CERTI Fl ED SEMINAR INSTITUTE COMMISSIONER CERTIFICATION TRAINING LEVEL Ill September 17-19 , 2019 Mohegan Sun, Uncasville, CT
NIGA Seminar Institute Commissioner Certification Training Level III AGENDA September 17-19 Mohegan Sun, Uncasville, CT
Tuesday, September 1 7 Breakfast to be provided
8:00 AM 9:00 AM
Effective Regulation of Gaming Elizabeth Homer, Homer Law CHTD
9:00 AM 10:30 AM
10:30 AM 10:45 AM
Hearing and Appeals Elizabeth Homer, Homer Law CHTD
10:45 AM 12:30 PM
12:30 PM 2:00 PM
2:00 PM 3:15 PM
Employment Issues for Gaming Regulators
Network Risk Assessment Peter Nikiper, BMM Test Labs Wednesday, September 18
3:30 PM 5:00 PM
8:00 AM 9:00 AM
Breakfast to be provide d
Conflict Management Elizabeth Homer, Homer Law CHTD
9:00 AM 10:30 AM
10:30 AM 10:45 AM
Title 31/OFAC Sheryl Ashley, CPA Gaming & MICS Compliance AUP Partner, Blue Bird CPA's
10:45 AM 12:30 PM
12:30 PM 2:00 PM
Managing a Tribal Gaming Regulatory Agency Billy David, Be-Co-Pa & Associates
2:00 PM 3:15 PM
Avoiding and Detecting Fraud: Active Investigation & Forensic Audits Sheryl Ashley, CPA Gaming & MICS Compliance AUP Partner, Blue Bird CPA's Thursday, September 19
3:30 PM 5:00 PM
8:00 AM 9:00 AM
Breakfast to be provided
Surveillance Frauds, Threats & Vulnerabilities, PT 1 Billy David, Be-Co-Pa & Associates
9:00 AM 10:30 AM
10:30 AM 10:45 AM
Surveillance Frauds, Threats & Vulnerabilities, PT 1 Billy David, Be-Co-Pa & Associates
10:45 AM 12:15 PM
Please plan to stay for the entire class on each day to get your certificate of completion. Please be on time for sessions
The Effective Regulation of Gaming
What is Regulation? • Regulation in the broadest sense may be defined as a government measure or intervention intended to direct, alter, or otherwise affect the behavior of individuals or groups to produce a socially desirable outcome, e.g.: • Require individuals to wear seatbelts to reduce driving related mortality rates • Require businesses to pay taxes monthly to improve the collection of tax revenue
What Purpose is Served by the Regulation of Tribal Gaming? Federal Perspective
Tribal Perspective • Realize fullest measure of tribal sovereignty • Improve the quality of life and standard of living of the tribal community • Take care of children, families, and elders • Achieve economic self-sufficiency • Create jobs and business opportunities • Provide quality health care • Provide adequate law enforcement • Provide adequate fire protection and suppression services • Protect tribal resources both human and natural • Preserve tribal identity and cultural existence for future generations
• Shield the Indian tribe from organized crime and other corrupting influences • Ensure that the Indian tribe is the prime beneficiary of the gaming operation • Assure that gaming is
conducted fairly and honestly by both the operator and players
I want to tell the Committee about a young Choctaw man, only 37 years old. He got sick and needed a new kidney, but they told him at the hospital it would cost $250,000 and they wouldn’t do it unless he could put up at least half of the money. When we heard about it, we gave him the money out of our gaming account. The trouble was that we didn’t get all the right approvals from the Tribal Council, so we went back to Council to get their approval of what we did. The Council listened and when we got through, you know what they did? They enacted an ordinance that authorized me to spend the gaming money anytime a tribal member needs a transplant. They said from now on, no Choctaw will ever again die for lack of money.
This is what the gaming means to us.
Testimony of a Tribal Leader before the House Resources Committee on NIGC’s proposed Class II regulations, February 20, 2008, Miami, Oklahoma..
How Does the Effective Regulation of Gaming Advance Tribal Goals? • Licensing screens out the people most likely to cheat and steal and keeps them out of tribal casinos and away from tribal cash • Internal Controls operate to ensure that casino managers and employees follow the procedures necessary to prevent fraud, theft & waste of tribal dollars • Monitoring serves to keep the staff honest • Auditing serves to keep management honest • Enforcement signals that the Tribe means business when it comes to safeguarding its assets • Regulations clarify the meaning of the statutory law and establish the standards of conduct that must be met • Hearing and Appeals ensure fairness and protect people from abuses of power
What Makes Regulation Effective? Regulatory Agency • Independence • Sound Organizational Structure • Proper Delegation of Authority • Adequate Funding • Proper Balance of Power • Oversight • Governmental Support of the Regulatory System Regulator • Understands the Law • Understands Role • Understands Scope of Authority • Ethical, Principled, & Fair • Possesses Sound Judgment • High Work Ethic • Good Management Skills • Good Interpersonal Skills
Regulatory Structure “Independence” An Independent Regulatory Agency is a governmental instrumentality created to interpret, implement, administer, monitor, and enforce statutory law within the limits of its delegated authority and to act and make decisions based on law and legal considerations ---
NOT POLITICAL CONSIDERATIONS
• Does not mean:
• “Separate and Apart From” • “Free of Constraints” • “Unaccountable for its Acts & Decisions” • It Means: • Reasonably Insulated from Political Interference with its Decision making Processes in the Implementation and Enforcement of Civil Regulatory Law.
Why is Independence Important? • To regulate effectively, the regulator must apply the law to facts on the basis of legal and regulatory policy considerations in much the same way as a judicial body operates, but for the purpose of achieving the regulatory objective: Enforcing Compliance with the Law
Independence • Regulatory bodies are responsible for making hard decisions that may be politically unpopular, e.g. • Denial of a gaming license to someone well- liked in the community • Imposition of a fine or sanction • Order to suspend use of or remove equipment
The Case for Independence • When politically unpopular decisions are made, those aggrieved by such decisions often resort to political tactics and seek to bring political pressure on the agency. • The principle of independence is intended to shield both political and regulator officials from these situations in order to ensure that regulatory objectives are not undermined by political considerations.
Regulatory v. Political Processes • The Enactment of Law is a Political Process • The Promulgation of Regulations is Largely Political in Nature, but • The Implementation and Enforcement of the Law is a Regulatory Process • Hence the Concept of Independence is much stronger in the Context of Implementation and Enforcement than in the Context of Rulemaking
How is the Framework Supposed to Work? • The Legislature Enacts the Law through the Political Process • Establishing the “Independent Regulatory Agency” • Specifying the Functions, Duties, and Responsibilities of the Agency • Delegating the Agency the Necessary Authority to Implement and Enforce the Law • Imposing Standards for Agency Conduct • Providing for Agency Oversight Agency Authority & Functions, Duties, and Responsibilities • Typically, an Independent Regulatory Agency is Delegated Broad Authority to: • Interpret & Implement the Law through the Promulgation of Regulations (Quasi-Legislative Power) • Monitor Compliance and Enforce the Law (Quasi-Executive Power) • Apply the Law to Facts to Determine whether the Law has been Offended and Assess Sanctions (Quasi-Judicial Power)
Making the Framework Work: Balance of Power Legislate + Execute + Adjudicate = “Basic Powers of Government” In the Constitution, the Framers Carefully Divided These Powers and Assigned them to the Three Branches of Government WHY?
Why??? • To Provide a Strong Governmental Structure with Proper Checks & Balances • To Secure the Basic Rights and Fundamental Freedoms of the Citizenry Guaranteed by the Constitution • To Constrain Governmental Power • To Prevent Governmental Abuses of Power • To Ensure Fundamental Fairness and Due Process of Law
How are these Objectives Achieved in Relation to Regulatory Agencies? • Regulatory Agencies may Possess Broad Powers, but they are Limited in Nature • A Regulatory Agency may not Act so as to Exceed the Scope of its Delegated Authority • Standards are Applied: An Agency is Prohibited from Acting in an Arbitrary & Capricious Manner • Agencies must Faithfully Interpret and Apply the Law as Intended by the Legislature. • Agency Actions & Decisions are Subject to Political and Judicial Oversight
Effective Regulatory Structure
• May be Achieved through Various Organizational Models Structured to Meet the Particularly Structure of the Governmental Entity Creating the Agency • Structures may have Varying Degrees of Complexity from Basic to Complex • Structure of the Agency will Depend on the Organizational Components Necessary
Citizenry (Electoral Process)
Legislature Legislates Confirms Executive Appointments
Judiciary Judicial Oversight
Regulatory Agency Legislative, Executive, Judicial
Tribal Governing Body
Tribal Gaming Commission Rulemaking Hearings & Appeals
Office of Tribal Gaming Compliance Day-to-Day Regulatory Activities
Tribal Gaming Enterprise
Gaming Commission Commissioner or Commissioners
Audit & Enforcement Division
Office of Hearings And Appeals
Gaming Commission Commissioner or Commissioners
Hearings & Appeals
Employee Licenses Vendor Licenses Facility Licenses Background Investigations
Gaming Machines MICS: Operational Special Investigations IT
Internal Audits Title 31 MICS: Accounting
All Models Can Be Effective • The Key to Effective Regulation is not in a Particular Organizational Framework • The Key to Effective Regulation is Selecting the Right Framework in terms of: • The Overall Institutional Structure of the Tribal Government; • The Size and Scope of the Regulated Activity; • Available Resources; and • An Unwavering Commitment to the Framework and Making it Work by Everyone within the System. Commitment to the System • Even if a Government has Adopted an Excellent Gaming Ordinance Establishing a Well-Funded, State-of-the-Art Regulatory Structure with Clearly Defined Authority, Powers, Responsibilities, and Functions, there is NO Guarantee that the Agency will be Effective • A Regulatory Agency Cannot Be Effective without the Trust and Support of the Government that Created it.
The Importance of Oversight • Governmental Support and Trust are Prerequisites to Effective Regulatory Agencies • It is Antithetical to Human Nature, however, to Place a High Degree of Trust in an Entity that Possesses Tremendous Power over which one has Limited Capacity to Control, Particularly where the Entity has the Power to Affect the Financial Health of one’s Most Valuable Asset
Effective Oversight is Essential to Accountability • The Most Effective Check Against Agency Abuses of Power is Oversight because it Operates to Effect Accountability • If Accountability Measures are Built Into the Regulatory Framework, it is much Easier to Place One’s Trust in the Agency
• The Statute Provides for: • Clearly Defined Agency Roles & Responsibilities • Clear Delegation of Powers • Due Process of Law • Qualified Appointees & Staff • Standards to Guide Conduct & Decisionmaking Judicial Oversight • Appropriate Political Oversight
Principles for Oversight • No Person should ever be the Ultimate Arbiter of his or her Own Decisions • Political Processes are not Appropriate for Handling or Reviewing Civil or Criminal Law Enforcement Actions and Decisions in particular cases or matters because Political Processes Entail Political Considerations which are Inappropriate in the Context of the Application of the Law to a Particular Set of Facts • Judicial Bodies are the Appropriate Entities for Providing Oversight in the Context of Agency Action & Decisionmaking as the Interpretation of Law and the Application of the Law to Particular Facts is a Judicial Function
Principles of Oversight • Decision Makers Make Better Decisions when they Understand that the Decision is Subject to Judicial Review • Judicial Review Serves as an Important Check Against Abuses of Power • Judicial Review Serves to Ensure the Proper Interpretation and Application of the Law • Judicial Review Serves as a Check Against Error, Bias, Poor Judgment in Decisionmaking, Misapplication of Law, and Misconduct • The Assurance of Due Process Increases Public Confidence in the Government and its Processes
To Trust and Support… • Improves Regulatory Effectiveness • Strengthens the Regulatory Framework • Advances Statutory Objectives • Decreases the Potential for Conflict and Power Struggles • Encourages Sound Decisionmaking
• Advances the Tribal Interest • Increases Political Stability • Represents Half of the Equation
The Effective Regulator • Inspires Trust and Confidence in the Regulatory Process • Understands his or her Responsibilities, Duties, Obligations as well as the Agency’s Functions under the Law • Acts within the Scope of Authority Delegated • Fairly and Objectively Applies the Law • Exercises Good Judgment • Is Ethical, Reasonable, and Fair • Has a High Work Ethic • Exercises Discretion • Ensures that Subordinates are held to the Same Standards of Conduct
Primary Goal of the Regulator
• To Effect Compliance • With the Law Through • Fair and Reasonable Regulation • In Order to Ensure the Integrity of the
Regulated Industry without stifling its growth & profitability so as to • Foster Public Confidence and Achieve • All Regulatory Objectives
The Hearing Process
The Nature of a Hearing
l Foremost, an agency must determine: u The nature of the proceeding u The requisite degree of formality applicable to the proceeding u The authority of the agency to conduct the proceeding l How are these determination made?
SEE THE GAMING ORDINANCE
The authority of an agency to act is statutorily delegated An agency possesses only such authority as has been delegated to it and no more So long as the authority to conduct hearings is delegated, an agency may establish by rule or regulation, the procedures governing the hearing process
An agency ’ s hearing procedures must be consistent with provisions of the gaming ordinance Any substantive provisions contained in the ordinance must be included in the agency ’ s rules/regulations governing the hearing process Agency rules and regulations cannot grant an agency powers it does not possess nor “ correct ” statutory “ defects ”
Types of Hearings
l Evidentiary l Adjudicatory l Appellate
An evidentiary hearing is not an adjudication It is an investigatory tool – in that may be used to determine whether additional steps are warranted given the availability of competent evidence In criminal law, examples of evidentiary hearings include: Preliminary Hearing Grand Jury
l In the context of civil law, an evidentiary hearing may be used as a means of determining whether to proceed with additional investigation or whether to proceed with an enforcement action l Such proceedings are basically a formalized procedure for “ fact finding ”
Why might an agency choose to conduct an evidentiary hearing? Where there are allegations of a serious violation(s) of law, but the evidence is weak and/or of questionable reliability Evidentiary hearings are not common in the civil law context, but may be useful where serious allegations come from sources outside the agency rather than through the agency ’ s own investigation
Are much more common types of hearings in the context of regulatory agencies An adjudication is simply a decision based on the application of the law to the facts in a specific matter as adduced upon hearing An adjudication upon hearing typically results in a decision of the matter in the first instance Common TGRA adjudications include license denials/suspensions, proceedings related to enforcement actions, prize claims and other patron complaints, for example
l May be formal or informal l Result in an action or decision of the agency l Are typically subject to appeal l Look to the gaming ordinance for guidance
l An appellate hearing is a type of proceeding that reviews actions or decisions made by persons or entities and subject to appeal. l The decision of a licensing official, for example, my be subject to appeal to a gaming commissioner or a gaming commission
l Whether the proceeding is an adjudication or an appeal of an adjudication – the proceeding must provide for DUE PROCESS OF LAW.
Due Process of Law
The exercise of governmental power within settled principles of law conducted in such a way so as to safeguard the rights of the individual.
Substantive Due Process Law must be: Reasonable
Not be “ arbitrary or capricious ” “ Rationally related ” to the object sought
Procedural Due Process
l Notice l Opportunity to be Heard
l Date, Time, and Location of Hearing l Facts Asserted l Applicable Law l Sufficiency of Information Concerning Right of Appeal
Authority of Tribunal l Burden of Proof Duty to Establish Facts l Evidence Species of Proof including testimony, records, exhibits, documents, objects, etc.) l Standard of Review Principle governing judicial oversight of a subordinate decision maker
Jurisdiction of TGRAs
l Licensing Appeals l Patron Dispute Appeals l Enforcement Appeals l Classification Determinations l Employee Disputes
Rights of Parties at Hearing
Fair opportunity to respond and present evidence. Right to appear and/or be represented by counsel Right to hear evidence against appellant Right to inspect evidence Right to call witnesses Right to cross-examine witnesses against appellant Right to present other evidence (documents, letters, etc.)
l Use of Subpoenas l Methods u Witness Interviews u Depositions
u Interrogatories l What discovery is available to appellant? u See Ordinance or Regulations
Evidentiary Rules What kind of evidence should be admitted? Relevant Competent Material What kind of evidence should be denied? Irrelevant Immaterial Duplicative Incompetent
Other considerations with regard to admissibility of Evidence
l Recognized privileges u Attorney/client privilege u Doctor/patient privilege u Clergy l Use of Experts l Stipulation of Facts
l Formal rules of evidence are not common in administrative proceedings l Administrative Hearing Officers are typically more lenient in determining admissibility and relevance than courts l Look to gaming ordinance and/or regulations to determine evidentiary issues.
Hearings l Degree of formality u Formal u Informal u Oral
u Written l Type of Record (Transcripts, voice recording, minutes l Objections l Oath
The Record l Pleadings, motions, intermediate rulings; l Evidence received and considered; l A statement of matters officially noticed; l Questions and offers of proof, objections, and rulings thereon
Findings and Conclusions
l A written determination of the findings of fact and conclusion of law
In the Matter of the Gaming License of Jill Smythe
l Does the Commission have jurisdiction over this matter? l What informs this decision? u The Tribal Gaming Ordinance l What type of proceeding is this? u This is an appellate proceeding u A review of the decision of an agency official
Due Process Issues
l Is the notice effective? u Time, Date, Place of Hearing u Contains clear statement of facts asserted u References applicable law u Describes basis for decision l Was the notice properly served? u How is this determined? • See ordinance and/or regulations
What Witnesses are Needed?
What Facts Can these Witnesses Competently Provide?
What Issues Are Presented?
l Underpayment of Taxes l Failure to Disclose l Associations l Checking Account Irregularities
l What facts are important to these issues? l What laws govern these issues l Apply the law to the facts l Should the Commission sustain the decision of the licensing officials or reverse the decision? l Is any other recourse available?
Prepare Your Findings of Fact and Conclusions of Law
Jill Smythe, a tribal member, was initially employed by the Tribal Gaming Operation (TGO) in June of 2007 as a cage cashier. Her license was issued after a routine background investigation that revealed no negative information. Since then she has been promoted twice and now serves as the count room supervisor. Her employment record has been excellent. All of her annual performance appraisals have been outstanding and she was selected for the “employee of the month” award on four occasions. Two years ago she received the “employee of the year” award. Shortly after being hired, Jill met Larry, a limousine driver, at the casino. They dated for a couple of years before getting married in the fall of 2009. About two years ago Jill and Larry began experience some difficulty in their marriage and formally separated in April of 2014, but have not instituted divorce proceedings. It is rumored that Jill and Larry are attempting to reconcile. When Jill’s license came up for renewal, the Commission instituted a routine background check. It revealed that Jill and Larry’s joint tax return for 2013 had been audited. The audit resulted in a large penalty assessment for underpayment of taxes. The investigation also revealed that Larry had been charged with writing bad checks on the couple’s joint account, but the cases were still pending in district court. Concerned, the Commission investigator ran a Lexis search on both Jill and Larry, and learned that in 2006 Larry had been a government witness in a federal racketeering case against John Williams, a notorious St. Louis mobster. Though Larry was never charged, newspaper accounts alleged that Larry, who had worked for Williams as an accountant for several years, was granted immunity in exchange for his testimony. Williams was convicted of federal racketeering, tax evasion, and money laundering charges. He remains incarcerated. On the renewal application, Jill disclosed that the couple had been required to pay a penalty to the IRS, but no details were provided. The application contained no information about the pending charges against Larry or his close association with Williams. The Tribal gaming investigator recommended non-renewal based on the omission of information on the application and her association with Larry. The recommendation was accepted by the Licensing Director. Jill has been suspended from work pending the outcome of her appeal to the Tribal Gaming Commission.
APPLICABLE PROVISIONS OF TRIBAL GAMING ORDINANCE
3.2 No person may be employed by the Tribal Gaming Operation as a key employee or primary management official without a valid and current gaming license from the Tribal Gaming Commission, which shall only issue such license upon a finding of suitability following a full investigation into the background of the applicant. 3.3 Any person whose prior activities, criminal record, reputation, habits and/or associations pose a threat to the public interest or to the effective regulation of gaming, or creates or enhances dangers of unsuitable, unfair, or illegal practices and methods and activities in the conduct of gaming, shall be deemed unsuitable for employment in the Tribal Gaming Operation. 3.4 For the purposes of this section, the following definitions apply: 1. Key employee means a person who performs one or more of the following functions: (1) Bingo caller; (2) Counting room supervisor (3) Chief of security; (4) Custodian of gaming supplies or cash; (5) Floor manager; (6) Pit boss; (7) Dealer; (8) Croupier; (9) Approver of credit; or (10) Custodian of gambling devices including persons with access to cash and accounting records within such devices; (11) Any other person whose total cash compensation is in excess of $50,000 per year; or the four most highly compensated persons in the gaming operation. 2. Primary management official means: (a) The person having management responsibility for a management contract; (b) Any person who has authority: (1) To hire and fire employees; or (2) To set up working policy for the gaming operation; or (c) The chief financial officer or other person who has financial management responsibility.
The Tribal Gaming Regulatory Agency Office of Licensing and Compliance
December 1, 2014
Jill Smythe 1313 Mockingbird Lane Anytown, Oklahoma 77777
Application for Renewal of Gaming License
Dear Ms. Smythe: The Director of Licensing and Compliance has completed its review of your application for renewal of your gaming license and hereby informs you that your application is denied based on a finding of unsuitability. Accordingly, you are not eligible for continued employment with the Tribal Gaming Operation. As you are aware, Tribal law requires that all tribal gaming licenses must be renewed every two (2) years. In the course of completing your background investigation for license renewal, the Commission discovered facts and circumstances that should have been disclosed on your application for renewal. Based on these facts, the Office of Licensing and Compliance finds that your financial history and associations creates or enhances dangers of unsuitable, unfair, or illegal practices and methods and activities in the conduct of gaming is inappropriate for employees of the Tribe’s gaming facility. You have the right to file an appeal with the Gaming Commission within the next 60 days. Should you fail to file a timely appeal, this decision shall be deemed final. The process for appealing the Gaming Commission’s denial of your license is attached. If you decide to appeal this Gaming Commission’s decision, you must follow those procedures specifically.
Stella Wright Director Enclosure
TRIBAL GAMING REGULATORY AGENCY SUITABILITY DETERMINATION
APPLICANT INFORMATION EMPLOYEE NAME: DATE OF BIRTH: TRIBAL AFFILIATION: SOCIAL SECURITY #:
Jill Smythe 12/25/76
Tribal Member 555-55-555
(X) ( )
PRIMARY MANAGEMENT OFFICAL
Count Room Supervisor
SYNOPSIS OF BACKGROUND INVESTIGATION CONDUCTED A routine background investigation of Jill Smythe was initiated pursuant to her application for renewal of her gaming license. The investigation included a criminal and credit history check and interviews with co- workers, friends, and family members. Since Ms. Smythe’s initial hire, she married Larry Smythe. During the investigation, I learned that Jill and Larry Smythe underpaid their income taxes for 2013 and they now owe the IRS approximately $30,000 in back taxes plus fines in the amount of $20,000. Additionally, I learned that Larry has been charged with writing bad checks on his joint account with Jill and the cases are now pending in district court. It was also discovered that in 2006 Larry was a government witness in a federal racketeering case against John Williams, a notorious St. Louis mobster. Though Larry was never charged, newspaper accounts alleged that Larry, who had worked for Williams as an accountant for several years, was granted immunity in exchange for his testimony. Williams was convicted of federal racketeering, tax evasion, and money laundering charges. He remains incarcerated. In relation to Jill Smythe, an FBI criminal history report was received and reviewed with the following findings: No arrest history No record of conviction SUITABILITY DETERMINATION Based upon the findings of background investigation and the confirmation of the applicant’s information and taking into consideration the applicant’s prior activities, criminal records (if any), reputation, habits and associations, it has been determined that the above named individual: ( ) Should be granted a gaming license (X) Should be denied renewal of a gaming license ( ) Should have gaming license revoked
________________________________________________ Stella Wright, Director of Licensing and Compliance
Tribal Gaming License Application Notice to Applicants
Authority Indian Gaming Regulatory Act, 25 U.S.C. 2701 et seq. and Tribal Gaming Ordinance and Regulations. Purpose To protect the tribe, employees, patrons, and public by ensuring that gaming activities are free from criminal activities and corruptive elements. The required information is used to determine the suitability of the applicant to be employed by or associated with the gaming activities. Burden of Proof An applicant is seeking the granting of a privilege. The burden of proving the applicant’s qualifications is at all times on the applicant. Disclosure of Information An applicant may be subject to denial or other action for failing to provide all information, documentation, and assurances as required or requested, or failing to reveal any material facts, or providing misleading or untrue information. The Tribal Gaming Agency reserves the right to request additional information at any time. Waiver or Claim for Damages An applicant accepts any risk of adverse reaction, financial loss, or public notice which may result from any action taken with respect to an application. By filing an application, an applicant expressly waives any claim for damages as a result of any action taken with respect to that application. Withdrawal of an Application An application may not be withdrawn without the permission of the Tribal Gaming Agency. Privacy Act Notice In compliance with the Privacy Act of 1974, the following information is provided: Solicitation of the information on this form is authorized by 25 U.S.C. 2701 et seq . The purpose of the requested information is to determine the eligibility of individuals to be employed in a gaming operation. The information will be used by the Tribal Gaming Agency and by National Indian
Gaming Commission members and staff who have need for the information in the performance of their official duties. The information may be disclosed to the appropriate federal, tribal, state, local, or foreign law enforcement and regulatory agencies when relevant to civil, criminal, or regulatory investigations or prosecutions, or when pursuant to a requirement by the Tribe or the National Indian Gaming Commission in connection with the hiring or firing of an employee, the issuance or revocation of a gaming operation. Failure to consent to the disclosures indicated in this notice will result in the Tribe’s being unable to hire you in a primary management official or key employee position, or other positions as determined by the Tribe. The disclosure of your Social Security Number (SSN) is voluntary. However, failure to supply a SSN may result in errors in processing your application. Notice Regarding False Statements In signing this application, I understand that a false statement on any part of the application may be grounds for not hiring me, or for firing me after I begin work. Also, I understand that I may be punished by fine or imprisonment. (U.S. Code, title 18, Section 1001) License Fees: The level of fees for issuance or renewal of a gaming license, and the payment of such fees, shall be in accordance with tribal regulations. Special Instructions • Complete each question. If not applicable, indicate so with “N/A” • Please type or print all answers. Do not use pencil. Failure to do so will cause delays and/or denial of your application. • If needed, attach additional documents or explanation sheets • Submit two current passport quality photographs. Ensure the photograph is a full facial view. Write your name and social security number on the back of each picture. Identification Requirements As part of your application, we will require that you provide positive proof of your identity; including one or more of the following official documents:
• Certification of birth; • Valid driver’s license; • State identification card; • Military identification card; • Valid passport; or • Alien registration card, if you are a registered alien.
TRIBAL GAMING COMMISSION Administrative Hearing __________________________________________________________________________ Appeal of Denial of Renewal of Gaming License FINDINGS OF FACT AND Jill Smythe, Petitioner CONCLUSIONS OF LAW ______________________________________________________________________________ FINDINGS OF FACT 1. Petitioner, Ms. Smythe, __________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ 2. _____________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ __________________________________________________________________________ 3. _____________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ __________________________________________________________________________
4. _____________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ __________________________________________________________________________ 5. _____________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ __________________________________________________________________________ 6. _____________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ __________________________________________________________________________ 7. _____________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ __________________________________________________________________________
CONCLUSIONS OF LAW Based upon the above Findings of Fact and the laws that apply to the requirements for a person to be eligible for a Happy Tribe Gaming License, the Happy Gaming Commission does hereby: ____(affirm/reverse)____ the finding that Petitioner, Jill Smythe, is suitable/unsuitable for a Gaming License on the following grounds: 1. _____________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ __________________________________________________________________________ 2. _____________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ __________________________________________________________________________ 3. _____________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ __________________________________________________________________________
4. _____________________________________________________________________ ___________________________________________________________________________
___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ ___________________________________________________________________________ __________________________________________________________________________
Based upon the above, the Tribal Gaming Commission hereby finds that Jill Smythe is ___(suitable/unsuitable)___to hold a gaming license, and therefore determines that her gaming license ___shall/shall not)____ be renewed.
This Decision is hereby Confirmed by:
Belt and Suspenders Cyber Security Risk Control and Transfer April 2017
BMM Testlabs BMM Testlabs is the longest established and most experienced private independent gaming certification lab in the world. BMM offers product compliance insight and engineering expertise for gaming regulators, manufacturers and operators.
Highlights: BMM Testlabs 30+ years BMM is the oldestgaming industry test lab in theworld BMMhas30+ years of dedicated testingexperience in the gaming industry BMMwas the first ISO-accreditedgaming test lab in the world BMMhasbeen testing server-based anddownloadable gaming systems since 1990 BMMwas selected to consult and subsequently test for the world’s largestgaming monitoring system of over 100,000 connected slots in over 3,000 locations BMM testsgaming devices and systems for the world’s top15 gaming equipment manufacturers worldwide
Cybersecurity – What’s the Risk? • In2014 theMcafee Center for Strategic and InternationalStudies estimated theglobal cost of cybercrimeat somewherebetween$375 billion and$575 billion annually. • In2015 aFireEyestudy found that 96% of the systems in their surveyhad beenbreached in someway. Of those breaches,27% wereclassified as “advanced malware.”75% of these systems were compromised in such away that therewas evidence of “command and control” communication, meaning theattackers wereable todirect the progressof their attack from outside byhaving some levelof control and feedback from internally breached systems.
Cybersecurity – What’s the Risk? • ThePentagonpublicly reports that it detects, onaverage, over 10 million cyber intrusion attemptsper day. • TheNational Nuclear Security Administration,part of the US Departmentof Energy, reportssimilar numbers. • The2013 databreachofTarget is estimated tohave cost the company $252 million. • The2014 databreachofHome Depot is estimated tohave cost the company $43 million.
Cybersecurity – What Would It Cost You? • PublicConfidence • Confidential Information / Intellectual Property • LostRevenue
Cybersecurity – What Is a “Cybercrime”? Generallydefined asany criminal activity wherea computer or network is theagentof the crime, the facility of a crime, or the targetofacrime. Examplesof cybercrime a casino or casino regulatormight be the targetof – • Acomputer virus installsa key logger.The logger capturesusernamesand passwordsused toaccess the systems. • A systemuser isvictimized by aphishing attack. In aphishing attack, the user isdirected to click a link that installs malicious software or todivulge information that could compromise the system.The attack is usually structured such that the victim thinkswhat theyaredoing is legitimately necessary.
Cybersecurity – What Is a “Cybercrime”? Examplesof cybercrime a casino or casino regulatormight be the targetof – • A“Denial ofService” attack is wherecybercriminals attempt to thwart theorganizations operations, forexample byoverloading servers. • Access to computing resources. Thegoal of a cyber attack may be toobtainmore computers from which toattack other computers.Or, critical computer systems maybe beprotected from the outside worldbut can beaccessed from publically available computers thatexist on the same network. • Theftof confidential information. Does your organization have any information that is not for public consumption?Would this information have value toyour competitors? Or couldyour organization be “blackmailed” toprevent the public release?MightB2B relationshipsbedamaged?
Cybersecurity – What Is a “Cybercrime”? Examplesof cybercrime a casino or casino regulatormight be the targetof – • Identity theft! Does your organization have individual’s data that could beused for identity theft? Do youkeep customer records in anelectronic format?How about licensee information?
Cybersecurity – How to Control Your Risk? The first step in reducingyour cybersecurity risk is understanding theways that youarevulnerable. • Yourownusers! • Misconfigured systems • Unpatchedvulnerabilities • “Zero-Day” threats
Cybersecurity – Insider Threats Wehave met the enemy andhe isus!
• Lackof awarenessof the risks. • Lackof training onprocedures. • BYOD! • Malicious insiders.
Cybersecurity – Insider Threats Manyusers simply donot understand the risk that cyber security presents.Whenyou don’tunderstand thenatureor degreeofvulnerability even intelligentpeople will make silly mistakes. • Badpasswords (SeeAshley Madison password list) • Vulnerable tophishing attacks • Vulnerable to social engineeringattacks
Cybersecurity – How to Control Your Risk? Password # of users using it (AM) 123456 120511 12345 48452 password 39448 123456789 26620 qwerty 20778 12345678 14172 abc123 10869 1234567 9468 ashley 8793 baseball 7710 111111 7048 1234567890 6572
Cybersecurity – Insider Threats Usersmay have anunderstanding of the risks, but lack training toaddress them. • Whatdoyoudo ifyou receive aphishing email? • What isa “badpassword”? • Howdoyou recognize social engineering?
Cybersecurity – Malicious Insiders In July of2015, Eddie Tipton,was convicted of manipulating the lottery selection process towina $14.3 milliondollar lottery jackpot. Eddie Tiptonwas the Information SecurityDirector at the time the crime wasperpetrated.Tiptonhas subsequently been chargedwith rigging other drawings,going all theway back to2005.
Cybersecurity – Misconfigured Systems Systemsmay be configured in sucha way that they arevulnerable. • Defaultpasswordsmay commonly be left unchanged. InFebuary of 2013, this resulted in hackers takingover the “EmergencyAlert System”and issuing a warning that “the bodies of the deadare rising from their graves andattacking the living.” Televisions stations inMontana,California, Michigan, New Mexico,andUtah wereall victimized by this. • Mass collections ofdefault passwordsare commonly available for download on the Internet. • Properconfiguration of firewalls isdifficult, butoften a critical component ofnetwork security.
Cybersecurity – Unpatched Vulnerabilities New vulnerabilities arediscoveredandaddressedon anongoing basis. However, there is often significant delaysbetween the releaseof apatchand thepatchbeing deployed. • Organizations may need to test that thepatchmay be safely deployed onproduction systems. • Organizations may have specified periods whereupdatesmay be performed.
Cybersecurity – Zero Day Vulnerabilities Cyber security researches arenotalways the firstones todiscover avulnerability. Some vulnerabilities arediscoveredafter theproblem has alreadyhappened or after thediscovery of the issue butbefore any resolution canbe created. • The “Heartbleed” SSL issue, whendiscovered,effected17% of the servers on the Internet.Within hoursof the vulnerability beingpublically known systemswerebeing attacked by exploiting it. • “Ransom-ware”virus have been spread through numerous zero-day vulnerabilities in AdobeFlash.
Cybersecurity – How to Reduce Risk? Given the extensive natureof the risk and the damage that canbe caused, how can youprotect yourself? • Educationprograms for users • Trainedstaff to maintain system security • Outsideexperts to perform independentanalysis ofyour IT infrastructureand internal controls • Risk transfer -insurance
Cybersecurity – User Education A2015 studyby Wombat Security and the AberdeenGroup estimated that cybersecurity risk couldbe quantitatively reducedby45% to 70% throughan effective user educationprogram. Effectiveenduser training is widely seenas bestpractice andanorganizations first lineof defense against cyber attack.
Cybersecurity – Internal Staff Internalexperts can be used to effectively monitor and address risk. 90%of Fortune750 companies now have aChief InformationSecurity Officer (CISO). This “C-Level” executive office is responsible for establishingand maintainingan organizations strategy andprograms to ensure information assets areadequately protected.
7Page 1 Page 2 Page 3 Page 4 Page 5 Page 6 Page 7 Page 8 Page 9 Page 10 Page 11 Page 12 Page 13 Page 14 Page 15 Page 16 Page 17 Page 18 Page 19 Page 20 Page 21 Page 22 Page 23 Page 24 Page 25 Page 26 Page 27 Page 28 Page 29 Page 30 Page 31 Page 32 Page 33 Page 34 Page 35 Page 36 Page 37 Page 38 Page 39 Page 40 Page 41 Page 42 Page 43 Page 44 Page 45 Page 46 Page 47 Page 48 Page 49 Page 50 Page 51 Page 52 Page 53 Page 54 Page 55 Page 56 Page 57 Page 58 Page 59 Page 60 Page 61 Page 62 Page 63 Page 64 Page 65 Page 66 Page 67 Page 68 Page 69 Page 70 Page 71 Page 72 Page 73 Page 74 Page 75 Page 76 Page 77 Page 78 Page 79 Page 80 Page 81 Page 82 Page 83 Page 84 Page 85 Page 86 Page 87 Page 88 Page 89 Page 90 Page 91 Page 92 Page 93 Page 94 Page 95 Page 96 Page 97 Page 98 Page 99 Page 100 Page 101 Page 102 Page 103 Page 104 Page 105 Page 106 Page 107 Page 108 Page 109 Page 110 Page 111 Page 112 Page 113 Page 114 Page 115 Page 116 Page 117 Page 118 Page 119 Page 120 Page 121 Page 122 Page 123 Page 124 Page 125 Page 126 Page 127 Page 128 Page 129 Page 130 Page 131 Page 132 Page 133 Page 134 Page 135 Page 136 Page 137 Page 138 Page 139 Page 140 Page 141 Page 142 Page 143 Page 144 Page 145 Page 146 Page 147 Page 148 Page 149 Page 150 Page 151 Page 152 Page 153 Page 154 Page 155 Page 156 Page 157 Page 158 Page 159 Page 160 Page 161 Page 162 Page 163 Page 164 Page 165 Page 166 Page 167 Page 168 Page 169 Page 170 Page 171 Page 172 Page 173 Page 174 Page 175 Page 176 Page 177 Page 178 Page 179 Page 180 Page 181 Page 182 Page 183 Page 184 Page 185 Page 186 Page 187 Page 188 Page 189 Page 190 Page 191 Page 192 Page 193 Page 194 Page 195 Page 196
Made with FlippingBook Online document