Return to site

Cloud-Based Systems for Gaming Compliance

Barth F. Aaron, Esq.

broken image

One may reason that since our friends in the Departments of Justice and Treasury consider casinos to be financial institutions, financial record-keeping is mandatory. But there are more regulatory agencies than the federal government that look over our shoulders. Thus, record-keeping and being able to reconstruct customer and vendor transactions has been a requirement of conducting legalized gaming.

With the new emphasis on enforcement by the Financial Crimes Enforcement Network (FinCEN) and its Know Your Customer (KYC) requirements coupled with the accepted risk-based analysis, this record-keeping requirement alone can be substantial. Add that to player club records, customer play records (to maintain customer good will by recording all their play to balance the proverbial W-2G record), vendor due diligence, other customer due diligence, employee records, licensing and work permit records, the vision of the warehouse from the Indiana Jones movie comes to mind.

But who needs paper? Odds are that almost all of the records stated above are maintained electronically. Certainly, slot-based players’ club records have almost no manual involvement. The slot management system is linked to the players’ club system, automatically cross-references the records and can report on individual player play as well as individual machine performance, along with other reports. Even table games player records are maintained electronically. The same can be said of employee and vendor records and certainly AML records.

Why, then, should we not do the same with gaming license application information? Although many more fields are in play, the structure is no different than completing an online purchase – enter your name, address, telephone, credit card information and press a purchase key… all done electronically.

Where are those records stored? The major gaming companies have already followed the lead of Amazon, Verizon, GM, AT&T and others with space rented or licensed at data centers or server farms such as Switch. The Switch facility in Las Vegas and its sister facility being built in Northern Nevada have some of the most rigorous security available. Physical security can be equated to Fort Knox, with fences, layers of entrances, manned patrols and check points. The hardware is deep inside an impenetrable fortress of a building. Digital security is just as tight with firewalls, encryption, 24-hour monitoring and more to ensure no intrusions into the stored data.

Most people are not quite sure what the “cloud” is or how it operates, but I have just described it. The “cloud” is no mystery. It consists of linked or networked computers which store data and make it available to authorized users. Besides the physical and digital security already described, access to cloud-based data is only allowed for authorized users. There are layers of authorization that can be imposed. Most simple is a password. Then there can be layered security requiring not just a password but verification that the password user is the actual password owner. This can be accomplished using text messages with confirmation codes, through biometrics with the swipe of a fingerprint or eyeball scan, and other tactics. The layers of security can build on one another. Finally there is encryption, rendering the data meaningless to all but those with the key to translate the gibberish into human language.

People use computers every day to create, store and transmit information. Most unknowingly use the cloud to store or transmit what they create. ICloud, Microsoft’s cloud and other services now offer the ease and convenience of storing your data away from your devices but making it readily available to you on any of your devices. That is the “cloud” at work.

On an industrial level, with all the layers of physical and digital security in place, the cloud is safer than your own device (remember when you misplaced your smartphone and needed to replace it, or when you left your laptop on the bus or train?). The cloud stores your information privately and securely. It can just as easily store the information needed for a gaming license application and transmit it to a regulator that you have authorized to receive it. The added security is that the information is kept in the cloud and not downloaded to the receiver’s device. They can view the data and use it, but it can never be stolen when their device is left on the train or misplaced on the airplane.

Cloud-based computing is here and it is here to stay. Odds are your company already stores data “in the cloud,” using computers that reside in one or more third-party data centers. There is no reason why gaming compliance information, especially gaming license applications and back-up data, cannot and should not be cloud-based as well.

All Posts

Almost done…

We just sent you an email. Please click the link in the email to confirm your subscription!