25 CFR § 542.13 - What are the minimum internal control standards for gaming machines?
(a) Standards for gaming machines.
(1) For this section only, credit or customer credit means a unit of value equivalent to cash or cash equivalents deposited, wagered, won, lost, or redeemed by a customer.
(2) Coins shall include tokens.
(3) For all computerized gaming machine systems, a personnel access listing shall be maintained, which includes at a minimum:
(i) Employee name or employee identification number (or equivalent); and
(ii) Listing of functions employee can perform or equivalent means of identifying same.
(b) Computer applications. For any computer applications utilized, alternate documentation and/or procedures that provide at least the level of control described by the standards in this section, as approved by the Tribal gaming regulatory authority, will be acceptable.
(c) Standards for drop and count. The procedures for the collection of the gaming machine drop and the count thereof shall comply with § 542.21, § 542.31, or § 542.41 (as applicable).
(d) Jackpot payouts, gaming machines fills, short pays and accumulated credit payouts standards.
(1) For jackpot payouts and gaming machine fills, documentation shall include the following information:
(i) Date and time;
(ii) Machine number;
(iii) Dollar amount of cash payout or gaming machine fill (both alpha and numeric) or description of personal property awarded, including fair market value. Alpha is optional if another unalterable method is used for evidencing the amount of the payout;
(iv) Game outcome (including reel symbols, card values, suits, etc.) for jackpot payouts. Game outcome is not required if a computerized jackpot/fill system is used;
(v) Preprinted or concurrently printed sequential number; and
(vi) Signatures of at least two employees verifying and witnessing the payout or gaming machine fill (except as otherwise provided in paragraphs (d)(1)(vi)(A), (B), and (C) of this section).
(A) Jackpot payouts over a predetermined amount shall require the signature and verification of a supervisory or management employee independent of the gaming machine department (in addition to the two signatures required in paragraph (d)(1)(vi) of this section). Alternatively, if an on-line accounting system is utilized, only two signatures are required: one employee and one supervisory or management employee independent of the gaming machine department. This predetermined amount shall be authorized by management (as approved by the Tribal gaming regulatory authority), documented, and maintained.
(B) With regard to jackpot payouts and hopper fills, the signature of one employee is sufficient if an on-line accounting system is utilized and the jackpot or fill is less than $1,200.
(C) On graveyard shifts (eight-hour maximum) payouts/ fills less than $100 can be made without the payout/fill being witnessed by a second person.
(2) For short pays of $10.00 or more, and payouts required for accumulated credits, the payout form shall include the following information:
(i) Date and time;
(ii) Machine number;
(iii) Dollar amount of payout (both alpha and numeric); and
(iv) The signature of at least one (1) employee verifying and witnessing the payout.
(A) Where the payout amount is $50 or more, signatures of at least two (2) employees verifying and witnessing the payout. Alternatively, the signature of one (1) employee is sufficient if an on-line accounting system is utilized and the payout amount is less than $3,000.
(B) [Reserved]
(3) Computerized jackpot/fill systems shall be restricted so as to prevent unauthorized access and fraudulent payouts by one person as required by § 542.16(a).
(4) Payout forms shall be controlled and routed in a manner that precludes any one person from producing a fraudulent payout by forging signatures or by altering the amount paid out subsequent to the payout and misappropriating the funds.
(e) Promotional payouts or awards.
(1) If a gaming operation offers promotional payouts or awards that are not reflected on the gaming machine pay table, then the payout form/documentation shall include:
(i) Date and time;
(ii) Machine number and denomination;
(iii) Dollar amount of payout or description of personal property (e.g., jacket, toaster, car, etc.), including fair market value;
(iv) Type of promotion (e.g., double jackpots, four-of-a-kind bonus, etc.); and
(v) Signature of at least one employee authorizing and completing the transaction.
(2) [Reserved]
(f) Gaming machine department funds standards.
(1) The gaming machine booths and change banks that are active during the shift shall be counted down and reconciled each shift by two employees utilizing appropriate accountability documentation. Unverified transfers of cash and/or cash equivalents are prohibited.
(2) The wrapping of loose gaming machine booth and cage cashier coin shall be performed at a time or location that does not interfere with the hard count/wrap process or the accountability of that process.
(3) A record shall be maintained evidencing the transfers of wrapped and un wrapped coins and retained for seven (7) days.
(g) EPROM control standards.
(1) At least annually, procedures shall be performed to insure the integrity of a sample of gaming machine game program EPROMs, or other equivalent game software media, by personnel independent of the gaming machine department or the machines being tested.
(2) The Tribal gaming regulatory authority, or the gaming operation subject to the approval of the Tribal gaming regulatory authority, shall develop and implement procedures for the following:
(i) Removal of EPROMs, or other equivalent game software media, from devices, the verification of the existence of errors as applicable, and the correction via duplication from the master game program EPROM, or other equivalent game software media;
(ii) Copying one gaming device program to another approved program;
(iii) Verification of duplicated EPROMs before being offered for play;
(iv) Receipt and destruction of EPROMs, or other equivalent game software media; and
(v) Securing the EPROM, or other equivalent game software media, duplicator, and master game EPROMs, or other equivalent game software media, from unrestricted access.
(3) The master game program number, par percentage, and the pay table shall be verified to the par sheet when initially received from the manufacturer.
(4) Gaming machines with potential jackpots in excess of $100,000 shall have the game software circuit boards locked or physically sealed. The lock or seal shall necessitate the presence of a person independent of the gaming machine department to access the device game program EPROM, or other equivalent game software media. If a seal is used to secure the board to the frame of the gaming device, it shall be pre-numbered.
(5) Records that document the procedures in paragraph (g)(2)(i) of this section shall include the following information:
(i) Date;
(ii) Machine number (source and destination);
(iii) Manufacturer;
(iv) Program number;
(v) Personnel involved;
(vi) Reason for duplication;
(vii) Disposition of any permanently removed EPROM, or other equivalent game software media;
(viii) Seal numbers, if applicable; and
(ix) Approved testing lab approval numbers, if available.
(6) EPROMS, or other equivalent game software media, returned to gaming devices shall be labeled with the program number. Supporting documentation shall include the date, program number, information identical to that shown on the manufacturer's label, and initials of the person replacing the EPROM, or other equivalent game software media.
(h) Standards for evaluating theoretical and actual hold percentages.
(1) Accurate and current theoretical hold worksheets shall be maintained for each gaming machine.
(2) For multi-game/multi-denominational machines, an employee or department independent of the gaming machine department shall:
(i) Weekly, record the total coin-in meter;
(ii) Quarterly, record the coin-in meters for each paytable contained in the machine; and
(iii) On an annual basis, adjust the theoretical hold percentage in the gaming machine statistical report to a weighted average based upon the ratio of coin-in for each game paytable.
(3) For those gaming operations that are unable to perform the weighted average calculation as required by paragraph (h)(2) of this section, the following procedures shall apply:
(i) On at least an annual basis, calculate the actual hold percentage for each gaming machine;
(ii) On at least an annual basis, adjust the theoretical hold percentage in the gaming machine statistical report for each gaming machine to the previously calculated actual hold percentage; and
(iii) The adjusted theoretical hold percentage shall be within the spread between the minimum and maximum theoretical payback percentages.
(4) The adjusted theoretical hold percentage for multi-game/multi-denominational machines may be combined for machines with exactly the same game mix throughout the year.
(5) The theoretical hold percentages used in the gaming machine analysis reports should be within the performance standards set by the manufacturer.
(6) Records shall be maintained for each machine indicating the dates and type of changes made and the recalculation of theoretical hold as a result of the changes.
(7) Records shall be maintained for each machine that indicate the date the machine was placed into service, the date the machine was removed from operation, the date the machine was placed back into operation, and any changes in machine numbers and designations.
(8) All of the gaming machines shall contain functioning meters that shall record coin-in or credit-in, or on-line gaming machine monitoring system that captures similar data.
(9) All gaming machines with bill acceptors shall contain functioning billing meters that record the dollar amounts or number of bills accepted by denomination.
(10) Gaming machine in-meter readings shall be recorded at least weekly (monthly for Tier A and Tier B gaming operations) immediately prior to or subsequent to a gaming machine drop. On-line gaming machine monitoring systems can satisfy this requirement. However, the time between readings may extend beyond one week in order for a reading to coincide with the end of an accounting period only if such extension is for no longer than six (6) days.
(11) The employee who records the in-meter reading shall either be independent of the hard count team or shall be assigned on a rotating basis, unless the in-meter readings are randomly verified quarterly for all gaming machines and bill acceptors by a person other than the regular in-meter reader.
(12) Upon receipt of the meter reading summary, the accounting department shall review all meter readings for reasonableness using pre-established parameters.
(13) Prior to final preparation of statistical reports, meter readings that do not appear reasonable shall be reviewed with gaming machine department employees or other appropriate designees, and exceptions documented, so that meters can be repaired or clerical errors in the recording of meter readings can be corrected.
(14) A report shall be produced at least monthly showing month-to-date, year-to-date (previous twelve (12) months data preferred), and if practicable, life-to-date actual hold percentage computations for individual machines and a comparison to each machine's theoretical hold percentage previously discussed.
(15) Each change to a gaming machine's theoretical hold percentage, including progressive percentage contributions, shall result in that machine being treated as a new machine in the statistical reports (i.e., not commingling various hold percentages), except for adjustments made in accordance with paragraph (h)(2) of this section.
(16) If promotional payouts or awards are included on the gaming machine statistical reports, it shall be in a manner that prevents distorting the actual hold percentages of the affected machines.
(17) The statistical reports shall be reviewed by both gaming machine department management and management employees independent of the gaming machine department on at least a monthly basis.
(18) For those machines that have experienced at least 100,000 wagering transactions, large variances (three percent (3%) recommended) between theoretical hold and actual hold shall be investigated and resolved by a department independent of the gaming machine department with the findings documented and provided to the Tribal gaming regulatory authority upon request in a timely manner.
(19) Maintenance of the on-line gaming machine monitoring system data files shall be performed by a department independent of the gaming machine department. Alternatively, maintenance may be performed by gaming machine supervisory employees if sufficient documentation is generated and it is randomly verified on a monthly basis by employees independent of the gaming machine department.
(20) Updates to the on-line gaming machine monitoring system to reflect additions, deletions, or movements of gaming machines shall be made at least weekly prior to in-meter readings and the weigh process.
(i) Gaming machine hopper contents standards.
(1) When machines are temporarily removed from the floor, gaming machine drop and hopper contents shall be protected to preclude the misappropriation of stored funds.
(2) When machines are permanently removed from the floor, the gaming machine drop and hopper contents shall be counted and recorded by at least two employees with appropriate documentation being routed to the ac counting department for proper recording and ac counting for initial hopper loads.
(j) Player tracking system.
(1) The following standards apply if a player tracking system is utilized:
(i) The player tracking system shall be secured so as to prevent unauthorized access (e.g., changing passwords at least quarterly and physical access to computer hardware, etc.).
(ii) The addition of points to members' accounts other than through actual gaming machine play shall be sufficiently documented (including substantiation of reasons for increases) and shall be authorized by a department independent of the player tracking and gaming machines. Alternatively, addition of points to members' accounts may be authorized by gaming machine supervisory employees if sufficient documentation is generated and it is randomly verified by employees independent of the gaming machine department on a quarterly basis.
(iii) Booth employees who redeem points for members shall be allowed to receive lost players club cards, provided that they are immediately deposited into a secured container for retrieval by independent personnel.
(iv) Changes to the player tracking system parameters, such as point structures and employee access, shall be performed by supervisory employees independent of the gaming machine department. Alternatively, changes to player tracking system parameters may be performed by gaming machine supervisory employees if sufficient documentation is generated and it is randomly verified by supervisory employees independent of the gaming machine department on a monthly basis.
(v) All other changes to the player tracking system shall be appropriately documented.
(2) [Reserved]
(k) In-house progressive gaming machine standards.
(1) A meter that shows the amount of the progressive jackpot shall be conspicuously displayed at or near the machines to which the jackpot applies.
(2) At least once each day, each gaming operation shall record the amount shown on each progressive jackpot meter at the gaming operation except for those jackpots that can be paid directly from the machine's hopper;
(3) Explanations for meter reading decreases shall be maintained with the progressive meter reading sheets, and where the payment of a jackpot is the explanation for a decrease, the gaming operation shall record the jackpot payout number on the sheet or have the number reasonably available; and
(4) Each gaming operation shall record the base amount of each progressive jackpot the gaming operation offers.
(5) The Tribal gaming regulatory authority shall approve procedures specific to the transfer of progressive amounts in excess of the base amount to other gaming machines. Such procedures may also include other methods of distribution that accrue to the benefit of the gaming public via an award or prize.
(l) Wide area progressive gaming machine standards.
(1) A meter that shows the amount of the progressive jackpot shall be conspicuously displayed at or near the machines to which the jackpot applies.
(2) As applicable to participating gaming operations, the wide area progressive gaming machine system shall be adequately restricted to prevent unauthorized access (e.g., changing passwords at least quarterly, restrict access to EPROMs or other equivalent game software media, and restrict physical access to computer hardware, etc.).
(3) The Tribal gaming regulatory authority shall approve procedures for the wide area progressive system that:
(i) Reconcile meters and jackpot payouts;
(ii) Collect/drop gaming machine funds;
(iii) Verify jackpot, payment, and billing to gaming operations on pro-rata basis;
(iv) System maintenance;
(v) System accuracy; and
(vi) System security.
(4) Reports, where applicable, adequately documenting the procedures required in paragraph (l)(3) of this section shall be generated and retained.
(m) Accounting/auditing standards.
(1) Gaming machine accounting/auditing procedures shall be performed by employees who are independent of the transactions being reviewed.
(2) For on-line gaming machine monitoring systems, procedures shall be performed at least monthly to verify that the system is transmitting and receiving data from the gaming machines properly and to verify the continuing accuracy of the coin-in meter readings as recorded in the gaming machine statistical report.
(3) For weigh scale and currency interface systems, for at least one drop period per month ac counting/auditing employees shall make such comparisons as necessary to the system generated count as recorded in the gaming machine statistical report. Discrepancies shall be resolved prior to generation/distribution of gaming machine reports.
(4) For each drop period, accounting/auditing personnel shall compare the coin-to-drop meter reading to the actual drop amount. Discrepancies should be resolved prior to generation/distribution of on-line gaming machine monitoring system statistical reports.
(5) Follow-up shall be performed for any one machine having an unresolved variance between actual coin drop and coin-to-drop meter reading in excess of three percent (3%) and over $25.00. The follow-up performed and results of the investigation shall be documented, maintained for inspection, and provided to the Tribal gaming regulatory authority upon request.
(6) For each drop period, accounting/auditing employees shall compare the bill-in meter reading to the total bill acceptor drop amount for the period. Discrepancies shall be resolved before the generation/distribution of gaming machine statistical reports.
(7) Follow-up shall be performed for any one machine having an unresolved variance between actual currency drop and bill-in meter reading in excess of an amount that is both more than $25 and at least three percent (3%) of the actual currency drop. The follow-up performed and results of the investigation shall be documented, maintained for inspection, and provided to the Tribal gaming regulatory authority upon request.
(8) At least annually, accounting/auditing personnel shall randomly verify that EPROM or other equivalent game software media changes are properly reflected in the gaming machine analysis reports.
(9) Accounting/auditing employees shall review exception reports for all computerized gaming machine systems on a daily basis for propriety of transactions and unusual occurrences.
(10) All gaming machine auditing procedures and any follow-up performed shall be documented, maintained for inspection, and provided to the Tribal gaming regulatory authority upon request.
(n) Cash-out tickets. For gaming machines that utilize cash-out tickets, the following standards apply. This standard is not applicable to Tiers A and B. Tier A and B gaming operations shall develop adequate standards governing the security over the issuance of the cash-out paper to the gaming machines and the redemption of cash-out slips.
(1) In addition to the applicable auditing and accounting standards in paragraph (m) of this section, on a quarterly basis, the gaming operation shall foot all jackpot cash-out tickets equal to or greater than $1,200 and trace totals to those produced by the host validation computer system.
(2) The customer may request a cash-out ticket from the gaming machine that reflects all remaining credits. The cash-out ticket shall be printed at the gaming machine by an internal document printer. The cash-out ticket shall be valid for a time period specified by the Tribal gaming regulatory authority, or the gaming operation as approved by the Tribal gaming regulatory authority. Cash-out tickets may be redeemed for payment or inserted in another gaming machine and wagered, if applicable, during the specified time period.
(3) The customer shall redeem the cash-out ticket at a change booth or cashiers' cage. Alternatively, if a gaming operation utilizes a remote computer validation system, the Tribal gaming regulatory authority, or the gaming operation as approved by the Tribal gaming regulatory authority, shall develop alternate standards for the maximum amount that can be redeemed, which shall not exceed $2,999.99 per cash-out transaction.
(4) Upon presentation of the cash-out ticket(s) for redemption, the following shall occur:
(i) Scan the bar code via an optical reader or its equivalent; or
(ii) Input the cash-out ticket validation number into the computer.
(5) The information contained in paragraph (n)(4) of this section shall be communicated to the host computer. The host computer shall verify the authenticity of the cash-out ticket and communicate directly to the redeemer of the cash-out ticket.
(6) If valid, the cashier (redeemer of the cash-out ticket) pays the customer the appropriate amount and the cash-out ticket is electronically noted “paid” in the system. The “paid” cash-out ticket shall remain in the cashiers” bank for reconciliation purposes. The host validation computer system shall electronically reconcile the cashier's banks for the paid cashed-out tickets.
(7) If invalid, the host computer shall notify the cashier (redeemer of the cash-out ticket). The cashier (redeemer of the cash-out ticket) shall refuse payment to the customer and notify a supervisor of the invalid condition. The supervisor shall resolve the dispute.
(8) If the host validation computer system temporarily goes down, cashiers may redeem cash-out tickets at a change booth or cashier's cage after recording the following:
(i) Serial number of the cash-out ticket;
(ii) Date and time;
(iii) Dollar amount;
(iv) Issuing gaming machine number;
(v) Marking ticket “paid”; and
(vi) Ticket shall remain in cashier's bank for reconciliation purposes.
(9) Cash-out tickets shall be validated as expeditiously as possible when the host validation computer system is restored.
(10) The Tribal gaming regulatory authority, or the gaming operation as approved by the Tribal gaming regulatory authority, shall establish and the gaming operation shall comply with procedures to control cash-out ticket paper, which shall include procedures that:
(i) Mitigate the risk of counterfeiting of cash-out ticket paper;
(ii) Adequately control the inventory of the cash-out ticket paper; and
(iii) Provide for the destruction of all unused cash-out ticket paper.
(iv) Alternatively, if the gaming operation utilizes a computer validation system, this standard shall not apply.
(11) If the host validation computer system is down for more than four (4) hours, the gaming operation shall promptly notify the Tribal gaming regulatory authority or its designated representative.
(12) These gaming machine systems shall comply with all other standards (as applicable) in this part including:
(i) Standards for bill acceptor drop and count;
(ii) Standards for coin drop and count; and
(iii) Standards concerning EPROMS or other equivalent game software media.
(o) Account access cards. For gaming machines that utilize account access cards to activate play of the machine, the following standards shall apply:
(1) Equipment.
(i) A central computer, with supporting hardware and software, to coordinate network activities, provide system interface, and store and manage a player/account database;
(ii) A network of contiguous player terminals with touch-screen or button-controlled video monitors connected to an electronic selection device and the central computer via a communications network;
(iii) One or more electronic selection devices, utilizing random number generators, each of which selects any combination or combinations of numbers, colors, and/or symbols for a network of player terminals.
(2) Player terminals standards.
(i) The player terminals are connected to a game server;
(ii) The game server shall generate and transmit to the bank of player terminals a set of random numbers, colors, and/or symbols at regular intervals. The subsequent game results are determined at the player terminal and the resulting information is transmitted to the account server;
(iii) The game server shall be housed in a game server room or a secure locked cabinet.
(3) Customer account maintenance standards.
(i) A central computer acting as an account server shall provide customer account maintenance and the deposit/withdrawal function of those account balances;
(ii) Customers may access their accounts on the computer system by means of an account access card at the player terminal. Each player terminal may be equipped with a card reader and personal identification number (PIN) pad or touch screen array for this purpose;
(iii) All communications between the player terminal, or bank of player terminals, and the account server shall be encrypted for security reasons.
(4) Customer account generation standards.
(i) A computer file for each customer shall be prepared by a clerk, with no incompatible functions, prior to the customer being issued an account access card to be utilized for machine play. The customer may select his/her PIN to be used in conjunction with the account access card.
(ii) For each customer file, an employee shall:
(A) Record the customer's name and current address;
(B) The date the account was opened; and
(C) At the time the initial deposit is made, account opened, or credit extended, the identity of the customer shall be verified by examination of a valid driver's license or other reliable identity credential.
(iii) The clerk shall sign-on with a unique password to a terminal equipped with peripherals required to establish a customer account. Passwords are issued and can only be changed by information technology personnel at the discretion of the department director.
(iv) After entering a specified number of incorrect PIN entries at the cage or player terminal, the customer shall be directed to proceed to a clerk to obtain a new PIN. If a customer forgets, misplaces or requests a change to their PIN, the customer shall proceed to a clerk for assistance.
(5) Deposit of credits standards.
(i) The cashier shall sign-on with a unique password to a cashier terminal equipped with peripherals required to complete the credit transactions. Passwords are issued and can only be changed by information technology personnel at the discretion of the department director.
(ii) The customer shall present cash, chips, coin or coupons along with their account access card to a cashier to deposit credits.
(iii) The cashier shall complete the transaction by utilizing a card scanner that the cashier shall slide the customer's account access card through.
(iv) The cashier shall accept the funds from the customer and enter the appropriate amount on the cashier terminal.
(v) A multi-part deposit slip shall be generated by the point of sale receipt printer. The cashier shall direct the customer to sign the deposit slip receipt. One copy of the deposit slip shall be given to the customer. The other copy of the deposit slip shall be secured in the cashier's cash drawer.
(vi) The cashier shall verify the customer's balance before completing the transaction. The cashier shall secure the funds in their cash drawer and return the account access card to the customer.
(vii) Alternatively, if a kiosk is utilized to accept a deposit of credits, the Tribal gaming regulatory authority, or the gaming operation as approved by the Tribal gaming regulatory authority, shall establish and the gaming operation shall comply with procedures that safeguard the integrity of the kiosk system.
(6) Prize standards.
(i) Winners at the gaming machines may receive cash, prizes redeemable for cash or merchandise.
(ii) If merchandise prizes are to be awarded, the specific type of prize or prizes that may be won shall be disclosed to the player before the game begins.
(iii) The redemption period of account access cards, as approved by the Tribal gaming regulatory authority, shall be conspicuously posted in the gaming operation.
(7) Credit withdrawal. The customer shall present their account access card to a cashier to withdraw their credits. The cashier shall perform the following:
(i) Scan the account access card;
(ii) Request the customer to enter their PIN, if the PIN was selected by the customer;
(iii) The cashier shall ascertain the amount the customer wishes to withdraw and enter the amount into the computer;
(iv) A multi-part withdrawal slip shall be generated by the point of sale receipt printer. The cashier shall direct the customer to sign the withdrawal slip;
(v) The cashier shall verify that the account access card and the customer match by:
(A) Comparing the customer to image on the computer screen;
(B) Comparing the customer to image on customer's picture ID; or
(C) Comparing the customer signature on the withdrawal slip to signature on the computer screen.
(vi) The cashier shall verify the customer's balance before completing the transaction. The cashier shall pay the customer the appropriate amount, issue the customer the original withdrawal slip and return the account access card to the customer;
(vii) The copy of the withdrawal slip shall be placed in the cash drawer. All account transactions shall be accurately tracked by the account server computer system. The copy of the withdrawal slip shall be forwarded to the accounting department at the end of the gaming day; and
(viii) In the event the imaging function is temporarily disabled, customers shall be required to provide positive ID for cash withdrawal transactions at the cashier stations.
(p) Smart cards. All smart cards (i.e., cards that possess the means to electronically store and retrieve data) that maintain the only source of account data are prohibited.