CasinoCityTimes.com

Home
Gaming Strategy
Featured Stories
News
Newsletter
Legal News Financial News Casino Opening and Remodeling News Gaming Industry Executives Author Home Author Archives Search Articles Subscribe
Newsletter Signup
Stay informed with the
NEW Casino City Times newsletter!
Recent Articles
Steve Toneguzzo
 

Protect Your License - Regulated Risk Management

15 October 2001

Regulated Risk Management

There are many risks associated with gambling regulation (social, financial, political, technical, operational, and so on), and a well-structured system of regulation seeks to identify and set down guidelines to mitigate the risk but not be so restrictive as to suffocate the business.

As an example, the fact that an operator is of good probity, says nothing for its track record in Internet gambling operations and technology, its knowledge of the risks, its safety from internal or external attacks, the integrity or privacy of the data, its protection from the suppliers of the systems, or from "back doors" in programs, its consumer protection programs and so on.

Direction on risk mitigation is an important consideration as Internet gambling is a relatively new field. A good regulatory framework sets down the basis of a specification that an operator (licensee) may consider in the mitigation of its risk and thereby remove much of the guess work.

The regulatory framework is intended to mitigate known risks, which are of concern to the regulator and should generally be of concern to any business. Are the games fair? Is the site secure? Is the player's privacy protected? And so on.

An operator (licensee) makes a claim as to how each of the risks identified in the framework is addressed. An independent third party assesses those claims and reports on compliance to the regulator. The regulator may grant exemptions to the licensee where the licensee can demonstrate it has considered the risk and the risk either does not apply, there is a compensating control, or the cost of compliance exceeds the cost of risk mitigation. In all instances due diligence is demonstrable.

To specify broad policy principals leaves the entire regulatory process open to being a very subjective one, inconsistently applied between operators, with an inability to demonstrate due diligence in regulatory processes.

The licensee may well be prepared to take this risk on the basis of a commercial decision, but the regulator may not be prepared to accept such an exposure nor to subject its players to it. In the absence of a well defined set of requirements the regulator is placing itself at the mercy of the decisions made by its licensees without the recourse of "breach of compliance" or "breach of reasonable care."

In a highly complex business system such as an Internet gambling operation, no one component stands in isolation and no one aspect of the business provides the solutions to mitigate business and regulatory risk. Some risks are mitigated through technology, others through procedures, others through insurance, and so on. Hence, the operator must make claims to the regulator on how they address risk (as set out in requirements), and the regulator obtains an independent assessment of compliance with the claims by a third party. However, at all times the business can suggest alternative approaches to mitigate the risk raised in the regulatory requirements documents.

The above is but a snap-shot of why the regulator must set down the key requirements for the operator to consider the risks, but so as not to suffocate business, allow the operator the opportunity to present the regulator with alternative solutions based on a sound risk assessment. Hence we introduce the term: "regulated risk."

Protect Your License - Regulated Risk Management is republished from iGamingNews.com.
Steve Toneguzzo
Steve Toneguzzo