GAMING REGULATION What to consider when making the shift BY TERRY MCINALLY AND NAV SANDHAWALIA BUSINESSES TODAY are under constant pressure with expectations to manage more with fewer and fewer resources – this is no different for regulators in the gaming industry. Given this “more-with-less” climate, the new trend of shifting toward a riskbased regulatory compliance model has started to take hold across many industries – from banking and investment, to fisheries. The shift has now reached the gaming industry as Canadian regulators are starting to embrace the risk-based regulatory model to increase efficiencies, effectiveness of oversight, and improve regulatory outcomes. Regulators are realizing that risks can often be more effectively managed by focusing on outcomes and allowing operators autonomy when implementing efficient methods to meet regulatory requirements. Take for example, the task of keeping minors off of a casino gaming f loor. Historically, a regulator might specifically require a prescribed number of security guards at each entrance in order to comply with regulatory requirements. In the risk-based model, rather than dictating exactly how each casino should prevent minors from gaming, this approach would allow the casino operator reasonable f lexibility — whether it’s checking identification of every individual entering, adopting a blend of identification checking and facial recognition, or random identification spot checks — the regulator may subsequently be more or less rigorous with ongoing compliance activities, guided by a risk assessment of the casino operator’s chosen approach. As gaming regulators assess this approach, regulated entities need to think about how these changes will affect their business. Transitioning to a new 54 | Winter 2015/2016
or modified regulatory model is by no means an easy feat – it is without a doubt part art, and part science. MAKING THE TRANSITION
If you are a regulated entity and find yourself in a jurisdiction in which a risk-based regulatory compliance model has been implemented or is about to be implemented, consider three key points to help align your business with what is fast becoming the new normal: – Speak with your regulatory body and understand their future direction. Are they thinking of moving toward a more risk-based model? What is, or will be expected of you under the new approach? When are you expected to comply by? It can be difficult to meet requirements under a changed regime without, at least partially, discussing new/changed nuances with your regulator. A surveillance department, for instance, may want to understand the timing of reporting critical incidents vs. those non-critical incidents that can be batched and reported at intervals. A risk-based regulator may have varying processes, dependent upon the inherent risk of the incident.
Embrace and adapt – These changes will undoubtedly cause a ripple effect with substantial impact on other areas of your business. Be prepared to adapt processes where necessary and continually communicate with affected staff. Managing change will need to be an important focus. For example, a change in how and which incidents are communicated for a regulated Internet gaming entity may impact an incident manager in Europe, a technical resource in Asia, and a relationship
manager in Canada. Communicating and subsequently adopting the approach properly from the outset can be cumbersome, but will also be helpful to ensure success. Evaluate opportunities for efficiency – Above all, the risk-based regulatory compliance model, when properly adhered to, ca n help st rea mline operations and present areas for improved eff iciencies. Objectively evaluating each procedure might be a hassle in the short term, but may help your business operate more effectively in the long run. If previous prescriptive requirements mandated details of your internal controls, a risk-based model may provide f lexibility to rationalize and streamline these procedures across your organization. Remain open to considering how you meet regulatory requirements; a risk-based shift might be an opportunity to revamp your approach for the better. Many gaming regulators around the world are already embracing the move toward a more risk-based compliance model; this includes the Alcohol and Gaming Commission of Ontario. Regulated entities need to understand this shift is a big undertaking, but embracing the change and realizing the many benefits it can present will help your business adapt smoothly.
Terry McInally is a Partner with Richter a n d c a n b e r e a ch e d a t t m ci n a l l y@ richter.ca. Nav Sandhawalia is a Vice Pre si d e n t w i t h R i ch t e r an d c an b e reached at firstname.lastname@example.org. Richter is an audit, tax, and consulting firm with a dedicated gaming industry offering focusing on supporting regulators, operators, and the broader private sector.