Security and Surveillance Controls
Relevant Standard(s): 1.2
Application: All Sectors
Will the AGCO accept security and surveillance controls that do not necessarily require prior AGCO approval before their implementation?
Under the standards-based model, the AGCO will not be approving controls. The AGCO will undertake a number of activities, such as reviewing independent third-party audits/ attestations and performing regulatory assurance activities at gaming sites, to ensure that the security and surveillance control activities at gaming sites are appropriate, effective and achieving the desired regulatory outcomes.
In order to guide the development and implementation of the security and surveillance control environment, the Registrar has articulated his expectations in the Introduction of the Registrar’s Standards. The AGCO will also provide interpretations and guidance as and when requested as the controls are being developed.
Lastly, though the AGCO will not be reviewing control activities, there is a requirement to have an additional process in place to periodically review the control activities for effectiveness going forward.
Relevant Standard Excerpt(s):
1.2 Formal control activities shall be submitted to the Registrar which have been assessed by an independent oversight function acceptable to the Registrar for alignment with the Standards and Requirements and authorized by the appropriate level of management.
Requirements – At a minimum:
- A process shall be in place to periodically review control activities for effectiveness in fulfilling the Standards and Requirements and to document, remedy and adjust the controls where deficiencies or gaps are found.
- Substantial changes to the control environment shall be communicated to the Registrar in a timely manner.
- Control activities must be available to the AGCO (or its designate) for regulatory assurance purposes.
Guidance: Independent oversight may be exercised by an internal audit body and/or external auditor, as considered appropriate by the Operator or gaming-related supplier and as acceptable to the Registrar. The Registrar recognizes that oversight practices may vary by Operator / gaming- related supplier depending on their size, ownership structure, scope and complexity of operations, corporate strategy and risk profile. Whatever the case, the independent oversight function should be responsible for auditing the organization’s compliance management framework, identifying, managing and reporting on risks the organization is or might be exposed to and exercising oversight that is independent from operational management. It should also have direct and unrestricted access to the Board.
This interpretation is provided for informational purposes only and does not constitute legal advice. The interpretation relates to a specific set of circumstances and the standards, laws and regulations in force at the time the interpretation was issued; however, it is not an exhaustive or definitive interpretation of the standard(s) referenced herein.
The AGCO has established the Standards Interpretation Protocol, which acts as a single point of contact for inquiries from the gaming industry related to the interpretation of the Standards. For more information, please contact the AGCO’s Customer Service Department at 416 326-8700 (in the GTA) or 1 800 522-2876 (toll free in Ontario).