This website publishes administrative rules on their effective dates, as designated by the adopting state agencies, colleges, and
universities.
Rule |
Rule 3772-10-01 | Definitions.
Effective:
February 28, 2022
The following words and terms, when used in agency
3772 of the Administrative Code, have the following meanings, unless the
context clearly indicates otherwise: (A) "Accounting department"
means the casino operator's internal department that is responsible for
all financial, accounting, and revenue and gaming audit
activities. (B) "Asset number" means a
unique number assigned to electronic gaming equipment by a casino operator for
the purpose of tracking the electronic gaming equipment. (C) "Bill validator canister" means a mechanical
or electronic device designed to interface with electronic gaming equipment for
the purpose of storing any combination of United States currency, gaming
tickets, coupons, or other instruments authorized by the executive
director. (D) "Cashier's cage" means executive
director-approved secured rooms in which cashiers conduct transactions
associated with gaming. (E) "Complimentary" means any lodging, service,
or item that is provided directly or indirectly to an individual at no cost or
at a reduced cost and that is not generally available to the public. Group
rates, including convention and government rates, are deemed generally
available to the public. (F) "Contractor" means any
person that provides goods or services to a casino facility. (G) "Count room" means a secured room with access
controlled by two separate casino departments where the proceeds from gaming
are counted. (H) "Critical program storage media" and
"CPSM" mean any media storage device that contains data, files, or
programs and is determined by the executive director to be capable of affecting
the integrity of gaming. (I) "Drop" means the total amount of money,
tickets, and coupons removed from any slot machine, table game, or redemption
kiosk. (J) "Imprest" means the basis on which the
operating funds of cashiers are maintained. The opening and closing values must
be equal, and any difference must result in a variance. The funds may be
replenished as needed in exactly the value of the net of expenditures made from
the funds for value received. (K) "Incompatible functions" means functions or
duties that place any person or department in a position to perpetuate and
conceal errors, fraudulent or otherwise. (L) "Main bank" means the location in the casino
where acts that include the following are performed: (1) Transactions for
recording and storage of currency, coin, tokens, cash equivalents, and
negotiable instruments; (2) Preparation of bank
deposits; (3) Acceptance of
currency from the count room; and (4) Reconciliation of all
cage transactions. (M) "Manual payout" means any
payout not paid directly from electronic gaming equipment (EGE) or a table
game, and any taxable jackpot. (N) "Trolley" means an apparatus used for the
secured transport of the contents of the drop. (O) "Unclaimed winnings" means gaming winnings
that are held by the casino operator as a liability to a patron until that
patron is paid.
Last updated February 28, 2022 at 8:47 AM
|
Rule 3772-10-02 | Internal controls.
Effective:
February 28, 2022
(A) Each casino operator must submit
written internal controls, as required under agency 3772 of the Administrative
Code, for approval by the commission at a meeting held under section 3772.02 of
the Revised Code. No casino operator may operate without the commission's
approval of these internal controls. (B) Each casino operator may amend its
commission approved internal controls with the approval of the commission at a
meeting held under section 3772.02 of the Revised Code. For amendments
requiring immediate action, the executive director may discretionarily grant
temporary approval. Such temporary approval will be subject to final
consideration at the next scheduled commission meeting.
Last updated February 28, 2022 at 8:48 AM
|
Rule 3772-10-03 | Casino operator's organization.
Effective:
February 28, 2022
(A) Each casino operator must maintain an
organizational chart depicting the segregation of functions and describing the
duties for each position shown, which may be tailored to meet management needs
or policies so long as it does not conflict with Chapter 3772. of the Revised
Code and the rules adopted thereunder. A copy of the current organizational
chart must be made immediately available to the commission upon
request. (B) Each casino operator's
organizational charts must provide for the following: (1) A system of personnel
and chain of command that permits management and supervisory personnel to be
held accountable for actions or omissions within their areas of
responsibility; (2) The segregation of
incompatible functions, duties, and responsibilities so that no employee is in
a position both to commit an error or perpetrate a fraud and to conceal the
error or fraud in the normal course of the employee's duties; (3) The performance of
all functions, duties, and responsibilities in accordance with legitimate
financial practices by trained personnel; and (4) The areas of
responsibility that are not so extensive as to be impractical for one person to
monitor. (C) Alterations to the organizational
chart must be submitted to the executive director for approval. (D) Each casino operator must have the following departments and
supervisory positions, each of which must cooperate with, yet perform
independently of, other mandatory departments and supervisory
positions: (1) A surveillance
department supervised by a director of surveillance located at the
casino; (2) An internal audit
department supervised by a director of internal audit. The director of internal
audit must report directly to one of the following regarding matters of policy,
purpose, responsibility, and authority, and the following must also control the
hiring, termination, and salary of the director's position: (a) The independent audit committee of the operator's board
of directors; (b) The independent audit committee of the board of directors of
any holding or intermediary company of the facility manager that has authority
to direct the operations of the operator; (c) The internal audit executives of any holding or intermediate
company if the most senior executive in the reporting line reports directly to
the independent audit committee of the board of directors of the holding or
intermediary company; or (d) Another entity as approved by the executive
director; (3) An IT department
supervised by an IT director located at the casino; (4) A slots department
supervised by a slot director located at the casino; (5) A table games
department supervised by a table games director located at the
casino; (6) A security department
supervised by a director of security located at the casino; (7) An accounting
department supervised by a person who functions as the casino's
controller located at the casino. The controller must be responsible for all
accounting functions, including the preparation and control of books, records,
and data, the control of stored data, the control of unused forms, the
accounting for and comparison of operational data and forms; and (8) A cashier's cage
department supervised by a person located at the casino who functions as the
cage manager. The cage manager must be responsible for the control and
supervision of the cashier's cage, satellite cages, count room, and vault.
The cashier's cage may be separated into independent operations or
satellite cages to facilitate operations and accountability. The cashier's
cage department must be responsible for the following: (a) The custody and accountability of coin, currency, negotiable
instruments, documents, and records normally associated with the operation of a
cage; (b) Any other functions normally associated with the operation of
a cage; (c) The count room; (d) The vault; and (e) The control and supervision of gaming cashiers and change
persons. (9) A regulatory
compliance department supervised by a regulatory compliance officer located at
the casino. The regulatory compliance department must be responsible for the
casino's compliance with state and local law, including Chapter 3772. of
the Revised Code and the rules adopted thereunder, as well as the casino's
internal controls and procedures. The regulatory compliance officer must report
directly to one of the following regarding matters of policy, purpose,
responsibility, and authority, and the following must also control the hiring,
termination, and salary of the compliance officer's position: (a) The casino operator's corporate chief compliance
officer; or (b) Another position or entity as approved by the executive
director. (E) The casino operator's personnel must be trained in all
policies, procedures, and internal controls relevant to each employee's
individual function. The casino operator must develop special instructional
programs in addition to any on-the-job instruction sufficient to make each
member of the department knowledgeable about the requirements and performance
of all transactions relating to that employee's functions. (F) In addition to the department supervisory positions listed in
paragraph (B) of this rule, each casino operator must also employ a casino
general manager who must be the primary individual responsible for the
performance of the casino facility. All casino departments may be subject to
direct control by the casino general manager except the internal audit
department, the compliance department, and the surveillance
department. (G) If a vacancy in any of the casino operator's mandatory
department supervisory positions or in the casino general manager position
required by this chapter occurs or if written notice is received that such a
vacancy will occur in the future, the casino operator must: (1) Notify the executive
director immediately in writing of the vacant position; (2) Designate a licensed
person or persons to assume the duties and responsibilities of the vacant
position on a temporary basis; (3) Fill the position on
a permanent basis within sixty days after the effective date of the vacancy. An
extension of the temporary appointment to the position may be granted at the
discretion of the executive director and should not be unreasonably withheld;
and (4) Notify the executive
director immediately in writing upon the filling of the vacancy.
Last updated February 28, 2022 at 8:48 AM
|
Rule 3772-10-04 | Controlled demonstration.
Effective:
February 28, 2022
(A) Each casino operator must train its
licensed employees on agency 3772 of the Administrative Code and its internal
controls and procedures. Each casino operator must perform at least one
controlled demonstration of its ability to abide by the Administrative Code and
follow its internal controls and procedures before the executive director may
allow the casino facility to open to the public. If the casino operator does
not pass the controlled demonstration, then the executive director may require
additional controlled demonstrations. (B) The controlled demonstration must: (1) Be at a date, time, and duration set by the executive
director; (2) Use casino gaming equipment that has been approved by
the commission in accordance with Chapters 3772-9 and 3772-11 of the
Administrative Code; (3) Use cash or other actual consideration for live casino
gaming; (4) Involve at least one casino gaming employee shift
change; (5) Involve all aspects of casino gaming; (6) Involve dropping all or part of the casino gaming floor
to ensure proper accounting and security procedures; and (7) Meet any other requirements established by the
executive director. (C) The casino operator's share of the net win from
the controlled demonstration must go to a charitable organization, as defined
under section 1716.01 of the Revised Code.
Last updated February 28, 2022 at 8:48 AM
|
Rule 3772-10-05 | Forms, records, and documents.
Effective:
February 28, 2022
(A) Each casino operator must maintain
all forms and procedures necessary to account for gaming and financial
activities. (B) All books, forms, records, documents, and stored data
required by this rule must have the name of the casino facility, date of
completion, and the title of the book, form, record, document, or stored
data. (C) Whenever forms or serial numbers are required to be
accounted for under this rule and an exception is noted, the exception must be
reported in writing to the casino operator's internal audit department and
the commission upon identification of the exception. (D) Whenever a prenumbered form is voided, the original and
all copies must be marked "void" and the person voiding the form and
another person independent of the transaction must sign the voided form and
list the reason for the voided transaction. (E) Each casino operator's internal controls must
include procedures for using and retaining books, forms, records, documents,
and stored data as well as the following: (1) The department responsible for the receipt, control,
and issuance of all prenumbered forms. Serial numbers on manual forms must be
printed on the form by the manufacturer. Computerized forms must be
sequentially numbered by the computer system. Documentation of all serial
numbers must be maintained to account for the forms; and (2) Procedures for making corrections to a completed
form.
Last updated February 28, 2022 at 8:48 AM
|
Rule 3772-10-06 | Standard financial reports.
Effective:
February 28, 2022
(A) A casino operator must file the following financial
reports with the commission: (1) A balance sheet
submitted monthly and annually; (2) An income statement
submitted monthly and annually; (3) A cash flow statement
submitted monthly and annually; (4) A gross casino
revenue supplemental daily report and supporting documentation submitted
concurrent with the casino operator's daily submission to the department
of taxation, as required by section 5753.04 of the Revised Code;
and (5) Any other report
requested by the executive director. (B) Standard reporting forms and corresponding filing
instructions may be prescribed by the executive director to be used by a casino
operator in filing the reports specified in paragraph (A) of this
rule. (C) The annual financial statements must be prepared on a
comparative basis for the current and prior calendar years and present
financial position, results of operations, and cash flows in conformity with
generally accepted accounting principles. (D) The electronically transmitted reports or hard copy
reports required to be filed pursuant to this rule must be authorized by
individuals designated by the casino operator. In addition, the casino operator
must submit a letter attesting to the completeness and accuracy of the reports.
The letter must be signed by the casino operator's chief financial officer
or controller. (E) The reports required to be filed pursuant to this rule
must be addressed as prescribed by the commission and received no later than
the required filing date. The required filing dates are as
follows: (1) Gross casino revenue
supplemental daily reports, required by paragraph (A)(4) of this rule, are due
as required by section 5753.04 of the Revised Code. (2) Monthly reports are
due on the last calendar day of the following month or the next business day if
such day falls on a weekend or legal holiday; (3) Annual reports are
due on the last calendar day of the third month following the end of the casino
operator's calendar year or ten days after form 10-K (adopted March 2010)
is filed with the securities and exchange commission, whichever comes
first. (F) All significant adjustments resulting from the annual
audit are to be recorded in the accounting records of the year to which the
adjustment relates. If the adjustments were not reflected in any annual report
and the executive director concludes that the adjustments are significant, the
casino operator may be required to file a revised annual report. The revised
filing is due within thirty calendar days after written notification to the
casino operator, unless the casino operator submits a written request for an
extension before the required filing date and the extension is granted by the
executive director.
Last updated February 28, 2022 at 8:49 AM
|
Rule 3772-10-07 | Audits; other reports; suspicious transaction reporting.
Effective:
February 28, 2022
(A) Each casino operator must have its
annual financial statements audited by an independent certified public
accountant or, when appropriate, an independent registered certified public
accounting firm, licensed to practice in this state. The audit must be in
accordance with generally accepted auditing standards and, when applicable, the
standards of the accountancy board. The casino operator must report to the
commission the name of the independent certified public accountant or
independent registered certified public accounting firm as well as the lead
audit partner or other individual taking primary responsibility for the
financial statement audit engagement before the start of the
engagement. (B) The lead audit partner or other individual taking
primary responsibility for the financial statement audit engagement may serve a
maximum of five years in such a position before being required to rotate off
the engagement. (C) The annual financial statements audit must be prepared
on a comparative basis for the current and prior fiscal years and present
financial position and results of operations in conformity with generally
accepted accounting principles. The financial audit required by this rule must
include an explanation reconciling any differences between the financial
statements included in any annual reports and the audited financial
statements. (D) The casino operator must require the independent
certified public accountant or independent registered certified public
accounting firm auditing the casino operator's financial statements to
render a report on the prospective financial statements, including a one-year
forecast and three-year projection, expressing an opinion as to whether the
prospective financial information is properly prepared on the basis of the
assumptions and is presented in accordance with the relevant financial
reporting framework, and any additional reports required by the executive
director. (E) The casino operator must file with the commission the
reports required by paragraphs (A) and (D) of this rule in a format determined
by the executive director within one hundred twenty days following the end of
the casino operator's fiscal year or upon receipt, whichever is
earlier. (F) Each casino operator must contract with a third party
to perform an independent IT audit and surveillance system audit. The third
party must be approved by the executive director as qualified, independent, and
capable of performing the audit. The audits must be performed, and a copy of
the report provided to the commission, at least once every licensure period.
The audits and corresponding report must assess the following: (1) The design, controls, maintenance, and security of the
casino operator's IT and surveillance systems; (2) The casino operator's compliance with the IT and
surveillance requirements of this chapter; and (3) Any other subject required by the executive
director. (G) At any time, the executive director may require a
special audit of a casino operator by commission personnel, an independent
certified public accountant, an independent registered certified public
accounting firm, or any other third party the executive director approves as
qualified, independent, and capable of performing the special audit. The scope,
procedures, and reporting requirements of any special audit are to be
established by the executive director. (H) The casino operator must notify the commission of any
report that is filed, or required to be filed, with the securities and exchange
commission or other securities regulatory agency. (I) All audits and reports required by this rule are to be
prepared at the sole expense of the casino operator. (J) Any audit engagement contract entered into under this
rule is subject to decertification, as established under paragraph (A) of rule
3772-10-23 of the Administrative Code, or invalidation due to lack of
qualification, independence, or capacity or a finding that the contract or
conduct performed thereunder poses a material risk to the integrity of casino
gaming in this state. The invalidation process is an action against the casino
operator that is subject to the hearing procedures and disciplinary actions
provided for under Chapters 3772-21 and 3772-22 of the Administrative Code,
respectively. If an audit engagement contract is decertified or invalidated,
the casino operator must enter into a new audit engagement contract to ensure
the requirements of this rule are met. (K) Each casino operator must file with the commission a
copy of any suspicious activity report.
Last updated February 28, 2022 at 8:49 AM
|
Rule 3772-10-08 | Procedures for monitoring and reviewing game operations.
Effective:
February 28, 2022
(A) Each casino operator must establish
internal controls for monitoring and reviewing table game operations, which
must include: (1) Procedures for the
monthly review of table game performance. The review must be a comparison of
the lifetime average historical payout percentage and the rolling thirty-day
average payout percentage for each table game, on a per table basis;
and (2) Procedures for documenting,
investigating, and resolving deviations of more than four percent between the
historical results and the actual results. The procedures must
include: (a) Conducting and documenting the investigation;
and (b) Notification to the commission of the investigation results
upon completion. (B) Each casino operator must establish
internal controls for monitoring and reviewing electronic gaming equipment
operation for equipment that accepts wagers. These controls must
include: (1) Procedures for the review of recorded
electronic gaming equipment meters, including the parameters used to determine
the reasonableness of the recorded meters; (2) Procedures for the alteration of
recorded electronic gaming equipment meters, including the positions authorized
to perform the alteration and the documentation maintained to support the
alteration; (3) Procedures for the comparison of each
electronic gaming equipment's recorded meters with the actual drop amount.
The comparison must be performed for each drop; (4) Procedures for documenting,
investigating, and resolving inconsistencies encountered while comparing each
electronic gaming equipment's recorded meters with the actual drop
amounts. They must include, but are not limited to: (a) The variance threshold(s) that indicate an investigation is
necessary. The commission must be notified of variances requiring investigation
within one week of the variance discovery; (b) Procedures for conducting and documenting the investigation.
The procedures should include a comparison of metered cash and voucher
transactions with cash and vouchers from the drop; and (c) Notification to the commission of the investigation results
upon completion. (5) Procedures for the monthly review of
electronic gaming equipment performance. The review must consist of a rolling
thirty days, rolling twelve months, and life-to-date comparison of the expected
theoretical payout percentage and the actual payout percentage for each
electronic gaming device that accepts wagers. The comparisons must be done on a
per paytable basis, unless otherwise approved by the executive director;
and (6) Procedures for documenting,
investigating, and resolving deviations of more than four percent while
reviewing electronic gaming equipment performance. They must
include: (a) Notification of the electronic gaming equipment requiring
investigation to the commission within one week of the deviation
discovery; (b) The procedures for conducting and documenting the
investigation; and (c) Notification to the commission of the investigation results
upon completion.
Last updated February 28, 2022 at 8:49 AM
|
Rule 3772-10-09 | Complimentaries.
Effective:
February 28, 2022
(A) In addition to the limits on
promotional credits in section 3772.23 of the Revised Code, each casino
operator's internal controls must include the following: (1) Procedures for the
authorization, issuance, and recording of complimentaries, including cash and
non-cash gifts. These internal controls must include the delegation of
authority to approve the issuance of complimentaries and the limits that apply
to this authority, including limits based on proper separation of duties and
limits based on relationships between the authorizer and
recipient; (2) Procedures for
ensuring that complimentaries are not provided to members of the Ohio voluntary
exclusion program or those on the commission's involuntary exclusion list;
and (3) Procedures for
auditing complimentaries. (B) All complimentaries paid in cash must
be disbursed directly to the patron by a gaming cashier at the cage after
receipt of appropriate documentation.
Last updated February 28, 2022 at 8:49 AM
|
Rule 3772-10-10 | Patron financial transactions at the cashier's cage.
Effective:
February 28, 2022
(A) Each casino operator may process
financial transactions at the cashier's cage for patrons. For the purpose
of this rule, "financial transaction" does not include the exchange
of cash for casino chips, the redemption of casino chips or redeemable vouchers
issued from electronic gaming equipment for cash at the cashier's cage, or
coin or currency exchanges. (B) Each casino operator must designate
in its internal controls the types of financial transactions to be conducted at
the cashier's cage and the procedures for doing so. (C) Before processing each financial
transaction at the cashier's cage, the casino cashier must verify the
identity of the patron and ensure that the patron is not a part of the
commission's voluntary or involuntary exclusion programs. (D) The casino operator must retain all
records related to each transaction whether in paper or electronic form in
accordance with rules 3772-1-07 and 3772-10-05 of the Administrative
Code. (E) The casino operator must do the following with respect
to patron deposits that are received or withdrawn: (1) Provide the patrons with a receipt, which must include
the total amount deposited or withdrawn, the date of the deposit or withdrawal,
and the signature of the cage employee accepting or processing the patron
deposit or withdrawal, respectively; and (2) Maintain a log detailing all patron deposits and
withdrawals. (F) Wire transfers must be subject to the following
additional requirements: (1) A cage wire transfer
log must be kept and must list the details of each wire transfer sent and
received for gaming purposes; (2) Wire transfers
received must be verified by a receiving licensed employee and a second
licensed employee independent of the original receipt of the transfer. Both
licensed employees must sign the wire transfer log as evidence of this
verification. (3) Residual balances
must be returned to the patron if not used during a set amount of time detailed
in the internal controls.
Last updated February 28, 2022 at 8:49 AM
|
Rule 3772-10-11 | Credit.
Effective:
February 28, 2022
(A) A casino operator may extend credit
to a patron in a commercially reasonable manner considering the patron's
finances and in accordance with this rule. (B) If a casino operator chooses to extend credit to
patrons, the casino operator's internal controls must detail the
procedures for extending credit, including a description of the application
process, the identification of employees involved, a requirement for prompt
recording of the transactions that impact the patron's credit line, and
placement of safeguards on credit extension. (C) The casino operator's internal controls must
detail the information contained in, the use of, and security for patron credit
files. A credit file for each patron must be prepared before the casino
operator's approval of a patron's credit limit and include, at a
minimum, the following: (1) The patron's name; (2) The patron's address; (3) The patron's telephone number; (4) A copy of the patron's government issued
identification; (5) The patron's banking information; (6) The patron's income information; (7) The patron's credit limit, showing how it was
established and how the casino operator considered other outstanding total
indebtedness; (8) The credit agreement; (9) A listing of all transactions affecting a patron's
outstanding indebtedness to the casino operator and its affiliates;
and (10) Any other information the executive director deems
necessary to ensure the reasonableness of the credit extension. (D) Before extending credit to a patron, a casino operator
must verify that the patron is not participating in the Ohio voluntary
exclusion program or on the commission's involuntary exclusion
list. (E) A
casino operator may not extend credit to any patron who has not made a payment
on the patron's outstanding credit within a period of thirty
days. (F) Except as otherwise provided in this rule, no person
who is employed by a casino operator or is acting on behalf of or under any
arrangement with a casino operator may extend credit to a patron in connection
with the conduct of casino gaming. (G) Procedures must be established for the issuance, use,
and payment of markers, including the following: (1) A designation of employees who are authorized to issue
markers; (2) A designation of where markers can be
issued; (3) A description of the marker's documentation and
signatures required to authorize the marker; (4) Verification of the patron's identity and
available credit before issuance of the marker; (5) Controls on how the transaction will be
recorded; (6) Controls on the use of markers; (7) Controls on how markers may be repaid; and (8) Any other information deemed necessary by the executive
director.
Last updated February 28, 2022 at 8:50 AM
|
Rule 3772-10-12 | Access controls.
Effective:
February 28, 2022
(A) Each casino operator's internal
controls must establish procedures for sensitive keys and securing access to
assets and restricted areas. (B) Each casino operator must maintain automated systems
approved by the executive director designed to control and record access to
assets and restricted areas. (C) Unless otherwise required by the executive director,
all sensitive keys, locks, access cards, biometric access, and all other
methods used to grant access to assets and restricted areas must be controlled
and managed by the security department. The IT department may provide
assistance with management of automated systems. (D) Inventory ledgers must be maintained for all sensitive
keys and locks. Key and lock inventory ledgers must detail the following
information: (1) The acquisition of sensitive keys and
locks; (2) The placement into service or removal from service of
sensitive keys and locks including the current location; and (3) The destruction or disposal of sensitive keys and
locks. (E) Database records must be maintained documenting the
assigned access for sensitive keys, access cards, biometric access, and all
other methods used to grant access. (F) The automated system in which sensitive keys are kept
must be continuously covered by a fixed surveillance camera. (G) Access to assets and restricted areas must be assigned
to employees by position type. (H) Additions or deletions of employee access to assets or
restricted areas must be recorded in the automated systems and properly
supported by personnel action documentation. (I) The casino operator's automated systems must track
and record when sensitive keys are checked out by employees. (J) The casino operator's automated systems must track
and record employee access to restricted areas secured by the automated
systems. (K) The casino operator's internal audit team must, at
least semi-annually, complete an audit or analytical procedures designed to
test the physical inventory count of sensitive keys and locks and assigned
access to assets and restricted areas. (L) Procedures for the destruction of sensitive keys and
locks must be approved by the executive director. (M) If a sensitive key or lock is lost, becomes missing, or
is otherwise compromised, the casino operator must notify the commission in
writing and investigate the incident. After receiving the results of the
investigation from the casino operator, the executive director will determine
if all associated sensitive keys and locks must be changed in order to maintain
access restrictions. (N) If an access card, biometric access, or other
electronic access is lost, becomes missing, or is otherwise compromised, the
casino operator must immediately remove all compromised access.
Last updated February 28, 2022 at 8:50 AM
|
Rule 3772-10-13 | Signature requirements.
Effective:
February 28, 2022
(A) Each casino operator must prepare and
maintain a signature card for each licensed employee. The signature cards must
contain the following: (1) The employee's printed name; (2) The employee's license number; (3) The employee's handwritten signature and
initials; (4) The employee's title, department, and employee
number; (5) The department supervisor's signature authorizing
the signature card; (6) The date of signature card; and (7) The forms that the employee is authorized to
sign. (B) All signature cards must be updated or replaced
immediately upon a change in employee status. (C) Whenever a signature of a licensed employee is required
by rules adopted by the commission at a public meeting under section 3772.02 of
the Revised Code or the casino operator's internal controls, the signature
must: (1) At a minimum be, the signer's first initial, last
name, and commission license number; and (2) Be immediately adjacent to or above the legibly printed
or preprinted title of the signer.
Last updated February 28, 2022 at 8:50 AM
|
Rule 3772-10-14 | Internal audit standards.
Effective:
February 28, 2022
(A) Each casino operator's internal
controls must include internal audit standards. (B) The casino operator must maintain a
separate internal audit department whose primary function is to perform
internal audit work that must be independent with respect to the departments
subject to audit. The casino operator must ensure that the standards,
conventions, and rules governing audits in the United States are followed for
all audits. The internal audit department must be responsible for the
following: (1) The review and
appraisal of the adherence of the casino operator's internal controls to
Chapter 3772. of the Revised Code and the rules adopted
thereunder; (2) Performing tests to
ensure compliance with the internal controls; (3) The reporting to the
casino operator's management and the commission of instances of
noncompliance with the internal controls; (4) The reporting to the
casino operator's management and the commission of any weaknesses in the
internal controls; (5) The recommendation of
procedures to eliminate any weaknesses in the internal controls;
and (6) Performing tests to
ensure compliance with rule 3772-10-06 of the Administrative Code. (C) The auditing department must prepare
documents to evidence all internal audit work performed as the work relates to
the requirements in this rule, including all instances of noncompliance with
the internal controls: (1) The internal audit
department must operate with audit programs that address the requirements of
this rule; (2) The internal audit
department must accurately document the work performed, the conclusions
reached, and the resolution of all exceptions; and (3) All audit reports
must be prepared, maintained, and provided to the commission on a schedule
approved by the executive director. (D) Internal audit personnel must perform
audits of all major gaming areas of the casino operator. The following must be
reviewed at least semi-annually: (1) Slot revenue and
procedures; (2) Table games revenue and
procedures; (3) Manual payouts; (4) Cage procedures; (5) Information technology; (6) Complimentaries and
promotions; (7) Control of access to assets and
restricted areas; (8) Purchasing; and (9) Any other internal audits as required
by the executive director, audit committee of the board of directors, or any
other entity designated by the executive director. (E) The audit reports must include the
following information: (1) Audit
objectives; (2) Audit procedures and
scope; (3) Findings and
conclusions; and (4) Management's
response. (F) The internal audit department must
perform follow-up examinations to verify that corrective action has been taken
regarding all instances of noncompliance cited by internal audit and the
independent accountant. Further, if directed by the executive director, the
internal audit department must perform follow-up examinations to verify that
corrective action has been taken regarding all settlement agreements, notices
of noncompliance, and disciplines imposed by the commission. These
verifications must be performed within three months of the issuance of the
audit report. (G) Whenever possible, internal audit
observations must be performed on an unannounced basis. (H) All exceptions disclosed during
audits must be investigated and resolved. (I) All internal audit findings must be
reported to management, who must respond to internal audit findings stating
corrective measures to be taken to avoid recurrence of the audit exception. The
management responses must be included in the internal audit reports that are
delivered to the casino operator's management, the commission, audit
committee of the board of directors, or other entity designated by the
executive director.
Last updated February 28, 2022 at 8:50 AM
|
Rule 3772-10-15 | Information technology controls.
Effective:
February 28, 2022
(A) The casino operator's
information technology ("IT") department is responsible for the
quality, reliability, accuracy, security, and integrity of all gaming-related
computer systems, regardless of the system's location. (B) Each casino operator must provide hardware and
software, approved by the executive director, for the exclusive use of the
commission to facilitate access to the casino operator's gaming-related
systems from commission offices. (C) Each casino operator must provide the commission with a
comprehensive list of all gaming-related computer systems in a format approved
by the executive director. Each casino operator must provide updates to the
list as changes occur. (D) The area where the gaming-related system servers and
core components are located must be secured and access restricted to
appropriate personnel. Access to the secured area must be logged. The log must
be reviewed for accuracy and completion by a member of the IT department at
least monthly. At a minimum, the log must include the following
information: (1) Date and time the secured area was
entered; (2) Date and time the secured area was exited; (3) Reason for access; (4) First and last name of individual entering the area;
and (5) License number of individual entering the area, if
applicable. (E) Logical access and security measures must be
implemented on all gaming-related systems to segregate incompatible functions,
prohibit unauthorized access, and prevent loss of data integrity. The measures
must include: (1) Creation and maintenance of gaming-related system user
accounts, which must be reviewed for appropriate access levels at least
quarterly. The review must be documented and checked for accuracy and
completion by a member of the IT department; and (2) Gaming-related system user accounts must be
authenticated prior to being given access. Appropriate authentication
mechanisms (passwords, biometrics, etc.) and security policies must be
used. (F) Gaming-related system data must be backed-up and
recoverable. The back-up and recovery process must be logged. (G) Gaming-related system security event logs must be
monitored and reviewed for suspicious activity and abnormal operation. The
commission must be notified upon confirmation of any activity or abnormal
operation that results in unauthorized access to, or loss of, gaming-related
system data. (H) Remote access to gaming-related systems may be allowed,
but must adhere to the following guidelines: (1) A unique gaming-related system user account must be
established for each vendor requesting remote access; (2) A dedicated and secure communication mechanism must be
used to provide remote access; (3) Each instance of remote access must be activated by the
casino operator's IT department; (4) Remote access must be deactivated by the casino
operator's IT department at the conclusion of each instance of remote
access; and (5) Each instance of remote access must be logged. At a
minimum, the log must include the following information: (a) Date and time remote
access capability was activated; (b) Date and time remote
access capability was deactivated; (c) System accessed,
including manufacturer and version number; (d) First and last name
of the individual or unique service request tracking number assigned by the
licensed gaming-related vendor remotely accessing the system; (e) First name, last
name, and license number of the IT department member who activated the remote
access capability; (f) First name, last
name, and license number of the IT department member who deactivated the remote
access capability; and (g) The reason for remote
access, including a description of the actions taken during the remote access
session. (I) Each casino operator's internal controls must
contain provisions for IT, which include, but are not limited to: (1) Procedures for the control and installation of
gaming-related system software. A software control log evidencing all
authorized changes to software must be maintained and reviewed for accuracy and
completion by a member of the IT department; and (2) Procedures for the examination of gaming-related system
software to detect changes, whether authorized or not. The examination must
occur at least monthly and must be logged and reviewed for accuracy and
completion by a member of the IT department.
Last updated February 28, 2022 at 8:50 AM
|
Rule 3772-10-16 | Cashier's cages, main bank, and count rooms.
Effective:
February 28, 2022
(A) Each casino facility must have a main
cashier's cage adjacent to the gaming floor. (B) Each casino facility may also have
one or more satellite cages separate and apart from the main cashier's
cage that may be used for performing some of the functions of the main
cashier's cage. (C) Each casino facility must have a main
bank located in a secure area of the casino facility. (D) Each casino facility must have a
count room located in a secure area of the casino facility. (E) The main cashier's cage, main
bank, and count room must be equipped with the following security
controls: (1) A double-door entry
and exit system (mantrap) that contains different locks on each door and will
not permit a person to pass through the second door until the first door is
securely locked. Access to each door of the mantrap must be controlled by
different independent casino departments. An emergency exit without a mantrap
may be installed in these locations as approved by the executive
director; (2) Automatically
triggered alarms monitored by the surveillance department which sound when any
door is opened unexpectedly; (3) Manually triggered
silent alarms accessible to each workstation monitored by the surveillance
department; and (4) Tables used for the
count must be constructed of clear glass or similar transparent material so
that all activity may be monitored by the surveillance department. (F) Any window in a cashier's cage,
main bank, or count room must be secured in a manner that prevents any person
from passing through the opening. (G) Each casino operator's access
controls must detail the access restrictions and processes of all casino
cashiering areas, including the main cashier's cage, satellite cages, main
bank, and count rooms. (H) Unless otherwise approved by the
executive director, the casino cashiering areas, including the main
cashier's cage, satellite cages, main bank, and count rooms, must only be
used for the processing of casino gaming and promotional
transactions. (I) Each casino operator must offer
services for converting cashless wagering instruments to cash at all times
during which the casino facility is open for business.
Last updated February 28, 2022 at 8:51 AM
|
Rule 3772-10-17 | Accounting controls for the cage, main bank, and redemption kiosks.
Effective:
February 28, 2022
(A) Each casino operator's internal
controls must detail the procedures for operating the cages, main bank, and
satellite cages. The procedures must provide for the following: (1) The organization,
number, and qualifications of staff; (2) The beginning and
ending times for each shift; (3) Documentation to
support any transfers between the cage, main bank, or satellite cages, and
adequate security to provide safety of funds being moved; (4) The recording of
perpetual inventory and the reconciliation of physical inventory to that
perpetual inventory upon the changing of shifts, and documentation to support
such information; (5) The documentation of
imprest amounts being transferred upon the changing of shifts, and signatures
of the incoming and outgoing cashiers or supervisors; and (6) Adequate key control
to assure the security of funds during a shift. (B) Any variances in the cages, main
bank, or redemption kiosks, must be documented by the casino operator and a
system must exist to identify variances by each individual cashier or
redemption kiosk. If a variance exceeds five hundred dollars, the variance must
be reported to the commission and investigated by the casino operator. The
findings of the investigation must be forwarded to the commission. (C) The cage accountability must be
reconciled to the general ledger at least monthly. (D) Redemption kiosks will be returned to
an imprest amount and must be reconciled on a schedule as established in the
casino operator's internal controls. (E) Procedures for redemption kiosk
reconciliation, for all types of transactions offered, must be described in the
casino operator's internal controls and must include: (1) Procedures for
removal and counting of all currency and vouchers from the redemption
kiosks; (2) Procedures for
performing and documenting fills and drops of redemption kiosks;
and (3) Procedures for
documenting the imprest amount per reconciliation period. (F) A trial balance of gaming operation accounts receivable,
including the name of the customer and current balance, must be prepared at
least monthly for active, inactive, settled, or written-off accounts. The trial
balance of gaming operation accounts receivable must be reconciled to the
general ledger each month. The reconciliation and any follow up performed must
be documented, maintained for inspection, and provided to the commission upon
request. (G) All cage and credit accounting procedures and any follow-up
performed must be documented, maintained for inspection, and provided to the
commission upon request.
Last updated February 28, 2022 at 8:51 AM
|
Rule 3772-10-18 | Table drop boxes and electronic gaming equipment bill validator canisters: physical requirements and transportation.
Effective:
February 28, 2022
(A) Each casino operator must submit for
executive director approval the specific times and procedures that table drop
boxes and electronic gaming equipment (EGE) bill validator canisters will be
brought to or removed from table games and EGE. The procedures may allow for
the casino operator to remove table game drop boxes and EGE outside of the
approved times only if the box or canister is full or has
malfunctioned. (B) The executive director may require a table game drop
box or EGE bill validator canister to be removed and secured in the count room
or other designated location at any time. (C) Transportation of table game drop boxes and EGE bill
validator canisters must be performed by a member of the security department
and at least one other licensed employee, as designated in the casino
operator's internal controls. The surveillance department must monitor
the process. (D) Table game drop box removal must be performed at least
once per gaming day for all tables that offered casino gaming. Each table game
drop box must be removed and replaced with an empty table game drop box in a
continuous process. Upon removal from the tables, table game drop boxes must be
transported in a locked trolley directly to the count room, or other secure
area as approved by the executive director, and secured until the count takes
place. (E) EGE bill validator canister removal must be performed
at least once per week for all EGE that offered casino gaming. Each bill
validator canister must be removed and replaced with an empty bill validator
canister in a continuous process. Upon removal from EGE, bill validator
canisters must be transported in a locked trolley directly to the count room,
or other secure area as approved by the executive director, and secured until
the count takes place. (F) Licensed employees authorized to remove table game drop
boxes and EGE bill validator canisters must be precluded from having
simultaneous access to remove table game drop boxes or EGE bill validator
canisters and access to the drop box or canister contents. (G) When not in use, empty table game drop boxes and EGE
bill validator canisters must be stored in a locked trolley in the count room
or in a secure area as approved by the executive director. Access to stored
empty table game drop boxes and EGE bill validator canisters must require the
involvement of at least two licensed employees from independent
departments. (H) Each table game drop box and EGE bill validator
canister must: (1) Have a unique identification number assigned to it that
can be readily identified and correlates with the table game or EGE in which it
is placed; (2) Be fully enclosed, except for openings as required for
the designed operation; (3) Be designed to prohibit the removal of the contents
without the use of the appropriate key (content key); and (4) Be designed to prohibit the removal from a table game
or EGE without the use of the appropriate key (release key).
Last updated February 28, 2022 at 8:51 AM
|
Rule 3772-10-19 | Count procedures.
Effective:
February 28, 2022
(A) Each casino operator's internal
controls must detail the count procedures for counting the proceeds from casino
gaming. (B) The counting process must be conducted by a count team
that is independent of the cashier's cage, the accounting department, all
audit functions, and of the transactions being reviewed and counted, unless
otherwise approved by the executive director. (C) The counting process must be performed by a minimum of
three count team employees. (D) There must be at least three count team employees in
the count room during the counting process, until the proceeds from casino
gaming have been accepted into the cage or main bank
accountability. (E) Table game drop boxes and electronic gaming equipment
bill validator canisters containing the proceeds from casino gaming must only
be opened and counted in the count room by the count team. Only count team
members can handle the proceeds from casino gaming during the
count. (F) Access to the count room must be restricted as
follows: (1) When proceeds from casino gaming are present in the
count room, access is limited to members of the count team, security, main
bankers, and commission personnel. The executive director may conditionally
approve temporary access for additional individuals, as requested. (2) When proceeds from casino gaming are not present in the
count room, access is limited to those detailed in the casino operator's
access controls. (G) Entering and exiting the count room during the counting
process is only permitted when scheduled or for emergencies. Commission
personnel may enter and exit at any time. (H) All persons present in the count room during the
counting process, except commission and security personnel, must wear a
full-length, one-piece, pocket-less outer garment with openings only for the
arms, feet, and neck. (I) Only transparent bags and containers are permitted in
the count room. (J) Before conducting the counting process, the count team
must test the counting machines for accuracy. The test procedures must be
witnessed by at least two count team members and must be documented. The test
documentation must be signed by at least two count team members and included in
the final count documentation. Counting machines that fail the test must not be
used. (K) Before conducting the counting process, the count team
must alert the surveillance department that the counting process is about to
begin. (L) Each member of the count team must display the backs
and palms of their hands to the view of the other members of the count team and
a surveillance camera prior to commencing and after completing each of the
following: (1) Transporting money from the count table to the count
machine or placing money into the count machine; (2) Removing money from the count machine or transporting
money from the count machine to the count table; (3) Conducting the bulk count of loose bills at the end of
the count; and (4) Removing or returning hands from a position on or above
the count table; (5) Returning hands to a position on or above the count
table; and (6) Coming in contact with their person or that of another
individual. (M) At least three members of the count team must attest in
writing as to the results of the count prior to the proceeds being given to the
main banker. (N) All proceeds from casino gaming must be turned over to
a main banker who must be independent of the count team. The main banker must
conduct a bulk count of the proceeds from casino gaming and then compare it to
the count documentation. The main banker must attest in writing to the amount
of funds. All differences must be reconciled before the remaining count team
members leave the count room. (O) The count documentation, with all supporting documents,
must be delivered to the accounting department by a licensed person independent
of the cashier's cage department. Alternatively, the count documentation
and all supporting documents may be secured in a locked canister or other
device to which only accounting personnel have access, until retrieved by the
accounting department.
Last updated February 28, 2022 at 8:51 AM
|
Rule 3772-10-20 | Unsecured currency.
Effective:
February 28, 2022
(A) Each casino operator must record the
following information for currency inserted into a casino game, but found
outside of the table game drop box or electronic gaming equipment (EGE) bill
validator canister: (1) The table game number or EGE asset number wherein the
currency was inserted; (2) The date the currency was found; and (3) The value of the currency. (B) The unsecured items must be brought to the count room
with the proceeds from casino gaming and included in the revenue for the
associated game.
Last updated February 28, 2022 at 8:51 AM
|
Rule 3772-10-21 | Manual game payouts.
Effective:
February 28, 2022
(A) Each casino operator's internal
controls must detail the procedures for paying manual payouts, which must
include the following: (1) Verification and documentation of the manual payout by
a licensed employee of the respective department, or requirements for detailed
information on payout documents that are generated by casino or slot management
systems; (2) Submission of a manual payout two-part form to the
cage; (3) Processing system overrides or
adjustments; (4) Completing and filing required tax forms; (5) Checking the identity of patrons winning taxable
payouts against required intercept databases; (6) Documented patron acknowledgment of the amount to be
paid; (7) Documented supervisor verification of manual payouts
over ten thousand dollars; (8) The daily review of all manual payouts from EGE. The
review must consist of a comparison of the EGE's recorded manual payout
meter with the actual amount paid for each manual payout; and (9) Documenting, investigating, and resolving
inconsistencies encountered while reviewing manual payouts from EGE. The
procedures must include: (a) The variance
threshold at which an investigation is necessary. The commission must be
notified of variances requiring investigation within one week of the variance
discovery; (b) The procedures for
conducting and documenting the investigation; and (c) Notification to the
commission of the investigation results upon completion. (B) Surveillance department must monitor all manual payouts
over ten thousand dollars. (C) Security escorts must be available for patrons
receiving manual payouts. (D) A
casino operator may not offer games that offer annuity or merchandise payouts
unless otherwise approved by the executive director.
Last updated February 28, 2022 at 8:52 AM
|
Rule 3772-10-22 | Tips and gratuities.
Effective:
February 28, 2022
(A) Licensed employee's may not
solicit any tip or gratuity from any patron of the casino
facility. (B) Licensed employee's acting in a supervisory
capacity may not accept any tip or gratuity from a patron of the casino
facility. (C) All tips and gratuities given to table game dealers
must be deposited in a transparent locked box reserved for such purpose. The
tips and gratuities must be placed in a pool for distribution, pro rata, among
the table game dealers, unless the tips and gratuities are given during the
conduct of a player against player contest.
Last updated February 28, 2022 at 8:52 AM
|
Rule 3772-10-23 | Other duties.
Effective:
February 28, 2022
(A) The commission may decertify a casino
operator contract if it becomes aware of a contractor that has violated
statutes or rules of this state or the federal government. The decertification
process is an action against the casino operator that is subject to the hearing
procedures and disciplinary actions provided for under Chapters 3772-21 and
3772-22 of the Administrative Code, respectively. (B) Money a casino operator owes to, but is not claimed by,
a patron because of a casino gaming transaction is subject to Chapter 169. of
the Revised Code. (C) Each casino operator must comply with Chapter 5753. of
the Revised Code and with any requests of the tax commissioner in the
computation and reporting of winnings, compensation from casino gaming, and
gross revenue.
Last updated February 28, 2022 at 8:52 AM
|