Minimum Internal Control Standards for Class II Gaming, 60495-60508 [E7-20778]

Agencies

• DEPARTMENT OF THE INTERIOR
• National Indian Gaming Commission

[Federal Register Volume 72, Number 205 (Wednesday, October 24, 2007)]
[Proposed Rules]
[Pages 60495-60508]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E7-20778]


-----------------------------------------------------------------------

DEPARTMENT OF THE INTERIOR

National Indian Gaming Commission

25 CFR Parts 542 and 543

RIN 3141-AA37


Minimum Internal Control Standards for Class II Gaming

AGENCY: National Indian Gaming Commission (``NIGC'' or ``Commission''), 
Interior.

ACTION: Proposed rule.

-----------------------------------------------------------------------

SUMMARY: In response to the inherent risks and the need for effective 
controls in tribal gaming, the Commission, in January 1999, developed 
minimum internal control standards (MICS). Since their original 
implementation, it has become obvious that the MICS require technical 
adjustments and revisions so that they continue to be effective in 
protecting tribal assets, while still allowing tribes to utilize 
technological advances in the gaming industry. The current MICS are 
specific to the conduct of a wagering game without regards to whether 
the game is classified as a Class II or Class III game. This proposed 
rule is intended to supersede certain specified sections of the current 
MICS and replace them with a new part titled Minimum Internal Control 
Standards for Class II Gaming.

DATES: Submit comments on or before December 10, 2007.

ADDRESSES: Mail Comments to ``Comments on Class II MICS'' National 
Indian Gaming Commission, Suite 9100, 1441 L Street, NW., Washington, 
DC 20005. Comments may be transmitted by facsimile to 202-632-7066, or 
mailed or submitted to the above address. Comments may also be 
submitted electronically to bingo_mics@nigc.gov.

FOR FURTHER INFORMATION CONTACT: Joe H. Smith, Director of Audits, 
telephone 202-632-7003. This is not a toll free call.

SUPPLEMENTARY INFORMATION: 

Preamble Table of Contents

I. Development of the Proposed Rule
II. MICS Structure
III. Tier Structure
IV. Small and Charitable Gaming Operations
V. Tribal Internal Control Standards
VI. Alternative Procedures
VII. Agents
VIII. Smart Cards
IX. Manual Payouts
X. Promotional Prize Payouts
XI. Patron Account Transaction Record
XII. Audit Tasks To Be Performed at Relevant Periods
XIII. Inter-tribal Prize Pools
XIV. Information Technology

[[Page 60496]]

I. Development of the Proposed Rule

    On February 22, 2007, the Commission held a meeting of its 
Classification Standards Advisory Committee. At this meeting the tribal 
representatives on the committee presented to the Commission a final 
draft of descriptive technical standards for Class II gaming. As the 
technical standards were being developed the Commission realized that 
many of the provisions considered for inclusion were not technical 
standards but rather internal controls. After reviewing the final 
technical standards draft, the Commission decided, that for the 
technical standards to be effective, it would have to make changes to 
its existing minimum internal control standards (MICS). The updating of 
MICS will be done in phases with the first phase limited to those areas 
that had a direct impact on the technical standards, specifically, 
bingo and other games similar to bingo.
    To complete this task, the Commission requested that its standing 
MICS Advisory Committee embark on an aggressive schedule to complete 
revisions to MICS to be published concurrently with the publishing of 
technical standards. Additionally, the Commission requested that 
members of the Classification Standards Advisory Committee assist in 
drafting MICS revisions to ensure that any changes were consistent with 
the draft technical standards. During a MICS Advisory Committee meeting 
held on June 25, 2007, in Dallas, Texas, tribal representatives on the 
MICS Committee urged the Commission to adopt a format for the new MICS 
regulations different than the one originally proposed by the 
Commission. This alternative format focused on functions within a 
gaming facility rather than game type. Following this meeting the 
Commission decided to go forward with the suggested alternative format.
    The tribal representatives of the MICS Committee formed a working 
group, referred to by them as the Tribal Gaming Working Group (TGWG), 
to solicit information from tribal regulators, operators, and 
manufacturers. Tribal representatives requested that they be allowed 
time to consult with this group before providing advice to the 
Commission. The Commission agreed and between June and September 2007, 
the TGWG met several times in person and conducted numerous conference 
calls. The Commission did not participate in the establishment of this 
working group. However, Commission staff were invited to attend all of 
the meetings and participate in some of the conference calls. The 
Commission felt it was important to make staff available to this 
working group to answer questions about the goals of the Commission in 
drafting regulation revisions. Commission staff participated in this 
capacity during in-person meetings on July 15, 2007, in Seattle, 
Washington, on July 24, 2007, in Arlington, Virginia, and on August 13 
and 27, 2007 in Las Vegas, Nevada.
    The Commission is grateful to the tribal representatives on the 
MICS Advisory Committee and to those who assisted the tribal 
representatives for all of their hard work and for the high quality 
draft minimum internal control regulations that resulted from their 
efforts. The proposed rule is largely adopted from the final draft 
MICS, delivered to the Commission by the tribal representatives of the 
Advisory Committee on September 4, 2007.
    The full committee including the Commission, met to discuss the 
draft on September 12, 2007, in Arlington, Virginia. During this 
meeting the Commission raised questions about the draft regulations and 
received responses from the tribal representatives. The Commission also 
allowed members of the audience to make comments on the draft MICS as 
well as the process for developing them.
    There are places, of course, where the Commission felt it could not 
accept the MICS Committee's recommendations. As such, the Commission 
has proposed rules more stringent than the tribal representatives to 
the Advisory Committee would have preferred. Highlights of the new 
part, as well as a discussion of Advisory Committee recommendations the 
Commission did not accept are included below.

II. MICS Structure

    Currently, MICS for Class II and Class III gaming are contained in 
25 CFR 542. As there are some essential differences between Class II 
and Class III gaming, the Commission decided that there should be 
separate MICS for Class II and Class III gaming. Therefore, the 
Commission is proposing a new part 543 that would be limited to Class 
II gaming.
    The Commission had originally planned on mimicking the structure of 
part 542 in the drafting of new part 543. The controls in part 542 are 
segregated by the type of Class II game they apply to or by an area 
within the gaming operation. During the drafting process the MICS 
Advisory Committee recommended that the Commission adopt an alternative 
structure for the new part. The Commission has accepted the Advisory 
Committee's recommendation to structure the proposed rule based on the 
conceptual proposition that one set of controls can be made applicable 
to all types and forms of the game of bingo and other games similar to 
bingo whether the game is played manually or electronically.
    While it will eventually be necessary to bring many of the controls 
currently contained in part 542 into new part 543, in order to have 
separate and independent MICS for Class II and Class III gaming, the 
Commission felt it was necessary to structure this migration in phases. 
The most immediate concern was the controls related to bingo and other 
games similar to bingo. These controls were addressed first so that the 
current MICS would not conflict with the new proposed technical 
standards.
    Accordingly, the proposed rule addresses only the game of bingo, 
other games similar to bingo, and directly related information 
technology controls. Many of the provisions of part 542 will remain 
effective and applicable to class II games until such time as 
replacement regulations are enacted by the Commission.
    The second phase of this process of developing a comprehensive set 
of Class II MICS will address forms of Class II gaming other than bingo 
and games similar to bingo, such as pull-tabs and poker, and will 
codify the rules governing the processes that support the games, such 
as drop and count, cage, credit and internal audit. Furthermore, just 
as with part 542, the concept of tier classification will be preserved, 
so that smaller gaming operations will be held to a set of MICS better 
tailored to the risks found in small gaming operations and the 
resources available for addressing them.

III. Tier Structure

    The proposed rule allows an exemption, commonly referred to as the 
small and charitable exemption, for gaming operations earning less than 
$1 million in gross gaming revenue. A proposal was made to increase the 
threshold from $1 million to $3 million. The basis for the proposal was 
the premise that the higher threshold would be more consistent with 
other gaming jurisdictions, would acknowledge that smaller gaming 
operations may not have the resources to invest in the specified 
controls and, in all likelihood, the inherent risk associated with 
their games do not justify them. The Commission appreciates that the 
burden of compliance may be heavier on smaller gaming operations than 
larger ones that may have greater resources to allocate to internal 
controls. The

[[Page 60497]]

Commission has concluded that the tier structure mitigates impact on 
small operations. Therefore, the Commission has decided to keep the $1 
million dollar ceiling for the small and charitable gaming exemption.

IV. Small and Charitable Gaming Operations

    Small and charitable operations are required to adopt tribal 
internal controls that, at a minimum, protect the integrity of the 
games offered and safeguard the assets used in connection with the 
operation. The Commission has added a requirement that the gaming 
operations must create, prepare and maintain records in accordance with 
Generally Accepted Accounting Principles.

V. Tribal Internal Control Standards

    The tribal representatives on the Advisory Committee proposed that 
a regulation be included stipulating that only applicable standards 
shall apply to the tribe's gaming operation(s). The Commission 
disagrees. The proposed new section 543.3(c) addresses the issue by 
requiring that the tribe's gaming regulatory body adopt tribal internal 
control standards that equal or exceed those set forth in the proposed 
rule. Furthermore, within the preamble to part 542 final rule, 
published June 2002, the question was addressed as follows, ``Indian 
gaming is and always will be very diverse. The Commission therefore 
recognizes that developing one set of MICS to address all situations in 
every tribal gaming operation is not possible. It is not intended for 
Tribes to simply adopt these MICS verbatim as tribal internal control 
standards. Instead, Tribal gaming regulatory authorities should utilize 
the following to develop their own internal control standards as 
provided for in section 542.3(c) of this part.''

VI. Alternative Procedures

    The tribal representatives on the Advisory Committee proposed that 
a regulation be adopted that would authorize the tribal gaming 
regulatory authorities to approve without federal concurrence, 
alternative procedures to those required by the new part. The 
Commission is not prepared to adopt such a procedure at this time. 
Consequently, the Commission continues to rely on the variance process 
contained in 25 CFR 542.18.

VII. Agents

    The proposed rule utilizes the term ``agent'' in many places 
throughout part 543. In today's complex gaming environment it is not 
uncommon for support functions such as an internal audit to be 
outsourced, and vendors to actively participate in the maintenance of 
gaming related equipment and software programs. MICS, therefore, need 
to account for such variables. This definition is not intended, 
however, to allow persons to circumvent the management contract 
approval process or the need for licenses and background investigations 
for primary management officials and key employees.

VIII. Smart Cards

    The present definition of smart cards contained in part 542.13 is 
unclear. Essentially, all smart cards are not prohibited by the MICS; 
only those that possess the sole source of the patron account data. If 
the card is accessing the account data within the cashless gaming 
system or the system maintains a redundant record or the card has a 
specified value that cannot change, used merely to transfer wagering 
credits to a device, the smart card is not prohibited. Accordingly, the 
Commission has specified which smart cards are prohibited.

IX. Manual Payouts

    Proposed section 543.7(c) identifies controls applicable to manual 
payouts and short pays. Prize payouts over a predetermined amount, not 
to exceed $50,000 dollars, would require the signatures of two 
authorized individuals, one of whom must be a supervisor. The 
Commission has determined that it is an adequate control for the 
associated risk.

X. Promotional Prize Payouts

    Proposed section 543.7(c) also provides standards applicable to 
promotional prize payouts. The Commission considers these types of 
payouts to be of a high risk. Accordingly, the signatures of two 
persons are required to authorize payouts exceeding $599 dollars.

XI. Patron Account Transaction Record

    Proposed section 543.7(g) requires gaming operations to make 
available to the patron or tribal gaming regulatory authority, upon 
request of either, a record of the transactions occurring within a 
patron's wagering account.

XII. Audit Tasks to be performed at Relevant Periods

    Proposed section 543.7(i) includes standards pertaining to the 
accounting and auditing function associated with the game of bingo and 
other games similar to bingo. The auditing tasks represent procedures 
deemed by the MICS Advisory Committee to be necessary to effectively 
account for and detect anomalies in server-based games' performance 
data. The established gaming jurisdictions provide little guidance on 
what minimum controls should be required by a gaming oversight body. 
The MICS Advisory Committee recognized that the accepted industry 
practice of comparing the actual performance of a gaming machine to a 
predetermined criterion, theoretical hold, has an awkward, if not 
meaningless, application to the server-based game of bingo or other 
games similar to bingo. The conclusion is based upon the greater 
volatility of a bingo game, as compared to a random number generator 
possessing a predetermined cycle, even if the game is affected by 
skill. Consequently, to mitigate the risk of foregoing the typical 
analysis process, alternative auditing tasks were identified and are 
recommended.

XIII. Inter-tribal Prize Pools

    Proposed section 543.7(i) contains standards pertaining to the 
accounting and auditing function associated with the game of bingo and 
games similar to bingo. Included are controls specific to the data that 
a vendor would provide to a tribe relevant to the operation and 
maintenance of a linked prize pool. Although the proposed controls are 
more abbreviated than the corresponding standards in existing part 542 
pertaining to linked electronic games and host and remote host 
locations, the proposal appears to satisfy the overall regulatory 
objectives of requiring the vendor to share game performance data with 
the participating individual locations.

XIV. Information Technology

    The standards proposed at new Sec.  543.16 reflect only those 
controls directly related to and deemed necessary to augment the 
controls pertaining to the game of bingo and other games similar to 
bingo. During the second phase of this overall process of enacting MICS 
for class II gaming, it is anticipated that additional standards will 
be added.

Regulatory Matters

Regulatory Flexibility Act

    This proposed rule will not have a significant economic effect on a 
substantial number of small entities as defined under the Regulatory 
Flexibility Act, 5 U.S.C. 601 et seq. Indian tribes are not considered 
to be small entities for the purposes of the Regulatory Flexibility 
Act.

[[Page 60498]]

Small Business Regulatory Enforcement Fairness Act

    This proposed rule is not a major rule under 5 U.S.C. 804(2), the 
Small Business Regulatory Enforcement Fairness Act. This rule does not 
have an annual effect on the economy of $100 million dollars or more. 
This rule will not cause a major increase in costs or prices for 
consumers, individual industries, federal, state or local government 
agencies or geographic regions and does not have a significant adverse 
effect on competition, employment, investment, productivity, 
innovation, or the ability of U.S. based enterprises to compete with 
foreign-based enterprises. The Commission has determined that the cost 
of compliance with this regulation shall be minimal for several 
reasons. First, part 542 has been in effect since 1999 and requires 
that all Indian gaming operations be in compliance with the MICS. 
Second, considering that the Indian gaming industry spent approximately 
$419 million in 2006 on regulation and given the testimony of various 
tribal and industry leaders, it can be assumed that all gaming 
operations are compliant with part 542 or more stringent tribal 
internal control standards. Finally, given the widespread compliance 
with part 542, the cost of complying with new part 543 should be 
minimal.

Paperwork Reduction Act

    This proposed regulation requires an information collection under 
the Paperwork Reduction Act, 44 U.S.C. 3501 et seq., as did the 
regulation it replaces. There is no change to the paperwork 
requirements created by this rule.

Unfunded Mandates Reform Act

    The Commission, as an independent regulatory agency within the 
Department of the Interior, is exempt from compliance with the Unfunded 
Mandates Reform Act, 2 U.S.C. 1502(1); 2 U.S.C. 658(1).

Takings

    In accordance with Executive Order 12630, the Commission has 
determined that this proposed rule does not have significant takings 
implications. A takings implication assessment is not required.

Civil Justice Reform

    In accordance with Executive Order 12988, the Office of General 
Counsel has determined that the proposed rule does not unduly burden 
the judicial system and meets the requirements of sections 3(a) and 
3(b)(2) of the Order.

National Environmental Policy Act

    The Commission has determined that this proposed rule does not 
constitute a major federal action significantly affecting the quality 
of the human environment and that no detailed statement is required 
pursuant to the National Environmental Policy Act of 1969, 42 U.S.C. 
4321 et seq.

List of Subjects in 25 CFR Parts 542 and 543

    Accounting, Auditing, Gambling, Indian-lands, Indian-tribal 
government, Reporting and recordkeeping requirements.

    Accordingly, for the reasons described in the preamble, the 
Commission proposes to amend its regulations at 25 CFR chapter III as 
follows:

PART 542--MINIMUM INTERNAL CONTROL STANDARDS

    1. The authority citation for part 542 continues to read as 
follows:

    Authority: 25 U.S.C. 2702(c), 2706(b)(10).


Sec.  542.7  [Removed and Reserved]

    2. Section 542.7 is removed and reserved effective [INSERT DATE ONE 
YEAR FROM DATE OF PUBLICATION OF THE FINAL RULE IN THE FEDERAL 
REGISTER].


Sec.  542.16  [Removed and Reserved]

    3. Section 542.16 is removed and reserved effective [INSERT DATE 
ONE YEAR FROM DATE OF PUBLICATION OF THE FINAL RULE IN THE FEDERAL 
REGISTER].
    4. Add new part 543 to read as follows:

PART 543--MINIMUM INTERNAL CONTROL STANDARDS FOR CLASS II GAMING

Sec.
543.1 What does this part cover?,
543.2 What are the definitions for this part?
543.3 How do I comply with this part?
543.4-543.5 [RESERVED]
543.6 Does this part apply to small and charitable gaming 
operations?
543.7 What are the minimum internal control standards for bingo?
543.8-543.15 [RESERVED]
543.16 What are the minimum internal controls for information 
technology?

    Authority: 25 U.S.C. 2701 et seq.


Sec.  543.1  What does this part cover?

    This part, along with Sec. Sec.  542.14 through 542.15, 542.17 
through 542.23, 542.30 through 542.33, and 542.40 through 542.43 of 
this chapter establishes the minimum internal control standards for the 
conduct of Class II bingo and other games similar to bingo on Indian 
lands as described in 25 U.S.C. 2701 et seq. Throughout this part the 
term bingo includes other games similar to bingo.


Sec.  543.2  What are the definitions for this part?

    The definitions in this section shall apply to all sections of this 
part unless otherwise noted.
    Account access component, A component within a Class II gaming 
system that reads or recognizes account access media and gives a patron 
the ability to interact with their account.
    Account access medium, A magnetic stripe card or any other medium 
inserted into, or otherwise made to interact with, an account access 
component in order to give a patron the ability to interact with an 
account.
    Accountability, All financial instruments, receivables, and patron 
deposits constituting the total amount for which the bankroll custodian 
is responsible at a given time.
    Actual bingo win percentage, The percentage calculated by dividing 
the bingo win by the bingo sales. Can be calculated for individual 
prize schedules or type of player interfaces on a per-day or cumulative 
basis.
    Agent, An employee or licensed person authorized by the gaming 
operation, as approved by the tribal gaming regulatory authority, 
designated for certain authorizations, decisions, tasks and actions in 
the gaming operation. This definition is not intended to eliminate nor 
suggests that appropriate management contracts are not required, where 
applicable, as referenced in 25 U.S.C. 2711.
    Amount in, The total value of all financial instruments and 
cashless transactions accepted by the Class II gaming system.
    Amount out, The total value of all financial instruments and 
cashless transactions paid by the Class II gaming system, plus the 
total value of manual payments.
    Bingo paper, A consumable physical object that has one or more 
bingo cards on its face.
    Bingo sales, The value of purchases made by players to participate 
in bingo.
    Bingo win, The result of bingo sales minus prize payouts.
    Cage, A secure work area within the gaming operation for cashiers 
which may include a storage area for the gaming operation bankroll.
    Cash equivalents, The monetary value that a gaming operation may 
assign to a document, financial instrument, or anything else of 
representative value other than cash. A cash equivalent includes, but 
is not limited to, tokens,

[[Page 60499]]

chips, coupons, vouchers, payout slips and tickets, and other items to 
which a gaming operation has assigned an exchange value.
    Cashless system, A system that performs cashless transactions and 
maintains records of those cashless transactions.
    Cashless transaction, A movement of funds electronically from one 
component to another, often to or from a patron deposit account.
    Class II game, A game as described in 25 U.S.C. 2703(7)(A).
    Class II Gaming System, All components, whether or not technologic 
aids in electronic, computer, mechanical, or other technologic form, 
that function together to aid the play of one or more Class II games 
including accounting functions mandated by part 547 of this chapter.
    Commission, The National Indian Gaming Commission.
    Count, The act of counting and recording the drop and/or other 
funds.
    Count room, A secured room where the count is performed.
    Count team, Agents who perform the count.
    Coupon, A financial instrument of fixed wagering value, usually 
paper, that can only be used to acquire non-cashable credits through 
interaction with a voucher system. This does not include instruments 
such as printed advertising material that cannot be validated directly 
by a voucher system.
    Drop, The total amount of financial instruments removed from 
financial instrument storage components in Class II gaming systems.
    Drop period, The period of time that occurs between sequential 
drops.
    Electronic funds transfer, A transfer of funds to or from a Class 
II gaming system through the use of a cashless system, which are 
transfers from an external financial institution.
    Financial instrument, Any tangible item of value tendered in Class 
II game play including but not limited to bills, coins, vouchers, and 
coupons.
    Financial instrument acceptor, Any component that accepts financial 
instruments.
    Financial instrument storage component, Any component that stores 
financial instruments.
    Game software, The operational program or programs that govern the 
play, display of results, and/or awarding of prizes or credits for 
Class II games.
    Gaming Equipment, All electronic, electro-mechanical, mechanical or 
other physical components utilized in the play of Class II games.
    Independent, The separation of functions so that the person or 
process monitoring, reviewing or authorizing the controlled 
transaction(s) is separate from the persons or process performing the 
controlled transaction(s).
    Inter-tribal prize pool, A fund to which multiple tribes contribute 
from which prizes are paid to winning players at a participating tribal 
gaming facility and which is administered by one of the participating 
tribes or a third party, (e.g. progressive prize pools, shared prize 
pools, etc.).
    Internal audit, means persons who perform an audit function of a 
gaming operation that are independent of the department subject to 
audit. Independence is obtained through the organizational reporting 
relationship, as the internal audit department shall not report to 
management of the gaming operation. Internal audit activities should be 
conducted in a manner that permits objective evaluation of areas 
examined. Internal audit personnel may provide audit coverage to more 
than one operation within a tribe's gaming operation holdings.
    Kiosk, A self serve point of sale or other component capable of 
accepting or dispensing financial instruments and may also be capable 
of initiating cashless transactions of values to or from a patron 
deposit account or promotional account.
    Manual payout, The payment to a player of some or all of a player's 
accumulated credits (e.g. short pays, cancelled credits, etc.) or an 
amount owed as a result of a winning event by an agent of the gaming 
operation.
    MICS, Minimum internal control standards in this part.
    Non-cashable credit, Credits given by an operator to a patron; 
placed on a Class II gaming system through a coupon, cashless 
transaction, or other approved means; and capable of activating play 
but not being converted to cash.
    Patron deposit account, An account maintained on behalf of a 
patron, for the purpose of depositing and withdrawing cashable funds 
for the primary purpose of interacting with a gaming activity.
    Patron deposits, The funds placed with a designated cashier by 
patrons for the patrons' use at a future time.
    Player interface, Any component(s) of a Class II gaming system, 
including an electronic or technological aid (not limited to terminals, 
player stations, handhelds, fixed units, etc.) that directly enable(s) 
player interaction in a Class II game.
    Player tracking system, A system typically used by a gaming 
operation to record the amount of play of an individual patron.
    Prize payout, A transaction associated with a winning event.
    Prize schedule, A set of prizes available to players for achieving 
pre-designated patterns in Class II game(s).
    Program Storage Media, An electronic data storage component, such 
as a CD-ROM, EPROM, hard disk, or flash memory on which software is 
stored and from which software is read.
    Progressive prize, A prize that increases by a selectable or 
predefined amount based on play of a Class II game.
    Promotional account, A file, record, or other data structure that 
records transactions involving a patron or patrons that are not 
otherwise recorded in a patron deposit account.
    Promotional prize payout, Merchandise or awards given to players by 
the gaming operation which is based on gaming activity.
    Random number generator (RNG), A software module, hardware 
component or combination of these designed to produce outputs that are 
effectively random.
    Server, A computer which controls one or more applications or 
environments.
    Shift, An eight-hour period, unless otherwise approved by the 
tribal gaming regulatory authority, not to exceed 24 hours.
    Short pay, The payment of the unpaid balance of an incomplete 
payout by a player interface.
    Tier A, Gaming operations with annual gross gaming revenues of more 
than $1 million but not more than $5 million.
    Tier B, Gaming operations with annual gross gaming revenues of more 
than $5 million but not more than $15 million.
    Tier C, Gaming operations with annual gross gaming revenues of more 
than $15 million.
    Tribal Gaming Regulatory Authority, The entity authorized by tribal 
law to regulate gaming conducted pursuant to the Indian Gaming 
Regulatory Act.
    Voucher, A financial instrument of fixed value that can only be 
used to acquire an equivalent value of cashable credits or cash through 
interaction with a voucher system.
    Voucher System, A component of the Class II gaming system or an 
external system that securely maintains records of vouchers and 
coupons; validates payment of vouchers; records successful or failed 
payments of vouchers and coupons; and controls the purging of expired 
vouchers and coupons.


Sec.  543.3  How do I comply with this part?

    (a) Compliance based upon tier.

[Reserved]

[[Page 60500]]

    (b) Determination of tier. [Reserved]
    (c) Tribal internal control standards. Within six months of [INSERT 
DATE OF PUBLICATION OF THE FINAL RULE IN THE FEDERAL REGISTER], each 
tribal gaming regulatory authority shall, in accordance with the tribal 
gaming ordinance, establish or ensure that tribal internal control 
standards are established and implemented that shall:
    (1) Provide a level of control that equals or exceeds those set 
forth in this part;
    (2) Contain standards for currency transaction reporting that 
comply with 31 CFR part 103; and
    (3) Establish a deadline, which shall not exceed six months from 
the date the tribal gaming regulatory authority establishes internal 
controls by which a gaming operation must come into compliance with the 
tribal internal control standards. However, the tribal gaming 
regulatory authority may extend the deadline by an additional six 
months if written notice citing justification is provided to the 
Commission no later than two weeks before the expiration of the nine 
month period.
    (d) Gaming operations. Each gaming operation shall develop and 
implement an internal control system that, at a minimum, complies with 
the tribal internal control standards.
    (1) Existing gaming operations. All gaming operations that are 
operating on or before [INSERT DATE ONE YEAR FROM DATE OF PUBLICATION 
OF THE FINAL RULE IN THE FEDERAL REGISTER], shall comply with this part 
within the time requirements established in paragraph (c) of this 
section. In the interim, such operations shall continue to comply with 
existing tribal internal control standards.
    (2) New gaming operations. All gaming operations that commence 
operations after [INSERT DATE SIX MONTHS FROM DATE OF PUBICATION OF THE 
FINAL RULE IN THE FEDERAL REGISTER], shall comply with this part before 
commencement of operations.
    (e) Submission to Commission. Tribal regulations promulgated 
pursuant to this part shall not be required to be submitted to the 
Commission pursuant to Sec.  522.3(b) of this chapter.
    (f) CPA testing. (1) An independent certified public accountant 
(CPA) shall be engaged to perform ``Agreed-Upon Procedures'' to verify 
that the gaming operation is in compliance with the minimum internal 
control standards (MICS) set forth in this part or a tribally approved 
variance thereto that has received Commission concurrence. The CPA 
shall report each event and procedure discovered by or brought to the 
CPA's attention that the CPA believes does not satisfy the minimum 
standards or tribally approved variance that has received Commission 
concurrence. The ``Agreed-Upon Procedures'' may be performed in 
conjunction with the annual audit. The CPA shall report his or her 
findings to the tribe, tribal gaming regulatory authority, and 
management. The tribe shall submit two copies of the report to the 
Commission within 120 days of the gaming operation's fiscal year end. 
This regulation is intended to communicate the Commission's position on 
the minimum Agreed-Upon Procedures to be performed by the CPA. 
Throughout these regulations, the CPA's engagement and reporting are 
based on Statements on Standards for Attestation Engagements (SSAE's) 
in effect as of December 31, 2003, specifically SSAE 10 (``Revision and 
Recodification Agreed-Upon Procedures Engagements''). If future 
revisions are made to the SSAE's or new SSAE's are adopted that are 
applicable to this type of engagement, the CPA is to comply with any 
new or revised professional standards in conducting engagements 
pursuant to these regulations and the issuance of the agreed-upon 
procedures report. The CPA shall perform the ``Agreed-Upon Procedures'' 
in accordance with the following:
    (i) As a prerequisite to the evaluation of the gaming operation's 
internal control systems, it is recommended that the CPA obtain and 
review an organization chart depicting segregation of functions and 
responsibilities, a description of the duties and responsibilities of 
each position shown on the organization chart, and an accurate, 
detailed narrative description of the gaming operation's procedures in 
effect that demonstrate compliance.
    (ii) Complete the CPA NIGC MICS Compliance checklists or other 
comparable testing procedures. The checklists should measure compliance 
on a sampling basis by performing inspections, observations and 
substantive testing. The CPA shall complete separate checklists for 
bingo and information technology. All questions on each applicable 
checklist should be completed. Work-paper references are suggested for 
all ``no'' responses for the results obtained during testing (unless a 
note in the ``W/P Ref'' can explain the exception).
    (iii) The CPA shall perform, at a minimum, the following procedures 
in conjunction with the completion of the checklists:
    (A) At least one unannounced observation of each of the following: 
financial instrument acceptor drop and count. The AICPA's ``Audits of 
Casinos'' Audit and Accounting Guide provides that observations in the 
casino cage and count room should be unannounced. For purposes of these 
procedures, ``unannounced'' means that no officers, directors, or 
employees are given advance information regarding the dates or times of 
such observations. The independent accountant should make arrangements 
with the gaming operation and tribal gaming regulatory authority to 
ensure proper identification of the CPA's personnel and to provide for 
their prompt access to the count rooms. The checklists should provide 
for drop and count observations. The count room should not be entered 
until the count is in process and the CPA should not leave the room 
until the monies have been counted and verified to the count sheet by 
the CPA and accepted into accountability.
    (B) Observations of the gaming operation's agents as they perform 
their duties.
    (C) Interviews with the gaming operation's agents who perform the 
relevant procedures.
    (D) Compliance testing of various documents relevant to the 
procedures. The scope of such testing should be indicated on the 
checklist where applicable.
    (E) For new gaming operations that have been in operation for three 
months or less at the end of their business year, performance of this 
regulation, this section, is not required for the partial period.
    (2) Alternatively, at the discretion of the tribe, the tribe may 
engage an independent CPA to perform the testing, observations and 
procedures reflected in paragraphs (f)(1)(i), (ii), and (iii) of this 
section utilizing the tribal internal control standards adopted by the 
tribal gaming regulatory authority or tribally approved variance that 
has received Commission concurrence. Accordingly, the CPA will verify 
compliance by the gaming operation with the tribal internal control 
standards. Should the tribe elect this alternative, as a prerequisite, 
the CPA will perform the following:
    (i) The CPA shall compare the tribal internal control standards to 
the MICS to ascertain whether the criteria set forth in the MICS or 
Commission approved variances are adequately addressed.
    (ii) The CPA may utilize personnel of the tribal gaming regulatory 
authority to cross-reference the tribal internal control standards to 
the MICS, provided the CPA performs a review of the tribal gaming 
regulatory authority personnel's work and assumes complete

[[Page 60501]]

responsibility for the proper completion of the work product.
    (iii) The CPA shall report each procedure discovered by or brought 
to the CPA's attention that the CPA believes does not satisfy paragraph 
(f)(2)(i) of this section.
    (3) Reliance on Internal Auditors. (i) The CPA may rely on the work 
of an internal auditor, to the extent allowed by the professional 
standards, for the performance of the recommended procedures specified 
in paragraphs (f)(1)(iii)(B), (C), and (D) of this section, and for the 
completion of the checklists as they relate to the procedures covered 
therein.
    (ii) Agreed-upon procedures are to be performed by the CPA to 
determine that the internal audit procedures performed for a past 12-
month period (includes two six month periods) encompassing a portion or 
all of the most recent business year have been properly completed. The 
CPA will apply the following agreed-upon procedures to the gaming 
operation's written assertion:
    (A) Obtain internal audit department work-papers completed for a 
12-month period (includes two six month periods) encompassing a portion 
or all of the most recent business year and determine whether the CPA 
NIGC MICS Compliance Checklists or other comparable testing procedures 
were included in the internal audit work-papers and all steps described 
in the checklists were initialed or signed by an internal audit 
representative.
    (B) For the internal audit work-papers obtained in paragraph 
(f)(3)(ii)(A) of this section, on a sample basis, re-perform the 
procedures included in CPA NIGC MICS Compliance Checklists or other 
comparable testing procedures prepared by internal audit and determine 
if all instances of noncompliance noted in the sample were documented 
as such by internal audit. The CPA NIGC MICS Compliance Checklists or 
other comparable testing procedures for the applicable Drop and Count 
procedures are not included in the sample re-performance of procedures 
because the CPA is required to perform the drop and count observations 
as required under paragraph (f)(1)(iii)(A) of this section of the 
agreed-upon procedures. The CPA's sample should comprise a minimum of 
three percent of the procedures required in each CPA NIGC MICS 
Compliance Checklist or other comparable testing procedures for the 
bingo department and five percent for the other departments completed 
by internal audit in compliance with the internal audit MICS. The re-
performance of procedures is performed as follows:
    (1) For inquiries, the CPA should either speak with the same 
individual or an individual of the same job position as the internal 
auditor did for the procedure indicated in the CPA checklist.
    (2) For observations, the CPA should observe the same process as 
the internal auditor did for the procedure as indicated in their 
checklist.
    (3) For document testing, the CPA should look at the same original 
document as tested by the internal auditor for the procedure as 
indicated in their checklist. The CPA need only retest the minimum 
sample size required in the checklist.
    (C) The CPA is to investigate and document any differences between 
their re-performance results and the internal audit results.
    (D) Documentation shall be maintained for five years by the CPA 
indicating the procedures re-performed along with the results.
    (E) When performing the procedures for paragraph (f)(3)(ii)(B) of 
this section in subsequent years, the CPA must select a different 
sample so that the CPA will re-perform substantially all of the 
procedures after several years.
    (F) Additional procedures performed at the request of the 
Commission, the tribal gaming regulatory authority or management should 
be included in the Agreed-Upon Procedures report transmitted to the 
Commission.
    (4) Report Format. The NIGC has concluded that the performance of 
these procedures is an attestation engagement in which the CPA applies 
such Agreed-Upon Procedures to the gaming operation's assertion that it 
is in compliance with the MICS and, if applicable under paragraph 
(f)(2) of this section, the tribal internal control standards and 
approved variances, provide a level of control that equals or exceeds 
that of the MICS. Accordingly, the Statements on Standards for 
Attestation Engagements (SSAE's), specifically SSAE 10, issued by the 
Auditing Standards Board is applicable. SSAE 10 provides current, 
pertinent guidance regarding agreed-upon procedure engagements, and the 
sample report formats included within those standards should be used, 
as appropriate, in the preparation of the CPA's agreed-upon procedures 
report. If future revisions are made to this standard or new SSAE's are 
adopted that are applicable to this type of engagement, the CPA is to 
comply with any revised professional standards in issuing their agreed 
upon procedures report. The Commission will provide an example report 
and letter formats upon request that may be used and contain all of the 
information discussed below. The report must describe all instances of 
procedural noncompliance (regardless of materiality) with the MICS or 
approved variations, and all instances where the tribal gaming 
regulatory authority's regulations do not comply with the MICS. When 
describing the agreed-upon procedures performed, the CPA should also 
indicate whether procedures performed by other individuals were 
utilized to substitute for the procedures required to be performed by 
the CPA. For each instance of noncompliance noted in the CPA's agreed-
upon procedures report, the following information must be included: The 
citation of the applicable MICS for which the instance of noncompliance 
was noted; a narrative description of the noncompliance, including the 
number of exceptions and sample size tested.
    (5) Report Submission Requirements. (i) The CPA shall prepare a 
report of the findings for the tribe and management. The tribe shall 
submit two copies of the report to the Commission no later than 120 
days after the gaming operation's business year end. This report should 
be provided in addition to any other reports required to be submitted 
to the Commission.
    (ii) The CPA should maintain the work-papers supporting the report 
for a minimum of five years. Digital storage is acceptable. The 
Commission may request access to these work-papers, through the tribe.
    (6) CPA NIGC MICS Compliance Checklists. In connection with the CPA 
testing pursuant to this section and as referenced therein, the 
Commission will provide CPA MICS Compliance Checklists upon request.
    (g) Enforcement of Commission Minimum Internal Control Standards. 
(1) Each tribal gaming regulatory authority is required to establish 
and implement internal control standards pursuant to paragraph (c) of 
this section. Each gaming operation is then required, pursuant to 
paragraph (d) of this section, to develop and implement an internal 
control system that complies with the tribal internal control 
standards. Failure to do so may subject the tribal operator of the 
gaming operation, or the management contractor, to penalties under 25 
U.S.C. 2713.
    (2) Recognizing that tribes are the primary regulator of their 
gaming operation(s), enforcement action by the Commission will not be 
initiated under this part without first informing the tribe and tribal 
gaming regulatory authority of deficiencies in the internal controls of 
its gaming operation and

[[Page 60502]]

allowing a reasonable period of time to address such deficiencies. Such 
prior notice and opportunity for corrective action is not required 
where the threat to the integrity of the gaming operation is immediate 
and severe.


Sec. Sec.  543.4-543.5  [Reserved]


Sec.  543.6  Does this part apply to small and charitable gaming 
operations?

    (a) Small gaming operations. This part shall not apply to small 
gaming operations provided that:
    (1) The tribal gaming regulatory authority permits the operation to 
be exempt from this part;
    (2) The annual gross gaming revenue of the operation does not 
exceed $1 million; and
    (3) The tribal gaming regulatory authority develops and the 
operation complies with alternate procedures that:
    (i) Protect the integrity of games offered;
    (ii) Safeguard the assets used in connection with the operation; 
and
    (iii) Create, prepare and maintain records in accordance with 
Generally Accepted Accounting Principles.
    (b) Charitable gaming operations. This part shall not apply to 
charitable gaming operations provided that:
    (1) All proceeds are for the benefit of a charitable organization;
    (2) The tribal gaming regulatory authority permits the charitable 
organization to be exempt from this part;
    (3) The charitable gaming operation is operated wholly by the 
charitable organization's agents;
    (4) The annual gross gaming revenue of the charitable operation 
does not exceed $1 million; and
    (5) The tribal gaming regulatory authority develops and the 
charitable gaming operation complies with alternate procedures that:
    (i) Protect the integrity of the games offered;
    (ii) Safeguard the assets used in connection with the gaming 
operation; and
    (iii) Create, prepare and maintain records in accordance with 
Generally Accepted Accounting Principles.
    (c) Independent operators. Nothing in this section shall exempt 
gaming operations conducted by independent operators for the benefit of 
a charitable organization.


Sec.  543.7  What are the minimum internal control standards for bingo?

    (a) Bingo Cards--(1) Inventory of bingo paper. (i) The bingo paper 
inventory shall be controlled so as to assure the integrity of the 
bingo paper being used as follows:
    (A) When received, bingo paper shall be inventoried and secured by 
an authorized agent(s) independent of bingo sales;
    (B) The issue of bingo paper to the cashiers shall be documented 
and signed for by the authorized agent(s) responsible for inventory 
control and a cashier. The bingo control log shall include the series 
number of the bingo paper;
    (C) The bingo control log shall be utilized by the gaming operation 
to verify the integrity of the bingo paper being used; and
    (D) Once each month, an authorized agent(s) independent of both 
bingo paper sales and bingo paper inventory control shall verify the 
accuracy of the ending balance in the bingo control log by reconciling 
it with the bingo paper inventory.
    (ii) Paragraph (a)(1) of this section does not apply where no 
physical inventory is applicable.
    (2) Bingo Sales. (i) There shall be an accurate accounting of all 
bingo sales.
    (ii) All bingo sales records shall include the following 
information:
    (A) Date;
    (B) Time;
    (C) Shift or session;
    (D) Sales transaction identifiers, which may be the unique card 
identifier(s) sold or when electronic bingo card faces are sold, the 
unique identifiers of the card faces sold;
    (E) Quantity of bingo cards sold;
    (F) Dollar amount of bingo sales;
    (G) Signature, initials, or identification of the agent or device 
who conducted the bingo sales; and
    (H) When bingo sales are recorded manually, total sales are 
verified by an authorized agent independent of the bingo sales being 
verified and the signature, initials, or identification of the 
authorized agent who verified the bingo sales is recorded.
    (iii) No person shall have unrestricted access to modify bingo 
sales records.
    (iv) An authorized agent independent of the seller shall perform 
the following standards for each seller at the end of each session:
    (A) Reconcile the documented total dollar amount of cards sold to 
the documented quantity of cards sold;
    (B) Note any variances; and
    (C) Appropriately investigate any noted variances with the results 
of the follow-up documented.
    (3) Voiding bingo cards. (i) Procedures shall be established and 
implemented to prevent the voiding of card sales after the start of the 
calling of the game for which the bingo card was sold. Cards may not be 
voided after the start of a game for which the card was sold.
    (ii) When a bingo card must be voided the following controls shall 
apply as relevant:
    (A) A non-electronic bingo card shall be marked void; and
    (B) The authorization of the void, by an authorized agent 
independent of the original sale transaction (supervisor recommended), 
shall be recorded either by signature on the bingo card or by 
electronically associating the void authorization to the sale 
transaction of the voided bingo card.
    (4) Re-issue of previously sold bingo cards. When one or more 
previously sold bingo cards need to be reissued, the following controls 
shall apply: the original sale of the bingo cards must be verified; and 
the reissue of the bingo cards must be documented, including the 
identity of the agent authorizing re-issuance.
    (b) Draw--(1) Verification and display. (i) Procedures shall be 
established and implemented to ensure the identity of each object drawn 
is accurately recorded and transmitted to the participants. The 
procedures must identify the method used to ensure the identity of each 
object drawn.
    (ii) For all games offering a prize payout of $1,200 or more, as 
the objects are drawn the identity of the objects shall be immediately 
recorded and maintained for a minimum of 24 hours.
    (iii) Controls shall be present to assure that all objects eligible 
for the draw are available to be drawn prior to the next draw.
    (c) Manual Payouts and Short Pays. (1) Procedures shall be 
established and implemented to prevent unauthorized access or 
fraudulent transactions using manual payout documents, including:
    (i) Payout documents shall be controlled and completed in a manner 
that is intended to prevent a custodian of funds from altering the 
dollar amount on all parts of the payout document subsequent to the 
manual payout and misappropriating the funds.
    (ii) Payout documents shall be controlled and completed in a manner 
that deters any one individual from initiating and producing a 
fraudulent payout document, obtaining the funds, forging signatures on 
the payout document, routing all parts of the document, and 
misappropriating the funds. Recommended procedures of this standard 
include but are not limited to the following:
    (A) Funds are issued either to a second verifier of the manual 
payout (i.e., someone other than the agents who generated/requested the 
payout) or to two agents concurrently (i.e., the generator/requestor of 
the document

[[Page 60503]]

and the verifier of the manual payout). Both witness the manual payout; 
or
    (B) The routing of one part of the completed document is under the 
physical control (e.g., dropped in a locked box) of an agent other than 
the agent that obtained/issued the funds and the agent that obtained/
issued the funds must not be able to place the document in the locked 
box.
    (iii) Segregation of responsibilities. The functions of sales and 
prize payout verification shall be segregated, if performed manually. 
Agents who sell bingo cards on the floor shall not verify bingo cards 
for prize payouts with bingo cards in their possession of the same type 
as the bingo card being verified for the game. Floor clerks who sell 
bingo cards on the floor are permitted to announce the identifiers of 
winning bingo cards.
    (iv) Validation. Procedures shall be established and implemented to 
determine the validity of the claim prior to the payment of a prize 
(i.e., bingo card was sold for the game played, not voided, etc.) by at 
least two persons.
    (v) Verification. Procedures shall be established and implemented 
to ensure that at least two persons verify the winning pattern has been 
achieved on the winning card prior to the payment of a prize.
    (vi) Authorization and Signatures. (A) A Class II gaming system may 
substitute as one authorization/signature verifying, validating or 
authorizing a winning card of less than $1,200 or other manual payout. 
Where a Class II gaming system substitutes as an authorization/
signature, the manual payout is subject to the limitations provided in 
this section.
    (B) For manual prize payouts of $1,200 or more and less than a 
predetermined amount not to exceed $50,000, at least two agents must 
authorize, sign and witness the manual prize payout.
    (1) Manual prize payouts over a predetermined amount not to exceed 
$50,000 shall require one of the two signatures and verifications to be 
a supervisory or management employee independent of the operation of 
bingo.
    (2) This predetermined amount, not to exceed $50,000, shall be 
authorized by management, approved by the tribal gaming regulatory 
authority, documented, and maintained.
    (2) Documentation, including;
    (i) Manual payouts and short-pays exceeding $10 shall be documented 
on a two-part form, of which a restricted system record can be 
considered one part of the form, and documentation shall include the 
following information:
    (A) Date and time;
    (B) Player interface identifier or game identifier;
    (C) Dollar amount paid (both alpha and numeric) or description of 
personal property awarded, including fair market value. Alpha is 
optional if another unalterable method is used for evidencing the 
amount paid;
    (D) Type of manual payout (e.g., Prize payout, external bonus 
payout, short pay, etc.);
    (E) Game outcome (e.g., patterns, symbols, bingo card identifier/
description, etc.) for manual prize payouts, external bonus 
description, reason for short pay, etc.;
    (F) Preprinted or concurrently printed sequential manual payout 
identifier; and
    (G) Signatures or other authorizations, as required by this part.
    (ii) For short-pays of $10 or less, the documentation (single-part 
form or log is acceptable) shall include the following information:
    (A) Date and time;
    (B) Player interface number;
    (C) Dollar amount paid (both alpha and numeric). Alpha is optional 
if another unalterable method is used for evidencing the amount paid;
    (D) The signature of at least one agent verifying and witnessing 
the short pay; and
    (E) Reason for short pay.
    (iii) In other situations that allow an agent to input a prize 
payout or change the dollar amount of the prize payout by more than $1 
in a Class II gaming system that has an automated prize payout 
component, two agents, one of which is a supervisory employee, must be 
physically involved in verifying and witnessing the prize payout.
    (iv) For manually paid promotional prize payouts, as a result of 
the play of a game and where the amount paid is not included in the 
prize schedule, the documentation (single-part form or log is 
acceptable) shall include the following information:
    (A) Date and time;
    (B) Player interface number;
    (C) Dollar amount paid (both alpha and numeric). Alpha is optional 
if another unalterable method is used for evidencing the amount paid;
    (D) The signature of at least one agent verifying and witnessing 
the manual promotional prize payout of $599 or less and two agents 
verifying and witnessing the manual promotional prize payout exceeding 
$599;
    (E) Description or name of the promotion; and
    (F) Total amount of manual promotional prize payouts shall be 
recorded by shift, session or other relevant time period.
    (v) When a controlled manual payout document is voided, the agent 
completing the void shall clearly mark ``void'' across the face of the 
document, sign across the face of the document and all parts of the 
document shall be retained for accountability.
    (d) Operational controls. (1) Procedures shall be established and 
implemented with the intent to prevent unauthorized access to or 
fraudulent transactions involving cash or cash equivalents.
    (2) Cash or cash equivalents exchanged between two persons shall be 
counted independently by at least two persons and reconciled to the 
recorded amounts at the end of each shift or if applicable each 
session. Unexplained variances shall be documented and maintained. 
Unverified transfers of cash or cash equivalents are prohibited.
    (3) Procedures shall be established and implemented to control cash 
or cash equivalents in accordance with this section and based on the 
amount of the transaction. These procedures include but are not limited 
to, counting and recording on an accountability form by shift, session 
or relevant time period the following:
    (i) Inventory, including any increases or decreases;
    (ii) Transfers;
    (iii) Exchanges, including acknowledging signatures or initials; 
and
    (iv) Resulting variances.
    (4) Any change of control of accountability, exchange or transfer 
shall require the cash or cash equivalents be counted and recorded 
independently by at least two persons and reconciled to the recorded 
amount.
    (e) Gaming equipment. (1) Procedures shall be established and 
implemented with the intention to restrict access to agents for the 
following:
    (i) Controlled gaming equipment/components (e.g., draw objects, and 
back-up draw objects); and
    (ii) Random number generator software. (Additional information 
technology security standards can be found in Sec.  543.16 of this 
part)
    (2) The critical proprietary software components of a Class II 
gaming system will be identified in the test laboratory report. When 
initially received, the software shall be verified to be authentic 
copies, as certified by the independent testing laboratory.
    (3) Procedures shall be established relating to the periodic 
inspection, maintenance, testing, and documentation of a random 
sampling of gaming equipment/components, including but not limited to:

[[Page 60504]]

    (i) Software related to game outcome shall be authenticated semi-
annually by an agent independent of bingo operations by comparing 
signatures against the test laboratory letter on file with the tribal 
gaming regulatory authority for that version.
    (ii) Class II gaming system interfaces to external systems shall be 
tested annually for accurate communications and appropriate logging of 
events.
    (4) Records shall be maintained for each player interface that 
indicate the date the player interface was placed into service or made 
available for play, the date the player interface was removed from 
service and not available for play, and any changes in player interface 
identifiers.
    (f) Voucher systems. (1) The voucher system shall be utilized to 
verify the authenticity of each voucher or coupon redeemed.
    (2) If the voucher is valid, the patron is paid the appropriate 
amount.
    (3) Procedures shall be established and implemented to document the 
payment of a claim on a voucher that is not physically available or a 
voucher that cannot be validated (e.g., mutilated, expired, lost, 
stolen, etc.).
    (i) If paid, appropriate documentation is retained for 
reconciliation purposes.
    (ii) Payment of a voucher for $50 or more, a supervisory employee 
shall review the applicable voucher system, player interface or other 
transaction history records to verify the validity of the voucher and 
initial the voucher or documentation prior to payment.
    (4) Vouchers redeemed shall remain in the cashier's accountability 
for reconciliation purposes. The voucher redemption system reports 
shall be used to ensure all paid vouchers have been validated.
    (5) Vouchers paid during a period while the voucher system is 
temporarily out of operation shall be marked ``paid'', initialed and 
dated by the cashier. If the voucher is greater than a predetermined 
amount approved (not to exceed $500), a supervisory employee shall 
approve the payment and evidence that approval by initialing the 
voucher prior to payment.
    (6) Paid vouchers are maintained in the cashier's accountability 
for reconciliation purposes.
    (7) Upon restored operation of the voucher system, vouchers 
redeemed while the voucher system was temporarily out of operation 
shall be validated as expeditiously as possible.
    (8) Unredeemed vouchers can only be voided in the voucher system by 
supervisory employees. The supervisory employee completing the void 
shall clearly mark ``void'' across the face of the voucher and sign 
across the face of the voucher, if available. The accounting department 
will maintain the voided voucher, if available.
    (g) Patron accounts and cashless systems. (1) All smart cards 
(i.e., cards that possess the means to electronically store or retrieve 
data) that maintain the only source of account data are prohibited.
    (2) For patron deposit accounts the following standards shall 
apply:
    (i) For each patron deposit account, an agent shall:
    (A) Require the patron to personally appear at the gaming 
operation;
    (B) Record the type of identification credential examined, the 
credential number, the expiration date of credential, and the date 
credential was examined. (Note: A patron's driver's license is the 
preferred method for verifying the patron's identity. A passport, non-
resident alien identification card, other government issued 
identification credential or another picture identification credential 
normally acceptable as a means of identification when cashing checks, 
may also be used.);
    (C) Record the patron's name and may include another identifier 
(e.g., nickname, title, etc.) of the patron, if requested by patron;
    (D) Record a unique identity for each patron deposit account;
    (E) Record the date the account was opened; and
    (F) Provide the account holder with a secure method of access to 
the account.
    (ii) Patron deposit accounts shall be established for patrons at 
designated areas of accountability and the creation of the account must 
meet all the controls of paragraph (g)(2)(i) of this section when the 
patron makes an initial deposit of cash or cash equivalents.
    (iii) If patron deposit account adjustments may be made by the 
operation, the operation must be authorized by the account holder to 
make necessary adjustments. This requirement can be met through the 
collection of a single authorization that covers the life of the patron 
deposit account.
    (iv) Patron deposits & withdrawals. (A) Prior to the patron making 
a withdrawal from a patron deposit account, the cashier shall verify 
the identity of the patron and availability of funds. Reliance on a 
secured Personal Identification Number (PIN) entered by the patron is 
an acceptable method of verifying patron identity.
    (B) A multi-part deposit/withdrawal record shall be created when 
the transaction is processed by a cashier, including;
    (1) Same document number on all copies;
    (2) Type of transaction, deposit or withdrawal;
    (3) Name or other identifier of the patron;
    (4) At least the last four digits of the account identifier;
    (5) Patron signature for withdrawals, unless a secured PIN is 
utilized by the patron;
    (6) Date of transaction;
    (7) Dollar amount of transaction;
    (8) Nature of deposit or with