1.05 A personnel security screening process shall be in place for any director or officer, and any employee, agent or consultant, at a level that is appropriate for the individual’s role in the organization. (Also applicable to Gaming-Related Suppliers)
1.06 Employees must have the competence, skills, experience and training required to execute control activities that are relevant to their responsibilities. (Also applicable to Gaming-Related Suppliers)
Requirements – At a minimum:
- Employees involved in performing control activities must be trained and have knowledge of the organization’s control environment, the regulatory risks that the controls are designed to mitigate, and the regulatory objectives reflected in the Standards and Requirements.
1.07 Organizational structures shall be designed to promote a sound control environment and proper segregation of duties to ensure that the possibility for collusion or unauthorized or illegal activities is minimized. (Also applicable to Gaming-Related Suppliers)
Requirements – At a minimum:
- Employees shall be given the appropriate and documented authority and responsibility to carry out their job functions, subject to supervision.
- The adequacy of segregation of duties as they relate to player protection, game integrity and protection of assets shall be regularly reviewed by the organization’s internal audit group or other independent oversight function acceptable to the Registrar.
- Operators must maintain an up to date organizational chart showing key reporting lines and relationships, and make it available to the Registrar upon request.
1.08 Management clearly understands its accountability and authority for the control environment. (Also applicable to Gaming-Related Suppliers)
Requirements – At a minimum:
1. Management shall have been trained and have knowledge of the organization’s control environment, the regulatory risks that the controls are designed to mitigate, and the regulatory objectives reflected in the Standards and Requirements.
1.09 Information, including logs, related to compliance with the law, the Standards and Requirements and/or adherence with control activities shall be retained for a minimum of three (3) years, unless otherwise stated. (Also applicable to Gaming-Related Suppliers)