Nevada’s gaming industry is in large part self-regulating. Gaming companies must take on the onerous task of drafting and submitting their compliance plans for approval to the Corporate Securities Division of the Nevada Gaming Control Board. Once approved and implemented, the Division regularly audits these compliance plans to ensure that companies are complying with their plans and to determine whether their company cultures embrace compliance. This article describes the overall audit process.
Selection for a compliance audit occurs on a periodic rotation. The Division maintains a master chart that details when the last audit was held for each gaming company and when the next audit is due. This methodology results in companies undergoing an audit approximately every two years. Selection also may occur, however, based on the conduct of a company. For example, if a company commits an egregious compliance violation, the Division will direct their attention to that company’s compliance plan and their adherence to it.
Depending upon the size of the company, the Division typically will assign one or two agents to conduct the audit, and it will take between one and two weeks to complete. A company can expect the agents to be physically present at the corporate headquarters throughout this period. The review will consider several regulatory objectives such as:
- Are the compliance controls working?
- Do the compliance controls adequately detect the types of regulatory violations and crimes to which the company is vulnerable?
- Has the compliance program been modified or adapted to take into account any known criminal or regulatory violations?
- Should the compliance program be reviewed or updated to reflect any new company or industry threats or to reflect best practices within the industry?
For the company, the audit begins with the receipt of a document request letter from the Division detailing an initial list of documents the agents want to review. Typically, the Division will request access to the compliance plan and procedures, compliance committee minutes and due diligence checks. Following the request, an initial meeting will be held between the company’s compliance staff and the agents handling the audit. During this meeting, the compliance staff has the opportunity to express any thoughts or concerns regarding the company’s compliance plan. Likewise, the agents explain procedures and demystify the process. At this time, the compliance staff should provide the documents pursuant to the Division’s earlier request. This is only the first production of documentation as additional requests are likely throughout the audit. These requests can be broad and be directed at documents in any area of the gaming company’s operations. Compliance plans customarily have policies that all personnel must respond to requests by the Gaming Authorities for access to books, documents, records and papers relating to the company’s business activities. Willful failure to comply with the directive is usually grounds for summary termination of employment.
After the initial conference, the agents review the company’s compliance plan. The agents begin by preparing a matrix of the company’s compliance plan to crosscheck the files to ensure the company is conducting appropriate safeguards and vetting. Generally, each plan has mandated activities requiring due diligence reviews of those vendors, suppliers, lobbyists, key employees and consultants whose compensation or other payments are material because they exceed designated financial thresholds. A crucial ingredient of the audit, therefore, becomes whether the activities that trigger these requirements are being recognized and that the company conducted the appropriate due diligence once triggered.
The Division does not, however, want these audits to become full blown investigations. Agents typically only thoroughly examine a sample of the files to ensure the company is faithfully following their approved plan. They analyze and verify transactions and review organizational and functional activities. For instance, the company may have had the obligation to conduct due diligence on 120 vendors transactions for the period in which the agents are investigating. The agents may discover, however, that the company failed to address 12 of those transactions. Consequently, the agents note these omissions and address them both in their report and in a conference with the compliance staff to make sure the company remedies these omissions in the future.
The audit also evaluates the compliance committee minutes to assess the adequacy and effectiveness of compliance controls and to determine if the committee is following their instituted policies and procedures. In particular, the agents look to see if the committee is being notified of the issues and whether, when notified, is diligently and knowledgeably discussing the presented issues. As important as recognizing what activities trigger due diligence requirements is the commitment of the company to actively engage in meaningful discussions of those activities.
Once the agents complete the on-site audit, they compile a report of their findings. The report lists the areas analyzed in the audit, notes the areas where the company was proficient, but most importantly, analyzes areas of deficiency. The most common shortcoming involves companies not undertaking proper and complete due diligence of individuals, vendors and suppliers as required by their compliance plans. Whether this stems from lackadaisical staff, a lack of diligence in implementing the plan or the company’s inability to embrace compliance, audits persistently reveal overlooked events that should have triggered compliance review.
Other common violations found in compliance audits include:
- Failure to keep adequate records, e.g., records do not go far enough back, cannot be located, or do not exist.
- Failure of segregated company divisions to understand when compliance actions should be taken and then failure to forward compliance issues to the compliance officer or compliance committee,
e.g., a sales representative for a manufacturer/distributor conducts a sale of gaming equipment that exceeds a particular monetary threshold and as such should be reported to the compliance officer, however, the sale is not reported either because of a failure of the segregated divisions to inform each of the requirements or an internal failure on behalf of the company to demonstrate to the divisions the importance of such compliance.
- Failure to provide compliance committee with all relevant information necessary to properly perform compliance duties.
While these shortfalls are not minor, the compliance staff typically can remedy many of them simply through awareness and education. For that reason, the Division strives to complete the write-up process within a month. Due to excessive workloads and the possibility of being called off the audit to work on licensing projects, the audit report can be delayed, however, sometimes by as much as a year.
After the report is compiled, the agent(s) meet with either the Chief or Deputy Chief of the Corporate Securities Division, Mike Labadie and A.G. Burnett respectively. The report is then forwarded to all three members of the Gaming Control Board for their review and on occasion, the Gaming Commission. From this point on, the company will hear little unless the report uncovers serious compliance violations and the Board or Commission decides to pursue disciplinary actions.
The close of the compliance audit occurs with the Chief or Deputy Chief’s meeting with the company’s compliance staff to explain their findings. At this time, company officials can ask questions or recommend changes they feel would be beneficial to the company and the compliance plan. Often the Division and the Board are amendable to modifying the existing plans as requested by companies to improve efficiency of the compliance process. The Board’s focus is on not only effective but also practical plans that the company will embrace to ensure the culture of corporate compliance within Nevada gaming companies.
In the past company personnel often view compliance plans and officers as unwanted and incommodious interferences with business operations. This perception, however, is changing. Through the use of these audits, the Nevada Gaming Authorities endeavor to make compliance a prolific and central focus of gaming companies to ensure that they not only comply with the letter of the law but also establish compliance as an integral part of their company culture.
Click here to view this article as a PDF.