RegsToday.com
A developing repository for regulatory professionals
 

     
 

Code of Federal Regulations

Get notified when this CFR part is updated:



Note:
— Current as of: 12/12/2013, Updated weekly.
— Enhanced with links to US Code, FR and CFR References where ever possible and more to come.
— You can embed the URL to this page in your documents to access the current CFR part.

— This consolidated CFR Part was last updated by Federal Register(FR) dated 10/25/2013 for §543.2; §543.17; §543.21; .

Table of Contents

§543.1 — What does this part cover? [ Last FR update*: 09/21/2012 ]


Authority: 25 U.S.C. 2702(2), 2706(b)(1-4), 2706(b)(10).

Source: 77 FR 58712, Sept. 21, 2012, unless otherwise noted.

This part establishes the minimum internal control standards for the conduct of Class II games on Indian lands as defined in 25 U.S.C. 2701 et seq.

The definitions in this section apply to all sections of this part unless otherwise noted.

Accountability. All financial instruments, receivables, and patron deposits constituting the total amount for which the bankroll custodian is responsible at a given time.

Agent. A person authorized by the gaming operation, as approved by the TGRA, to make decisions or perform assigned tasks or actions on behalf of the gaming operation.

Automated payout. Payment issued by a machine.

Cage. A secure work area within the gaming operation for cashiers, which may include a storage area for the gaming operation bankroll.

Cash equivalents. Documents, financial instruments other than cash, or anything else of representative value to which the gaming operation has assigned a monetary value. A cash equivalent includes, but is not limited to, tokens, chips, coupons, vouchers, payout slips and tickets, and other items to which a gaming operation has assigned an exchange value.

Cashless system. A system that performs cashless transactions and maintains records of those cashless transactions.

Cashless transaction. A movement of funds electronically from one component to another, such as to or from a patron deposit account.

Chair. The Chair of the National Indian Gaming Commission.

Class II gaming. Class II gaming has the same meaning as defined in 25 U.S.C. 2703(7)(A).

Class II gaming system. All components, whether or not technologic aids in electronic, computer, mechanical, or other technologic form, that function together to aid the play of one or more Class II games, including accounting functions mandated by these regulations or part 547 of this chapter.

Commission. The National Indian Gaming Commission, established by the Indian Gaming Regulatory Act, 25 U.S.C. 2701 et seq.

Complimentary services and items. Services and items provided to a patron at the discretion of an agent on behalf of the gaming operation or by a third party on behalf of the gaming operation. Services and items may include, but are not limited to, travel, lodging, food, beverages, or entertainment expenses.

Count. The act of counting and recording the drop and/or other funds. Also, the total funds counted for a particular game, player interface, shift, or other period.

Count room. A secured room where the count is performed in which the cash and cash equivalents are counted.

Coupon. A financial instrument of fixed wagering value, that can only be used to acquire non-cashable credits through interaction with a voucher system. This does not include instruments such as printed advertising material that cannot be validated directly by a voucher system.

Currency cassette. A compartment that contains a specified denomination of currency. Currency cassettes are inserted into kiosks, allowing them to dispense currency.

Dedicated camera. A video camera that continuously records a specific activity.

Drop box. A locked container in which cash or cash equivalents are placed at the time of a transaction, typically used in card games.

Drop proceeds. The total amount of financial instruments removed from drop boxes and financial instrument storage components.

Exception report. A listing of occurrences, transactions or items that fall outside a predetermined range of acceptability.

Financial instrument. Any tangible item of value tendered in Class II game play, including, but not limited to bills, coins, vouchers, and coupons.

Financial instrument storage component. Any component that stores financial instruments, such as a drop box, but typically used in connection with player interfaces.

Gaming promotion. Any promotional activity or award that requires game play as a condition of eligibility.

Generally Accepted Accounting Principles (GAAP). A widely accepted set of rules, conventions, standards, and procedures for reporting financial information, as established by the Financial Accounting Standards Board (FASB), including, but not limited to, the standards for casino accounting published by the American Institute of Certified Public Accountants (AICPA).

Generally Accepted Auditing Standards (GAAS). A widely accepted set of standards that provide a measure of audit quality and the objectives to be achieved in an audit, as established by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA).

Governmental Accounting Standards Board (GASB). Generally accepted accounting principles used by state and local governments.

Independent. The separation of functions to ensure that the agent or process monitoring, reviewing, or authorizing the controlled activity, function, or transaction is separate from the agents or process performing the controlled activity, function, or transaction.

Kiosk. A device capable of redeeming vouchers and/or wagering credits or initiating electronic transfers of money to or from a patron deposit account.

Lines of credit. The privilege granted by a gaming operation to a patron to:

(1) Defer payment of debt; or

(2) Incur debt and defer its payment under specific terms and conditions.

Manual payout. Any non-automated payout.

Marker. A document, signed by the patron, promising to repay credit issued by the gaming operation.

MICS. Minimum internal control standards in this part.

Network communication equipment. A device or collection of devices that controls data communication in a system including, but not limited to, cables, switches, hubs, routers, wireless access points, landline telephones and cellular telephones.

Patron. A person who is a customer or guest of the gaming operation and may interact with a Class II game. Also may be referred to as a “player.”

Patron deposit account. An account maintained on behalf of a patron, for the deposit and withdrawal of funds for the primary purpose of interacting with a gaming activity.

Player interface. Any component(s) of a Class II gaming system, including an electronic or technologic aid (not limited to terminals, player stations, handhelds, fixed units, etc.), that directly enables player interaction in a Class II game.

Prize payout. Payment to a player associated with a winning or qualifying event.

Promotional progressive pots and/or pools. Funds contributed to a game by and for the benefit of players that are distributed to players based on a predetermined event.

Shift. A time period, unless otherwise approved by the tribal gaming regulatory authority, not to exceed 24 hours.

Shill. An agent financed by the gaming operation and acting as a player.

Smart card. A card with embedded integrated circuits that possesses the means to electronically store or retrieve account data.

Sufficient clarity. The capacity of a surveillance system to record images at a minimum of 20 frames per second or equivalent recording speed and at a resolution sufficient to clearly identify the intended activity, person, object, or location.

Surveillance operation room(s). The secured area(s) where surveillance takes place and/or where active surveillance equipment is located.

Surveillance system. A system of video cameras, monitors, recorders, video printers, switches, selectors, and other equipment used for surveillance.

SICS (System of Internal Control Standards). An overall operational framework for a gaming operation that incorporates principles of independence and segregation of function, and is comprised of written policies, procedures, and standard practices based on overarching regulatory standards specifically designed to create a system of checks and balances to safeguard the integrity of a gaming operation and protect its assets from unauthorized access, misappropriation, forgery, theft, or fraud.

Tier A. Gaming operations with annual gross gaming revenues of more than $3 million but not more than $8 million.

Tier B. Gaming operations with annual gross gaming revenues of more than $8 million but not more than $15 million.

Tier C. Gaming operations with annual gross gaming revenues of more than $15 million.

TGRA. Tribal gaming regulatory authority, which is the entity authorized by tribal law to regulate gaming conducted pursuant to the Indian Gaming Regulatory Act.

TICS. Tribal Internal Control Standards established by the TGRA that are at least as stringent as the standards set forth in this part.

Vault. A secure area where cash and cash equivalents are stored.

Voucher. A financial instrument of fixed wagering value, usually paper, that can be used only to acquire an equivalent value of cashable credits or cash through interaction with a voucher system.

Voucher system. A system that securely maintains records of vouchers and coupons; validates payment of vouchers; records successful or failed payments of vouchers and coupons; and controls the purging of expired vouchers and coupons.

[77 FR 58712, Sept. 21, 2012, as amended at 78 FR 63874, Oct. 25, 2013]

(a) Minimum standards. These are minimum standards and a TGRA may establish and implement additional controls that do not conflict with those set out in this part.

(b) TICS. TGRAs must ensure that TICS are established and implemented that provide a level of control that equals or exceeds the applicable standards set forth in this part.

(1) Evaluation of existing TICS. Each TGRA must, in accordance with the tribal gaming ordinance, determine whether and to what extent their TICS require revision to ensure compliance with this part.

(2) Compliance date. All changes necessary to ensure compliance with this part must be promulgated within twelve months of the effective date of this part and implemented at the commencement of the next fiscal year. At the discretion of the TGRA, gaming operations may have an additional six months to come into compliance with the TICS.

(c) SICS. Each gaming operation must develop a SICS, as approved by the TGRA, to implement the TICS.

(1) Existing gaming operations. All gaming operations that are operating on or before the effective date of this part, must comply with this part within the time requirements established in paragraph (b) of this section. In the interim, such operations must continue to comply with existing TICS.

(2) New gaming operations. All gaming operations that commence operations after the effective date of this part must comply with this part before commencement of operations.

(d) Variances. Where referenced throughout this part, the gaming operation must set a reasonable threshold, approved by the TGRA, for when a variance must be reviewed to determine the cause, and the results of the review must be documented and maintained.

(e) Computer applications. For any computer applications utilized, alternate documentation and/or procedures that provide at least the level of control established by the standards of this part, as approved in writing by the TGRA, will be acceptable.

(f) Determination of tier.

(1) The determination of tier level will be made based upon the annual gross gaming revenues indicated within the gaming operation's audited financial statements.

(2) Gaming operations moving from one tier to another will have nine months from the date of the independent certified public accountant's audit report to achieve compliance with the requirements of the new tier. The TGRA may extend the deadline by an additional six months if written notice is provided to the Commission no later than two weeks before the expiration of the nine month period.

(g) Submission to Commission. Tribal regulations promulgated pursuant to this part are not required to be submitted to the Commission pursuant to §522.3(b) of this chapter.

(h) Enforcement of Commission MICS.

(1) Each TGRA is required to establish and implement TICS pursuant to paragraph (b) of this section. Each gaming operation is then required, pursuant to paragraph (c) of this section, to develop a SICS that implements the TICS. Failure to comply with this subsection may subject the tribal operator of the gaming operation, or the management contractor, to penalties under 25 U.S.C. 2713.

(2) Enforcement action by the Commission will not be initiated under this part without first informing the tribe and TGRA of deficiencies in the TICS or absence of SICS for its gaming operation and allowing a reasonable period of time to address such deficiencies. Such prior notice and opportunity for corrective action are not required where the threat to the integrity of the gaming operation is immediate and severe.

(a) Small gaming operations. This part does not apply to small gaming operations provided that:

(1) The TGRA permits the operation to be exempt from this part;

(2) The annual gross gaming revenue of the operation does not exceed $3 million; and

(3) The TGRA develops, and the operation complies with, alternate procedures that:

(i) Protect the integrity of games offered;

(ii) Safeguard the assets used in connection with the operation; and

(iii) Create, prepare and maintain records in accordance with Generally Accepted Accounting Principles.

(b) Charitable gaming operations. This part does not apply to charitable gaming operations provided that:

(1) All proceeds are for the benefit of a charitable organization;

(2) The TGRA permits the charitable organization to be exempt from this part;

(3) The charitable gaming operation is operated wholly by the charitable organization's agents;

(4) The annual gross gaming revenue of the charitable operation does not exceed $3 million; and

(5) The TGRA develops, and the charitable gaming operation complies with, alternate procedures that:

(i) Protect the integrity of the games offered;

(ii) Safeguard the assets used in connection with the gaming operation; and

(iii) Create, prepare and maintain records in accordance with Generally Accepted Accounting Principles.

(c) Independent operators. Nothing in this section exempts gaming operations conducted by independent operators for the benefit of a charitable organization.

(a) TGRA approval.

(1) A TGRA may approve an alternate standard from those required by this part if it has determined that the alternate standard will achieve a level of security and integrity sufficient to accomplish the purpose of the standard it is to replace. A gaming operation may implement an alternate standard upon TGRA approval subject to the Chair's decision pursuant to paragraph (b) of this section.

(2) For each enumerated standard for which the TGRA approves an alternate standard, it must submit to the Chair within 30 days a detailed report, which must include the following:

(i) An explanation of how the alternate standard achieves a level of security and integrity sufficient to accomplish the purpose of the standard it is to replace; and

(ii) The alternate standard as approved and the record on which it is based.

(3) In the event that the TGRA or the tribal government chooses to submit an alternate standard request directly to the Chair for joint government to government review, the TGRA or tribal government may do so without the approval requirement set forth in paragraph (a)(1) of this section.

(b) Chair review.

(1) The Chair may approve or object to an alternate standard approved by a TGRA.

(2) If the Chair approves the alternate standard, the Tribe may continue to use it as authorized by the TGRA.

(3) If the Chair objects, the operation may no longer use the alternate standard and must follow the relevant MICS set forth in this part.

(4) Any objection by the Chair must be in writing and provide reasons that the alternate standard, as approved by the TGRA, does not provide a level of security or integrity sufficient to accomplish the purpose of the standard it is to replace.

(5) If the Chair fails to approve or object in writing within 60 days after the date of receipt of a complete submission, the alternate standard is considered approved by the Chair. The Chair may, upon notification to the TGRA, extend this deadline an additional 60 days.

(c) Appeal of Chair decision. A TGRA may appeal the Chair's decision pursuant to 25 CFR chapter III, subchapter H.

(a) Supervision. Supervision must be provided as needed for bingo operations by an agent(s) with authority equal to or greater than those being supervised.

(b) Bingo cards.

(1) Physical bingo card inventory controls must address the placement of orders, receipt, storage, issuance, removal, and cancellation of bingo card inventory to ensure that:

(i) The bingo card inventory can be accounted for at all times; and

(ii) Bingo cards have not been marked, altered, or otherwise manipulated.

(2) Receipt from supplier.

(i) When bingo card inventory is initially received from the supplier, it must be inspected (without breaking the factory seals, if any), counted, inventoried, and secured by an authorized agent.

(ii) Bingo card inventory records must include the date received, quantities received, and the name of the individual conducting the inspection.

(3) Storage.

(i) Bingo cards must be maintained in a secure location, accessible only to authorized agents, and with surveillance coverage adequate to identify persons accessing the storage area.

(ii) For Tier A operations, bingo card inventory may be stored in a cabinet, closet, or other similar area; however, such area must be secured and separate from the working inventory.

(4) Issuance and returns of inventory.

(i) Controls must be established for the issuance and return of bingo card inventory. Records signed by the issuer and recipient must be created under the following events:

(A) Issuance of inventory from storage to a staging area;

(B) Issuance of inventory from a staging area to the cage or sellers;

(C) Return of inventory from a staging area to storage; and

(D) Return of inventory from cage or seller to staging area or storage.

(ii) [Reserved]

(5) Cancellation and removal.

(i) Bingo cards removed from inventory that are deemed out of sequence, flawed, or misprinted and not returned to the supplier must be cancelled to ensure that they are not utilized in the play of a bingo game. Bingo cards that are removed from inventory and returned to the supplier or cancelled must be logged as removed from inventory.

(ii) Bingo cards associated with an investigation must be retained intact outside of the established removal and cancellation policy.

(6) Logs.

(i) The inventory of bingo cards must be tracked and logged from receipt until use or permanent removal from inventory.

(ii) The bingo card inventory record(s) must include:

(A) Date;

(B) Shift or session;

(C) Time;

(D) Location;

(E) Inventory received, issued, removed, and returned;

(F) Signature of agent performing transaction;

(G) Signature of agent performing the reconciliation;

(H) Any variance;

(I) Beginning and ending inventory; and

(J) Description of inventory transaction being performed.

(c) Bingo card sales.

(1) Agents who sell bingo cards must not be the sole verifier of bingo cards for prize payouts.

(2) Manual bingo card sales: In order to adequately record, track, and reconcile sales of bingo cards, the following information must be documented:

(i) Date;

(ii) Shift or session;

(iii) Number of bingo cards issued, sold, and returned;

(iv) Dollar amount of bingo card sales;

(v) Signature, initials, or identification number of the agent preparing the record; and

(vi) Signature, initials, or identification number of an independent agent who verified the bingo cards returned to inventory and dollar amount of bingo card sales.

(3) Bingo card sale voids must be processed in accordance with the rules of the game and established controls that must include the following:

(i) Patron refunds;

(ii) Adjustments to bingo card sales to reflect voids;

(iii) Adjustment to bingo card inventory;

(iv) Documentation of the reason for the void; and

(v) Authorization for all voids.

(4) Class II gaming system bingo card sales. In order to adequately record, track and reconcile sales of bingo cards, the following information must be documented from the server (this is not required if the system does not track the information, but system limitation(s) must be noted):

(i) Date;

(ii) Time;

(iii) Number of bingo cards sold;

(iv) Dollar amount of bingo card sales; and

(v) Amount in, amount out and other associated meter information.

(d) Draw.

(1) Controls must be established and procedures implemented to ensure that all eligible objects used in the conduct of the bingo game are available to be drawn and have not been damaged or altered. Verification of physical objects must be performed by two agents before the start of the first bingo game/session. At least one of the verifying agents must be a supervisory agent or independent of the bingo games department.

(2) Where the selection is made through an electronic aid, certification in accordance with 25 CFR 547.14 is acceptable for verifying the randomness of the draw and satisfies the requirements of paragraph (d)(1) of this section.

(3) Controls must be established and procedures implemented to provide a method of recall of the draw, which includes the order and identity of the objects drawn, for dispute resolution purposes.

(4) Verification and display of draw. Controls must be established and procedures implemented to ensure that:

(i) The identity of each object drawn is accurately recorded and transmitted to the participants. The procedures must identify the method used to ensure the identity of each object drawn.

(ii) For all games offering a prize payout of $1,200 or more, as the objects are drawn, the identity of the objects are immediately recorded and maintained for a minimum of 24 hours.

(e) Prize payout.

(1) Controls must be established and procedures implemented for cash or cash equivalents that address the following:

(i) Identification of the agent authorized (by position) to make a payout;

(ii) Predetermined payout authorization levels (by position); and

(iii) Documentation procedures ensuring separate control of the cash accountability functions.

(2) Verification of validity.

(i) Controls must be established and procedures implemented to verify that the following is valid for the game in play prior to payment of a winning prize:

(A) Winning card(s);

(B) Objects drawn; and

(C) The previously designated arrangement of numbers or designations on such cards, as described in 25 U.S.C. 2703(7)(A).

(ii) At least two agents must verify that the card, objects drawn, and previously designated arrangement were valid for the game in play.

(iii) Where an automated verification method is available, verification by such method is acceptable.

(3) Validation.

(i) For manual payouts, at least two agents must determine the validity of the claim prior to the payment of a prize. The system may serve as one of the validators.

(ii) For automated payouts, the system may serve as the sole validator of the claim.

(4) Verification.

(i) For manual payouts, at least two agents must verify that the winning pattern has been achieved on the winning card prior to the payment of a prize. The system may serve as one of the verifiers.

(ii) For automated payouts, the system may serve as the sole verifier that the pattern has been achieved on the winning card.

(5) Authorization and signatures.

(i) At least two agents must authorize, sign, and witness all manual prize payouts above $1,200, or a lower threshold as authorized by management and approved by the TGRA.

(ii) Manual prize payouts above the following threshold (or a lower threshold, as authorized by management and approved by TGRA) must require one of the two signatures and verifications to be a supervisory or management employee independent of the operation of Class II Gaming System bingo:

(A) $5,000 for a Tier A facility;

(B) $10,000 at a Tier B facility;

(C) $20,000 for a Tier C facility; or

(D) $50,000 for a Tier C facility with over $100,000,000 in gross gaming revenues.

(iii) The predetermined thresholds, whether set at the MICS level or lower, must be authorized by management, approved by the TGRA, documented, and maintained.

(iv) A Class II gaming system may substitute for one authorization/signature verifying, validating or authorizing a winning card, but may not substitute for a supervisory or management authorization/signature.

(6) Payout records, including manual payout records, must include the following information:

(i) Date and time;

(ii) Amount of the payout (alpha & numeric for player interface payouts); and

(iii) Bingo card identifier or player interface identifier.

(iv) Manual payout records must also include the following:

(A) Game name or number;

(B) Description of pattern covered, such as cover-all or four corners;

(C) Signature of all, but not less than two, agents involved in the transaction;

(D) For override transactions, verification by a supervisory or management agent independent of the transaction; and

(E) Any other information necessary to substantiate the payout.

(f) Cash and cash equivalent controls.

(1) Cash or cash equivalents exchanged between two persons must be counted independently by at least two agents and reconciled to the recorded amounts at the end of each shift or session. Unexplained variances must be documented and maintained. Unverified transfers of cash or cash equivalents are prohibited.

(2) Procedures must be implemented to control cash or cash equivalents based on the amount of the transaction. These procedures must include documentation by shift, session, or other relevant time period of the following:

(i) Inventory, including any increases or decreases;

(ii) Transfers;

(iii) Exchanges, including acknowledging signatures or initials; and

(iv) Resulting variances.

(3) Any change to control of accountability, exchange, or transfer requires that the cash or cash equivalents be counted and recorded independently by at least two agents and reconciled to the recorded amount.

(g) Technologic aids to the play of bingo. Controls must be established and procedures implemented to safeguard the integrity of technologic aids to the play of bingo during installations, operations, modifications, removal and retirements. Such procedures must include the following:

(1) Shipping and receiving.

(i) A communication procedure must be established between the supplier, the gaming operation, and the TGRA to properly control the shipping and receiving of all software and hardware components. Such procedures must include:

(A) Notification of pending shipments must be provided to the TGRA by the gaming operation;

(B) Certification in accordance with 25 CFR part 547;

(C) Notification from the supplier to the TGRA, or the gaming operation as approved by the TGRA, of the shipping date and expected date of delivery. The shipping notification must include:

(1) Name and address of the supplier;

(2) Description of shipment;

(3) For player interfaces: a serial number;

(4) For software: software version and description of software;

(5) Method of shipment; and

(6) Expected date of delivery.

(ii) Procedures must be implemented for the exchange of Class II gaming system components for maintenance and replacement.

(iii) Class II gaming system components must be shipped in a secure manner to deter unauthorized access.

(iv) The TGRA, or its designee, must receive all Class II gaming system components and game play software packages, and verify the contents against the shipping notification.

(2) Access credential control methods.

(i) Controls must be established to restrict access to the Class II gaming system components, as set forth in §543.20, Information and Technology.

(ii) [Reserved]

(3) Recordkeeping and audit processes.

(i) The gaming operation must maintain the following records, as applicable, related to installed game servers and player interfaces:

(A) Date placed into service;

(B) Date made available for play;

(C) Supplier;

(D) Software version;

(E) Serial number;

(F) Game title;

(G) Asset and/or location number;

(H) Seal number; and

(I) Initial meter reading.

(ii) Procedures must be implemented for auditing such records in accordance with §543.23, Audit and Accounting.

(4) System software signature verification.

(i) Procedures must be implemented for system software verifications. These procedures must include comparing signatures generated by the verification programs required by 25 CFR 547.8, to the signatures provided in the independent test laboratory letter for that software version.

(ii) An agent independent of the bingo operation must perform system software signature verification(s) to verify that only approved software is installed.

(iii) Procedures must be implemented for investigating and resolving any software verification variances.

(iv) Internal audits must be conducted as set forth in §543.23, Audit and Accounting. Such audits must be documented.

(5) Installation testing.

(i) Testing must be completed during the installation process to verify that the player interface has been properly installed. This must include testing of the following, as applicable:

(A) Communication with the Class II gaming system;

(B) Communication with the accounting system;

(C) Communication with the player tracking system;

(D) Currency and vouchers to bill acceptor;

(E) Voucher printing;

(F) Meter incrementation;

(G) Pay table, for verification;

(H) Player interface denomination, for verification;

(I) All buttons, to ensure that all are operational and programmed appropriately;

(J) System components, to ensure that they are safely installed at location; and

(K) Locks, to ensure that they are secure and functioning.

(ii) [Reserved]

(6) Display of rules and necessary disclaimers. The TGRA or the operation must verify that all game rules and disclaimers are displayed at all times or made readily available to the player upon request, as required by 25 CFR part 547;

(7) TGRA approval of all technologic aids before they are offered for play.

(8) All Class II gaming equipment must comply with 25 CFR part 547, Minimum Technical Standards for Gaming Equipment Used With the Play of Class II Games; and

(9) Dispute resolution.

(h) Operations.

(1) Malfunctions. Procedures must be implemented to investigate, document and resolve malfunctions. Such procedures must address the following:

(i) Determination of the event causing the malfunction;

(ii) Review of relevant records, game recall, reports, logs, surveillance records;

(iii) Repair or replacement of the Class II gaming component;

(iv) Verification of the integrity of the Class II gaming component before restoring it to operation; and

(2) Removal, retirement and/or destruction. Procedures must be implemented to retire or remove any or all associated components of a Class II gaming system from operation. Procedures must include the following:

(i) For player interfaces and components that accept cash or cash equivalents:

(A) Coordinate with the drop team to perform a final drop;

(B) Collect final accounting information such as meter readings, drop and payouts;

(C) Remove and/or secure any or all associated equipment such as locks, card reader, or ticket printer from the retired or removed component; and

(D) Document removal, retirement, and/or destruction.

(ii) For removal of software components:

(A) Purge and/or return the software to the license holder; and

(B) Document the removal.

(iii) For other related equipment such as blowers, cards, interface cards:

(A) Remove and/or secure equipment; and

(B) Document the removal or securing of equipment.

(iv) For all components:

(A) Verify that unique identifiers, and descriptions of removed/retired components are recorded as part of the retirement documentation; and

(B) Coordinate with the accounting department to properly retire the component in the system records.

(v) Where the TGRA authorizes destruction of any Class II gaming system components, procedures must be developed to destroy such components. Such procedures must include the following:

(A) Methods of destruction;

(B) Witness or surveillance of destruction;

(C) Documentation of all components destroyed; and

(D) Signatures of agent(s) destroying components attesting to destruction.

(i) Vouchers.

(1) Controls must be established and procedures implemented to:

(i) Verify the authenticity of each voucher redeemed.

(ii) If the voucher is valid, verify that the patron is paid the appropriate amount.

(iii) Document the payment of a claim on a voucher that is not physically available or a voucher that cannot be validated such as a mutilated, expired, lost, or stolen voucher.

(iv) Retain payment documentation for reconciliation purposes.

(v) For manual payment of a voucher of $500 or more, require a supervisory employee to verify the validity of the voucher prior to payment.

(2) Vouchers paid during a period while the voucher system is temporarily out of operation must be marked “paid” by the cashier.

(3) Vouchers redeemed while the voucher system was temporarily out of operation must be validated as expeditiously as possible upon restored operation of the voucher system.

(4) Paid vouchers must be maintained in the cashier's accountability for reconciliation purposes.

(5) Unredeemed vouchers can only be voided in the voucher system by supervisory employees. The accounting department will maintain the voided voucher, if available.

(j) All relevant controls from §543.20, Information and Technology will apply.

(k) Revenue Audit. Standards for revenue audit of bingo are contained in §543.24, Revenue Audit.

(l) Variance. The operation must establish, as approved by the TGRA, the threshold level at which a variance, including deviations from the mathematical expectations required by 25 CFR 547.4, will be reviewed to determine the cause. Any such review must be documented.

(a) Supervision. Supervision must be provided as needed for pull tab operations and over pull tab storage areas by an agent(s) with authority equal to or greater than those being supervised.

(b) Pull tab inventory. Controls must be established and procedures implemented to ensure that:

(1) Access to pull tabs is restricted to authorized agents;

(2) The pull tab inventory is controlled by agents independent of pull tab sales;

(3) Pull tabs exchanged between agents are secured and independently controlled;

(4) Increases or decreases to pull tab inventory are recorded, tracked, and reconciled; and

(5) Pull tabs are maintained in a secure location, accessible only to authorized agents, and with surveillance coverage adequate to identify persons accessing the area.

(c) Pull tab sales.

(1) Controls must be established and procedures implemented to record, track, and reconcile all pull tab sales and voids.

(2) When pull tab sales are recorded manually, total sales must be verified by an agent independent of the pull tab sales being verified.

(3) No person may have unrestricted access to pull tab sales records.

(d) Winning pull tabs.

(1) Controls must be established and procedures implemented to record, track, and reconcile all redeemed pull tabs and pull tab payouts.

(2) The redeemed pull tabs must be defaced so that they cannot be redeemed for payment again.

(3) Pull tabs that are uniquely identifiable with a machine readable code (including, but not limited to a barcode) may be redeemed, reconciled, and stored by kiosks without the need for defacing, so long as the redeemed pull tabs are secured and destroyed after removal from the kiosk in accordance with the procedures approved by the TGRA.

(4) At least two agents must document and verify all prize payouts above $600, or lower threshold as authorized by management and approved by the TGRA.

(i) An automated method may substitute for one verification.

(ii) The predetermined threshold must be authorized by management, approved by the TGRA, documented, and maintained.

(5) Total payout must be calculated and recorded by shift.

(e) Pull tab operating funds.

(1) All funds used to operate the pull tab game must be accounted for and recorded and all transfers of cash and/or cash equivalents must be verified.

(2) All funds used to operate the pull tab game must be independently counted and verified by at least two agents and reconciled to the recorded amounts at the end of each shift or session.

(f) Statistical records.

(1) Statistical records must be maintained, including (for games sold in their entirety or removed from play) a win-to-write hold percentage as compared to the expected hold percentage derived from the flare.

(2) A manager independent of the pull tab operations must review statistical information when the pull tab deal has ended or has been removed from the floor and must investigate any unusual statistical fluctuations. These investigations must be documented, maintained for inspection, and provided to the TGRA upon request.

(g) Revenue audit. Standards for revenue audit of pull tabs are contained in §543.24, Revenue Audit.

(h) Variances. The operation must establish, as approved by the TGRA, the threshold level at which a variance must be reviewed to determine the cause. Any such review must be documented.

(a) Supervision. Supervision must be provided as needed during the card room operations by an agent(s) with authority equal to or greater than those being supervised.

(1) A supervisor may function as a dealer without any other supervision if disputes are resolved by supervisory personnel independent of the transaction or independent of the card games department; or

(2) A dealer may function as a supervisor if not dealing the game.

(b) Exchanges or transfers.

(1) Exchanges between table banks and the main card room bank (or cage, if a main card room bank is not used) must be authorized by a supervisor. All exchanges must be evidenced by the use of a lammer unless the exchange of chips, tokens, and/or cash takes place at the table. If table banks are maintained at an imprest level and runners are used for the exchanges at the table, no supervisory authorization is required.

(2) Exchanges from the main card room bank (or cage, if a main card room bank is not used) to the table banks must be verified by the card room dealer and the runner.

(3) Transfers between the main card room bank and the cage must be properly authorized and documented. Documentation must be retained for at least 24 hours.

(c) Playing cards.

(1) New and used playing cards must be maintained in a secure location, with appropriate surveillance coverage, and accessible only to authorized agents.

(2) Used playing cards that are not to be re-used must be properly cancelled and removed from service to prevent re-use. The removal and cancellation procedure requires TGRA review and approval.

(3) Playing cards associated with an investigation must be retained intact and outside of the established removal and cancellation procedure.

(d) Shill funds.

(1) Issuance of shill funds must be recorded and have the written approval of the supervisor.

(2) Returned shill funds must be recorded and verified by a supervisor.

(3) The replenishment of shill funds must be documented.

(e) Standards for reconciliation of card room bank. Two agents—one of whom must be a supervisory agent—must independently count the table inventory at the opening and closing of the table and record the following information:

(1) Date;

(2) Shift;

(3) Table number;

(4) Amount by denomination;

(5) Amount in total; and

(6) Signatures of both agents.

(f) Posted rules. The rules must be displayed or available for patron review at the gaming operation, including rules governing contests, prize payouts, fees, the rake collected, and the placing of antes.

(g) Promotional progressive pots and pools.

(1) All funds contributed by players into the pools must be returned when won in accordance with posted rules, and no commission or administrative fee may be withheld.

(i) The payout may be in the form of personal property, such as a car.

(ii) A combination of a promotion and progressive pool may be offered.

(2) The conditions for participating in current card game promotional progressive pots and/or pools must be prominently displayed or available for patron review at the gaming operation.

(3) Individual payouts for card game promotional progressive pots and/or pools that are $600 or more must be documented at the time of the payout to include the following:

(i) Patron's name;

(ii) Date of payout;

(iii) Dollar amount of payout and/or nature and dollar value of any non-cash payout;

(iv) The signature of the agent completing the transaction attesting to the disbursement of the payout; and

(v) Name of contest/tournament.

(4) If the cash (or cash equivalent) payout for the card game promotional progressive pot and/or pool is less than $600, documentation must be created to support accountability of the bank from which the payout was made.

(5) Rules governing current promotional pools must be conspicuously posted in the card room and/or available in writing for patron review. The rules must designate:

(i) The amount of funds to be contributed from each pot;

(ii) What type of hand it takes to win the pool;

(iii) How the promotional funds will be paid out;

(iv) How/when the contributed funds are added to the pools; and

(v) Amount/percentage of funds allocated to primary and secondary pools, if applicable.

(6) Promotional pool contributions must not be placed in or near the rake circle, in the drop box, or commingled with gaming revenue from card games or any other gambling game.

(7) The amount of the pools must be conspicuously displayed in the card room.

(8) At least once each day that the game is offered, the posted pool amount must be updated to reflect the current pool amount.

(9) At least once each day that the game is offered, agents independent of the card room must reconcile the increases to the posted pool amount to the cash previously counted or received by the cage.

(10) All decreases to the pool must be properly documented, including a reason for the decrease.

(11) Promotional funds removed from the card game must be placed in a locked container.

(i) Agents authorized to transport the locked container are precluded from having access to the contents keys.

(ii) The contents key must be maintained by a department independent of the card room.

(iii) At least once a day, the locked container must be removed by two agents, one of whom is independent of the card games department, and transported directly to the cage or other secure room to be counted, recorded, and verified, prior to accepting the funds into cage accountability.

(h) Variances. The operation must establish, as approved by the TGRA, the threshold level at which a variance must be reviewed to determine the cause. Any such review must be documented.

(a) Supervision. Supervision must be provided as needed for gaming promotions and player tracking by an agent(s) with authority equal to or greater than those being supervised.

(b) Gaming promotions. The rules of the gaming promotion must be displayed or made readily available to patron upon request. Gaming promotions rules require TGRA approval and must include the following:

(1) The rules of play;

(2) The nature and value of the associated prize(s) or cash award(s);

(3) Any restrictions or limitations on participant eligibility;

(4) The date(s), time(s), and location(s) for the associated promotional activity or activities;

(5) Any other restrictions or limitations, including any related to the claim of prizes or cash awards;

(6) The announcement date(s), time(s), and location(s) for the winning entry or entries; and

(7) Rules governing promotions offered across multiple gaming operations, third party sponsored promotions, and joint promotions involving third parties.

(c) Player tracking systems and gaming promotions.

(1) Changes to the player tracking systems, promotion and external bonusing system parameters, which control features such as the awarding of bonuses, the issuance of cashable credits, non-cashable credits, coupons and vouchers, must be performed under the authority of supervisory agents, independent of the department initiating the change. Alternatively, the changes may be performed by supervisory agents of the department initiating the change if sufficient documentation is generated and the propriety of the changes are randomly verified by supervisory agents independent of the department initiating the change on a monthly basis.

(2) All other changes to the player tracking system must be appropriately documented.

(d) Variances. The operation must establish, as approved by the TGRA, the threshold level at which a variance must be reviewed to determine the cause. Any such review must be documented.

(a) Supervision. Supervision must be provided as needed for approval of complimentary services by an agent(s) with authority equal to or greater than those being supervised.

(b) Complimentary services or items. Controls must be established and procedures implemented for complimentary services or items that address the following:

(1) Agents authorized to approve the issuance of complimentary services or items, including levels of authorization;

(2) Limits and conditions on the approval and issuance of complimentary services or items;

(3) Making and documenting changes to conditions or limits on the approval and issuance of complimentary services or items;

(4) Documenting and recording the authorization, issuance, and redemption of complimentary services or items, including cash and non-cash gifts;

(i) Records must include the following for all complimentary items and services equal to or exceeding an amount established by the gaming operation and approved by the TGRA:

(A) Name of patron who received the complimentary service or item;

(B) Name(s) of issuer(s) of the complimentary service or item;

(C) The actual cash value of the complimentary service or item;

(D) The type of complimentary service or item (i.e., food, beverage); and

(E) Date the complimentary service or item was issued.

(ii) [Reserved]

(c) Complimentary services and items records must be summarized and reviewed for proper authorization and compliance with established authorization thresholds.

(1) A detailed reporting of complimentary services or items transactions that meet an established threshold approved by the TGRA must be prepared at least monthly.

(2) The detailed report must be forwarded to management for review.

(d) Variances. The operation must establish, as approved by the TGRA, the threshold level at which a variance must be reviewed to determine the cause. Any such review must be documented.

(a) Supervision. Supervision must be provided as needed for patron deposit accounts and cashless systems by an agent(s) with authority equal to or greater than those being supervised.

(b) Patron deposit accounts and cashless systems.

(1) Smart cards cannot maintain the only source of account data.

(2) Establishment of patron deposit accounts. The following standards apply when a patron establishes an account.

(i) The patron must appear at the gaming operation in person, at a designated area of accountability, and present valid government issued picture identification; and

(ii) An agent must examine the patron's identification and record the following information:

(A) Type, number, and expiration date of the identification;

(B) Patron's name;

(C) A unique account identifier;

(D) Date the account was opened; and

(E) The agent's name.

(3) The patron must sign the account documentation before the agent may activate the account.

(4) The agent or cashless system must provide the patron deposit account holder with a secure method of access.

(c) Patron deposits, withdrawals and adjustments.

(1) Prior to the patron making a deposit or withdrawal from a patron deposit account, the agent or cashless system must verify the patron deposit account, the patron identity, and availability of funds. A personal identification number (PIN) is an acceptable form of verifying identification.

(2) Adjustments made to the patron deposit accounts must be performed by an agent.

(3) When a deposit, withdrawal, or adjustment is processed by an agent, a transaction record must be created containing the following information:

(i) Same document number on all copies;

(ii) Type of transaction, (deposit, withdrawal, or adjustment);

(iii) Name or other identifier of the patron;

(iv) The unique account identifier;

(v) Patron signature for withdrawals, unless a secured method of access is utilized;

(vi) For adjustments to the account, the reason for the adjustment;

(vii) Date and time of transaction;

(viii) Amount of transaction;

(ix) Nature of deposit, withdrawal, or adjustment (cash, check, chips); and

(x) Signature of the agent processing the transaction.

(4) When a patron deposits or withdraws funds from a patron deposit account electronically, the following must be recorded:

(i) Date and time of transaction;

(ii) Location (player interface, kiosk);

(iii) Type of transaction (deposit, withdrawal);

(iv) Amount of transaction; and

(v) The unique account identifier.

(5) Patron deposit account transaction records must be available to the patron upon reasonable request.

(6) If electronic funds transfers are made to or from a gaming operation bank account for patron deposit account funds, the bank account must be dedicated and may not be used for any other types of transactions.

(d) Variances. The operation must establish, as approved by the TGRA, the threshold level at which a variance must be reviewed to determine the cause. Any such review must be documented.

(a) Supervision. Supervision must be provided as needed for lines of credit by an agent(s) with authority equal to or greater than those being supervised.

(b) Establishment of lines of credit policy.

(1) If a gaming operation extends lines of credit, controls must be established and procedures implemented to safeguard the assets of the gaming operation. Such controls must include a lines of credit policy including the following:

(i) A process for the patron to apply for, modify, and/or re-establish lines of credit, to include required documentation and credit line limit;

(ii) Authorization levels of credit issuer(s);

(iii) Identification of agents authorized to issue lines of credit;

(iv) A process for verifying an applicant's credit worthiness;

(v) A system for recording patron information, to include:

(A) Name, current address, and signature;

(B) Identification credential;

(C) Authorized credit line limit;

(D) Documented approval by an agent authorized to approve credit line limits;

(E) Date, time and amount of credit issuances and payments; and

(F) Amount of available credit.

(vi) A process for issuing lines of credit to:

(A) Verify the patron's identity;

(B) Notify the patron of the lines of credit terms, including obtaining patron's written acknowledgment of the terms by signature;

(C) Complete a uniquely identified, multi-part, lines of credit issuance form, such as a marker or counter check, which includes the terms of the lines of credit transaction;

(D) Obtain required signatures;

(E) Determine the amount of the patron's available lines of credit;

(F) Update the credit balance record at the time of each transaction to ensure that lines of credit issued are within the established limit and balance for that patron; and

(G) Require the agent issuing the lines of credit to be independent of the agent who authorized the lines of credit.

(vii) A policy establishing credit line limit exceptions to include the following:

(A) Identification of the agent(s) authorized to permit a credit line limit to be exceeded;

(B) Authorization thresholds; and

(C) Required documentation.

(viii) A policy governing increases and decreases to a patron's lines of credit account balances to include the following:

(A) Documentation and record keeping requirements;

(B) Independence between the department that receives the payment and the department that maintains custody of the credit balance for payments made by mail;

(C) Collections;

(D) Periodic audits and confirmation of balances; and

(E) If a collection agency is used, a process to ensure documentation of increases and decreases to the lines of credit account balances.

(ix) A policy governing write-offs and settlements to include:

(A) Identification of agent(s) authorized to approve write-offs and settlements;

(B) Authorization levels for write-offs and settlements of lines of credit instruments;

(C) Required documentation for write-offs and settlements;

(D) Independence between the agent who established the lines of credit and the agent writing off or settling the lines of credit instrument; and

(E) Necessary documentation for the approval of write-offs and settlements and transmittal to the appropriate department for recording and deductibility.

(c) Variances. The operation must establish, as approved by the TGRA, the threshold level at which a variance must be reviewed to determine the cause. Any such review must be documented.

(a) Supervision. Supervision must be provided for drop and count as needed by an agent(s) with authority equal to or greater than those being supervised.

(b) Count room access. Controls must be established and procedures implemented to limit physical access to the count room to count team agents, designated staff, and other authorized persons. Such controls must include the following:

(1) Count team agents may not exit or enter the count room during the count except for emergencies or scheduled breaks.

(2) Surveillance must be notified whenever count room agents exit or enter the count room during the count.

(3) The count team policy, at a minimum, must address the transportation of extraneous items such as personal belongings, tool boxes, beverage containers, etc., into or out of the count room.

(c) Count team. Controls must be established and procedures implemented to ensure security of the count and the count room to prevent unauthorized access, misappropriation of funds, forgery, theft, or fraud. Such controls must include the following:

(1) For Tier A and B operations, all counts must be performed by at least two agents. For Tier C operations, all counts must be performed by at least three agents.

(2) For Tier A and B operations, at no time during the count can there be fewer than two count team agents in the count room until the drop proceeds have been accepted into cage/vault accountability. For Tier C operations, at no time during the count can there be fewer than three count team agents in the count room until the drop proceeds have been accepted into cage/vault accountability.

(3) For Tier A and B operations, count team agents must be rotated on a routine basis such that the count team is not consistently the same two agents more than four days per week. This standard does not apply to gaming operations that utilize a count team of more than two agents. For Tier C operations, count team agents must be rotated on a routine basis such that the count team is not consistently the same three agents more than four days per week. This standard does not apply to gaming operations that utilize a count team of more than three agents.

(4) Functions performed by count team agents must be rotated on a routine basis.

(5) Count team agents must be independent of the department being counted. A cage/vault agent may be used if they are not the sole recorder of the count and do not participate in the transfer of drop proceeds to the cage/vault. An accounting agent may be used if there is an independent audit of all count documentation.

(d) Card game drop standards. Controls must be established and procedures implemented to ensure security of the drop process. Such controls must include the following:

(1) Surveillance must be notified when the drop is to begin so that surveillance may monitor the activities.

(2) At least two agents must be involved in the removal of the drop box, at least one of whom is independent of the card games department.

(4) Once the drop is started, it must continue until finished.

(5) All drop boxes may be removed only at the time previously designated by the gaming operation and reported to the TGRA. If an emergency drop is required, surveillance must be notified before the drop is conducted and the TGRA must be informed within a timeframe approved by the TGRA.

(6) At the end of each shift:

(i) All locked card game drop boxes must be removed from the tables by an agent independent of the card game shift being dropped;

(ii) For any tables opened during the shift, a separate drop box must be placed on each table, or a gaming operation may utilize a single drop box with separate openings and compartments for each shift; and

(iii) Card game drop boxes must be transported directly to the count room or other equivalently secure area by a minimum of two agents, at least one of whom is independent of the card game shift being dropped, until the count takes place.

(7) All tables that were not open during a shift and therefore not part of the drop must be documented.

(8) All card game drop boxes must be posted with a number corresponding to a permanent number on the gaming table and marked to indicate game, table number, and shift, if applicable.

(e) Player interface and financial instrument storage component drop standards.

(1) Surveillance must be notified when the drop is to begin so that surveillance may monitor the activities.

(2) At least two agents must be involved in the removal of the player interface storage component drop, at least one of whom is independent of the player interface department.

(3) All financial instrument storage components may be removed only at the time previously designated by the gaming operation and reported to the TGRA. If an emergency drop is required, surveillance must be notified before the drop is conducted and the TGRA must be informed within a timeframe approved by the TGRA.

(4) The financial instrument storage components must be removed by an agent independent of the player interface department, then transported directly to the count room or other equivalently secure area with comparable controls and locked in a secure manner until the count takes place.

(i) Security must be provided for the financial instrument storage components removed from player interfaces and awaiting transport to the count room.

(ii) Transportation of financial instrument storage components must be performed by a minimum of two agents, at least one of whom is independent of the player interface department.

(5) All financial instrument storage components must be posted with a number corresponding to a permanent number on the player interface.

(f) Card game count standards.

(1) Access to stored, full card game drop boxes must be restricted to:

(i) Authorized members of the drop and count teams; and

(ii) In an emergency, authorized persons for the resolution of a problem.

(2) The card game count must be performed in a count room or other equivalently secure area with comparable controls.

(3) Access to the count room during the count must be restricted to members of the drop and count teams, with the exception of authorized observers, supervisors for resolution of problems, and authorized maintenance personnel.

(4) If counts from various revenue centers occur simultaneously in the count room, procedures must be in effect to prevent the commingling of funds from different revenue centers.

(5) Count equipment and systems must be tested, with the results documented, at minimum before the first count begins to ensure the accuracy of the equipment.

(6) The card game drop boxes must be individually emptied and counted so as to prevent the commingling of funds between boxes until the count of the box has been recorded.

(i) The count of each box must be recorded in ink or other permanent form of recordation.

(ii) For counts that do not utilize a currency counter, a second count must be performed by a member of the count team who did not perform the initial count. Separate counts of chips and tokens must always be performed by members of the count team.

(iii) Coupons or other promotional items not included in gross revenue must be recorded on a supplemental document by either the count team members or accounting personnel. All single-use coupons must be cancelled daily by an authorized agent to prevent improper recirculation.

(iv) If a currency counter interface is used:

(A) It must be restricted to prevent unauthorized access; and

(B) The currency drop figures must be transferred via direct communications line or computer storage media to the accounting department.

(7) If currency counters are utilized, a count team member must observe the loading and unloading of all currency at the currency counter, including rejected currency.

(8) Two counts of the currency rejected by the currency counter must be recorded per table, as well as in total. Posting rejected currency to a nonexistent table is prohibited.

(9) Card game drop boxes, when empty, must be shown to another member of the count team, to another agent observing the count, or to surveillance, provided that the count is monitored in its entirety by an agent independent of the count.

(10) Procedures must be implemented to ensure that any corrections to the count documentation are permanent and identifiable, and that the original, corrected information remains legible. Corrections must be verified by two count team agents.

(11) The count sheet must be reconciled to the total drop by a count team member who may not function as the sole recorder, and variances must be reconciled and documented.

(12) All count team agents must sign the count sheet attesting to their participation in the count.

(13) A final verification of the total drop proceeds, before transfer to cage/vault, must be performed by at least two agents, one of whom is a supervisory count team member, and one a count team agent.

(i) Final verification must include a comparison of currency counted totals against the currency counter/system report, if any counter/system is used.

(ii) Any unresolved variances must be documented, and the documentation must remain part of the final count record forwarded to accounting.

(iii) This verification does not require a complete recount of the drop proceeds, but does require a review sufficient to verify the total drop proceeds being transferred.

(iv) The two agents must sign the report attesting to the accuracy of the total drop proceeds verified.

(v) All drop proceeds and cash equivalents that were counted must be submitted to the cage or vault agent (who must be independent of the count team), or to an agent independent of the revenue generation source and the count process, for verification. The agent must certify, by signature, the amount of the drop proceeds delivered and received. Any unresolved variances must be reconciled, documented, and/or investigated by accounting/revenue audit.

(14) After verification by the agent receiving the funds, the drop proceeds must be transferred to the cage/vault.

(i) The count documentation and records must not be transferred to the cage/vault with the drop proceeds.

(ii) The cage/vault agent must have no knowledge or record of the drop proceeds total before it is verified.

(iii) All count records must be forwarded to accounting or secured and accessible only by accounting agents.

(iv) The cage/vault agent receiving the transferred drop proceeds must sign the count sheet attesting to the verification of the total received, and thereby assume accountability of the drop proceeds, ending the count.

(v) Any unresolved variances between total drop proceeds recorded on the count sheet and the cage/vault final verification during transfer must be documented and investigated.

(15) The count sheet, with all supporting documents, must be delivered to the accounting department by a count team member or an agent independent of the cage/vault. Alternatively, it may be secured so that it is only accessible to accounting agents.

(g) Player interface financial instrument count standards.

(1) Access to stored full financial instrument storage components must be restricted to:

(i) Authorized members of the drop and count teams; and

(ii) In an emergency, authorized persons for the resolution of a problem.

(2) The player interface financial instrument count must be performed in a count room or other equivalently secure area with comparable controls.

(3) Access to the count room during the count must be restricted to members of the drop and count teams, with the exception of authorized observers, supervisors for resolution of problems, and authorized maintenance personnel.

(4) If counts from various revenue centers occur simultaneously in the count room, procedures must be in effect that prevent the commingling of funds from different revenue centers.

(5) The count team must not have access to amount-in or bill-in meter amounts until after the count is completed and the drop proceeds are accepted into the cage/vault accountability.

(6) Count equipment and systems must be tested, and the results documented, before the first count begins, to ensure the accuracy of the equipment.

(7) If a currency counter interface is used:

(i) It must be adequately restricted to prevent unauthorized access; and

(ii) The currency drop figures must be transferred via direct communications line or computer storage media to the accounting department.

(8) The financial instrument storage components must be individually emptied and counted so as to prevent the commingling of funds between storage components until the count of the storage component has been recorded.

(i) The count of each storage component must be recorded in ink or other permanent form of recordation.

(ii) Coupons or other promotional items not included in gross revenue may be recorded on a supplemental document by the count team members or accounting personnel. All single-use coupons must be cancelled daily by an authorized agent to prevent improper recirculation.

(9) If currency counters are utilized, a count team member must observe the loading and unloading of all currency at the currency counter, including rejected currency.

(10) Two counts of the currency rejected by the currency counter must be recorded per interface terminal as well as in total. Rejected currency must be posted to the player interface from which it was collected.

(11) Storage components, when empty, must be shown to another member of the count team, to another agent who is observing the count, or to surveillance, provided that the count is monitored in its entirety by an agent independent of the count.

(12) Procedures must be implemented to ensure that any corrections to the count documentation are permanent, identifiable and the original, corrected information remains legible. Corrections must be verified by two count team agents.

(13) The count sheet must be reconciled to the total drop by a count team member who may not function as the sole recorder, and variances must be reconciled and documented. This standard does not apply to vouchers removed from the financial instrument storage components.

(14) All count team agents must sign the report attesting to their participation in the count.

(15) A final verification of the total drop proceeds, before transfer to cage/vault, must be performed by the at least two agents, one of whom is a supervisory count team member and the other a count team agent.

(i) Final verification must include a comparison of currency counted totals against the currency counter/system report, if a counter/system is used.

(ii) Any unresolved variances must be documented and the documentation must remain a part of the final count record forwarded to accounting.

(iii) This verification does not require a complete recount of the drop proceeds but does require a review sufficient to verify the total drop proceeds being transferred.

(iv) The two agents must sign the report attesting to the accuracy of the total drop proceeds verified.

(v) All drop proceeds and cash equivalents that were counted must be turned over to the cage or vault cashier (who must be independent of the count team) or to an agent independent of the revenue generation and the count process for verification. Such cashier or agent must certify, by signature, the amount of the drop proceeds delivered and received. Any unresolved variances must be reconciled, documented, and/or investigated by accounting/revenue audit.

(16) After certification by the agent receiving the funds, the drop proceeds must be transferred to the cage/vault.

(i) The count documentation and records must not be transferred to the cage/vault with the drop proceeds.

(ii) The cage/vault agent must not have knowledge or record of the drop proceeds total before it is verified.

(iii) All count records must be forwarded to accounting secured and accessible only by accounting agents.

(iv) The cage/vault agent receiving the transferred drop proceeds must sign the count sheet attesting to the verification of the total received, and thereby assuming accountability of the drop proceeds, and ending the count.

(v) Any unresolved variances between total drop proceeds recorded on the count room report and the cage/vault final verification during transfer must be documented and investigated.

(17) The count sheet, with all supporting documents, must be delivered to the accounting department by a count team member or agent independent of the cashiers department. Alternatively, it may be adequately secured and accessible only by accounting department.

(h) Collecting currency cassettes and financial instrument storage components from kiosks. Controls must be established and procedures implemented to ensure that currency cassettes and financial instrument storage components are securely removed from kiosks. Such controls must include the following:

(1) Surveillance must be notified prior to the financial instrument storage components or currency cassettes being accessed in a kiosk.

(2) At least two agents must be involved in the collection of currency cassettes and/or financial instrument storage components from kiosks and at least one agent should be independent of kiosk accountability.

(3) Currency cassettes and financial instrument storage components must be secured in a manner that restricts access to only authorized agents.

(4) Redeemed vouchers and pulltabs (if applicable) collected from the kiosk must be secured and delivered to the appropriate department (cage or accounting) for reconciliation.

(5) Controls must be established and procedures implemented to ensure that currency cassettes contain the correct denominations and have been properly installed.

(i) Kiosk count standards. (1) Access to stored full kiosk financial instrument storage components and currency cassettes must be restricted to:

(i) Authorized agents; and

(ii) In an emergency, authorized persons for the resolution of a problem.

(2) The kiosk count must be performed in a secure area, such as the cage or count room.

(3) If counts from various revenue centers and kiosks occur simultaneously in the count room, procedures must be in effect that prevent the commingling of funds from the kiosks with any revenue centers.

(4) The kiosk financial instrument storage components and currency cassettes must be individually emptied and counted so as to prevent the commingling of funds between kiosks until the count of the kiosk contents has been recorded.

(i) The count of must be recorded in ink or other permanent form of recordation.

(ii) Coupons or other promotional items not included in gross revenue (if any) may be recorded on a supplemental document. All single-use coupons must be cancelled daily by an authorized agent to prevent improper recirculation.

(5) Procedures must be implemented to ensure that any corrections to the count documentation are permanent, identifiable, and the original, corrected information remains legible. Corrections must be verified by two agents.

(j) Controlled keys. Controls must be established and procedures implemented to safeguard the use, access, and security of keys for kiosks.

(k) Variances. The operation must establish, as approved by the TGRA, the threshold level at which a variance must be reviewed to determine the cause. Any such review must be documented.

[77 FR 58712, Sept. 21, 2012, as amended at 78 FR 63874, Oct. 25, 2013]

(a) Supervision. Supervision must be provided as needed for cage, vault, kiosk, and other operations using cash or cash equivalents by an agent(s) with authority equal to or greater than those being supervised.

(b) Check cashing.

(1) If checks are cashed at the cage, the controls must provide for security and integrity. For each check cashing transaction, the agent(s) conducting the transaction must:

(i) Verify the patron's identity;

(ii) Examine the check to ensure it includes the patron's name, current address, and signature;

(iii) For personal checks, verify the patron's check cashing authority and record the source and results in accordance with management policy; however

(iv) If a check guarantee service is used to guarantee the transaction and the procedures required by the check guarantee service are followed, then the above requirements do not apply.

(2) When counter checks are issued, the following must be included on the check:

(i) The patron's name and signature;

(ii) The dollar amount of the counter check;

(iii) Patron's bank name, bank routing, and account numbers;

(iv) Date of issuance; and

(v) Signature of the agent approving the counter check transaction.

(3) Checks that are not deposited in the normal course of business, as established by management, (held checks) are subject to §543.15 lines of credit standards.

(4) When traveler's checks or other guaranteed drafts, such as cashier's checks, are presented, the cashier must comply with the examination and documentation procedures as required by the issuer.

(5) If a third party check cashing or guarantee service is used, the examination and documentation procedures required by the service provider apply, unless otherwise provided by tribal law or regulation.

(c) Cage and vault accountability.

(1) All transactions that flow through the cage must be summarized for each work shift of the cage and must be supported by documentation.

(2) Increases and decreases to the total cage inventory must be verified, supported by documentation, and recorded. Documentation must include the date and shift, the purpose of the increase/decrease, the agent(s) completing the transaction, and the person or department receiving the cage funds (for decreases only).

(3) The cage and vault inventories (including coin rooms) must be counted independently by at least two agents, attested to by signature, and recorded in ink or other permanent form at the end of each shift during which the activity took place. These agents must make individual counts to compare for accuracy and maintain individual accountability. All variances must be documented and investigated.

(4) The gaming operation must establish and comply with a minimum bankroll formula to ensure the gaming operation maintains cash or cash equivalents (on hand and in the bank, if readily accessible) in an amount sufficient to satisfy obligations to the gaming operation's patrons as they are incurred.

(d) Kiosks.

(1) Kiosks must be maintained on the cage accountability and must be counted independently by at least two agents, documented, and reconciled for each increase or decrease to the kiosk inventory.

(2) Currency cassettes must be counted and filled by an agent and verified independently by at least one agent, all of whom must sign each cassette.

(3) Currency cassettes must be secured with a lock or tamper resistant seal and, if not placed inside a kiosk, must be stored in a secured area of the cage/vault.

(4) The TGRA or the gaming operation, subject to the approval of the TGRA, must develop and implement physical security controls over the kiosks. Controls should address the following: forced entry, evidence of any entry, and protection of circuit boards containing programs.

(5) With regard to cashless systems, the TGRA or the gaming operation, subject to the approval of the TGRA, must develop and implement procedures to ensure that communications between the kiosk and system are secure and functioning.

(6) The following reconciliation reports must be available upon demand for each day, shift, and drop cycle (this is not required if the system does not track the information, but system limitation(s) must be noted):

(i) Starting balance dollar amount per financial instrument;

(ii) Starting balance number of items per financial instrument;

(iii) Dollar amount per financial instrument issued;

(iv) Number of items per financial instrument issued;

(v) Dollar amount per financial instrument issued;

(vi) Number of items per financial instrument redeemed;

(vii) Dollar amount per financial instrument increases;

(viii) Number of items per financial instrument increases;

(ix) Dollar amount per financial instrument decreases;

(x) Number of items per financial instrument decreases;

(xi) Ending balance dollar amount per financial instrument; and

(xii) Ending balance number of items per financial instrument.

(e) Patron deposited funds. If a gaming operation permits a patron to deposit funds with the gaming operation at the cage, and when transfers of patron deposited funds are transferred to a gaming area for wagering purposes, the following standards apply:

(1) The receipt or withdrawal of a patron deposit must be documented, with a copy given to the patron and a copy remaining in the cage.

(2) Both copies of the document of receipt or withdrawal must contain the following information:

(i) Same receipt number on each copy;

(ii) Patron's name and signature;

(iii) Date of receipt and withdrawal;

(iv) Dollar amount of deposit/withdrawal (for foreign currency transactions include the US dollar equivalent, the name of the foreign country, and the amount of the foreign currency by denomination);

(v) Nature of deposit/withdrawal; and

(vi) Name and signature of the agent who conducted the transaction.

(3) Procedures must be established and complied with for front money deposits to:

(i) Maintain a detailed record by patron name and date of all funds on deposit;

(ii) Maintain a current balance of all patron deposits that are in the cage/vault inventory or accountability; and

(iii) Reconcile the current balance with the deposits and withdrawals at least daily.

(f) Promotional payments, drawings, and giveaway programs. The following procedures must apply to any payment resulting from a promotional payment, drawing, or giveaway program disbursed by the cage department or any other department. This section does not apply to payouts for card game promotional pots and/or pools.

(1) All payments must be documented to support the cage accountability.

(2) Payments above $600 (or lesser amount as approved by TGRA) must be documented at the time of the payment, and documentation must include the following:

(i) Date and time;

(ii) Dollar amount of payment or description of personal property;

(iii) Reason for payment; and

(iv) Patron's name and confirmation that identity was verified (drawings only).

(v) Signature(s) of at least two agents verifying, authorizing, and completing the promotional payment with the patron. For computerized systems that validate and print the dollar amount of the payment on a computer generated form, only one signature is required.

(g) Chip(s) and token(s). Controls must be established and procedures implemented to ensure accountability of chip and token inventory. Such controls must include, but are not limited to, the following:

(1) Purchase;

(2) Receipt;

(3) Inventory;

(4) Storage; and

(5) Destruction.

(h) Vouchers.

(1) Controls must be established and procedures implemented to:

(i) Verify the authenticity of each voucher redeemed.

(ii) If the voucher is valid, verify that the patron is paid the appropriate amount.

(iii) Document the payment of a claim on a voucher that is not physically available or a voucher that cannot be validated such as a mutilated, expired, lost, or stolen voucher.

(iv) Retain payment documentation for reconciliation purposes.

(v) For manual payment of a voucher of $500 or more, require a supervisory employee to verify the validity of the voucher prior to payment.

(2) Vouchers paid during a period while the voucher system is temporarily out of operation must be marked “paid” by the cashier.

(3) Vouchers redeemed while the voucher system was temporarily out of operation must be validated as expeditiously as possible upon restored operation of the voucher system.

(4) Paid vouchers must be maintained in the cashier's accountability for reconciliation purposes.

(5) Unredeemed vouchers can only be voided in the voucher system by supervisory employees. The accounting department will maintain the voided voucher, if available.

(i) Cage and vault access. Controls must be established and procedures implemented to:

(1) Restrict physical access to the cage to cage agents, designated staff, and other authorized persons; and

(2) Limit transportation of extraneous items such as personal belongings, tool boxes, beverage containers, etc., into and out of the cage.

(j) Variances. The operation must establish, as approved by the TGRA, the threshold level at which a variance must be reviewed to determine the cause. Any such review must be documented.

(a) Supervision.

(1) Controls must identify the supervisory agent in the department or area responsible for ensuring that the department or area is operating in accordance with established policies and procedures.

(2) The supervisory agent must be independent of the operation of Class II games.

(3) Controls must ensure that duties are adequately segregated and monitored to detect procedural errors and to prevent the concealment of fraud.

(4) Information technology agents having access to Class II gaming systems may not have signatory authority over financial instruments and payout forms and must be independent of and restricted from access to:

(i) Financial instruments;

(ii) Accounting, audit, and ledger entries; and

(iii) Payout forms.

(b) As used in this section only, a system is any computerized system that is integral to the gaming environment. This includes, but is not limited to, the server and peripherals for Class II gaming system, accounting, surveillance, essential phone system, and door access and warning systems.

(c) Class II gaming systems' logical and physical controls. Controls must be established and procedures implemented to ensure adequate:

(1) Control of physical and logical access to the information technology environment, including accounting, voucher, cashless and player tracking systems, among others used in conjunction with Class II gaming;

(2) Physical and logical protection of storage media and its contents, including recovery procedures;

(3) Access credential control methods;

(4) Record keeping and audit processes; and

(5) Departmental independence, including, but not limited to, means to restrict agents that have access to information technology from having access to financial instruments.

(d) Physical security.

(1) The information technology environment and infrastructure must be maintained in a secured physical location such that access is restricted to authorized agents only.

(2) Access devices to the systems' secured physical location, such as keys, cards, or fobs, must be controlled by an independent agent.

(3) Access to the systems' secured physical location must be restricted to agents in accordance with established policies and procedures, which must include maintaining and updating a record of agents granted access privileges.

(4) Network Communication Equipment must be physically secured from unauthorized access.

(e) Logical security.

(1) Controls must be established and procedures implemented to protect all systems and to ensure that access to the following is restricted and secured:

(i) Systems' software and application programs;

(ii) Data associated with Class II gaming; and

(iii) Communications facilities, systems, and information transmissions associated with Class II gaming systems.

(2) Unused services and non-essential ports must be disabled whenever possible.

(3) Procedures must be implemented to ensure that all activity performed on systems is restricted and secured from unauthorized access, and logged.

(4) Communications to and from systems via Network Communication Equipment must be logically secured from unauthorized access.

(f) User controls.

(1) Systems, including application software, must be secured with passwords or other means for authorizing access.

(2) Management personnel or agents independent of the department being controlled must assign and control access to system functions.

(3) Access credentials such as passwords, PINs, or cards must be controlled as follows:

(i) Each user must have his or her own individual access credential;

(ii) Access credentials must be changed at an established interval approved by the TGRA; and

(iii) Access credential records must be maintained either manually or by systems that automatically record access changes and force access credential changes, including the following information for each user:

(A) User's name;

(B) Date the user was given access and/or password change; and

(C) Description of the access rights assigned to user.

(4) Lost or compromised access credentials must be deactivated, secured or destroyed within an established time period approved by the TGRA.

(5) Access credentials of terminated users must be deactivated within an established time period approved by the TGRA.

(6) Only authorized agents may have access to inactive or closed accounts of other users, such as player tracking accounts and terminated user accounts.

(g) Installations and/or modifications.

(1) Only TGRA authorized or approved systems and modifications may be installed.

(2) Records must be kept of all new installations and/or modifications to Class II gaming systems. These records must include, at a minimum:

(i) The date of the installation or modification;

(ii) The nature of the installation or change such as new software, server repair, significant configuration modifications;

(iii) Evidence of verification that the installation or the modifications are approved; and

(iv) The identity of the agent(s) performing the installation/modification.

(3) Documentation must be maintained, such as manuals and user guides, describing the systems in use and the operation, including hardware.

(h) Remote access.

(1) Agents may be granted remote access for system support, provided that each access session is documented and maintained at the place of authorization. The documentation must include:

(i) Name of agent authorizing the access;

(ii) Name of agent accessing the system;

(iii) Verification of the agent's authorization;

(iv) Reason for remote access;

(v) Description of work to be performed;

(vi) Date and time of start of end-user remote access session; and

(vii) Date and time of conclusion of end-user remote access session.

(2) All remote access must be performed via a secured method.

(i) Incident monitoring and reporting.

(1) Procedures must be implemented for responding to, monitoring, investigating, resolving, documenting, and reporting security incidents associated with information technology systems.

(2) All security incidents must be responded to within an established time period approved by the TGRA and formally documented.

(j) Data backups.

(1) Controls must include adequate backup, including, but not limited to, the following:

(i) Daily data backup of critical information technology systems;

(ii) Data backup of critical programs or the ability to reinstall the exact programs as needed;

(iii) Secured storage of all backup data files and programs, or other adequate protection;

(iv) Mirrored or redundant data source; and

(v) Redundant and/or backup hardware.

(2) Controls must include recovery procedures, including, but not limited to, the following:

(i) Data backup restoration;

(ii) Program restoration; and

(iii) Redundant or backup hardware restoration.

(3) Recovery procedures must be tested on a sample basis at specified intervals at least annually. Results must be documented.

(4) Backup data files and recovery components must be managed with at least the same level of security and access controls as the system for which they are designed to support.

(k) Software downloads. Downloads, either automatic or manual, must be performed in accordance with 25 CFR 547.12.

(l) Verifying downloads. Following download of any Class II gaming system software, the Class II gaming system must verify the downloaded software using a software signature verification method. Using any method it deems appropriate, the TGRA must confirm the verification.

(a) Supervision. Supervision must be provided as needed for surveillance by an agent(s) with authority equal to or greater than those being supervised.

(b) Surveillance equipment and control room(s). Controls must be established and procedures implemented that include the following:

(1) For Tier A, the surveillance system must be maintained and operated from a secured location, such as a locked cabinet. For Tiers B and C, the surveillance system must be maintained and operated from a staffed surveillance operation room(s).

(2) The surveillance operation room(s) must be secured to prevent unauthorized entry.

(3) Access to the surveillance operation room(s) must be limited to surveillance agents and other authorized persons.

(4) Surveillance operation room(s) access logs must be maintained.

(5) Surveillance operation room equipment must have total override capability over all other satellite surveillance equipment.

(6) Power loss to the surveillance system:

(i) For Tier A, in the event of power loss to the surveillance system, alternative security procedures, such as additional supervisory or security agents, must be implemented immediately.

(ii) For Tier B and C, in the event of power loss to the surveillance system, an auxiliary or backup power source must be available and capable of providing immediate restoration of power to the surveillance system to ensure that surveillance agents can observe all areas covered by dedicated cameras.

(7) The surveillance system must record an accurate date and time stamp on recorded events. The displayed date and time must not significantly obstruct the recorded view.

(8) All surveillance agents must be trained in the use of the equipment, games, and house rules.

(9) Each camera required by the standards in this section must be installed in a manner that will prevent it from being readily obstructed, tampered with, or disabled.

(10) The surveillance system must:

(i) Have the capability to display all camera views on a monitor;

(ii) Include sufficient numbers of recording devices to record the views of all cameras required by this section;

(iii) Record all camera views; and

(iv) For Tier B and C only, include sufficient numbers of monitors to simultaneously display gaming and count room activities.

(11) A periodic inspection of the surveillance systems must be conducted. When a malfunction of the surveillance system is discovered, the malfunction and necessary repairs must be documented and repairs initiated within seventy-two (72) hours.

(i) If a dedicated camera malfunctions, alternative security procedures, such as additional supervisory or security agents, must be implemented immediately.

(ii) The TGRA must be notified of any surveillance system and/or camera(s) that have malfunctioned for more than twenty-four (24) hours and the alternative security measures being implemented.

(c) Additional surveillance requirements. With regard to the following functions, controls must also include:

(1) Surveillance of the progressive prize meters for Class II gaming systems at the following thresholds:

(i) Wide area progressives with a reset amount of $1 million; and

(ii) In-house progressives with a reset amount of $250,000.

(2) Manual bingo:

(i) For manual draws, the surveillance system must monitor the bingo ball drawing device or mechanical random number generator, which must be recorded during the course of the draw by a dedicated camera to identify the numbers or other designations drawn; and

(ii) The surveillance system must monitor and record the activities of the bingo game, including drawing, and entering the balls, numbers or other designations drawn.

(3) Card games:

(i) Except for card game tournaments, a dedicated camera(s) with sufficient clarity must be used to provide:

(A) An overview of the activities on each card table surface, including card faces and cash and/or cash equivalents;

(B) An overview of card game activities, including patrons and dealers; and

(C) An unobstructed view of all posted progressive pool amounts.

(ii) For card game tournaments, a dedicated camera(s) must be used to provide an overview of tournament activities, and any area where cash or cash equivalents are exchanged.

(4) Cage and vault:

(i) The surveillance system must monitor and record a general overview of activities occurring in each cage and vault area with sufficient clarity to identify individuals within the cage and patrons and staff members at the counter areas and to confirm the amount of each cash transaction;

(ii) Each cashier station must be equipped with one (1) dedicated overhead camera covering the transaction area; and

(iii) The cage or vault area in which exchange and transfer transactions occur must be monitored and recorded by a dedicated camera or motion activated dedicated camera that provides coverage with sufficient clarity to identify the chip values and the amounts on the exchange and transfer documentation. Controls provided by a computerized exchange and transfer system constitute an adequate alternative to viewing the amounts on the exchange and transfer documentation.

(5) Count rooms:

(i) The surveillance system must monitor and record with sufficient clarity a general overview of all areas where cash or cash equivalents may be stored or counted; and

(ii) The surveillance system must provide coverage of count equipment with sufficient clarity to view any attempted manipulation of the recorded data.

(6) Kiosks: The surveillance system must monitor and record a general overview of activities occurring at each kiosk with sufficient clarity to identify the activity and the individuals performing it, including maintenance, drops or fills, and redemption of wagering vouchers or credits.

(d) Reporting requirements. TGRA-approved procedures must be implemented for reporting suspected crimes and suspicious activity.

(e) Recording retention. Controls must be established and procedures implemented that include the following:

(1) All recordings required by this section must be retained for a minimum of seven days; and

(2) Suspected crimes, suspicious activity, or detentions by security agents discovered within the initial retention period must be copied and retained for a time period, not less than one year.

(f) Logs. Logs must be maintained and demonstrate the following:

(1) Compliance with the storage, identification, and retention standards required in this section;

(2) Each malfunction and repair of the surveillance system as defined in this section; and

(3) Activities performed by surveillance agents as required by the controls in this section.

[77 FR 58712, Sept. 21, 2012, as amended at 78 FR 63875, Oct. 25, 2013]

(a) Conflicts of standards. When establishing SICS, the gaming operation should review, and consider incorporating, other external standards such as GAAP, GAAS, and standards promulgated by GASB and FASB. In the event of a conflict between the MICS and the incorporated external standards, the external standards prevail.

(b) Accounting. Controls must be established and procedures implemented to safeguard assets and ensure each gaming operation:

(1) Prepares accurate, complete, legible, and permanent records of all transactions pertaining to gaming revenue and activities for operational accountability.

(2) Prepares general accounting records on a double-entry system of accounting, maintaining detailed, supporting, subsidiary records, and performs the following activities:

(i) Record gaming activity transactions in an accounting system to identify and track all revenues, expenses, assets, liabilities, and equity;

(ii) Record all markers, IOU's, returned checks, held checks, or other similar credit instruments;

(iii) Record journal entries prepared by the gaming operation and by any independent accountants used;

(iv) Prepare income statements and balance sheets;

(v) Prepare appropriate subsidiary ledgers to support the balance sheet;

(vi) Prepare, review, and maintain accurate financial statements;

(vii) Prepare transactions in accordance with the appropriate authorization, as provided by management;

(viii) Record transactions to facilitate proper recording of gaming revenue and fees, and to maintain accountability of assets;

(ix) Compare recorded accountability for assets to actual assets at periodic intervals, and take appropriate action with respect to any variances;

(x) Segregate functions, duties, and responsibilities;

(xi) Prepare minimum bankroll calculations; and

(xii) Maintain and preserve all financial records and relevant supporting documentation.

(c) Internal audit. Controls must be established and procedures implemented to ensure that:

(1) Internal auditor(s) perform audits of each department of a gaming operation, at least annually, to review compliance with TICS, SICS, and these MICS, which include at least the following areas:

(i) Bingo, including supervision, bingo cards, bingo card sales, draw, prize payout; cash and equivalent controls, technologic aids to the play of bingo, operations, vouchers, and revenue audit procedures;

(ii) Pull tabs, including, supervision, pull tab inventory, pull tab sales, winning pull tabs, pull tab operating funds, statistical records, and revenue audit procedures;

(iii) Card games, including supervision, exchange or transfers, playing cards, shill funds, reconciliation of card room bank, posted rules, and promotional progressive pots and pools;

(iv) Gaming promotions and player tracking procedures, including supervision, gaming promotion rules and player tracking systems;

(v) Complimentary services or items, including procedures for issuing, authorizing, redeeming, and reporting complimentary service items;

(vi) Patron deposit accounts and cashless systems procedures, including supervision, patron deposit accounts and cashless systems, as well as patron deposits, withdrawals and adjustments;

(vii) Lines of credit procedures, including establishment of lines of credit policy;

(viii) Drop and count standards, including supervision, count room access, count team, card game drop standards, player interface and financial instrument drop standards, card game count standards, player interface financial instrument count standards, and controlled keys;

(ix) Cage, vault, cash and cash equivalent procedures, including supervision, cash and cash equivalents, personal checks, cashier's checks, traveler's checks, payroll checks, and counter checks, cage and vault accountability, kiosks, patron deposited funds, promotional payouts, drawings, and giveaway programs, chip and token standards, and cage and vault access;

(x) Information technology, including supervision, class II gaming systems' logical and physical controls, independence, physical security, logical security, user controls, installations and/or modifications, remote access, incident monitoring and reporting, data back-ups, software downloads, and verifying downloads; and

(xi) Accounting standards, including accounting records, maintenance and preservation of financial records and relevant supporting documentation.

(2) Internal auditor(s) are independent of gaming operations with respect to the departments subject to audit (auditors internal to the operation, officers of the TGRA, or outside CPA firm may perform this function).

(3) Internal auditor(s) report directly to the Tribe, TGRA, audit committee, or other entity designated by the Tribe.

(4) Documentation such as checklists, programs, reports, etc. is prepared to evidence all internal audit work and follow-up performed as it relates to compliance with TICS, SICS, and these MICS, including all instances of noncompliance.

(5) Audit reports are maintained and made available to the Commission upon request and must include the following information:

(i) Audit objectives;

(ii) Audit procedures and scope;

(iii) Findings and conclusions;

(iv) Recommendations, if applicable; and

(v) Management's response.

(6) All material exceptions identified by internal audit work are investigated and resolved and the results are documented.

(7) Internal audit findings are reported to management, responded to by management stating corrective measures to be taken, and included in the report delivered to management, the Tribe, TGRA, audit committee, or other entity designated by the Tribe for corrective action.

(8) Follow-up observations and examinations is performed to verify that corrective action has been taken regarding all instances of non-compliance. The verification is performed within six (6) months following the date of notification of non-compliance.

(d) Annual requirements.

(1) Agreed upon procedures. A CPA must be engaged to perform an assessment to verify whether the gaming operation is in compliance with these MICS, and/or the TICS or SICS if they provide at least the same level of controls as the MICS. The assessment must be performed in accordance with agreed upon procedures and the most recent versions of the Statements on Standards for Attestation Engagements and Agreed-Upon Procedures Engagements (collectively “SSAEs”), issued by the American Institute of Certified Public Accountants.

(2) The tribe must submit two copies of the agreed-upon procedures report to the Commission within 120 days of the gaming operation's fiscal year end in conjunction with the submission of the annual financial audit report required pursuant to 25 CFR part 571.

(3) Review of internal audit.

(i) The CPA must determine compliance by the gaming operation with the internal audit requirements in this paragraph (d) by:

(A) Completing the internal audit checklist;

(B) Ensuring that the internal auditor completed checklists for each gaming department of the operation;

(C) Verifying that any areas of non-compliance have been identified;

(D) Ensuring that audit reports are completed and include responses from management; and

(E) Verifying that appropriate follow-up on audit findings has been conducted and necessary corrective measures have been taken to effectively mitigate the noted risks.

(ii) If the CPA determines that the internal audit procedures performed during the fiscal year have been properly completed, the CPA may rely on the work of the internal audit for the completion of the MICS checklists as they relate to the standards covered by this part.

(4) Report format. The SSAEs are applicable to agreed-upon procedures engagements required in this part. All noted instances of noncompliance with the MICS and/or the TICS or SICS, if they provide the same level of controls as the MICS, must be documented in the report with a narrative description, the number of exceptions and sample size tested.

(a) Supervision. Supervision must be provided as needed for bingo operations by an agent(s) with authority equal to or greater than those being supervised.

(b) Independence. Audits must be performed by agent(s) independent of the transactions being audited.

(c) Documentation. The performance of revenue audit procedures, the exceptions noted, and the follow-up of all revenue audit exceptions must be documented and maintained.

(d) Controls must be established and procedures implemented to audit of each of the following operational areas:

(1) Bingo.

(i) At the end of each month, verify the accuracy of the ending balance in the bingo control log by reconciling it with the bingo paper inventory. Investigate and document any variance noted.

(ii) Daily, reconcile supporting records and documents to summarized paperwork or electronic records (e.g. total sales and payouts per shift and/or day).

(iii) At least monthly, review variances related to bingo accounting data in accordance with an established threshold, which must include, at a minimum, variance(s) noted by the Class II gaming system for cashless transactions in and out, electronic funds transfer in and out, external bonus payouts, vouchers out and coupon promotion out. Investigate and document any variance noted.

(iv) At least monthly, review statistical reports for any deviations from the mathematical expectations exceeding a threshold established by the TGRA. Investigate and document any deviations compared to the mathematical expectations required to be submitted per §547.4.

(v) At least monthly, take a random sample, foot the vouchers redeemed and trace the totals to the totals recorded in the voucher system and to the amount recorded in the applicable cashier's accountability document.

(2) Pull tabs.

(i) Daily, verify the total amount of winning pull tabs redeemed each day.

(ii) At the end of each month, verify the accuracy of the ending balance in the pull tab control log by reconciling the pull tabs on hand. Investigate and document any variance noted.

(iii) At least monthly, compare for reasonableness the amount of pull tabs sold from the pull tab control log to the amount of pull-tab sales.

(iv) At least monthly, review statistical reports for any deviations exceeding a specified threshold, as defined by the TGRA. Investigate and document any large and unusual fluctuations noted.

(3) Card games.

(i) Daily, reconcile the amount indicated on the progressive sign/meter to the cash counted or received by the cage and the payouts made for each promotional progressive pot and pool. This reconciliation must be sufficiently documented, including substantiation of differences and adjustments.

(ii) At least monthly, review all payouts for the promotional progressive pots, pools, or other promotions to verify payout accuracy and proper accounting treatment and that they are conducted in accordance with conditions provided to the patrons.

(iii) At the conclusion of each contest/tournament, reconcile all contest/tournament entry and payout forms to the dollar amounts recorded in the appropriate accountability document.

(4) Gaming promotions and player tracking.

(i) At least monthly, review promotional payments, drawings, and giveaway programs to verify payout accuracy and proper accounting treatment in accordance with the rules provided to patrons.

(ii) At least monthly, for computerized player tracking systems, perform the following procedures:

(A) Review authorization documentation for all manual point additions/deletions for propriety;

(B) Review exception reports, including transfers between accounts; and

(C) Review documentation related to access to inactive and closed accounts.

(iii) At least annually, all computerized player tracking systems must be reviewed by agent(s) independent of the individuals that set up or make changes to the system parameters. The review must be performed to determine that the configuration parameters are accurate and have not been altered without appropriate management authorization Document and maintain the test results.

(5) Complimentary services or items. At least monthly, review the reports required in §543.13(d). These reports must be made available to those entities authorized by the TGRA or by tribal law or ordinance.

(6) Patron deposit accounts.

(i) At least weekly, reconcile patron deposit account liability (deposits ±adjustments−withdrawals = total account balance) to the system record.

(ii) At least weekly, review manual increases and decreases to/from player deposit accounts to ensure proper adjustments were authorized.

(7) Lines of credit.

(i) At least three (3) times per year, an agent independent of the cage, credit, and collection functions must perform the following review:

(A) Select a sample of line of credit accounts;

(B) Ascertain compliance with credit limits and other established credit issuance procedures;

(C) Reconcile outstanding balances of both active and inactive (includes write-offs and settlements) accounts on the accounts receivable listing to individual credit records and physical instruments. This procedure need only be performed once per year for inactive accounts; and

(D) Examine line of credit records to determine that appropriate collection efforts are being made and payments are being properly recorded.

(E) For at least five (5) days during the review period, subsequently reconcile partial payment receipts to the total payments recorded by the cage for the day and account for the receipts numerically.

(ii) At least monthly, perform an evaluation of the collection percentage of credit issued to identify unusual trends.

(8) Drop and count.

(i) At least quarterly, unannounced currency counter and currency counter interface (if applicable) tests must be performed, and the test results documented and maintained. All denominations of currency and all types of cash out tickets counted by the currency counter must be tested. This test may be performed by internal audit or the TGRA. The result of these tests must be documented and signed by the agent(s) performing the test.

(ii) At least quarterly, unannounced weigh scale and weigh scale interface (if applicable) tests must be performed, and the test results documented and maintained. This test may be performed by internal audit or the TGRA. The result of these tests must be documented and signed by the agent(s) performing the test.

(iii) For computerized key security systems controlling access to drop and count keys, perform the following procedures:

(A) At least quarterly, review the report generated by the computerized key security system indicating the transactions performed by the individual(s) that adds, deletes, and changes users' access within the system (i.e., system administrator). Determine whether the transactions completed by the system administrator provide adequate control over the access to the drop and count keys. Also, determine whether any drop and count key(s) removed or returned to the key cabinet by the system administrator was properly authorized;

(B) At least quarterly, review the report generated by the computerized key security system indicating all transactions performed to determine whether any unusual drop and count key removals or key returns occurred; and

(C) At least quarterly, review a sample of users that are assigned access to the drop and count keys to determine that their access to the assigned keys is appropriate relative to their job position.

(iv) At least quarterly, an inventory of all controlled keys must be performed and reconciled to records of keys made, issued, and destroyed. Investigations must be performed for all keys unaccounted for, and the investigation documented.

(9) Cage, vault, cash, and cash equivalents.

(i) At least monthly, the cage accountability must be reconciled to the general ledger.

(ii) At least monthly, trace the amount of cage deposits to the amounts indicated in the bank statements.

(iii) Twice annually, a count must be performed of all funds in all gaming areas (i.e. cages, vaults, and booths (including reserve areas), kiosks, cash-out ticket redemption machines, and change machines. Count all chips and tokens by denomination and type. Count individual straps, bags, and imprest banks on a sample basis. Reconcile all amounts counted to the amounts recorded on the corresponding accountability forms to ensure that the proper amounts are recorded. Maintain documentation evidencing the amount counted for each area and the subsequent comparison to the corresponding accountability form. The count must be completed within the same gaming day for all areas.

(A) Counts must be observed by an individual independent of the department being counted. It is permissible for the individual responsible for the funds to perform the actual count while being observed.

(B) Internal audit may perform and/or observe the two counts.

(iv) At least annually, select a sample of invoices for chips and tokens purchased, and trace the dollar amount from the purchase invoice to the accountability document that indicates the increase to the chip or token inventory to ensure that the proper dollar amount has been recorded.

(v) At each business year end, create and maintain documentation evidencing the amount of the chip/token liability, the change in the liability from the previous year, and explanations for adjustments to the liability account including any adjustments for chip/token float.

(vi) At least monthly, review a sample of returned checks to determine that the required information was recorded by cage agent(s) when the check was cashed.

(vii) At least monthly, review exception reports for all computerized cage systems for propriety of transactions and unusual occurrences. The review must include, but is not limited to, voided authorizations. All noted improper transactions or unusual occurrences identified must be investigated and the results documented.

(viii) Daily, reconcile all parts of forms used to document increases/decreases to the total cage inventory, investigate any variances noted, and document the results of such investigations.

(10) Inventory.

(i) At least monthly, verify receipt, issuance, and use of controlled inventory, including, but not limited to, bingo cards, pull tabs, playing cards, keys, pre-numbered and/or multi-part forms.

(ii) Periodically perform minimum bankroll calculations to ensure that the gaming operation maintains cash in an amount sufficient to satisfy the gaming operation's obligations.














Disclaimer: This content has been enhanced for improved usability, user is solely responsible for accessing and use of the content provided on this page. To read the original content published by the government, please check with GPO.
* Based on consolidated data.
 
© 2012 RegsToday.com. All Rights Reserved. Privacy Policy
C