Digital Compliance Standards in US Casinos

17 February 2023
Knowledge Base

by Eva Skornicka

Despite their reputation, gaming companies have to follow regulations that are stricter than nearly any other industry, and it’s up to programmers to ensure compliance. Most companies think of compliance and IT as completely separate departments within their companies, whose members only meet when a laptop crashes or when there’s a birthday party for Melody from HR. But the reality is that IT — especially IT development — has to work hand in hand with compliance in order for a company to be fully compliant in many cases. 

Let’s take one industry example: gambling. Partially as a result of its not-so-sterling beginnings, the gambling industry has taken great pains to make sure that it does everything possible to ensure games are fair and random, and that everything — and everyone — follows the rules precisely. Today, the US gaming industry (as in Caesars, not Candy Crush) is arguably the most tightly regulated industry in the country —  even exceeding banking and healthcare. 

Within the gaming world, here are just a few of the things software developers have to look at in terms of compliance. To obtain a gaming license, an executive must pass background checks way beyond criminal screenings, and include references and bank transactions going back many years. Gaming license applications often include hundreds or even thousands of pages of background material and take months to complete.

Casinos must also simultaneously follow several standards of operational compliance, including most that apply to banks. The first big one for casinos is Title 31, which focuses on money laundering. But even the most unglamorous aspect of casino life can fall under compliance: software updates.

Gaming compliance triggers when any update interacts with the “core gaming area.” Let’s talk about a slot-machine jackpot: There are systems that allow staff to electronically monitor jackpots. That system pools data from slot machines and presents it to a slot attendant’s handheld device. Up to this point, it’s unregulated. But the minute you want your tablet to tell the system a jackpot has been paid and should be closed out? That’s a regulated system.

Any gaming company must know whether the system it wants to modify is regulated and then get that code recertified. You have to turn all your core-gaming-related code over, along with relevant hardware.

Because recertification takes time and money, programmers face a balancing act: They have to hand over enough relevant code to abide by gaming regulations. But if they overdo it, the process will drag on longer, costing the casino more money. 

Because of this, casinos don’t enjoy the benefits of those constant software updates most of us are so used to nowadays. Instead, a typical casino updates its core gaming software once a year at best — an age by tech standards. Clean code is critical, because you can’t just go in and fix bugs after getting your recertification — that would require starting the whole recertification process all over again.

So a casino programmer needs to a) know the regulations, b) do it in a way that requires the least amount of recertification, and c) think long-term about how modifications will interact with other casino systems till the next update. 

In other words, you may find your IT programmer is as essential to compliance as any actual member of your compliance department.

The author, Iwona “Eva” Skornicka, is VP of account management at Plan A Technologies; CAMS certified and co-author of ACAMS Study Guide for compliance professionals worldwide.

  • Maneesh Singh

    I’m grateful for stumbling upon this post. It was an engaging read and I truly appreciated it.

Leave a Reply

Your email address will not be published. Required fields are marked *