The Gambling Commission’s consultation on proposed changes to its Testing Strategy for compliance with remote gambling and software technical standards closed last month. This is the first full review of the Strategy since its initial publication in August 2007, and a number of significant changes are proposed. Some of these aim to streamline the testing requirements but others, if implemented, will result in new obligations which remote operators need to be aware of.
This review has been inspired by the growth in remote gambling over the last few years and particularly by the increased availability of new channels via which consumers can participate, such as mobile devices. It also reflects the Commission’s increased remit in the remote sphere following the implementation of the Gambling (Licensing and Advertising) Act last year, which has resulted in it assuming regulatory responsibility for some 150 additional operators.
The Commission also intends to review its Remote Technical Standards to reflect these developments, and will consult on this at some point later this year. Here though, we focus on the proposals for changes to the Strategy, which the Commission envisages will come into force this July.
Perhaps one of the most important suggested changes that will ease the regulatory burden on operators will be a new distinction between minor and major updates to games and software. It is proposed that external testing will only be required in the case of a major update, that is to say one which is capable of affecting the fairness of a game. In practice, the Commission is already adopting this approach on an informal basis, pending the outcome of the consultation process.
The consultation paper includes a table of high-level, principles-based definitions of what the Commission will consider minor and major updates, and it is proposing to include this table in the Testing Strategy, going forward. Any update that does not fall within the “major” definition will be considered “minor”. The draft table gives some examples of each.
Any change to RNG functionality will be classified as “major”, for example, whereas adding enhanced RNG logging for debugging purposes, which does not alter how the RNG functions for its primary purpose, will be defined as “minor”. Changing the sound format of a game so that it plays on the latest iOS will be a minor variation, whereas fixing the win calculation within a game to deal with a rarely encountered scenario will have arisen as a result of a previous incorrect implementation of the stated game rules, and this will therefore constitute a major update, requiring external testing.
The Commission is at pains to point out that the proposed changes will not affect the requirement for operators to have all new games and major updates to existing games tested and to submit to it the test reports prior to release. Further, it recognises that the need to distinguish between minor and major updates will lead to an increased risk of inadequate fairness testing. Accordingly, it intends to require operators’ decisions as to what is and is not a major update to be checked as part of a new annual audit process, which we turn to below. The table of minor and major updates in the consultation paper does not pretend to be exhaustive, so whether placing the responsibility for distinguishing between them upon operators will cause more difficulties than it solves remains to be seen.
Another area where the Commission plans to give responsibility to operators for decision-making is in the selection of a sample of games to be re-tested in the event of an update to a remote gaming system or RNG that has the potential to affect a large number of games. The Commission plans to require that only a representative sample of those games, rather than all of them, be re-tested, but does not propose to define, in the revised strategy, what a representative sample is. Instead, this will be left for operators, in collaboration with their testing houses, to decide, on a case-by-case basis. The Commission will expect samples to be sufficiently wide and, again, it will be interesting to see the extent to which disagreement will arise over this.
The Commission is proposing to include, within the revised Strategy, a new section on rolling out existing games on new channels. It is clear that this will continue to require external testing, although when a version of a game is designed to work across a variety of devices and browsers, testing should be of the most commonly used. Again, it appears that this will be for the operator to decide.
The consultation also proposes cracking down on games whose prize table and symbol distribution are stored in a database, rather than being hard-coded in the game code itself. The Commission is concerned by the risk to fairness caused by the ease with which such databases can be altered. Again, it proposes that the configuration of, and updates to, these databases be assessed as part of an annual audit. It also suggests that the fairness of live dealer operations be covered by the annual audit, rather than merely by a fairness assurance at the licensing stage, as is currently the case. However, where such operators are licensed in other jurisdictions where annual audits are required, the Commission says that it will accept those, provided the standards in those jurisdictions are similar to its own. It appears likely, therefore, that audits performed to meet the requirements of jurisdictions such as Alderney and the Isle of Man will be accepted.
The Commission is keen to tighten up the current rules concerning the return to player ratio, or RTP. Currently, the Testing Strategy focusses on the pre-release and update testing of the fairness of gambling products to players, and this is coupled with the ongoing, more general responsibility on operators to ensure that their products are fair and open. The Commission is concerned that some operators are not currently monitoring underpayments to players adequately, and that deviations between advertised and actual RTPs are not being picked up quickly enough. Accordingly, it plans to introduce into the revised Strategy a requirement to conduct ongoing RTP monitoring of every channel of a game. The consultation paper makes it clear that the Commission will require that monitoring will not be aggregated with the result that errors are hidden. In addition, it will not be sufficient to put all games on the same monitoring schedule – the frequency should, instead, take into account the actual volume of play for each game, that is to say, its popularity and turnover.
The Commission is proposing various other changes to the requirements surrounding RTP. Where there is more than one party involved in supplying a game to consumers, such as the game developer, platform provider and B2C operator, the Commission will expect the commercial agreements between them to specify where the responsibility for monitoring RTP will lie. In addition, the Commission is considering requiring actual game RTP to be displayed, as some operators currently voluntarily elect to do, and introducing new specific obligations on how to handle customer complaints and disputes concerning RTP.
The current Strategy contains best-practice requirements for in-house testing. Again, the Commission intends to enhance these by introducing new indicators relating, for example, to the legibility and accountability of source code and the documenting and transparency of new releases of, and changes to, games and RNG.
As mentioned above, the Commission proposes to introduce into its Strategy a new requirement for certain operators to undergo an annual audit by one of its approved testing houses. This requirement will apply to all gambling software, remote bingo, casino and virtual betting licences, save for those operators who hold a gambling software licence alone, who will not be subjected to an annual audit, but who will continue to require independent testing in line with the usual game release process. The audit will, among other things, focus on checking a randomly selected sample of minor updates to ensure that none of them should have been subject to external testing, verifying that operators have complied with the best practice requirements for internal testing, and assessing whether they are monitoring RTP effectively.
Operators will be grouped into four “submission pools” in a way that will spread submissions out over the year so that they are manageable. On the assumption that the changes proposed in the consultation paper will be implemented this July, the first submissions will fall due in September, covering the period September 2015 – August 2016. Those operators that are likely to be affected would do well to start preparing now for that eventuality, to ensure that their processes will meet the updated good practice requirements that the Commission appears, judging by the contents of the consultation paper, very likely to bring forward.
Whilst the proposals contained in this consultation paper are certainly designed to simplify the testing requirements in several significant ways, there is much here that will increase the obligations on operators, particularly in relation to RTP monitoring, best practice surrounding internal testing and annual independent auditing.
We will update you further when the Commission publishes its response to the consultation later this spring, and will provide an analysis of the forthcoming consultation on the Remote Technical Standards when it comes out.