (4) The data requested, including the specific data types
or fields; (5) A brief description of the reason for the sports
governing body's belief and how the data requested will be of
assistance; (6) Procedures for how the sports governing body will
protect the confidentiality of the data; and (7) Any other information that may be requested on a
specified form. (B) Data provided under this rule must be anonymized and
free of any patron personal information. (C) Upon receipt of a valid request for data, a sports
gaming proprietor must promptly provide the requested data. If the sports
governing body and the sports gaming proprietor cannot come to an agreement on
whether the request is valid, the request must be sent to the commission for
review. The executive director will determine if the request is valid and will
notify the sports governing body and sports gaming proprietor of this decision.
If the executive director determines that the request is valid the sports
gaming proprietor must promptly provide the requested data. (D) Any information or data provided by a sports governing
body or a sports gaming proprietor pursuant to this rule is confidential and is
not to be shared or used for any reason or purpose not contained here, except
as otherwise required by law or order of the commission, or pursuant to an
agreement between a sports governing body and a sports gaming
proprietor.
Last updated October 17, 2022 at 8:40 AM
|
Rule 3775-16-14 | State university data requests.
Effective:
October 15, 2022
(A) A state university, as defined in
section 3345.011 of the Revised Code, may submit a request to receive
anonymized data from a sports gaming proprietor. Valid requests must clearly
fulfill one of the following purposes and must be appropriately tailored for
the stated purpose: (1) To assist the commission, at the request of the
executive director, in ensuring the integrity of sports gaming; or (2) To improve state-funded services related to responsible
gambling and problem gambling. (B) The state university's request must include the
following information: (1) The name of the state university; (2) The contact information of an individual who the sports
gaming proprietor or commission may contact if additional information is
needed; (3) The data requested including the specific data types or
fields; (4) The research purpose of the request, including a
specific description of how the data will be used to meet a permitted purpose
under paragraph (A) of this rule; (5) Who, if anyone, the data may be shared with outside of
the university; (6) Procedures for how the university will protect the
confidentiality of the data; and (7) Any other information required by the executive
director. (C) Data provided under this rule must be anonymized and
free of any patron personal information. (D) Upon receipt of a valid request for data, a sports
gaming proprietor must promptly provide the requested data to the state
university. If the state university and the sports gaming proprietor cannot
come to an agreement on if the request is valid, the request must be sent to
the commission for review. The executive director will determine if the request
is valid and will notify the state university and sports gaming proprietor of
this decision. If the executive director determines that the request is valid
the sports gaming proprietor must promptly provide the requested
data. (E) Any information or data provided by a sports gaming
proprietor to a state university may not be used or shared, except as provided
in division (B)(13) of section 3775.02 of the Revised Code.
Last updated October 17, 2022 at 8:40 AM
|
Rule 3775-16-15 | Information technology.
Effective:
October 15, 2022
(A) Sports gaming proprietors must
maintain an information technology department that is responsible for the
quality, reliability, and accuracy of all electronic systems used in the
operation. (B) Each sports gaming proprietor must maintain IT security
insurance as approved by the executive director. (C) Sports gaming proprietors must ensure that duties in
the information technology department are adequately segregated and monitored
to detect procedural errors, unauthorized access to financial transactions and
assets, and to prevent the concealment of fraud. (D) The information technology environment and
infrastructure must be maintained in a secured physical location that is
restricted to authorized employees. (E) Sports gaming proprietors must adopt procedures for
responding to, monitoring, investigating, resolving, documenting, and reporting
security incidents associated with information technology systems.
Last updated October 17, 2022 at 8:41 AM
|
Rule 3775-16-16 | Security and safety of confidential information.
Effective:
October 15, 2022
(A) Sports gaming proprietors must maintain and make available to
patrons a privacy policy governing its use and storage of patron confidential
information. (B) Sports gaming proprietors
must ensure compliance with applicable state and federal requirements and
industry standards for protecting the privacy and security of sports gaming
patrons and their accounts.
Last updated October 17, 2022 at 8:41 AM
|
Rule 3775-16-17 | Incident reporting.
Effective:
October 15, 2022
(A) Sports gaming proprietors must
immediately report to the commission in a manner prescribed by the executive
director, any information in the sports gaming proprietor's possession
related to any of the following: (1) Any wager in violation of Chapter 3775. of the Revised
Code or the rules adopted thereunder or of federal law; (2) Any conduct that corrupts a betting outcome of a
sporting event for purposes of financial gain; (3) Any IT security breach or other compromising IT
risk; (4) Any breaches of confidentiality of a patron's
personal information; (5) Any physical security breach or other compromising risk
to patrons, employees, or the commission; and (6) Any other incident type required by the executive
director. (B) Sports gaming proprietors must have procedures to
prevent, detect, and report to the commission attempts to launder money through
any of its Ohio licensed sports gaming offerings.
Last updated October 17, 2022 at 8:41 AM
|
Rule 3775-16-18 | Accounting and revenue audit.
Effective:
October 15, 2022
(A) Each sports gaming proprietor must
have procedures and systems for the preparation, use, and maintenance of
complete, accurate, and legible accounting and gaming records, which must
include all transactions. (B) All books, forms, records, documents, and data
submitted to the commission must have the name of the entity, date of
completion, and the title of the book, form, record, document, or stored
data. (C) General accounting records must be maintained on a
double-entry system of accounting with transactions recorded on a basis
consistent with generally accepted accounting principles. (D) Each sports gaming proprietor must comply with Chapter
5753. of the Revised Code and with any requests of the tax
commissioner. (E) Each sports gaming proprietor must have documented
revenue audit procedures. Documentation must be maintained evidencing the
performance of all revenue audit procedures, any exceptions noted, and
follow-up of all exceptions. The executive director will prescribe the method
of documentation and may require additions or modifications to revenue audit
procedures.
Last updated October 17, 2022 at 8:41 AM
|
Rule 3775-16-19 | Internal audit.
Effective:
October 15, 2022
(A) Sports gaming proprietors must maintain one of the following
to annually assess compliance with sports gaming law: (1) A separate internal audit department which is
independent of the sports gaming operation and may be the internal audit
department of a parent entity of the sports gaming proprietor; or (2) A contracted third party independent
registered certified public accounting firm licensed to practice in this state,
whose name and lead audit partner or other person responsible for the
engagement are reported to the commission before the start of the
engagement. (B) The internal audit department or contracted third party must
audit the sports gaming proprietor's compliance with Chapter 3775. of the
Revised Code and the rules adopted thereunder, the house rules, required
procedures, and any other applicable rules and regulations, as required by the
executive director. (C) The internal audit department or contracted third party must
follow the standards, conventions, and rules governing audits in the United
States. (D) The audit satisfying the requirements of this rule must be
performed at least annually with the results documented in an audit report that
must be provided to the commission. (E) Documentation must be maintained to evidence all work
performed as it relates to the requirements of this rule, including all
instances of noncompliance. (F) Follow-up observations and examinations must be performed to
verify that corrective action has been taken regarding all instances of
noncompliance. The verification must be performed within six months following
the date of notification. (G) The commission may require the termination of any audit
engagement under this rule due to lack of qualification, independence, or
capacity or a finding that the contract or conduct performed thereunder poses a
material risk to the integrity of sports gaming in this state. The invalidation
process is an action against the sports gaming proprietor that is subject to
the hearing procedures and disciplinary actions provided for under rules
3775-1-07 and 3775-1-08 of the Administrative Code, respectively. If an audit
engagement contract is terminated, the sports gaming proprietor must enter into
a new audit engagement contract to ensure the requirements of this rule are
met.
Last updated October 17, 2022 at 8:41 AM
|
Rule 3775-16-20 | External audits and other reports.
Effective:
October 15, 2022
(A) Each sports gaming proprietor,
excluding an appointing professional sports organization; mobile management
services provider; and management services provider must have its annual
financial statements audited by an independent registered certified public
accounting firm licensed to practice in this state. The audit must be in
accordance with generally accepted auditing standards and, when applicable, the
standards of the accountancy board. The sports gaming proprietor, mobile
management services provider, or management services provider must report to
the commission the name of the independent registered certified public
accounting firm as well as the lead audit partner or other individual taking
primary responsibility for the financial statement audit engagement before the
start of the engagement. (B) The lead audit partner or other
individual taking primary responsibility for the financial statement audit
engagement may serve a maximum of five years in such a position before being
required to rotate off the engagement. (C) The annual financial statements audit
must be prepared on a comparative basis for the current and prior fiscal years
and present financial position and results of operations in conformity with
generally accepted accounting principles. (D) The audit required by paragraph (A)
of this rule must be filed with the commission, in a format determined by the
executive director, within one hundred twenty days following the end of the
fiscal year. (E) Each sports gaming proprietor must
contract with an independent third party to perform an IT audit. The third
party must be approved by the executive director as qualified, independent, and
capable of performing the audit. The audits must be performed, and a copy of
the report provided to the commission, within ninety days of commencing initial
operations and at least once each calendar year. The audit and corresponding
report must assess the following: (1) The design, controls,
maintenance, and security of the sports gaming proprietor's IT
systems; (2) The sports gaming
proprietor's compliance with the IT and sports gaming system requirements
of this chapter; and (3) Any other subject
required by the executive director. (F) The sports gaming proprietor must
file with the commission the report required by paragraph (E) of this rule in a
format determined by the executive director within one hundred twenty days
following the end of the fiscal year or upon receipt, whichever is
earlier. (G) At any time, the executive director
may require a special audit of a sports gaming proprietor, mobile management
services provider, or management services provider by commission personnel, an
independent registered certified public accounting firm, or any other third
party the executive director approves as qualified, independent, and capable of
performing the special audit. The scope, procedures, and reporting requirements
of any special audit are to be established by the executive
director. (H) The sports gaming proprietor, mobile
management services provider, or management services provider must notify the
commission of any report that is filed, or required to be filed, with the
securities and exchange commission or other securities regulatory
agency. (I) All audits and reports required by
this rule are to be prepared at the sole expense of the sports gaming
proprietor, mobile management services provider, or management services
provider. (J) The commission may require the
termination of any audit engagement under this rule due to lack of
qualification, independence, or capacity or a finding that the contract or
conduct performed thereunder poses a material risk to the integrity of sports
gaming in this state. The invalidation process is an action against the sports
gaming proprietor, mobile management services provider, or management services
provider that is subject to the hearing procedures and disciplinary actions
provided for under rules 3775-1-07 and 3775-1-08 of the Administrative Code,
respectively. If an audit engagement contract is terminated, the sports gaming
proprietor, mobile management services provider, or management services
provider must enter into a new audit engagement contract to ensure the
requirements of this rule are met. (K) Each sports gaming proprietor, mobile
management services provider, or management services provider must file with
the commission a copy of any suspicious activity report filed with the
"Financial Crimes Enforcement Network" related to the conduct of sports gaming
in this state.
Last updated October 17, 2022 at 8:41 AM
|
Rule 3775-16-21 | Patron complaints.
Effective:
October 15, 2022
(A) Whenever a sports gaming proprietor
refuses payment of alleged winnings to a patron or there is otherwise a dispute
with a patron regarding their patron account, wagers, wins, or losses from
sports gaming, and the sports gaming proprietor and the patron are unable to
resolve the dispute to the satisfaction of the patron, the sports gaming
proprietor must notify the patron of their right to file a written complaint.
The notice, which may be satisfied by directing a patron to information housed
on the sports gaming proprietor's website or application, must include the
procedure for filing a written complaint and the sports gaming
proprietor's complaint resolution process. (B) Upon receipt of a written complaint, the sports gaming
proprietor must investigate and provide a written response to the patron within
ten business days. If a sports gaming proprietor needs additional time to
investigate or resolve a complaint beyond the ten business days, the patron
must be notified of the need for additional time and be given an expected time
frame in which the complaint may be resolved. The ultimate response may include
a statement that if the dispute is not resolved to the satisfaction of the
patron, the patron may submit their complaint in writing to the
commission.
Last updated October 17, 2022 at 8:42 AM
|