A Philippine Legal Article on Licensing, Compliance, Corporate Requirements, and Regulatory Considerations

I. Introduction

The Philippine online gaming industry is regulated primarily by the Philippine Amusement and Gaming Corporation, commonly known as PAGCOR. PAGCOR acts both as a government-owned and controlled corporation engaged in gaming operations and as a gaming regulator for licensed private gaming operators and service providers.

A B2B Online Gaming Aggregator occupies a special position in the online gaming ecosystem. It does not necessarily operate as the direct consumer-facing betting platform. Instead, it provides, integrates, distributes, or aggregates online gaming content, systems, platforms, software, game feeds, payment-related interfaces, reporting tools, technical services, or operational infrastructure to licensed gaming operators.

Because online gaming involves public interest, revenue regulation, anti-money laundering controls, cyber risk, consumer protection, responsible gaming, and national policy concerns, a company seeking to act as a B2B online gaming aggregator must comply with PAGCOR licensing rules, corporate law, tax obligations, anti-money laundering requirements, data privacy rules, cybersecurity standards, and contractual restrictions.

This article discusses the Philippine legal and regulatory considerations for applying for a PAGCOR B2B Online Gaming Aggregator License.

---

II. What Is a B2B Online Gaming Aggregator?

A B2B Online Gaming Aggregator is a business-to-business service provider that supplies online gaming-related products or services to licensed gaming operators.

The aggregator may perform one or more of the following functions:

1. Game aggregation The aggregator integrates games from multiple game studios or suppliers and makes them available to licensed operators through one technical connection.

2. Platform integration The aggregator provides middleware, APIs, software, wallets, account systems, dashboards, or other technology used by operators.

3. Content distribution The aggregator distributes casino games, live dealer games, slots, sports betting content, virtual games, number games, e-bingo products, or other approved gaming content.

4. Technical service provision The aggregator may provide back-office systems, reporting tools, game management tools, odds feeds, risk tools, or operational software.

5. Regulatory reporting support The aggregator may support data reporting, game transaction records, player activity records, revenue records, or audit trail functions.

6. Supplier management The aggregator may coordinate with multiple third-party game providers and provide a unified legal, technical, and operational interface to licensed operators.

The exact scope of the license depends on PAGCOR’s applicable regulatory category, licensing conditions, approved activities, and the applicant’s business model.

---

III. B2B Versus B2C Online Gaming

The difference between B2B and B2C is crucial.

A. B2C Online Gaming Operator

A B2C operator deals directly with players. It may register players, accept deposits, offer games, process withdrawals, manage player accounts, handle customer service, and assume direct obligations to customers.

A B2C operator generally faces stricter consumer-facing requirements because it directly interacts with the betting public.

B. B2B Online Gaming Aggregator

A B2B aggregator generally provides services to licensed operators, not directly to players. It may not be allowed to accept wagers, register players, hold player funds, advertise to the public, or operate a gaming site unless separately authorized.

The B2B aggregator’s obligations usually focus on:

• licensing suitability;
• technical integrity;
• system security;
• game fairness;
• contractual compliance;
• audit trails;
• reporting;
• anti-money laundering cooperation;
• data privacy;
• responsible gaming support;
• restrictions on dealing with unlicensed operators.

A B2B license should not be treated as permission to conduct all forms of online gaming. The license holder must operate only within the activities approved by PAGCOR.

---

IV. Legal Basis of PAGCOR Regulation

PAGCOR’s authority comes from its charter and related laws, as well as regulatory powers delegated to it over gaming activities. PAGCOR has authority to regulate and license certain gaming operations, including online gaming-related activities, subject to national law, executive policy, and applicable regulatory issuances.

The legal framework may involve:

• PAGCOR Charter;
• laws governing gambling and games of chance;
• anti-money laundering laws;
• corporate registration laws;
• foreign investment rules;
• tax laws;
• Data Privacy Act;
• cybercrime and cybersecurity laws;
• consumer protection and responsible gaming rules;
• PAGCOR regulatory manuals, circulars, application forms, and license conditions;
• local government requirements, where applicable.

Because gaming is a regulated privilege and not an ordinary unrestricted business, a license is not merely a formality. PAGCOR may examine the applicant’s ownership, capitalization, financial capacity, system integrity, business partners, beneficial owners, compliance program, source of funds, tax standing, and reputation.

---

V. Importance of Licensing

A company should not provide online gaming aggregation services in the Philippines, or to PAGCOR-regulated operators, without determining whether a PAGCOR license, accreditation, authorization, or approval is required.

Operating without proper authorization may expose the company and its responsible officers to:

• denial of future licensing;
• cease-and-desist action;
• fines and penalties;
• contract invalidity issues;
• blacklisting;
• tax exposure;
• anti-money laundering scrutiny;
• cybercrime or illegal gambling concerns;
• reputational damage;
• administrative and criminal liability, depending on the facts.

Gaming licenses are highly regulated because they affect public order, government revenue, anti-money laundering compliance, player protection, and national policy.

---

VI. Who May Apply?

A PAGCOR B2B online gaming aggregator license is generally sought by a juridical entity rather than an individual. The applicant may be:

• a Philippine corporation;
• a foreign corporation registered or authorized to do business in the Philippines;
• a local subsidiary of a foreign gaming technology company;
• a joint venture company;
• a software/platform provider with Philippine regulatory presence;
• a game aggregation company serving licensed operators.

The proper structure depends on PAGCOR’s licensing category, foreign ownership rules, Philippine corporate law, tax planning, contractual arrangements, and operational model.

---

VII. Corporate Structuring Considerations

Before applying, the applicant should determine the correct corporate structure.

A. Domestic Corporation

A domestic corporation incorporated with the Securities and Exchange Commission may be preferred when the business will maintain a Philippine operating presence, local office, employees, local contracts, and Philippine regulatory accountability.

B. Branch Office of Foreign Corporation

A foreign corporation may register a branch to do business in the Philippines. A branch is not a separate juridical entity from the foreign parent, which may have tax, liability, and regulatory implications.

C. Representative Office

A representative office generally cannot earn income in the Philippines and may not be appropriate for actual commercial gaming aggregation activity.

D. Subsidiary

A foreign gaming technology company may form a Philippine subsidiary to isolate liability, comply with local licensing, and enter into local contracts.

E. Joint Venture

A joint venture with a local entity may be used for market entry, but must be carefully structured to address control, licensing responsibility, revenue sharing, intellectual property, compliance, and exit rights.

---

VIII. Foreign Ownership Issues

Foreign ownership restrictions depend on the legal characterization of the business. Gaming, mass media, advertising, public utilities, nationalized activities, and certain regulated industries may involve ownership restrictions or special rules.

A B2B online gaming aggregator must determine whether its activities are treated as:

• gaming operations;
• software services;
• technology services;
• value-added services;
• payment-related services;
• marketing or advertising;
• data processing;
• offshore service provision;
• domestic market enterprise.

Foreign ownership analysis should be done before SEC registration and licensing application. PAGCOR may also impose its own suitability and ownership disclosure requirements regardless of general corporate ownership rules.

---

IX. Capitalization Requirements

PAGCOR may require proof of financial capacity, capitalization, working capital, or security deposits. Even where the law does not prescribe a single universal capitalization figure for all business models, the regulator may examine whether the applicant has enough financial resources to:

• build and maintain the platform;
• pay regulatory fees;
• maintain compliance staff;
• provide cybersecurity protections;
• satisfy contractual obligations;
• maintain audit and reporting systems;
• withstand operational risk;
• cover penalties, player-related claims, or service disruptions;
• pay taxes and government charges.

Documents may include bank certificates, audited financial statements, capitalization records, proof of inward remittance, shareholder funding documents, board approvals, and source-of-funds information.

---

X. Fit-and-Proper Review

Gaming regulators commonly evaluate whether the applicant, shareholders, directors, officers, beneficial owners, and key personnel are fit and proper.

The review may include:

• identity verification;
• beneficial ownership disclosure;
• criminal background checks;
• tax compliance;
• financial standing;
• litigation history;
• regulatory history;
• sanctions screening;
• insolvency history;
• source of funds;
• gaming industry experience;
• reputation and integrity;
• conflicts of interest;
• prior license revocations or disciplinary actions.

The purpose is to ensure that only suitable persons control or influence licensed gaming activities.

---

XI. Beneficial Ownership Disclosure

A B2B online gaming aggregator applicant should be prepared to disclose its ultimate beneficial owners.

This may include:

• direct shareholders;
• indirect shareholders;
• parent companies;
• holding companies;
• nominee arrangements;
• voting arrangements;
• trusts;
• founders;
• persons with significant control;
• persons entitled to economic benefits;
• persons exercising management control.

Gaming regulators usually look beyond the SEC General Information Sheet and corporate layers to identify the real persons who own, control, finance, or benefit from the business.

Failure to disclose beneficial ownership accurately may result in denial, suspension, cancellation, or penalties.

---

XII. Scope of Licensed Activities

A license application must clearly define the proposed business activity. PAGCOR may require the applicant to identify whether it will provide:

• online casino game aggregation;
• sports betting feed aggregation;
• live dealer integration;
• electronic gaming platform services;
• gaming management system;
• random number generator-based games;
• wallet or account management tools;
• transaction reporting systems;
• affiliate or marketing platform services;
• odds feeds;
• risk management tools;
• anti-fraud systems;
• customer support tools;
• content distribution;
• API integration services.

The company should avoid vague descriptions. The license granted may be limited to the specific products, services, systems, domains, operators, studios, and jurisdictions approved.

---

XIII. What the License Does Not Automatically Allow

A B2B aggregator license may not automatically allow the licensee to:

• operate a consumer-facing betting website;
• accept bets directly from players;
• maintain player accounts;
• hold player deposits;
• process player withdrawals;
• market directly to Filipino players;
• offer games to unlicensed operators;
• provide games not approved by PAGCOR;
• use untested or uncertified software;
• conduct junket operations;
• conduct payment services requiring separate licensing;
• operate outside approved jurisdictions;
• subcontract regulated functions without approval.

The licensee must stay within the scope of the approved authority.

---

XIV. Application Preparation

Before filing an application, the applicant should prepare a complete legal, technical, financial, and compliance package.

Typical preparation includes:

1. corporate formation or registration;
2. appointment of directors and officers;
3. identification of beneficial owners;
4. business plan;
5. technical system description;
6. compliance manual;
7. AML and counter-terrorist financing policy;
8. responsible gaming policy;
9. cybersecurity policy;
10. data privacy compliance documents;
11. tax registration;
12. local permits, if applicable;
13. contracts with game suppliers;
14. draft contracts with licensed operators;
15. system testing and certification plan;
16. source-of-funds documentation;
17. organizational chart;
18. internal controls;
19. disaster recovery plan;
20. incident response plan.

---

XV. Application Documents

The exact documentary requirements depend on PAGCOR’s current application checklist and license category, but applicants should expect to prepare documents such as:

A. Corporate Documents

• SEC Certificate of Incorporation or registration;
• Articles of Incorporation;
• By-Laws;
• latest General Information Sheet;
• board resolution authorizing the application;
• secretary’s certificate;
• organizational chart;
• ownership structure;
• beneficial ownership chart;
• parent company documents, if applicable;
• foreign company registration documents;
• apostilled or authenticated documents for foreign shareholders;
• local business permits, if required.

B. Personal Documents of Directors, Officers, and Shareholders

• passports or government IDs;
• personal information sheets;
• curriculum vitae;
• police clearances or equivalent;
• NBI clearances, if applicable;
• tax identification information;
• declarations of good standing;
• litigation and regulatory history disclosures;
• fit-and-proper declarations.

C. Financial Documents

• audited financial statements;
• bank certificates;
• proof of capitalization;
• source-of-funds documents;
• tax clearances;
• business plan and financial projections;
• payment of application fees;
• proof of security deposit, if required.

D. Technical Documents

• platform architecture;
• system flow diagrams;
• game integration process;
• API documentation;
• server infrastructure description;
• data storage and backup plan;
• cybersecurity controls;
• encryption standards;
• access control policy;
• system audit logs;
• monitoring tools;
• disaster recovery plan;
• business continuity plan;
• vulnerability assessment and penetration testing results;
• third-party testing certificates;
• game fairness certificates;
• RNG certification, where applicable.

E. Compliance Documents

• AML/CTF policy;
• know-your-customer support procedures;
• suspicious transaction escalation process;
• responsible gaming policy;
• risk management framework;
• internal audit plan;
• regulatory reporting procedures;
• data privacy manual;
• privacy notices;
• data processing agreements;
• incident response procedures;
• outsourcing policy;
• sanctions screening process.

F. Commercial Documents

• list of game suppliers;
• supplier licenses or certifications;
• software licensing agreements;
• intellectual property ownership or license documents;
• operator service agreement templates;
• service level agreements;
• revenue sharing model;
• subcontractor agreements;
• payment processor arrangements;
• cloud service agreements;
• support and maintenance contracts.

---

XVI. Application Process

The application process generally involves the following stages.

1. Pre-Assessment

The applicant determines whether its business model requires a PAGCOR license, accreditation, or approval. This stage includes legal classification, corporate structuring, ownership review, and document preparation.

2. Submission of Application

The applicant submits the prescribed application forms, corporate documents, technical documents, compliance documents, and initial fees.

3. Documentary Review

PAGCOR reviews the application for completeness and may require additional documents, clarifications, or revisions.

4. Fit-and-Proper Evaluation

PAGCOR may examine the applicant’s shareholders, directors, officers, beneficial owners, and key persons.

5. Technical Evaluation

The applicant’s system may be evaluated for security, reliability, game integrity, auditability, transaction tracking, data protection, and reporting capability.

6. Payment of Fees and Deposits

The applicant may be required to pay application fees, processing fees, license fees, performance bonds, security deposits, or other regulatory charges.

7. Inspection or Demonstration

PAGCOR may require system demonstrations, office inspection, server inspection, document validation, or technical walkthroughs.

8. Approval, Conditional Approval, or Denial

If approved, the applicant may receive a license, provisional authority, accreditation, or conditional approval subject to compliance with post-approval requirements.

9. Post-Licensing Compliance

After approval, the licensee must comply with continuing obligations, reporting rules, audits, renewal requirements, and operational restrictions.

---

XVII. Technical System Requirements

A B2B online gaming aggregator must maintain a reliable, secure, auditable, and regulatorily compliant technical system.

Key technical requirements may include:

1. System integrity The platform must process gaming transactions accurately and prevent manipulation.

2. Audit trail Every transaction should be logged, including game rounds, bets, wins, cancellations, voids, adjustments, and settlement events.

3. Game fairness Games must be fair, tested, and not capable of hidden manipulation.

4. Random Number Generator certification RNG-based games may require certification from recognized testing laboratories.

5. Access controls Administrative access must be limited, logged, and subject to authorization controls.

6. Cybersecurity Systems should be protected against hacking, malware, unauthorized access, data breach, denial-of-service attacks, and insider abuse.

7. Data retention Records must be retained for the period required by law, regulation, and contract.

8. Real-time or periodic reporting The platform may need to support reporting to PAGCOR or licensed operators.

9. Segregation of environments Development, testing, staging, and production environments should be separated.

10. Incident response The licensee should have a plan for technical failures, breaches, game errors, suspicious activity, and regulatory notifications.

---

XVIII. Game Certification and Testing

If the aggregator supplies games, the games may need testing and certification. Testing may cover:

• fairness;
• return-to-player percentage;
• RNG behavior;
• game rules;
• payout tables;
• volatility;
• jackpot mechanics;
• error handling;
• game logs;
• session management;
• responsible gaming features;
• security controls.

The aggregator should ensure that every game supplied to a licensed operator is legally authorized, technically certified, and consistent with PAGCOR-approved game rules.

Unapproved or uncertified games may expose both the aggregator and the operator to regulatory penalties.

---

XIX. Server and Hosting Considerations

PAGCOR may require disclosure or approval of server locations, hosting arrangements, data centers, cloud providers, and disaster recovery sites.

Important issues include:

• whether servers are located in the Philippines or abroad;
• access by PAGCOR or auditors;
• data sovereignty;
• redundancy and availability;
• physical security;
• encryption;
• backup retention;
• disaster recovery;
• monitoring;
• subcontractor controls;
• cross-border data transfer;
• law enforcement access;
• business continuity.

Cloud hosting may be acceptable only if the licensee can demonstrate security, auditability, control, and regulatory access.

---

XX. Anti-Money Laundering Compliance

Gaming is a sensitive sector for money laundering risk. Even a B2B aggregator that does not directly onboard players may have AML obligations or indirect AML responsibilities.

The aggregator should support licensed operators in:

• customer identification;
• transaction monitoring;
• suspicious transaction reporting;
• sanctions screening;
• fraud detection;
• account behavior analytics;
• large transaction monitoring;
• recordkeeping;
• audit logs;
• risk scoring;
• detection of multiple accounts or collusive play.

The aggregator’s own AML program should also address:

• source of funds of investors;
• payments from operators;
• revenue sharing;
• suspicious commercial arrangements;
• counterparties in high-risk jurisdictions;
• cryptocurrency exposure;
• shell company risks;
• sanctions and politically exposed persons.

If the aggregator handles funds, wallets, payment routing, or settlement, AML risk increases significantly and may require additional licensing or controls.

---

XXI. Data Privacy Compliance

A B2B online gaming aggregator may process personal information, even if it does not directly deal with players. It may receive or access:

• player IDs;
• usernames;
• IP addresses;
• device identifiers;
• geolocation data;
• transaction logs;
• bet history;
• wallet references;
• risk scores;
• responsible gaming flags;
• customer support records;
• identity verification status;
• suspicious activity indicators.

The aggregator must comply with the Data Privacy Act of 2012 and related rules.

Key requirements include:

• lawful basis for processing;
• data processing agreements with operators;
• data sharing controls;
• privacy notices, where applicable;
• security measures;
• access control;
• breach notification procedures;
• cross-border transfer safeguards;
• retention schedules;
• data subject rights procedures;
• appointment of a data protection officer, where required;
• registration or compliance with National Privacy Commission requirements, where applicable.

Data privacy obligations should be addressed in operator contracts and supplier agreements.

---

XXII. Cybersecurity and Incident Reporting

Online gaming systems are frequent targets of cyberattacks. A B2B aggregator must maintain a cybersecurity program covering:

• network security;
• application security;
• secure coding practices;
• encryption;
• penetration testing;
• vulnerability management;
• endpoint security;
• intrusion detection;
• privileged access management;
• multi-factor authentication;
• log monitoring;
• incident response;
• cyber insurance, where appropriate;
• employee security training;
• vendor risk management.

If a breach occurs, the aggregator may have obligations to notify operators, PAGCOR, the National Privacy Commission, law enforcement, or affected persons depending on the incident.

A breach involving game integrity, player funds, personal data, or regulatory reporting can result in severe consequences.

---

XXIII. Responsible Gaming Obligations

Even if the aggregator is B2B, its systems may need to support responsible gaming controls. These may include:

• self-exclusion features;
• deposit limits;
• loss limits;
• session limits;
• time-out features;
• reality checks;
• age verification support;
• prevention of underage gambling;
• responsible gaming messages;
• exclusion list integration;
• problem gambling indicators;
• reporting tools for operators.

The aggregator should not design systems that encourage illegal, underage, or irresponsible gambling.

---

XXIV. Age and Location Restrictions

Online gaming platforms must prevent access by prohibited persons and prohibited jurisdictions. A B2B aggregator may be required to support:

• geolocation controls;
• IP blocking;
• VPN detection;
• age verification;
• jurisdictional restrictions;
• player exclusion lists;
• operator-level access controls;
• domain restrictions;
• device and account risk flags.

If the aggregator supplies content to operators serving prohibited markets, the aggregator may face licensing issues.

---

XXV. Dealing Only With Licensed Operators

A B2B online gaming aggregator should provide services only to operators duly licensed or authorized to offer the relevant games in the relevant market.

Contracts should require operators to represent and warrant that they have all required licenses. The aggregator should conduct due diligence before onboarding operators.

Due diligence should include:

• license verification;
• ownership review;
• sanctions screening;
• regulatory history;
• AML risk assessment;
• jurisdictional authority;
• tax and compliance status;
• responsible gaming controls;
• marketing practices;
• payment methods;
• reputation checks.

Providing gaming content or technology to unlicensed operators may jeopardize the aggregator’s license.

---

XXVI. Supplier and Game Studio Due Diligence

If the aggregator integrates third-party game suppliers, it must conduct due diligence on those suppliers.

The aggregator should review:

• corporate registration;
• gaming licenses;
• game certifications;
• IP ownership;
• source code control;
• RNG certification;
• cybersecurity controls;
• sanctions status;
• regulatory history;
• financial standing;
• data processing practices;
• subcontractors;
• prohibited jurisdictions.

The aggregator should ensure that supplier contracts allow regulatory inspection, audit, suspension, and removal of games when required.

---

XXVII. Intellectual Property

A B2B aggregator must have lawful rights to use, distribute, sublicense, integrate, or make available the games and software it provides.

Important IP documents include:

• software license agreements;
• game distribution agreements;
• source code escrow agreements;
• trademark licenses;
• content use rights;
• API license terms;
• white-label agreements;
• sublicensing rights;
• territorial restrictions;
• exclusivity clauses;
• ownership of modifications;
• confidentiality clauses.

PAGCOR or operators may require proof that the aggregator has legal authority to distribute the games.

---

XXVIII. Contracts With Operators

A B2B online gaming aggregator should use carefully drafted service agreements with licensed operators.

Key clauses include:

1. Scope of services Define what the aggregator provides and what it does not provide.

2. Regulatory compliance Require both parties to comply with PAGCOR rules and all applicable laws.

3. Licensing warranty Operator must maintain required gaming licenses.

4. Approved games only Only authorized games may be offered.

5. Jurisdictional restrictions Operator must block prohibited markets and users.

6. Revenue share and fees Specify gross gaming revenue, net gaming revenue, deductions, taxes, chargebacks, bonuses, jackpot contributions, and payment schedules.

7. Data processing Allocate privacy responsibilities and security obligations.

8. AML cooperation Require cooperation for monitoring, reporting, investigations, and recordkeeping.

9. Audit rights Allow access to logs, records, systems, and reports.

10. Service level agreement Define uptime, support, maintenance, incident response, and remedies.

11. Game suspension rights Allow immediate suspension for regulatory, security, or integrity reasons.

12. Termination rights Include termination for license loss, illegal activity, non-payment, breach, sanctions, or regulatory direction.

13. Indemnity Allocate liability for regulatory breaches, data breaches, IP claims, and unauthorized operations.

14. Confidentiality Protect business and technical information.

15. Regulatory override State that PAGCOR directives prevail over inconsistent contractual obligations.

---

XXIX. Revenue Share and Tax Considerations

B2B aggregators often earn through:

• fixed platform fees;
• monthly license fees;
• setup fees;
• per-game fees;
• revenue share;
• percentage of gross gaming revenue;
• percentage of net gaming revenue;
• transaction-based fees;
• support and maintenance charges.

Tax issues may include:

• income tax;
• value-added tax or percentage tax;
• withholding tax;
• documentary tax implications;
• local business tax;
• tax treatment of revenue share;
• cross-border withholding;
• transfer pricing;
• tax treaty relief;
• invoicing and receipting;
• accounting for bonuses, jackpots, refunds, chargebacks, and promotional credits.

Gaming revenue calculations must be clear and auditable. Ambiguous revenue share definitions often cause disputes.

---

XXX. Local Government Permits

Depending on the business location and activity, a company may need:

• mayor’s permit;
• barangay clearance;
• zoning clearance;
• business tax registration;
• occupancy permit;
• fire safety inspection certificate;
• signage permit;
• local clearances.

Even if the business is primarily digital, maintaining an office in the Philippines may trigger local permitting obligations.

---

XXXI. Employment and Immigration

A B2B aggregator operating in the Philippines may employ Filipino and foreign staff. It should comply with:

• Labor Code requirements;
• employment contracts;
• payroll registration;
• social security, health insurance, and housing fund contributions;
• occupational safety rules;
• work permits for foreign nationals;
• visas;
• tax withholding;
• confidentiality and IP assignment agreements;
• employee cybersecurity policies.

Key personnel in gaming, compliance, finance, IT security, and operations may be subject to regulatory scrutiny.

---

XXXII. Outsourcing and Subcontracting

The aggregator may outsource functions such as:

• cloud hosting;
• customer support tools;
• game development;
• testing;
• cybersecurity monitoring;
• payment integrations;
• data analytics;
• fraud detection;
• compliance screening.

However, regulated functions may require PAGCOR approval or disclosure. The licensee remains responsible for outsourced activities.

Outsourcing contracts should include:

• regulatory access rights;
• audit rights;
• confidentiality;
• data protection;
• security requirements;
• incident reporting;
• service levels;
• termination rights;
• prohibition on unauthorized subcontracting;
• compliance with Philippine law and PAGCOR directives.

---

XXXIII. Payment Processing Issues

A B2B aggregator should determine whether it handles funds. If it only provides game aggregation and does not touch player money, payment regulation risk may be lower. If it provides wallets, payment routing, settlement, cash-in/cash-out tools, or stored value features, additional legal issues arise.

Payment-related activities may require compliance with:

• central bank regulations;
• e-money rules;
• payment system rules;
• AML requirements;
• financial consumer protection rules;
• data security standards;
• bank and payment processor contractual rules.

A gaming aggregator should avoid unintentionally operating as a payment service provider without proper authority.

---

XXXIV. Advertising and Marketing Restrictions

A B2B aggregator generally should not market directly to players unless authorized. If it provides promotional materials, game names, banners, jackpots, demo games, or campaign tools to operators, it should ensure that such materials comply with:

• PAGCOR rules;
• responsible gaming standards;
• age restrictions;
• truth-in-advertising principles;
• prohibition on misleading promotions;
• jurisdictional restrictions;
• platform policies;
• intellectual property rights.

Marketing must not target minors, excluded persons, prohibited jurisdictions, or unlicensed markets.

---

XXXV. Prohibited Persons and Markets

The aggregator should design systems and contracts to prevent access by prohibited persons and prohibited jurisdictions.

Potentially restricted persons may include:

• minors;
• persons on exclusion lists;
• government officials or employees where prohibited;
• employees of gaming operators;
• persons located in prohibited jurisdictions;
• self-excluded players;
• persons barred by law or regulation.

The exact restriction depends on the license conditions and applicable law.

---

XXXVI. Regulatory Reporting

A licensed aggregator may be required to submit regular reports to PAGCOR or provide data to operators for regulatory reporting.

Reports may include:

• game transaction summaries;
• gross gaming revenue;
• net gaming revenue;
• jackpot contributions;
• player activity data, where applicable;
• incident reports;
• suspicious activity indicators;
• system downtime reports;
• game performance;
• list of active games;
• list of operators served;
• supplier changes;
• cybersecurity incidents;
• AML-related reports;
• responsible gaming reports;
• audit findings.

Reports should be accurate, complete, and submitted on time.

---

XXXVII. Recordkeeping

The aggregator should maintain records of:

• operator contracts;
• supplier contracts;
• game certifications;
• transaction logs;
• revenue computations;
• regulatory reports;
• incident reports;
• access logs;
• system changes;
• audit reports;
• AML records;
• privacy records;
• board approvals;
• financial statements;
• tax filings;
• employee access authorizations.

Records must be retained for the legally required period and made available to regulators when lawfully required.

---

XXXVIII. Audit and Inspection

PAGCOR may audit or inspect a licensed aggregator. Operators may also audit the aggregator under contract.

Audit areas may include:

• revenue calculation;
• game logs;
• system access;
• technical integrity;
• cybersecurity controls;
• incident handling;
• supplier approvals;
• data privacy compliance;
• AML cooperation;
• operator due diligence;
• financial records;
• tax records;
• compliance with license conditions.

The aggregator should maintain an audit-ready compliance system.

---

XXXIX. Change of Control and Material Changes

A licensed aggregator should not assume that it may freely change ownership, management, systems, or business model after licensing.

PAGCOR may require prior approval or notice for:

• change of shareholders;
• change of beneficial owners;
• change of directors or officers;
• merger or acquisition;
• transfer of license;
• addition of new game suppliers;
• addition of new operators;
• new domains or platforms;
• relocation of servers;
• change of hosting provider;
• change in business model;
• outsourcing of material functions;
• use of cryptocurrency or new payment rails;
• expansion to new jurisdictions.

Failure to report material changes may result in penalties.

---

XL. Grounds for Denial, Suspension, or Revocation

PAGCOR may deny, suspend, cancel, or refuse renewal of a license based on grounds such as:

• incomplete or false application;
• concealment of beneficial ownership;
• unsuitable shareholders or officers;
• criminal or regulatory history;
• financial incapacity;
• tax delinquency;
• AML violations;
• data privacy breaches;
• cybersecurity failures;
• dealing with unlicensed operators;
• offering unapproved games;
• failure to pay fees;
• failure to submit reports;
• obstruction of audit;
• fraudulent revenue reporting;
• violation of responsible gaming rules;
• unauthorized transfer of license;
• violation of Philippine law or public policy.

Gaming licensing depends heavily on trust, transparency, and continuous compliance.

---

XLI. Administrative Penalties

Administrative penalties may include:

• warning;
• fines;
• suspension;
• game suspension;
• system suspension;
• license cancellation;
• forfeiture of deposits;
• disqualification of officers;
• blacklisting;
• referral to law enforcement;
• denial of renewal;
• public notice of violation.

The penalty depends on the nature, severity, frequency, and consequences of the violation.

---

XLII. Criminal and Civil Exposure

Aside from administrative penalties, unlawful gaming-related conduct may create criminal or civil exposure.

Possible issues include:

• illegal gambling;
• fraud;
• money laundering;
• cybercrime;
• falsification;
• tax evasion;
• data privacy violations;
• breach of contract;
• unfair competition;
• intellectual property infringement;
• civil damages arising from system failures or unauthorized activity.

Responsible officers may be personally exposed in serious cases, especially where they participated in or knowingly allowed unlawful acts.

---

XLIII. Renewal of License

A PAGCOR B2B online gaming aggregator license is typically subject to renewal. Renewal may require:

• updated corporate documents;
• updated beneficial ownership disclosures;
• payment of renewal fees;
• proof of tax compliance;
• updated financial statements;
• updated technical certifications;
• compliance reports;
• no outstanding regulatory violations;
• updated AML and privacy policies;
• confirmation of active operators and suppliers;
• proof of continuing suitability.

Renewal should be prepared well before expiration. Operating after expiration may be treated as unauthorized activity.

---

XLIV. Compliance Program

A serious applicant should establish a compliance program before applying.

A good compliance program includes:

1. board oversight;
2. compliance officer;
3. AML officer, where appropriate;
4. data protection officer;
5. information security officer;
6. written policies;
7. employee training;
8. vendor due diligence;
9. operator due diligence;
10. incident reporting process;
11. regulatory calendar;
12. internal audit;
13. whistleblowing mechanism;
14. disciplinary procedures;
15. document retention;
16. regulatory liaison process.

Gaming compliance should be operational, not merely documentary.

---

XLV. Internal Policies Needed

The applicant should prepare policies such as:

• regulatory compliance manual;
• AML/CTF policy;
• sanctions policy;
• operator onboarding policy;
• supplier due diligence policy;
• responsible gaming policy;
• data privacy manual;
• cybersecurity policy;
• acceptable use policy;
• access control policy;
• incident response plan;
• business continuity plan;
• disaster recovery plan;
• change management policy;
• audit policy;
• anti-bribery and corruption policy;
• conflict of interest policy;
• records retention policy;
• outsourcing policy.

These policies should match actual operations.

---

XLVI. Common Application Problems

Applicants often encounter problems such as:

1. unclear business model;
2. incomplete corporate documents;
3. undisclosed beneficial owners;
4. foreign documents not authenticated;
5. insufficient capitalization;
6. weak compliance policies;
7. untested platform;
8. uncertified games;
9. vague revenue model;
10. unlicensed suppliers;
11. unclear server locations;
12. weak AML procedures;
13. data privacy gaps;
14. reliance on unapproved subcontractors;
15. failure to distinguish B2B from B2C operations;
16. prior dealings with unlicensed operators;
17. inconsistent information across documents.

A well-prepared application anticipates these issues.

---

XLVII. Practical Application Checklist

A prospective applicant should prepare the following:

Corporate

• SEC registration documents;
• Articles and By-Laws;
• General Information Sheet;
• board resolution;
• secretary’s certificate;
• ownership chart;
• beneficial ownership chart;
• IDs and background documents of shareholders, directors, and officers.

Financial

• audited financial statements;
• bank certificate;
• proof of capitalization;
• source-of-funds documents;
• tax registration;
• tax clearances, where required;
• financial projections.

Technical

• system architecture;
• game list;
• supplier list;
• API documentation;
• platform demonstration;
• cybersecurity documents;
• testing certificates;
• RNG certificates;
• disaster recovery plan;
• data retention plan.

Compliance

• AML policy;
• responsible gaming policy;
• data privacy manual;
• incident response plan;
• regulatory reporting plan;
• operator due diligence policy;
• supplier due diligence policy;
• internal audit policy.

Contracts

• operator agreement template;
• supplier agreements;
• software license agreements;
• cloud hosting agreement;
• data processing agreement;
• service level agreement;
• confidentiality agreements.

Operational

• office address;
• local permits;
• staffing plan;
• organizational chart;
• compliance officer appointment;
• technical support plan;
• escalation matrix.

---

XLVIII. Sample Board Resolution Language

A board resolution for licensing may contain language such as:

RESOLVED, that the Corporation is authorized to apply for the appropriate PAGCOR license, accreditation, registration, or approval to operate as a B2B online gaming aggregator or service provider, subject to applicable laws, rules, regulations, and license conditions;

RESOLVED FURTHER, that [Name and Position] is authorized to sign, submit, execute, and deliver all applications, forms, undertakings, affidavits, contracts, declarations, and supporting documents required by PAGCOR and other government agencies;

RESOLVED FINALLY, that the Corporation undertakes to comply with all applicable regulatory, tax, anti-money laundering, data privacy, cybersecurity, responsible gaming, and reporting obligations.

---

XLIX. Sample Operator Agreement Compliance Clause

A B2B aggregator may include a clause such as:

The Operator represents and warrants that it holds and shall maintain all licenses, permits, approvals, and authorizations required to offer the games and services in the applicable jurisdiction. The Operator shall not use the Aggregator’s platform, games, software, APIs, or services for any unlawful, unlicensed, unauthorized, or prohibited gaming activity. The Aggregator may immediately suspend services if required by law, directed by PAGCOR, or if the Aggregator reasonably believes that continued service may violate applicable law, license conditions, responsible gaming requirements, anti-money laundering rules, data privacy obligations, or regulatory directives.

---

L. Sample Supplier Compliance Clause

A supplier agreement may include language such as:

The Supplier represents and warrants that it owns or has valid rights to license, distribute, and provide the games, software, content, trademarks, and related intellectual property supplied under this Agreement. The Supplier shall maintain all required certifications, approvals, technical documentation, and regulatory authorizations necessary for the lawful use of the games by the Aggregator and its licensed operator clients. The Supplier shall cooperate with all regulatory audits, technical reviews, investigations, takedown orders, and compliance requests issued by PAGCOR or any competent authority.

---

LI. Risk Areas Specific to B2B Aggregators

B2B aggregators face distinctive risks, including:

1. Operator risk The aggregator may be blamed for serving an operator that lacks authority.

2. Supplier risk A game studio may provide uncertified or unauthorized games.

3. System risk Errors in odds, payout, wallet, jackpot, or reporting systems may cause financial and regulatory exposure.

4. Data risk Aggregators may process large volumes of player-related data.

5. Revenue risk Incorrect GGR or NGR computations may affect taxes, fees, and revenue share.

6. Jurisdiction risk Operators may use the platform in prohibited markets.

7. AML risk Gaming transactions may be used to disguise illicit funds.

8. Cyber risk Hackers may target platform APIs, game servers, admin panels, or data stores.

9. Regulatory change risk Gaming regulations can change quickly, affecting licensing categories, allowed markets, fees, or business models.

---

LII. Best Practices Before Filing

Before applying, the applicant should:

• conduct a legal classification review;
• confirm whether B2B aggregator licensing is the correct category;
• prepare a detailed business model memo;
• clean up corporate ownership documents;
• identify all beneficial owners;
• conduct internal sanctions and adverse media screening;
• prepare technical certifications;
• test the platform;
• document server locations;
• prepare AML and privacy policies;
• review all supplier contracts;
• prepare operator agreement templates;
• create a regulatory compliance calendar;
• ensure tax registration is consistent with the business model;
• avoid dealing with unlicensed operators before approval.

---

LIII. Best Practices After Approval

After licensing, the company should:

• comply strictly with license conditions;
• maintain updated records;
• report material changes;
• renew on time;
• conduct regular technical audits;
• conduct supplier and operator reviews;
• update game certifications;
• monitor cybersecurity;
• train employees;
• document all regulatory communications;
• maintain AML and privacy logs;
• submit accurate reports;
• pay fees and taxes on time;
• avoid scope creep into unlicensed B2C activity.

---

LIV. Frequently Asked Questions

1. Is a B2B online gaming aggregator the same as an online casino operator?

No. A B2B aggregator generally provides technology, content, or platform services to licensed operators. It does not automatically have authority to accept bets directly from players.

2. Does a B2B aggregator need a PAGCOR license?

If the business provides online gaming-related services within PAGCOR-regulated activity, a license, accreditation, approval, or authorization may be required. The exact category depends on the business model.

3. Can a foreign company apply?

A foreign company may need to establish an appropriate Philippine presence or register to do business, depending on the structure and regulatory requirements. Ownership and licensing issues should be reviewed before application.

4. Can the aggregator serve foreign operators?

This depends on license scope, operator licensing, jurisdictional restrictions, and PAGCOR conditions. The aggregator should not serve unlicensed or prohibited operators.

5. Can the aggregator handle player funds?

Handling player funds may trigger additional regulatory, AML, payment, and financial compliance obligations. The license scope must expressly allow the activity.

6. Are games required to be certified?

Gaming content, RNG systems, and platform components may require testing or certification. Uncertified or unapproved games should not be offered.

7. Can a license be transferred?

Gaming licenses are generally personal to the licensee and cannot be transferred freely without regulatory approval.

8. What happens if ownership changes?

Material ownership or control changes may require notice or prior approval from PAGCOR.

9. Are data privacy rules relevant if the aggregator is B2B?

Yes. A B2B aggregator may process player-related data, transaction logs, IP addresses, device IDs, and other personal information.

10. Can the aggregator advertise games to players?

Not unless authorized. A B2B aggregator should avoid direct public-facing gaming promotion unless its license permits it.

---

LV. Conclusion

A PAGCOR B2B Online Gaming Aggregator License Application is not a simple business registration. It is a regulated gaming application requiring corporate transparency, beneficial ownership disclosure, financial capacity, technical integrity, cybersecurity readiness, AML controls, data privacy compliance, responsible gaming support, and continuing regulatory accountability.

A B2B aggregator must clearly define its role. It must avoid acting as a B2C operator unless separately authorized. It must deal only with licensed operators, provide only approved games or services, maintain auditable systems, protect data, support regulatory reporting, and comply with all license conditions.

The most successful applications are those that present a complete and coherent package: a lawful corporate structure, clear business model, suitable owners and officers, tested technology, certified games, strong contracts, credible compliance policies, and readiness for ongoing PAGCOR supervision.