Gaming Regulation: Interoperability Learnings From Covid-19

Gaming regulation operates in a highly contested market; full with other regulatory interests, government, commercial, corporate, individual, and even not-for-profit interests. Regulatory principles are continually tested by the often complex and competing needs of these interests.

Public confidence in the gaming sector can wane quickly and manifests in regular swings in the regulatory pendulum from industry-led self-regulatory systems to government-controlled enforcement systems. Having an independent regulatory system that assures public value, reduces criminality, and supports fairness and equity are crucial. However, there remain many others engaged in regulatory and enforcement functions that overlap the gaming world and there will be times of regulatory crisis where combined or shared capability is necessary and proportionate to the risk.

This paper argues that gaming regulators should continually practice multi-jurisdictional campaigning in order to better prepare themselves to manage the inevitable crisis-points. The paper draws analogies from COVID responses in relation to independence and data-myopia, to allow gaming regulators to sense check their preparedness and the standing of their intelligence system.

There are many statutory and non-statutory systems applied to gaming regulation world-wide. Depending on the nature of the market and depending on the approach by the government, these systems may vary markedly in terms of independence.  Most noticeably, such models have an impact on how regulators can make decisions and meet the general principles of regulation (which may be summarised as: Proportionate, Fair/Consistent, Targeted, Transparent, Preventative and Sustainable). Ultimately, the principle that overrides all is prevention. That is, the regulatory system should be designed to reduce harm and in no way should cause more harm than it prevents. If embedded in a government department, policy-capture can remove the regulator’s sense of these principles. Regulators may become less transparent, adopt bureaucratic cultures, and may report performance in a way that suits the policy department and not a contemporary regulator. If embedded in industry, industry capture also warps regulatory decision-makers’ sense of these principles; leading to allegations of being inequitable and unfair. The COVID crisis lays bare the limitations with both types of regulatory arrangements; with industry capture and policy capture evident and overriding of better-practice. Any reflection on regulatory performance relates to the amount of regulatory effort expended (for example, the testing regime and contact tracing regime), with no reference to outcome or regulatory principles. There is evidence of quarantine controls being set up with performance of staff measured on diversity and social inclusion matters irrelevant to the regulatory outcome.

Contemporary regulators attempt to shift away from performance measurement based on activity or compliance rates is problematic. Being compliance-led means the regulator holds rules sacrosanct and acts in accordance with the rules to the exclusion of the operational sensitivities demanded by the regulatory principles. Being compliance-led can work to some extent but relies on behavioural change through fear. Traditionally this means the fear of being non-compliant but can also be broadened by regulatory arms to include fear of personal harms if noncompliance occurs. Such fear would normally be accompanied by lack of transparency and regulatory capture by vested interest.

For gaming, the equivalent would be engaging with licensees and participants based on a premise of the fear of being caught and punished. Licensing checks are managed as an arduous and invasive process, and punishments are incurred for minor administrative matters. Regulatory effort and measurement fuss over minor administrative failures with little intelligence-led regulation on systemic matters of real, jurisdictional risk (regulatory problems). Regulatory staff have more of a confrontational style and believe their work is about compliance with rules, rather than harm prevention and problem solving.

Complicating learnings for regulators from COVID are the crisis’ sheer scale and risk complexity. However, this scale and complexity provides learnings for when and how regulators need to join forces – with or without direction. Joint operations can be problematic for regulators who tend to interpret their jurisdictions as independent of others and hence have little organisational or cultural DNA to work in an integrated fashion. They often do not have the problem-solving dynamic of military forces within which each unit is ultimately interoperable with others, and can be task organised with other units (even from another country). Hence, Professor Sparrow – a leading global academic on regulation – points to problem-solving as the primary craft of the regulator, he is also right to note that it is the culture of regulators that often debilitate the craft.1

Comparing to military constructs of joint operations, regulators tend to engage at only a very basic level of interoperability. That is, they seek a shared understanding of others’ jurisdictions, possibly engage in the sharing of data, and in limited cases conduct liaison where they are independently pursuing parallel operations against common behaviours. It is rare to see joint operations and rarer for regulators to pursue technical interoperability (where systems can plug and play) or full interoperability (where the workforce can be immediately adapted as it is skilled to operate in the same fashion). They often have little skill and capability to establish the joint command and control function necessary in a combined task force to generate the intelligence and coordinate the operation of multiple regulatory entities operating for a common purpose. Often the artificialities of each jurisdiction are reinforced in the process of acting jointly, and odd arrangements are put in place that do not necessarily support the aim. For example, in one major city in Australia, regulators supporting the COVID response arbitrability dissected the city geospatially and allowed their own operational rules and culture to dictate how each would approach compliance in their allocated region.  This meant some licenced venues were never checked in some regions during their opening times as the inspectorate allocated that region did not work during those hours.

The argument is that one type of inspector cannot be employed under another’s jurisdiction as they act under distinct legal arrangements. However, usually the appointment regimes of regulatory law allow regulators to adopt staff from elsewhere. The same barriers occur for an infantry unit of one nation working with an infantry unit of another nation, or aircraft supporting ground forces. The difference is in the willingness to recognise and plan for crisis and targeted responses that need the co-joining of skillsets and then to train for such circumstances.

Hence the response options are often limited by the culture and nature of public services. Compliance officers within a regulator will resist being restyled from audit to inspectorate; or vice versa. They often feel inexperienced and untrained for operational command and control, problem solving and command post management. This is an oddity of culture, especially as these regulatory staff are often employed under the same government employment Act; and where their jurisdictions often overlap (such as in safety, security, consumer protection, and environmental protection); and where their skillsets overlap – for example in Certificate and Diploma qualifications in audit/inspection/investigation.

The paralysis of culture in regulators can also be exacerbated where regulators are absorbed into the bureaucracy of Departments; often ostensibly to pursue ‘efficiency’ gains. COVID responses show that, where field-staff could have otherwise been mobilised within hours, many were left languishing at home awaiting a hierarchy of permissions necessary across departments. In the second wave response in Victoria, the command and control component appears to have been drawn from a variety of departments, using people with little to no regulatory or command post experience. The field control component was drawn from private security firms. Hence for Australia, the demise of a standing, independent quarantine regulator in 2008 that was intrinsically connected with national security, law enforcement, and customs, meant a replacement of layers of MOUs and biosecurity arrangements not conducive to the mature interoperability of regulatory arms left behind.

This may seem a little harsh in a pandemic where many inspectorates, from all areas of government, have adjusted themselves to assist. However, it is interesting that the Military is often called upon in such circumstances where they have less expertise to deal with civil prevention matters but have the adaptability, leadership and decision-systems (including command and control, and inherent objectivity, discipline and intelligence professionals) that are absent in the modern public services. There is a calming effect in deploying the military in such regulatory circumstances. This ability to induce calm in crisis is then a strategic value goal for all contemporary regulators to seek to achieve. The effort then is to rebalance the authority of the regulator and its capability to act on that authority, which often naturally degrades the regulator’s sense of public value.

There are two main types of crises that gaming regulators should consider in their operational planning. First are those that call for support from the gaming regulator to assist other regulators (like the COVID-19 crisis). Second, are crises types within the gaming sector; which could arrive unannounced as a collapse by a major industry company, the loss of government support for a sector (like the Greyhound regulatory sector in a number of Australian States), or the uncovering of a major criminal enterprise active in one part of the sector that appeared ‘clean’.

But how does a regulator, fully committed to daily operations, find the space to train for such events?

First, is generating a type of ‘maturity model’ for interoperability. There will be some regulatory and quasi-regulatory bodies that are best for the gaming regulator to keep at the minimum level of interoperability. For example, these may be those industry professional or representative groups who have a role in setting and maintaining standards and codes, but to whom the regulator does not want to become too intimately engaged. Other regulatory and law enforcement bodies may be assessed as needing higher graduated levels of interoperability. Robust maturity models will indicate the current level of interoperability, what level is required, and the staged building of the interoperability over time. Maturity can be designated by considering capability as a whole, or indicating levels of interoperability for the various components of capability. For example, interoperability intent for one regulator may be shared operating procedures and training, but not IT support systems.

Second, is to use the opportunities in the operational planning year to test and upskill to desired levels of interoperability through including others in the gaming regulator’s campaign plans. Where the gaming regulator has decided – from intelligence – to target an organisation or an issue in the planning year, they can take additional steps to incorporate inspectors, auditors or intelligence staff from other regulators with conjoined jurisdictions.

Third, the gaming regulator should enforce the need for their intelligence system to be clearly networked with the other intelligence systems of other regulators. Situational awareness, source management, professional development, standards of production, should all be common amongst the connected regulators.

Fourth, practice establishing as part of campaigning, an operations centre. This should have as a minimum, an intelligence function, an operations coordination function, a communications/messaging/education function, and associated administrative and legal elements. The art of operational control and leadership is not one easily instilled in a functionally or process oriented regulatory system. Inspection programs and audit programs do not allow for building skills in problem-solving management as offered by Professor Sparrow. While gaming regulators are usually quite operationally connected to law enforcement (specifically the organised crime compartments of law enforcement), any task force arrangements normally default to police command. While this is relevant for complex criminal matters engaging the gaming regulator’s attention, it is important for the professionalisation of the workforce and futureproofing public value, to test the alternate arrangements if possible. There are a number of complex cultural issues to overcome in such arrangements. However, no amount of MOUs or Operational Agreements will ever take the place of active training and upskilling.

The COVID-19 health regulatory response has many sobering messages for regulators. How to remain true to the principles of regulation and retain independence in a highly politically charged crisis is arguably central to most learnings. A by-product of this learning should have gaming regulators re-considering their maturity models for interoperability. Where gaps and weaknesses in their own skills and capability are apparent (as well as in the capability of others), gaming regulators should be actively, strategically planning improvements to sustain their own public value into the future.

  1. K.Sparrow, The Character of Harms: Operational Challenges in Control, Cambridge University Press, Cambridge 2008, Chapter 2. See also N Quarmby, Intelligence in Regulation, The Federation Press, Sydney, 2018, Chaps 2.2, 2.5, 2.6 and 2.7.

Neil’s career extends across 21 years in military intelligence, five years in law enforcement and ten years leading three government regulators in the sectors of: health services, human/social services, and workplace relations.  Neil is the Chief Executive of Intelligence Rising – a consulting and online training company for intelligence and compliance professionals.

Neil has lived experience in building better-practice regulatory outcomes, has independently reviewed regulators’ performance, and has provided international consulting services to a large number of regulators across many government sectors. He has also published two authoritative texts on intelligence and regulation. His company provides skills based and introductory courses for intelligence, regulatory, compliance, and enforcement officers and managers.