Management Integrity
1.1 There shall be a commitment to character, integrity and high ethical values demonstrated through attitude and actions.
Requirements – At a minimum:
- Matters identified in management letters from internal and external auditors and matters identified by the Registrar shall be responded to in a timely manner.
- All applicable laws and regulations shall be adhered to.
- Operators and gaming-related suppliers shall create and abide by a code of conduct which addresses at a minimum conflicts of interest and transparency in dealings with the Registrar. The code of conduct must be regularly reviewed by the organization’s senior management.
Sound Control Environment
1.2 Formal control activities shall be submitted to the Registrar which have been assessed by an independent oversight function acceptable to the Registrar for alignment with the Standards and Requirements and authorized by the appropriate level of management.
Requirements – At a minimum:
- A process shall be in place to periodically review control activities for effectiveness in fulfilling the Standards and Requirements and to document, remedy and adjust the controls where deficiencies or gaps are found.
- Substantial changes to the control environment shall be communicated to the Registrar in a timely manner.
- Control activities must be available to the AGCO (or its designate) for regulatory assurance purposes.
1.3 Operators and gaming-related suppliers shall comply with their control activities and shall have in place measures to monitor compliance and to address failures to comply.
1.4 Employees shall comply with the control activities established by their employer to achieve the Standards and Requirements.
1.5 Operators and gaming-related suppliers are accountable for compliance with control activities by employees and those providing goods and service to operators and gaming-related suppliers, and should have in place measures to monitor compliance and to address failures to comply.
1.6 Employees shall inform their employer if control activities are ineffective in achieving compliance with the Standards and Requirements.
1.7 Management overrides of the control activities shall be clearly documented and communicated to the Registrar.
Requirements – At a minimum:
- Approval from at least two senior-level managers is required in order to override any control activity, and in each instance the override shall be reported to the Board or other governance structure where a Board does not exist.
Guidance: The intent of this Standard is to allow senior-level management to override controls on a one-off basis in necessary circumstances and to ensure that appropriate documentation is maintained for auditing purposes. This Standard is not intended to address permanent changes to the control environment.
1.8 Operators must establish, implement and maintain controls to support preparation of financial reports which comply with all applicable accounting standards and rules and good practices.
1.9 Employees must have the competence, skills, experience and training required to execute control activities that are relevant to their responsibilities.
Requirements – At a minimum:
- Employees involved in performing control activities must be trained and have knowledge of the organization’s control environment, the regulatory risks that the controls are designed to mitigate and the regulatory objectives reflected in the Standards and Requirements.
1.10 Organizational structures shall be designed to promote a sound control environment and proper segregation of duties to ensure that the possibility for collusion or unauthorized or illegal activities is minimized.
Requirements – At a minimum:
- Employees shall be given the appropriate and documented authority and responsibility to carry out their job functions, subject to supervision.
- The adequacy of segregation of duties as they relate to player protection, game integrity and protection of assets shall be regularly reviewed by the organization’s internal audit group or other independent oversight function acceptable to the Registrar.
- Operators must provide the Registrar with an organizational chart showing key reporting lines and relationships and shall ensure that it remains up to date.
1.11 Management clearly understands its accountability and authority for the control environment.
Requirements – At a minimum:
- Management shall have been trained and have knowledge of the organization’s control environment, the regulatory risks that the controls are designed to mitigate and the regulatory objectives reflected in the Standards and Requirements.
1.12 Information, including logs, related to compliance with the law, the Standards and Requirements and/or adherence with control activities shall be retained for a minimum of three (3) years, unless otherwise stated.
1.13 All surveillance recordings shall be retained for a minimum period as specified by the Registrar.